media/srtp refactoring pass

src/include/switch_core_media.h

@@ -39,6 +39,11 @@ SWITCH_BEGIN_EXTERN_C
 
 #define SWITCH_MAX_CAND_ACL 25
 
+typedef enum {
+	SDP_TYPE_REQUEST,
+	SDP_TYPE_RESPONSE
+} switch_sdp_type_t;
+
 typedef enum {
 	ICE_GOOGLE_JINGLE = (1 << 0),
 	ICE_VANILLA = (1 << 1),
@@ -180,10 +185,8 @@ SWITCH_DECLARE(void) switch_core_session_check_outgoing_crypto(switch_core_sessi
 SWITCH_DECLARE(const char *) switch_core_session_local_crypto_key(switch_core_session_t *session, switch_media_type_t type);
 SWITCH_DECLARE(int) switch_core_session_check_incoming_crypto(switch_core_session_t *session, 
 															  const char *varname,
-															  switch_media_type_t type, const char *crypto, int crypto_tag);
+															  switch_media_type_t type, const char *crypto, int crypto_tag, switch_sdp_type_t sdp_type);
 
-SWITCH_DECLARE(void) switch_core_session_apply_crypto(switch_core_session_t *session, switch_media_type_t type, const char *varname);
-SWITCH_DECLARE(void) switch_core_session_get_recovery_crypto_key(switch_core_session_t *session, switch_media_type_t type, const char *varname);
 
 SWITCH_DECLARE(void) switch_core_media_set_rtp_session(switch_core_session_t *session, switch_media_type_t type, switch_rtp_t *rtp_session);
 
@@ -195,7 +198,7 @@ SWITCH_DECLARE(const char *) switch_core_media_get_zrtp_hash(switch_core_session
 SWITCH_DECLARE(void) switch_core_media_pass_zrtp_hash2(switch_core_session_t *aleg_session, switch_core_session_t *bleg_session);
 SWITCH_DECLARE(int) switch_core_media_toggle_hold(switch_core_session_t *session, int sendonly);
 SWITCH_DECLARE(void) switch_core_media_copy_t38_options(switch_t38_options_t *t38_options, switch_core_session_t *session);
-SWITCH_DECLARE(uint8_t) switch_core_media_negotiate_sdp(switch_core_session_t *session, const char *r_sdp, uint8_t *proceed);
+SWITCH_DECLARE(uint8_t) switch_core_media_negotiate_sdp(switch_core_session_t *session, const char *r_sdp, uint8_t *proceed, switch_sdp_type_t sdp_type);
 SWITCH_DECLARE(switch_status_t) switch_core_media_set_video_codec(switch_core_session_t *session, int force);
 SWITCH_DECLARE(switch_status_t) switch_core_media_set_codec(switch_core_session_t *session, int force, uint32_t codec_flags);
 SWITCH_DECLARE(void) switch_core_media_check_video_codecs(switch_core_session_t *session);

src/mod/endpoints/mod_sofia/mod_sofia.h

@@ -840,7 +840,7 @@ void sofia_glue_attach_private(switch_core_session_t *session, sofia_profile_t *
 
 switch_status_t sofia_glue_do_invite(switch_core_session_t *session);
 
-uint8_t sofia_media_negotiate_sdp(switch_core_session_t *session, const char *r_sdp);
+uint8_t sofia_media_negotiate_sdp(switch_core_session_t *session, const char *r_sdp, switch_sdp_type_t type);
 
 void sofia_handle_sip_i_refer(nua_t *nua, sofia_profile_t *profile, nua_handle_t *nh, switch_core_session_t *session, sip_t const *sip,
 								sofia_dispatch_event_t *de, tagi_t tags[]);

src/mod/endpoints/mod_sofia/sofia.c

@@ -5967,7 +5967,7 @@ static void sofia_handle_sip_i_state(switch_core_session_t *session, int status,
 					uint8_t match = 0;
 
 					if (tech_pvt->mparams.num_codecs) {
-						match = sofia_media_negotiate_sdp(session, r_sdp);
+						match = sofia_media_negotiate_sdp(session, r_sdp, SDP_TYPE_REQUEST);
 					}
 
 					if (!match) {
@@ -6260,7 +6260,7 @@ static void sofia_handle_sip_i_state(switch_core_session_t *session, int status,
 					switch_channel_set_flag(tech_pvt->channel, CF_REINVITE);
 
