mediamtx/internal/core/rtsp_conn.go

package core

import (
	"fmt"
	"net"
	"time"

	"github.com/bluenviron/gortsplib/v3"
	"github.com/bluenviron/gortsplib/v3/pkg/auth"
	"github.com/bluenviron/gortsplib/v3/pkg/base"
	"github.com/bluenviron/gortsplib/v3/pkg/headers"
	"github.com/google/uuid"

	"github.com/bluenviron/mediamtx/internal/conf"
	"github.com/bluenviron/mediamtx/internal/externalcmd"
	"github.com/bluenviron/mediamtx/internal/logger"
)

const (
	rtspConnPauseAfterAuthError = 2 * time.Second
)

type rtspConnParent interface {
	logger.Writer
}

type rtspConn struct {
	rtspAddress         string
	authMethods         []headers.AuthMethod
	readTimeout         conf.StringDuration
	runOnConnect        string
	runOnConnectRestart bool
	externalCmdPool     *externalcmd.Pool
	pathManager         *pathManager
	conn                *gortsplib.ServerConn
	parent              rtspConnParent

	uuid         uuid.UUID
	created      time.Time
	onConnectCmd *externalcmd.Cmd
	authNonce    string
	authFailures int
}

func newRTSPConn(
	rtspAddress string,
	authMethods []headers.AuthMethod,
	readTimeout conf.StringDuration,
	runOnConnect string,
	runOnConnectRestart bool,
	externalCmdPool *externalcmd.Pool,
	pathManager *pathManager,
	conn *gortsplib.ServerConn,
	parent rtspConnParent,
) *rtspConn {
	c := &rtspConn{
		rtspAddress:         rtspAddress,
		authMethods:         authMethods,
		readTimeout:         readTimeout,
		runOnConnect:        runOnConnect,
		runOnConnectRestart: runOnConnectRestart,
		externalCmdPool:     externalCmdPool,
		pathManager:         pathManager,
		conn:                conn,
		parent:              parent,
		uuid:                uuid.New(),
		created:             time.Now(),
	}

	c.Log(logger.Info, "opened")

	if c.runOnConnect != "" {
		c.Log(logger.Info, "runOnConnect command started")
		_, port, _ := net.SplitHostPort(c.rtspAddress)
		c.onConnectCmd = externalcmd.NewCmd(
			c.externalCmdPool,
			c.runOnConnect,
			c.runOnConnectRestart,
			externalcmd.Environment{
				"RTSP_PATH": "",
				"RTSP_PORT": port,
			},
			func(co int) {
				c.Log(logger.Info, "runOnInit command exited with code %d", co)
			})
	}

	return c
}

func (c *rtspConn) Log(level logger.Level, format string, args ...interface{}) {
	c.parent.Log(level, "[conn %v] "+format, append([]interface{}{c.conn.NetConn().RemoteAddr()}, args...)...)
}

// Conn returns the RTSP connection.
func (c *rtspConn) Conn() *gortsplib.ServerConn {
	return c.conn
}

func (c *rtspConn) remoteAddr() net.Addr {
	return c.conn.NetConn().RemoteAddr()
}

func (c *rtspConn) ip() net.IP {
	return c.conn.NetConn().RemoteAddr().(*net.TCPAddr).IP
}

// onClose is called by rtspServer.
func (c *rtspConn) onClose(err error) {
	c.Log(logger.Info, "closed (%v)", err)

	if c.onConnectCmd != nil {
		c.onConnectCmd.Close()
		c.Log(logger.Info, "runOnConnect command stopped")
	}
}

// onRequest is called by rtspServer.
func (c *rtspConn) onRequest(req *base.Request) {
	c.Log(logger.Debug, "[c->s] %v", req)
}

// OnResponse is called by rtspServer.
func (c *rtspConn) OnResponse(res *base.Response) {
	c.Log(logger.Debug, "[s->c] %v", res)
}

