Thanks for testing in mingw New patch attached, which should work now.
On Wed, Jul 20, 2016 at 1:25 PM, Michael Niedermayer <mich...@niedermayer.cc> wrote: > On Wed, Jul 13, 2016 at 03:09:28PM +0430, Omid Ghaffarinia wrote: >> I attached the patch. >> >> The actual bug is, when creating a local multicast stream (i.e. giving >> "rtp://224.1.1.1:10000?ttl=0" to avio_open), then you can see the >> packets on the network and not just on local machine (despite setting >> multicast ttl to 0) which was a security bug in my purpose of usage >> (it also made a lot of unused traffic on network) >> >> The user does not choose to enable/disable the kernel hack, that is >> how it is designed. >> >> This behavior does NOT happen in Windows machines, but the patch given >> does no harm at all (it does nothing in Windows) >> >> On Wed, Jul 13, 2016 at 3:12 AM, Moritz Barsnick <barsn...@gmx.net> wrote: >> > On Tue, Jul 12, 2016 at 18:31:36 +0430, Omid Ghaffarinia wrote: >> > >> > Your mailer has broken the patch by inserting line breaks. You should >> > try attaching the patch as a file, or directly using "git send-email". >> > >> >> Bug is due to kernel handling multicast ttl 0 differently (as noted in >> >> kernel code net/ipv4/route.c:2191 see: >> > >> > ffmpeg is not a Linux-only tool/library, so comments should point out >> > which "kernel" more precisely (and possibly which versions this applies >> > to). Admitted, the link to github contains the string "linux". ;-) >> > >> > Furthermore: Please explain what the actual bug (i.e. misbehavior) is, >> > and what this fix changes (or how it fixes it). >> > >> > Are you allowing ffmpeg to work when the user is making use of the >> > kernel hack? >> > >> > What does this patch achieve on non-Linux operating systems? >> > >> > (Sorry for the stupid questions, all this isn't obvious to me, and I do >> > have at least some understanding of network stuff.) >> > >> > Moritz >> > _______________________________________________ >> > ffmpeg-devel mailing list >> > ffmpeg-devel@ffmpeg.org >> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > >> sdp.c | 2 +- >> udp.c | 28 ++++++++++++++++++++++++++++ >> 2 files changed, 29 insertions(+), 1 deletion(-) >> 697cb044e811d35b10a74ad9ca9181b372affc40 >> 0001-Avoid-sending-packets-to-network-when-multicast-ttl-.patch >> From aab1658d011f5b3eabd22ddc30f40107c6311c92 Mon Sep 17 00:00:00 2001 >> From: Omid Ghaffarinia <omid.ghaffari...@gmail.com> >> Date: Tue, 12 Jul 2016 18:23:57 +0430 >> Subject: [PATCH] Avoid sending packets to network when multicast ttl is 0 in >> udp >> >> Signed-off-by: Omid Ghaffarinia <omid.ghaffari...@gmail.com> >> --- >> libavformat/sdp.c | 2 +- >> libavformat/udp.c | 28 ++++++++++++++++++++++++++++ >> 2 files changed, 29 insertions(+), 1 deletion(-) >> >> diff --git a/libavformat/sdp.c b/libavformat/sdp.c >> index 01b564b..0401f7a 100644 >> --- a/libavformat/sdp.c >> +++ b/libavformat/sdp.c >> @@ -61,7 +61,7 @@ static void sdp_write_address(char *buff, int size, const >> char *dest_addr, >> if (dest_addr) { >> if (!dest_type) >> dest_type = "IP4"; >> - if (ttl > 0 && !strcmp(dest_type, "IP4")) { >> + if (ttl >= 0 && !strcmp(dest_type, "IP4")) { >> /* The TTL