[Kamailio-Devel] [ openser-Bugs-2206394 ] Pike module is not working!

SourceForge.net noreply at sourceforge.net
Fri Dec 5 12:46:19 CET 2008 

Bugs item #2206394, was opened at 2008-10-29 04:24
Message generated for change (Comment added) made by henningw
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2206394&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver 1.4.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: arifzaman (arifzaman)
Assigned to: Henning Westerholt (henningw)
Summary: Pike module is not working!

Initial Comment:
Hi,

I’ve configured Kamailio(OpenSER) with Pike module but it’s not working as expected (doesn’t block IP according to the configured time).

Here is a simple configuration by considering the following:
------------------------------------------------------
modparam("pike", "sampling_time_unit", 60) #1 minute
modparam("pike", "reqs_density_per_unit", 200) #200 requests
modparam("pike", "remove_latency", 7200) #Block IP for 2 hours
 
if (!pike_check_req())
    xlog("L_NOTICE","ARIF: TOO MANY HITS FROM $si\n");
    exit;
}
------------------------------------------------------
If the number of SIP messages from a single IP address to my SIP Proxy exceeds 200 per minute. Action: Block IP for 2 hours. 

I’m not sure whether I’m doing wrong or is there any problem with Pike module? 

Please have a look.

Thanks in advance!
ARIF

----------------------------------------------------------------------

>Comment By: Henning Westerholt (henningw)
Date: 2008-12-05 11:46

Message:
Hi Arif,

any update on this issue?

Henning

----------------------------------------------------------------------

Comment By: Ovidiu Sas (osas)
Date: 2008-11-13 14:51

Message:
Please upload a patch.  A patch can be created by capturing the output of
the svn diff coammand:
svn diff > pike.patch
Please upload the pike.patch file.

Regards,
Ovidiu Sas

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2008-11-13 09:06

Message:
yes
klaus

----------------------------------------------------------------------

Comment By: arifzaman (arifzaman)
Date: 2008-11-13 05:08

Message:
Hi Henning,

Please let me know the right way so that i can share my updated source of
pike module with the resolution of blocking issue. Do i just upload my
source as attachment?

Thanks,
ARIF

----------------------------------------------------------------------

Comment By: arifzaman (arifzaman)
Date: 2008-11-12 12:35

Message:
Hi Henning,

Yes you are right! problem with remove_latency timer, blocked addresses
are removed to fast.

Ok, very soon, i’ll upload my source with the resolution of blocking
issue.

Thanks,
ARIF

----------------------------------------------------------------------

Comment By: Henning Westerholt (henningw)
Date: 2008-11-12 12:23

Message:
Hi Arif,

thanks for the comments. Ok, you say the problem lays in the
remove_latency timer, blocked addresses are removed to fast. What do you
mean with "mange" parameters? You changed the code, perhaps you can sumit a
patch?

Henning

----------------------------------------------------------------------

Comment By: arifzaman (arifzaman)
Date: 2008-11-12 12:03

Message:
Hi Henning,

Thanks for your feedback. I’ve tried with pike logging and below is my
findings:

Does the module fails to block IPs at all?
ARIF: Pike module blocks ip properly. Result is OK.

Does it block after the wrong number of SIP messages.
ARIF: Yes, it blocks after receiving the specified number of SIP messages
within sampling time period. Result is OK.

or the wrong time intervall?
ARIF: Yes, "sampling_time_unit" is OK. But problem with "remove_latency"
time.

Does it not remove the blocked IP addresses from the list?
ARIF: Remove ip address within some minutes.

FYI, Problem is to mange "sampling_time_unit" and "remove_latency"
parameters. Last month, I've fixed this problem by updating the source
code. And it is working perfectly for me.

Thanks,
ARIF

----------------------------------------------------------------------

Comment By: Henning Westerholt (henningw)
Date: 2008-11-12 11:41

Message:
Hi Arif,

have you tried to activate the pike logging? It will report then to you
when its block and unblock a IP address. Just set the pike_log_level
parameter to something below your server log level.

I've noticed that the module behaves a little bit others then i expected,
i needed to tune the parameter somewhat to get the behaviour i want. Does
the module fails to block IPs at all? Does it block after the wrong number
of SIP messages, or the wrong time intervall? Does it not remove the
blocked IP addresses from the list?

Henning

----------------------------------------------------------------------

Comment By: arifzaman (arifzaman)
Date: 2008-11-12 07:33

Message:
Hi Henning,

Yes, you are right. I've missed to put bracket in my post. It's a typing
mistake, nothing else.

I've configured OpenSER by considering the following case. But it doesn't
work for me. Could you please check again?

CASE:
If the number of SIP messages from a single IP address to my SIP Proxy
exceeds 200 per minute. Action: Block IP for 2 hours. 

CONFIG:
modparam("pike", "sampling_time_unit", 60) #1 minute
modparam("pike", "reqs_density_per_unit", 200) #200 requests
modparam("pike", "remove_latency", 7200) #Block IP for 2 hours

if (!pike_check_req()) {
  xlog("L_NOTICE","ARIF: TOO MANY HITS FROM $si\n");
  exit;
}

Thanks,
ARIF

----------------------------------------------------------------------

Comment By: Henning Westerholt (henningw)
Date: 2008-11-11 15:01

Message:
Hi Arif,

i did some test with the pike module. I think it works, when the limit is
reached, the request is blocked. I used the same logic as you (althought
you ommit one bracket in your example):

if (!pike_check_req()) {
  xlog("dropped");
  exit;
}

It also remove the IP from the blocking list when the timout is reached.
Can you share a little bit more details what exactly is not working as you
expected?

Thanks,

Henning

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2206394&group_id=139143

More information about the Devel mailing list