Summary:ASTERISK-26207: [patch] sRTP: Count a roll-over of the sequence number even on lost packets.
Reporter:Alexander Traud (traud)Labels:
Date Opened:2016-07-18 05:19:47Date Closed:2016-07-22 11:30:56
Versions:11.22.0 13.9.1 Frequency of
Environment:Attachments:( 0) roc_0x7fff.patch
Description:See the sRTP FAQ, [Question 6…|http://srtp.sourceforge.net/faq.html#Q6]

With RTP media, each packet gets its own sequence number to detect lost  and late packets. That sequence number is limited to a value of {{0xffff}}. To avoid any replay-attacks, sRTP introduced a counter which is incremented whenever the sequence number rolls over (ROC). The ROC is not transmitted. Therefore, both sender and receiver must note each roll over of the sequence number.

The initial sequence number is created randomly. However, when
- that random value is near the maximum value *and*
- the first RTP packets get lost (or arrive late),

the receiver might not notice the roll-over of the sequence number. The receiver might think, the RTP sequence started at 0,1,2,3…. Consequently, the ROC is of the receiver is 0. The ROC of the sender is 1. Both parties lost ROC synchronization. Therefore, the receiver is not able to decrypt the sRTP packets anymore. No media is the result.

The mentioned webpage therefore suggests: The SRTP sender should randomly select an initial sequence number that is between {{0x0000}} and {{0x7fff}}. The attached patch does this.
Comments:By: Stephan Eisvogel (eisvogel) 2016-07-22 06:39:05.140-0500

Hey Alexander,

any chance this fix is causing huge false lost packet counts in sip show channelstats?

Peer             Call ID      Duration Recv: Pack  Lost       (     %) Jitter Send: Pack  Lost       (     %) Jitter     p65562t1469  00:01:20 0000003774  0000000000 ( 0.00%) 0.0000 0000003775  0000001998 (52.93%) 0.0001
dropping after a while to this     p65562t1469  00:06:38 0000019663  0000000000 ( 0.00%) 0.0000 0000019663  0000001998 (10.16%) 0.0001

Should be zero because that is a Telekom upstream on unloaded VDSL.


By: Alexander Traud (traud) 2016-07-22 11:30:26.263-0500

Not related because that change here just limits the random range. The counter might have started at the same position, even before that change. Consequently, you have to continue to search the cause of these RTCP statistics.