Remove SessionIdPolicy; always use latest session ID#3
Merged
Conversation
Cameras occasionally return a different Session ID on audio SETUP than was issued on video SETUP. Previously the default policy threw, with `.useFirst` available as an opt-in escape hatch. Neither covered the case where the camera only honors the latest ID at PLAY time, so users hit dead-ends without a clear remedy. The new behavior unconditionally adopts whatever ID the latest SETUP returned. This matches what most of the ecosystem already does silently — GStreamer rtspsrc, Live555 (and VLC via Live555), gortsplib/MediaMTX, and ExoPlayer all overwrite on every response. FFmpeg is the lone "use first" outlier, and retina (the Rust project IPCamKit was ported from) is the only library that exposes a policy enum at all. Removes the public `SessionIdPolicy` type and the `sessionIdPolicy:` parameter from `RTSPClientSession.init`; breaking change, ships in 0.2.0.
steelbrain
added a commit
that referenced
this pull request
May 30, 2026
Cap the unparsed read buffer (4 MiB) and Content-Length (2 MiB) so a camera that never frames a message, or declares an absurd body, can no longer exhaust memory. Trim header field names (not just values) so "CSeq : 1" still routes; tolerate bare-LF line endings and tab/junk in the status line (Postel). Scan for the header terminator in place via withUnsafeBytes instead of copying the whole buffer each call, which was O(n^2) as a body streams in. Addresses audit findings #2/#3/#15/#37/#39/#42/#56. Adds regression tests including a mixed CRLF-headers/bare-LF-terminator case.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cameras occasionally return a different Session ID on audio SETUP than was issued on video SETUP. Previously the default policy threw, with
.useFirstavailable as an opt-in escape hatch. Neither covered the case where the camera only honors the latest ID at PLAY time, so users hit dead-ends without a clear remedy.The new behavior unconditionally adopts whatever ID the latest SETUP returned. This matches what most of the ecosystem already does silently — GStreamer rtspsrc, Live555 (and VLC via Live555), gortsplib/MediaMTX, and ExoPlayer all overwrite on every response. FFmpeg is the lone "use first" outlier, and retina (the Rust project IPCamKit was ported from) is the only library that exposes a policy enum at all.
Removes the public
SessionIdPolicytype and thesessionIdPolicy:parameter fromRTSPClientSession.init; breaking change, ships in 0.2.0.