Lafras Henning wrote: > Hi Benny, > > > I have come across the following strange situation: > I have a soft phone running and trying to register to PJSUA, > when PJSUA starts with STUN it gets a > Message too long (WSAEMSGSIZE) error and quits. > > It does not happen if I don't use STUN, > and it does not happen if I shut the soft phone down. > > The registration details of the soft phone are invalid. I see that the softphone sends REGISTER every 150 msec or so, so it's quite interesting to be able to configure the softphone to do nasty thing like this. :) > Included is the wire-shark trace you can see the soft phone trying to > register, and ICMP indicating the port is not open. > > When PJSUA starts you see it send the Stun binding request, > BUT very strange ICMP continue to reply unreachable.... > (the port should be open by now ?) Not quite. The STUN binding requests were mostly sent by the NAT testing socket, and it was not sent from port 5060. > The largest packet on the wire is 753 bytes. Yes. The pjstun_get_mapped_addr() just didn't expect to receive STUN messages this big, so it bailed out. > I can reproduce the error, please advise if any further logs or tests > would be useful. > > This can lead to DOS attacks. I agree. I've committed a fix for this in http://www.pjsip.org/trac/ticket/425. The workaround is ignore recvfrom() and parsing error, and continue retransmitting the STUN binding request upon encountering these errors. (Fyi, this applies to the old/simple STUN in pjlib-util, and not the new STUN in pjnath. The new STUN in pjnath should be more robust against possible errors like this). Thanks for catching this! cheers, -benny > > Regards > > Lafras
