Commit 7ad72661 authored by Havard Graff's avatar Havard Graff Committed by Olivier Crête
Browse files

rtpbin: introduce max-streams property

To be able to cap the number of allowed streams for one session.

This is useful for preventing DoS attacks, where a sender can change
SSRC for every buffer, effectively bringing rtpbin to a halt.

https://bugzilla.gnome.org/show_bug.cgi?id=770292
parent b33470f8
...@@ -299,6 +299,7 @@ enum ...@@ -299,6 +299,7 @@ enum
#define DEFAULT_MAX_DROPOUT_TIME 60000 #define DEFAULT_MAX_DROPOUT_TIME 60000
#define DEFAULT_MAX_MISORDER_TIME 2000 #define DEFAULT_MAX_MISORDER_TIME 2000
#define DEFAULT_RFC7273_SYNC FALSE #define DEFAULT_RFC7273_SYNC FALSE
#define DEFAULT_MAX_STREAMS G_MAXUINT
enum enum
{ {
...@@ -322,7 +323,8 @@ enum ...@@ -322,7 +323,8 @@ enum
PROP_MAX_RTCP_RTP_TIME_DIFF, PROP_MAX_RTCP_RTP_TIME_DIFF,
PROP_MAX_DROPOUT_TIME, PROP_MAX_DROPOUT_TIME,
PROP_MAX_MISORDER_TIME, PROP_MAX_MISORDER_TIME,
PROP_RFC7273_SYNC PROP_RFC7273_SYNC,
PROP_MAX_STREAMS
}; };
#define GST_RTP_BIN_RTCP_SYNC_TYPE (gst_rtp_bin_rtcp_sync_get_type()) #define GST_RTP_BIN_RTCP_SYNC_TYPE (gst_rtp_bin_rtcp_sync_get_type())
...@@ -1583,6 +1585,9 @@ create_stream (GstRtpBinSession * session, guint32 ssrc) ...@@ -1583,6 +1585,9 @@ create_stream (GstRtpBinSession * session, guint32 ssrc)
rtpbin = session->bin; rtpbin = session->bin;
if (g_slist_length (session->streams) >= rtpbin->max_streams)
goto max_streams;
if (!(buffer = gst_element_factory_make ("rtpjitterbuffer", NULL))) if (!(buffer = gst_element_factory_make ("rtpjitterbuffer", NULL)))
goto no_jitterbuffer; goto no_jitterbuffer;
...@@ -1659,6 +1664,12 @@ create_stream (GstRtpBinSession * session, guint32 ssrc) ...@@ -1659,6 +1664,12 @@ create_stream (GstRtpBinSession * session, guint32 ssrc)
return stream; return stream;
/* ERRORS */ /* ERRORS */
max_streams:
{
GST_WARNING_OBJECT (rtpbin, "stream exeeds maximum (%d)",
rtpbin->max_streams);
return NULL;
}
no_jitterbuffer: no_jitterbuffer:
{ {
g_warning ("rtpbin: could not create rtpjitterbuffer element"); g_warning ("rtpbin: could not create rtpjitterbuffer element");
...@@ -2323,6 +2334,12 @@ gst_rtp_bin_class_init (GstRtpBinClass * klass) ...@@ -2323,6 +2334,12 @@ gst_rtp_bin_class_init (GstRtpBinClass * klass)
"(requires clock and offset to be provided)", DEFAULT_RFC7273_SYNC, "(requires clock and offset to be provided)", DEFAULT_RFC7273_SYNC,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)); G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
g_object_class_install_property (gobject_class, PROP_MAX_STREAMS,
g_param_spec_uint ("max-streams", "Max Streams",
"The maximum number of streams to create for one session",
0, G_MAXUINT, DEFAULT_MAX_STREAMS,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
gstelement_class->change_state = GST_DEBUG_FUNCPTR (gst_rtp_bin_change_state); gstelement_class->change_state = GST_DEBUG_FUNCPTR (gst_rtp_bin_change_state);
gstelement_class->request_new_pad = gstelement_class->request_new_pad =
GST_DEBUG_FUNCPTR (gst_rtp_bin_request_new_pad); GST_DEBUG_FUNCPTR (gst_rtp_bin_request_new_pad);
...@@ -2393,6 +2410,7 @@ gst_rtp_bin_init (GstRtpBin * rtpbin) ...@@ -2393,6 +2410,7 @@ gst_rtp_bin_init (GstRtpBin * rtpbin)
rtpbin->max_dropout_time = DEFAULT_MAX_DROPOUT_TIME; rtpbin->max_dropout_time = DEFAULT_MAX_DROPOUT_TIME;
rtpbin->max_misorder_time = DEFAULT_MAX_MISORDER_TIME; rtpbin->max_misorder_time = DEFAULT_MAX_MISORDER_TIME;
rtpbin->rfc7273_sync = DEFAULT_RFC7273_SYNC; rtpbin->rfc7273_sync = DEFAULT_RFC7273_SYNC;
rtpbin->max_streams = DEFAULT_MAX_STREAMS;
/* some default SDES entries */ /* some default SDES entries */
cname = g_strdup_printf ("user%u@host-%x", g_random_int (), g_random_int ()); cname = g_strdup_printf ("user%u@host-%x", g_random_int (), g_random_int ());
...@@ -2614,6 +2632,9 @@ gst_rtp_bin_set_property (GObject * object, guint prop_id, ...@@ -2614,6 +2632,9 @@ gst_rtp_bin_set_property (GObject * object, guint prop_id,
gst_rtp_bin_propagate_property_to_jitterbuffer (rtpbin, gst_rtp_bin_propagate_property_to_jitterbuffer (rtpbin,
"rfc7273-sync", value); "rfc7273-sync", value);
break; break;
case PROP_MAX_STREAMS:
rtpbin->max_streams = g_value_get_uint (value);
break;
default: default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break; break;
...@@ -2699,6 +2720,9 @@ gst_rtp_bin_get_property (GObject * object, guint prop_id, ...@@ -2699,6 +2720,9 @@ gst_rtp_bin_get_property (GObject * object, guint prop_id,
case PROP_RFC7273_SYNC: case PROP_RFC7273_SYNC:
g_value_set_boolean (value, rtpbin->rfc7273_sync); g_value_set_boolean (value, rtpbin->rfc7273_sync);
break; break;
case PROP_MAX_STREAMS:
g_value_set_uint (value, rtpbin->max_streams);
break;
default: default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break; break;
......
...@@ -74,6 +74,7 @@ struct _GstRtpBin { ...@@ -74,6 +74,7 @@ struct _GstRtpBin {
guint32 max_dropout_time; guint32 max_dropout_time;
guint32 max_misorder_time; guint32 max_misorder_time;
gboolean rfc7273_sync; gboolean rfc7273_sync;
guint max_streams;
/* a list of session */ /* a list of session */
GSList *sessions; GSList *sessions;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment