[OpenSIPS-Users] remove_latency value in pike module is not respected

Santi Antón santi.anton at quarea.com
Wed Oct 2 08:37:35 UTC 2024


Thanks Bogdan,

Now it makes sense.

Salutacions/Saludos,

Santi Antón Oñate
Quarea ITC Management & Consulting
902520520

De: Bogdan-Andrei Iancu <bogdan at opensips.org>
Enviat: martes, 24 de septiembre de 2024 10:41
Per a: OpenSIPS users mailling list <users at lists.opensips.org>; Santi Antón <santi.anton at quarea.com>
Tema: Re: [OpenSIPS-Users] remove_latency value in pike module is not respected

Hi Santi,

The remove_latency is not about "unblocking" the node, but for how slow the nodes should be removed from IP tree, if there are not hits (this is something that controls the collapsing of the tree if there is no traffic/hits).

The node will stay BLOCK as time as there is traffic (as volume) to match the "blocking" condition. As soon as the traffic goes away and the condition fails, the node is unblocked.

I agree that the naming is not the best, neither the explanations in the docs :P...

The idea here is to have pike module as a way of detecting (the flooding srcs) and not as a tool to manage the blocking. For such purposes you can use dedicated tools like file2ban.

Best regards,


Bogdan-Andrei Iancu



OpenSIPS Founder and Developer

  https://www.opensips-solutions.com

  https://www.siphub.com
On 06.09.2024 15:22, Santi Antón wrote:
Hello,

I’m using pike module with this module configuration.

loadmodule "pike.so"
modparam("pike", "sampling_time_unit", 5)
modparam("pike", "reqs_density_per_unit", 10)
modparam("pike", "remove_latency", 3600)

The module detects the DoS, but 6-8 seconds later unblock the source IP when it is set to last 1h, where I’m going wrong?
I’ve tried different “remove_latency” values with the same results.
The log shows it.

Sep  5 18:30:32 voiptfm /usr/sbin/opensips[660915]: INFO:PIKE - BLOCKing ip 172.16.53.12, node=0x7f93ec486bc8
Sep  5 18:30:38 voiptfm /usr/sbin/opensips[660934]: INFO:PIKE - UNBLOCKing node 0x7f93ec486bc8

Sep  5 18:30:55 voiptfm /usr/sbin/opensips[660916]: INFO:PIKE - BLOCKing ip 172.16.53.12, node=0x7f93ec486bc8
Sep  5 18:31:03 voiptfm /usr/sbin/opensips[660934]: INFO:PIKE - UNBLOCKing node 0x7f93ec486bc8

Sep  6 13:36:08 voiptfm /usr/sbin/opensips[669077]: INFO:PIKE - BLOCKing ip 172.16.53.12, node=0x7f2727f97448
Sep  6 13:36:13 voiptfm /usr/sbin/opensips[669092]: INFO:PIKE - UNBLOCKing node 0x7f2727f97448


Salutacions/Saludos,

[cid:image001.jpg at 01DB14B7.17153C80]





Santi Antón
Responsable de operaciones
Tel. 902 520 520 - Ext. 106
santi.anton at quarea.com<mailto:santi.anton at quarea.com>






902 520 520
www.quarea.com<http://www.quarea.com/>
Quarea ITC Management & Consulting
Su experto en Redes Voz-Datos IP:
Asterisk, Cisco, Polycom, Sangoma












En compliment del que es disposa en l'article 13 del Reglament (UE) 2016/679, relatiu a la Protecció de Dades de Caràcter Personal, QUAREA ITC MANAGEMENT & CONSULTING, SL garanteix la confidencialitat de les dades personals dels seus clients. Li comuniquem que la seva adreça de correu electrònic forma part d'una base de dades gestionada sota la responsabilitat de QUAREA ITC MANAGEMENT & CONSULTING, SL, amb l'única finalitat de prestar-li els serveis per vostè sol·licitats, per la seva condició de client, proveïdor, o perquè ens hagi sol·licitat informació en algun moment. Les dades seran conservades durant el temps necessari per poder prestar-li els nostres serveis i complir amb les nostres obligacions legals. És voluntat de QUAREA ITC MANAGEMENT & CONSULTING, SL, evitar l'enviament deliberat de correu no sol·licitat, per la qual cosa podrà a tot moment, exercitar els seus drets d'accés, rectificació, supressió, limitació del seu tractament, oposició i portabilitat de les seves dades de caràcter personal mitjançant el correu electrònic infodat at quarea.com<mailto:infodat at quarea.com>

En cumplimiento de lo dispuesto en el artículo 13 del Reglamento (UE) 2016/679, relativo a la Protección de Datos de Carácter Personal, QUAREA ITC MANAGEMENT & CONSULTING, SL garantiza la confidencialidad de los datos personales de sus clientes. Le comunicamos que su dirección de correo electrónico forma parte de una base de datos gestionada bajo la responsabilidad de QUAREA ITC MANAGEMENT & CONSULTING, SL, con la única finalidad de prestarle los servicios por usted solicitados, por su condición de cliente, proveedor, o porque nos haya solicitado información en algún momento. Los datos serán conservados durante el tiempo necesario para poder prestarle nuestros servicios y cumplir con nuestras obligaciones legales. Es voluntad de QUAREA ITC MANAGEMENT & CONSULTING, SL, evitar el envío deliberado de correo no solicitado, por lo cual podrá en todo momento, ejercitar sus derechos de acceso, rectificación, supresión, limitación de su tratamiento, oposición y portabilidad de sus datos de carácter personal mediante el correo electrónico infodat at quarea.com<mailto:infodat at quarea.com>

In compliance with the provisions of Article 13 of Regulation (EU) 2016/679, regarding the Protection of Personal Data, QUAREA ITC MANAGEMENT & CONSULTING, SL guarantees the confidentiality of the personal data of his customers. We inform you that your email address is part of a managed database under the responsibility of QUAREA ITC MANAGEMENT & CONSULTING, SL, for the sole purpose of providing the services requested by you, as a client, supplier, or because we have requested information at some time. The data will be kept for the time necessary to provide our services and comply with our legal obligations. It is the will of QUAREA ITC MANAGEMENT & CONSULTING, SL, to avoid the deliberate sending of unsolicited mail, so that it may, at any time, exercise your rights of access, rectification, removal, limitation of his treatment, opposition and portability of his personal data through the email infodat at quarea.com<mailto:infodat at quarea.com>




_______________________________________________

Users mailing list

Users at lists.opensips.org<mailto:Users at lists.opensips.org>

http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20241002/dee6be14/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 7811 bytes
Desc: image001.jpg
URL: <http://lists.opensips.org/pipermail/users/attachments/20241002/dee6be14/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 166 bytes
Desc: image002.png
URL: <http://lists.opensips.org/pipermail/users/attachments/20241002/dee6be14/attachment-0001.png>


More information about the Users mailing list