[ http://tracker.iptel.org/browse/SER-36?page=all ]
Pavel Kasparek updated SER-36: ------------------------------
Comment: was deleted
Major deficiency of authentication module
Key: SER-36 URL: http://tracker.iptel.org/browse/SER-36 Project: SER Issue Type: Improvement Components: Digest AuthenticationAffects Versions: Wishlist Reporter: Jan Janak Assigned To: Jan Janak Attachments: auth.diff
Folks, I've found that in some cases auth module performs very poorly. Namely in the cases when authentication is either time-consuming and/or expensive to perform. For example in the case when authentication is done using Radius while SER and Radius server is not on the same LAN. In such cases it is quite possible that due to delay UA will make several retransmits of REGISTER message, which due to the fact that REGISTER transactions are processes statelessly will block appropriate amount of SER childs and trigger appropriate amount of independent Radius auth requests, thus considerably increasing load of SER and Radius server. The same will happen in the case of auth DB module with remote DB server or even in the case when udp round-trip delay between SER and UA is more than 400-500 ms. It is logical to use statefull processing in such cases, but since usage of sl_send_reply is currently hardcoded in the registrar and auth modules, it is impossible to do that. Attached patch solves this problem by introducing new variable use_tm, which if set to 1 instructs those modules to use t_reply() instead of sl_send_reply() for generating replies. If there are no objections, I would like to commit it, as if possible merge into rel_0_9_0, since I believe that it is very useful feature. Since it defaults to "off" it should not create any new problems in the default installation. Thanks! Regards, Maxim