I recently started seeing this in the logs right after a registration attempt from a user who's a on our system, but is somehow storing contact info for a different username on a different service:
May 25 12:03:52 death ser[22235]: ERROR: warning_builder: buffer size exceeded May 25 12:03:52 death ser[22235]: WARNING: warning skipped -- too big
The register packet that caused it was:
REGISTER sip:proxy.ideasip.com:5060;g_id=17476253781;g_dom=proxy01.sipphone.com SIP/2.0. Record-Route: sip:198.65.XXX.XXX;ftag=31839881;lr. Via: SIP/2.0/UDP 198.65.XXX.XXX;branch=z9hG4bK1033.75ea1c43.0. Via: SIP/2.0/UDP 192.168.1.18:36560;received=69.91.XXX.XXX;branch=z9hG4bK-d87543-5e7fc69802da2376-1--d87543-;rport=33028. Max-Forwards: 69. Contact: sip:1747625XXXX@proxy01.sipphone.com:5060. To: sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com. From: sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com;tag=31839881. Call-ID: 7dffe5df6f2a521a@YW50ZXJvb21lbWFjLmxvY2Fs. CSeq: 40 REGISTER. Expires: 1800. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, INFO, NOTIFY, MESSAGE. Supported: ICE. User-Agent: MacGizmo (Gizmo-s2n1)/1.5. Authorization: Digest username="1101201XXXX",realm="proxy.ideasip.com",nonce="4475d66395235de62215f7d44f9dbafc068050f7",uri="sip:proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com",response="2a56661c46fdac2129de3100014e5753",cnonce="aab804aa999687b7",nc=00000003,qop=auth,algorithm=MD5. Content-Length: 0. P-hint: outbound.
Any idea what's throwing the error and what causes it?
N.
Maybe Request-URI? Look very long and "unnormal". But that's just a guess...
On 5/25/06, sip sip@arcdiv.com wrote:
I recently started seeing this in the logs right after a registration attempt from a user who's a on our system, but is somehow storing contact info for a different username on a different service:
May 25 12:03:52 death ser[22235]: ERROR: warning_builder: buffer size exceeded May 25 12:03:52 death ser[22235]: WARNING: warning skipped -- too big
The register packet that caused it was:
REGISTER sip:proxy.ideasip.com:5060;g_id=17476253781;g_dom=proxy01.sipphone.com SIP/2.0. Record-Route: sip:198.65.XXX.XXX;ftag=31839881;lr. Via: SIP/2.0/UDP 198.65.XXX.XXX;branch=z9hG4bK1033.75ea1c43.0. Via: SIP/2.0/UDP 192.168.1.18:36560;received=69.91.XXX.XXX;branch=z9hG4bK-d87543-5e7fc69802da2376-1--d87543-;rport=33028. Max-Forwards: 69. Contact: sip:1747625XXXX@proxy01.sipphone.com:5060. To: sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com. From: sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com;tag=31839881. Call-ID: 7dffe5df6f2a521a@YW50ZXJvb21lbWFjLmxvY2Fs. CSeq: 40 REGISTER. Expires: 1800. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, INFO, NOTIFY, MESSAGE. Supported: ICE. User-Agent: MacGizmo (Gizmo-s2n1)/1.5. Authorization: Digest username="1101201XXXX",realm="proxy.ideasip.com",nonce="4475d66395235de62215f7d44f9dbafc068050f7",uri="sip:proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com",response="2a56661c46fdac2129de3100014e5753",cnonce="aab804aa999687b7",nc=00000003,qop=auth,algorithm=MD5. Content-Length: 0. P-hint: outbound.
Any idea what's throwing the error and what causes it?
N. _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Not sure if the to/from headers are the ones causing the issue, nor am I really sure why the to/from headers even look that way or what client is causing that.
What I want to know more is what part of the ser code is causing the buffer overflow warnings.... and how it can be fixed.
N.
On Thu, 25 May 2006 23:24:14 +0700, Andrey Kouprianov wrote
Maybe Request-URI? Look very long and "unnormal". But that's just a guess...
On 5/25/06, sip sip@arcdiv.com wrote:
I recently started seeing this in the logs right after a registration attempt from a user who's a on our system, but is somehow storing contact info for a different username on a different service:
May 25 12:03:52 death ser[22235]: ERROR: warning_builder: buffer size exceeded May 25 12:03:52 death ser[22235]: WARNING: warning skipped -- too big
The register packet that caused it was:
REGISTER sip:proxy.ideasip.com:5060;g_id=17476253781;g_dom=proxy01.sipphone.com
SIP/2.0.
Record-Route: sip:198.65.XXX.XXX;ftag=31839881;lr. Via: SIP/2.0/UDP 198.65.XXX.XXX;branch=z9hG4bK1033.75ea1c43.0. Via: SIP/2.0/UDP
192.168.1.18:36560;received=69.91.XXX.XXX;branch=z9hG4bK-d87543-5e7fc69802da2376-1--d87543-;rport=33028.
Max-Forwards: 69. Contact: sip:1747625XXXX@proxy01.sipphone.com:5060. To:
sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com.
From:
sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com;tag=31839881.
Call-ID: 7dffe5df6f2a521a@YW50ZXJvb21lbWFjLmxvY2Fs. CSeq: 40 REGISTER. Expires: 1800. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, INFO, NOTIFY, MESSAGE. Supported: ICE. User-Agent: MacGizmo (Gizmo-s2n1)/1.5. Authorization: Digest
username="1101201XXXX",realm="proxy.ideasip.com",nonce="4475d66395235de62215f7d44f9dbafc068050f7",uri="sip:proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com",response="2a56661c46fdac2129de3100014e5753",cnonce="aab804aa999687b7",nc=00000003,qop=auth,algorithm=MD5.
Content-Length: 0. P-hint: outbound.
Any idea what's throwing the error and what causes it?
N. _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
first of all a terminological clarification: there is nothing like a buffer overflow here. If there was such a buffer overlow SER would have crashed and not issed warning.
What is says is that the request is so long that a reply which would include Warning header field would be pretty much long too and thus the Warning is just skipped.
If you don't like the error message, turn off the warning header field configuration option.
On SER side, I think this should be made a WARNING and not ERROR -- that's too confusing.
-jiri
At 18:57 25/05/2006, sip wrote:
Not sure if the to/from headers are the ones causing the issue, nor am I really sure why the to/from headers even look that way or what client is causing that.
What I want to know more is what part of the ser code is causing the buffer overflow warnings.... and how it can be fixed.
N.
On Thu, 25 May 2006 23:24:14 +0700, Andrey Kouprianov wrote
Maybe Request-URI? Look very long and "unnormal". But that's just a guess...
On 5/25/06, sip sip@arcdiv.com wrote:
I recently started seeing this in the logs right after a registration attempt from a user who's a on our system, but is somehow storing contact info for a different username on a different service:
May 25 12:03:52 death ser[22235]: ERROR: warning_builder: buffer size exceeded May 25 12:03:52 death ser[22235]: WARNING: warning skipped -- too big
The register packet that caused it was:
REGISTER sip:proxy.ideasip.com:5060;g_id=17476253781;g_dom=proxy01.sipphone.com
SIP/2.0.
Record-Route: sip:198.65.XXX.XXX;ftag=31839881;lr. Via: SIP/2.0/UDP 198.65.XXX.XXX;branch=z9hG4bK1033.75ea1c43.0. Via: SIP/2.0/UDP
192.168.1.18:36560;received=69.91.XXX.XXX;branch=z9hG4bK-d87543-5e7fc69802da2376-1--d87543-;rport=33028.
Max-Forwards: 69. Contact: sip:1747625XXXX@proxy01.sipphone.com:5060. To:
sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com.
From:
sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com;tag=31839881.
