mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
SquashSRS4: Add security scan. Feed TWCC before drop PT.
This commit is contained in:
parent
e74810230a
commit
4f1aa924e6
3 changed files with 74 additions and 20 deletions
|
@ -552,18 +552,6 @@ fi
|
|||
#####################################################################################
|
||||
# srtp
|
||||
#####################################################################################
|
||||
# For openssl-1.1.*, we should disable SRTP ASM, because SRTP only works with openssl-1.0.*
|
||||
if [[ $SRS_SRTP_ASM == YES ]]; then
|
||||
echo " #include <openssl/ssl.h> " > ${SRS_OBJS}/_tmp_srtp_asm_detect.c
|
||||
echo " #if OPENSSL_VERSION_NUMBER >= 0x10100000L // v1.1.x " >> ${SRS_OBJS}/_tmp_srtp_asm_detect.c
|
||||
echo " #error \"SRTP only works with openssl-1.0.*\" " >> ${SRS_OBJS}/_tmp_srtp_asm_detect.c
|
||||
echo " #endif " >> ${SRS_OBJS}/_tmp_srtp_asm_detect.c
|
||||
${SRS_TOOL_CC} -c ${SRS_OBJS}/_tmp_srtp_asm_detect.c -I${SRS_OBJS}/openssl/include -o /dev/null >/dev/null 2>&1
|
||||
if [[ $? -ne 0 ]]; then
|
||||
SRS_SRTP_ASM=NO && echo "Warning: Disable SRTP-ASM optimization, please update docker";
|
||||
fi
|
||||
rm -f ${SRS_OBJS}/_tmp_srtp_asm_detect.c
|
||||
fi;
|
||||
SRTP_CONFIG="echo SRTP without openssl(ASM) optimization" && SRTP_OPTIONS=""
|
||||
# If use ASM for SRTP, we enable openssl(with ASM).
|
||||
if [[ $SRS_SRTP_ASM == YES ]]; then
|
||||
|
|
|
@ -1116,14 +1116,6 @@ srs_error_t SrsRtcPublishStream::on_rtp(char* data, int nb_data)
|
|||
return err;
|
||||
}
|
||||
|
||||
// If payload type is configed to drop, ignore this packet.
|
||||
if (pt_to_drop_) {
|
||||
uint8_t pt = srs_rtp_fast_parse_pt(data, nb_data);
|
||||
if (pt_to_drop_ == pt) {
|
||||
return err;
|
||||
}
|
||||
}
|
||||
|
||||
// Decode the header first.
|
||||
if (twcc_id_) {
|
||||
// We must parse the TWCC from RTP header before SRTP unprotect, because:
|
||||
|
@ -1140,6 +1132,14 @@ srs_error_t SrsRtcPublishStream::on_rtp(char* data, int nb_data)
|
|||
}
|
||||
}
|
||||
|
||||
// If payload type is configed to drop, ignore this packet.
|
||||
if (pt_to_drop_) {
|
||||
uint8_t pt = srs_rtp_fast_parse_pt(data, nb_data);
|
||||
if (pt_to_drop_ == pt) {
|
||||
return err;
|
||||
}
|
||||
}
|
||||
|
||||
// Decrypt the cipher to plaintext RTP data.
|
||||
char* plaintext = data;
|
||||
int nb_plaintext = nb_data;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue