Hi,

Thanks David,

I was trying an alternate way as Mr. Daniel presented in ClueCon. Pasting below the snippet from my configuration. Somehow the code is not working. kacmd htable.dump acalls returning empty results. What might be wrong?

modparam("htable", "htable", "acalls=>size=8;autoexpire=7200;") modparam("cfgutils", "lock_set_size", 8)

request_route {

# per request initial checks route(REQINIT);

# NAT detection route(NATDETECT);

# CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) t_relay(); exit; }

# handle requests within SIP dialogs route(WITHINDLG);

### only initial requests (no To tag)

t_check_trans();

# authentication route(AUTH);

# record routing for dialog forming requests (in case they are routed) # - remove preloaded route headers remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) record_route();

# account only INVITEs if (is_method("INVITE")) { setflag(FLT_ACC); # do accounting } if(is_method("BYE")) { $sht(acalls=>$ci) = $null; }

# dispatch requests to foreign domains route(SIPOUT);

### requests for my local domains

# handle presence related requests route(PRESENCE);

# handle registrations route(REGISTRAR);

if ($rU==$null) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } route(ACLIMIT); # dispatch destinations to LOADBALANCE #!ifdef WITH_LOADBALANCE

if($rU=~"^([0-9]{10}|1[0-9]{10}|37051[0-9]{10}|3706[0-9]{10})$") { route(LOADBALANCE); } route(ACLIMIT); route(RELAY);

#!endif

reply_route {

if(is_method("INVITE") && $rs>=300) { $sht(acalls=>$ci) = $null; }

route[ACLIMIT] { if(is_method("INVITE") && !has_totag()) { lock("$fU"); $var(ac) = $shtcv(acalls=>eq$fU); if($var(ac) >= 4) { unlock("$fU"); send_reply("403", "Too many active calls"); exit; } $sht(acalls=>$ci) = $fU; unlock("$fU"); } }

#!ifdef WITH_LOADBALANCE route[LOADBALANCE] {

if(!ds_select_dst("0", "4")) {

xlog("L_NOTICE", "No destination available!"); send_reply("404", "No destination"); exit; } xlog("L_DBG", "--- SCRIPT: going to <$ru> via <$du>\n"); t_set_fr(0,2000); t_on_failure("RTF_DISPATCH"); route(RELAY); return; }

#!endif

##Failure route failure_route[RTF_DISPATCH] { if (t_is_canceled()) { exit; } # next DST - only for 500 or local timeout if (t_check_status("500") or (t_branch_timeout() and !t_branch_replied())) { if(ds_next_dst()) { t_on_failure("RTF_DISPATCH"); route(RELAY); exit; } } }

On 16-Dec-2016, at 6:34 PM, David Villasmil david.villasmil.work@gmail.com wrote:

you can achieve that with the dialog module. http://www.kamailio.org/docs/modules/4.4.x/modules/dialog_ng.html http://www.kamailio.org/docs/modules/4.4.x/modules/dialog_ng.html

Regards,

David Villasmil email: david.villasmil.work@gmail.com mailto:david.villasmil.work@gmail.com phone: +34669448337

On Fri, Dec 16, 2016 at 10:33 AM, Cibin Paul <paul_cibin@me.com mailto:paul_cibin@me.com> wrote: Hi,

Is there a way to limit the number of active calls per cli or dst number basis? Yesterday my system had a ddos attack in which 123456 (CLI) was hitting 2345 (DID) at a rate of 100-200 calls per minute. I would like to restrict to 2-4 simultaneous calls per CLI/DST.

Any help would be appreciated.

Thanks, Cibin

---

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

---

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Thanks Alex,

I will try your suggestion and update here.

Regards Cibin

On 16-Dec-2016, at 8:38 PM, Alex Balashov abalashov@evaristesys.com wrote:

The dialog module (dialog, not dialog_ng) would be a cleaner and more natural solution, since it handles most possible eventualities of dialog state transition for you more cleanly than if you keep state yourself via htable.

-- Alex

-- Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 (direct) / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/

---

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Hi,

I defined the following two parameters and the error was gone. Still fighting to make the logic work

modparam("dialog", "dlg_flag", 4) modparam("dialog", "profiles_with_value", "caller ; callee")

Thanks & Regards Cibin

On 17-Dec-2016, at 10:57 AM, Cibin Paul paul_cibin@me.com wrote:

Hi,

I tried using dialog module and was throwing the following error. dialog module was loaded after tm and rr modules.

Kamailio 4.1.7

ERROR: dialog [dialog.c:524]: mod_init(): no dlg flag set!! ERROR: <core> [sr_module.c:970]: init_mod(): init_mod(): Error while initializing module dialog (/usr/local/lib64/kamailio/modules/dialog.so)

ll /usr/local/lib64/kamailio/modules/dialog.so -rwxr-xr-x 1 root root 679638 Jan 30 2015 /usr/local/lib64/kamailio/modules/dialog.so

Configuration

modparam("dialog", "hash_size", 2048) modparam("dialog", "timeout_avp", "$avp(i:10)") modparam("dialog", "default_timeout", 21600)

request_route { .. dlg_manage(); if(is_method("INVITE") && !has_totag()) { if(get_profile_size("caller","$fu","$avp(size)")) {

                    if($avp(size) >= 2) {
                            send_reply("403", "Too many active calls");
                            exit;
                    }
                    else
                    {
                            set_dlg_profile("caller","$fu");
                    }
            }
    }

    # dispatch destinations to LOADBALANCE
    #!ifdef WITH_LOADBALANCE

if($rU=~"^([0-9]{10}|1[0-9]{10}|3706[0-9]{10}|37051[0-9]{10})$") { route(LOADBALANCE); } #!endif route(LOCATION); route(RELAY);

} reply_route { unset_dlg_profile("caller","$fu"); }

Thanks & Regards Cibin

...

On 16-Dec-2016, at 8:56 PM, Cibin Paul <paul_cibin@me.com mailto:paul_cibin@me.com> wrote:

Thanks Alex,

I will try your suggestion and update here.

Regards Cibin

On 16-Dec-2016, at 8:38 PM, Alex Balashov <abalashov@evaristesys.com mailto:abalashov@evaristesys.com> wrote:

...

The dialog module (dialog, not dialog_ng) would be a cleaner and more natural solution, since it handles most possible eventualities of dialog state transition for you more cleanly than if you keep state yourself via htable.

-- Alex

-- Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 (direct) / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/ http://www.evaristesys.com/, http://www.csrpswitch.com/ http://www.csrpswitch.com/

---

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

---

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

---

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

in this case you have to manually take care of in dialog requests and when the call terminate so you can unset the variable. Dailog with profiling is the better way to go. On Sun, 18 Dec 2016 at 5:27 AM David Villasmil < david.villasmil.work@gmail.com> wrote:

Just thinking out loud, if you use memcached maybe simply storing a variable with the username and checking whether it is set before allowing a call from that user. That would work.

David

---

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

sr-users@lists.sip-router.org

http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users