Commit a99188eb authored by Sylvain Berfini's avatar Sylvain Berfini 🎩
Browse files

Added dos test on flexisip suite & updated flexisip.conf

parent 54b161f8
......@@ -60,31 +60,35 @@ bind-address=0.0.0.0
# Default value: 3478
port=3478
##
## DOS protection parameters.
## This module bans user when they are sending too much packets on
## a given timelapse
##
[dos-protection]
# Enable or disable DOS protection using IPTables firewall.
# Default value: false
enabled=false
[module::DoS]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# List of whitelist IPs which won't be affected by DOS protection.
# Default value: 127.0.0.1
authorized-ip=127.0.0.1
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Local ports to protect.
# Default value: 5060
port=5060
# Number of milliseconds to calculate the packet rate
# Default value: 1000
time-period=1000
# Time (in seconds) while an IP have to not send any packet in order
# to leave the blacklist.
# Default value: 60
ban-duration=60
# Maximum packet rate received in [time-period] millisecond(s) to
# consider to consider it a DoS attack.
# Default value: 5
packet-rate-limit=5
# Number of packets authorized in 1sec before considering them as
# DOS attack.
# Default value: 20
packets-limit=20
# Number of minutes to ban the ip/port using iptables
# Default value: 1
ban-time=1
##
......@@ -273,10 +277,6 @@ fork-late=true
call-fork-timeout=20
# Only forward one response of forked invite to the caller
# Default value: true
fork-one-response=true
# All the forked have to decline in order to decline the caller
# invite
# Default value: false
......@@ -544,3 +544,5 @@ filter=
# Default value:
collector-address=sip:collector@sip.example.org
......@@ -858,6 +858,43 @@ static void file_transfer_message_external_body_to_rcs_client(void) {
linphone_core_manager_destroy(pauline);
}
static void dos_module_trigger(void) {
char *to;
LinphoneChatRoom *chat_room;
int i = 0;
int number_of_messge_to_send = 100;
LinphoneCoreManager* marie = linphone_core_manager_new("marie_rc");
LinphoneCoreManager* pauline = linphone_core_manager_new("pauline_rc");
reset_counters(&marie->stat);
reset_counters(&pauline->stat);
to = linphone_address_as_string(marie->identity);
chat_room = linphone_core_create_chat_room(pauline->lc,to);
do {
char msg[128];
sprintf(msg, "Flood message number %i", i);
linphone_chat_room_send_message(chat_room, msg);
ms_usleep(100000);
i++;
} while (i < number_of_messge_to_send);
// At this point we should be banned for a minute
ms_usleep(90000000); // Wait 90 seconds to ensure we are not banned anymore
CU_ASSERT_TRUE(marie->stat.number_of_LinphoneMessageReceived < number_of_messge_to_send);
reset_counters(&marie->stat);
reset_counters(&pauline->stat);
linphone_chat_room_send_message(chat_room, "This one should pass through");
CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&marie->stat.number_of_LinphoneMessageReceived, 1));
linphone_core_manager_destroy(marie);
linphone_core_manager_destroy(pauline);
ms_free(to);
}
test_t flexisip_tests[] = {
{ "Subscribe forking", subscribe_forking },
{ "Message forking", message_forking },
......@@ -877,7 +914,8 @@ test_t flexisip_tests[] = {
{ "Call with ipv6", call_with_ipv6 },
{ "File transfer message rcs to external body client", file_transfer_message_rcs_to_external_body_client },
{ "File transfer message external body to rcs client", file_transfer_message_external_body_to_rcs_client },
{ "File transfer message external body to external body client", file_transfer_message_external_body_to_external_body_client }
{ "File transfer message external body to external body client", file_transfer_message_external_body_to_external_body_client },
{ "DoS module trigger by sending a lot of chat messages", dos_module_trigger }
};
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment