Incoming data packets dropped if SRT_CRYPTOMODE set (AES-GCM) and no passphrase set on a caller/receiver.

[jeandube]

A SRT caller/receiver was set by mistake with SRT_CRYPTOMODE to AES_GCM but no passphrase set.
Application erroneously force a LISTENING status when no data is coming in from a socket (designed for UDP and SRT listener).

SRT documentation for SRTO_CRYPTOMODE states:
The encryption mode to be used if the SRTO_PASSPHRASE is set.

[jeandube]

On the Listener/sender peer side the status is STREAMING (Sends packets) and receives ACKs.

[maxsharabayko]

Not sure I understand the issue and how to reproduce it. 🤔

For example, the following way the connection is established and streaming works as expected. The KM state is UNSECURED as it should be.

Caller-Sender

srt-xtransmit generate "srt://127.0.0.1:4200?cryptomode=2" --enable-metrics -v --sendrate 10Mbps --duration 3s --loglevel note
11:42:11.022408 [I] Log level set to note
11:42:11.042000/T40792.N:SRT.cn: @831561591: Connection established from (unknown:0) to peer @620777484 (127.0.0.1:4200)
11:42:11.043623 [I] SOCKET::SRT @831561591 ASYNC Connected to srt://127.0.0.1:4200. TSBPD Latency RCV 120ms, peer 120ms. KM state UNSECURED (RCV UNSECURED, SND UNSECURED). PB key length: 0. Cryptomode AES-GCM. Stream ID: not set.
11:42:11.044616 [I] PACER sendrate 10000000 bps (inter send interval 1052 us)
11:42:12.048845 [I] GENERATE Sending at 9846 kbps
11:42:13.049233 [I] GENERATE Sending at 10012 kbps

Listener-Receiver

srt-xtransmit receive "srt://:4200?cryptomode=2" --enable-metrics -v --loglevel note
11:42:10.174683 [I] Log level set to note
11:42:10.185068 [I] SOCKET::SRT srt://:4200: bound to ':4200'.
11:42:11.040000/T10936.N:SRT.cn: @620777484 connection on listener @620777485 (127.0.0.1:4200) from peer @831561591 (127.0.0.1:59716)
11:42:11.041000/T10936.N:SRT.cn: @620777485: Listener accepted connection @-1 - conclusion
11:42:11.042000/T10936.N:SRT.cn: @620777485: listen ret: -1 - conclusion
11:42:11.041867 [I] SOCKET::SRT @620777485 (srt://:4200) Accepted connection @620777484. TSBPD Latency RCV 120ms, peer 120ms. KM state UNSECURED (RCV UNSECURED, SND UNSECURED). PB key length: 0. Cryptomode AES-GCM. Stream ID: not set.
11:42:11.044744 [I] RECEIVE Latency, us: avg n/a, min n/a, max n/a. Jitter: 0us. Delay Factor: 1us. Pkts: rcvd 0, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
11:42:12.048978 [I] RECEIVE Latency, us: avg 124365, min 123087, max 129831. Jitter: 77us. Delay Factor: 4008us. Pkts: rcvd 821, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
11:42:13.049557 [I] RECEIVE Latency, us: avg 127337, min 122413, max 128108. Jitter: 68us. Delay Factor: 5696us. Pkts: rcvd 1768, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
11:42:14.048255 [I] RECEIVE Latency, us: avg 123906, min 121891, max 128905. Jitter: 76us. Delay Factor: 7013us. Pkts: rcvd 2723, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
11:42:14.051078 [W] RECEIVE read::recv: Connection was broken

[jeandube]

@maxsharabayko what may be missing from your options compared to ours is SRTO_GROUPCONNECT. Our listeners always offer Group connection.

[maxsharabayko]

Same with SRTO_GROUPCONNECT.

srt-xtransmit receive "srt://:4200?groupconnect=1&cryptomode=2" --enable-metrics -v --loglevel note
15:14:21.823088 [I] Log level set to note
15:14:21.830476 [I] SOCKET::SRT srt://:4200: bound to ':4200'.
15:14:22.000000/T15876.N:SRT.cn: @562879578 connection on listener @562879579 (127.0.0.1:4200) from peer @318419924 (127.0.0.1:51871)
15:14:22.001745 [I] SOCKET::SRT @562879579 (srt://:4200) Accepted connection @562879578. TSBPD Latency RCV 120ms, peer 120ms. KM state UNSECURED (RCV UNSECURED, SND UNSECURED). PB key length: 0. Cryptomode AES-GCM. Stream ID: not set.
15:14:22.003892 [I] RECEIVE Latency, us: avg n/a, min n/a, max n/a. Jitter: 0us. Delay Factor: 1us. Pkts: rcvd 0, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:14:23.009400 [I] RECEIVE Latency, us: avg 127390, min 122050, max 128323. Jitter: 106us. Delay Factor: 6274us. Pkts: rcvd 410, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:14:24.008220 [I] RECEIVE Latency, us: avg 124614, min 123610, max 128623. Jitter: 84us. Delay Factor: 4964us. Pkts: rcvd 886, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:14:25.016609 [I] RECEIVE Latency, us: avg 123330, min 121969, max 141387. Jitter: 108us. Delay Factor: 19419us. Pkts: rcvd 1365, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:14:26.015239 [I] RECEIVE Latency, us: avg 125139, min 122897, max 127602. Jitter: 86us. Delay Factor: 4704us. Pkts: rcvd 1838, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:14:27.009291 [I] RECEIVE Latency, us: avg 124766, min 122117, max 126543. Jitter: 113us. Delay Factor: 4426us. Pkts: rcvd 2311, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.

srt-xtransmit generate "srt://127.0.0.1:4200?cryptomode=2" --sendrate 5Mbps -v --loglevel note --enable-metrics
15:14:21.992858 [I] Log level set to note
15:14:22.001000/T29044.N:SRT.cn: @318419924: Connection established from (unknown:0) to peer @562879578 (127.0.0.1:4200)
15:14:22.002147 [I] SOCKET::SRT @318419924 ASYNC Connected to srt://127.0.0.1:4200. TSBPD Latency RCV 120ms, peer 120ms. KM state UNSECURED (RCV UNSECURED, SND UNSECURED). PB key length: 0. Cryptomode AES-GCM. Stream ID: not set.
15:14:22.002519 [I] PACER sendrate 5000000 bps (inter send interval 2105 us)
15:14:23.009448 [I] GENERATE Sending at 4918 kbps
15:14:24.022971 [I] GENERATE Sending at 5009 kbps
15:14:25.032405 [I] GENERATE Sending at 4997 kbps
15:14:26.046315 [I] GENERATE Sending at 5009 kbps
15:14:27.056695 [I] GENERATE Sending at 5003 kbps

[ethouris]

But Jean declared that listener should be sender.

What is also unclear to me is: what exactly settings of SRTO_PASSPHRASE and SRTO_CRYPTOMODE were set on particular party.

[maxsharabayko]

Still the same outcome.

srt-xtransmit receive "srt://127.0.0.1:4200?cryptomode=2" --enable-metrics -v --loglevel note
15:21:19.138010 [I] Log level set to note
15:21:19.148000/T20872.N:SRT.cn: @202240543: Connection established from (unknown:0) to peer @844384183 (127.0.0.1:4200)
15:21:19.149623 [I] SOCKET::SRT @202240543 ASYNC Connected to srt://127.0.0.1:4200. TSBPD Latency RCV 120ms, peer 120ms. KM state UNSECURED (RCV UNSECURED, SND UNSECURED). PB key length: 0. Cryptomode AES-GCM. Stream ID: not set.
15:21:19.150597 [I] RECEIVE Latency, us: avg n/a, min n/a, max n/a. Jitter: 0us. Delay Factor: 1us. Pkts: rcvd 0, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:21:20.164699 [I] RECEIVE Latency, us: avg 125275, min 122082, max 127317. Jitter: 113us. Delay Factor: 5236us. Pkts: rcvd 415, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:21:21.163062 [I] RECEIVE Latency, us: avg 125422, min 122226, max 127748. Jitter: 110us. Delay Factor: 5523us. Pkts: rcvd 889, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:21:22.155457 [I] RECEIVE Latency, us: avg 123638, min 121435, max 127058. Jitter: 90us. Delay Factor: 5626us. Pkts: rcvd 1361, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.

srt-xtransmit generate "srt://:4200?cryptomode=2&groupconnect=1" --sendrate 5Mbps -v --loglevel note --enable-metrics
15:21:18.082258 [I] Log level set to note
15:21:18.090749 [I] SOCKET::SRT srt://:4200: bound to ':4200'.
15:21:19.148000/T28016.N:SRT.cn: @844384183 connection on listener @844384184 (127.0.0.1:4200) from peer @202240543 (127.0.0.1:57452)
15:21:19.148944 [I] SOCKET::SRT @844384184 (srt://:4200) Accepted connection @844384183. TSBPD Latency RCV 120ms, peer 120ms. KM state UNSECURED (RCV UNSECURED, SND UNSECURED). PB key length: 0. Cryptomode AES-GCM. Stream ID: not set.
15:21:19.149658 [I] PACER sendrate 5000000 bps (inter send interval 2105 us)
15:21:20.164779 [I] GENERATE Sending at 4916 kbps
15:21:21.178145 [I] GENERATE Sending at 5009 kbps
15:21:22.186370 [I] GENERATE Sending at 4992 kbps
15:21:23.196067 [I] GENERATE Sending at 5008 kbps

[ethouris]

@jeandube Do you still use the enforcedencryption=0 option?

