![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 16 years ago
Last modified 16 years ago
#600 closed defect
Reinvite/update call when SRTP enabled may cause one way media. — at Version 2
| Reported by: | nanang | Owned by: | nanang |
|---|---|---|---|
| Priority: | normal | Milestone: | release-1.0-rc1 |
| Component: | pjmedia | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: |
Description (last modified by bennylp)
Symptom:
In some occassions after media_start(), srtp_unprotect() fails (returning err_status_replay_old). This seems similar to this case: http://sourceforge.net/mailarchive/message.php?msg_name=C3C343D0.3BDB%25mcgrew%40cisco.com
Description:
The srtp_unprotect() may fail on the following scenarios:
- UAC sent INVITE, and the INVITE forks to more than one UAS's, and the UAS's all send RTP to the UAC. In this case, it is expected that only RTP packets from one UAS will be successfully processed.
- The SRTP keys have changed in re-INVITE/UPDATE, and the SRTP session has been re-created with the new keys, but some old RTP packets are still lingering in the network or in socket buffer. The SRTP then may learn it's initial state from these old packets. The old packets may have different properties than the new packets, e.g. SSRC or sequence number, and this will cause the new RTP packets to be rejected by the SRTP session.
- Some attacker genuinely replays old SRTP packets
Change History (2)
comment:1 Changed 16 years ago by bennylp
- Description modified (diff)
comment:2 Changed 16 years ago by bennylp
- Description modified (diff)
Note: See
TracTickets for help on using
tickets.
