22 Aug
2013
22 Aug
'13
8:39 a.m.
Daniel-Constantin Mierla writes:
I backported the patch for the log message and now I
pushed a patch that
executes event_route[core:receive-parse-error] in such case as well,
allowing for config interaction. Can you give it a test, I had no time
to do it so far and have to go for a while. Otherwise I will do it
sometimes soon.
daniel,
i tried with sipp by leaving out linefeed from request line:
INVITE sip:[service]@test.tutpro.com:[remote_port] SIP/2.0 Via: SIP/2.0/[transport]
[local_ip]:[local_port];branch=[branch]
and event_route:
event_route[core:receive-parse-error] { # Handle message with core syntax error
xlog("L_NOTICE", "Request from <$var(src_ip)> has invalid core
syntax\n");
}
was NOT executed:
Aug 22 15:32:40 siika /usr/sbin/sip-proxy[3428]: INFO: <core>
[parser/parse_fline.c:229]: parse_first_line(): ERROR:parse_first_line: bad request first
line
Aug 22 15:32:40 siika /usr/sbin/sip-proxy[3428]: INFO: <core>
[parser/parse_fline.c:231]: parse_first_line(): ERROR: at line 0 char 42:
Aug 22 15:32:40 siika /usr/sbin/sip-proxy[3428]: INFO: <core>
[parser/parse_fline.c:237]: parse_first_line(): ERROR: parsed so far: INVITE
sip:jh@test.tutpro.com:5060 SIP/2.0
Aug 22 15:32:40 siika /usr/sbin/sip-proxy[3428]: INFO: <core>
[parser/parse_fline.c:242]: parse_first_line(): ERROR:parse_first_line: bad message
Aug 22 15:32:40 siika /usr/sbin/sip-proxy[3428]: ERROR: <core>
[parser/msg_parser.c:705]: parse_msg(): ERROR: parse_msg: message=<INVITE
sip:jh@test.tutpro.com:5060 SIP/2.0 Via: SIP/2.0/UDP
192.98.102.10:5062;branch=z9hG4bK-3799-1-0#015#012From: sipp
<sip:sipp@192.98.102.10:5062>;tag=3799SIPpTag001#015#012To: sut
<sip:jh@test.tutpro.com>#015#012Call-ID: 1-3799(a)192.98.102.10#015#012CSeq: 1
INVITE#015#012Contact: sip:sipp@192.98.102.10:5062#015#012Max-Forwards: 70#015#012Subject:
Performance Test#015#012Content-Type: application/sdp#015#012Content-Length:
137#015#012#015#012v=0#015#012o=user1 53655765 2353687637 IN IP4
192.98.102.10#015#012s=-#015#012c=IN IP4 192.98.102.10#015#012t=0 0#015#012m=audio 6000
RTP/AVP 0#015#012a=rtpmap:0 PCMU/8000#015#012>
Aug 22 15:32:40 siika /usr/sbin/sip-proxy[3428]: ERROR: <core> [receive.c:148]:
receive_msg(): core parsing of SIP message failed (192.98.102.10:5062/1)
after the last line, i would expect that event route is executed:
if (parse_msg(buf,len, msg)!=0){
LOG(cfg_get(core, core_cfg, corelog),
"core parsing of SIP message failed (%s:%d/%d)\n",
ip_addr2a(&msg->rcv.src_ip), (int)msg->rcv.src_port,
(int)msg->rcv.proto);
sr_core_ert_run(msg, SR_CORE_ERT_RECEIVE_PARSE_ERROR);
goto error02;
}
but it is not.
also, as you see in above, a syntax error produced awfully lot of
messages to syslog, which is good for attacker. is it possible to turn
some of them to debugs (e.g. the one that prints the whole message)?
-- juha