```
```
One can note in the above function that each call to pmms_srand() (PRNG initialisation) is immediately followed by a call to pmms_rand() whose return value is ignored.
This extra call is motivated by a possible bias in the first value generated depending on the way the repair key is managed by a FECFRAME implementation.
Indeed, the PRNG sequences produced by two seeds in sequence have a high probability of starting with the same value since I1 = A * seed (modulo M) which is further scaled to a small range (either {0, ... 15} or {0, ... 255}).
Producing several times the same first coding coefficient could reduce the protection of the first source symbol if multiple repair symbols are produced with the same coding window's left edge.
The extra call avoids such side effects.

```
```
The two RLC FEC Schemes specified in this document reuse the Finite Fields defined in , section 8.1.
More specifically, the elements of the field GF(2^^m) are represented by polynomials with binary coefficients (i.e., over GF(2)) and degree lower or equal to m-1.
The addition between two elements is defined as the addition of binary polynomials in GF(2), which is equivalent to a bitwise XOR operation on the binary representation of these elements.
With GF(2^^8), multiplication between two elements is the multiplication modulo a given irreducible polynomial of degree 8.
The following irreducible polynomial MUST be used for GF(2^^8):
x^^8 + x^^4 + x^^3 + x^^2 + 1

With GF(2), multiplication corresponds to a logical AND operation.
The two RLC FEC Schemes require the computation of a linear combination of source symbols, using the coding coefficients produced by the generate_coding_coefficients() function and stored in the cc_tab[] array.
With the RLC over GF(2^^8) FEC Scheme, a linear combination of the ew_size source symbol present in the encoding window, say src_0 to src_ew_size_1, in order to generate a repair symbol, is computed as follows.
For each byte of position i in each source and the repair symbol, where i belongs to {0; E-1}, compute:
repair[i] = cc_tab[0] * src_0[i] + cc_tab[1] * src_1[i] + ... + cc_tab[ew_size - 1] * src_ew_size_1[i]

where * is the multiplication over GF(2^^8) and + is an XOR operation.
In practice various optimizations need to be used in order to make this computation efficient (see in particular ).
With the RLC over GF(2) FEC Scheme (binary case), a linear combination is computed as follows.
The repair symbol is the XOR sum of all the source symbols corresponding to a coding coefficient cc_tab[j] equal to 1 (i.e., the source symbols corresponding to zero coding coefficients are ignored).
The XOR sum of the byte of position i in each source is computed and stored in the corresponding byte of the repair symbol, where i belongs to {0; E-1}.
In practice, the XOR sums will be computed several bytes at a time (e.g., on 64 bit words, or on arrays of 16 or more bytes when using SIMD CPU extensions).
With both FEC Schemes, the details of how to optimize the computation of these linear combinations are of high practical importance but out of scope of this document.

```
```
This fully-specified FEC Scheme defines the Sliding Window Random Linear Codes (RLC) over GF(2^^8).
Following the guidelines of , section 5.6, this section provides
the FEC Framework Configuration Information (or FFCI).
This FCCI needs to be shared (e.g., using SDP) between the FECFRAME sender and receiver
instances in order to synchronize them.
It includes a FEC Encoding ID, mandatory for any FEC Scheme specification, plus scheme-specific elements.
FEC Encoding ID:
the value assigned to this fully specified FEC Scheme MUST be XXXX,
as assigned by IANA ().

When SDP is used to communicate the FFCI, this FEC Encoding ID is carried in
the 'encoding-id' parameter.
The FEC Scheme-Specific Information (FSSI) includes elements that are specific to the present FEC Scheme.
More precisely:
a non-negative integer that indicates the size of each encoding symbol in bytes;

This element is required both by the sender (RLC encoder) and the receiver(s) (RLC decoder).
When SDP is used to communicate the FFCI, this FEC Scheme-specific information is carried in
the 'fssi' parameter in textual representation as specified in .
For instance:
fssi=E:1400
If another mechanism requires the FSSI to be carried as an opaque octet string
(for instance, after a Base64 encoding), the encoding format consists of the following 2 octets:
Encoding symbol length (E): 16-bit field.

A FEC Source Packet MUST contain an Explicit Source FEC Payload ID that is appended to the
end of the packet as illustrated in .
More precisely, the Explicit Source FEC Payload ID is composed of the following field
():
this unsigned integer identifies the first source symbol of the ADUI corresponding to this FEC Source Packet.
The ESI is incremented for each new source symbol, and after reaching the maximum value
(2^32-1), wrapping to zero occurs.

