PR #20580 opened by Jack Lau (JackLau) URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20580 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20580.patch
Get and set remote addr when dtls server mode. (Refer to url_bio_bread in tls_openssl.c) Add tls_handshake function. TODO: add gnutls_pull_timeout function to make dtls handshake really work. Signed-off-by: Jack Lau <[email protected]> >From bf1cd40dcd31d63f75110c5e54030859d13207bf Mon Sep 17 00:00:00 2001 From: Jack Lau <[email protected]> Date: Tue, 23 Sep 2025 09:35:07 +0800 Subject: [PATCH] avformat/tls_gnutls: implement dtls handshake logic Get and set remote addr when dtls server mode. (Refer to url_bio_bread in tls_openssl.c) Add tls_handshake function. TODO: add gnutls_pull_timeout function to make dtls handshake really work. Signed-off-by: Jack Lau <[email protected]> --- libavformat/tls_gnutls.c | 66 +++++++++++++++++++++++++++++++--------- 1 file changed, 51 insertions(+), 15 deletions(-) diff --git a/libavformat/tls_gnutls.c b/libavformat/tls_gnutls.c index e4fe53318c..c991a712df 100644 --- a/libavformat/tls_gnutls.c +++ b/libavformat/tls_gnutls.c @@ -48,6 +48,8 @@ typedef struct TLSContext { gnutls_certificate_credentials_t cred; int need_shutdown; int io_err; + struct sockaddr_storage dest_addr; + socklen_t dest_addr_len; } TLSContext; static AVMutex gnutls_mutex = AV_MUTEX_INITIALIZER; @@ -117,9 +119,23 @@ static ssize_t gnutls_url_pull(gnutls_transport_ptr_t transport, void *buf, size_t len) { TLSContext *c = (TLSContext*) transport; - int ret = ffurl_read(c->tls_shared.tcp, buf, len); - if (ret >= 0) + TLSShared *s = &c->tls_shared; + URLContext *uc = s->is_dtls ? s->udp : s->tcp; + int ret = ffurl_read(uc, buf, len); + if (ret >= 0) { + if (s->is_dtls && s->listen && !c->dest_addr_len) { + int err_ret; + + ff_udp_get_last_recv_addr(s->udp, &c->dest_addr, &c->dest_addr_len); + err_ret = ff_udp_set_remote_addr(s->udp, (struct sockaddr *)&c->dest_addr, c->dest_addr_len, 1); + if (err_ret < 0) { + av_log(c, AV_LOG_ERROR, "Failed connecting udp context\n"); + return err_ret; + } + av_log(c, AV_LOG_TRACE, "Set UDP remote addr on UDP socket, now 'connected'\n"); + } return ret; + } if (ret == AVERROR_EXIT) return 0; if (ret == AVERROR(EAGAIN)) { @@ -135,7 +151,9 @@ static ssize_t gnutls_url_push(gnutls_transport_ptr_t transport, const void *buf, size_t len) { TLSContext *c = (TLSContext*) transport; - int ret = ffurl_write(c->tls_shared.tcp, buf, len); + TLSShared *s = &c->tls_shared; + URLContext *uc = s->is_dtls ? s->udp : s->tcp; + int ret = ffurl_write(uc, buf, len); if (ret >= 0) return ret; if (ret == AVERROR_EXIT) @@ -149,6 +167,32 @@ static ssize_t gnutls_url_push(gnutls_transport_ptr_t transport, return -1; } +static int tls_handshake(URLContext *h) +{ + TLSContext *c = h->priv_data; + TLSShared *s = &c->tls_shared; + URLContext *uc = s->is_dtls ? s->udp : s->tcp; + int ret; + + uc->flags &= ~AVIO_FLAG_NONBLOCK; + + do { + if (ff_check_interrupt(&h->interrupt_callback)) { + ret = AVERROR_EXIT; + goto end; + } + + ret = gnutls_handshake(c->session); + if (gnutls_error_is_fatal(ret)) { + ret = print_tls_error(h, ret); + goto end; + } + } while (ret); + +end: + return ret; +} + static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options) { TLSContext *c = h->priv_data; @@ -204,18 +248,9 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op if (s->mtu) gnutls_dtls_set_mtu(c->session, s->mtu); gnutls_set_default_priority(c->session); - do { - if (ff_check_interrupt(&h->interrupt_callback)) { - ret = AVERROR_EXIT; - goto fail; - } - - ret = gnutls_handshake(c->session); - if (gnutls_error_is_fatal(ret)) { - ret = print_tls_error(h, ret); - goto fail; - } - } while (ret); + ret = tls_handshake(h); + if (ret < 0) + goto fail; c->need_shutdown = 1; if (s->verify) { unsigned int status, cert_list_size; @@ -345,6 +380,7 @@ static const AVClass dtls_class = { const URLProtocol ff_dtls_protocol = { .name = "dtls", .url_open2 = dtls_open, + .url_handshake = tls_handshake, .url_read = tls_read, .url_write = tls_write, .url_close = tls_close, -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
