Path names are used as part of paths in several components: in the
recorder, in the playback server and in every HTTP-based component
(WebRTC, HLS, API). Special characters that allow to escape from the
intended directory are now forbidden in order to prevent directory
traversal attacks.
The TWCC extension is used as part of the WebRTC congestion control
algorithm placed between the publisher and the server. If this
extension is routed untouched from the server to readers, it messes
with the congestion control algorithm present between the server and
each reader. Remove it.
When rewriting audio RTP timestamps in WebRTC egress, NTP was
derived using regenerated packet timestamps minus the incoming
RTP base timestamp.
That mixed timestamp domains and could shift absolute time by an
arbitrary offset while still exposing mapping as available.
Fix by using a consistent outgoing RTP domain in rewritten audio
paths:
- snapshot outgoing base timestamp before rewriting each unit
- compute NTP from (outgoing packet timestamp - outgoing base
timestamp)
This keeps RTP<->NTP mapping coherent for sender reports and prevents
random absolute-time offsets in WebRTC loopback with
useAbsoluteTimestamp.
---------
Co-authored-by: aler9 <46489434+aler9@users.noreply.github.com>
this allows to use MPEG-TS tracks with other protocols and with the recording system.
---------
Co-authored-by: aler9 <46489434+aler9@users.noreply.github.com>
The new outboundRtpPacketsReportedLost property allows to track RTP
packets that have been reported lost by readers. Furthermore, stats now
have a "inbound" or "outbound" prefix to improve readability.
loggerWriter was shadow-copying every response byte into a bytes.Buffer
to report the body size, causing the entire response to be accumulated
in memory for the lifetime of each request. Replace the buffer with a
plain int counter since dump() only ever reported the byte count anyway.
when alwaysAvailableFile points to a file with a H265 or H264 track,
server is started, an online stream is published and then closed, video
was getting corrupted since the online video was overriding the
parameters of the offline video.
When a path is dynamic, and the path receives multiple describe and
publish requests in parallel, describe requests might cause the path to
be deleted, and this might cause pending publish requests to fail,
since the path has been deleted.
This patch improves the situation by checking for pending requests
before deleting a path.
In case of RTSP and RTMP, JWTs cannot be used as passwords since
there's a size limit. Therefore, documentation is updated to suggest
passing JWT through query parameters, and authJWTInHTTPQuery is updated
to act on HTTP requests only.
Unix socket are stream-based connections, while RTP requires
packet-based connections. While packet-based Unix sockets exist
(unixgram), no client supports them. Consequently we are forced to
deprecate unix+rtp.
Alessandro Ros