From 97b2af11bed7ff91d53eb84b18c922727f8fa251 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Fri, 2 May 2025 08:11:44 -0400 Subject: [PATCH] MT#62735 pull up SRTP decryption Decrypt SRTP (and possibly discard packet) first, before doing source address checking/learning. Change-Id: I2a2cdd94768e93d58e0cdd4614b8ac53ea680724 (cherry picked from commit 88cb8abf51cc98b7d3a628ca73581254a78c5218) --- daemon/media_socket.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/daemon/media_socket.c b/daemon/media_socket.c index e6d757ebb..837e92098 100644 --- a/daemon/media_socket.c +++ b/daemon/media_socket.c @@ -2678,6 +2678,17 @@ static int stream_packet(struct packet_handler_ctx *phc) { // this sets rtcp, in_srtp, and sinks media_packet_rtcp_demux(phc); + // this set payload_type, ssrc_in, and mp payloads + media_packet_rtp_in(phc); + + // decrypt in place + // XXX check handler_ret along the paths + handler_ret = media_packet_decrypt(phc); + if (handler_ret < 0) + goto out; // receive error + + rtp_padding(phc->mp.rtp, &phc->mp.payload); + if (media_packet_address_check(phc)) goto drop; @@ -2688,9 +2699,6 @@ static int stream_packet(struct packet_handler_ctx *phc) { if (!is_blackhole) is_blackhole = !phc->rtcp && !MEDIA_ISSET(phc->mp.media, RECV); - // this set payload_type, ssrc_in, and mp payloads - media_packet_rtp_in(phc); - if (phc->mp.rtp) ilog(LOG_DEBUG, "Handling packet: remote %s%s%s (expected: %s%s%s) -> local %s " "(RTP seq %u TS %u SSRC %s%x%s)", @@ -2725,14 +2733,6 @@ static int stream_packet(struct packet_handler_ctx *phc) { } } - // decrypt in place - // XXX check handler_ret along the paths - handler_ret = media_packet_decrypt(phc); - if (handler_ret < 0) - goto out; // receive error - - rtp_padding(phc->mp.rtp, &phc->mp.payload); - // If recording pcap dumper is set, then we record the call. if (phc->mp.call->recording && !rtpe_config.rec_egress) dump_packet(&phc->mp, &phc->s);