From 442d99a09bb50c9cac6866cc8df6950c0c398edf Mon Sep 17 00:00:00 2001
From: Marcus Asteborg <maastebo@microsoft.com>
Date: Mon, 5 Aug 2024 23:40:46 -0700
Subject: [PATCH] Reduce the range of initial sequence number

---
 src/rtp/id.rs       | 14 ++++++++++++++
 src/streams/send.rs | 12 +++---------
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/src/rtp/id.rs b/src/rtp/id.rs
index bf03d47f..fa28e612 100644
--- a/src/rtp/id.rs
+++ b/src/rtp/id.rs
@@ -240,6 +240,20 @@ impl SeqNo {
     }
 }
 
+impl Default for SeqNo {
+    fn default() -> Self {
+        // https://www.rfc-editor.org/rfc/rfc3550#page-13
+        // The initial value of the sequence number SHOULD be random (unpredictable)
+        // to make known-plaintext attacks on encryption more difficult
+        // Upper half of range is avoided in order to prevent SRTP wraparound issues
+        // during startup.
+        // Sequence number 0 is avoided for historical reasons, presumably to avoid
+        // debugability or test usage conflicts.
+        // i.e the range is (1, 2^15-1)
+        Self((NonCryptographicRng::u16() % 32767 + 1) as u64)
+    }
+}
+
 impl Pt {
     /// Create a PT with a specific value.
     ///
diff --git a/src/streams/send.rs b/src/streams/send.rs
index d653b0b2..4b6dab41 100644
--- a/src/streams/send.rs
+++ b/src/streams/send.rs
@@ -24,8 +24,8 @@ use crate::session::PacketReceipt;
 use crate::stats::MediaEgressStats;
 use crate::stats::StatsSnapshot;
 use crate::util::value_history::ValueHistory;
+use crate::util::InstantExt;
 use crate::util::{already_happened, calculate_rtt_ms, not_happening};
-use crate::util::{InstantExt, NonCryptographicRng};
 use crate::RtcError;
 
 use super::rtx_cache::RtxCache;
@@ -152,12 +152,6 @@ pub(crate) struct StreamTxStats {
 
 impl StreamTx {
     pub(crate) fn new(ssrc: Ssrc, rtx: Option<Ssrc>, mid: Mid, rid: Option<Rid>) -> Self {
-        // https://www.rfc-editor.org/rfc/rfc3550#page-13
-        // The initial value of the sequence number SHOULD be random (unpredictable)
-        // to make known-plaintext attacks on encryption more difficult
-        let seq_no = (NonCryptographicRng::u16() as u64).into();
-        let seq_no_rtx = (NonCryptographicRng::u16() as u64).into();
-
         debug!("Create StreamTx for SSRC: {}", ssrc);
 
         StreamTx {
@@ -168,8 +162,8 @@ impl StreamTx {
             kind: None,
             cname: None,
             clock_rate: None,
-            seq_no,
-            seq_no_rtx,
+            seq_no: SeqNo::default(),
+            seq_no_rtx: SeqNo::default(),
             last_used: already_happened(),
             rtp_and_wallclock: None,
             send_queue: SendQueue::new(),