search

bluenviron / gortsplib

RTSP 1.0 client and server library for the Go programming language
MIT License
636 stars 177 forks source link

Fail to connect to RTSP server when SETUP message already has session ID #532

Closed TempoTian closed 2 months ago

TempoTian commented 3 months ago

Client generate random session ID and use it to communicate with server Test with other server success, but fail on this server.

Setup command like belowing:

SETUP rtsp://162.168.10.252:8554/mystream/trackID=0 RTSP/1.0
Transport: RTP/AVP/TCP;unicast;interleaved=0-1;mode=record
CSeq: 2
User-Agent: ESP32-RTSP-client 1.1.0
Session: 2494844

Server report:

2024/03/18 17:28:45 INF [RTSP] [conn 162.168.10.16:49469] closed: connection is linked to another session

As spec show that

   The server generates session identifiers in response to SETUP
   requests. If a SETUP request to a server includes a session
   identifier, the server MUST bundle this setup request into the
   existing session or return error "459 Aggregate Operation Not
   Allowed" (see Section 11.3.10).

I think need memorize client session ID and build a map between client session ID and server session ID.

aler9 commented 2 months ago

Hello, as mentioned in the specification, it's the server responsibility to generate a session ID, therefore, you shouldn't generate a random session ID on client side but use the one provided to you by the server.

Allowing the generation of session IDs on client side would generate a security issue since the cryptographic strength of those session IDs would vary depending on the client.