Hi All,
I'm running kamailio-1.5.4-tls and I want to enable pike module in it. I did some test but it isn't working properly. I mean it isn't acting according to the /remove_latancy/ parameter. When an IP address is blocked (cause it triggered the pike module), it should be blocked for the amount of time (seconds I presumed) defined on the /remove_latancy /parameter, right? but it isn't
Here is my pike module config (it's just a test config)
# ---- Pike --- /* we are usign default values. We should tunning it up */ modparam("pike", "sampling_time_unit", 30) modparam("pike", "reqs_density_per_unit", 10) modparam("pike", "remove_latency", 3600) modparam("pike", "pike_log_level",-1)
and here is the output
/Sep 10 *13:33:35* sip /home/kamailio/sbin/kamailio[21414]: PIKE - BLOCKing ip XXX.XXX.XXX.XXX, node=0xb5a2eb58 Sep 10 13:33:35 sip /home/kamailio/sbin/kamailio[21414]: Warning: too many requests from XXX.XXX.XXX.XXX:5060 Sep 10 *13:34:12* sip /home/kamailio/sbin/kamailio[21420]: PIKE - UNBLOCKing node 0xb5a2eb58 ...
Sep 10 *13:35:22* sip /home/kamailio/sbin/kamailio[21418]: PIKE - BLOCKing ip XXX.XXX.XXX.XXX,, node=0xb5a2eb58 Sep 10 13:35:22 sip /home/kamailio/sbin/kamailio[21418]: Warning: too many requests from XXX.XXX.XXX.XXX,:5060 Sep 10 *13:36:12* sip /home/kamailio/sbin/kamailio[21420]: PIKE - UNBLOCKing node 0xb5a2eb58 / Shouldn't it be blocked for 3600 seconds?
Then I changed the /remove_latancy/ parameter to /modparam("pike", "remove_latency", 334500) / / Sep 10 *13:37:09* sip /home/kamailio/sbin/kamailio[21462]: PIKE - BLOCKing ip XXX.XXX.XXX.XXX,, node=0xb5986b90 Sep 10 13:37:09 sip /home/kamailio/sbin/kamailio[21462]: Warning: too many requests from XXX.XXX.XXX.XXX,:5060 Sep 10 *13:37:52* sip /home/kamailio/sbin/kamailio[21466]: PIKE - UNBLOCKing node 0xb5986b90 / but the it didn't seem to have any real difference.
Any ideas? / / Best Regards,
Miguel Baptista
Hello,
can you get a verbose debug log (debug=4)?
Thanks, Daniel
On 9/10/10 1:58 PM, Miguel Baptista wrote:
Hi All,
I'm running kamailio-1.5.4-tls and I want to enable pike module in it. I did some test but it isn't working properly. I mean it isn't acting according to the /remove_latancy/ parameter. When an IP address is blocked (cause it triggered the pike module), it should be blocked for the amount of time (seconds I presumed) defined on the /remove_latancy /parameter, right? but it isn't
Here is my pike module config (it's just a test config)
# ---- Pike --- /* we are usign default values. We should tunning it up */ modparam("pike", "sampling_time_unit", 30) modparam("pike", "reqs_density_per_unit", 10) modparam("pike", "remove_latency", 3600) modparam("pike", "pike_log_level",-1)
and here is the output
/Sep 10 *13:33:35* sip /home/kamailio/sbin/kamailio[21414]: PIKE - BLOCKing ip XXX.XXX.XXX.XXX, node=0xb5a2eb58 Sep 10 13:33:35 sip /home/kamailio/sbin/kamailio[21414]: Warning: too many requests from XXX.XXX.XXX.XXX:5060 Sep 10 *13:34:12* sip /home/kamailio/sbin/kamailio[21420]: PIKE - UNBLOCKing node 0xb5a2eb58 ...
Sep 10 *13:35:22* sip /home/kamailio/sbin/kamailio[21418]: PIKE - BLOCKing ip XXX.XXX.XXX.XXX,, node=0xb5a2eb58 Sep 10 13:35:22 sip /home/kamailio/sbin/kamailio[21418]: Warning: too many requests from XXX.XXX.XXX.XXX,:5060 Sep 10 *13:36:12* sip /home/kamailio/sbin/kamailio[21420]: PIKE - UNBLOCKing node 0xb5a2eb58 / Shouldn't it be blocked for 3600 seconds?
