25 May
2006
25 May
'06
6:20 p.m.
I recently started seeing this in the logs right after a registration attempt
from a user who's a on our system, but is somehow storing contact info for a
different username on a different service:
May 25 12:03:52 death ser[22235]: ERROR: warning_builder: buffer size exceeded
May 25 12:03:52 death ser[22235]: WARNING: warning skipped -- too big
The register packet that caused it was:
REGISTER
sip:proxy.ideasip.com:5060;g_id=17476253781;g_dom=proxy01.sipphone.com SIP/2.0.
Record-Route: <sip:198.65.XXX.XXX;ftag=31839881;lr>.
Via: SIP/2.0/UDP 198.65.XXX.XXX;branch=z9hG4bK1033.75ea1c43.0.
Via: SIP/2.0/UDP
192.168.1.18:36560;received=69.91.XXX.XXX;branch=z9hG4bK-d87543-5e7fc69802da2376-1--d87543-;rport=33028.
Max-Forwards: 69.
Contact: <sip:1747625XXXX@proxy01.sipphone.com:5060>.
To:
<sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com>.
From:
<sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com>;tag=31839881.
Call-ID: 7dffe5df6f2a521a@YW50ZXJvb21lbWFjLmxvY2Fs.
CSeq: 40 REGISTER.
Expires: 1800.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, INFO, NOTIFY, MESSAGE.
Supported: ICE.
User-Agent: MacGizmo (Gizmo-s2n1)/1.5.
Authorization: Digest
username="1101201XXXX",realm="proxy.ideasip.com",nonce="4475d66395235de62215f7d44f9dbafc068050f7",uri="sip:proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com",response="2a56661c46fdac2129de3100014e5753",cnonce="aab804aa999687b7",nc=00000003,qop=auth,algorithm=MD5.
Content-Length: 0.
P-hint: outbound.
Any idea what's throwing the error and what causes it?
N.
25 May
25 May
6:24 p.m.
Maybe Request-URI? Look very long and "unnormal". But that's just a
guess...
On 5/25/06, sip <sip(a)arcdiv.com> wrote:
I recently started seeing this in the logs right after
a registration attempt
from a user who's a on our system, but is somehow storing contact info for a
different username on a different service:
May 25 12:03:52 death ser[22235]: ERROR: warning_builder: buffer size exceeded
May 25 12:03:52 death ser[22235]: WARNING: warning skipped -- too big
The register packet that caused it was:
REGISTER
sip:proxy.ideasip.com:5060;g_id=17476253781;g_dom=proxy01.sipphone.com SIP/2.0.
Record-Route: <sip:198.65.XXX.XXX;ftag=31839881;lr>.
Via: SIP/2.0/UDP 198.65.XXX.XXX;branch=z9hG4bK1033.75ea1c43.0.
Via: SIP/2.0/UDP
192.168.1.18:36560;received=69.91.XXX.XXX;branch=z9hG4bK-d87543-5e7fc69802da2376-1--d87543-;rport=33028.
Max-Forwards: 69.
Contact: <sip:1747625XXXX@proxy01.sipphone.com:5060>.
To:
<sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com>.
From:
<sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com>;tag=31839881.
Call-ID: 7dffe5df6f2a521a@YW50ZXJvb21lbWFjLmxvY2Fs.
CSeq: 40 REGISTER.
Expires: 1800.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, INFO, NOTIFY, MESSAGE.
Supported: ICE.
User-Agent: MacGizmo (Gizmo-s2n1)/1.5.
Authorization: Digest
username="1101201XXXX",realm="proxy.ideasip.com",nonce="4475d66395235de62215f7d44f9dbafc068050f7",uri="sip:proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com",response="2a56661c46fdac2129de3100014e5753",cnonce="aab804aa999687b7",nc=00000003,qop=auth,algorithm=MD5.
Content-Length: 0.
P-hint: outbound.
Any idea what's throwing the error and what causes it?
N.
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
6:57 p.m.
Not sure if the to/from headers are the ones causing the issue, nor am I
really sure why the to/from headers even look that way or what client is
causing that.
What I want to know more is what part of the ser code is causing the buffer
overflow warnings.... and how it can be fixed.
N.
On Thu, 25 May 2006 23:24:14 +0700, Andrey Kouprianov wrote
Maybe Request-URI? Look very long and
"unnormal". But that's just a guess...
