[Ffmpeg-devel] rtp_write_header

[Vermeir, Thijs]

Hello,

I found this part in the code in libavformat/rtp.c

static int rtp_write_header(AVFormatContext *s1)
{
....
// following 2 FIXMies could be set based on the current time, theres
normaly no info leak, as rtp will likely be transmitted immedeatly
    s->base_timestamp = 0; /* FIXME: was random(), what should this be?
*/
    s->timestamp = s->base_timestamp;
    s->ssrc = 0; /* FIXME: was random(), what should this be? */
    s->first_packet = 1;
....
}

The 2 values base_timestamp and ssrc should be random. 
- base_timestamp : This should be random to gain a random offset, the
timestamp in rtp represent the time send, not the time playing that
packet of data. Randomising this value makes a plain text attacks more
difficult on an encrypted RTP stream more difficult. Using zero as
base_timestamp will work as good but leaves a very small hole for the
black hats....

- SSRC or Synchronization source is also random. It need to be unique on
an RTP network. If you use 1 stream there is no problem. but with more
streams this is not gonna work with the innitial value 0. An RTCP packet
let you know when you have choosen randomly the same ssrc. 

Gr,
Thijs
- - - - - - - DISCLAIMER- - - - - - - -
Unless indicated otherwise, the information contained in this message is
privileged and confidential, and is intended only for the use of the
addressee(s) named above and others who have been specifically authorized to
receive it. If you are not the intended recipient, you are hereby notified
that any dissemination, distribution or copying of this message and/or
attachments is strictly prohibited. The company accepts no liability for any
damage caused by any virus transmitted by this email. Furthermore, the
company does not warrant a proper and complete transmission of this
information, nor does it accept liability for any delays. If you have
received this message in error, please contact the sender and delete the
message. Thank you.