<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
On 11/22/11 8:56 PM, Ricardo Martinez wrote:
<blockquote
cite="mid:ce5dfddf6161d6404211d9ea37ae348c@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EstiloCorreo17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hello list.</span></p>
<p class="MsoNormal"><span lang="EN-US">I’m having some issues
with the Kamailio versión 3.2.0.</span></p>
<p class="MsoNormal"><span lang="EN-US">I want to ask if someone
could give some hints how to optimize the performance of my
kamailio server. For some reason and from time to time the
kamailio process start to answer slower than usual, making
calls fail and register expires. I’m still unable to detect
the problem, but I want to know of maybe i´m running my
kamailio not under the best conditions.</span></p>
<p class="MsoNormal"><span lang="EN-US">This is part of my
configuration :<br>
<br>
</span></p>
<p class="MsoNormal"><span lang="EN-US"> #!KAMAILIO</span></p>
<p class="MsoNormal"><span lang="EN-US">#!define FLT_NATS 5</span></p>
<p class="MsoNormal"><span lang="EN-US">#!define FLB_NATB 6</span></p>
<p class="MsoNormal"><span lang="EN-US">#!define FLB_NATSIPPING
7</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"># ----------- global
configuration parameters ------------------------</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">debug=2 # debug level
(cmd line: -dddddddddd)</span></p>
<p class="MsoNormal"><span lang="EN-US">fork=yes</span></p>
<p class="MsoNormal">
<span lang="EN-US">log_stderror=no # (cmd line: -E)</span></p>
<p class="MsoNormal"><span lang="EN-US">log_facility=LOG_LOCAL0</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">children=16</span></p>
<p class="MsoNormal"><span lang="EN-US">port=5060</span></p>
<p class="MsoNormal"><span lang="EN-US">memdbg=9</span></p>
<p class="MsoNormal"><span lang="EN-US">memlog=9</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">listen=udp:10.0.10:5060</span></p>
<p class="MsoNormal"><span lang="EN-US">disable_tcp=yes</span></p>
<p class="MsoNormal"><span lang="EN-US">server_signature=0</span></p>
<p class="MsoNormal"><span lang="EN-US">port=5060</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"># -----------------
setting module-specific parameters ---------------</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">## modparam("registrar",
"received_avp", "$avp(s:rcv)")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("usrloc",
"db_mode", 1)</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("auth_db",
"calculate_ha1", 1)</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("auth_db",
"password_column", "password")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("rr",
"enable_full_lr", 1)</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("auth_db|permissions|uri_db|usrloc","db_url","mysql://openser:openserrw@localhost/openser")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("permissions",
"db_mode", 1)</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("permissions",
"trusted_table", "trusted")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("avpops",
"db_url", "mysql://openser:openserrw@localhost/openser")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("avpops",
"avp_table", "usr_preferences")</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("domain",
"db_mode", 1)</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal">
<span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"># ----- nathelper params
-----</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("nathelper",
"natping_interval", 20)</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("nathelper",
"ping_nated_only", 1)</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("nathelper",
"sipping_bflag", FLB_NATSIPPING)</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("nathelper",
"sipping_from", "<a moz-do-not-send="true"
href="mailto:sip%3Apinger@kamailio.org">sip:pinger@kamailio.org</a>")</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"># params needed for NAT
traversal in other modules</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("nathelper|registrar",
"received_avp", "$avp(RECEIVED)")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("usrloc",
"nat_bflag", FLB_NATB)</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("nathelper","natping_interval",
20)</span></p>
<p class="MsoNormal"><span lang="EN-US">##
modparam("nathelper","received_avp", "$avp(i:42)")</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("mediaproxy","mediaproxy_socket",
"/var/run/mediaproxy/dispatcher.sock")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("mediaproxy",
"signaling_ip_avp", "$avp(s:signaling_ip)")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("registrar|nathelper",
"received_avp", "$avp(i:80)")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("mi_fifo",
"fifo_name", "/tmp/kamailio_fifo")</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">#modparam("tm",
"fr_timer", 3)</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"># ------ dialog params
-------</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("dialog",
"dlg_flag", 4)</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("dialog",
"profiles_with_value", "caller")</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"># ------ pike params
--------</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("pike",
"sampling_time_unit", 2)</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("pike",
"reqs_density_per_unit", 25)</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("pike",
"remove_latency", 4)</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"># ------ rr params
--------</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("rr",
"enable_full_lr", 1)</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"># ----- misc_radius params -----</p>
<p class="MsoNormal">
<span lang="EN-US">modparam("misc_radius", "radius_config",
"/usr/local/etc/radiusclient-ng/radiusclient.conf")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("misc_radius",
"caller_service_type", 18)</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("misc_radius",
"callee_service_type", 19)</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("misc_radius",
"caller_extra", "Called-Station-Id=$ru")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("misc_radius",
