[Core] Reject DTLS packets coming from a source different than the current ICE negoti...

diff --git a/src/switch_rtp.c b/src/switch_rtp.c
index 5d58e07aad69715efe25ac435923c39a6f64426b..1125e2f59bc8be2b7ec664d35e5ee41c6757cf51 100644 (file)
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -3374,7 +3374,20 @@ static int do_dtls(switch_rtp_t *rtp_session, switch_dtls_t *dtls)
                return 0;
        }
 
-       if (is_ice && !rtp_session->ice.cand_responsive) {
+       if (is_ice && !(rtp_session->ice.type & ICE_LITE) && !rtp_session->ice.cand_responsive) {
+               switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_DEBUG6, "Got DTLS packet but candidate is not responsive\n");
+
+               return 0;
+       }
+
+       if (is_ice && !switch_cmp_addr(rtp_session->from_addr, rtp_session->ice.addr, SWITCH_TRUE)) {
+               char tmp_buf1[80] = "";
+               char tmp_buf2[80] = "";
+               const char *host_from = switch_get_addr(tmp_buf1, sizeof(tmp_buf1), rtp_session->from_addr);
+               const char *host_ice_cur_addr = switch_get_addr(tmp_buf2, sizeof(tmp_buf2), rtp_session->ice.addr);
+
+               switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_DEBUG5, "Got DTLS packet from [%s] whilst current ICE negotiated address is [%s]. Ignored.\n", host_from, host_ice_cur_addr);
+
                return 0;
        }