fix(voice): strip padding from packets and add guards

[Snazzah]

Packets from Discord were not being stripped from padding according to RFC3550. This also adds some guards so that ONLY voice packets are handled and that the RTP version must be 2 in order to be parsed.

Fixes #11419 and all other linked issues.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
discord-js	Skipped		Mar 13, 2026 3:08am
discord-js-guide	Skipped		Mar 13, 2026 3:08am

[codecov]

Codecov Report

❌ Patch coverage is 30.00000% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 31.61%. Comparing base (f3942a6) to head (3a8e00e).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
packages/voice/src/receive/VoiceReceiver.ts	25.00%	3 Missing and 3 partials ⚠️
packages/voice/src/networking/Networking.ts	0.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #11449   +/-   ##
=======================================
  Coverage   31.61%   31.61%           
=======================================
  Files         387      388    +1     
  Lines       13995    14004    +9     
  Branches     1100     1105    +5     
=======================================
+ Hits         4424     4427    +3     
- Misses       9437     9440    +3     
- Partials      134      137    +3     

Flag	Coverage Δ
voice	55.27% <30.00%> (-0.15%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds RTP packet validation and RFC3550 padding stripping to VoiceReceiver. The changes include guard clauses to reject non-voice packets and non-RTP version 2 packets early in the encryption path, and post-decryption padding removal based on RTP header flags.

Changes

Cohort / File(s)	Summary
RTP Validation and Padding Stripping packages/voice/src/receive/VoiceReceiver.ts	Added guard clauses in onUdpMessage to filter packets by RTP payload type (0x78) and RTP version (v2). Added RFC3550 padding stripping logic in parsePacket to trim bytes from decrypted packets when padding is present.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main changes: padding stripping and guard additions for voice packet handling.
Description check	✅ Passed	The description is related to the changeset, explaining RFC3550 padding stripping and guard clauses for voice packet validation.
Linked Issues check	✅ Passed	The PR addresses RFC3550 padding stripping and RTP validation guards for voice reception, directly targeting issue #11419's DAVE encryption and audio receive failures.
Out of Scope Changes check	✅ Passed	All changes are focused on VoiceReceiver packet processing, padding removal, and RTP validation guards—directly aligned with the linked issue's voice reception fix requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/voice/src/receive/VoiceReceiver.ts`:
- Line 190: Extract the hardcoded Opus payload byte (0x78) into a shared
constant (e.g., RTP_OPUS_PAYLOAD_TYPE) and replace the literal check in
VoiceReceiver (the conditional using msg[1] !== 0x78) with that constant; also
update the corresponding usage in Networking.ts to reference the same constant
so both modules use a single source of truth and avoid protocol divergence.
Ensure the constant is exported from a shared module (e.g., util/Constants or
similar) and imported where needed.
- Around line 188-194: The payload-type check in VoiceReceiver.ts is brittle
because it compares msg[1] directly to 0x78 and ignores the RTP marker bit;
change the check to mask out the marker bit (e.g., compute payloadType = msg[1]
& 0x7F and compare payloadType !== 0x78) so packets with the M bit set (0xF8)
are still accepted, keeping the existing RTP version guard that reads rtpVersion
= msg[0] >> 6. Ensure you update the conditional that currently reads `if
(msg[1] !== 0x78) return;` to use the masked payloadType instead.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: df7e2abb-3ba2-4de8-ab38-aecc42d0a0e1

📥 Commits

Reviewing files that changed from the base of the PR and between f3942a6 and 2dad596.

📒 Files selected for processing (1)

• packages/voice/src/receive/VoiceReceiver.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Tests

🔇 Additional comments (1)

packages/voice/src/receive/VoiceReceiver.ts (1)

140-147: Padding stripping implementation looks correct for RFC3550 compliance.

The logic correctly:

1. Reads the padding flag from the unencrypted RTP header (buffer[0])
2. Reads the padding count from the last byte of the decrypted payload (packet)
3. Guards against malformed packets where paddingAmount >= packet.length

One minor consideration: per RFC3550 section 5.1, when the padding bit is set, the padding count must be at least 1 (since it includes itself). If paddingAmount is 0 with padding flag set, this indicates a malformed packet. The current code handles this gracefully (no-op), but you may want to add explicit validation or logging for protocol compliance.

[vladfrangu]

I would apply the first review from coderabbit only, but LGTM either way

EDIT: I guess the second one, love diff Github clients rendering in a diff order