 					if (tech_pvt->mparams.num_codecs) {
-						match = sofia_media_negotiate_sdp(session, r_sdp);
+						match = sofia_media_negotiate_sdp(session, r_sdp, SDP_TYPE_REQUEST);
 					}
 					
 					if (match && sofia_test_flag(tech_pvt, TFLAG_NOREPLY)) {
@@ -6326,7 +6326,7 @@ static void sofia_handle_sip_i_state(switch_core_session_t *session, int status,
 			switch_channel_set_flag(tech_pvt->channel, CF_REINVITE);
 
 			if (tech_pvt->mparams.num_codecs) {
-				match = sofia_media_negotiate_sdp(session, r_sdp);
+				match = sofia_media_negotiate_sdp(session, r_sdp, SDP_TYPE_REQUEST);
 			}
 			if (match) {
 				if (switch_core_media_choose_port(tech_pvt->session, SWITCH_MEDIA_TYPE_AUDIO, 0) != SWITCH_STATUS_SUCCESS) {
@@ -6386,7 +6386,7 @@ static void sofia_handle_sip_i_state(switch_core_session_t *session, int status,
 				int is_ok = 1;
 
 				if (tech_pvt->mparams.num_codecs) {
-					match = sofia_media_negotiate_sdp(session, r_sdp);
+					match = sofia_media_negotiate_sdp(session, r_sdp, SDP_TYPE_REQUEST);
 				}
 
 				if (match) {
@@ -6482,7 +6482,7 @@ static void sofia_handle_sip_i_state(switch_core_session_t *session, int status,
 					uint8_t match = 0;
 
 					if (tech_pvt->mparams.num_codecs) {
-						match = sofia_media_negotiate_sdp(session, r_sdp);
+						match = sofia_media_negotiate_sdp(session, r_sdp, SDP_TYPE_RESPONSE);
 					}
 
 					sofia_set_flag_locked(tech_pvt, TFLAG_ANS);

src/mod/endpoints/mod_sofia/sofia_glue.c

@@ -1873,17 +1873,6 @@ int sofia_recover_callback(switch_core_session_t *session)
 	switch_channel_set_name(tech_pvt->channel, switch_channel_get_variable(channel, "channel_name"));
 
 	
-	switch_core_session_get_recovery_crypto_key(session, SWITCH_MEDIA_TYPE_AUDIO, "srtp_remote_audio_crypto_key");
-	switch_core_session_get_recovery_crypto_key(session, SWITCH_MEDIA_TYPE_VIDEO, "srtp_remote_video_crypto_key");
-
-	if ((tmp = switch_channel_get_variable(channel, "rtp_local_sdp_str"))) {
-		tech_pvt->mparams.local_sdp_str = switch_core_session_strdup(session, tmp);
-	}
-
-	if ((tmp = switch_channel_get_variable(channel, SWITCH_R_SDP_VARIABLE))) {
-		tech_pvt->mparams.remote_sdp_str = switch_core_session_strdup(session, tmp);
-	}
-
 	switch_channel_set_variable(channel, "sip_invite_call_id", switch_channel_get_variable(channel, "sip_call_id"));
 
 	if (switch_true(switch_channel_get_variable(channel, "sip_nat_detected"))) {

src/mod/endpoints/mod_sofia/sofia_media.c

@@ -34,12 +34,12 @@
 
 
 
-uint8_t sofia_media_negotiate_sdp(switch_core_session_t *session, const char *r_sdp)
+uint8_t sofia_media_negotiate_sdp(switch_core_session_t *session, const char *r_sdp, switch_sdp_type_t type)
 {
 	uint8_t t, p = 0;
 	private_object_t *tech_pvt = switch_core_session_get_private(session);
 
-	if ((t = switch_core_media_negotiate_sdp(session, r_sdp, &p))) {
+	if ((t = switch_core_media_negotiate_sdp(session, r_sdp, &p, type))) {
 		sofia_set_flag_locked(tech_pvt, TFLAG_SDP);
 	}
 
@@ -80,7 +80,7 @@ switch_status_t sofia_media_tech_media(private_object_t *tech_pvt, const char *r
 		return SWITCH_STATUS_FALSE;
 	}
 
