On Tue, Dec 03, 2019 at 06:57:27PM +0800, Jun Zhao wrote: > From: Jun Zhao <[email protected]> > > Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/ > SRTO_KMPREANNOUNCE for srt encryption control. > > Signed-off-by: Jun Zhao <[email protected]> > --- > doc/protocols.texi | 16 ++++++++++++++++ > libavformat/libsrt.c | 18 ++++++++++++++++++ > 2 files changed, 34 insertions(+), 0 deletions(-) > > diff --git a/doc/protocols.texi b/doc/protocols.texi > index eab6242..04f6e8b 100644 > --- a/doc/protocols.texi > +++ b/doc/protocols.texi > @@ -1282,6 +1282,22 @@ only if @option{pbkeylen} is non-zero. It is used on > the receiver only if the received data is encrypted. > The configured passphrase cannot be recovered (write-only). > > +@item enforced_encryption=@var{1|0} > +If true, both connection parties must have the same password > +set (including empty, that is, with no encryption). If the > +password doesn't match or only one side is unencrypted, > +the connection is rejected. Default is true. > + > +@item kmrefreshrate=@var{n} > +The number of packets to be transmitted after which the > +encryption key is switched to a new key. > + > +@item kmpreannounce=@var{n} > +The interval between when a new encryption key is sent and > +when switchover occurs. This value also applies to the > +subsequent interval between when switchover occurs and > +when the old encryption key is decommissioned. > + > @item payload_size=@var{bytes} > Sets the maximum declared size of a packet transferred > during the single call to the sending function in Live > diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c > index 0a748a1..06f2c02 100644 > --- a/libavformat/libsrt.c > +++ b/libavformat/libsrt.c > @@ -62,6 +62,9 @@ typedef struct SRTContext { > int64_t maxbw; > int pbkeylen; > char *passphrase; > + int enforced_encryption; > + int kmrefreshrate; > + int kmpreannounce; > int mss; > int ffs; > int ipttl;
> @@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = {
> { "maxbw", "Maximum bandwidth (bytes per second) that the
> connection can use", OFFSET(maxbw), AV_OPT_TYPE_INT64, {
> .i64 = -1 }, -1, INT64_MAX, .flags = D|E },
> { "pbkeylen", "Crypto key len in bytes {16,24,32} Default: 16
> (128-bit)", OFFSET(pbkeylen), AV_OPT_TYPE_INT, {
> .i64 = -1 }, -1, 32, .flags = D|E },
> { "passphrase", "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable
> crypto", OFFSET(passphrase), AV_OPT_TYPE_STRING, { .str =
> NULL }, .flags = D|E },
> + { "enforced_encryption", "Enforces that both connection parties
> have the same passphrase set ", OFFSET(enforced_encryption),
> AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 1, .flags = D|E },
is this intended to be INT and not AV_OPT_TYPE_BOOL ?
> + { "kmrefreshrate", "The number of packets to be transmitted
> after which the encryption key is switched to a new key",
> OFFSET(kmrefreshrate), AV_OPT_TYPE_INT, { .i64 = -1 }, -1,
> INT_MAX, .flags = D|E },
> + { "kmpreannounce", "The interval between when a new encryption
> key is sent and when switchover occurs", OFFSET(kmpreannounce),
> AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, .flags = D|E },
> { "mss", "The Maximum Segment Size",
> OFFSET(mss), AV_OPT_TYPE_INT, { .i64 =
> -1 }, -1, 1500, .flags = D|E },
> { "ffs", "Flight flag size (window size) (in bytes)",
> OFFSET(ffs), AV_OPT_TYPE_INT, { .i64 =
> -1 }, -1, INT_MAX, .flags = D|E },
> { "ipttl", "IP Time To Live",
> OFFSET(ipttl), AV_OPT_TYPE_INT, { .i64 =
> -1 }, -1, 255, .flags = D|E },
The added options are alot more randomly formated than the surrounding ones
otherwise the patch should be good
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
When you are offended at any man's fault, turn to yourself and study your
own failings. Then you will forget your anger. -- Epictetus
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
