diff --git a/trunk/conf/full.conf b/trunk/conf/full.conf index 4ac71ed4b..ef9bcb8dd 100644 --- a/trunk/conf/full.conf +++ b/trunk/conf/full.conf @@ -413,6 +413,10 @@ rtc_server { # @remark Always 1 if OS does not support sendmmsg, like OSX. # default: 256 sendmmsg 256; + # Whether encrypt RTP packet by SRTP. + # @remark Should always turn it on, or Chrome will fail. + # default: on + encrypt on; } vhost rtc.vhost.srs.com { diff --git a/trunk/src/app/srs_app_config.cpp b/trunk/src/app/srs_app_config.cpp index c70e551b9..b3523cd7c 100644 --- a/trunk/src/app/srs_app_config.cpp +++ b/trunk/src/app/srs_app_config.cpp @@ -3583,6 +3583,16 @@ srs_error_t SrsConfig::check_normal_config() } } } + if (true) { + SrsConfDirective* conf = root->get("rtc_server"); + for (int i = 0; conf && i < (int)conf->directives.size(); i++) { + string n = conf->at(i)->name; + if (n != "enabled" && n != "listen" && n != "dir" && n != "candidate" && n != "ecdsa" + && n != "sendmmsg" && n != "encrypt") { + return srs_error_new(ERROR_SYSTEM_CONFIG_INVALID, "illegal rtc_server.%s", n.c_str()); + } + } + } //////////////////////////////////////////////////////////////////////// // check listen for rtmp. @@ -4672,6 +4682,23 @@ bool SrsConfig::get_rtc_server_ecdsa() return SRS_CONF_PERFER_TRUE(conf->arg0()); } +bool SrsConfig::get_rtc_server_encrypt() +{ + static bool DEFAULT = true; + + SrsConfDirective* conf = root->get("rtc_server"); + if (!conf) { + return DEFAULT; + } + + conf = conf->get("encrypt"); + if (!conf || conf->arg0().empty()) { + return DEFAULT; + } + + return SRS_CONF_PERFER_TRUE(conf->arg0()); +} + int SrsConfig::get_rtc_server_sendmmsg() { #if !defined(SRS_AUTO_HAS_SENDMMSG) || !defined(SRS_AUTO_SENDMMSG) diff --git a/trunk/src/app/srs_app_config.hpp b/trunk/src/app/srs_app_config.hpp index 01732bb11..21fff23fe 100644 --- a/trunk/src/app/srs_app_config.hpp +++ b/trunk/src/app/srs_app_config.hpp @@ -524,6 +524,7 @@ public: virtual std::string get_rtc_server_candidates(); virtual bool get_rtc_server_ecdsa(); virtual int get_rtc_server_sendmmsg(); + virtual bool get_rtc_server_encrypt(); SrsConfDirective* get_rtc(std::string vhost); bool get_rtc_enabled(std::string vhost); diff --git a/trunk/src/app/srs_app_http_api.cpp b/trunk/src/app/srs_app_http_api.cpp index a98959b94..f9b7c5627 100644 --- a/trunk/src/app/srs_app_http_api.cpp +++ b/trunk/src/app/srs_app_http_api.cpp @@ -882,9 +882,12 @@ srs_error_t SrsGoApiRtcPlay::do_serve_http(ISrsHttpResponseWriter* w, ISrsHttpMe // For client to specifies the EIP of server. string eip = r->query_get("eip"); + // For client to specifies whether encrypt by SRTP. + string encrypt = r->query_get("encrypt"); - srs_trace("RTC play %s, api=%s, clientip=%s, app=%s, stream=%s, offer=%dB, eip=%s", - streamurl.c_str(), api.c_str(), clientip.c_str(), app.c_str(), stream_name.c_str(), remote_sdp_str.length(), eip.c_str()); + srs_trace("RTC play %s, api=%s, clientip=%s, app=%s, stream=%s, offer=%dB, eip=%s, encrypt=%s", + streamurl.c_str(), api.c_str(), clientip.c_str(), app.c_str(), stream_name.c_str(), remote_sdp_str.length(), + eip.c_str(), encrypt.c_str()); // TODO: FIXME: It seems remote_sdp doesn't represents the full SDP information. SrsSdp remote_sdp; @@ -908,6 +911,11 @@ srs_error_t SrsGoApiRtcPlay::do_serve_http(ISrsHttpResponseWriter* w, ISrsHttpMe // TODO: FIXME: Maybe need a better name? // TODO: FIXME: When server enabled, but vhost disabled, should report error. SrsRtcSession* rtc_session = rtc_server->create_rtc_session(request, remote_sdp, local_sdp, eip); + if (encrypt.empty()) { + rtc_session->set_encrypt(_srs_config->get_rtc_server_encrypt()); + } else { + rtc_session->set_encrypt(encrypt != "false"); + } ostringstream os; if ((err = local_sdp.encode(os)) != srs_success) { diff --git a/trunk/src/app/srs_app_rtc_conn.cpp b/trunk/src/app/srs_app_rtc_conn.cpp index 63eebc8dd..6f3c70914 100644 --- a/trunk/src/app/srs_app_rtc_conn.cpp +++ b/trunk/src/app/srs_app_rtc_conn.cpp @@ -504,8 +504,8 @@ srs_error_t SrsRtcSenderThread::cycle() return srs_error_wrap(err, "rtc fetch source failed"); } - srs_trace("source url=%s, source_id=[%d][%d]", - rtc_session->request.get_stream_url().c_str(), ::getpid(), source->source_id()); + srs_trace("source url=%s, source_id=[%d][%d], encrypt=%d", + rtc_session->request.get_stream_url().c_str(), ::getpid(), source->source_id(), rtc_session->encrypt); SrsConsumer* consumer = NULL; SrsAutoFree(SrsConsumer, consumer); @@ -588,9 +588,13 @@ void SrsRtcSenderThread::send_and_free_messages(SrsSharedPtrMessage** msgs, int int length = pkt->size; char* buf = new char[kRtpPacketSize]; - if ((err = rtc_session->dtls_session->protect_rtp(buf, pkt->payload, length)) != srs_success) { - srs_warn("srtp err %s", srs_error_desc(err).c_str()); srs_freep(err); srs_freepa(buf); - continue; + if (rtc_session->encrypt) { + if ((err = rtc_session->dtls_session->protect_rtp(buf, pkt->payload, length)) != srs_success) { + srs_warn("srtp err %s", srs_error_desc(err).c_str()); srs_freep(err); srs_freepa(buf); + continue; + } + } else { + memcpy(buf, pkt->payload, length); } mmsghdr mhdr; @@ -629,6 +633,7 @@ SrsRtcSession::SrsRtcSession(SrsRtcServer* rtc_svr, const SrsRequest& req, const source = NULL; cid = context_id; + encrypt = true; } SrsRtcSession::~SrsRtcSession() diff --git a/trunk/src/app/srs_app_rtc_conn.hpp b/trunk/src/app/srs_app_rtc_conn.hpp index 9d43be88d..2618613a1 100644 --- a/trunk/src/app/srs_app_rtc_conn.hpp +++ b/trunk/src/app/srs_app_rtc_conn.hpp @@ -164,6 +164,11 @@ private: private: // For each RTC session, we use a specified cid for debugging logs. int cid; + // For each RTC session, whether requires encrypt. + // Read config value, rtc_server.encrypt, default to on. + // Sepcifies by HTTP API, query encrypt, optional. + // TODO: FIXME: Support reload. + bool encrypt; public: SrsRequest request; SrsSource* source; @@ -185,6 +190,8 @@ public: std::string get_peer_id() const { return peer_id; } void set_peer_id(const std::string& id) { peer_id = id; } + void set_encrypt(bool v) { encrypt = v; } + void switch_to_context(); public: srs_error_t on_stun(SrsUdpMuxSocket* udp_mux_skt, SrsStunPacket* stun_req);