Hello,

On 15.05.24 22:09, H Yavari via sr-users wrote:
Hi all,

I was reviewing the `ims_ipsec_pcscf` code and noticed that this module creates a pool of sockets using different ports (ipsec_max_connections). I'm unclear on the necessity of this approach. Can't we simply create one server listener and one client listener to handle all UE connections? If this is feasible, is there still a need to create the pool at startup?

I'm curious if this is due to an architectural limitation or if the IPSec module can be modified to replace the current implementation with a more efficient one.

technically it is no restriction to have one client socket and one server socket. I am not much active in the VoLTE or VoNR, although I played lately with the later, but from some past discussions I understood that the specs suggest/recommend this approach with a pool of sockets -- I haven't read the specs to confirm personally if that's the case.

Anyhow, during the OSMNT'24 and KamailioWorld'24 conferences, I had discussions with some participants interested in the topic and switching to (or adding the option of) single client/server socket was considered to be done in the future.

For now, if you are concerned of using too many resources due to many children processes, you can use development version (git master branch) where you have the option to have threads for receiving traffic on UDP sockets, with a single pool of processes to handle the UDP SIP traffic:

  - https://www.kamailio.org/wikidocs/cookbooks/devel/core/#udp_receiver_mode

Or, even better, if you can develop the code for having single client/server socket, just do it and make a PR.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com