[asterisk-dev] strictrtp seems to be not so strict

Joshua Colp jcolp at digium.com
Fri Aug 26 07:29:24 CDT 2016

Torrey Searle wrote:
> I wouldn't dare change the default :-)
> But the way I understand the code is that it would end up being a
> switching, as getting a packet from the current source doesn't seem to
> re-set the counter.
> I'll do the following,
> change the conf validation to allow probation = 0  (default will remain 4)
> if learning_min_sequential is 0, the else in
>          if (rtp->strict_rtp_state == STRICT_RTP_CLOSED) {
>                  if (!ast_sockaddr_cmp(&rtp->strict_rtp_address, &addr)) {
> will be disabled

If an attacker were aggressive with the sending of the RTP and were able 
to get enough packets in before a legit one, yes. As it is the reception 
of a legit packet resets the counter each time (the call to 
rtp_learning_seq_init) so under normal usage a rogue stream can't cause 
it to switch.

Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org

More information about the asterisk-dev mailing list