diff --git a/internal/core/api.go b/internal/core/api.go index 9ceac757..a7ed9406 100644 --- a/internal/core/api.go +++ b/internal/core/api.go @@ -134,7 +134,7 @@ func newAPI( webRTCServer apiWebRTCServer, parent apiParent, ) (*api, error) { - ln, err := net.Listen("tcp", address) + ln, err := net.Listen(restrictNetwork("tcp", address)) if err != nil { return nil, err } diff --git a/internal/core/hls_server.go b/internal/core/hls_server.go index a58cc90c..da7be643 100644 --- a/internal/core/hls_server.go +++ b/internal/core/hls_server.go @@ -106,7 +106,7 @@ func newHLSServer( metrics *metrics, parent hlsServerParent, ) (*hlsServer, error) { - ln, err := net.Listen("tcp", address) + ln, err := net.Listen(restrictNetwork("tcp", address)) if err != nil { return nil, err } diff --git a/internal/core/metrics.go b/internal/core/metrics.go index e764ccb8..3a2e474c 100644 --- a/internal/core/metrics.go +++ b/internal/core/metrics.go @@ -40,7 +40,7 @@ func newMetrics( address string, parent metricsParent, ) (*metrics, error) { - ln, err := net.Listen("tcp", address) + ln, err := net.Listen(restrictNetwork(restrictNetwork("tcp", address))) if err != nil { return nil, err } diff --git a/internal/core/pprof.go b/internal/core/pprof.go index 71fd4e48..bae04d98 100644 --- a/internal/core/pprof.go +++ b/internal/core/pprof.go @@ -27,7 +27,7 @@ func newPPROF( address string, parent pprofParent, ) (*pprof, error) { - ln, err := net.Listen("tcp", address) + ln, err := net.Listen(restrictNetwork("tcp", address)) if err != nil { return nil, err } diff --git a/internal/core/restrict_network.go b/internal/core/restrict_network.go new file mode 100644 index 00000000..0316eb4d --- /dev/null +++ b/internal/core/restrict_network.go @@ -0,0 +1,17 @@ +package core + +import ( + "net" +) + +// do not listen on IPv6 when address is 0.0.0.0. +func restrictNetwork(network string, address string) (string, string) { + host, _, err := net.SplitHostPort(address) + if err == nil { + if host == "0.0.0.0" { + return network + "4", address + } + } + + return network, address +} diff --git a/internal/core/rtmp_server.go b/internal/core/rtmp_server.go index 5407f875..d6e98e9e 100644 --- a/internal/core/rtmp_server.go +++ b/internal/core/rtmp_server.go @@ -93,7 +93,7 @@ func newRTMPServer( ) (*rtmpServer, error) { ln, err := func() (net.Listener, error) { if !isTLS { - return net.Listen("tcp", address) + return net.Listen(restrictNetwork("tcp", address)) } cert, err := tls.LoadX509KeyPair(serverCert, serverKey) @@ -101,7 +101,8 @@ func newRTMPServer( return nil, err } - return tls.Listen("tcp", address, &tls.Config{Certificates: []tls.Certificate{cert}}) + network, address := restrictNetwork("tcp", address) + return tls.Listen(network, address, &tls.Config{Certificates: []tls.Certificate{cert}}) }() if err != nil { return nil, err diff --git a/internal/core/udp_source.go b/internal/core/udp_source.go index e9403fb8..16c2b832 100644 --- a/internal/core/udp_source.go +++ b/internal/core/udp_source.go @@ -98,7 +98,7 @@ func (s *udpSource) run(ctx context.Context, cnf *conf.PathConf, reloadConf chan hostPort := cnf.Source[len("udp://"):] - pc, err := net.ListenPacket("udp", hostPort) + pc, err := net.ListenPacket(restrictNetwork("udp", hostPort)) if err != nil { return err } diff --git a/internal/core/webrtc_server.go b/internal/core/webrtc_server.go index 77373847..227aa982 100644 --- a/internal/core/webrtc_server.go +++ b/internal/core/webrtc_server.go @@ -116,7 +116,7 @@ func newWebRTCServer( iceUDPMuxAddress string, iceTCPMuxAddress string, ) (*webRTCServer, error) { - ln, err := net.Listen("tcp", address) + ln, err := net.Listen(restrictNetwork("tcp", address)) if err != nil { return nil, err } @@ -137,7 +137,7 @@ func newWebRTCServer( var iceUDPMux ice.UDPMux var udpMuxLn net.PacketConn if iceUDPMuxAddress != "" { - udpMuxLn, err = net.ListenPacket("udp", iceUDPMuxAddress) + udpMuxLn, err = net.ListenPacket(restrictNetwork("udp", iceUDPMuxAddress)) if err != nil { return nil, err } @@ -147,7 +147,7 @@ func newWebRTCServer( var iceTCPMux ice.TCPMux var tcpMuxLn net.Listener if iceTCPMuxAddress != "" { - tcpMuxLn, err = net.Listen("tcp", iceTCPMuxAddress) + tcpMuxLn, err = net.Listen(restrictNetwork("tcp", iceTCPMuxAddress)) if err != nil { return nil, err }