do not listen on IPv6 when host is 0.0.0.0 (#1665) (#1678)

2023-04-10 22:48:33 +02:00 · 2023-04-10 22:48:33 +02:00 · 34757620b8
parent 67741d16dd
commit 34757620b8
8 changed files with 28 additions and 10 deletions
--- a/internal/core/api.go
+++ b/internal/core/api.go
@ -134,7 +134,7 @@ func newAPI(
 	webRTCServer apiWebRTCServer,
 	parent apiParent,
 ) (*api, error) {
-	ln, err := net.Listen("tcp", address)
+	ln, err := net.Listen(restrictNetwork("tcp", address))
 	if err != nil {
 		return nil, err
 	}
--- a/internal/core/hls_server.go
+++ b/internal/core/hls_server.go
@ -106,7 +106,7 @@ func newHLSServer(
 	metrics *metrics,
 	parent hlsServerParent,
 ) (*hlsServer, error) {
-	ln, err := net.Listen("tcp", address)
+	ln, err := net.Listen(restrictNetwork("tcp", address))
 	if err != nil {
 		return nil, err
 	}
--- a/internal/core/metrics.go
+++ b/internal/core/metrics.go
@ -40,7 +40,7 @@ func newMetrics(
 	address string,
 	parent metricsParent,
 ) (*metrics, error) {
-	ln, err := net.Listen("tcp", address)
+	ln, err := net.Listen(restrictNetwork(restrictNetwork("tcp", address)))
 	if err != nil {
 		return nil, err
 	}
--- a/internal/core/pprof.go
+++ b/internal/core/pprof.go
@ -27,7 +27,7 @@ func newPPROF(
 	address string,
 	parent pprofParent,
 ) (*pprof, error) {
-	ln, err := net.Listen("tcp", address)
+	ln, err := net.Listen(restrictNetwork("tcp", address))
 	if err != nil {
 		return nil, err
 	}
--- a/internal/core/restrict_network.go
+++ b/internal/core/restrict_network.go
@ -0,0 +1,17 @@
+package core
+
+import (
+	"net"
+)
+
+// do not listen on IPv6 when address is 0.0.0.0.
+func restrictNetwork(network string, address string) (string, string) {
+	host, _, err := net.SplitHostPort(address)
+	if err == nil {
+		if host == "0.0.0.0" {
+			return network + "4", address
+		}
+	}
+
+	return network, address
+}
--- a/internal/core/rtmp_server.go
+++ b/internal/core/rtmp_server.go
@ -93,7 +93,7 @@ func newRTMPServer(
 ) (*rtmpServer, error) {
 	ln, err := func() (net.Listener, error) {
 		if !isTLS {
-			return net.Listen("tcp", address)
+			return net.Listen(restrictNetwork("tcp", address))
 		}

 		cert, err := tls.LoadX509KeyPair(serverCert, serverKey)
@ -101,7 +101,8 @@ func newRTMPServer(
 			return nil, err
 		}

-		return tls.Listen("tcp", address, &tls.Config{Certificates: []tls.Certificate{cert}})
+		network, address := restrictNetwork("tcp", address)
+		return tls.Listen(network, address, &tls.Config{Certificates: []tls.Certificate{cert}})
 	}()
 	if err != nil {
 		return nil, err
--- a/internal/core/udp_source.go
+++ b/internal/core/udp_source.go
@ -98,7 +98,7 @@ func (s *udpSource) run(ctx context.Context, cnf *conf.PathConf, reloadConf chan

 	hostPort := cnf.Source[len("udp://"):]

-	pc, err := net.ListenPacket("udp", hostPort)
+	pc, err := net.ListenPacket(restrictNetwork("udp", hostPort))
 	if err != nil {
 		return err
 	}
--- a/internal/core/webrtc_server.go
+++ b/internal/core/webrtc_server.go
@ -116,7 +116,7 @@ func newWebRTCServer(
 	iceUDPMuxAddress string,
 	iceTCPMuxAddress string,
 ) (*webRTCServer, error) {
-	ln, err := net.Listen("tcp", address)
+	ln, err := net.Listen(restrictNetwork("tcp", address))
 	if err != nil {
 		return nil, err
 	}
@ -137,7 +137,7 @@ func newWebRTCServer(
 	var iceUDPMux ice.UDPMux
 	var udpMuxLn net.PacketConn
 	if iceUDPMuxAddress != "" {
-		udpMuxLn, err = net.ListenPacket("udp", iceUDPMuxAddress)
+		udpMuxLn, err = net.ListenPacket(restrictNetwork("udp", iceUDPMuxAddress))
 		if err != nil {
 			return nil, err
 		}
@ -147,7 +147,7 @@ func newWebRTCServer(
 	var iceTCPMux ice.TCPMux
 	var tcpMuxLn net.Listener
 	if iceTCPMuxAddress != "" {
-		tcpMuxLn, err = net.Listen("tcp", iceTCPMuxAddress)
+		tcpMuxLn, err = net.Listen(restrictNetwork("tcp", iceTCPMuxAddress))
 		if err != nil {
 			return nil, err
 		}