[asterisk-dev] strictrtp seems to be not so strict
Torrey Searle
tsearle at gmail.com
Fri Aug 26 07:19:55 CDT 2016
I wouldn't dare change the default :-)
But the way I understand the code is that it would end up being a
switching, as getting a packet from the current source doesn't seem to
re-set the counter.
I'll do the following,
change the conf validation to allow probation = 0 (default will remain 4)
if learning_min_sequential is 0, the else in
if (rtp->strict_rtp_state == STRICT_RTP_CLOSED) {
if (!ast_sockaddr_cmp(&rtp->strict_rtp_address, &addr)) {
will be disabled
On 26 August 2016 at 14:05, Joshua Colp <jcolp at digium.com> wrote:
> Torrey Searle wrote:
>
>> I'm looking at the implementation of strictrtp and it seems currently
>> there is no way disable re-learning in it. My concern is from a
>> security aspect, if somebody sends enough rtp packets to asterisk, he
>> can have the audio stream redirected to himself.
>>
>> This could be mitigated possibly by setting the probation to a very high
>> value, but I was wondering if it would be interesting to allow probation
>> = 0 to disable the functionality to re-learn. (exception for symmetric
>> rtp and ice, but that is already in place in the code)
>>
>
> I think it would be a fine addition to have more control over it, but I
> wouldn't change the default.
>
> You'd also likely either end up not switching to the new source with the
> current code, or end up in a fight where it keeps switching it looks like.
>
> --
> Joshua Colp
> Digium, Inc. | Senior Software Developer
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - US
> Check us out at: www.digium.com & www.asterisk.org
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20160826/398f8f1a/attachment.html>
More information about the asterisk-dev
mailing list