-	if ((match = sofia_media_negotiate_sdp(tech_pvt->session, r_sdp))) {
+	if ((match = sofia_media_negotiate_sdp(tech_pvt->session, r_sdp, SDP_TYPE_REQUEST))) {
 		if (switch_core_media_choose_port(tech_pvt->session, SWITCH_MEDIA_TYPE_AUDIO, 0) != SWITCH_STATUS_SUCCESS) {
 			return SWITCH_STATUS_FALSE;
 		}

src/switch_core_media.c

@@ -612,7 +612,7 @@ SWITCH_DECLARE(void) switch_core_media_parse_rtp_bugs(switch_rtp_bug_flag_t *fla
 
 static switch_status_t switch_core_media_build_crypto(switch_media_handle_t *smh,
 													  switch_media_type_t type,
-													  int index, switch_rtp_crypto_key_type_t ctype, switch_rtp_crypto_direction_t direction)
+													  int index, switch_rtp_crypto_key_type_t ctype, switch_rtp_crypto_direction_t direction, int force)
 {
 	unsigned char b64_key[512] = "";
 	const char *type_str;
@@ -627,6 +627,10 @@ static switch_status_t switch_core_media_build_crypto(switch_media_handle_t *smh
 
 	engine = &smh->engines[type];
 
+	if (!force && engine->ssec.local_raw_key[0]) {
+		return SWITCH_STATUS_SUCCESS;
+	}
+
 	if (ctype == AES_CM_128_HMAC_SHA1_80) {
 		type_str = SWITCH_RTP_CRYPTO_KEY_80;
 	} else {
@@ -663,9 +667,10 @@ static switch_status_t switch_core_media_build_crypto(switch_media_handle_t *smh
 		*p-- = '\0';
 	}
 
-
-
 	engine->ssec.local_crypto_key = switch_core_session_sprintf(smh->session, "%d %s inline:%s", index, type_str, b64_key);
+	switch_channel_set_variable_name_printf(smh->session->channel, engine->ssec.local_crypto_key, "rtp_last_%s_local_crypto_key", type2str(type));
+
+
 	switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(smh->session), SWITCH_LOG_DEBUG, "Set Local Key [%s]\n", engine->ssec.local_crypto_key);
 
 	if (!(smh->mparams->ndlb & SM_NDLB_DISABLE_SRTP_AUTH) &&
@@ -742,26 +747,57 @@ SWITCH_DECLARE(void) switch_core_media_set_rtp_session(switch_core_session_t *se
 }
 
 
-SWITCH_DECLARE(void) switch_core_session_get_recovery_crypto_key(switch_core_session_t *session, switch_media_type_t type, const char *varname)
+static void switch_core_session_get_recovery_crypto_key(switch_core_session_t *session, switch_media_type_t type)
 {
 	const char *tmp;
 	switch_rtp_engine_t *engine;
+	char *keyvar, *tagvar;
+
 	if (!session->media_handle) return;
 	engine = &session->media_handle->engines[type];
 
-	if ((tmp = switch_channel_get_variable(session->channel, varname))) {
+	if (type == SWITCH_MEDIA_TYPE_AUDIO) {
+		keyvar = "srtp_remote_audio_crypto_key";
+		tagvar = "srtp_remote_audio_crypto_tag";
+	} else {
+		keyvar = "srtp_remote_video_crypto_key";
+		tagvar = "srtp_remote_video_crypto_tag";
+	}
+
+
+	if ((tmp = switch_channel_get_variable(session->channel, keyvar))) {
 		engine->ssec.remote_crypto_key = switch_core_session_strdup(session, tmp);
+
+		if ((tmp = switch_channel_get_variable(session->channel, tagvar))) {
+			int tv = atoi(tmp);
+			engine->ssec.crypto_tag = tv;
+		} else {
+			engine->ssec.crypto_tag = 1;
+		}
+
 		switch_channel_set_flag(session->channel, CF_CRYPTO_RECOVER);
+		switch_channel_set_flag(session->channel, CF_SECURE);
 	}
 }
 