"callee_extra", "Called-Station-Id=$fu")</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"># ---- htable param
---------</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("htable",
"htable", "a=>size=8;")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("htable",
"htable", "ipban=>size=8;autoexpire=300;")</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("rtimer",
"timer", "name=tst;interval=300;mode=1;")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("rtimer",
"exec", "timer=tst;route=STATS")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("sqlops","sqlcon",</span></p>
<p class="MsoNormal"><span lang="EN-US">
"ca=>mysql://openser:openserrw@localhost/openser")</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">#------ uac
---------------</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("uac","rr_store_param","my_param")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("uac","from_restore_mode","auto")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("uac","auth_realm_avp","$avp(i:10)")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("uac","auth_username_avp","$avp(i:11)")</span></p>
<p class="MsoNormal"><span lang="EN-US">modparam("uac","auth_password_avp","$avp(i:12)")</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Beside of this I have
syslogd in asyn mode…</span></p>
<p class="MsoNormal"><span lang="EN-US">This is the info of the
kamailio –V</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">version: kamailio 3.2.0
(x86_64/linux) 639f0a</span></p>
<p class="MsoNormal"><span lang="EN-US">flags: STATS: Off,
USE_IPV6, USE_TCP, USE_TLS, TLS_HOOKS, USE_RAW_SOCKS,
DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP,
PKG_MALLOC, DBG_QM_MALLOC, USE_FUTEX,
FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER,
USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES</span></p>
<p class="MsoNormal"><span lang="EN-US">ADAPTIVE_WAIT_LOOPS=1024,
MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE
1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 4MB</span></p>
<p class="MsoNormal"><span lang="EN-US">poll method support:
poll, epoll_lt, epoll_et, sigio_rt, select.</span></p>
<p class="MsoNormal"><span lang="EN-US">id: 639f0a </span></p>
<p class="MsoNormal"><span lang="EN-US">compiled on 11:35:43 Oct
28 2011 with gcc 4.5.1</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal">
<span lang="EN-US">I’m using pike to check flood alerts, but I
have a white list stored in the “user_preference” table :</span></p>
<p class="MsoNormal"><span lang="EN-US">I’m using it like this :
<br>
<br>
</span></p>
<p class="MsoNormal">
<span style="font-size:9.0pt;font-family:Consolas"
lang="EN-US">route[REQINIT] {</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
# flood dection from same IP and traffic ban for a while</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
# be sure you exclude checking trusted peers, such as pstn
gateways</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
# - local host excluded (e.g., loop to self)</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
if( !(avp_db_load("pike", "$avp(ip_origen)") &&
avp_check("$avp(ip_origen)", "eq/$src_ip/gi")) )</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US"> </span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">#+---------+----------+--------+-----------+----------------+------+---------------------+</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">#|
uuid | username | domain | attribute | value |
type | modified |</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">#+---------+----------+--------+-----------+----------------+------+---------------------+</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">#|
pike | | | ip_origen | 10.0.0.44
| 0 | 2008-01-04 13:24:14 | </span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">#|
pike | | | ip_origen | 10.0.0.66
| 0 | 2008-01-04 17:28:59 | </span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US"> {</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
if($sht(ipban=>$si)!=$null)</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
{</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
# ip is already blocked</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
xdbg("request from blocked IP - $rm from $fu
(IP:$si:$sp)\n");</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
exit;</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
}</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
if (!pike_check_req())</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
{</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
xlog("L_ALERT","ALERT: pike blocking $rm from $fu
(IP:$si:$sp)\n");</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
xlog("L_INFO","ALERT: pike blocking from $si\n");</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
$sht(ipban=>$si) = 1;</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
exit;</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
}</span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:Consolas" lang="EN-US">
}</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Is this check method too
slow? Or intensive in mysql access request??</span></p>
</div>
</blockquote>
database access can be a reason for becoming slower. The above
operation does a select of the ip addresses in memory and then an
iteration to match them with source ip.<br>
<br>
You can use benchmark module to try to detect what is slower there
-- you can wrap the cfg snipped above in benchmark execution time
counting.<br>
<br>
IMO, this is not a good solution for preventing DoS, since you hit
database even for each malicious request. I would recommend to use
permissions module with address table to match trusted IP addresses
-- this is doing caching in memory for the list of addresses, thus
being very fast and safe in case of attacks. You can reload the list
of ip addresses at runtime via MI/RPC without a need to restart the
sip server.<br>
<br>
Cheers,<br>
Daniel<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
Kamailio Advanced Training, Dec 5-8, Berlin: <a class="moz-txt-link-freetext" href="http://asipto.com/u/kat">http://asipto.com/u/kat</a>
<a class="moz-txt-link-freetext" href="http://linkedin.com/in/miconda">http://linkedin.com/in/miconda</a> -- <a class="moz-txt-link-freetext" href="http://twitter.com/miconda">http://twitter.com/miconda</a></pre>
</body>
</html>