// onDescribe is called by rtspServer.
func (c *rtspConn) onDescribe(ctx *gortsplib.ServerHandlerOnDescribeCtx,
) (*base.Response, *gortsplib.ServerStream, error) {
	if len(ctx.Path) == 0 || ctx.Path[0] != '/' {
		return &base.Response{
			StatusCode: base.StatusBadRequest,
		}, nil, fmt.Errorf("invalid path")
	}
	ctx.Path = ctx.Path[1:]

	if c.authNonce == "" {
		c.authNonce = auth.GenerateNonce()
	}

	res := c.pathManager.describe(pathDescribeReq{
		pathName: ctx.Path,
		url:      ctx.Request.URL,
		credentials: authCredentials{
			query:       ctx.Query,
			ip:          c.ip(),
			proto:       authProtocolRTSP,
			id:          &c.uuid,
			rtspRequest: ctx.Request,
			rtspNonce:   c.authNonce,
		},
	})

	if res.err != nil {
		switch terr := res.err.(type) {
		case pathErrAuth:
			res, err := c.handleAuthError(terr.wrapped)
			return res, nil, err

		case pathErrNoOnePublishing:
			return &base.Response{
				StatusCode: base.StatusNotFound,
			}, nil, res.err

		default:
			return &base.Response{
				StatusCode: base.StatusBadRequest,
			}, nil, res.err
		}
	}

	if res.redirect != "" {
		return &base.Response{
			StatusCode: base.StatusMovedPermanently,
			Header: base.Header{
				"Location": base.HeaderValue{res.redirect},
			},
		}, nil, nil
	}

	return &base.Response{
		StatusCode: base.StatusOK,
	}, res.stream.rtspStream, nil
}

func (c *rtspConn) handleAuthError(authErr error) (*base.Response, error) {
	c.authFailures++

	// VLC with login prompt sends 4 requests:
	// 1) without credentials
	// 2) with password but without username
	// 3) without credentials
	// 4) with password and username
	// therefore we must allow up to 3 failures
	if c.authFailures <= 3 {
		return &base.Response{
			StatusCode: base.StatusUnauthorized,
			Header: base.Header{
				"WWW-Authenticate": auth.GenerateWWWAuthenticate(c.authMethods, "IPCAM", c.authNonce),
			},
		}, nil
	}

	// wait some seconds to stop brute force attacks
	<-time.After(rtspConnPauseAfterAuthError)

	return &base.Response{
		StatusCode: base.StatusUnauthorized,
	}, authErr
}
move most components into internal/core in this way coverage can be computed correctly. 2021-07-24 13:55:42 +00:00			`package core`
support multiple tracks per stream 2019-12-31 12:48:17 +00:00
			`import (`
support external authentication (#504) (#517) 2021-12-22 18:13:56 +00:00			`"fmt"`
support multiple tracks per stream 2019-12-31 12:48:17 +00:00			`"net"`
add ticker to check whether udp packets are being received or not while publishing; fix #15 2020-06-21 09:30:30 +00:00			`"time"`
support multiple tracks per stream 2019-12-31 12:48:17 +00:00
update gortsplib, gohlslib (#1637) 2023-04-01 16:39:12 +00:00			`"github.com/bluenviron/gortsplib/v3"`
			`"github.com/bluenviron/gortsplib/v3/pkg/auth"`
			`"github.com/bluenviron/gortsplib/v3/pkg/base"`
			`"github.com/bluenviron/gortsplib/v3/pkg/headers"`
use UUIDs as IDs in all entities (#1234) 2022-11-09 18:31:52 +00:00			`"github.com/google/uuid"`
move externalcmd, syslog, loghandler into dedicated folders 2020-10-13 22:02:55 +00:00
change repository owner (#1801) 2023-05-16 14:14:20 +00:00			`"github.com/bluenviron/mediamtx/internal/conf"`
			`"github.com/bluenviron/mediamtx/internal/externalcmd"`
			`"github.com/bluenviron/mediamtx/internal/logger"`
support multiple tracks per stream 2019-12-31 12:48:17 +00:00			`)`

add ticker to check whether udp packets are being received or not while publishing; fix #15 2020-06-21 09:30:30 +00:00			`const (`
move most components into internal/core in this way coverage can be computed correctly. 2021-07-24 13:55:42 +00:00			`rtspConnPauseAfterAuthError = 2 * time.Second`
add ticker to check whether udp packets are being received or not while publishing; fix #15 2020-06-21 09:30:30 +00:00			`)`

