Skip to content

Respect the direction set in a template stream#618

Open
bifurcation wants to merge 5 commits into
cisco:mainfrom
bifurcation:respect-direction
Open

Respect the direction set in a template stream#618
bifurcation wants to merge 5 commits into
cisco:mainfrom
bifurcation:respect-direction

Conversation

@bifurcation
Copy link
Copy Markdown
Contributor

@bifurcation bifurcation commented Nov 21, 2022
edited
Loading

This PR attempts to fix the logical error noted in #617, that the directions set on a template stream are not checked when the template stream is used to create new (directed) streams. It simply adds checks in srtp_protect_mki and srtp_unprotect_mki that verify that the template stream's direction is compatible with the context, either the same direction or dir_srtp_unknown. Marking as WIP because even if we agree on approach, we probably need to cover the analgous RTCP methods.

Note that there is compatibility risk in merging this PR: If there are consumers that are relying the ambiguity noted here, then they will fail.

@pabuhler
Copy link
Copy Markdown
Member

pabuhler commented Nov 23, 2022

This code apears to be 17 years old and kind of unchanged, I agree that it should be fixed, but it might break things for exisitng clients if they have been doing it wrong. Maybe this is something for 3.0 ?
The update_xxx() functions also need to preserver the directions flags.

pabuhler and others added 5 commits May 14, 2026 09:15
@pabuhler
make test to verify direction is adhered too
4155f4d 
This is a failing test for cisco#618
@bifurcation @pabuhler
Respect the direction set in a template stream
581f2c4
@pabuhler
Also respect template direction for RTCP
d922f4a
@pabuhler
enforce directional stream operations
d1170a9 
A stream can no be used for both protecting and unprotecting.
Treat it as an error as well as rasing the collision event.
@pabuhler
Preserve stream direction across srtp_update
c2fcc91 
Keep existing stream directions unchanged when srtp_update rebuilds
specific streams, and reject wildcard template updates that attempt to
flip inbound/outbound direction.

Add regression coverage for specific and template-derived streams to
verify direction preservation and template direction mismatch rejection.
@pabuhler pabuhler force-pushed the respect-direction branch from 7736c30 to c2fcc91 Compare May 14, 2026 17:23
@pabuhler
Copy link
Copy Markdown
Member

pabuhler commented May 14, 2026

@bifurcation , I took your change and applied some more direction checking, can you do a review ?

Summary of changes:

Tightens SRTP stream direction handling so sender and receiver streams cannot be used for the wrong operation.

It adds a new srtp_err_status_direction_mismatch status for cases where an existing stream is used with the opposite direction, and applies that check consistently across RTP and RTCP protect/unprotect paths. Wildcard template streams now also reject incompatible inbound/outbound operations before creating a stream.

The change also preserves stream direction across srtp_update(), including both specific streams and wildcard template streams, and rejects template updates that would flip an established template direction.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bifurcation @pabuhler