Completed the functionalities of SrtpTransport.

webrtc/pc/channel.cc

 /*
  *  Copyright 2004 The WebRTC project authors. All Rights Reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 140 matching lines @@
                          rtc::Thread* signaling_thread,
                          MediaChannel* media_channel,
                          const std::string& content_name,
                          bool rtcp_mux_required,
                          bool srtp_required)
     : worker_thread_(worker_thread),
       network_thread_(network_thread),
       signaling_thread_(signaling_thread),
       content_name_(content_name),
       rtcp_mux_required_(rtcp_mux_required),
-      rtp_transport_(
-          srtp_required
-              ? rtc::WrapUnique<webrtc::RtpTransportInternal>(
-                    new webrtc::SrtpTransport(rtcp_mux_required, content_name))
-              : rtc::MakeUnique<webrtc::RtpTransport>(rtcp_mux_required)),
       srtp_required_(srtp_required),
       media_channel_(media_channel),
       selected_candidate_pair_(nullptr) {
   RTC_DCHECK(worker_thread_ == rtc::Thread::Current());
+  if (srtp_required) {
+    auto transport =
+        rtc::MakeUnique<webrtc::SrtpTransport>(rtcp_mux_required, content_name);
+    srtp_transport_ = transport.get();
+    rtp_transport_ = std::move(transport);
 #if defined(ENABLE_EXTERNAL_AUTH)
-  srtp_filter_.EnableExternalAuth();
+    srtp_transport_->EnableExternalAuth();
 #endif
+  } else {
+    rtp_transport_ = rtc::MakeUnique<webrtc::RtpTransport>(rtcp_mux_required);
+    srtp_transport_ = nullptr;
+  }
   rtp_transport_->SignalReadyToSend.connect(
       this, &BaseChannel::OnTransportReadyToSend);
   // TODO(zstein):  RtpTransport::SignalPacketReceived will probably be replaced
   // with a callback interface later so that the demuxer can select which
   // channel to signal.
   rtp_transport_->SignalPacketReceived.connect(this,
                                                &BaseChannel::OnPacketReceived);
   LOG(LS_INFO) << "Created channel for " << content_name;
 }
 
@@ skipping 124 matching lines @@
     transport_name_ = rtp_dtls_transport->transport_name();
     debug_name = transport_name_;
   } else {
     debug_name = rtp_packet_transport->debug_name();
   }
   if (rtp_packet_transport == rtp_transport_->rtp_packet_transport()) {
     // Nothing to do if transport isn't changing.
     return;
   }
 
-  // When using DTLS-SRTP, we must reset the SrtpFilter every time the transport
-  // changes and wait until the DTLS handshake is complete to set the newly
-  // negotiated parameters.
+  // When using DTLS-SRTP, we must reset the SrtpTransport every time the
+  // DtlsTransport changes and wait until the DTLS handshake is complete to set
+  // the newly negotiated parameters.
   if (ShouldSetupDtlsSrtp_n()) {
     // Set |writable_| to false such that UpdateWritableState_w can set up
     // DTLS-SRTP when |writable_| becomes true again.
     writable_ = false;
-    srtp_filter_.ResetParams();
+    dtls_active_ = false;
+    if (srtp_transport_) {
+      srtp_transport_->ResetParams();
+    }
   }
 
   // If this BaseChannel doesn't require RTCP mux and we haven't fully
   // negotiated RTCP mux, we need an RTCP transport.
   if (rtcp_packet_transport) {
     LOG(LS_INFO) << "Setting RTCP Transport for " << content_name() << " on "
                  << debug_name << " transport " << rtcp_packet_transport;
     SetTransport_n(true, rtcp_dtls_transport, rtcp_packet_transport);
   }
 
@@ skipping 35 matching lines @@
     rtp_transport_->SetRtpPacketTransport(new_packet_transport);
   }
   old_dtls_transport = new_dtls_transport;
 
   // If there's no new transport, we're done after disconnecting from old one.
   if (!new_packet_transport) {
     return;
   }
 
   if (rtcp && new_dtls_transport) {
-    RTC_CHECK(!(ShouldSetupDtlsSrtp_n() && srtp_filter_.IsActive()))
-        << "Setting RTCP for DTLS/SRTP after SrtpFilter is active "
+    RTC_CHECK(!(ShouldSetupDtlsSrtp_n() && srtp_active()))
+        << "Setting RTCP for DTLS/SRTP after the DTLS is active "
         << "should never happen.";
   }
 
   if (new_dtls_transport) {
     ConnectToDtlsTransport(new_dtls_transport);
   } else {
     ConnectToPacketTransport(new_packet_transport);
   }
   auto& socket_options = rtcp ? rtcp_socket_options_ : socket_options_;
   for (const auto& pair : socket_options) {
@@ skipping 130 matching lines @@
   // Need to access some state updated on the network thread.
   return network_thread_->Invoke<bool>(
       RTC_FROM_HERE, Bind(&BaseChannel::IsReadyToSendMedia_n, this));
 }
 
 bool BaseChannel::IsReadyToSendMedia_n() const {
   // Send outgoing data if we are enabled, have local and remote content,
   // and we have had some form of connectivity.
   return enabled() && IsReceiveContentDirection(remote_content_direction_) &&
          IsSendContentDirection(local_content_direction_) &&
-         was_ever_writable() &&
-         (srtp_filter_.IsActive() || !ShouldSetupDtlsSrtp_n());
+         was_ever_writable() && (srtp_active() || !ShouldSetupDtlsSrtp_n());
 }
 
 bool BaseChannel::SendPacket(rtc::CopyOnWriteBuffer* packet,
                              const rtc::PacketOptions& options) {
   return SendPacket(false, packet, options);
 }
 
 bool BaseChannel::SendRtcp(rtc::CopyOnWriteBuffer* packet,
                            const rtc::PacketOptions& options) {
   return SendPacket(true, packet, options);
@@ skipping 31 matching lines @@
   RTC_DCHECK(network_thread_->IsCurrent());
   UpdateWritableState_n();
 }
 
 void BaseChannel::OnDtlsState(DtlsTransportInternal* transport,
                               DtlsTransportState state) {
   if (!ShouldSetupDtlsSrtp_n()) {
     return;
   }
 
-  // Reset the srtp filter if it's not the CONNECTED state. For the CONNECTED
+  // Reset the SrtpTransport if it's not the CONNECTED state. For the CONNECTED
   // state, setting up DTLS-SRTP context is deferred to ChannelWritable_w to
   // cover other scenarios like the whole transport is writable (not just this
   // TransportChannel) or when TransportChannel is attached after DTLS is
   // negotiated.
   if (state != DTLS_TRANSPORT_CONNECTED) {
-    srtp_filter_.ResetParams();
+    dtls_active_ = false;
+    if (srtp_transport_) {
+      srtp_transport_->ResetParams();
+    }
   }
 }
 
 void BaseChannel::OnSelectedCandidatePairChanged(
     IceTransportInternal* ice_transport,
     CandidatePairInterface* selected_candidate_pair,
     int last_sent_packet_id,
     bool ready_to_send) {
   RTC_DCHECK((rtp_dtls_transport_ &&
               ice_transport == rtp_dtls_transport_->ice_transport()) ||
@@ skipping 53 matching lines @@
   }
 
   // Protect ourselves against crazy data.
   if (!ValidPacket(rtcp, packet)) {
     LOG(LS_ERROR) << "Dropping outgoing " << content_name_ << " "
                   << RtpRtcpStringLiteral(rtcp)
                   << " packet: wrong size=" << packet->size();
     return false;
   }
 
-  rtc::PacketOptions updated_options;
-  updated_options = options;
-  // Protect if needed.
-  if (srtp_filter_.IsActive()) {
-    TRACE_EVENT0("webrtc", "SRTP Encode");
-    bool res;
-    uint8_t* data = packet->data();
-    int len = static_cast<int>(packet->size());
-    if (!rtcp) {
-    // If ENABLE_EXTERNAL_AUTH flag is on then packet authentication is not done
-    // inside libsrtp for a RTP packet. A external HMAC module will be writing
-    // a fake HMAC value. This is ONLY done for a RTP packet.
-    // Socket layer will update rtp sendtime extension header if present in
-    // packet with current time before updating the HMAC.
-#if !defined(ENABLE_EXTERNAL_AUTH)
-      res = srtp_filter_.ProtectRtp(
-          data, len, static_cast<int>(packet->capacity()), &len);
-#else
-      if (!srtp_filter_.IsExternalAuthActive()) {
-        res = srtp_filter_.ProtectRtp(
-            data, len, static_cast<int>(packet->capacity()), &len);
-      } else {
-        updated_options.packet_time_params.rtp_sendtime_extension_id =
-            rtp_abs_sendtime_extn_id_;
-        res = srtp_filter_.ProtectRtp(
-            data, len, static_cast<int>(packet->capacity()), &len,
-            &updated_options.packet_time_params.srtp_packet_index);
-        // If protection succeeds, let's get auth params from srtp.
-        if (res) {
-          uint8_t* auth_key = NULL;
-          int key_len;
-          res = srtp_filter_.GetRtpAuthParams(
-              &auth_key, &key_len,
-              &updated_options.packet_time_params.srtp_auth_tag_len);
-          if (res) {
-            updated_options.packet_time_params.srtp_auth_key.resize(key_len);
-            updated_options.packet_time_params.srtp_auth_key.assign(
-                auth_key, auth_key + key_len);
-          }
-        }
-      }
-#endif
-      if (!res) {
-        int seq_num = -1;
-        uint32_t ssrc = 0;
-        GetRtpSeqNum(data, len, &seq_num);
-        GetRtpSsrc(data, len, &ssrc);
-        LOG(LS_ERROR) << "Failed to protect " << content_name_
-                      << " RTP packet: size=" << len
-                      << ", seqnum=" << seq_num << ", SSRC=" << ssrc;
+  if (!srtp_active()) {
+    if (srtp_required_) {
+      // The audio/video engines may attempt to send RTCP packets as soon as the
+      // streams are created, so don't treat this as an error for RTCP.
+      // See: https://bugs.chromium.org/p/webrtc/issues/detail?id=6809
+      if (rtcp) {
         return false;
       }
-    } else {
-      res = srtp_filter_.ProtectRtcp(data, len,
-                                     static_cast<int>(packet->capacity()),
-                                     &len);
-      if (!res) {
-        int type = -1;
-        GetRtcpType(data, len, &type);
-        LOG(LS_ERROR) << "Failed to protect " << content_name_
-                      << " RTCP packet: size=" << len << ", type=" << type;
-        return false;
-      }
-    }
-
-    // Update the length of the packet now that we've added the auth tag.
-    packet->SetSize(len);
-  } else if (srtp_required_) {
-    // The audio/video engines may attempt to send RTCP packets as soon as the
-    // streams are created, so don't treat this as an error for RTCP.
-    // See: https://bugs.chromium.org/p/webrtc/issues/detail?id=6809
-    if (rtcp) {
+      // However, there shouldn't be any RTP packets sent before SRTP is set up
+      // (and SetSend(true) is called).
+      LOG(LS_ERROR) << "Can't send outgoing RTP packet when SRTP is inactive"
+                    << " and crypto is required";
+      RTC_NOTREACHED();
       return false;
     }
-    // However, there shouldn't be any RTP packets sent before SRTP is set up
-    // (and SetSend(true) is called).
-    LOG(LS_ERROR) << "Can't send outgoing RTP packet when SRTP is inactive"
-                  << " and crypto is required";
-    RTC_NOTREACHED();
-    return false;
+    // Bon voyage.
+    return rtcp ? rtp_transport_->SendRtcpPacket(packet, options, PF_NORMAL)
+                : rtp_transport_->SendRtpPacket(packet, options, PF_NORMAL);
   }
-
+  RTC_DCHECK(srtp_transport_);
+  RTC_DCHECK(srtp_transport_->IsActive());
   // Bon voyage.
-  int flags = (secure() && secure_dtls()) ? PF_SRTP_BYPASS : PF_NORMAL;
-  return rtp_transport_->SendPacket(rtcp, packet, updated_options, flags);
+  return rtcp ? srtp_transport_->SendRtcpPacket(packet, options, PF_SRTP_BYPASS)
+              : srtp_transport_->SendRtpPacket(packet, options, PF_SRTP_BYPASS);
 }
 