move most components into internal/core in this way coverage can be computed correctly. 2021-07-24 13:55:42 +00:00			`type rtspConnParent interface {`
print warning in case no key frames are being received (#1763) 2023-05-04 18:16:41 +00:00			`logger.Writer`
new structure 2020-10-19 20:17:48 +00:00			`}`

move most components into internal/core in this way coverage can be computed correctly. 2021-07-24 13:55:42 +00:00			`type rtspConn struct {`
unify authentication mechanisms (#1775) 2023-05-08 15:04:14 +00:00			`rtspAddress string`
			`authMethods []headers.AuthMethod`
			`readTimeout conf.StringDuration`
			`runOnConnect string`
			`runOnConnectRestart bool`
			`externalCmdPool *externalcmd.Pool`
			`pathManager *pathManager`
			`conn *gortsplib.ServerConn`
			`parent rtspConnParent`

			`uuid uuid.UUID`
			`created time.Time`
			`onConnectCmd *externalcmd.Cmd`
			`authNonce string`
			`authFailures int`
support multiple tracks per stream 2019-12-31 12:48:17 +00:00			`}`

move most components into internal/core in this way coverage can be computed correctly. 2021-07-24 13:55:42 +00:00			`func newRTSPConn(`
allow to set a different listen IP for each listener (#343) 2021-04-24 16:25:19 +00:00			`rtspAddress string,`
reload only rtsp server when authMethods is changed 2021-08-01 14:56:53 +00:00			`authMethods []headers.AuthMethod,`
api: decode durations from strings instead of numbers This allows to use human-readable durations with the API, for instance: "5s" instead of 5000000000 2021-09-26 21:06:40 +00:00			`readTimeout conf.StringDuration,`
new structure 2020-10-19 20:17:48 +00:00			`runOnConnect string,`
add 'restart' option to all external commands 2020-10-31 15:36:09 +00:00			`runOnConnectRestart bool,`
support external authentication (#504) (#517) 2021-12-22 18:13:56 +00:00			`externalCmdPool *externalcmd.Pool,`
fix multiple freezes during shutdown of components 2021-07-30 18:13:17 +00:00			`pathManager *pathManager,`
update gortsplib 2020-12-06 17:01:10 +00:00			`conn *gortsplib.ServerConn,`
update linter 2022-04-07 10:50:35 +00:00			`parent rtspConnParent,`
			`) *rtspConn {`
move most components into internal/core in this way coverage can be computed correctly. 2021-07-24 13:55:42 +00:00			`c := &rtspConn{`
unify authentication mechanisms (#1775) 2023-05-08 15:04:14 +00:00			`rtspAddress: rtspAddress,`
			`authMethods: authMethods,`
			`readTimeout: readTimeout,`
			`runOnConnect: runOnConnect,`
			`runOnConnectRestart: runOnConnectRestart,`
			`externalCmdPool: externalCmdPool,`
			`pathManager: pathManager,`
			`conn: conn,`
			`parent: parent,`
			`uuid: uuid.New(),`
			`created: time.Now(),`
support multiple tracks per stream 2019-12-31 12:48:17 +00:00			`}`

print warning in case no key frames are being received (#1763) 2023-05-04 18:16:41 +00:00			`c.Log(logger.Info, "opened")`
make sure all clients are closed before closing server 2020-10-14 17:35:21 +00:00
implement RTSP sessions (#149) 2021-05-07 21:07:31 +00:00			`if c.runOnConnect != "" {`
print warning in case no key frames are being received (#1763) 2023-05-04 18:16:41 +00:00			`c.Log(logger.Info, "runOnConnect command started")`
implement RTSP sessions (#149) 2021-05-07 21:07:31 +00:00			`_, port, _ := net.SplitHostPort(c.rtspAddress)`
do not wait for external commands to exit during runtime wait for them during shutdown. 2021-12-21 11:39:32 +00:00			`c.onConnectCmd = externalcmd.NewCmd(`
			`c.externalCmdPool,`
make regexp groups available to custom commands (#642) 2021-12-08 19:50:09 +00:00			`c.runOnConnect,`
			`c.runOnConnectRestart,`
			`externalcmd.Environment{`
			`"RTSP_PATH": "",`
			`"RTSP_PORT": port,`
print a message when a custom command exits suddently 2021-12-08 20:23:45 +00:00			`},`
			`func(co int) {`
print warning in case no key frames are being received (#1763) 2023-05-04 18:16:41 +00:00			`c.Log(logger.Info, "runOnInit command exited with code %d", co)`
make regexp groups available to custom commands (#642) 2021-12-08 19:50:09 +00:00			`})`
implement RTSP sessions (#149) 2021-05-07 21:07:31 +00:00			`}`
add a RTMP server that allows to publish legacy streams (#132) 2021-01-31 20:42:27 +00:00
new structure 2020-10-19 20:17:48 +00:00			`return c`
support multiple tracks per stream 2019-12-31 12:48:17 +00:00			`}`