A FEC Repair Packet MAY contain one or more repair symbols.
When there are several repair symbols, all of them MUST have been generated from the same encoding window,
using Repair_Key values that are managed as explained below.
A receiver can easily deduce the number of repair symbols within a FEC Repair Packet by
comparing the received FEC Repair Packet size (equal to the UDP payload size when UDP is the underlying
transport protocol) and the symbol size, E, communicated in the FFCI.
A FEC Repair Packet MUST contain a Repair FEC Payload ID that is prepended to the
repair symbol as illustrated in .
More precisely, the Repair FEC Payload ID is composed of the following fields ():
this unsigned integer is used as a seed by the coefficient generation function ()
in order to generate the desired number of coding coefficients.
Value 0 MUST NOT be used.
When a FEC Repair Packet contains several repair symbols, this repair key value is that of the first repair symbol.
The remaining repair keys can be deduced by incrementing by 1 this value, up to a maximum value of 65535 after which it loops back to 1 (note that 0 is not a valid value).
this unsigned integer carries the Density Threshold (DT) used by the coding coefficient generation function .
More precisely, it controls the probability of having a non zero coding coefficient, which equals (DT+1) / 16.
When a FEC Repair Packet contains several repair symbols, the DT value applies to all of them;
this unsigned integer indicates the number of source symbols in the encoding window when this repair symbol was generated.
When a FEC Repair Packet contains several repair symbols, this NSS value applies to all of them;
this unsigned integer indicates the ESI of the first source symbol in the encoding window when this repair symbol was generated.
When a FEC Repair Packet contains several repair symbols, this FSS_ESI value applies to all of them;

The following procedure applies:
The ESI of source symbols MUST start with value 0 for the first source symbol and
MUST be managed sequentially.
Wrapping to zero happens after reaching the maximum 32-bit value.

This fully-specified FEC Scheme defines the Sliding Window Random Linear Codes (RLC) over GF(2) (binary case).
FEC Encoding ID:
the value assigned to this fully specified FEC Scheme MUST be YYYY,
as assigned by IANA ().

When SDP is used to communicate the FFCI, this FEC Encoding ID is carried in
the 'encoding-id' parameter.
All the considerations of apply here.
All the considerations of apply here.
All the considerations of apply here, with the only exception that the Repair_Key field
is useless if DT = 15 (indeed, in that case all the coefficients are necessarily equal to 1 and the coefficient generation function does not use any PRNG).
When DT = 15 it is RECOMMENDED that the sender use value 0 for the Repair_Key field, but a receiver SHALL ignore this field.
All the considerations of apply here.
This section provides a high level description of a Sliding Window RLC encoder.
Whenever a new FEC Repair Packet is needed, the RLC encoder instance first gathers the ew_size source symbols currently in the sliding encoding window.
Then it chooses a repair key, which can be a non zero monotonically increasing integer value, incremented for each repair symbol up to a maximum
value of 65535 (as it is carried within a 16-bit field) after which it loops back to 1 (indeed, being used as a PRNG seed, value 0 is prohibited).
This repair key is communicated to the coefficient generation function (Section ) in order to generate
ew_size coding coefficients.
Finally, the FECFRAME sender computes the repair symbol as a linear combination of the ew_size source symbols using the ew_size coding coefficients.
When E is small and when there is an incentive to pack several repair symbols within the same FEC Repair Packet, the appropriate number of repair symbols
are computed.
In that case the repair key for each of them MUST be incremented by 1, keeping the same ew_size source symbols, since only the first repair key will
be carried in the Repair FEC Payload ID.
The FEC Repair Packet can then be passed to the transport layer for transmission.
The source versus repair FEC packet transmission order is out of scope of this document and several approaches exist that are implementation specific.
Other solutions are possible to select a repair key value when a new FEC Repair Packet is needed, for instance by choosing a random integer between 1 and 65535.
However, selecting the same repair key as before (which may happen in case of a random process) is only meaningful if the encoding window has changed,
otherwise the same FEC Repair Packet will be generated.
This section provides a high level description of a Sliding Window RLC decoder.
A FECFRAME receiver needs to maintain a linear system whose variables are the received and lost source symbols.
Upon receiving a FEC Repair Packet, a receiver first extracts all the repair symbols it contains (in case several repair symbols are packed together).
For each repair symbol, when at least one of the corresponding source symbols it protects has been lost, the receiver adds an equation to the linear system
(or no equation if this repair packet does not change the linear system rank).
This equation of course re-uses the ew_size coding coefficients that are computed by the same coefficient generation function
(Section ), using the repair key and encoding window descriptions carried in the Repair FEC Payload ID.
Whenever possible (i.e., when a sub-system covering one or more lost source symbols is of full rank), decoding is performed in order to recover
lost source symbols.
Each time an ADUI can be totally recovered, padding is removed (thanks to the Length field, L, of the ADUI) and the ADU is assigned to the corresponding
application flow (thanks to the Flow ID field, F, of the ADUI).
This ADU is finally passed to the corresponding upper application.
Received FEC Source Packets, containing an ADU, MAY be passed to the application either immediately or after some time to guaranty an ordered delivery to
the application.
This document does not mandate any approach as this is an operational and management decision.
With real-time flows, a lost ADU that is decoded after the maximum latency or an ADU received after this delay has no value to the application.
This raises the question of deciding whether or not an ADU is late.
This decision MAY be taken within the FECFRAME receiver (e.g., using the decoding window, see )
or within the application (e.g., using RTP timestamps within the ADU).
Deciding which option to follow and whether or not to pass all ADUs, including those assumed late, to the application are operational decisions that depend
on the application and are therefore out of scope of this document.
Additionally, discusses a backward compatible optimization whereby late source symbols MAY still be used within
the FECFRAME receiver in order to improve the global robustness.
Editor's notes: RFC Editor, please remove this section motivated by RFC 6982 before publishing the RFC. Thanks.
An implementation of the Sliding Window RLC FEC Scheme for FECFRAME exists:
Organisation: Inria
Description: This is an implementation of the Sliding Window RLC FEC Scheme limited to GF(2^^8).
It relies on a modified version of our OpenFEC (http://openfec.org) FEC code library.
It is integrated in our FECFRAME software (see ).
Maturity: prototype.
Coverage: this software complies with the Sliding Window RLC FEC Scheme.
Licensing: proprietary.
Contact: vincent.roca@inria.fr

The FEC Framework document provides a comprehensive
analysis of security considerations applicable to FEC Schemes.
Therefore, the present section follows the security considerations section of
and only discusses specific topics.
The Sliding Window RLC FEC Scheme specified in this document does not change the
recommendations of .
To summarize, if confidentiality is a concern, it is RECOMMENDED that one of the
solutions mentioned in is used with special
considerations to the way this solution is applied (e.g., is encryption applied
before or after FEC protection, within the end-system or in a middlebox) to the operational
constraints (e.g., performing FEC decoding in a protected environment may be
complicated or even impossible) and to the threat model.
The Sliding Window RLC FEC Scheme specified in this document does not change the
recommendations of .
To summarize, it is RECOMMENDED that one of the solutions mentioned in
is used on both the FEC Source and Repair Packets.
The FEC Scheme specified in this document defines parameters that
can be the basis of attacks.
More specifically, the following parameters of the FFCI may be modified
by an attacker who targets receivers ():
FEC Encoding ID:
changing this parameter leads the receivers to consider a different
FEC Scheme, which enables an attacker to create a Denial of Service (DoS);
Encoding symbol length (E):
setting this E parameter to a different value will confuse the receivers
and create a DoS. More precisely, the FEC Repair Packets received
will probably no longer be multiple of E, leading receivers to reject them;

