[asterisk-dev] [SOLVED] Was: A new SIP message started to appear (missing CSeq)

Pavel Troller patrol at sinus.cz
Thu Jul 19 14:59:09 CDT 2012 

Hi!
  Please ignore the message. I've found the problem by myself, I've been able
to get the tcpdump of the "burst". It's strange - it's a well-known person,
using well-known device (Android phone with SipDroid client), which never
caused any problems, but now he is spending his holidays in Spain and he tries
to connect over the 3G network. It looks that there is some SIP ALG or 
something like this, which removes the CSeq headers from the REGISTER requests.
It's verified that they are not there, and the client is getting
400 Bad Request back. So, all is OK. Sorry for the noise.
  With regards,
    Pavel

> Hi!
> 
>   Since a certain time (a few days ago), I'm observing the following "bursts"
> of SIP notice messages appearing in the Asterisk console:
> [Jul 19 19:08:00] NOTICE[689]: chan_sip.c:10081 copy_header: No field 'CSeq' present to copy
> [Jul 19 19:08:08] NOTICE[689]: chan_sip.c:10081 copy_header: No field 'CSeq' present to copy
> [Jul 19 19:08:12] NOTICE[689]: chan_sip.c:10081 copy_header: No field 'CSeq' present to copy
> [Jul 19 19:08:14] NOTICE[689]: chan_sip.c:10081 copy_header: No field 'CSeq' present to copy
> [Jul 19 19:08:18] NOTICE[689]: chan_sip.c:10081 copy_header: No field 'CSeq' present to copy
> [Jul 19 19:08:22] NOTICE[689]: chan_sip.c:10081 copy_header: No field 'CSeq' present to copy
> [Jul 19 19:08:26] NOTICE[689]: chan_sip.c:10081 copy_header: No field 'CSeq' present to copy
> [Jul 19 19:08:30] NOTICE[689]: chan_sip.c:10081 copy_header: No field 'CSeq' present to copy
> [Jul 19 19:08:34] NOTICE[689]: chan_sip.c:10081 copy_header: No field 'CSeq' present to copy
> [Jul 19 19:08:38] NOTICE[689]: chan_sip.c:10081 copy_header: No field 'CSeq' present to copy
>   They typically appear in a pace of about 1 per 3 - 4 seconds and their
> number is obviously between 10 - 15 per "burst".
>   Maybe they started to appear with my latest Asterisk (1.8 branch) SVN 
> update, but I'm not sure.
>   Now such bursts appear in a frequency about 10 - 15 per day.
>   Around the time, when the messages are produced, there are no CDRs written
> (or they aren't related to SIP).
>   I looked at the sources and I understand the "low-level logic" (the CSeq
> header is not present in the message when it is required to be copied), but
> I'm somewhat missing the "high-level" explanation, i.e. what does it mean
> in practice.
>   1) Is it a symptom of broken UA ? Maybe some user changed the client and
> the new one is buggy ?
>   2) Or is it a new kind of SIP attack ?
>   3) Or maybe a newly introduced chan_sip bug ?
>   4) Or maybe chan_sip now reports an error condition which was not reported
> before ?
>   5) Is it a symptom of degraded SIP service ? I still didn't receive any
> complaints of my users, but I would like to proactively fix any possible
> problems before they will be reported to me...
> 
>   Thank you for explanation/advice!
>   With regards,
>     Pavel Troller
>

More information about the asterisk-dev mailing list