 
-SWITCH_DECLARE(void) switch_core_session_apply_crypto(switch_core_session_t *session, switch_media_type_t type, const char *varname)
+static void switch_core_session_apply_crypto(switch_core_session_t *session, switch_media_type_t type)
 {
 	switch_rtp_engine_t *engine;
+	const char *varname;
+
+	if (type == SWITCH_MEDIA_TYPE_AUDIO) {
+		varname = "rtp_secure_audio_confirmed";
+	} else {
+		varname = "rtp_secure_video_confirmed";
+	}
+
 	if (!session->media_handle) return;
 	engine = &session->media_handle->engines[type];
 
+	if (switch_channel_test_flag(session->channel, CF_RECOVERING)) {
+		return;
+	}
 
 	if (engine->ssec.remote_crypto_key && switch_channel_test_flag(session->channel, CF_SECURE)) {
 		switch_core_media_add_crypto(&engine->ssec, engine->ssec.remote_crypto_key, SWITCH_RTP_CRYPTO_RECV);
@@ -781,7 +817,7 @@ SWITCH_DECLARE(void) switch_core_session_apply_crypto(switch_core_session_t *ses
 
 SWITCH_DECLARE(int) switch_core_session_check_incoming_crypto(switch_core_session_t *session, 
 															   const char *varname,
-															   switch_media_type_t type, const char *crypto, int crypto_tag)
+															  switch_media_type_t type, const char *crypto, int crypto_tag, switch_sdp_type_t sdp_type)
 {
 	int got_crypto = 0;
 
@@ -801,25 +837,30 @@ SWITCH_DECLARE(int) switch_core_session_check_incoming_crypto(switch_core_sessio
 							
 			if (switch_channel_test_flag(session->channel, CF_CRYPTO_RECOVER)) {
 				switch_channel_clear_flag(session->channel, CF_CRYPTO_RECOVER);
-			} else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_32, crypto)) {
+			}
+			
+			if (sdp_type == SDP_TYPE_REQUEST) {
+				if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_32, crypto)) {
 					switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_32);
 				
-				switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_32, SWITCH_RTP_CRYPTO_SEND);
+					switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_32, SWITCH_RTP_CRYPTO_SEND, 1);
 					switch_rtp_add_crypto_key(engine->rtp_session, SWITCH_RTP_CRYPTO_SEND, atoi(crypto), engine->ssec.crypto_type,
 											  engine->ssec.local_raw_key, SWITCH_RTP_KEY_LEN);
 				} else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_80, crypto)) {
 					switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_80);
-				switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND);
+					switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 1);
 					switch_rtp_add_crypto_key(engine->rtp_session, SWITCH_RTP_CRYPTO_SEND, atoi(crypto), engine->ssec.crypto_type,
 											  engine->ssec.local_raw_key, SWITCH_RTP_KEY_LEN);
 				} else {
 					switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "Crypto Setup Failed!.\n");
 				}
+			}
 
 			if (a && b && !strncasecmp(a, b, 23)) {
 				switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Change Remote key to [%s]\n", crypto);
 				engine->ssec.remote_crypto_key = switch_core_session_strdup(session, crypto);
 				switch_channel_set_variable(session->channel, "srtp_remote_audio_crypto_key", crypto);
+				switch_channel_set_variable_printf(session->channel, "srtp_remote_audio_crypto_tag", "%d", crypto_tag);
 				engine->ssec.crypto_tag = crypto_tag;
 								
 				if (switch_rtp_ready(engine->rtp_session) && switch_channel_test_flag(session->channel, CF_SECURE)) {
@@ -842,10 +883,10 @@ SWITCH_DECLARE(int) switch_core_session_check_incoming_crypto(switch_core_sessio
 		if (zstr(engine->ssec.local_crypto_key)) {
 			if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_32, crypto)) {
 				switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_32);
-				switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_32, SWITCH_RTP_CRYPTO_SEND);
+				switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_32, SWITCH_RTP_CRYPTO_SEND, 1);
 			} else if (switch_stristr(SWITCH_RTP_CRYPTO_KEY_80, crypto)) {
 				switch_channel_set_variable(session->channel, varname, SWITCH_RTP_CRYPTO_KEY_80);
-				switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND);
+				switch_core_media_build_crypto(session->media_handle, type, crypto_tag, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 1);
 			} else {
 				switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "Crypto Setup Failed!.\n");
 			}
@@ -870,15 +911,15 @@ SWITCH_DECLARE(void) switch_core_session_check_outgoing_crypto(switch_core_sessi
 
 			switch_channel_set_flag(channel, CF_SECURE);
 			switch_core_media_build_crypto(session->media_handle,
-										   SWITCH_MEDIA_TYPE_AUDIO, 1, AES_CM_128_HMAC_SHA1_32, SWITCH_RTP_CRYPTO_SEND);
+										   SWITCH_MEDIA_TYPE_AUDIO, 1, AES_CM_128_HMAC_SHA1_32, SWITCH_RTP_CRYPTO_SEND, 0);
 			switch_core_media_build_crypto(session->media_handle,
-										   SWITCH_MEDIA_TYPE_VIDEO, 1, AES_CM_128_HMAC_SHA1_32, SWITCH_RTP_CRYPTO_SEND);
+										   SWITCH_MEDIA_TYPE_VIDEO, 1, AES_CM_128_HMAC_SHA1_32, SWITCH_RTP_CRYPTO_SEND, 0);
 		} else if (!strcasecmp(var, SWITCH_RTP_CRYPTO_KEY_80)) {
 			switch_channel_set_flag(channel, CF_SECURE);
 			switch_core_media_build_crypto(session->media_handle,
-										   SWITCH_MEDIA_TYPE_AUDIO, 1, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND);
+										   SWITCH_MEDIA_TYPE_AUDIO, 1, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 0);
 			switch_core_media_build_crypto(session->media_handle,
-										   SWITCH_MEDIA_TYPE_VIDEO, 1, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND);
+										   SWITCH_MEDIA_TYPE_VIDEO, 1, AES_CM_128_HMAC_SHA1_80, SWITCH_RTP_CRYPTO_SEND, 0);
 		}
 	}
 	
@@ -1617,6 +1658,10 @@ SWITCH_DECLARE(switch_status_t) switch_core_media_set_video_codec(switch_core_se
 			switch_core_session_set_video_write_codec(session, &v_engine->write_codec);
 
 
+			switch_channel_set_variable_printf(session->channel, "rtp_last_video_codec_string", "%s@%dh@%di", 
+											   v_engine->codec_params.iananame, v_engine->codec_params.rm_rate, v_engine->codec_params.codec_ms);
+
+
 			if (switch_rtp_ready(v_engine->rtp_session)) {
 				switch_core_session_message_t msg = { 0 };
 
@@ -1740,7 +1785,8 @@ SWITCH_DECLARE(switch_status_t) switch_core_media_set_codec(switch_core_session_
 	switch_channel_set_variable(session->channel, "rtp_use_codec_fmtp", a_engine->codec_params.rm_fmtp);
 	switch_channel_set_variable_printf(session->channel, "rtp_use_codec_rate", "%d", a_engine->codec_params.rm_rate);
 	switch_channel_set_variable_printf(session->channel, "rtp_use_codec_ptime", "%d", a_engine->codec_params.codec_ms);
-
+	switch_channel_set_variable_printf(session->channel, "rtp_last_audio_codec_string", "%s@%dh@%di", 
+									   a_engine->codec_params.iananame, a_engine->codec_params.rm_rate, a_engine->codec_params.codec_ms);
 
 	switch_assert(a_engine->read_codec.implementation);
 	switch_assert(a_engine->write_codec.implementation);
@@ -2143,7 +2189,7 @@ SWITCH_DECLARE(void) switch_core_session_set_ice(switch_core_session_t *session)
 }
 
 //?
-SWITCH_DECLARE(uint8_t) switch_core_media_negotiate_sdp(switch_core_session_t *session, const char *r_sdp, uint8_t *proceed)
+SWITCH_DECLARE(uint8_t) switch_core_media_negotiate_sdp(switch_core_session_t *session, const char *r_sdp, uint8_t *proceed, switch_sdp_type_t sdp_type)
 {
 	uint8_t match = 0;
 	switch_payload_t best_te = 0, te = 0, cng_pt = 0;
@@ -2515,7 +2561,7 @@ SWITCH_DECLARE(uint8_t) switch_core_media_negotiate_sdp(switch_core_session_t *s
 					crypto_tag = atoi(crypto);
 
 					got_crypto = switch_core_session_check_incoming_crypto(session, 
-																		   "rtp_has_crypto", SWITCH_MEDIA_TYPE_AUDIO, crypto, crypto_tag);
+																		   "rtp_has_crypto", SWITCH_MEDIA_TYPE_AUDIO, crypto, crypto_tag, sdp_type);
 
