possible bug in ZRTP implementation - SRTP replay check failed!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 06.06.2013 16:46, schrieb Privus 007:
> *So some questions:
> - is the audio completely disturbed during the call? Or what's the
> behaviour of
>   the audio?*
> 
> Audio is fine (using opus codec) until the call drops. Once that happens
> CSip drops the connection and reregisters with the PBX. Sometimes the call
> drops after a few seconds, sometimes after a few minutes (usually drops
> right before the 2 minute mark). I'll try using a more standard codec in my
> next tests to see if it makes any difference.

The available log does not show the "call drop", the log suddenly stops in the midst
of another warning message. Any info about this? What does it mean "drops the connection?"
RTP/SRTP does not have a connection per se, it's UDP thus CS cannot "drop it".
Does it drop the SIP connection (you use TLS and this CS must hold a TCP
connection)? A re-registration is only necessary if either the register
timer triggers or if the SIP TLS(TCP) connection is lost.

Werner

> 
> *- are there any network elements that buffer and send or resend UPD (SRTP)
> data at
>   some arbitrary time? My SRTP stack not only reports duplicate packets but
>   also packets that arrive too late. Currently I have implemented a window
> size
>   of 64. Thus if a packet is too late (the difference between its sequence
> number
>   and the current sequence number is >64, thus more than one second off)
> the SRTP
>   stack also reports a replay warning. Well, not really accurate in that
> case ;-) .*
> 
> Hmmm, this is a good question. There *shouldn*'t be any network elements
> buffering or messing with the packets.
> I've tested with CSip using my broadband wifi connection (the Freeswitch
> server is on the same ISP and the connection is quite good, with little
> latency and jitter) and I've tried with 3G too. Both scenarios reproduce
> the problem. I'm hoping someone else can replicate my scenario to try and
> rule out some router in the ISP messing with the packets. When I have time
> I'm going to try and install a Kamailio server to see if there's any change
> at all. Currently I'm using Freeswitch (latest stable release) with TLS
> transport and "bypass media <https://wiki.freeswitch.org/wiki/Proxy_Media>"
> option enabled.
> *
> - Does the normal PJSIP SDES implementation even report replay warnings or
> SRTP
>   problems at all? Please keep in mind that SDES uses a different SRTP stack
>   than I use for ZRTP, mainly because ZRTP can negotiate bigger keys and
> more
>   cipher algorithms than SDES and the standard SRTP stack does not support
> this.
> 
> *
> I'm not sure about the SRTP stack used in PJSIP's SDES implementation.
> Perhaps a PJSIP developer could answer this one?
> 
> Thanks*
> *
> 

<SNIP --- SNAP>


-- 
----------------------------------------------
Werner Dittmann    Werner.Dittmann at t-online.de
Tel +49 173 44 37 659
PGP key: 82EF5E8B



[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux