mirror of https://github.com/sipwise/kamailio.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
169 lines
4.6 KiB
169 lines
4.6 KiB
Blst Module - Blacklist Management
|
|
|
|
Andrei Pelinescu-Onciul
|
|
|
|
iptelorg GmbH
|
|
|
|
Copyright © 2007 iptelorg GmbH
|
|
__________________________________________________________________
|
|
|
|
Table of Contents
|
|
|
|
1. Admin Guide
|
|
|
|
1. Overview
|
|
2. Functions
|
|
|
|
2.1. blst_add([timeout])
|
|
2.2. blst_add_retry_after(min, max)
|
|
2.3. blst_del()
|
|
2.4. blst_is_blacklisted()
|
|
2.5. blst_set_ignore([flags])
|
|
2.6. blst_rpl_set_ignore([flags])
|
|
2.7. blst_clear_ignore([flags])
|
|
2.8. blst_rpl_clear_ignore([flags])
|
|
|
|
List of Examples
|
|
|
|
1.1. blst_add usage
|
|
1.2. blst_add_retry_after usage
|
|
1.3. blst_del usage
|
|
1.4. blst_is_blacklisted usage
|
|
1.5. blst_set_ignore usage
|
|
1.6. blst_clear_ignore usage
|
|
|
|
Chapter 1. Admin Guide
|
|
|
|
Table of Contents
|
|
|
|
1. Overview
|
|
2. Functions
|
|
|
|
2.1. blst_add([timeout])
|
|
2.2. blst_add_retry_after(min, max)
|
|
2.3. blst_del()
|
|
2.4. blst_is_blacklisted()
|
|
2.5. blst_set_ignore([flags])
|
|
2.6. blst_rpl_set_ignore([flags])
|
|
2.7. blst_clear_ignore([flags])
|
|
2.8. blst_rpl_clear_ignore([flags])
|
|
|
|
1. Overview
|
|
|
|
This module exports blacklist related functions to the script.
|
|
|
|
2. Functions
|
|
|
|
2.1. blst_add([timeout])
|
|
2.2. blst_add_retry_after(min, max)
|
|
2.3. blst_del()
|
|
2.4. blst_is_blacklisted()
|
|
2.5. blst_set_ignore([flags])
|
|
2.6. blst_rpl_set_ignore([flags])
|
|
2.7. blst_clear_ignore([flags])
|
|
2.8. blst_rpl_clear_ignore([flags])
|
|
|
|
2.1. blst_add([timeout])
|
|
|
|
Adds the source of the current message to the blacklist for timeout
|
|
seconds. If timeout is missing or 0 it uses the default blacklist
|
|
timeout (dst_blacklist_expire).
|
|
|
|
Example 1.1. blst_add usage
|
|
...
|
|
if (src_ip==10.0.0.0/9)
|
|
blst_add(30); # 30 s
|
|
else
|
|
blst_add(); # use default blacklist timeout
|
|
...
|
|
|
|
2.2. blst_add_retry_after(min, max)
|
|
|
|
Adds the source of the current message to the blacklist for the time
|
|
interval specified in the Retry-After header. If the Retry-After header
|
|
is missing, it will fail (returns false). If the Retry-After value is
|
|
less than min, then min seconds will be used instead. If the
|
|
Retry-After value is greater than max, then max seconds will be used
|
|
instead.
|
|
|
|
Example 1.2. blst_add_retry_after usage
|
|
...
|
|
# on_reply route
|
|
if (msg_status==503){ # blacklist 503 source for Retry-After seconds
|
|
if (! blst_add_retry_after(30, 3600))
|
|
blst_add(60); # if no retry_after header add it for 60s
|
|
}
|
|
...
|
|
|
|
2.3. blst_del()
|
|
|
|
Removes the source of the current message from the blacklist. If the
|
|
address is not present in the blacklist at the time of the call it
|
|
returns false.
|
|
|
|
Example 1.3. blst_del usage
|
|
...
|
|
blst_del();
|
|
...
|
|
|
|
2.4. blst_is_blacklisted()
|
|
|
|
Returns true if the source of the current message is blacklisted.
|
|
|
|
Example 1.4. blst_is_blacklisted usage
|
|
...
|
|
if (blst_is_blacklisted()){
|
|
log("message from a blacklisted source");
|
|
drop;
|
|
}
|
|
...
|
|
|
|
2.5. blst_set_ignore([flags])
|
|
|
|
Set errors that will not be taken into account when deciding whether to
|
|
blacklist a destination for the current message or a local reply to the
|
|
current message.
|
|
|
|
blst_set_ignore(..) works for forwarding the current message and
|
|
blst_rpl_set_ignore(...) works for local replies to the current
|
|
message.
|
|
|
|
The variants of these functions with no parameters will ignore
|
|
everything (equivalent to passing 0xff).
|
|
|
|
The flags are stored internally as a bitmask, and are applied by
|
|
bitwise ANDing them together. The following flags are available:
|
|
* 0x02 - generic send error (send denied/ failed).
|
|
* 0x04 - connect failed (TCP, TLS or SCTP).
|
|
* 0x08 - ICMP error (not currently used).
|
|
* 0x10 - SIP transaction timeout.
|
|
* 0x20 - 503 reply (statefull mode only). For more details see
|
|
tmblst_503.
|
|
|
|
Note
|
|
|
|
TCP and TLS send and connect errors are handled per connection and not
|
|
per message. The connection blacklist ignore flags are inherithed from
|
|
the message that caused the connection establishment.
|
|
|
|
Example 1.5. blst_set_ignore usage
|
|
blst_set_ignore(6); # ignore send and connect errors
|
|
|
|
2.6. blst_rpl_set_ignore([flags])
|
|
|
|
See function blst_set_ignore([flags]).
|
|
|
|
2.7. blst_clear_ignore([flags])
|
|
|
|
Clears blacklist ignore flags previously set by the corresponding
|
|
blst_set_ignore(...) or blst_rpl_set_ignore(...) functions.
|
|
|
|
See also blst_set_ignore.
|
|
|
|
Example 1.6. blst_clear_ignore usage
|
|
blst_clear_ignore(4); # ignore connect errors
|
|
|
|
2.8. blst_rpl_clear_ignore([flags])
|
|
|
|
See function blst_clear_ignore([flags]).
|