 				}
 			}
@@ -2920,7 +2966,7 @@ SWITCH_DECLARE(uint8_t) switch_core_media_negotiate_sdp(switch_core_session_t *s
 						
 						got_video_crypto = switch_core_session_check_incoming_crypto(session, 
 																					 "rtp_has_video_crypto", 
-																					 SWITCH_MEDIA_TYPE_VIDEO, crypto, crypto_tag);
+																					 SWITCH_MEDIA_TYPE_VIDEO, crypto, crypto_tag, sdp_type);
 					
 					}
 				}
@@ -4144,7 +4190,7 @@ SWITCH_DECLARE(switch_status_t) switch_core_media_activate_rtp(switch_core_sessi
 			switch_rtp_set_cng_pt(a_engine->rtp_session, smh->mparams->cng_pt);
 		}
 
-		switch_core_session_apply_crypto(session, SWITCH_MEDIA_TYPE_AUDIO, "rtp_secure_media_confirmed");
+		switch_core_session_apply_crypto(session, SWITCH_MEDIA_TYPE_AUDIO);
 
 		switch_snprintf(tmp, sizeof(tmp), "%d", a_engine->codec_params.remote_sdp_port);
 		switch_channel_set_variable(session->channel, SWITCH_REMOTE_MEDIA_IP_VARIABLE, a_engine->codec_params.remote_sdp_ip);
@@ -4435,7 +4481,7 @@ SWITCH_DECLARE(switch_status_t) switch_core_media_activate_rtp(switch_core_sessi
 				v_engine->ssrc = switch_rtp_get_ssrc(v_engine->rtp_session);
 				switch_channel_set_variable_printf(session->channel, "rtp_use_video_ssrc", "%u", v_engine->ssrc);
 
-				switch_core_session_apply_crypto(session, SWITCH_MEDIA_TYPE_VIDEO, "rtp_secure_video_confirmed");
+				switch_core_session_apply_crypto(session, SWITCH_MEDIA_TYPE_VIDEO);
 
 				
 				if (switch_channel_test_flag(session->channel, CF_ZRTP_PASSTHRU)) {
@@ -7195,6 +7241,16 @@ SWITCH_DECLARE (void) switch_core_media_recover_session(switch_core_session_t *s
 	a_engine->codec_params.iananame = a_engine->codec_params.rm_encoding = (char *) switch_channel_get_variable(session->channel, "rtp_use_codec_name");
 	a_engine->codec_params.rm_fmtp = (char *) switch_channel_get_variable(session->channel, "rtp_use_codec_fmtp");
 
+	if ((tmp = switch_channel_get_variable(session->channel, SWITCH_R_SDP_VARIABLE))) {
+		smh->mparams->remote_sdp_str = switch_core_session_strdup(session, tmp);
+	}
+
+
+	if ((tmp = switch_channel_get_variable(session->channel, "rtp_last_audio_codec_string"))) {
+		const char *vtmp = switch_channel_get_variable(session->channel, "rtp_last_video_codec_string");
+		switch_channel_set_variable_printf(session->channel, "rtp_use_codec_string", "%s%s%s", tmp, vtmp ? "," : "", vtmp ? vtmp : "");
+	}
+	
 	if ((tmp = switch_channel_get_variable(session->channel, "rtp_use_codec_string"))) {
 		char *tmp_codec_string = switch_core_session_strdup(smh->session, tmp);
 		smh->codec_order_last = switch_separate_string(tmp_codec_string, ',', smh->codec_order, SWITCH_MAX_CODECS);
@@ -7285,6 +7341,25 @@ SWITCH_DECLARE (void) switch_core_media_recover_session(switch_core_session_t *s
 		return;
 	}
 