 bool BaseChannel::HandlesPayloadType(int packet_type) const {
   return rtp_transport_->HandlesPayloadType(packet_type);
 }
 
 void BaseChannel::OnPacketReceived(bool rtcp,
                                    rtc::CopyOnWriteBuffer* packet,
                                    const rtc::PacketTime& packet_time) {
   if (!has_received_packet_ && !rtcp) {
     has_received_packet_ = true;
     signaling_thread()->Post(RTC_FROM_HERE, this, MSG_FIRSTPACKETRECEIVED);
   }
 
-  // Unprotect the packet, if needed.
-  if (srtp_filter_.IsActive()) {
-    TRACE_EVENT0("webrtc", "SRTP Decode");
-    char* data = packet->data<char>();
-    int len = static_cast<int>(packet->size());
-    bool res;
-    if (!rtcp) {
-      res = srtp_filter_.UnprotectRtp(data, len, &len);
-      if (!res) {
-        int seq_num = -1;
-        uint32_t ssrc = 0;
-        GetRtpSeqNum(data, len, &seq_num);
-        GetRtpSsrc(data, len, &ssrc);
-        LOG(LS_ERROR) << "Failed to unprotect " << content_name_
-                      << " RTP packet: size=" << len << ", seqnum=" << seq_num
-                      << ", SSRC=" << ssrc;
-        return;
-      }
-    } else {
-      res = srtp_filter_.UnprotectRtcp(data, len, &len);
-      if (!res) {
-        int type = -1;
-        GetRtcpType(data, len, &type);
-        LOG(LS_ERROR) << "Failed to unprotect " << content_name_
-                      << " RTCP packet: size=" << len << ", type=" << type;
-        return;
-      }
-    }
-
-    packet->SetSize(len);
-  } else if (srtp_required_) {
+  if (!srtp_active() && srtp_required_) {
     // Our session description indicates that SRTP is required, but we got a
     // packet before our SRTP filter is active. This means either that
     // a) we got SRTP packets before we received the SDES keys, in which case
     //    we can't decrypt it anyway, or
     // b) we got SRTP packets before DTLS completed on both the RTP and RTCP
     //    transports, so we haven't yet extracted keys, even if DTLS did
     //    complete on the transport that the packets are being sent on. It's
     //    really good practice to wait for both RTP and RTCP to be good to go
     //    before sending  media, to prevent weird failure modes, so it's fine
     //    for us to just eat packets here. This is all sidestepped if RTCP mux
@@ skipping 183 matching lines @@
   }
 
   if (role == rtc::SSL_SERVER) {
     send_key = &server_write_key;
     recv_key = &client_write_key;
   } else {
     send_key = &client_write_key;
     recv_key = &server_write_key;
   }
 
