DTLS recv: SRTP add inbound stream failed, status=2

[vtchek]

Hello, using the streamer example I'm able to stream my 3D engine to a browser. I works perfectly both on Windows and on Linux locally. However, in a docker infrastructure using host networking it is not working and I have no idea why...

Here is the log:

2023-09-13 12:46:29.135 INFO  [411] [rtc::impl::PeerConnection::changeSignalingState@1197] Changed signaling state to have-local-offer
2023-09-13 12:46:29.135 INFO  [411] [rtc::impl::PeerConnection::changeGatheringState@1184] Changed gathering state to in-progress
2023-09-13 12:46:29.135 INFO  [411] [rtc::impl::IceTransport::LogCallback@362] juice: agent.c:1065: Changing state to gathering
Gathering State: in-progress
2023-09-13 12:46:29.136 INFO  [411] [rtc::impl::IceTransport::LogCallback@362] juice: agent.c:1065: Changing state to connecting
2023-09-13 12:46:29.136 INFO  [411] [rtc::impl::PeerConnection::changeState@1166] Changed state to connecting
2023-09-13 12:46:29.136 INFO  [411] [rtc::impl::IceTransport::LogCallback@362] juice: agent.c:2382: Candidate gathering done
2023-09-13 12:46:29.136 INFO  [411] [rtc::impl::PeerConnection::changeGatheringState@1184] Changed gathering state to complete
State: connecting
WebRTCServer created PeerConnection for client ZetTXqnahb
Gathering State: complete
2023-09-13 12:46:29.136 DEBUG [422] [rtc::impl::WsTransport::sendFrame@344] WebSocket sending frame: opcode=1, length=1407
2023-09-13 12:46:29.164 DEBUG [436] [rtc::impl::WsTransport::recvFrame@279] WebSocket received frame: opcode=1, length=1638
2023-09-13 12:46:29.164 DEBUG [436] [rtc::impl::WsTransport::recvFrame@295] WebSocket finished message: type=text, length=1638
2023-09-13 12:46:29.164 INFO  [411] [rtc::impl::IceTransport::LogCallback@362] juice: agent.c:2366: Connectivity timer started
2023-09-13 12:46:29.165 INFO  [411] [rtc::impl::PeerConnection::changeSignalingState@1197] Changed signaling state to stable
WebRTCServer updated remoteDescription of client ZetTXqnahb
2023-09-13 12:46:29.165 INFO  [462] [rtc::impl::IceTransport::LogCallback@362] juice: agent.c:1065: Changing state to connected
2023-09-13 12:46:29.165 INFO  [462] [rtc::impl::PeerConnection::initDtlsTransport@246] This connection requires media support
2023-09-13 12:46:29.165 DEBUG [462] [rtc::impl::DtlsTransport::DtlsTransport@730] Initializing DTLS transport (OpenSSL)
2023-09-13 12:46:29.166 DEBUG [462] [rtc::impl::DtlsSrtpTransport::DtlsSrtpTransport@57] Initializing DTLS-SRTP transport
2023-09-13 12:46:29.166 DEBUG [462] [rtc::impl::DtlsTransport::start@827] Starting DTLS transport
2023-09-13 12:46:29.220 INFO  [419] [rtc::impl::DtlsTransport::doRecv@950] DTLS handshake finished
2023-09-13 12:46:29.220 INFO  [419] [rtc::impl::DtlsSrtpTransport::postHandshake@290] Deriving SRTP keying material (OpenSSL)
2023-09-13 12:46:29.220 DEBUG [419] [rtc::impl::DtlsSrtpTransport::postHandshake@296] SRTP profile is: SRTP_AEAD_AES_256_GCM
2023-09-13 12:46:29.220 ERROR [419] [rtc::impl::DtlsTransport::doRecv@978] DTLS recv: SRTP add inbound stream failed, status=2
2023-09-13 12:46:29.220 ERROR [419] [rtc::impl::DtlsTransport::doRecv@986] DTLS handshake failed
2023-09-13 12:46:29.220 INFO  [419] [rtc::impl::PeerConnection::changeState@1166] Changed state to failed
State: failed
2023-09-13 12:46:29.220 INFO  [426] [rtc::impl::PeerConnection::changeState@1166] Changed state to closed
State: closed
2023-09-13 12:46:29.220 DEBUG [426] [rtc::impl::DtlsTransport::stop@850] Stopping DTLS transport
2023-09-13 12:46:29.220 DEBUG [426] [rtc::impl::DtlsTransport::stop@850] Stopping DTLS transport
2023-09-13 12:46:29.220 DEBUG [426] [rtc::impl::DtlsTransport::stop@850] Stopping DTLS transport

Here is the offer:

`v=0
o=rtc 2439314569 0 IN IP4 127.0.0.1
s=-
t=0 0
a=group:BUNDLE video-stream audio-stream 0
a=group:LS video-stream audio-stream
a=msid-semantic:WMS *
a=setup:actpass
a=ice-ufrag:CfVL
a=ice-pwd:+ucXF3byWpRBwxYAwVIP63
a=ice-options:ice2,trickle
a=fingerprint:sha-256 4C:F3:E1:88:37:0E:6B:EB:14:12:4B:B7:39:55:84:0B:2C:B6:6D:FB:D5:34:F5:A6:A7:04:F8:16:0B:F6:0F:70
m=video 8091 UDP/TLS/RTP/SAVPF 102
c=IN IP4 10.1.32.101
a=mid:video-stream
a=sendonly
a=ssrc:1 cname:video-stream
a=ssrc:1 msid:stream1 video-stream
a=msid:stream1 video-stream
a=rtcp-mux
a=rtpmap:102 H264/90000
a=rtcp-fb:102 nack
a=rtcp-fb:102 nack pli
a=rtcp-fb:102 goog-remb
a=fmtp:102 profile-level-id=42e01f;packetization-mode=1;level-asymmetry-allowed=1
a=candidate:1 1 UDP 2122317823 10.1.32.101 8091 typ host
a=end-of-candidates
m=audio 8091 UDP/TLS/RTP/SAVPF 111
c=IN IP4 10.1.32.101
a=mid:audio-stream
a=sendonly
a=ssrc:2 cname:audio-stream
a=ssrc:2 msid:stream1 audio-stream
a=msid:stream1 audio-stream
a=rtcp-mux
a=rtpmap:111 opus/48000/2
a=fmtp:111 minptime=10;maxaveragebitrate=96000;stereo=1;sprop-stereo=1;useinbandfec=1
m=application 8091 UDP/DTLS/SCTP webrtc-datachannel
c=IN IP4 10.1.32.101
a=mid:0
a=sendrecv
a=sctp-port:5000
a=max-message-size:262144

Here is the answer:

v=0
o=- 4548785650230189301 2 IN IP4 127.0.0.1
s=-
t=0 0
a=group:BUNDLE video-stream audio-stream 0
a=msid-semantic: WMS
m=video 9 UDP/TLS/RTP/SAVPF 102
c=IN IP4 0.0.0.0
a=rtcp:9 IN IP4 0.0.0.0
a=candidate:3908407489 1 udp 2113937151 49446e6a-90f0-4082-a4e7-7db3a8617467.local 35601 typ host generation 0 network-cost 999
a=ice-ufrag:Q+ZS
a=ice-pwd:c89UvGLPXdXQApLxcNOMZZLg
a=ice-options:trickle
a=fingerprint:sha-256 94:59:8C:8C:7B:E1:46:F3:2B:C4:CD:61:88:FB:24:49:07:1F:08:01:C2:2D:EE:5C:29:BE:43:55:84:0F:C7:51
a=setup:active
a=mid:video-stream
a=recvonly
a=rtcp-mux
a=rtpmap:102 H264/90000
a=rtcp-fb:102 goog-remb
a=rtcp-fb:102 nack
a=rtcp-fb:102 nack pli
a=fmtp:102 level-asymmetry-allowed=1;packetization-mode=1;profile-level-id=42e01f
m=audio 9 UDP/TLS/RTP/SAVPF 111
c=IN IP4 0.0.0.0
a=rtcp:9 IN IP4 0.0.0.0
a=ice-ufrag:Q+ZS
a=ice-pwd:c89UvGLPXdXQApLxcNOMZZLg
a=ice-options:trickle
a=fingerprint:sha-256 94:59:8C:8C:7B:E1:46:F3:2B:C4:CD:61:88:FB:24:49:07:1F:08:01:C2:2D:EE:5C:29:BE:43:55:84:0F:C7:51
a=setup:active
a=mid:audio-stream
a=recvonly
a=rtcp-mux
a=rtpmap:111 opus/48000/2
a=fmtp:111 minptime=10;useinbandfec=1
m=application 9 UDP/DTLS/SCTP webrtc-datachannel
c=IN IP4 0.0.0.0
a=ice-ufrag:Q+ZS
a=ice-pwd:c89UvGLPXdXQApLxcNOMZZLg
a=ice-options:trickle
a=fingerprint:sha-256 94:59:8C:8C:7B:E1:46:F3:2B:C4:CD:61:88:FB:24:49:07:1F:08:01:C2:2D:EE:5C:29:BE:43:55:84:0F:C7:51
a=setup:active
a=mid:0
a=sctp-port:5000
a=max-message-size:262144

Here is openssl version:
3.0.2
Thank you in advance for the help

[paullouisageneau]

It looks like libsrtp does not have GCM support and therefore can't use the SRTP_AEAD_AES_256_GCM cipher, which libdatachannel attempts to negotiate as it is built with OpenSSL. A possibility is that you have built libdatachannel using the system libsrtp, but libsrtp in the container has no GCM support (for instance it was built without OpenSSL).

[paullouisageneau]

If libdatachannel was indeed linked against system libSRTP, #981 should solve the issue.