+	switch_core_session_get_recovery_crypto_key(session, SWITCH_MEDIA_TYPE_AUDIO);
+	switch_core_session_get_recovery_crypto_key(session, SWITCH_MEDIA_TYPE_VIDEO);
+
+
+	if ((tmp = switch_channel_get_variable(session->channel, "rtp_last_audio_local_crypto_key"))) {
+		int idx = atoi(tmp);
+
+		a_engine->ssec.local_crypto_key = switch_core_session_strdup(session, tmp);
+		switch_core_media_add_crypto(&a_engine->ssec, a_engine->ssec.local_crypto_key, SWITCH_RTP_CRYPTO_SEND);
+		switch_core_media_add_crypto(&a_engine->ssec, a_engine->ssec.remote_crypto_key, SWITCH_RTP_CRYPTO_RECV);
+		switch_channel_set_flag(smh->session->channel, CF_SECURE);
+		
+		switch_rtp_add_crypto_key(a_engine->rtp_session, SWITCH_RTP_CRYPTO_SEND, idx,
+								  a_engine->ssec.crypto_send_type, a_engine->ssec.local_raw_key, SWITCH_RTP_KEY_LEN);
+		
+		switch_rtp_add_crypto_key(a_engine->rtp_session, SWITCH_RTP_CRYPTO_RECV, a_engine->ssec.crypto_tag,
+								  a_engine->ssec.crypto_recv_type, a_engine->ssec.remote_raw_key, SWITCH_RTP_KEY_LEN);
+	}
+
 
 	if (switch_core_media_ready(session, SWITCH_MEDIA_TYPE_AUDIO)) {
 		switch_core_media_set_recv_pt(session, SWITCH_MEDIA_TYPE_AUDIO, a_engine->codec_params.recv_pt);

src/switch_core_session.c

@@ -2032,7 +2032,6 @@ SWITCH_DECLARE(switch_core_session_t *) switch_core_session_request_xml(switch_e
 	flags[CF_LAZY_ATTENDED_TRANSFER] = 0;
 	flags[CF_SIGNAL_DATA] = 0;
 	flags[CF_SIMPLIFY] = 0;
-	flags[CF_SECURE] = 0;
 
 
 	if (!(session = switch_core_session_request_uuid(endpoint_interface, direction, SOF_NO_LIMITS, pool, uuid))) {

src/switch_rtp.c

@@ -3968,13 +3968,13 @@ static switch_status_t read_rtp_packet(switch_rtp_t *rtp_session, switch_size_t
 				}
 
 				if (stat && rtp_session->recv_msg.header.pt != rtp_session->recv_te && rtp_session->recv_msg.header.pt != rtp_session->cng_pt) {
-					if (++rtp_session->srtp_errs[rtp_session->srtp_idx_rtp] >= MAX_SRTP_ERRS) {
+					if (++rtp_session->srtp_errs[rtp_session->srtp_idx_rtp] >= MAX_SRTP_ERRS && stat != 10) {
 						
 						switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_ERROR,
 										  "Error: SRTP %s unprotect failed with code %d%s %ld\n", rtp_type(rtp_session), stat,
 										  stat == err_status_replay_fail ? " (replay check failed)" : stat ==
 										  err_status_auth_fail ? " (auth check failed)" : "", (long)*bytes);
-						return SWITCH_STATUS_FALSE;
+						return SWITCH_STATUS_GENERR;
 					} else {
 						sbytes = 0;
 					}
@@ -4264,6 +4264,10 @@ static int rtp_common_read(switch_rtp_t *rtp_session, switch_payload_t *payload_
 				rtp_session->read_pollfd) {
 				if (switch_poll(rtp_session->read_pollfd, 1, &fdr, 0) == SWITCH_STATUS_SUCCESS) {
 					status = read_rtp_packet(rtp_session, &bytes, flags, SWITCH_FALSE);
+					if (status == SWITCH_STATUS_GENERR) {
+						ret = -1;
+						goto end;
+					}
 					if ((*flags & SFF_RTCP)) {
 						*flags &= ~SFF_RTCP;
 						has_rtcp = 1;
@@ -4365,6 +4369,10 @@ static int rtp_common_read(switch_rtp_t *rtp_session, switch_payload_t *payload_
 				read_pretriggered = 0;
 			} else {
 				status = read_rtp_packet(rtp_session, &bytes, flags, SWITCH_TRUE);
+				if (status == SWITCH_STATUS_GENERR) {
+					ret = -1;
+					goto end;
+				}
 				if ((*flags & SFF_RTCP)) {
 					*flags &= ~SFF_RTCP;
 					has_rtcp = 1;