print warning in case no key frames are being received (#1763) 2023-05-04 18:16:41 +00:00			`func (c *rtspConn) Log(level logger.Level, format string, args ...interface{}) {`
			`c.parent.Log(level, "[conn %v] "+format, append([]interface{}{c.conn.NetConn().RemoteAddr()}, args...)...)`
new structure 2020-10-19 20:17:48 +00:00			`}`
add option sourceOnDemand to pull sources only when there are connected clients (#36) 2020-07-29 21:30:42 +00:00
implement RTSP sessions (#149) 2021-05-07 21:07:31 +00:00			`// Conn returns the RTSP connection.`
move most components into internal/core in this way coverage can be computed correctly. 2021-07-24 13:55:42 +00:00			`func (c rtspConn) Conn() gortsplib.ServerConn {`
implement RTSP sessions (#149) 2021-05-07 21:07:31 +00:00			`return c.conn`
			`}`

api, metrics: add endpoints and metrics for RTSP connections (#1233) new API endpoints: * /v1/rtspconns/list * /v1/rtspsconns/list new metrics: * rtsp_conns * rtsps_conns 2022-11-09 17:31:31 +00:00			`func (c *rtspConn) remoteAddr() net.Addr {`
			`return c.conn.NetConn().RemoteAddr()`
			`}`

move most components into internal/core in this way coverage can be computed correctly. 2021-07-24 13:55:42 +00:00			`func (c *rtspConn) ip() net.IP {`
support ipv6 link-local addresses; fix #6 2020-05-03 21:26:41 +00:00			`return c.conn.NetConn().RemoteAddr().(*net.TCPAddr).IP`
			`}`

unexport members of private structs 2021-10-27 19:01:00 +00:00			`// onClose is called by rtspServer.`
			`func (c *rtspConn) onClose(err error) {`
print warning in case no key frames are being received (#1763) 2023-05-04 18:16:41 +00:00			`c.Log(logger.Info, "closed (%v)", err)`
api: make sure that entities are deleted immediately after a kick request 2021-08-12 08:50:29 +00:00
			`if c.onConnectCmd != nil {`
			`c.onConnectCmd.Close()`
print warning in case no key frames are being received (#1763) 2023-05-04 18:16:41 +00:00			`c.Log(logger.Info, "runOnConnect command stopped")`
api: make sure that entities are deleted immediately after a kick request 2021-08-12 08:50:29 +00:00			`}`
			`}`

unexport members of private structs 2021-10-27 19:01:00 +00:00			`// onRequest is called by rtspServer.`
			`func (c rtspConn) onRequest(req base.Request) {`
print warning in case no key frames are being received (#1763) 2023-05-04 18:16:41 +00:00			`c.Log(logger.Debug, "[c->s] %v", req)`
fix multiple freezes during shutdown of components 2021-07-30 18:13:17 +00:00			`}`

			`// OnResponse is called by rtspServer.`
			`func (c rtspConn) OnResponse(res base.Response) {`
print warning in case no key frames are being received (#1763) 2023-05-04 18:16:41 +00:00			`c.Log(logger.Debug, "[s->c] %v", res)`
fix multiple freezes during shutdown of components 2021-07-30 18:13:17 +00:00			`}`

unexport members of private structs 2021-10-27 19:01:00 +00:00			`// onDescribe is called by rtspServer.`
			`func (c rtspConn) onDescribe(ctx gortsplib.ServerHandlerOnDescribeCtx,`
update golangci-lint 2021-09-09 21:05:54 +00:00			`) (base.Response, gortsplib.ServerStream, error) {`
update gortsplib 2023-01-11 00:11:05 +00:00			`if len(ctx.Path) == 0 \|\| ctx.Path[0] != '/' {`
			`return &base.Response{`
			`StatusCode: base.StatusBadRequest,`
			`}, nil, fmt.Errorf("invalid path")`
			`}`
			`ctx.Path = ctx.Path[1:]`

