Looks ok for me. If you push it, then you have to update the wiki core books section for it as well.
Cheers, Daniel
On 19.10.23 09:14, Juha Heinanen via sr-dev wrote:
How about the diff below?
Also, is there plan to backport ksr_tcp_msg_data_timeout, ksr_tcp_msg_read_timeout, and ksr_tcp_check_timer to 5.7, since they can help in protecting from DoS attacks that we have seen in the wild.
-- Juha
diff --git a/src/main.c b/src/main.c index 0fa2da6ec2..f3cddf8bad 100644 --- a/src/main.c +++ b/src/main.c @@ -535,7 +535,7 @@ int ksr_tcp_msg_read_timeout = 20; /* timeout (secs) to read SIP message */ int ksr_tcp_msg_data_timeout = 20; /* timeout (secs) to receive first msg data */ int ksr_tcp_accept_iplimit = 1024; /* limit of accepted connections per IP */ -int ksr_tcp_check_timer = 10; /* seconds to check tcp connections */ +int ksr_tcp_check_timer = -1; /* seconds to check tcp connections */
/* memory manager */ #define SR_MEMMNG_DEFAULT "qm" @@ -1726,12 +1726,22 @@ int main_loop(void) cfg_main_reset_local();
#ifdef USE_TCP
if(!tcp_disable && ksr_tcp_check_timer > 0) {if(sr_wtimer_add(
if(!tcp_disable) {if(ksr_tcp_check_timer == -1) {if(ksr_tcp_msg_data_timeout > 0 && ksr_tcp_msg_read_timeout > 0)ksr_tcp_check_timer =MIN(ksr_tcp_msg_data_timeout, ksr_tcp_msg_read_timeout) / 2;elseksr_tcp_check_timer = ksr_tcp_msg_data_timeout > 0 ?ksr_tcp_msg_data_timeout / 2 : ksr_tcp_msg_read_timeout / 2;}if(ksr_tcp_check_timer > 0) {if(sr_wtimer_add( tcp_timer_check_connections, NULL, ksr_tcp_check_timer)
< 0) {LM_CRIT("cannot add timer for tcp connection checks\n");goto error;
< 0) {LM_CRIT("cannot add timer for tcp connection checks\n");goto error;} }#endif _______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-leave@lists.kamailio.org