[maxsharabayko]

srt-xtransmit generate "srt://:4200?cryptomode=2&groupconnect=1&enforcedencryption=0" --sendrate 5Mbps -v --loglevel note --enable-metrics
15:25:45.409891 [I] Log level set to note
15:25:45.416060 [I] SOCKET::SRT srt://:4200: bound to ':4200'.
15:25:46.139000/T15284.N:SRT.cn: @568716125 connection on listener @568716126 (127.0.0.1:4200) from peer @467730819 (127.0.0.1:53134)
15:25:46.140371 [I] SOCKET::SRT @568716126 (srt://:4200) Accepted connection @568716125. TSBPD Latency RCV 120ms, peer 120ms. KM state UNSECURED (RCV UNSECURED, SND UNSECURED). PB key length: 0. Cryptomode AES-GCM. Stream ID: not set.
15:25:46.141406 [I] PACER sendrate 5000000 bps (inter send interval 2105 us)
15:25:47.142637 [I] GENERATE Sending at 4922 kbps
15:25:48.154199 [I] GENERATE Sending at 4998 kbps
15:25:49.160919 [I] GENERATE Sending at 5002 kbps
15:25:50.169778 [I] GENERATE Sending at 5002 kbps

srt-xtransmit receive "srt://127.0.0.1:4200?cryptomode=2&enforcedencryption=0" --enable-metrics -v --loglevel note
15:25:46.125328 [I] Log level set to note
15:25:46.140000/T12656.N:SRT.cn: @467730819: Connection established from (unknown:0) to peer @568716125 (127.0.0.1:4200)
15:25:46.141430 [I] SOCKET::SRT @467730819 ASYNC Connected to srt://127.0.0.1:4200. TSBPD Latency RCV 120ms, peer 120ms. KM state UNSECURED (RCV UNSECURED, SND UNSECURED). PB key length: 0. Cryptomode AES-GCM. Stream ID: not set.
15:25:46.142719 [I] RECEIVE Latency, us: avg n/a, min n/a, max n/a. Jitter: 0us. Delay Factor: 1us. Pkts: rcvd 0, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:25:47.158125 [I] RECEIVE Latency, us: avg 123721, min 123285, max 128626. Jitter: 57us. Delay Factor: 5341us. Pkts: rcvd 417, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:25:48.153939 [I] RECEIVE Latency, us: avg 124081, min 122638, max 126833. Jitter: 84us. Delay Factor: 4193us. Pkts: rcvd 889, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:25:49.145619 [I] RECEIVE Latency, us: avg 123409, min 122068, max 127773. Jitter: 105us. Delay Factor: 5703us. Pkts: rcvd 1361, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:25:50.153739 [I] RECEIVE Latency, us: avg 123635, min 121707, max 126841. Jitter: 217us. Delay Factor: 5133us. Pkts: rcvd 1842, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.

[ethouris]

Ok, I can see one more thing: cryptomode=2 is set ONLY on the caller. Listener as before, just without cryptomode set.

[maxsharabayko]

srt-xtransmit receive "srt://127.0.0.1:4200?cryptomode=2&enforcedencryption=0" --enable-metrics -v --loglevel note
15:30:59.645787 [I] Log level set to note
15:30:59.655000/T28280.N:SRT.cn: @157193405: Connection established from (unknown:0) to peer @712978249 (127.0.0.1:4200)
15:30:59.655969 [I] SOCKET::SRT @157193405 ASYNC Connected to srt://127.0.0.1:4200. TSBPD Latency RCV 120ms, peer 120ms. KM state UNSECURED (RCV UNSECURED, SND UNSECURED). PB key length: 0. Cryptomode AES-GCM. Stream ID: not set.
15:30:59.656692 [I] RECEIVE Latency, us: avg n/a, min n/a, max n/a. Jitter: 0us. Delay Factor: 1us. Pkts: rcvd 0, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:31:00.670169 [I] RECEIVE Latency, us: avg 123563, min 121964, max 127098. Jitter: 55us. Delay Factor: 5134us. Pkts: rcvd 416, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:31:01.661589 [I] RECEIVE Latency, us: avg 123316, min 122039, max 126215. Jitter: 86us. Delay Factor: 4177us. Pkts: rcvd 887, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.
15:31:02.670102 [I] RECEIVE Latency, us: avg 125058, min 121700, max 126556. Jitter: 60us. Delay Factor: 4857us. Pkts: rcvd 1365, reordered 0 (dist 0), lost 0, MD5 err 0, bad len 0.

srt-xtransmit generate "srt://:4200?groupconnect=1&enforcedencryption=0" --sendrate 5Mbps -v --loglevel note --enable-metrics
15:30:58.236450 [I] Log level set to note
15:30:58.244343 [I] SOCKET::SRT srt://:4200: bound to ':4200'.
15:30:59.654000/T23436.N:SRT.cn: @712978249 connection on listener @712978250 (127.0.0.1:4200) from peer @157193405 (127.0.0.1:49206)
15:30:59.655493 [I] SOCKET::SRT @712978250 (srt://:4200) Accepted connection @712978249. TSBPD Latency RCV 120ms, peer 120ms. KM state UNSECURED (RCV UNSECURED, SND UNSECURED). PB key length: 0. Cryptomode AUTO. Stream ID: not set.
15:30:59.655915 [I] PACER sendrate 5000000 bps (inter send interval 2105 us)
15:31:00.669980 [I] GENERATE Sending at 4921 kbps
15:31:01.677816 [I] GENERATE Sending at 4997 kbps
15:31:02.687659 [I] GENERATE Sending at 4997 kbps
15:31:03.697083 [I] GENERATE Sending at 5018 kbps