-  if (!srtp_filter_.IsActive()) {
-    if (rtcp) {
-      ret = srtp_filter_.SetRtcpParams(selected_crypto_suite, &(*send_key)[0],
-                                       static_cast<int>(send_key->size()),
-                                       selected_crypto_suite, &(*recv_key)[0],
-                                       static_cast<int>(recv_key->size()));
+  if (rtcp) {
+    if (!dtls_active()) {
+      RTC_DCHECK(srtp_transport_);
+      ret = srtp_transport_->SetRtcpParams(
+          selected_crypto_suite, &(*send_key)[0],
+          static_cast<int>(send_key->size()), selected_crypto_suite,
+          &(*recv_key)[0], static_cast<int>(recv_key->size()));
     } else {
-      ret = srtp_filter_.SetRtpParams(selected_crypto_suite, &(*send_key)[0],
-                                      static_cast<int>(send_key->size()),
-                                      selected_crypto_suite, &(*recv_key)[0],
-                                      static_cast<int>(recv_key->size()));
+      // RTCP doesn't need to call SetRtpParam because it is only used
+      // to make the updated encrypted RTP header extension IDs take effect.
+      ret = true;
     }
   } else {
-    if (rtcp) {
-      // RTCP doesn't need to be updated because UpdateRtpParams is only used
-      // to update the set of encrypted RTP header extension IDs.
-      ret = true;
-    } else {
-      ret = srtp_filter_.UpdateRtpParams(
-          selected_crypto_suite,
-          &(*send_key)[0], static_cast<int>(send_key->size()),
-          selected_crypto_suite,
-          &(*recv_key)[0], static_cast<int>(recv_key->size()));
-    }
+    RTC_DCHECK(srtp_transport_);
+    ret = srtp_transport_->SetRtpParams(selected_crypto_suite, &(*send_key)[0],
+                                        static_cast<int>(send_key->size()),
+                                        selected_crypto_suite, &(*recv_key)[0],
+                                        static_cast<int>(recv_key->size()));
+    dtls_active_ = ret;
   }
 
   if (!ret) {
     LOG(LS_WARNING) << "DTLS-SRTP key installation failed";
   } else {
-    dtls_keyed_ = true;
     UpdateTransportOverhead();
   }
   return ret;
 }
 
 void BaseChannel::MaybeSetupDtlsSrtp_n() {
-  if (srtp_filter_.IsActive()) {
+  if (dtls_active()) {
     return;
   }
 
   if (!ShouldSetupDtlsSrtp_n()) {
     return;
   }
 
+  if (!srtp_transport_) {
+    EnableSrtpTransport_n();
+  }
+
   if (!SetupDtlsSrtp_n(false)) {
     SignalDtlsSrtpSetupFailure_n(false);
     return;
   }
 
   if (rtcp_dtls_transport_) {
     if (!SetupDtlsSrtp_n(true)) {
       SignalDtlsSrtpSetupFailure_n(true);
       return;
     }
@@ skipping 63 matching lines @@
                                     bool* dtls,
                                     std::string* error_desc) {
   *dtls = rtp_dtls_transport_ && rtp_dtls_transport_->IsDtlsActive();
   if (*dtls && !cryptos.empty()) {
     SafeSetError("Cryptos must be empty when DTLS is active.", error_desc);
     return false;
   }
   return true;
 }
 
