<sip> Flood detected

[BigMan200]

Hi,
below, you will find an extract from my /var/log/yate-events/sip.log. This extract covers just 15min., but it is more or less the same for the full time while YATE is running. I am wondering, what the root-cause of those flood events are. I see two options:

• I am getting hacker attacks, who are trying to flood me with requests;
• My server is too weak to handle the workload (I run Yate on a Raspberry Pi, which I believe is pretty cool  );

How can I find our more about the reasons why I have those flood-messages?

Thanks in advance for you support, tips, and tricks!


-------- Extract from /var/log/yate-events/sip.log -------
[....]
2013-12-28_11:37:19.617522 <sip> Flood drop cleared, resumed normal message processing
2013-12-28_11:37:22.562457 <sip> Flood detected, dropping INVITE/REGISTER/SUBSCRIBE/OPTIONS, allowing reINVITES
2013-12-28_11:41:45.981589 <sip> Flood drop cleared, resumed normal message processing
2013-12-28_11:41:46.539817 <sip> Flood detected, dropping INVITE/REGISTER/SUBSCRIBE/OPTIONS, allowing reINVITES
2013-12-28_11:42:37.826860 <sip> Flood drop cleared, resumed normal message processing
2013-12-28_11:42:39.235475 <sip> Flood detected, dropping INVITE/REGISTER/SUBSCRIBE/OPTIONS, allowing reINVITES
2013-12-28_11:43:44.139845 <sip> Flood drop cleared, resumed normal message processing
2013-12-28_11:43:48.624559 <sip> Flood detected, dropping INVITE/REGISTER/SUBSCRIBE/OPTIONS, allowing reINVITES
--------------------------

[Ioana Stanciu]

Hi,

If you didn't alter SIP configuration, you get those warnings when the processing thread has handled more than 100 SIP events (messages) in a row without emptying its processing queue. This can happen because of the options you mentioned.

Please take a look at the floodevents configuration setting in ysipchan.conf sample for further explanation and in order to tweak the setting as to not generate so many warnings if it's caused by slow processing.