On 5/25/06, sip <sip(a)arcdiv.com> wrote:
> I recently started seeing this in the logs right after a registration attempt
> from a user who's a on our system, but is somehow storing contact info for a
> different username on a different service:
>
>
> May 25 12:03:52 death ser[22235]: ERROR: warning_builder: buffer size exceeded
> May 25 12:03:52 death ser[22235]: WARNING: warning skipped -- too big
>
>
> The register packet that caused it was:
>
>
>
> REGISTER
> sip:proxy.ideasip.com:5060;g_id=17476253781;g_dom=proxy01.sipphone.com
SIP/2.0.
> Record-Route:
<sip:198.65.XXX.XXX;ftag=31839881;lr>.
> Via: SIP/2.0/UDP 198.65.XXX.XXX;branch=z9hG4bK1033.75ea1c43.0.
> Via: SIP/2.0/UDP
>
192.168.1.18:36560;received=69.91.XXX.XXX;branch=z9hG4bK-d87543-5e7fc69802da2376-1--d87543-;rport=33028.
> Max-Forwards: 69.
> Contact: <sip:1747625XXXX@proxy01.sipphone.com:5060>.
> To:
>
<sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com>.
> From:
>
<sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com>;tag=31839881.
> Call-ID:
7dffe5df6f2a521a@YW50ZXJvb21lbWFjLmxvY2Fs.
> CSeq: 40 REGISTER.
> Expires: 1800.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, INFO, NOTIFY, MESSAGE.
> Supported: ICE.
> User-Agent: MacGizmo (Gizmo-s2n1)/1.5.
> Authorization: Digest
>
username="1101201XXXX",realm="proxy.ideasip.com",nonce="4475d66395235de62215f7d44f9dbafc068050f7",uri="sip:proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com",response="2a56661c46fdac2129de3100014e5753",cnonce="aab804aa999687b7",nc=00000003,qop=auth,algorithm=MD5.
Content-Length: 0.
P-hint: outbound.
Any idea what's throwing the error and what causes it?
N.
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers 
8:56 p.m.
first of all a terminological clarification: there is nothing like a buffer overflow here.
If there was such a buffer overlow SER would have crashed and not issed warning.
What is says is that the request is so long that a reply which would include Warning
header field would be pretty much long too and thus the Warning is just skipped.
If you don't like the error message, turn off the warning header field configuration
option.
On SER side, I think this should be made a WARNING and not ERROR -- that's too
confusing.
-jiri
At 18:57 25/05/2006, sip wrote:
Not sure if the to/from headers are the ones causing
the issue, nor am I
really sure why the to/from headers even look that way or what client is
causing that.
What I want to know more is what part of the ser code is causing the buffer
overflow warnings.... and how it can be fixed.
N.
On Thu, 25 May 2006 23:24:14 +0700, Andrey Kouprianov wrote
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
--
Jiri Kuthan http://iptel.org/~jiri/
Maybe Request-URI? Look very long and
"unnormal". But that's just a guess...
On 5/25/06, sip <sip(a)arcdiv.com> wrote:
> I recently started seeing this in the logs right after a registration attempt
> from a user who's a on our system, but is somehow storing contact info for a
> different username on a different service:
>
>
> May 25 12:03:52 death ser[22235]: ERROR: warning_builder: buffer size exceeded
> May 25 12:03:52 death ser[22235]: WARNING: warning skipped -- too big
>
>
> The register packet that caused it was:
>
>
>
> REGISTER
> sip:proxy.ideasip.com:5060;g_id=17476253781;g_dom=proxy01.sipphone.com
SIP/2.0.
> Record-Route:
<sip:198.65.XXX.XXX;ftag=31839881;lr>.
> Via: SIP/2.0/UDP 198.65.XXX.XXX;branch=z9hG4bK1033.75ea1c43.0.
> Via: SIP/2.0/UDP
>
192.168.1.18:36560;received=69.91.XXX.XXX;branch=z9hG4bK-d87543-5e7fc69802da2376-1--d87543-;rport=33028.
> Max-Forwards: 69.
> Contact: <sip:1747625XXXX@proxy01.sipphone.com:5060>.
> To:
>
<sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com>.
> From:
>
<sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com>;tag=31839881.
> Call-ID:
7dffe5df6f2a521a@YW50ZXJvb21lbWFjLmxvY2Fs.
> CSeq: 40 REGISTER.
> Expires: 1800.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, INFO, NOTIFY, MESSAGE.
> Supported: ICE.
> User-Agent: MacGizmo (Gizmo-s2n1)/1.5.
