Hello, improvements to the documentation are always more than welcome! Pike is a rather old module, not much touched lately, so its docs could be from long time ago. At some point I wanted to put some new code to allow defining more IP blocking trees and a few other enhancements, but other projects got into the way...
Cheers, Daniel On 22.03.20 16:40, JR Richardson wrote: > > Thanks Daniel, > > > > That clear it up a bit. For my own edification, when I get a few > minutes, I’ll lab this up and throw some specific quantities of SIP > packets and validate the time and density of trigger and report back. > Maybe we can update the module documentation for clarity and remove > some confusion. > > > > JR > > > > JR Richardson > > Engineering for the Masses > > Chasing the Azeotrope > > JRx DistillCo > > 1’st Place Brisket > > > > *From:* Daniel-Constantin Mierla <[email protected]> > *Sent:* Sunday, March 22, 2020 4:37 AM > *To:* Kamailio (SER) - Users Mailing List > <[email protected]>; JR Richardson > <[email protected]>; SIP Router - Kamailio (OpenSER) and SIP > Express Router (SER) - Users Mailing List <[email protected]> > *Subject:* Re: [SR-Users] Pike Module Clarification > > > > Hello, > > I am not very familiar with the code as I haven't written the module, > but iirc, if it is an isolated IP, then it takes 3 x > sampling_time_unit to block that IP if there is traffic from it at a > rate of more than 30 requests (can be even 1000+ requests). > > Then, an IP can be blocked after the first sampling_time_unit if it is > part of a subnetwork (/24) that has other IP addresses already blocked. > > As a simple rule, any IP is blocked for sure after 3 x > sampling_time_unit with higher rate than the density and is kept block > if it continues to send high volume of requests. > > Cheers, > Daniel > > On 21.03.20 15:18, JR Richardson wrote: > > Hi All, > > > > Please clarify the pike settings for SIP message count, the module > Doc reports: > > > > ---- > > modparam("pike", "sampling_time_unit", 10) > > modparam("pike", "reqs_density_per_unit", 30) > > > > How many requests should be allowed per |sampling_time_unit| > before blocking all the incoming request from that IP. > Practically, the blocking limit is between ( let's have > x=reqs_density_per_unit) x and 3*x for IPv4 addresses and between > x and 8*x for IPv6 addresses. > > ----- > > > > So the example above the SIP message rate is 30 messages within 10 > seconds triggers an pike alert? > > > > The description I’m confused on is “Practically, the blocking > ‘*limit is between’*(let's have x=reqs_density_per_unit) x and 3*x > for IPv4” > > > > The way this reads to me is the Pike alert could be triggered > anywhere between 30 and 90 (3*30) messages within 10 second > period. Am I reading this correctly? What determines when the pike > trigger actually happens, could the trigger happen at say 56 > messages within 10 seconds? > > > > Thanks. > > > > JR Richardson > > Engineering for the Masses > > Chasing the Azeotrope > > JRx DistillCo > > 1’st Place Brisket > > 1’st Place Chili > > > > _______________________________________________ > > Kamailio (SER) - Users Mailing List > > [email protected] <mailto:[email protected]> > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > -- > Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com> > www.twitter.com/miconda <http://www.twitter.com/miconda> -- > www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda> -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
