diff --git a/conf.d/ysipchan.conf.sample b/conf.d/ysipchan.conf.sample index 0602b6a8..d7082c0e 100644 --- a/conf.d/ysipchan.conf.sample +++ b/conf.d/ysipchan.conf.sample @@ -38,12 +38,18 @@ ; Low priorities are not recommended except for debugging ;thread=normal -; floodevents: int: How many SIP events retrieved in a row trigger the drop mechanism -; for INVITE/REGISTER/SUBSCRIBE/OPTIONS messages. Other messages, as well as reINVITEs, -; will be allowed -; NOTE! This mechanism is activated by default, to disable it configure this parameter to 0. +; floodevents: int: How many SIP events retrieved in a row trigger a flood warning and the drop mechanism +; for INVITE/REGISTER/SUBSCRIBE/OPTIONS messages if the flood protection is on. +; NOTE! The drop mechanism is separately activated by the floodprotection setting which is on by default. Also, +; setting this parameter to 0 will disable the flood warning and protection. ;floodevents=100 +; floodprotection: bool: Activate the drop mechanism for INVITE/REGISTER/SUBSCRIBE/OPTIONS messages when +; the number of SIP events retrieved in a row exceeds the number set for floodevents setting. +; Other messages, as well as reINVITEs, will be allowed. +; NOTE! This mechanism is activated by default, to disable it configure this parameter to false. +;floodprotection=on + ; maxforwards: int: Default Max-Forwards header, used to avoid looping calls ;maxforwards=20 diff --git a/modules/ysipchan.cpp b/modules/ysipchan.cpp index 1af24927..0f845864 100644 --- a/modules/ysipchan.cpp +++ b/modules/ysipchan.cpp @@ -1027,7 +1027,8 @@ static unsigned int s_engineStop = 0; // engine.stop message counter static bool s_engineHalt = false; // engine.halt received static unsigned int s_bindRetryMs = 500; // Listeners bind retry interval static String s_realm = "Yate"; -static int s_floodEvents = 20; +static int s_floodEvents = 100; +static bool s_floodProtection = true; static int s_maxForwards = 20; static int s_nat_refresh = 25; static bool s_privacy = false; @@ -2556,7 +2557,7 @@ int YateSIPUDPTransport::process() b[res] = 0; if (s_printMsg) printRecvMsg(b,res); - if (s_floodEvents && plugin.ep() && plugin.ep()->s_evCount >= s_floodEvents && !msgIsAllowed(b,res)) { + if (s_floodProtection && s_floodEvents && plugin.ep() && plugin.ep()->s_evCount >= s_floodEvents && !msgIsAllowed(b,res)) { if (Time::now() >= s_printFloodTime) { Debug(&plugin,DebugWarn,"Flood detected, dropping INVITE/REGISTER/SUBSCRIBE/OPTIONS messages, allowing reINVITES"); s_printFloodTime = Time::now() + 10000000; @@ -4265,8 +4266,10 @@ void YateSIPEndPoint::run() for (;;) { if (!canRead()) { - if ((s_evCount % s_floodEvents) == 0) - Debug(&plugin,DebugMild,"Severe flood detected: %d events",s_evCount); + if (s_evCount == s_floodEvents) + Debug(&plugin,DebugMild,"Flood detected: %d handled events",s_evCount); + else if ((s_evCount % s_floodEvents) == 0) + Debug(&plugin,DebugWarn,"Severe flood detected: %d events",s_evCount); } SIPEvent* e = m_engine->getEvent(); if (e) @@ -7663,6 +7666,7 @@ void SIPDriver::initialize() s_globalMutex.unlock(); s_maxForwards = s_cfg.getIntValue("general","maxforwards",20); s_floodEvents = s_cfg.getIntValue("general","floodevents",100); + s_floodProtection = s_cfg.getBoolValue("general","floodprotection",true); s_privacy = s_cfg.getBoolValue("general","privacy"); s_auto_nat = s_cfg.getBoolValue("general","nat",true); s_progress = s_cfg.getBoolValue("general","progress",false);