From: Jack Lau via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Cc: Jack Lau <code@ffmpeg.org>
Subject: [FFmpeg-devel] [PATCH] avformat/tls_gnutls: implement dtls handshake logic (PR #20580)
Date: Tue, 23 Sep 2025 01:46:50 -0000
Message-ID: <175859201094.25.17087140219576026084@463a07221176> (raw)
PR #20580 opened by Jack Lau (JackLau)
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20580
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20580.patch
Get and set remote addr when dtls server mode.
(Refer to url_bio_bread in tls_openssl.c)
Add tls_handshake function.
TODO:
add gnutls_pull_timeout function to make dtls
handshake really work.
Signed-off-by: Jack Lau <jacklau1222@qq.com>
>From bf1cd40dcd31d63f75110c5e54030859d13207bf Mon Sep 17 00:00:00 2001
From: Jack Lau <jacklau1222@qq.com>
Date: Tue, 23 Sep 2025 09:35:07 +0800
Subject: [PATCH] avformat/tls_gnutls: implement dtls handshake logic
Get and set remote addr when dtls server mode.
(Refer to url_bio_bread in tls_openssl.c)
Add tls_handshake function.
TODO:
add gnutls_pull_timeout function to make dtls
handshake really work.
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls_gnutls.c | 66 +++++++++++++++++++++++++++++++---------
1 file changed, 51 insertions(+), 15 deletions(-)
diff --git a/libavformat/tls_gnutls.c b/libavformat/tls_gnutls.c
index e4fe53318c..c991a712df 100644
--- a/libavformat/tls_gnutls.c
+++ b/libavformat/tls_gnutls.c
@@ -48,6 +48,8 @@ typedef struct TLSContext {
gnutls_certificate_credentials_t cred;
int need_shutdown;
int io_err;
+ struct sockaddr_storage dest_addr;
+ socklen_t dest_addr_len;
} TLSContext;
static AVMutex gnutls_mutex = AV_MUTEX_INITIALIZER;
@@ -117,9 +119,23 @@ static ssize_t gnutls_url_pull(gnutls_transport_ptr_t transport,
void *buf, size_t len)
{
TLSContext *c = (TLSContext*) transport;
- int ret = ffurl_read(c->tls_shared.tcp, buf, len);
- if (ret >= 0)
+ TLSShared *s = &c->tls_shared;
+ URLContext *uc = s->is_dtls ? s->udp : s->tcp;
+ int ret = ffurl_read(uc, buf, len);
+ if (ret >= 0) {
+ if (s->is_dtls && s->listen && !c->dest_addr_len) {
+ int err_ret;
+
+ ff_udp_get_last_recv_addr(s->udp, &c->dest_addr, &c->dest_addr_len);
+ err_ret = ff_udp_set_remote_addr(s->udp, (struct sockaddr *)&c->dest_addr, c->dest_addr_len, 1);
+ if (err_ret < 0) {
+ av_log(c, AV_LOG_ERROR, "Failed connecting udp context\n");
+ return err_ret;
+ }
+ av_log(c, AV_LOG_TRACE, "Set UDP remote addr on UDP socket, now 'connected'\n");
+ }
return ret;
+ }
if (ret == AVERROR_EXIT)
return 0;
if (ret == AVERROR(EAGAIN)) {
@@ -135,7 +151,9 @@ static ssize_t gnutls_url_push(gnutls_transport_ptr_t transport,
const void *buf, size_t len)
{
TLSContext *c = (TLSContext*) transport;
- int ret = ffurl_write(c->tls_shared.tcp, buf, len);
+ TLSShared *s = &c->tls_shared;
+ URLContext *uc = s->is_dtls ? s->udp : s->tcp;
+ int ret = ffurl_write(uc, buf, len);
if (ret >= 0)
return ret;
if (ret == AVERROR_EXIT)
@@ -149,6 +167,32 @@ static ssize_t gnutls_url_push(gnutls_transport_ptr_t transport,
return -1;
}
+static int tls_handshake(URLContext *h)
+{
+ TLSContext *c = h->priv_data;
+ TLSShared *s = &c->tls_shared;
+ URLContext *uc = s->is_dtls ? s->udp : s->tcp;
+ int ret;
+
+ uc->flags &= ~AVIO_FLAG_NONBLOCK;
+
+ do {
+ if (ff_check_interrupt(&h->interrupt_callback)) {
+ ret = AVERROR_EXIT;
+ goto end;
+ }
+
+ ret = gnutls_handshake(c->session);
+ if (gnutls_error_is_fatal(ret)) {
+ ret = print_tls_error(h, ret);
+ goto end;
+ }
+ } while (ret);
+
+end:
+ return ret;
+}
+
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
{
TLSContext *c = h->priv_data;
@@ -204,18 +248,9 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
if (s->mtu)
gnutls_dtls_set_mtu(c->session, s->mtu);
gnutls_set_default_priority(c->session);
- do {
- if (ff_check_interrupt(&h->interrupt_callback)) {
- ret = AVERROR_EXIT;
- goto fail;
- }
-
- ret = gnutls_handshake(c->session);
- if (gnutls_error_is_fatal(ret)) {
- ret = print_tls_error(h, ret);
- goto fail;
- }
- } while (ret);
+ ret = tls_handshake(h);
+ if (ret < 0)
+ goto fail;
c->need_shutdown = 1;
if (s->verify) {
unsigned int status, cert_list_size;
@@ -345,6 +380,7 @@ static const AVClass dtls_class = {
const URLProtocol ff_dtls_protocol = {
.name = "dtls",
.url_open2 = dtls_open,
+ .url_handshake = tls_handshake,
.url_read = tls_read,
.url_write = tls_write,
.url_close = tls_close,
--
2.49.1
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
reply other threads:[~2025-09-23 1:47 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=175859201094.25.17087140219576026084@463a07221176 \
--to=ffmpeg-devel@ffmpeg.org \
--cc=code@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ http://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git