Hi, a current limitation in Kamailio (and AFAIK also in SER) is that TCP childs block waiting for the connection being established or ended.
For example, if we run Kamailio with "tcp_children=8" and receive 8 "hacked" INVITE's via UDP like:
INVITE sip:hello@non.responding.host1;transport=TCP SIP/2.0 INVITE sip:hello@non.responding.host2;transport=TCP SIP/2.0 INVITE sip:hello@non.responding.host3;transport=TCP SIP/2.0 ... INVITE sip:hello@non.responding.host2;transport=TCP SIP/2.0
then Kamailio will have all their TCP childs busy waiting for 8 outgoing TCP connections to timeout. If a new request requires TCP it must wait for long time until one of the TCP childs becomes available.
Of course this can be very easily hackeable by an attacker.
To improve it, a TCP child should not block waiting for the TCP connection to end.
Perhaps I'm wrong (I will check it in a testing escenario soon). If not, is it planned to improve it?
Thanks a lot.