should only be specified for IPv4 multicast >> addresses, >> * not for IPv6. */ >> av_strlcatf(buff, size, "c=IN %s %s/%d\r\n", dest_type, >> dest_addr, ttl); >> diff --git a/libavformat/udp.c b/libavformat/udp.c >> index 8699c1c..fe46ba5 100644 >> --- a/libavformat/udp.c >> +++ b/libavformat/udp.c >> @@ -176,6 +176,28 @@ static int udp_set_multicast_ttl(int sockfd, int >> mcastTTL, >> } >> } >> #endif >> + if (mcastTTL == 0) { >> +#ifdef IP_MULTICAST_IF >> + if (addr->sa_family == AF_INET) { >> + struct in_addr localhost_addr; >> + inet_pton(AF_INET, "127.0.0.1", &localhost_addr); >> + if (setsockopt(sockfd, IPPROTO_IP, IP_MULTICAST_IF, >> &localhost_addr, sizeof(localhost_addr)) < 0) { >> + log_net_error(NULL, AV_LOG_ERROR, >> "setsockopt(IP_MULTICAST_IF)"); >> + return -1; >> + } >> + } >> +#endif >> +#if defined(IPPROTO_IPV6) && defined(IPV6_MULTICAST_IF) >> + if (addr->sa_family == AF_INET6) { >> + struct in6_addr localhost_addr; >> + inet_pton(AF_INET6, "::1", &localhost_addr); >> + if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_MULTICAST_IF, >> &localhost_addr, sizeof(localhost_addr)) < 0) { >> + log_net_error(NULL, AV_LOG_ERROR, >> "setsockopt(IPV6_MULTICAST_IF)"); >> + return -1; >> + } >> + } >> +#endif > > breaks build with mingw64 > libavformat/udp.c:183:13: error: implicit declaration of function ‘inet_pton’ > [-Werror=implicit-function-declaration] > > >> + } >> return 0; >> } >> >> @@ -882,6 +904,12 @@ static int udp_open(URLContext *h, const char *uri, int >> flags) >> } >> if (h->flags & AVIO_FLAG_READ) { >> /* input */ >> + if (s->ttl == 0) { >> + if (s->dest_addr.ss_family == AF_INET) >> + inet_pton(AF_INET, "127.0.0.1", &((struct sockaddr_in >> *)&s->local_addr_storage)->sin_addr); >> + else >> + inet_pton(AF_INET6, "::1", &((struct sockaddr_in6 >> *)&s->local_addr_storage)->sin6_addr); >> + } > > tabs are not allowed in ffmpeg git > > [...] > > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > Let us carefully observe those good qualities wherein our enemies excel us > and endeavor to excel them, by avoiding what is faulty, and imitating what > is excellent in them. -- Plutarch > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel >
From 572906404ae70cc177136cddb86f0c51952ea8a5 Mon Sep 17 00:00:00 2001 From: Omid Ghaffarinia <omid.ghaffari...@gmail.com> Date: Wed, 20 Jul 2016 17:27:21 +0430 Subject: [PATCH] Avoid sending packets to network when multicast ttl is 0 in udp Signed-off-by: Omid Ghaffarinia <omid.ghaffari...@gmail.com> --- libavformat/sdp.c | 2 +- libavformat/udp.c | 68 ++++++++++++++++++++++++++++++++++++----------------- 2 files changed, 47 insertions(+), 23 deletions(-) diff --git a/libavformat/sdp.c b/libavformat/sdp.c index 4e37f65..881127d 100644 --- a/libavformat/sdp.c +++ b/libavformat/sdp.c @@ -61,7 +61,7 @@ static void sdp_write_address(char *buff, int size, const char *dest_addr, if (dest_addr) { if (!dest_type) dest_type = "IP4"; - if (ttl > 0 && !strcmp(dest_type, "IP4")) { + if (ttl >= 0 && !strcmp(dest_type, "IP4")) { /* The TTL should only be specified for IPv4 multicast addresses, * not for IPv6. */ av_strlcatf(buff, size, "c=IN %s %s/%d\r\n", dest_type, dest_addr, ttl); diff --git