It is therefore RECOMMENDED that security measures are taken to
guarantee the FFCI integrity, as specified in .
How to achieve this depends on the way the FFCI is communicated from the sender
to the receiver, which is not specified in this document.
Similarly, attacks are possible against the Explicit Source FEC Payload ID
and Repair FEC Payload ID: by modifying the Encoding Symbol ID (ESI), or the
repair key, NSS or FSS_ESI.
It is therefore RECOMMENDED that security measures are taken to guarantee the
FEC Source and Repair Packets as stated in .
The Sliding Window RLC FEC Scheme specified in this document does not change the
recommendations of .
The Sliding Window RLC FEC Scheme specified in this document does not change the
recommendations of concerning the use of
the IPsec/ESP security protocol as a mandatory to implement (but not mandatory
to use) security scheme.
This is well suited to situations where the only insecure domain is the one
over which the FEC Framework operates.
The FEC Framework document provides a comprehensive
analysis of operations and management considerations applicable to FEC Schemes.
Therefore, the present section only discusses specific topics.
The present document specifies two FEC Schemes that differ on the Finite Field used for the coding coefficients.
It is expected that the RLC over GF(2^^8) FEC Scheme will be mostly used since it warrants a higher packet loss protection.
In case of small encoding windows, the associated processing overhead is not an issue (e.g., we measured decoding speeds between
745 Mbps and 2.8 Gbps on an ARM Cortex-A15 embedded board in ).
Of course the CPU overhead will increase with the encoding window size, because more operations in the GF(2^^8) finite field will
be needed.
The RLC over GF(2) FEC Scheme offers an alternative.
In that case operations symbols can be directly XOR-ed together which warrants high bitrate encoding and decoding operations, and
can be an advantage with large encoding windows.
However packet loss protection is significantly reduced by using this FEC Scheme.
In addition to the choice of the Finite Field, the two FEC Schemes define a coding coefficient density threshold (DT) parameter.
This parameter enables a sender to control the code density, i.e., the proportion of coefficients that are non zero on average.
With RLC over GF(2^^8), it is usually appropriate that small encoding windows be associated to a density threshold equal to 15,
the maximum value, in order to warrant a high loss protection.
On the opposite, with larger encoding windows, it is usually appropriate that the density threshold be reduced.
With large encoding windows, an alternative can be to use RLC over GF(2) and a density threshold equal to 7 (i.e., an average density equal to 1/2) or smaller.
Note that using a density threshold equal to 15 with RLC over GF(2) is equivalent to using an XOR code that compute the XOR sum of all the source symbols in the encoding window.
In that case: (1) a single repair symbol can be produced for any encoding window, and (2) the repair_key parameter becomes useless (the coding coefficients generation function does not rely on the PRNG).
This document registers two values in the "FEC Framework (FECFRAME)
FEC Encoding IDs" registry as follows:
YYYY refers to the Sliding Window Random Linear Codes (RLC) over GF(2) FEC Scheme for Arbitrary Packet Flows, as defined in of this document.
XXXX refers to the Sliding Window Random Linear Codes (RLC) over GF(2^^8) FEC Scheme for Arbitrary Packet Flows, as defined in of this document.

The authors would like to thank Jonathan Detchart, Gorry Fairhurst, and Marie-Jose Montpetit for their valuable feedbacks on this document.

```
```
&rfc2119;
&rfc6363;
&rfc6364;
Forward Error Correction (FEC) Framework Extension to Sliding Window Codes
&rfc5170;
&rfc5510;
&rfc6726;
&rfc6816;
&rfc6865;
Block or Convolutional AL-FEC Codes? A Performance Comparison for Robust Low-Latency Communications
Less Latency and Better Protection with AL-FEC Sliding Window Codes: a Robust Multimedia CBR Broadcast Case Study
Random Number Generators: Good Ones are Hard to Find
Two Fast Implementations of the Minimal Standard Random Number Generator
Park-Miller-Carta Pseudo-Random Number Generator
31 bit pseudo-random number generator
Numerical Recipies in C; Second Edition
A Complete Treatment of Software Implementations of Finite Field Arithmetic for Erasure Coding Applications
This annex introduces non normative considerations.
They are provided as suggestions, without any impact on interoperability.
For more information see .
With a real-time source ADU flow, it is possible to improve the decoding performance of sliding window codes without impacting maximum latency, at the cost of extra CPU overhead.
The optimization consists, for a FECFRAME receiver, to extend the linear system beyond the decoding window maximum size, by keeping a certain number of old source symbols whereas their associated ADUs timed-out:
ls_max_size > dw_max_size

Usually the following choice is a good trade-off between decoding performance and extra CPU overhead:
ls_max_size = 2 * dw_max_size

When the dw_max_size is very small, it may be preferable to keep a minimum ls_max_size value (e.g., LS_MIN_SIZE_DEFAULT = 40 symbols).
Going below this threshold will not save a significant amount of memory nor CPU cycles.
Therefore:
ls_max_size = max(2 * dw_max_size, LS_MIN_SIZE_DEFAULT)

Finally, it is worth noting that a good receiver, i.e., a receiver that benefits from a protection that is significantly sufficient to recover from the packet losses, can
choose to reduce its ls_max_size significantly.
In that case lost ADUs will be recovered rapidly, without relying on this optimization.
It means that source symbols, and therefore ADUs, may be decoded even if the added latency exceeds the maximum value permitted by the application.
It follows that the corresponding ADUs will not be useful to the application.
However, decoding these "late symbols" significantly improves the global robustness in bad reception conditions and is therefore recommended for receivers experiencing bad communication conditions .
In any case whether or not to use this optimization and what exact value to use for the ls_max_size parameter are decisions made by each receiver independently, without any impact on the other receivers nor on the source.

```
```