[OpenSIPS-Users] Pike question about flood attack
Eric Tamme
eric at uphreak.com
Thu Feb 19 15:01:42 CET 2015
The automatic mode is much more efficient. It triggers in pre-recieve
callbacks before any message parsing is even done. In automatic mode
you would simply say if(ip==trusted){drop;} in your pike route block.
Automatic mode will also trigger on replies.
Basically - you should use automatic mode and not be concerned about the
performance as it is definitely faster than manual mode.
-Eric
On 02/19/2015 01:49 AM, John Nash wrote:
> As per documentation pike module can be implemented manual as well as
> automatic. The way I understand it manual mode will not monitor (Not
> even queue) packets for which "pike_check_req()" is not called and it
> gives performance advantage as we can skip this call for trusted IPs.
>
> First of all is my understanding correct? Or each request packet will
> be queued but we will know if a source IP exceeds threshold only when
> we call "pike_check_req()"?
>
>
> Second thing is what about replies, is there any way to monitor in
> manual mode?
>
> I really like automatic mode but only am trying to avoid it because I
> do not want trusted sources to be monitored.
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150219/ebb2cda4/attachment.htm>
More information about the Users
mailing list