sipwise
/
kamailio
mirror of https://github.com/sipwise/kamailio.git
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fa39cc9fbe'
${ noResults }
kamailio/modules_s/pike/doc/devel.xml

82 lines
2.6 KiB
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<section id="pike.devel" xmlns:xi="http://www.w3.org/2001/XInclude">
<sectioninfo>
</sectioninfo>
<title>Developer's Guide</title>
<para>
One single tree (for both IPv4 and IPv6) is used. Each node contains a
byte, the IP addresses stretching from root to the leafs.
</para>
<example>
<title>Tree of IP addresses</title>
<programlisting>
/ 193 - 175 - 132 - 164
tree root / \ 142
\ 195 - 37 - 78 - 163
\ 79 - 134
</programlisting>
</example>
<para>
To detect the whole address, step by step, from the root to the leafs,
the nodes corresponding to each byte of the ip address are expanded. In
order to be expended a node has to be hit for a given number of times
(possible by different addresses; in the previous example, the node
"37" was expanded by the 195.37.78.163 and 195.37.79.134 hits).
</para>
<para>
For 193.175.132.164 with x= reqs_density_per_unit:
</para>
<itemizedlist>
<listitem>
<para>
After first req hits -> the "193" node is built.
</para>
</listitem>
<listitem>
<para>
After x more hits, the "175" node is build; the
hits of "193" node are split between itself and
its child--both of them gone have x/2.
</para>
</listitem>
<listitem>
<para>
And so on for node "132" and "164".
</para>
</listitem>
<listitem>
<para>
Once "164" build the entire address can be found
in the tree. "164" becomes a leaf. After it will
be hit as a leaf for x times, it will become "RED"
(further request from this address will be blocked).
</para>
</listitem>
</itemizedlist>
<para>
So, to build and block this address were needed 3*x hits. Now, if reqs
start coming from 193.175.132.142, the first 3 bytes are already in the
tree (they are shared with the previous address), so I will need only x
hits (to build node "142" and to make it "RED") to make this address
also to be blocked. This is the reason for the variable number of hits
necessary to block an IP.
</para>
<para>
The maximum number of hits to turn an address red are (n is the
address's number of bytes):
</para>
<para>
1 (first byte) + x (second byte) + (x / 2) * (n - 2) (for the rest of
the bytes) + (n - 1) (to turn the node to red).
</para>
<para>
So, for IPv4 (n = 4) will be 3x and for IPv6 (n = 16) will be 9x. The
minimum number of hits to turn an address red is x.
</para>
</section>
Reference in new issue View Git Blame Copy Permalink