rtp: Enable srtp replay protection

Add option "srtpreplayprotection" rtp.conf to enable srtp replay protection. ASTERISK-29260 Reported by: Alexander Traud Change-Id: I5cd346e3c6b6812039d1901aa4b7be688173b458
2026-05-04 20:33:53 +00:00 · 2021-01-26 10:09:53 -07:00
parent 7d15655f9d
commit 389b8b0774
5 changed files with 43 additions and 4 deletions
--- a/configs/samples/rtp.conf.sample
+++ b/configs/samples/rtp.conf.sample
@@ -45,6 +45,18 @@ rtpend=20000
 ; connected. This option is set to 4 by default.
 ; probation=8
 ;
+; Enable sRTP replay protection. Buggy SIP user agents (UAs) reset the
+; sequence number (RTP-SEQ) on a re-INVITE, for example, with Session Timers
+; or on Call Hold/Resume, but keep the synchronization source (RTP-SSRC). If
+; the new RTP-SEQ is higher than the previous one, the call continues if the
+; roll-over counter (sRTP-ROC) is zero (the call lasted less than 22 minutes).
+; In all other cases, the call faces one-way audio or even no audio at all.
+; "replay check failed (index too old)" gets printed continuously. This is a
+; software bug. You have to report this to the creator of that UA. Until it is
+; fixed, you could disable sRTP replay protection (see RFC 3711 section 3.3.2).
+; This option is enabled by default.
+; srtpreplayprotection=yes
+;
 ; Whether to enable or disable ICE support. This option is enabled by default.
 ; icesupport=false
 ;