On Wed, Jul 13, 2016 at 03:09:28PM +0430, Omid Ghaffarinia wrote: > I attached the patch. > > The actual bug is, when creating a local multicast stream (i.e. giving > "rtp://224.1.1.1:10000?ttl=0" to avio_open), then you can see the > packets on the network and not just on local machine (despite setting > multicast ttl to 0) which was a security bug in my purpose of usage > (it also made a lot of unused traffic on network) > > The user does not choose to enable/disable the kernel hack, that is > how it is designed. > > This behavior does NOT happen in Windows machines, but the patch given > does no harm at all (it does nothing in Windows) > > On Wed, Jul 13, 2016 at 3:12 AM, Moritz Barsnick <barsn...@gmx.net> wrote: > > On Tue, Jul 12, 2016 at 18:31:36 +0430, Omid Ghaffarinia wrote: > > > > Your mailer has broken the patch by inserting line breaks. You should > > try attaching the patch as a file, or directly using "git send-email". > > > >> Bug is due to kernel handling multicast ttl 0 differently (as noted in > >> kernel code net/ipv4/route.c:2191 see: > > > > ffmpeg is not a Linux-only tool/library, so comments should point out > > which "kernel" more precisely (and possibly which versions this applies > > to). Admitted, the link to github contains the string "linux". ;-) > > > > Furthermore: Please explain what the actual bug (i.e. misbehavior) is, > > and what this fix changes (or how it fixes it). > > > > Are you allowing ffmpeg to work when the user is making use of the > > kernel hack? > > > > What does this patch achieve on non-Linux operating systems? > > > > (Sorry for the stupid questions, all this isn't obvious to me, and I do > > have at least some understanding of network stuff.) > > > > Moritz > > _______________________________________________ > > ffmpeg-devel mailing list > > ffmpeg-devel@ffmpeg.org > > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> sdp.c | 2 +-
> udp.c | 28 ++++++++++++++++++++++++++++
> 2 files changed, 29 insertions(+), 1 deletion(-)
> 697cb044e811d35b10a74ad9ca9181b372affc40
> 0001-Avoid-sending-packets-to-network-when-multicast-ttl-.patch
> From aab1658d011f5b3eabd22ddc30f40107c6311c92 Mon Sep 17 00:00:00 2001
> From: Omid Ghaffarinia <omid.ghaffari...@gmail.com>
> Date: Tue, 12 Jul 2016 18:23:57 +0430
> Subject: [PATCH] Avoid sending packets to network when multicast ttl is 0 in
> udp
>
> Signed-off-by: Omid Ghaffarinia <omid.ghaffari...@gmail.com>
> ---
> libavformat/sdp.c | 2 +-
> libavformat/udp.c | 28 ++++++++++++++++++++++++++++
> 2 files changed, 29 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/sdp.c b/libavformat/sdp.c
> index 01b564b..0401f7a 100644
> --- a/libavformat/sdp.c
> +++ b/libavformat/sdp.c
> @@ -61,7 +61,7 @@ static void sdp_write_address(char *buff, int size, const
> char *dest_addr,
> if (dest_addr) {
> if (!dest_type)
> dest_type = "IP4";
> - if (ttl > 0 && !strcmp(dest_type, "IP4")) {
> + if (ttl >= 0 && !strcmp(dest_type, "IP4")) {
> /* The TTL should only be specified for IPv4 multicast addresses,
> * not for IPv6. */
> av_strlcatf(buff, size, "c=IN %s %s/%d\r\n", dest_type,
> dest_addr, ttl);
> diff --git a/libavformat/udp.c b/libavformat/udp.c
> index 8699c1c..fe46ba5 100644
> --- a/libavformat/udp.c
> +++ b/libavformat/udp.c
> @@ -176,6 +176,28 @@ static int udp_set_multicast_ttl(int sockfd, int
> mcastTTL,
> }
> }
> #endif
> + if (mcastTTL == 0) {
> +#ifdef IP_MULTICAST_IF
> + if (addr->sa_family == AF_INET) {
> + struct in_addr localhost_addr;
> + inet_pton(AF_INET, "127.0.0.1", &localhost_addr);
> + if (setsockopt(sockfd, IPPROTO_IP, IP_MULTICAST_IF,
> &localhost_addr, sizeof(localhost_addr)) < 0) {
> + log_net_error(NULL, AV_LOG_ERROR,
> "setsockopt(IP_MULTICAST_IF)");
> + return -1;
> + }
> + }
> +#endif
> +#if defined(IPPROTO_IPV6) && defined(IPV6_MULTICAST_IF)
> + if (addr->sa_family == AF_INET6) {
> + struct in6_addr localhost_addr;
> + inet_pton(AF_INET6, "::1", &localhost_addr);
> + if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_MULTICAST_IF,
> &localhost_addr, sizeof(localhost_addr)) < 0) {
> + log_net_error(NULL, AV_LOG_ERROR,
> "setsockopt(IPV6_MULTICAST_IF)");
> + return -1;
> + }
> + }
> +#endif
breaks build with mingw64
libavformat/udp.c:183:13: error: implicit declaration of function ‘inet_pton’
[-Werror=implicit-function-declaration]
> + }
> return 0;
> }
>
> @@ -882,6 +904,12 @@ static int udp_open(URLContext *h, const char *uri, int
> flags)
> }
> if (h->flags & AVIO_FLAG_READ) {
> /* input */
> + if (s->ttl == 0) {
> + if (s->dest_addr.ss_family == AF_INET)
> + inet_pton(AF_INET, "127.0.0.1", &((struct sockaddr_in
> *)&s->local_addr_storage)->sin_addr);
> + else
> + inet_pton(AF_INET6, "::1", &((struct sockaddr_in6
> *)&s->local_addr_storage)->sin6_addr);
> + }
tabs are not allowed in ffmpeg git
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Let us carefully observe those good qualities wherein our enemies excel us
and endeavor to excel them, by avoiding what is faulty, and imitating what
is excellent in them. -- Plutarch
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