Then I changed the /remove_latancy/ parameter to /modparam("pike", "remove_latency", 334500) / / Sep 10 *13:37:09* sip /home/kamailio/sbin/kamailio[21462]: PIKE - BLOCKing ip XXX.XXX.XXX.XXX,, node=0xb5986b90 Sep 10 13:37:09 sip /home/kamailio/sbin/kamailio[21462]: Warning: too many requests from XXX.XXX.XXX.XXX,:5060 Sep 10 *13:37:52* sip /home/kamailio/sbin/kamailio[21466]: PIKE - UNBLOCKing node 0xb5986b90 / but the it didn't seem to have any real difference.
Any ideas? / / Best Regards,
Miguel Baptista
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi Daniel,
Here goes the log with debug=4:
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:sanity:sanity_check: all sanity checks passed Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: <To> [44]; uri=[sip:MyUser@test.com] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:maxfwd:is_maxfwd_present: value = 70 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: to body ["MyUser Akademia" sip:MyUser@test.com^M ] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:pike:mark_node: search on branch 158 (top=0xb59c6030) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: cseq <CSeq>: <66> <REGISTER> Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:pike:mark_node: only first 4 were matched! Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=20 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:pike:pike_check_req: src IP [yyy.yyy.yyy.yyy],node=0xb59c6800; hits=[2,0],[7,11] node_flags=6 func_flags=0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=20 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:pike:remove_from_timer: 0xb59c6810 from 0xb59baa60(0xb59c6920,0xb59c6810) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=2000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:pike:append_to_timer: 0xb59c6810 in 0xb59baa60(0xb59c6920,0xb59c6920) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: content_length=0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:siputils:has_totag: no totag Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_sock_info: checking if host==us: 11==13 && [test.com] == [XXX.XXX.XXX.XXX] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: found end of header Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_sock_info: checking if port 5060 matches port 5060 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=8000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_sock_info: no match for: [test.com:5060] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=40000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_aliases: comparing host [0:test.com:5060] with us [1:sip:5060] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_aliases: comparing host [0:test.com:5060] with us [1:sip.test.com:5060] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:sanity:sanity_check: all sanity checks passed Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_aliases: comparing host [0:test.com:5060] with us [1:test.com:5060] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:maxfwd:is_maxfwd_present: value = 70 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_aliases: match found for: [0:test.com:5060] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:mark_node: search on branch 158 (top=0xb59c6030) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:check_self: host == me Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:mark_node: only first 4 were matched! Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:parse_headers: flags=78 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:pike_check_req: src IP [yyy.yyy.yyy.yyy],node=0xb59c6800; hits=[2,0],[7,12] node_flags=14 func_flags=6 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:tm:t_lookup_request: start searching: hash=27431, isACK=0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:remove_from_timer: 0xb59c6810 from 0xb59baa60(0xb59c6810,0xb59c6920) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:tm:matching_3261: RFC3261 transaction matching failed Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:append_to_timer: 0xb59c6810 in 0xb59baa60(0xb59c6920,0xb59c6920) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:tm:t_lookup_request: no transaction found *Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: PIKE - BLOCKing ip yyy.yyy.yyy.yyy, node=0xb59c6800 * Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: retcode of t_check_trans is -1 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: Warning: too many requests from yyy.yyy.yyy.yyy:5060\ Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: Entered the Register method Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: r[2] route #2 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:check_via_address: params yyy.yyy.yyy.yyy, yyy.yyy.yyy.yyy, 0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: r[2] REGISTER - src_ip=yyy.yyy.yyy.yyy from_uri=sip:MyUser@test.com to_uri=sip:test.com Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:destroy_avp_list: destroying list (nil) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:receive_msg: cleaning up Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:check_via_address: params yyy.yyy.yyy.yyy, yyy.yyy.yyy.yyy, 0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:parse_headers: flags=4000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:auth:pre_auth: credentials with given realm not found Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: r[HANDLE_REGISTER] req. missing authentication nonce (yyy.yyy.yyy.yyy) REGISTER sip:MyUser@test.com Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:auth:reserve_nonce_index: second= 18, sec_monit= 4, index= 21 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:auth:build_auth_hf: nonce index= 21 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:auth:build_auth_hf: 'WWW-Authenticate: Digest realm="test.com", nonce="4c976daa0000001585e4d53c23338f5a8a5961f42da924a6"^M ' Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:sl:send_reply: reply in stateless mode (sl) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:check_via_address: params yyy.yyy.yyy.yyy, yyy.yyy.yyy.yyy, 0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:destroy_avp_list: destroying list (nil) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:receive_msg: cleaning up Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_msg: SIP Request: Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_msg: method: <REGISTER> Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_msg: uri: sip:test.com Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_msg: version: <SIP/2.0> Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=2 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_via_param: found param type 232, <branch> = <z9hG4bK-f2xowcc2pr58>; state=6 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_via_param: found param type 235, <rport> = <n/a>; state=17 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_via: end of header reached, state=5 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: via found, flags=2 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: this is the first via Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:receive_msg: After parse_msg... Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:receive_msg: preparing to run routing scripts... Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: Start main route Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=10 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_to_param: tag=i07t4f83ih Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_to: end of header reached, state=29 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_to: display={"MyUser Akademia"}, ruri={sip:MyUser@test.com} Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: r[0] REGISTER - src_ip=yyy.yyy.yyy.yyy from_uri=sip:MyUser@test.com to_uri=sip:test.com Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=78 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_to: end of header reached, state=10 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_to: display={"MyUser Akademia"}, ruri={sip:MyUser@test.com} Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: <To> [44]; uri=[sip:MyUser@test.com] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: to body ["MyUser Akademia" sip:MyUser@test.com^M ] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: cseq <CSeq>: <66> <REGISTER> Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=20 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=20 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=2000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: content_length=0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: found end of header Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=8000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=40000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:sanity:sanity_check: all sanity checks passed Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:maxfwd:is_maxfwd_present: value = 70 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:mark_node: search on branch 158 (top=0xb59c6030) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:mark_node: only first 4 were matched! Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:pike_check_req: src IP [yyy.yyy.yyy.yyy],node=0xb59c6800; hits=[2,0],[7,13] node_flags=14 func_flags=2 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:remove_from_timer: 0xb59c6810 from 0xb59baa60(0xb59c6810,0xb59c6920) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:append_to_timer: 0xb59c6810 in 0xb59baa60(0xb59c6920,0xb59c6920) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: Warning: too many requests from yyy.yyy.yyy.yyy:5060\ Sep 20 16:19:57 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:57 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:check_via_address: params yyy.yyy.yyy.yyy, yyy.yyy.yyy.yyy, 0 Sep 20 16:19:57 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:destroy_avp_list: destroying list (nil) Sep 20 16:19:57 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:receive_msg: cleaning up *Sep 20 16:20:36 sip /home/kamailio/sbin/kamailio[16385]: PIKE - UNBLOCKing node 0xb59c6800 *
Any ideas?
Regards,
Miguel Baptista
On 16.09.2010 10:17, Daniel-Constantin Mierla wrote:
Hello,
can you get a verbose debug log (debug=4)?
Thanks, Daniel
On 9/10/10 1:58 PM, MyUser Baptista wrote:
Hi All,
I'm running kamailio-1.5.4-tls and I want to enable pike module in it. I did some test but it isn't working properly. I mean it isn't acting according to the /remove_latancy/ parameter. When an IP address is blocked (cause it triggered the pike module), it should be blocked for the amount of time (seconds I presumed) defined on the /remove_latancy /parameter, right? but it isn't
Here is my pike module config (it's just a test config)
# ---- Pike --- /* we are usign default values. We should tunning it up */ modparam("pike", "sampling_time_unit", 30) modparam("pike", "reqs_density_per_unit", 10) modparam("pike", "remove_latency", 3600) modparam("pike", "pike_log_level",-1)
and here is the output
/Sep 10 *13:33:35* sip /home/kamailio/sbin/kamailio[21414]: PIKE - BLOCKing ip XXX.XXX.XXX.XXX, node=0xb5a2eb58 Sep 10 13:33:35 sip /home/kamailio/sbin/kamailio[21414]: Warning: too many requests from XXX.XXX.XXX.XXX:5060 Sep 10 *13:34:12* sip /home/kamailio/sbin/kamailio[21420]: PIKE - UNBLOCKing node 0xb5a2eb58 ...
