[SR-Dev] Will SIP-Router handle better TCP childs avoiding blocking?
Iñaki Baz Castillo
ibc at aliax.net
Mon Mar 2 23:49:02 CET 2009
Hi, a current limitation in Kamailio (and AFAIK also in SER) is that TCP
childs block waiting for the connection being established or ended.
For example, if we run Kamailio with "tcp_children=8" and receive 8 "hacked"
INVITE's via UDP like:
INVITE sip:hello at non.responding.host1;transport=TCP SIP/2.0
INVITE sip:hello at non.responding.host2;transport=TCP SIP/2.0
INVITE sip:hello at non.responding.host3;transport=TCP SIP/2.0
...
INVITE sip:hello at non.responding.host2;transport=TCP SIP/2.0
then Kamailio will have all their TCP childs busy waiting for 8 outgoing TCP
connections to timeout. If a new request requires TCP it must wait for long
time until one of the TCP childs becomes available.
Of course this can be very easily hackeable by an attacker.
To improve it, a TCP child should not block waiting for the TCP connection to
end.
Perhaps I'm wrong (I will check it in a testing escenario soon). If not, is it
planned to improve it?
Thanks a lot.
--
Iñaki Baz Castillo
More information about the sr-dev
mailing list