[OpenSIPS-Users] Pike question about flood attack

Eric Tamme eric at uphreak.com
Thu Feb 19 15:01:42 CET 2015


The automatic mode is much more efficient.  It triggers in pre-recieve 
callbacks before any message parsing is even done.  In automatic mode 
you would simply say if(ip==trusted){drop;} in your pike route block.

Automatic mode will also trigger on replies.

Basically - you should use automatic mode and not be concerned about the 
performance as it is definitely faster than manual mode.

-Eric


On 02/19/2015 01:49 AM, John Nash wrote:
> As per documentation pike module can be implemented manual as well as 
> automatic. The way I understand it manual mode will not monitor (Not 
> even queue) packets for which "pike_check_req()" is not called and it 
> gives performance advantage as we can skip this call for trusted IPs.
>
> First of all is my understanding correct? Or each request packet will 
> be queued but we will know if a source IP exceeds threshold only when 
> we call "pike_check_req()"?
>
>
> Second thing is what about replies, is there any way to monitor in 
> manual mode?
>
> I really like automatic mode but only am trying  to avoid it because I 
> do not want trusted sources to be monitored.
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150219/ebb2cda4/attachment.htm>


More information about the Users mailing list