Thanks for testing in mingw
New patch attached, which should work now.
On Wed, Jul 20, 2016 at 1:25 PM, Michael Niedermayer
<mich...@niedermayer.cc> wrote:
> On Wed, Jul 13, 2016 at 03:09:28PM +0430, Omid Ghaffarinia wrote:
>> I attached the patch.
>>
>> The actual bug is, when creating a local multicast stream (i.e. giving
>> "rtp://224.1.1.1:10000?ttl=0" to avio_open), then you can see the
>> packets on the network and not just on local machine (despite setting
>> multicast ttl to 0) which was a security bug in my purpose of usage
>> (it also made a lot of unused traffic on network)
>>
>> The user does not choose to enable/disable the kernel hack, that is
>> how it is designed.
>>
>> This behavior does NOT happen in Windows machines, but the patch given
>> does no harm at all (it does nothing in Windows)
>>
>> On Wed, Jul 13, 2016 at 3:12 AM, Moritz Barsnick <barsn...@gmx.net> wrote:
>> > On Tue, Jul 12, 2016 at 18:31:36 +0430, Omid Ghaffarinia wrote:
>> >
>> > Your mailer has broken the patch by inserting line breaks. You should
>> > try attaching the patch as a file, or directly using "git send-email".
>> >
>> >> Bug is due to kernel handling multicast ttl 0 differently (as noted in
>> >> kernel code net/ipv4/route.c:2191 see:
>> >
>> > ffmpeg is not a Linux-only tool/library, so comments should point out
>> > which "kernel" more precisely (and possibly which versions this applies
>> > to). Admitted, the link to github contains the string "linux". ;-)
>> >
>> > Furthermore: Please explain what the actual bug (i.e. misbehavior) is,
>> > and what this fix changes (or how it fixes it).
>> >
>> > Are you allowing ffmpeg to work when the user is making use of the
>> > kernel hack?
>> >
>> > What does this patch achieve on non-Linux operating systems?
>> >
>> > (Sorry for the stupid questions, all this isn't obvious to me, and I do
>> > have at least some understanding of network stuff.)
>> >
>> > Moritz
>> > _______________________________________________
>> > ffmpeg-devel mailing list
>> > ffmpeg-devel@ffmpeg.org
>> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
>> sdp.c | 2 +-
>> udp.c | 28 ++++++++++++++++++++++++++++
>> 2 files changed, 29 insertions(+), 1 deletion(-)
>> 697cb044e811d35b10a74ad9ca9181b372affc40
>> 0001-Avoid-sending-packets-to-network-when-multicast-ttl-.patch
>> From aab1658d011f5b3eabd22ddc30f40107c6311c92 Mon Sep 17 00:00:00 2001
>> From: Omid Ghaffarinia <omid.ghaffari...@gmail.com>
>> Date: Tue, 12 Jul 2016 18:23:57 +0430
>> Subject: [PATCH] Avoid sending packets to network when multicast ttl is 0 in
>> udp
>>
>> Signed-off-by: Omid Ghaffarinia <omid.ghaffari...@gmail.com>
>> ---
>> libavformat/sdp.c | 2 +-
>> libavformat/udp.c | 28 ++++++++++++++++++++++++++++
>> 2 files changed, 29 insertions(+), 1 deletion(-)
>>
>> diff --git a/libavformat/sdp.c b/libavformat/sdp.c
>> index 01b564b..0401f7a 100644
>> --- a/libavformat/sdp.c
>> +++ b/libavformat/sdp.c
>> @@ -61,7 +61,7 @@ static void sdp_write_address(char *buff, int size, const
>> char *dest_addr,
>> if (dest_addr) {
>> if (!dest_type)
>> dest_type = "IP4";
>> - if (ttl > 0 && !strcmp(dest_type, "IP4")) {
>> + if (ttl >= 0 && !strcmp(dest_type, "IP4")) {
>> /* The TTL should only be specified for IPv4 multicast
>> addresses,
>> * not for IPv6. */
>> av_strlcatf(buff, size, "c=IN %s %s/%d\r\n", dest_type,
>> dest_addr, ttl);
>> diff --git a/libavformat/udp.c b/libavformat/udp.c
>> index 8699c1c..fe46ba5 100644
>> --- a/libavformat/udp.c
>> +++ b/libavformat/udp.c
>> @@ -176,6 +176,28 @@ static int udp_set_multicast_ttl(int sockfd, int
>> mcastTTL,
>> }
>> }
>> #endif
>> + if (mcastTTL == 0) {
>> +#ifdef IP_MULTICAST_IF
>> + if (addr->sa_family == AF_INET) {
>> + struct in_addr localhost_addr;
>> + inet_pton(AF_INET, "127.0.0.1", &localhost_addr);
>> + if (setsockopt(sockfd, IPPROTO_IP, IP_MULTICAST_IF,
>> &localhost_addr, sizeof(localhost_addr)) < 0) {
>> + log_net_error(NULL, AV_LOG_ERROR,
>> "setsockopt(IP_MULTICAST_IF)");
>> + return -1;
>> + }
>> + }
>> +#endif
>> +#if defined(IPPROTO_IPV6) && defined(IPV6_MULTICAST_IF)
>> + if (addr->sa_family == AF_INET6) {
>> + struct in6_addr localhost_addr;
>> + inet_pton(AF_INET6, "::1", &localhost_addr);
>> + if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_MULTICAST_IF,
>> &localhost_addr, sizeof(localhost_addr)) < 0) {
>> + log_net_error(NULL, AV_LOG_ERROR,
>> "setsockopt(IPV6_MULTICAST_IF)");
>> + return -1;
>> + }
>> + }
>> +#endif
>
> breaks build with mingw64
> libavformat/udp.c:183:13: error: implicit declaration of function ‘inet_pton’
> [-Werror=implicit-function-declaration]
>
>
>> + }
>> return 0;
>> }
>>
>> @@ -882,6 +904,12 @@ static int udp_open(URLContext *h, const char *uri, int
>> flags)
>> }
>> if (h->flags & AVIO_FLAG_READ) {
>> /* input */
>> + if (s->ttl == 0) {
>> + if (s->dest_addr.ss_family == AF_INET)
>> + inet_pton(AF_INET, "127.0.0.1", &((struct sockaddr_in
>> *)&s->local_addr_storage)->sin_addr);
>> + else
>> + inet_pton(AF_INET6, "::1", &((struct sockaddr_in6
>> *)&s->local_addr_storage)->sin6_addr);
>> + }
>
> tabs are not allowed in ffmpeg git
>
> [...]
>
> --
> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Let us carefully observe those good qualities wherein our enemies excel us
> and endeavor to excel them, by avoiding what is faulty, and imitating what
> is excellent in them. -- Plutarch
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
From 572906404ae70cc177136cddb86f0c51952ea8a5 Mon Sep 17 00:00:00 2001
From: Omid Ghaffarinia <omid.ghaffari...@gmail.com>
Date: Wed, 20 Jul 2016 17:27:21 +0430
Subject: [PATCH] Avoid sending packets to network when multicast ttl is 0 in
udp
Signed-off-by: Omid Ghaffarinia <omid.ghaffari...@gmail.com>
---
libavformat/sdp.c | 2 +-
libavformat/udp.c | 68 ++++++++++++++++++++++++++++++++++++-----------------
2 files changed, 47 insertions(+), 23 deletions(-)
diff --git a/libavformat/sdp.c b/libavformat/sdp.c
index 4e37f65..881127d 100644
--- a/libavformat/sdp.c
+++ b/libavformat/sdp.c
@@ -61,7 +61,7 @@ static void sdp_write_address(char *buff, int size, const char *dest_addr,
if (dest_addr) {
if (!dest_type)
dest_type = "IP4";
- if (ttl > 0 && !strcmp(dest_type, "IP4")) {
+ if (ttl >= 0 && !strcmp(dest_type, "IP4")) {
/* The TTL should only be specified for IPv4 multicast addresses,
* not for IPv6. */
av_strlcatf(buff, size, "c=IN %s %s/%d\r\n", dest_type, dest_addr, ttl);