Call-ID: 7dffe5df6f2a521a@YW50ZXJvb21lbWFjLmxvY2Fs. CSeq: 40 REGISTER. Expires: 1800. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, INFO, NOTIFY, MESSAGE. Supported: ICE. User-Agent: MacGizmo (Gizmo-s2n1)/1.5. Authorization: Digest
username="1101201XXXX",realm="proxy.ideasip.com",nonce="4475d66395235de62215f7d44f9dbafc068050f7",uri="sip:proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com",response="2a56661c46fdac2129de3100014e5753",cnonce="aab804aa999687b7",nc=00000003,qop=auth,algorithm=MD5.
Content-Length: 0. P-hint: outbound.
Any idea what's throwing the error and what causes it?
N. _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
I'm fine with seeing the message as long as it's not something to worry about. It IS a bit confusing to see an ERROR: warning_builder... followed by a WARNING: warning skipped. I think that could be worded better. Why send a warning that you're not warning anyone?
I also think it's generally probably not the world's best idea to do whatever it is that UA is doing... sending information about multiple logins to a single proxy. Seems like it could be a security concern there.
I've dropped the UA makers a note and asked them to clarify just why it is they're including their own username/proxy info in requests to our proxy through their UA as WELL as our username/proxy info.
All rather bizarre.
N.
On Thu, 25 May 2006 20:56:29 +0200, Jiri Kuthan wrote
first of all a terminological clarification: there is nothing like a buffer overflow here. If there was such a buffer overlow SER would have crashed and not issed warning.
What is says is that the request is so long that a reply which would include Warning header field would be pretty much long too and thus the Warning is just skipped.
If you don't like the error message, turn off the warning header field configuration option.
On SER side, I think this should be made a WARNING and not ERROR -- that's too confusing.
-jiri
At 18:57 25/05/2006, sip wrote:
Not sure if the to/from headers are the ones causing the issue, nor am I really sure why the to/from headers even look that way or what client is causing that.
What I want to know more is what part of the ser code is causing the buffer overflow warnings.... and how it can be fixed.
N.
On Thu, 25 May 2006 23:24:14 +0700, Andrey Kouprianov wrote
Maybe Request-URI? Look very long and "unnormal". But that's just a guess...
On 5/25/06, sip sip@arcdiv.com wrote:
I recently started seeing this in the logs right after a registration
attempt
from a user who's a on our system, but is somehow storing contact info
for a
different username on a different service:
May 25 12:03:52 death ser[22235]: ERROR: warning_builder: buffer size
exceeded
May 25 12:03:52 death ser[22235]: WARNING: warning skipped -- too big
The register packet that caused it was:
REGISTER sip:proxy.ideasip.com:5060;g_id=17476253781;g_dom=proxy01.sipphone.com
SIP/2.0.
Record-Route: sip:198.65.XXX.XXX;ftag=31839881;lr. Via: SIP/2.0/UDP 198.65.XXX.XXX;branch=z9hG4bK1033.75ea1c43.0. Via: SIP/2.0/UDP
192.168.1.18:36560;received=69.91.XXX.XXX;branch=z9hG4bK-d87543-5e7fc69802da2376-1--d87543-;rport=33028.
Max-Forwards: 69. Contact: sip:1747625XXXX@proxy01.sipphone.com:5060. To:
sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com.
From:
sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com;tag=31839881.
Call-ID: 7dffe5df6f2a521a@YW50ZXJvb21lbWFjLmxvY2Fs. CSeq: 40 REGISTER. Expires: 1800. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, INFO, NOTIFY, MESSAGE. Supported: ICE. User-Agent: MacGizmo (Gizmo-s2n1)/1.5. Authorization: Digest
username="1101201XXXX",realm="proxy.ideasip.com",nonce="4475d66395235de62215f7d44f9dbafc068050f7",uri="sip:proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com",response="2a56661c46fdac2129de3100014e5753",cnonce="aab804aa999687b7",nc=00000003,qop=auth,algorithm=MD5.
Content-Length: 0. P-hint: outbound.
Any idea what's throwing the error and what causes it?
N. _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
-
Andrey Kouprianov -
Jiri Kuthan -
sip