str0m icon indicating copy to clipboard operation
str0m copied to clipboard
verified publisher icon algesten

Do not decrypt already received packets

Open algesten opened this issue 1 year ago • 3 comments

This is to protect str0m against SRTP replay attacks where already received packets are being repeated. Before this PR, this would force str0m to spend CPU decrypting it over and over again. With this PR, str0m checks the NACK register whether the packet is one we expect before doing the decryption.

algesten avatar Aug 06 '24 07:08 algesten

@xnorpx this is the fix I believe.

algesten avatar Aug 06 '24 07:08 algesten

maybe worth a simple end2end tests

xnorpx avatar Aug 06 '24 07:08 xnorpx

maybe worth a simple end2end tests

Problem is that there is no observable difference between the packet being decrypted vs the packet being dropped due to being a dupe.

lolgesten avatar Aug 06 '24 07:08 lolgesten