[SR-Users] provoke delay?

Daniel-Constantin Mierla miconda at gmail.com
Tue Oct 26 17:42:26 CEST 2010 


On 10/26/10 5:34 PM, "Nicolas Rüger" wrote:
> Hello,
>
> thank you. I see the problem with the worker processes now. I had a look at PIKE module and RATELIMIT module as well.
>
> My idea was to delay the call WITHOUT sending any reply-message to the caller, as I wanted to save performance and I can identify suspicios users by a reputation that I compute before.
>
> It seems the only way to do so, might be to store the INVITE information somewhere and keep on routing it again after a certain timeout.
>
> Do you agree?
there is support in the code to suspend the transaction and resume the 
processing, iirc, look in tm module for t_suspend() function.

Right now you can do following:
- set timeout to 30 sec
- set failure route timeout
- send the invite via udp to a invalid destination (e.g., your ip port 9)
- when the 30sec will pass, the failure route timeout will be executed 
and you can do further routing.

Drawbacks - for the 30sec tm will do retransmission. To avoid that, run 
another kamailio on a different port where you send the invite and reply 
back 100 trying so first kamailio stops the retransmission.

Cheers,
Daniel
> Regards,
>
> Nicolas
>
>
>> On 10/26/2010 05:09 PM, Alex Balashov wrote:
>>> Pike or ratelimit modules may facilitate this; otherwise, no.
>>>>
>
>> Hello, It is not a good design practice to do it synchronously, mainly
>> because the worker process will remain blocked for 30s . Imagine an
>> attacker sending 30 requests and DoS the whole server , because of the
>> limited number of worker process (not to mention that 30s delay means
>> retrasmits from the TM layer- so these need to be handled by tm before
>> the "sleep").
>>
>> Anyway I wouldn't recommend a design like this.  As others suggested
>> pike and ratelimite (mostly ratelimit) will allow you to drop calls from
>> attackers. You could add a Retry-After header so to inform a normal UA
>> to retry the request after a number of seconds.
>>
>> Marius

-- 
Daniel-Constantin Mierla
http://www.asipto.com

More information about the sr-users mailing list