> Authorization: Digest
>
username="1101201XXXX",realm="proxy.ideasip.com",nonce="4475d66395235de62215f7d44f9dbafc068050f7",uri="sip:proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com",response="2a56661c46fdac2129de3100014e5753",cnonce="aab804aa999687b7",nc=00000003,qop=auth,algorithm=MD5.
Content-Length: 0.
P-hint: outbound.
Any idea what's throwing the error and what causes it?
N.
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
9:14 p.m.
I'm fine with seeing the message as long as it's not something to worry about.
It IS a bit confusing to see an ERROR: warning_builder... followed by a
WARNING: warning skipped. I think that could be worded better. Why send a
warning that you're not warning anyone?
I also think it's generally probably not the world's best idea to do whatever
it is that UA is doing... sending information about multiple logins to a
single proxy. Seems like it could be a security concern there.
I've dropped the UA makers a note and asked them to clarify just why it is
they're including their own username/proxy info in requests to our proxy
through their UA as WELL as our username/proxy info.
All rather bizarre.
N.
On Thu, 25 May 2006 20:56:29 +0200, Jiri Kuthan wrote
192.168.1.18:36560;received=69.91.XXX.XXX;branch=z9hG4bK-d87543-5e7fc69802da2376-1--d87543-;rport=33028.
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
--
Jiri Kuthan http://iptel.org/~jiri/
first of all a terminological clarification: there is
nothing like a
buffer overflow here. If there was such a buffer overlow SER would
have crashed and not issed warning.
What is says is that the request is so long that a reply which would
include Warning header field would be pretty much long too and thus
the Warning is just skipped.
If you don't like the error message, turn off the warning header
field configuration option.
On SER side, I think this should be made a WARNING and not ERROR --
that's too confusing.
-jiri
At 18:57 25/05/2006, sip wrote:
>Not sure if the to/from headers are the ones causing the issue, nor am I
>really sure why the to/from headers even look that way or what client is
>causing that.
>
>What I want to know more is what part of the ser code is causing the buffer
>overflow warnings.... and how it can be fixed.
>
>N.
>
>On Thu, 25 May 2006 23:24:14 +0700, Andrey Kouprianov wrote
>> Maybe Request-URI? Look very long and "unnormal". But that's just
a guess...
>>
>> On 5/25/06, sip <sip(a)arcdiv.com> wrote:
>> > I recently started seeing this in the logs right after a registration
attempt
>> > from a user who's a on our system,
but is somehow storing contact info
for a
>> > different username on a different
service:
>> >
>> >
>> > May 25 12:03:52 death ser[22235]: ERROR: warning_builder: buffer size
exceeded
> May 25 12:03:52 death ser[22235]: WARNING:
warning skipped -- too big
>
>
> The register packet that caused it was:
>
>
>
> REGISTER
> sip:proxy.ideasip.com:5060;g_id=17476253781;g_dom=proxy01.sipphone.com
SIP/2.0.
> > Record-Route: <sip:198.65.XXX.XXX;ftag=31839881;lr>.
> > Via: SIP/2.0/UDP 198.65.XXX.XXX;branch=z9hG4bK1033.75ea1c43.0.
> > Via: SIP/2.0/UDP
> > > > Max-Forwards: 69.
> > Contact: <sip:1747625XXXX@proxy01.sipphone.com:5060>.
> > To:
> >
<sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com>.
> > From:
> >
<sip:1101201XXXX@proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com>;tag=31839881.
> > Call-ID:
7dffe5df6f2a521a@YW50ZXJvb21lbWFjLmxvY2Fs.
> > CSeq: 40 REGISTER.
> > Expires: 1800.
> > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, INFO, NOTIFY, MESSAGE.
> > Supported: ICE.
> > User-Agent: MacGizmo (Gizmo-s2n1)/1.5.
> > Authorization: Digest
> >
username="1101201XXXX",realm="proxy.ideasip.com",nonce="4475d66395235de62215f7d44f9dbafc068050f7",uri="sip:proxy.ideasip.com:5060;g_id=1747625XXXX;g_dom=proxy01.sipphone.com",response="2a56661c46fdac2129de3100014e5753",cnonce="aab804aa999687b7",nc=00000003,qop=auth,algorithm=MD5.
Content-Length: 0.
P-hint: outbound.
Any idea what's throwing the error and what causes it?
N.
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
6765
days inactive
6765
days old
4 comments
3 participants
participants (3)
-
Andrey Kouprianov -
Jiri Kuthan -
sip