+void BaseChannel::EnableSrtpTransport_n() {
+  if (srtp_transport_ == nullptr) {
+    rtp_transport_->SignalReadyToSend.disconnect(this);
+    rtp_transport_->SignalPacketReceived.disconnect(this);
+
+    auto transport = rtc::MakeUnique<webrtc::SrtpTransport>(
+        std::move(rtp_transport_), content_name_);
+    srtp_transport_ = transport.get();
+    rtp_transport_ = std::move(transport);
+
+    rtp_transport_->SignalReadyToSend.connect(
+        this, &BaseChannel::OnTransportReadyToSend);
+    rtp_transport_->SignalPacketReceived.connect(
+        this, &BaseChannel::OnPacketReceived);
+    LOG(LS_INFO) << "Wrapping RtpTransport in SrtpTransport.";
+  }
+}
+
 bool BaseChannel::SetSrtp_n(const std::vector<CryptoParams>& cryptos,
                             ContentAction action,
                             ContentSource src,
                             const std::vector<int>& encrypted_extension_ids,
                             std::string* error_desc) {
   TRACE_EVENT0("webrtc", "BaseChannel::SetSrtp_w");
   if (action == CA_UPDATE) {
     // no crypto params.
     return true;
   }
   bool ret = false;
   bool dtls = false;
   ret = CheckSrtpConfig_n(cryptos, &dtls, error_desc);
   if (!ret) {
     return false;
   }
-  srtp_filter_.SetEncryptedHeaderExtensionIds(src, encrypted_extension_ids);
+
+  // If SRTP was not required, but we're setting a description that uses SDES,
+  // we need to upgrade to an SrtpTransport.
+  if (!srtp_transport_ && !dtls && !cryptos.empty()) {
+    EnableSrtpTransport_n();
+  }
+  if (srtp_transport_) {
+    srtp_transport_->SetEncryptedHeaderExtensionIds(src,
+                                                    encrypted_extension_ids);
+  }
   switch (action) {
     case CA_OFFER:
       // If DTLS is already active on the channel, we could be renegotiating
       // here. We don't update the srtp filter.
       if (!dtls) {
-        ret = srtp_filter_.SetOffer(cryptos, src);
+        ret = sdes_negotiator_.SetOffer(cryptos, src);
       }
       break;
     case CA_PRANSWER:
       // If we're doing DTLS-SRTP, we don't want to update the filter
       // with an answer, because we already have SRTP parameters.
       if (!dtls) {
-        ret = srtp_filter_.SetProvisionalAnswer(cryptos, src);
+        ret = sdes_negotiator_.SetProvisionalAnswer(cryptos, src);
       }
       break;
     case CA_ANSWER:
       // If we're doing DTLS-SRTP, we don't want to update the filter
       // with an answer, because we already have SRTP parameters.
       if (!dtls) {
-        ret = srtp_filter_.SetAnswer(cryptos, src);
+        ret = sdes_negotiator_.SetAnswer(cryptos, src);
       }
       break;
     default:
       break;
   }
+
+  // If setting an SDES answer succeeded, apply the negotiated parameters
+  // to the SRTP transport.
+  if ((action == CA_PRANSWER || action == CA_ANSWER) && !dtls && ret) {
+    if (sdes_negotiator_.send_cipher_suite() &&
+        sdes_negotiator_.recv_cipher_suite()) {
+      ret = srtp_transport_->SetRtpParams(
+          *(sdes_negotiator_.send_cipher_suite()),
+          sdes_negotiator_.send_key().data(),
+          static_cast<int>(sdes_negotiator_.send_key().size()),
+          *(sdes_negotiator_.recv_cipher_suite()),
+          sdes_negotiator_.recv_key().data(),
+          static_cast<int>(sdes_negotiator_.recv_key().size()));
+    } else {
+      LOG(LS_INFO) << "No crypto keys are provided for SDES.";
+      if (action == CA_ANSWER && srtp_transport_) {
+        // Explicitly reset the |srtp_transport_| if no crypto param is
+        // provided in the answer. No need to call |ResetParams()| for
+        // |sdes_negotiator_| because it resets the params inside |SetAnswer|.
+        srtp_transport_->ResetParams();
+      }
+    }
+  }
+
   // Only update SRTP filter if using DTLS. SDES is handled internally
   // by the SRTP filter.
   // TODO(jbauch): Only update if encrypted extension ids have changed.
-  if (ret && dtls_keyed_ && rtp_dtls_transport_ &&
+  if (ret && dtls_active() && rtp_dtls_transport_ &&
       rtp_dtls_transport_->dtls_state() == DTLS_TRANSPORT_CONNECTED) {
     bool rtcp = false;
     ret = SetupDtlsSrtp_n(rtcp);
   }
   if (!ret) {
     SafeSetError("Failed to setup SRTP filter.", error_desc);
     return false;
   }
   return true;
 }
@@ skipping 23 matching lines @@
       break;
     case CA_ANSWER:
       ret = rtcp_mux_filter_.SetAnswer(enable, src);
       if (ret && rtcp_mux_filter_.IsActive()) {
         // We permanently activated RTCP muxing; signal that we no longer need
         // the RTCP transport.
         std::string debug_name =
             transport_name_.empty()
                 ? rtp_transport_->rtp_packet_transport()->debug_name()
                 : transport_name_;
-        ;
         LOG(LS_INFO) << "Enabling rtcp-mux for " << content_name()
                      << "; no longer need RTCP transport for " << debug_name;
         if (rtp_transport_->rtcp_packet_transport()) {
           SetTransport_n(true, nullptr, nullptr);
           SignalRtcpMuxFullyActive(transport_name_);
         }
         UpdateWritableState_n();
       }
       break;
     case CA_UPDATE:
@@ skipping 208 matching lines @@
       send_time_extension ? send_time_extension->id : -1;
   invoker_.AsyncInvoke<void>(
       RTC_FROM_HERE, network_thread_,
       Bind(&BaseChannel::CacheRtpAbsSendTimeHeaderExtension_n, this,
            rtp_abs_sendtime_extn_id));
 #endif
 }
 
