[Live-devel] Streaming Redirection
Jeff Oliver
Jeffrey.Oliver at mascorp.com
Fri Jan 30 13:45:45 PST 2004
Here's the parseTransportHeader() function....due to time constraints in
the project Im working on and the specific use of the streamer, I've
used functions that are probably not the best to use for portability,
etc. Like strtok(), no one likes using it, but for me it gets the job done.
As far as the destination parameter allowing redirection, you are
correct, there is a security problem with that. I would agree to not
include that feature as part of the mainstream product, but for my
purposes, I have the luxury of operating in a closed network AND its a
huge benefit to be able to have a separate RTSP front-end to redirect
streams to a pre-existing decoder client...especially for testing and
proof-of-concept.
Jeff Oliver
static void parseTransportHeader(char const* buf,
unsigned short& clientRTPPortNum,
unsigned short& clientRTCPPortNum,
Boolean& isMulticast,
netAddressBits& destAddr,
u_int8_t& destTTL)
{
char *tmp;
// Get multicast or unicast
if (strstr(buf, "multicast") != NULL)
{
isMulticast = True;
}
else
{
isMulticast = False;
}
// Get Destination address
tmp = strstr(buf, "destination=");
if (tmp != NULL)
{
struct in_addr in;
char *start;
char *tok;
start = strDup(tmp);
tok = strtok(start, "=");
tok = strtok(NULL, ";");
if (inet_aton(tok, &in) == 0)
{
printf("invalid destination address\n");
}
destAddr = in.s_addr;
}
// Get the client port numbers
tmp = strstr(buf, "client");
if (tmp != NULL)
{
unsigned short p1, p2;
if (sscanf(tmp, "client_port=%hu-%hu", &p1, &p2) == 2)
{
clientRTPPortNum = p1;
clientRTCPPortNum = p2;
}
}
}
Ross Finlayson wrote:
>
>> But here's a list of things I had to change to get this to work. I
>> think its fairly straight forward.
>> 1) I completely rewrote the parseTransportHeader to get more
>> information. Multicast/Unicast, Destination, TTL, Client_Port.
>
>
> Jeff,
>
> Could you post your modified "parseTransportHeader()" implementation?
> (It looks like this could be useful.)
>
> (BTW, I just realized that there's a bug in the definition of
> "ServerMediaSubsession::getStreamParameters()" - the
> "destinationAddress" and "destinationTTL" parameters are supposed to
> be 'out' parameters, so they should be passed by reference, not by
> value. I'll fix this in the next software release.)
>
> As an aside, note that allowing a RTSP server to transmit to an
> arbitrary destination (as specified by the "destination" field in a
> client's "Transport:" header) is a security risk, because it allows a
> malicious client to launch a denial-of-service attack against an
> unwitting victim. (In fact, the RTSP specification discourages this
> (see section 12.39 of RFC 2326).) I would be very wary about
> including support for this in a product, unless you also authenticated
> clients in some way.
>
>
> Ross Finlayson
> LIVE.COM
> <http://www.live.com/>
>
> _______________________________________________
> live-devel mailing list
> live-devel at lists.live.com
> http://lists.live.com/mailman/listinfo/live-devel
>
>
Disclaimer: The information contained in this transmission, including any
attachments, may contain confidential information of Matsushita Avionics
Systems Corporation. This transmission is intended only for the use of the
addressee(s) listed above. Unauthorized review, dissemination or other use
of the information contained in this transmission is strictly prohibited.
If you have received this transmission in error or have reason to believe
you are not authorized to receive it, please notify the sender by return
email and promptly delete the transmission
More information about the live-devel
mailing list