unify authentication mechanisms (#1775) 2023-05-08 15:04:14 +00:00			`if c.authNonce == "" {`
			`c.authNonce = auth.GenerateNonce()`
			`}`

remove "on" prefix from most communication functions between components 2022-08-04 19:07:17 +00:00			`res := c.pathManager.describe(pathDescribeReq{`
un-capitalize private fields 2022-01-14 22:42:41 +00:00			`pathName: ctx.Path,`
update gortsplib 2022-02-19 22:06:24 +00:00			`url: ctx.Request.URL,`
unify authentication mechanisms (#1775) 2023-05-08 15:04:14 +00:00			`credentials: authCredentials{`
			`query: ctx.Query,`
			`ip: c.ip(),`
			`proto: authProtocolRTSP,`
			`id: &c.uuid,`
			`rtspRequest: ctx.Request,`
			`rtspNonce: c.authNonce,`
fix multiple freezes during shutdown of components 2021-07-30 18:13:17 +00:00			`},`
			`})`

un-capitalize private fields 2022-01-14 22:42:41 +00:00			`if res.err != nil {`
			`switch terr := res.err.(type) {`
unify authentication mechanisms (#1775) 2023-05-08 15:04:14 +00:00			`case pathErrAuth:`
			`res, err := c.handleAuthError(terr.wrapped)`
			`return res, nil, err`
fix multiple freezes during shutdown of components 2021-07-30 18:13:17 +00:00
split readPublisher into reader and publisher 2021-07-31 18:46:06 +00:00			`case pathErrNoOnePublishing:`
fix multiple freezes during shutdown of components 2021-07-30 18:13:17 +00:00			`return &base.Response{`
			`StatusCode: base.StatusNotFound,`
un-capitalize private fields 2022-01-14 22:42:41 +00:00			`}, nil, res.err`
fix multiple freezes during shutdown of components 2021-07-30 18:13:17 +00:00
			`default:`
			`return &base.Response{`
			`StatusCode: base.StatusBadRequest,`
un-capitalize private fields 2022-01-14 22:42:41 +00:00			`}, nil, res.err`
fix multiple freezes during shutdown of components 2021-07-30 18:13:17 +00:00			`}`
			`}`

un-capitalize private fields 2022-01-14 22:42:41 +00:00			`if res.redirect != "" {`
fix multiple freezes during shutdown of components 2021-07-30 18:13:17 +00:00			`return &base.Response{`
			`StatusCode: base.StatusMovedPermanently,`
			`Header: base.Header{`
un-capitalize private fields 2022-01-14 22:42:41 +00:00			`"Location": base.HeaderValue{res.redirect},`
fix multiple freezes during shutdown of components 2021-07-30 18:13:17 +00:00			`},`
			`}, nil, nil`
			`}`

			`return &base.Response{`
			`StatusCode: base.StatusOK,`
un-capitalize private fields 2022-01-14 22:42:41 +00:00			`}, res.stream.rtspStream, nil`
fix multiple freezes during shutdown of components 2021-07-30 18:13:17 +00:00			`}`
unify authentication mechanisms (#1775) 2023-05-08 15:04:14 +00:00
			`func (c rtspConn) handleAuthError(authErr error) (base.Response, error) {`
			`c.authFailures++`

			`// VLC with login prompt sends 4 requests:`
			`// 1) without credentials`
			`// 2) with password but without username`
			`// 3) without credentials`
			`// 4) with password and username`
			`// therefore we must allow up to 3 failures`
			`if c.authFailures <= 3 {`
			`return &base.Response{`
			`StatusCode: base.StatusUnauthorized,`
			`Header: base.Header{`
			`"WWW-Authenticate": auth.GenerateWWWAuthenticate(c.authMethods, "IPCAM", c.authNonce),`
			`},`
			`}, nil`
			`}`

			`// wait some seconds to stop brute force attacks`
			`<-time.After(rtspConnPauseAfterAuthError)`

			`return &base.Response{`
			`StatusCode: base.StatusUnauthorized,`
			`}, authErr`
			`}`