 void BaseChannel::CacheRtpAbsSendTimeHeaderExtension_n(
     int rtp_abs_sendtime_extn_id) {
-  rtp_abs_sendtime_extn_id_ = rtp_abs_sendtime_extn_id;
+  if (srtp_transport_) {
+    srtp_transport_->CacheRtpAbsSendTimeHeaderExtension(
+        rtp_abs_sendtime_extn_id);
+  } else {
+    LOG(LS_WARNING) << "Trying to cache the Absolute Send Time extension id "
+                       "but the SRTP is not active.";
+  }
 }
 
 void BaseChannel::OnMessage(rtc::Message *pmsg) {
   TRACE_EVENT0("webrtc", "BaseChannel::OnMessage");
   switch (pmsg->message_id) {
     case MSG_SEND_RTP_PACKET:
     case MSG_SEND_RTCP_PACKET: {
       RTC_DCHECK(network_thread_->IsCurrent());
       SendPacketMessageData* data =
           static_cast<SendPacketMessageData*>(pmsg->pdata);
@@ skipping 263 matching lines @@
           : kIpv6Overhaed;
 
   constexpr int kUdpOverhaed = 8;
   constexpr int kTcpOverhaed = 20;
   transport_overhead_per_packet +=
       selected_candidate_pair_->local_candidate().protocol() ==
               TCP_PROTOCOL_NAME
           ? kTcpOverhaed
           : kUdpOverhaed;
 
-  if (secure()) {
+  if (sdes_active()) {
     int srtp_overhead = 0;
-    if (srtp_filter_.GetSrtpOverhead(&srtp_overhead))
+    if (srtp_transport_->GetSrtpOverhead(&srtp_overhead))
       transport_overhead_per_packet += srtp_overhead;
   }
 
   return transport_overhead_per_packet;
 }
 
 void BaseChannel::UpdateTransportOverhead() {
   int transport_overhead_per_packet = GetTransportOverheadPerPacket();
   if (transport_overhead_per_packet)
     invoker_.AsyncInvoke<void>(
@@ skipping 714 matching lines @@
 
 void RtpDataChannel::OnDataChannelReadyToSend(bool writable) {
   // This is usded for congestion control to indicate that the stream is ready
   // to send by the MediaChannel, as opposed to OnReadyToSend, which indicates
   // that the transport channel is ready.
   signaling_thread()->Post(RTC_FROM_HERE, this, MSG_READYTOSENDDATA,
                            new DataChannelReadyToSendMessageData(writable));
 }
 
 }  // namespace cricket