algesten
commented
3 months ago @xnorpx this is the fix I believe.
Closed algesten closed 1 month ago
algesten
commented
3 months ago @xnorpx this is the fix I believe.
xnorpx
commented
3 months ago maybe worth a simple end2end tests
lolgesten
commented
3 months ago maybe worth a simple end2end tests
Problem is that there is no observable difference between the packet being decrypted vs the packet being dropped due to being a dupe.
This is to protect str0m against SRTP replay attacks where already received packets are being repeated. Before this PR, this would force str0m to spend CPU decrypting it over and over again. With this PR, str0m checks the NACK register whether the packet is one we expect before doing the decryption.