a/libavformat/udp.c b/libavformat/udp.c index 8699c1c..9ac9598 100644 --- a/libavformat/udp.c +++ b/libavformat/udp.c @@ -157,28 +157,6 @@ static void log_net_error(void *ctx, int level, const char* prefix) av_log(ctx, level, "%s: %s\n", prefix, errbuf); } -static int udp_set_multicast_ttl(int sockfd, int mcastTTL, - struct sockaddr *addr) -{ -#ifdef IP_MULTICAST_TTL - if (addr->sa_family == AF_INET) { - if (setsockopt(sockfd, IPPROTO_IP, IP_MULTICAST_TTL, &mcastTTL, sizeof(mcastTTL)) < 0) { - log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IP_MULTICAST_TTL)"); - return -1; - } - } -#endif -#if defined(IPPROTO_IPV6) && defined(IPV6_MULTICAST_HOPS) - if (addr->sa_family == AF_INET6) { - if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &mcastTTL, sizeof(mcastTTL)) < 0) { - log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IPV6_MULTICAST_HOPS)"); - return -1; - } - } -#endif - return 0; -} - static int udp_join_multicast_group(int sockfd, struct sockaddr *addr,struct sockaddr *local_addr) { #ifdef IP_ADD_MEMBERSHIP @@ -363,6 +341,49 @@ static int udp_set_url(URLContext *h, return addr_len; } +static int udp_set_multicast_ttl(int sockfd, int mcastTTL, + struct sockaddr *addr) +{ +#ifdef IP_MULTICAST_TTL + if (addr->sa_family == AF_INET) { + if (setsockopt(sockfd, IPPROTO_IP, IP_MULTICAST_TTL, &mcastTTL, sizeof(mcastTTL)) < 0) { + log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IP_MULTICAST_TTL)"); + return -1; + } + } +#endif +#if defined(IPPROTO_IPV6) && defined(IPV6_MULTICAST_HOPS) + if (addr->sa_family == AF_INET6) { + if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &mcastTTL, sizeof(mcastTTL)) < 0) { + log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IPV6_MULTICAST_HOPS)"); + return -1; + } + } +#endif + if (mcastTTL == 0) { + struct sockaddr_storage localhost_addr; +#ifdef IP_MULTICAST_IF + if (addr->sa_family == AF_INET) { + udp_set_url(&localhost_addr, "127.0.0.1", 0); + if (setsockopt(sockfd, IPPROTO_IP, IP_MULTICAST_IF, &((struct sockaddr_in *)&localhost_addr)->sin_addr, sizeof(struct in_addr)) < 0) { + log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IP_MULTICAST_IF)"); + return -1; + } + } +#endif +#if defined(IPPROTO_IPV6) && defined(IPV6_MULTICAST_IF) + if (addr->sa_family == AF_INET6) { + udp_set_url(&localhost_addr, "::1", 0); + if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_MULTICAST_IF, &((struct sockaddr_in6 *)&localhost_addr)->sin6_addr, sizeof(struct in6_addr)) < 0) { + log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IPV6_MULTICAST_IF)"); + return -1; + } + } +#endif + } + return 0; +} + static int udp_socket_create(URLContext *h, struct sockaddr_storage *addr, socklen_t *addr_len, const char *localaddr) { @@ -882,6 +903,9 @@ static int udp_open(URLContext *h, const char *uri, int flags) } if (h->flags & AVIO_FLAG_READ) { /* input */ + if (s->ttl == 0) { + udp_set_url(&s->local_addr_storage, s->dest_addr.ss_family == AF_INET ? "127.0.0.1" : "::1", 0); + } if (num_include_sources && num_exclude_sources) { av_log(h, AV_LOG_ERROR, "Simultaneously including and excluding multicast sources is not supported\n"); goto fail; -- 1.7.9.5
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel