Solved: CUCM - SIP Header Limitation is 100 (Max Num Count Headers)

maxmeisel · ‎01-28-2025

Hello,

I ran into an issue where CallManager service is discarding incoming SIP message due to too many headers, the problem is quite obvious in the trace due to:

|AppInfo |SIPTcp - Ignoring message with too many headers from 10.0.0.1:[5060]. Only allow up to 100 headers

Even so the most headers are dropped, the message isn't proceed further and causing according problems.

Unfortunately I wasn't able to find any documentation or setting to this limitation, in case I missed it please let me know. I also checked on other system like restrictions for SIP profiles they at least mention something but also don't match this exact limitation. RFC seems fine with infinit, at least nothing I saw as recommendation.

Currently I'm asking for engineers to not send headers we drop anyway. I haven't looked into the option if LUA can actually mitigate the issue as the third party headers start all the same way (also no access to according setup for easy testing).

I'm open for suggestion and will update if any additional information on that issue come up, hope this helps others in search for reference or me if I missed it

Cheers,

Max

maxmeisel · ‎03-20-2025

CM Administration > System > Service Parameter > Advanced: Clusterwide Parameters (Device - SIP)

SIP Max Incoming Message Size: This parameter specifies the maximum incoming message size, in bytes, that Cisco Unified Communications Manager (Unified CM) will accept for an incoming SIP message. For UDP, messages larger than this value will be ignored. For TCP and TLS, messages larger than this value will result in Unified CM closing (throttling or dropping) the associated connection. This parameter is one of many useful tools for reducing the effectiveness of Denial of Service (DoS) attacks. Specifying a number that is closer to the minimum allowed value results in more-secure conditions; specifying a larger value results in more-permissive conditions.
This is a required field.
Default: 18000
Minimum: 4000
Maximum: 30000
Unit: bytes

SIP Max Incoming Message Headers: This parameter specifies the maximum number of SIP message headers that Cisco Unified Communications Manager (Unified CM) will process for an incoming SIP message. For UDP, messages that contain more headers than this value will be ignored. For TCP and TLS, messages that contain more headers than this value will result in Unified CM closing (throttling or dropping) the associated connection. This parameter is one of many useful tools for reducing the effectiveness of Denial of Service (DoS) attacks. Specifying a number that is closer to the minimum allowed value results in more-secure conditions; specifying a larger value results in more-permissive conditions.
This is a required field.
Default: 100
Minimum: 50
Maximum: 256

View solution in original post

Vaijanath Sonvane · ‎01-28-2025

Hi @maxmeisel,

CUCM does not have a specific parameter to directly increase the SIP header limit for incoming messages. The SIP header limit in CUCM is 100 headers per SIP message. This looks like a hardcoded limit in CUCM, and any SIP message exceeding this limit will be ignored. CUCM enforces this limit as an implementation choice, not a requirement of the SIP protocol to protect against DoS attacks caused by large or malformed SIP messages and ensure stable performance by limiting excessive processing of complex messages.

RFC 3261 does not explicitly specify a limit on the number of headers in a SIP message. Instead, it defines general guidelines and recommendations for message size and header usage to ensure interoperability and performance.

Your best option would be to use LUA script to trim unnecessary headers before CUCM processes the message or If possible, reconfigure the SIP endpoint sending messages to CUCM to reduce the number of headers.

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

maxmeisel · ‎03-20-2025

CM Administration > System > Service Parameter > Advanced: Clusterwide Parameters (Device - SIP)

SIP Max Incoming Message Size: This parameter specifies the maximum incoming message size, in bytes, that Cisco Unified Communications Manager (Unified CM) will accept for an incoming SIP message. For UDP, messages larger than this value will be ignored. For TCP and TLS, messages larger than this value will result in Unified CM closing (throttling or dropping) the associated connection. This parameter is one of many useful tools for reducing the effectiveness of Denial of Service (DoS) attacks. Specifying a number that is closer to the minimum allowed value results in more-secure conditions; specifying a larger value results in more-permissive conditions.
This is a required field.
Default: 18000
Minimum: 4000
Maximum: 30000
Unit: bytes

SIP Max Incoming Message Headers: This parameter specifies the maximum number of SIP message headers that Cisco Unified Communications Manager (Unified CM) will process for an incoming SIP message. For UDP, messages that contain more headers than this value will be ignored. For TCP and TLS, messages that contain more headers than this value will result in Unified CM closing (throttling or dropping) the associated connection. This parameter is one of many useful tools for reducing the effectiveness of Denial of Service (DoS) attacks. Specifying a number that is closer to the minimum allowed value results in more-secure conditions; specifying a larger value results in more-permissive conditions.
This is a required field.
Default: 100
Minimum: 50
Maximum: 256

Report Inappropriate Content · ‎03-20-2025

best good tk you

Report Inappropriate Content · ‎03-20-2025

太有才了