From a313d2b01b993d7b4e5080ab23f836bb2399359e Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Fri, 13 Jan 2023 12:06:05 -0500 Subject: [PATCH] MT#56420 use actual local socket for decryption The SRTP decryption context is associated with the local socket. Use the socket that a packet was actually received on for the decryption context instead of using the one that it was expected to be received on. Change-Id: Iddf400a440fc51b4afb370ec827f75e9626b2cfd --- daemon/media_socket.c | 32 ++++++++++++-------------------- daemon/rtcp.c | 2 +- include/media_socket.h | 3 +-- 3 files changed, 14 insertions(+), 23 deletions(-) diff --git a/daemon/media_socket.c b/daemon/media_socket.c index c02c0e5ab..c7fc438ce 100644 --- a/daemon/media_socket.c +++ b/daemon/media_socket.c @@ -91,14 +91,10 @@ static int __k_null(struct rtpengine_srtp *s, struct packet_stream *); static int __k_srtp_encrypt(struct rtpengine_srtp *s, struct packet_stream *); static int __k_srtp_decrypt(struct rtpengine_srtp *s, struct packet_stream *); -static int call_avp2savp_rtp(str *s, struct packet_stream *, struct stream_fd *, const endpoint_t *, - const struct timeval *, struct ssrc_ctx *); -static int call_savp2avp_rtp(str *s, struct packet_stream *, struct stream_fd *, const endpoint_t *, - const struct timeval *, struct ssrc_ctx *); -static int call_avp2savp_rtcp(str *s, struct packet_stream *, struct stream_fd *, const endpoint_t *, - const struct timeval *, struct ssrc_ctx *); -static int call_savp2avp_rtcp(str *s, struct packet_stream *, struct stream_fd *, const endpoint_t *, - const struct timeval *, struct ssrc_ctx *); +static int call_avp2savp_rtp(str *s, struct packet_stream *, struct stream_fd *, struct ssrc_ctx *); +static int call_savp2avp_rtp(str *s, struct packet_stream *, struct stream_fd *, struct ssrc_ctx *); +static int call_avp2savp_rtcp(str *s, struct packet_stream *, struct stream_fd *, struct ssrc_ctx *); +static int call_savp2avp_rtcp(str *s, struct packet_stream *, struct stream_fd *, struct ssrc_ctx *); static struct logical_intf *__get_logical_interface(const str *name, sockfamily_t *fam); @@ -1076,25 +1072,21 @@ static int rtcp_demux(const str *s, struct call_media *media) { return rtcp_demux_is_rtcp(s) ? 2 : 1; } -static int call_avp2savp_rtp(str *s, struct packet_stream *stream, struct stream_fd *sfd, const endpoint_t *src, - const struct timeval *tv, struct ssrc_ctx *ssrc_ctx) +static int call_avp2savp_rtp(str *s, struct packet_stream *stream, struct stream_fd *sfd, struct ssrc_ctx *ssrc_ctx) { return rtp_avp2savp(s, &stream->crypto, ssrc_ctx); } -static int call_avp2savp_rtcp(str *s, struct packet_stream *stream, struct stream_fd *sfd, const endpoint_t *src, - const struct timeval *tv, struct ssrc_ctx *ssrc_ctx) +static int call_avp2savp_rtcp(str *s, struct packet_stream *stream, struct stream_fd *sfd, struct ssrc_ctx *ssrc_ctx) { return rtcp_avp2savp(s, &stream->crypto, ssrc_ctx); } -static int call_savp2avp_rtp(str *s, struct packet_stream *stream, struct stream_fd *sfd, const endpoint_t *src, - const struct timeval *tv, struct ssrc_ctx *ssrc_ctx) +static int call_savp2avp_rtp(str *s, struct packet_stream *stream, struct stream_fd *sfd, struct ssrc_ctx *ssrc_ctx) { - return rtp_savp2avp(s, &stream->selected_sfd->crypto, ssrc_ctx); + return rtp_savp2avp(s, sfd ? &sfd->crypto : &stream->selected_sfd->crypto, ssrc_ctx); } -static int call_savp2avp_rtcp(str *s, struct packet_stream *stream, struct stream_fd *sfd, const endpoint_t *src, - const struct timeval *tv, struct ssrc_ctx *ssrc_ctx) +static int call_savp2avp_rtcp(str *s, struct packet_stream *stream, struct stream_fd *sfd, struct ssrc_ctx *ssrc_ctx) { - return rtcp_savp2avp(s, &stream->selected_sfd->crypto, ssrc_ctx); + return rtcp_savp2avp(s, sfd ? &sfd->crypto : &stream->selected_sfd->crypto, ssrc_ctx); } @@ -1955,7 +1947,7 @@ static int media_packet_decrypt(struct packet_handler_ctx *phc) int ret = 0; if (phc->decrypt_func) { str ori_s = phc->s; - ret = phc->decrypt_func(&phc->s, phc->in_srtp, phc->mp.sfd, &phc->mp.fsin, &phc->mp.tv, phc->mp.ssrc_in); + ret = phc->decrypt_func(&phc->s, phc->in_srtp, phc->mp.sfd, phc->mp.ssrc_in); // XXX for stripped auth tag and duplicate invocations of rtp_payload // XXX transcoder uses phc->mp.payload phc->mp.payload.len -= ori_s.len - phc->s.len; @@ -1994,7 +1986,7 @@ int media_packet_encrypt(rewrite_func encrypt_func, struct packet_stream *out, s for (GList *l = mp->packets_out.head; l; l = l->next) { struct codec_packet *p = l->data; - int encret = encrypt_func(&p->s, out, NULL, NULL, NULL, mp->ssrc_out); + int encret = encrypt_func(&p->s, out, mp->sfd, mp->ssrc_out); if (encret == 1) ret |= 0x02; else if (encret != 0) diff --git a/daemon/rtcp.c b/daemon/rtcp.c index bc249d70c..406652322 100644 --- a/daemon/rtcp.c +++ b/daemon/rtcp.c @@ -1607,7 +1607,7 @@ void rtcp_send_report(struct call_media *media, struct ssrc_ctx *ssrc_out) { if (crypt_handler && crypt_handler->out->rtcp_crypt) { g_string_set_size(sr, sr->len + RTP_BUFFER_TAIL_ROOM); rtcp_packet = STR_CONST_INIT_LEN(sr->str, sr->len - RTP_BUFFER_TAIL_ROOM); - crypt_handler->out->rtcp_crypt(&rtcp_packet, ps, NULL, NULL, NULL, ssrc_out); + crypt_handler->out->rtcp_crypt(&rtcp_packet, ps, NULL, ssrc_out); } socket_sendto(&ps->selected_sfd->socket, rtcp_packet.s, rtcp_packet.len, &ps->endpoint); diff --git a/include/media_socket.h b/include/media_socket.h index 1ef988e02..d747b2860 100644 --- a/include/media_socket.h +++ b/include/media_socket.h @@ -25,8 +25,7 @@ struct stream_fd; struct poller; typedef int rtcp_filter_func(struct media_packet *, GQueue *); -typedef int (*rewrite_func)(str *, struct packet_stream *, struct stream_fd *, const endpoint_t *, - const struct timeval *, struct ssrc_ctx *); +typedef int (*rewrite_func)(str *, struct packet_stream *, struct stream_fd *, struct ssrc_ctx *); enum transport_protocol_index {