Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Debug flow basic shows "Shim buffer overflow" error

0

0

Article ID: KB23571 KB Last Updated: 07 Jun 2012Version: 1.0
Summary:
Debug flow basic reports !!!ASP: Shim buffer(len:2920) will be overflowed.Drop incoming Pak(len:1460).SHIM_MAX_BUF is 4096
Symptoms:
The debug flow basic shows the following output:

****** 69739194.0: <dmz-3/ethernet3/3> packet received [1500]******
ipid = 21168(52b0), @2d65d910
packet passed sanity check.
flow_decap_vector IPv4 process
ethernet3/3:172.16.3.124/50100->10.1.41.31/1521,6<Root>
existing session found. sess token 17
flow got session.
flow session id 244665
flow_main_body_vector in ifp ethernet3/3 out ifp N/A
flow vector index 0x3ab, vector addr 0x8a99ce4, orig vector 0x8a99ce4
vsd 0 is active
av/uf/voip checking.
asp vector processing state: 2
ASP inject packet from ethernet0/1

**** jump to packet:10.1.41.31->172.16.3.124
flow_decap_vector IPv4 process
flow packet already have session.
flow session id 244665
flow_main_body_vector in ifp ethernet0/1 out ifp ethernet3/3
flow vector index 0x3ab, vector addr 0x8a99ce4, orig vector 0x8a99ce4
vsd 0 is active
av/uf/voip checking.
post addr xlation: 10.1.41.31->172.16.3.124.
update policy out counter info.
packet send out to 005056b80010 through ethernet3/3
**** pak processing end.
!!!ASP: Shim buffer(len:2920) will be overflowed.Drop incoming Pak(len:1460).SHIM_MAX_BUF is 4096

Cause:

This is caused due to the buffer getting full during ALG processing. The packet size being large cannot be accomodated in the buffer that is used by the ALG and hence it drops it and reports an error. The buffer name "SHIM" has nothing to do with the actual SHIM protocol.

The error has been reported during MSRPC and SQL transactions when the ALGs have been active. It is seen when the TCP segment size associated with this incoming packet is greater than 4096 bytes.
Solution:
As this is not related to te actual SHIM protocol, the fix lies in upgrading the firmware of the device. This problem of ALG processing has been fixed in Screen OS versions 5.4.0r22/ 6.2.0r11/ 6.3.0r9
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search