fix SRTP ROC syncing between kernel and userspace

also fixes spurious unkernelized rtcp-mux streams

fixes #495

Change-Id: I9ec86ec5ecfffeede367a9aab9168ac32b7a95f3

daemon/call.c

@@ -598,7 +598,7 @@ static void call_timer(void *ptr) {
 		if (sink) {
 			mutex_lock(&sink->out_lock);
 			if (sink->crypto.params.crypto_suite && sink->ssrc_out
-					&& ke->target.ssrc == sink->ssrc_out->parent->h.ssrc
+					&& ntohl(ke->target.ssrc) == sink->ssrc_out->parent->h.ssrc
 					&& ke->target.encrypt.last_index - sink->ssrc_out->srtp_index > 0x4000)
 			{
 				sink->ssrc_out->srtp_index = ke->target.encrypt.last_index;
@@ -609,7 +609,7 @@ static void call_timer(void *ptr) {
 
 		mutex_lock(&ps->in_lock);
 		if (sfd->crypto.params.crypto_suite && ps->ssrc_in
-				&& ke->target.ssrc == ps->ssrc_in->parent->h.ssrc
+				&& ntohl(ke->target.ssrc) == ps->ssrc_in->parent->h.ssrc
 				&& ke->target.decrypt.last_index - ps->ssrc_in->srtp_index > 0x4000)
 		{
 			ps->ssrc_in->srtp_index = ke->target.decrypt.last_index;

daemon/media_socket.c

@@ -1475,8 +1475,10 @@ update_peerinfo:
 	mutex_lock(&phc->mp.stream->out_lock);
 	endpoint = phc->mp.stream->endpoint;
 	phc->mp.stream->endpoint = phc->mp.fsin;
-	if (memcmp(&endpoint, &phc->mp.stream->endpoint, sizeof(endpoint)))
+	if (memcmp(&endpoint, &phc->mp.stream->endpoint, sizeof(endpoint))) {
+		phc->unkernelize = 1;
 		phc->update = 1;
+	}
 update_addr:
 	mutex_unlock(&phc->mp.stream->out_lock);
 
@@ -1485,6 +1487,7 @@ update_addr:
 	if (phc->mp.stream->selected_sfd && phc->mp.sfd != phc->mp.stream->selected_sfd) {
 		ilog(LOG_INFO, "Switching local interface to %s", endpoint_print_buf(&phc->mp.sfd->socket.local));
 		phc->mp.stream->selected_sfd = phc->mp.sfd;
+		phc->unkernelize = 1;
 		phc->update = 1;
 	}
 
@@ -1651,7 +1654,7 @@ static int stream_packet(struct packet_handler_ctx *phc) {
 	if (G_LIKELY(handler_ret >= 0))
 		handler_ret = media_packet_encrypt(phc);
 
-	if (phc->update) // for RTCP packet index updates
+	if (phc->unkernelize) // for RTCP packet index updates
 		unkernelize(phc->mp.stream);
 
 

utils/srtp-debug-helper

@@ -3,12 +3,12 @@
 use strict;
 use warnings;
 use MIME::Base64;
-use SRTP;
+use NGCP::Rtpclient::SRTP;
 
-my $cs = $SRTP::crypto_suites{$ARGV[0]} or die;
+my $cs = $NGCP::Rtpclient::SRTP::crypto_suites{$ARGV[0]} or die;
 my $inline_key = $ARGV[1] or die;
-my ($key, $salt) = SRTP::decode_inline_base64($inline_key);
-my ($skey, $sauth, $ssalt) = SRTP::gen_rtp_session_keys($key, $salt);
+my ($key, $salt) = NGCP::Rtpclient::SRTP::decode_inline_base64($inline_key, $cs);
+my ($skey, $sauth, $ssalt) = NGCP::Rtpclient::SRTP::gen_rtp_session_keys($key, $salt);
 print("Master key:           " . unpack("H*", $key) . "\n");
 print("Master salt:          " . unpack("H*", $salt) . "\n");
 print("RTP session key:      " . unpack("H*", $skey) . "\n");
@@ -25,14 +25,15 @@ else {
 	$pack = pack("H*", $pack);
 }
 
-my $roc = $ARGV[3] // 0;
+my $in_roc = $ARGV[3] // 0;
 
 print("Packet length:        " . length($pack) . " bytes\n");
 
-my ($dec, $roc, $tag, $hmac) = SRTP::decrypt_rtp($cs, $skey, $ssalt, $sauth, $roc, $pack);
+my ($dec, $out_roc, $tag, $hmac) = NGCP::Rtpclient::SRTP::decrypt_rtp($cs, $skey, $ssalt, $sauth, $in_roc, $pack);
 
 print("Auth tag from packet: " . unpack("H*", $tag) . "\n");
 print("Computed auth tag:    " . unpack("H*", $hmac) . "\n");
 print("Decoded packet:       " . unpack("H*", $dec) . "\n");
+print("ROC:                  $out_roc\n");