[asterisk-dev] strictrtp seems to be not so strict

Joshua Colp jcolp at digium.com
Fri Aug 26 07:05:08 CDT 2016

Torrey Searle wrote:
> I'm looking at the implementation of strictrtp and it seems currently
>   there is no way disable re-learning in it.  My concern is from a
> security aspect, if somebody sends enough rtp packets to asterisk, he
> can have the audio stream redirected to himself.
> This could be mitigated possibly by setting the probation to a very high
> value, but I was wondering if it would be interesting to allow probation
> = 0 to disable the functionality to re-learn.  (exception for symmetric
> rtp and ice, but that is already in place in the code)

I think it would be a fine addition to have more control over it, but I 
wouldn't change the default.

You'd also likely either end up not switching to the new source with the 
current code, or end up in a fight where it keeps switching it looks like.

Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org

More information about the asterisk-dev mailing list