Sep 10 *13:35:22* sip /home/kamailio/sbin/kamailio[21418]: PIKE - BLOCKing ip XXX.XXX.XXX.XXX,, node=0xb5a2eb58 Sep 10 13:35:22 sip /home/kamailio/sbin/kamailio[21418]: Warning: too many requests from XXX.XXX.XXX.XXX,:5060 Sep 10 *13:36:12* sip /home/kamailio/sbin/kamailio[21420]: PIKE - UNBLOCKing node 0xb5a2eb58 / Shouldn't it be blocked for 3600 seconds?
Then I changed the /remove_latancy/ parameter to /modparam("pike", "remove_latency", 334500) / / Sep 10 *13:37:09* sip /home/kamailio/sbin/kamailio[21462]: PIKE - BLOCKing ip XXX.XXX.XXX.XXX,, node=0xb5986b90 Sep 10 13:37:09 sip /home/kamailio/sbin/kamailio[21462]: Warning: too many requests from XXX.XXX.XXX.XXX,:5060 Sep 10 *13:37:52* sip /home/kamailio/sbin/kamailio[21466]: PIKE - UNBLOCKing node 0xb5986b90 / but the it didn't seem to have any real difference.
Any ideas? / / Best Regards,
MyUser Baptista
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla http://www.asipto.com
Hello Miguel,
I had the time to do some tests and look at the code. The remove_latency is not what you thought (and I expected the same), but the time after which to remove an IP from internal tree if no request is received from it during that duration -- it is this behavior from old ser era.
The IP is unblocked first time when density is not exceeded in a sampling unit.
First time, to block the IP, it requires 3 times the density, but if it is in memory, it is blocked when density is reached.
Now (even for 1.5), the option to keep an IP blocked for N seconds since pike hit can be achieved using a htable with expire set to N. When pike hits, add the ip in the hash table. Like:
# autoexpire after 5 minutes modparam("htable", "htable", "blocked=>size=8;autoexpire=300;")
if($sht(blocked=>$si)!=$null) { # ip is blocked exit; } if (!pike_check_req()) { $sht(blocked=>$si) = 1; xlog("new ip was banned $si\n"); exit; }
Keeping it blocked only with pike would be nicer, I will have it in mind, but not sure if is going to be in 3.1 -- maybe I find the time to merge the two pike modules and then add this condition as well.
Cheers, Daniel
On 9/20/10 4:34 PM, Miguel Baptista wrote:
Hi Daniel,
Here goes the log with debug=4:
Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:sanity:sanity_check: all sanity checks passed Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: <To> [44]; uri=[sip:MyUser@test.com] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:maxfwd:is_maxfwd_present: value = 70 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: to body ["MyUser Akademia" <sip:MyUser@test.com>^M ] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:pike:mark_node: search on branch 158 (top=0xb59c6030) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: cseq <CSeq>: <66> <REGISTER> Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:pike:mark_node: only first 4 were matched! Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=20 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:pike:pike_check_req: src IP [yyy.yyy.yyy.yyy],node=0xb59c6800; hits=[2,0],[7,11] node_flags=6 func_flags=0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=20 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:pike:remove_from_timer: 0xb59c6810 from 0xb59baa60(0xb59c6920,0xb59c6810) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=2000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:pike:append_to_timer: 0xb59c6810 in 0xb59baa60(0xb59c6920,0xb59c6920) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: content_length=0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:siputils:has_totag: no totag Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_sock_info: checking if host==us: 11==13 && [test.com] == [XXX.XXX.XXX.XXX] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: found end of header Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_sock_info: checking if port 5060 matches port 5060 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=8000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_sock_info: no match for: [test.com:5060] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=40000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_aliases: comparing host [0:test.com:5060] with us [1:sip:5060] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_aliases: comparing host [0:test.com:5060] with us [1:sip.test.com:5060] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:sanity:sanity_check: all sanity checks passed Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_aliases: comparing host [0:test.com:5060] with us [1:test.com:5060] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:maxfwd:is_maxfwd_present: value = 70 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:grep_aliases: match found for: [0:test.com:5060] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:mark_node: search on branch 158 (top=0xb59c6030) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:check_self: host == me Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:mark_node: only first 4 were matched! Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:parse_headers: flags=78 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:pike_check_req: src IP [yyy.yyy.yyy.yyy],node=0xb59c6800; hits=[2,0],[7,12] node_flags=14 func_flags=6 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:tm:t_lookup_request: start searching: hash=27431, isACK=0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:remove_from_timer: 0xb59c6810 from 0xb59baa60(0xb59c6810,0xb59c6920) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:tm:matching_3261: RFC3261 transaction matching failed Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:append_to_timer: 0xb59c6810 in 0xb59baa60(0xb59c6920,0xb59c6920) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:tm:t_lookup_request: no transaction found *Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: PIKE - BLOCKing ip yyy.yyy.yyy.yyy, node=0xb59c6800 * Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: retcode of t_check_trans is -1 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: Warning: too many requests from yyy.yyy.yyy.yyy:5060\ Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: Entered the Register method Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: r[2] route #2 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:check_via_address: params yyy.yyy.yyy.yyy, yyy.yyy.yyy.yyy, 0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: r[2] REGISTER - src_ip=yyy.yyy.yyy.yyy from_uri=sip:MyUser@test.com to_uri=sip:test.com Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:destroy_avp_list: destroying list (nil) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:receive_msg: cleaning up Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:check_via_address: params yyy.yyy.yyy.yyy, yyy.yyy.yyy.yyy, 0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:parse_headers: flags=4000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:auth:pre_auth: credentials with given realm not found Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: r[HANDLE_REGISTER] req. missing authentication nonce (yyy.yyy.yyy.yyy) REGISTER sip:MyUser@test.com Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:auth:reserve_nonce_index: second= 18, sec_monit= 4, index= 21 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:auth:build_auth_hf: nonce index= 21 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:auth:build_auth_hf: 'WWW-Authenticate: Digest realm="test.com", nonce="4c976daa0000001585e4d53c23338f5a8a5961f42da924a6"^M ' Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:sl:send_reply: reply in stateless mode (sl) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:check_via_address: params yyy.yyy.yyy.yyy, yyy.yyy.yyy.yyy, 0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:destroy_avp_list: destroying list (nil) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16384]: DBG:core:receive_msg: cleaning up Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_msg: SIP Request: Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_msg: method: <REGISTER> Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_msg: uri: <sip:test.com> Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_msg: version: <SIP/2.0> Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=2 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_via_param: found param type 232, <branch> = <z9hG4bK-f2xowcc2pr58>; state=6 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_via_param: found param type 235, <rport> = <n/a>; state=17 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_via: end of header reached, state=5 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: via found, flags=2 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: this is the first via Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:receive_msg: After parse_msg... Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:receive_msg: preparing to run routing scripts... Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: Start main route Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=10 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_to_param: tag=i07t4f83ih Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_to: end of header reached, state=29 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_to: display={"MyUser Akademia"}, ruri={sip:MyUser@test.com} Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: r[0] REGISTER - src_ip=yyy.yyy.yyy.yyy from_uri=sip:MyUser@test.com to_uri=sip:test.com Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=78 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_to: end of header reached, state=10 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_to: display={"MyUser Akademia"}, ruri={sip:MyUser@test.com} Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: <To> [44]; uri=[sip:MyUser@test.com] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: to body ["MyUser Akademia" <sip:MyUser@test.com>^M ] Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: cseq <CSeq>: <66> <REGISTER> Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=20 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=20 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=2000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: content_length=0 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:get_hdr_field: found end of header Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=8000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=40000 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:sanity:sanity_check: all sanity checks passed Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:maxfwd:is_maxfwd_present: value = 70 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:mark_node: search on branch 158 (top=0xb59c6030) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:mark_node: only first 4 were matched! Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:pike_check_req: src IP [yyy.yyy.yyy.yyy],node=0xb59c6800; hits=[2,0],[7,13] node_flags=14 func_flags=2 Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:remove_from_timer: 0xb59c6810 from 0xb59baa60(0xb59c6810,0xb59c6920) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: DBG:pike:append_to_timer: 0xb59c6810 in 0xb59baa60(0xb59c6920,0xb59c6920) Sep 20 16:19:56 sip /home/kamailio/sbin/kamailio[16382]: Warning: too many requests from yyy.yyy.yyy.yyy:5060\ Sep 20 16:19:57 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:parse_headers: flags=ffffffffffffffff Sep 20 16:19:57 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:check_via_address: params yyy.yyy.yyy.yyy, yyy.yyy.yyy.yyy, 0 Sep 20 16:19:57 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:destroy_avp_list: destroying list (nil) Sep 20 16:19:57 sip /home/kamailio/sbin/kamailio[16382]: DBG:core:receive_msg: cleaning up *Sep 20 16:20:36 sip /home/kamailio/sbin/kamailio[16385]: PIKE - UNBLOCKing node 0xb59c6800 *Any ideas?
Regards,
Miguel Baptista
On 16.09.2010 10:17, Daniel-Constantin Mierla wrote:
Hello,
can you get a verbose debug log (debug=4)?
Thanks, Daniel
On 9/10/10 1:58 PM, MyUser Baptista wrote:
Hi All,
I'm running kamailio-1.5.4-tls and I want to enable pike module in it. I did some test but it isn't working properly. I mean it isn't acting according to the /remove_latancy/ parameter. When an IP address is blocked (cause it triggered the pike module), it should be blocked for the amount of time (seconds I presumed) defined on the /remove_latancy /parameter, right? but it isn't
Here is my pike module config (it's just a test config)
# ---- Pike --- /* we are usign default values. We should tunning it up */ modparam("pike", "sampling_time_unit", 30) modparam("pike", "reqs_density_per_unit", 10) modparam("pike", "remove_latency", 3600) modparam("pike", "pike_log_level",-1)
and here is the output
/Sep 10 *13:33:35* sip /home/kamailio/sbin/kamailio[21414]: PIKE - BLOCKing ip XXX.XXX.XXX.XXX, node=0xb5a2eb58 Sep 10 13:33:35 sip /home/kamailio/sbin/kamailio[21414]: Warning: too many requests from XXX.XXX.XXX.XXX:5060 Sep 10 *13:34:12* sip /home/kamailio/sbin/kamailio[21420]: PIKE - UNBLOCKing node 0xb5a2eb58 ...
Sep 10 *13:35:22* sip /home/kamailio/sbin/kamailio[21418]: PIKE - BLOCKing ip XXX.XXX.XXX.XXX,, node=0xb5a2eb58 Sep 10 13:35:22 sip /home/kamailio/sbin/kamailio[21418]: Warning: too many requests from XXX.XXX.XXX.XXX,:5060 Sep 10 *13:36:12* sip /home/kamailio/sbin/kamailio[21420]: PIKE - UNBLOCKing node 0xb5a2eb58 / Shouldn't it be blocked for 3600 seconds?
Then I changed the /remove_latancy/ parameter to /modparam("pike", "remove_latency", 334500) / / Sep 10 *13:37:09* sip /home/kamailio/sbin/kamailio[21462]: PIKE - BLOCKing ip XXX.XXX.XXX.XXX,, node=0xb5986b90 Sep 10 13:37:09 sip /home/kamailio/sbin/kamailio[21462]: Warning: too many requests from XXX.XXX.XXX.XXX,:5060 Sep 10 *13:37:52* sip /home/kamailio/sbin/kamailio[21466]: PIKE - UNBLOCKing node 0xb5986b90 / but the it didn't seem to have any real difference.
Any ideas? / / Best Regards,
MyUser Baptista
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla http://www.asipto.com
-
Daniel-Constantin Mierla -
Miguel Baptista