[sr-dev] Re: git:master:1acede64: core: added tcp_check_timer parameter
Looks ok for me. If you push it, then you have to update the wiki core
books section for it as well.
Cheers,
Daniel
On 19.10.23 09:14, Juha Heinanen via sr-dev wrote:
> How about the diff below?
>
> Also, is there plan to backport ksr_tcp_msg_data_timeout,
> ksr_tcp_msg_read_timeout, and ksr_tcp_check_timer to 5.7, since they can
> help in protecting from DoS attacks that we have seen in the wild.
>
> -- Juha
>
> diff --git a/src/main.c b/src/main.c
> index 0fa2da6ec2..f3cddf8bad 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -535,7 +535,7 @@ int ksr_tcp_msg_read_timeout = 20; /* timeout (secs) to
> read SIP message */
> int ksr_tcp_msg_data_timeout =
> 20; /* timeout (secs) to receive first msg data */
> int ksr_tcp_accept_iplimit = 1024; /* limit of accepted connections per IP */
> -int ksr_tcp_check_timer = 10; /* seconds to check tcp connections
> */
> +int ksr_tcp_check_timer = -1; /* seconds to check tcp connections
> */
>
> /* memory manager */
> #define SR_MEMMNG_DEFAULT "qm"
> @@ -1726,12 +1726,22 @@ int main_loop(void)
> cfg_main_reset_local();
>
> #ifdef USE_TCP
> - if(!tcp_disable && ksr_tcp_check_timer > 0) {
> - if(sr_wtimer_add(
> + if(!tcp_disable) {
> + if(ksr_tcp_check_timer == -1) {
> + if(ksr_tcp_msg_data_timeout > 0 &&
> ksr_tcp_msg_read_timeout > 0)
> + ksr_tcp_check_timer =
> + MIN(ksr_tcp_msg_data_timeout,
> ksr_tcp_msg_read_timeout) / 2;
> + else
> + ksr_tcp_check_timer =
> ksr_tcp_msg_data_timeout > 0 ?
> + ksr_tcp_msg_data_timeout / 2 :
> ksr_tcp_msg_read_timeout / 2;
> + }
> + if(ksr_tcp_check_timer > 0) {
> + if(sr_wtimer_add(
> tcp_timer_check_connections, NULL,
> ksr_tcp_check_timer)
> - < 0) {
> - LM_CRIT("cannot add timer for tcp connection
> checks\n");
> - goto error;
> +< 0) {
> + LM_CRIT("cannot add timer for tcp
> connection checks\n");
> + goto error;
> + }
> }
> }
> #endif
> ___
> Kamailio (SER) - Development Mailing List
> To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy and Development Services
Kamailio Advanced Training - Online - Nov 14-16, 2023 -- asipto.com
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: git:master:1acede64: core: added tcp_check_timer parameter
How about the diff below?
Also, is there plan to backport ksr_tcp_msg_data_timeout,
ksr_tcp_msg_read_timeout, and ksr_tcp_check_timer to 5.7, since they can
help in protecting from DoS attacks that we have seen in the wild.
-- Juha
diff --git a/src/main.c b/src/main.c
index 0fa2da6ec2..f3cddf8bad 100644
--- a/src/main.c
+++ b/src/main.c
@@ -535,7 +535,7 @@ int ksr_tcp_msg_read_timeout = 20; /* timeout (secs) to
read SIP message */
int ksr_tcp_msg_data_timeout =
20; /* timeout (secs) to receive first msg data */
int ksr_tcp_accept_iplimit = 1024; /* limit of accepted connections per IP */
-int ksr_tcp_check_timer = 10; /* seconds to check tcp connections */
+int ksr_tcp_check_timer = -1; /* seconds to check tcp connections */
/* memory manager */
#define SR_MEMMNG_DEFAULT "qm"
@@ -1726,12 +1726,22 @@ int main_loop(void)
cfg_main_reset_local();
#ifdef USE_TCP
- if(!tcp_disable && ksr_tcp_check_timer > 0) {
- if(sr_wtimer_add(
+ if(!tcp_disable) {
+ if(ksr_tcp_check_timer == -1) {
+ if(ksr_tcp_msg_data_timeout > 0 &&
ksr_tcp_msg_read_timeout > 0)
+ ksr_tcp_check_timer =
+ MIN(ksr_tcp_msg_data_timeout,
ksr_tcp_msg_read_timeout) / 2;
+ else
+ ksr_tcp_check_timer =
ksr_tcp_msg_data_timeout > 0 ?
