File: README

package info (click to toggle)
openser 1.1.0-9etch1
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 9,828 kB
  • ctags: 11,809
  • sloc: ansic: 120,528; sh: 5,249; yacc: 1,716; makefile: 1,261; php: 656; perl: 205; sql: 190
file content (223 lines) | stat: -rw-r--r-- 6,913 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
 

pike Module

Bogdan-Andrei Iancu

   voice-system.ro

Edited by

Bogdan-Andrei Iancu

   Copyright  2003 FhG FOKUS
     _________________________________________________________

   Table of Contents
   1. User's Guide

        1.1. Overview
        1.2. Dependencies

              1.2.1. OpenSER Modules
              1.2.2. External Libraries or Applications

        1.3. Exported Parameters

              1.3.1. sampling_time_unit (integer)
              1.3.2. reqs_density_per_unit (integer)
              1.3.3. remove_latency (integer)

        1.4. Exported Functions

              1.4.1. pike_check_req()

   2. Developer's Guide
   3. Frequently Asked Questions

   List of Examples
   1-1. Set sampling_time_unit parameter
   1-2. Set reqs_density_per_unit parameter
   1-3. Set remove_latency parameter
   1-4. pike_check_req usage
   2-1. Tree of IP addresses
     _________________________________________________________

Chapter 1. User's Guide

1.1. Overview

   The module keeps trace of all (or selected ones) incoming
   request's IP source and blocks the ones that exceeded some
   limit. Works simultaneous for IPv4 and IPv6 addresses.

   The module does not implement any actions on blocking - it
   just simply reports that the there is an high traffic from an
   IP; what to do, is the administator decision (via scripting).
     _________________________________________________________

1.2. Dependencies

1.2.1. OpenSER Modules

   The following modules must be loaded before this module:

     * No dependencies on other OpenSER modules.
     _________________________________________________________

1.2.2. External Libraries or Applications

   The following libraries or applications must be installed
   before running OpenSER with this module loaded:

     * None.
     _________________________________________________________

1.3. Exported Parameters

1.3.1. sampling_time_unit (integer)

   Time period used for sampling (or the sampling accuracy ;-) ).
   The smaller the better, but slower. If you want to detect
   peeks, use a small one. To limit the access (like total number
   of requests on a long period of time) to a proxy resource (a
   gateway for ex), use a bigger value of this parameter.

   IMPORTANT: a too small value may lead to performance penalties
   due timer process overloading.

   Default value is 2. 

   Example 1-1. Set sampling_time_unit parameter
...
modparam("pike", "sampling_time_unit", 10)
...
     _________________________________________________________

1.3.2. reqs_density_per_unit (integer)

   How many requests should be allowed per sampling_time_unit
   before blocking all the incoming request from that IP.
   Practically, the blocking limit is between ( let's have
   x=reqs_density_per_unit) x and 3*x for IPv4 addresses and
   between x and 8*x for ipv6 addresses.

   Default value is 30. 

   Example 1-2. Set reqs_density_per_unit parameter
...
modparam("pike", "reqs_density_per_unit", 30)
...
     _________________________________________________________

1.3.3. remove_latency (integer)

   For how long the IP address will be kept in memory after the
   last request from that IP address. It's a sort of timeout
   value.

   Default value is 120. 

   Example 1-3. Set remove_latency parameter
...
modparam("pike", "remove_latency", 130)
...
     _________________________________________________________

1.4. Exported Functions

1.4.1. pike_check_req()

   Process the source IP of the current request and returns false
   if the IP was exceeding the blocking limit.

   IMPORTANT: in case of internal error, the function returns
   true to avoid reporting the current processed IP as blocked.

   This function can be used from REQUEST_ROUTE.

   Example 1-4. pike_check_req usage
...
if (!pike_check_req()) { break; };
...
     _________________________________________________________

Chapter 2. Developer's Guide

   One single tree (for both IPv4 and IPv6) is used. Each node
   contains a byte, the IP addresses stretching from root to the
   leafs.

   Example 2-1. Tree of IP addresses
           / 193 - 175 - 132 - 164
tree root /                  \ 142
          \ 195 - 37 - 78 - 163
           \ 79 - 134

   To detect the whole address, step by step, from the root to
   the leafs, the nodes corresponding to each byte of the ip
   address are expanded. In order to be expended a node has to be
   hit for a given number of times (possible by different
   addresses; in the previous example, the node "37" was expended
   by the 195.37.78.163 and 195.37.79.134 hits).

   For 193.175.132.164 with x= reqs_density_per_unit:

     * After first req hits -> the "193" node is built.
     * After x more hits, the "175" node is build; the hits of
       "193" node are split between itself and its child--both of
       them gone have x/2.
     * And so on for node "132" and "164".
     * Once "164" build the entire address can be found in the
       tree. "164" becomes a leaf. After it will be hit as a leaf
       for x times, it will become "RED" (further request from
       this address will be blocked).

   So, to build and block this address were needed 3*x hits. Now,
   if reqs start coming from 193.175.132.142, the first 3 bytes
   are already in the tree (they are shared with the previous
   address), so I will need only x hits (to build node "142" and
   to make it "RED") to make this address also to be blocked.
   This is the reason for the variable number of hits necessary
   to block an IP.

   The maximum number of hits to turn an address red are (n is
   the address's number of bytes):

   1 (first byte) + x (second byte) + (x / 2) * (n - 2) (for the
   rest of the bytes) + (n - 1) (to turn the node to red).

   So, for IPv4 (n = 4) will be 3x and for IPv6 (n = 16) will be
   9x. The minimum number of hits to turn an address red is x.
     _________________________________________________________

Chapter 3. Frequently Asked Questions

   3.1. Where can I find more about OpenSER?
   3.2. Where can I post a question about this module?
   3.3. How can I report a bug?

   3.1. Where can I find more about OpenSER?

   Take a look at http://openser.org/.

   3.2. Where can I post a question about this module?

   First at all check if your question was already answered on
   one of our mailing lists:

     * User Mailing List -
       http://openser.org/cgi-bin/mailman/listinfo/users
     * Developer Mailing List -
       http://openser.org/cgi-bin/mailman/listinfo/devel

   E-mails regarding any stable OpenSER release should be sent to
   <users@openser.org> and e-mails regarding development versions
   should be sent to <devel@openser.org>.

   If you want to keep the mail private, send it to
   <team@openser.org>.

   3.3. How can I report a bug?

   Please follow the guidelines provided at:
   http://sourceforge.net/tracker/?group_id=139143.