Re: [FFmpeg-devel] [PATCH] Avoid sending packets to network when multicast ttl is 0 in udp

Wed, 13 Jul 2016 03:53:02 -0700 

I attached the patch.

The actual bug is, when creating a local multicast stream (i.e. giving
"rtp://224.1.1.1:10000?ttl=0" to avio_open), then you can see the
packets on the network and not just on local machine (despite setting
multicast ttl to 0) which was a security bug in my purpose of usage
(it also made a lot of unused traffic on network)

The user does not choose to enable/disable the kernel hack, that is
how it is designed.

This behavior does NOT happen in Windows machines, but the patch given
does no harm at all (it does nothing in Windows)

On Wed, Jul 13, 2016 at 3:12 AM, Moritz Barsnick <barsn...@gmx.net> wrote:
> On Tue, Jul 12, 2016 at 18:31:36 +0430, Omid Ghaffarinia wrote:
>
> Your mailer has broken the patch by inserting line breaks. You should
> try attaching the patch as a file, or directly using "git send-email".
>
>> Bug is due to kernel handling multicast ttl 0 differently (as noted in
>> kernel code net/ipv4/route.c:2191 see:
>
> ffmpeg is not a Linux-only tool/library, so comments should point out
> which "kernel" more precisely (and possibly which versions this applies
> to). Admitted, the link to github contains the string "linux". ;-)
>
> Furthermore: Please explain what the actual bug (i.e. misbehavior) is,
> and what this fix changes (or how it fixes it).
>
> Are you allowing ffmpeg to work when the user is making use of the
> kernel hack?
>
> What does this patch achieve on non-Linux operating systems?
>
> (Sorry for the stupid questions, all this isn't obvious to me, and I do
> have at least some understanding of network stuff.)
>
> Moritz
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

From aab1658d011f5b3eabd22ddc30f40107c6311c92 Mon Sep 17 00:00:00 2001
From: Omid Ghaffarinia <omid.ghaffari...@gmail.com>
Date: Tue, 12 Jul 2016 18:23:57 +0430
Subject: [PATCH] Avoid sending packets to network when multicast ttl is 0 in
 udp

Signed-off-by: Omid Ghaffarinia <omid.ghaffari...@gmail.com>
---
 libavformat/sdp.c |    2 +-
 libavformat/udp.c |   28 ++++++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/libavformat/sdp.c b/libavformat/sdp.c
index 01b564b..0401f7a 100644
--- a/libavformat/sdp.c
+++ b/libavformat/sdp.c
@@ -61,7 +61,7 @@ static void sdp_write_address(char *buff, int size, const char *dest_addr,
     if (dest_addr) {
         if (!dest_type)
             dest_type = "IP4";
-        if (ttl > 0 && !strcmp(dest_type, "IP4")) {
+        if (ttl >= 0 && !strcmp(dest_type, "IP4")) {
             /* The TTL should only be specified for IPv4 multicast addresses,
              * not for IPv6. */
             av_strlcatf(buff, size, "c=IN %s %s/%d\r\n", dest_type, dest_addr, ttl);
diff --git a/libavformat/udp.c b/libavformat/udp.c
index 8699c1c..fe46ba5 100644
--- a/libavformat/udp.c
+++ b/libavformat/udp.c
@@ -176,6 +176,28 @@ static int udp_set_multicast_ttl(int sockfd, int mcastTTL,
         }
     }
 #endif
+    if (mcastTTL == 0) {
+#ifdef IP_MULTICAST_IF
+        if (addr->sa_family == AF_INET) {
+            struct in_addr localhost_addr;
+            inet_pton(AF_INET, "127.0.0.1", &localhost_addr);
+            if (setsockopt(sockfd, IPPROTO_IP, IP_MULTICAST_IF, &localhost_addr, sizeof(localhost_addr)) < 0) {
+                log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IP_MULTICAST_IF)");
+                return -1;
+            }
+        }
+#endif
+#if defined(IPPROTO_IPV6) && defined(IPV6_MULTICAST_IF)
+        if (addr->sa_family == AF_INET6) {
+            struct in6_addr localhost_addr;
+            inet_pton(AF_INET6, "::1", &localhost_addr);
+            if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_MULTICAST_IF, &localhost_addr, sizeof(localhost_addr)) < 0) {
+                log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IPV6_MULTICAST_IF)");
+                return -1;
+            }
+        }
+#endif
+    }
     return 0;
 }
 
@@ -882,6 +904,12 @@ static int udp_open(URLContext *h, const char *uri, int flags)
         }
         if (h->flags & AVIO_FLAG_READ) {
             /* input */
+        	if (s->ttl == 0) {
+            	if (s->dest_addr.ss_family == AF_INET)
+            		inet_pton(AF_INET, "127.0.0.1", &((struct sockaddr_in *)&s->local_addr_storage)->sin_addr);
+            	else
+            		inet_pton(AF_INET6, "::1", &((struct sockaddr_in6 *)&s->local_addr_storage)->sin6_addr);
+        	}
             if (num_include_sources && num_exclude_sources) {
                 av_log(h, AV_LOG_ERROR, "Simultaneously including and excluding multicast sources is not supported\n");
                 goto fail;
-- 
1.7.9.5


_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to