kamailio.cfg: added flood detection

- can be enabled via #!define WITH_ANTIFLOOD
- uses pike to detect flood and htable to ban the IP for a while

etc/kamailio.cfg

@@ -59,6 +59,11 @@
 #     - adjust CFGDIR/tls.cfg as needed
 #     - define WITH_TLS
 #
+# *** To enable anti-flood detection execute:
+#     - adjust pike and htable=>ipban settings as needed (default is
+#       block if more than 16 requests in 2 seconds and ban for 300 seconds)
+#     - define WITH_ANTIFLOOD
+#
 # *** To enhance accounting execute:
 #     - enable mysql
 #     - define WITH_ACCDB
@@ -223,6 +228,11 @@ loadmodule "rtpproxy.so"
 loadmodule "tls.so"
 #!endif
 
+#!ifdef WITH_ANTIFLOOD
+loadmodule "htable.so"
+loadmodule "pike.so"
+#!endif
+
 # ----------------- setting module-specific parameters ---------------
 
 
@@ -353,6 +363,16 @@ modparam("usrloc", "nat_bflag", FLB_NATB)
 modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
 #!endif
 
+#!ifdef WITH_ANTIFLOOD
+# ----- pike params -----
+modparam("pike", "sampling_time_unit", 2)
+modparam("pike", "reqs_density_per_unit", 16)
+modparam("pike", "remove_latency", 4)
+
+# ----- htable params -----
+# ip ban htable with autoexpire after 5 minutes
+modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
+#!endif
 
 ####### Routing Logic ########
 
@@ -450,6 +470,27 @@ route[RELAY] {
 
 # Per SIP request initial checks
 route[REQINIT] {
+#!ifdef WITH_ANTIFLOOD
+	# flood dection from same IP and traffic ban for a while
+	# be sure you exclude checking trusted peers, such as pstn gateways
+	# - local host excluded (e.g., loop to self)
+	if(src_ip!=myself)
+	{
+		if($sht(ipban=>$si)!=$null)
+		{
+			# ip is already blocked
+			xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
+			exit;
+		}
+		if (!pike_check_req())
+		{
+			xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
+			$sht(ipban=>$si) = 1;
+			exit;
+		}
+	}
+#!endif
+
 	if (!mf_process_maxfwd_header("10")) {
 		sl_send_reply("483","Too Many Hops");
 		exit;