+ ksr_tcp_msg_data_timeout / 2 :
ksr_tcp_msg_read_timeout / 2;
+ }
+ if(ksr_tcp_check_timer > 0) {
+ if(sr_wtimer_add(
tcp_timer_check_connections, NULL,
ksr_tcp_check_timer)
- < 0) {
- LM_CRIT("cannot add timer for tcp connection
checks\n");
- goto error;
+ < 0) {
+ LM_CRIT("cannot add timer for tcp
connection checks\n");
+ goto error;
+ }
}
}
#endif
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: git:master:1acede64: core: added tcp_check_timer parameter
On 16.10.23 12:44, Juha Heinanen wrote: > Daniel-Constantin Mierla writes: > >>> In order to make configuration simpler, how about having a dynamic default >>> as I suggested? >> Default is half (hardcoded), but its own parameter gives more >> flexibility for granularity -- one extra parameter is not adding much >> complexity, imo, and case by case one may want more often checks to >> clean up those that end up in timeout. > I didn't suggest to remove the parameter, but change its default value > if the parameter is not given. You can add such behaviour if you want. Cheers, Daniel -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy and Development Services Kamailio Advanced Training - Online - Nov 14-16, 2023 -- asipto.com ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: git:master:1acede64: core: added tcp_check_timer parameter
Daniel-Constantin Mierla writes: > > In order to make configuration simpler, how about having a dynamic default > > as I suggested? > > Default is half (hardcoded), but its own parameter gives more > flexibility for granularity -- one extra parameter is not adding much > complexity, imo, and case by case one may want more often checks to > clean up those that end up in timeout. I didn't suggest to remove the parameter, but change its default value if the parameter is not given. ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: git:master:1acede64: core: added tcp_check_timer parameter
On 16.10.23 12:27, Juha Heinanen wrote: > Daniel-Constantin Mierla writes: > >> Smaller is recommended for better accuracy. > In order to make configuration simpler, how about having a dynamic default > as I suggested? Default is half (hardcoded), but its own parameter gives more flexibility for granularity -- one extra parameter is not adding much complexity, imo, and case by case one may want more often checks to clean up those that end up in timeout. Cheers, Daniel -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy and Development Services Kamailio Advanced Training - Online - Nov 14-16, 2023 -- asipto.com ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: git:master:1acede64: core: added tcp_check_timer parameter
Daniel-Constantin Mierla writes: > Smaller is recommended for better accuracy. In order to make configuration simpler, how about having a dynamic default as I suggested? ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: git:master:1acede64: core: added tcp_check_timer parameter
On 16.10.23 10:25, Juha Heinanen wrote: > Daniel-Constantin Mierla via sr-dev writes: > >> core: added tcp_check_timer parameter >> >> - set the check interval (in seconds) for tcp connections >> - default 10 > Does this need to be smaller than tcp_msg_read_timeout and > tcp_msg_data_timeout in order for them to have effect? They will have anyhow effect, but can be later -- you have to consider always the value of tcp_check_timeras a possible delay. Smaller is recommended for better accuracy. Cheers, Daniel -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy and Development Services Kamailio Advanced Training - Online - Nov 14-16, 2023 -- asipto.com ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: git:master:1acede64: core: added tcp_check_timer parameter
If so, how about defaulting to half of tcp_msg_read_timeout or tcp_msg_data_timeout whichever is smallest? ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