diff --git a/libavformat/udp.c b/libavformat/udp.c
index 8699c1c..9ac9598 100644
--- a/libavformat/udp.c
+++ b/libavformat/udp.c
@@ -157,28 +157,6 @@ static void log_net_error(void *ctx, int level, const char* prefix)
av_log(ctx, level, "%s: %s\n", prefix, errbuf);
}
-static int udp_set_multicast_ttl(int sockfd, int mcastTTL,
- struct sockaddr *addr)
-{
-#ifdef IP_MULTICAST_TTL
- if (addr->sa_family == AF_INET) {
- if (setsockopt(sockfd, IPPROTO_IP, IP_MULTICAST_TTL, &mcastTTL, sizeof(mcastTTL)) < 0) {
- log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IP_MULTICAST_TTL)");
- return -1;
- }
- }
-#endif
-#if defined(IPPROTO_IPV6) && defined(IPV6_MULTICAST_HOPS)
- if (addr->sa_family == AF_INET6) {
- if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &mcastTTL, sizeof(mcastTTL)) < 0) {
- log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IPV6_MULTICAST_HOPS)");
- return -1;
- }
- }
-#endif
- return 0;
-}
-
static int udp_join_multicast_group(int sockfd, struct sockaddr *addr,struct sockaddr *local_addr)
{
#ifdef IP_ADD_MEMBERSHIP
@@ -363,6 +341,49 @@ static int udp_set_url(URLContext *h,
return addr_len;
}
+static int udp_set_multicast_ttl(int sockfd, int mcastTTL,
+ struct sockaddr *addr)
+{
+#ifdef IP_MULTICAST_TTL
+ if (addr->sa_family == AF_INET) {
+ if (setsockopt(sockfd, IPPROTO_IP, IP_MULTICAST_TTL, &mcastTTL, sizeof(mcastTTL)) < 0) {
+ log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IP_MULTICAST_TTL)");
+ return -1;
+ }
+ }
+#endif
+#if defined(IPPROTO_IPV6) && defined(IPV6_MULTICAST_HOPS)
+ if (addr->sa_family == AF_INET6) {
+ if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &mcastTTL, sizeof(mcastTTL)) < 0) {
+ log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IPV6_MULTICAST_HOPS)");
+ return -1;
+ }
+ }
+#endif
+ if (mcastTTL == 0) {
+ struct sockaddr_storage localhost_addr;
+#ifdef IP_MULTICAST_IF
+ if (addr->sa_family == AF_INET) {
+ udp_set_url(&localhost_addr, "127.0.0.1", 0);
+ if (setsockopt(sockfd, IPPROTO_IP, IP_MULTICAST_IF, &((struct sockaddr_in *)&localhost_addr)->sin_addr, sizeof(struct in_addr)) < 0) {
+ log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IP_MULTICAST_IF)");
+ return -1;
+ }
+ }
+#endif
+#if defined(IPPROTO_IPV6) && defined(IPV6_MULTICAST_IF)
+ if (addr->sa_family == AF_INET6) {
+ udp_set_url(&localhost_addr, "::1", 0);
+ if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_MULTICAST_IF, &((struct sockaddr_in6 *)&localhost_addr)->sin6_addr, sizeof(struct in6_addr)) < 0) {
+ log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IPV6_MULTICAST_IF)");
+ return -1;
+ }
+ }
+#endif
+ }
+ return 0;
+}
+
static int udp_socket_create(URLContext *h, struct sockaddr_storage *addr,
socklen_t *addr_len, const char *localaddr)
{
@@ -882,6 +903,9 @@ static int udp_open(URLContext *h, const char *uri, int flags)
}
if (h->flags & AVIO_FLAG_READ) {
/* input */
+ if (s->ttl == 0) {
+ udp_set_url(&s->local_addr_storage, s->dest_addr.ss_family == AF_INET ? "127.0.0.1" : "::1", 0);
+ }
if (num_include_sources && num_exclude_sources) {
av_log(h, AV_LOG_ERROR, "Simultaneously including and excluding multicast sources is not supported\n");
goto fail;
--
1.7.9.5
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
