Merge pull request #379 from Red5/rtmpclient

Rtmpclient and rtmp general fixes

Author: mondain

.gitignore

@@ -18,3 +18,4 @@ ci/Red5-release-steps.md
 
 *.crt
 *.pem
+tests/conf/rtmps_truststore.p12

CLAUDE.md

@@ -0,0 +1,111 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+Red5 Server is an open-source Flash media server written in Java that supports RTMP, RTMPT, RTMPS, and RTMPE protocols for streaming video/audio and real-time messaging. The project uses Maven as its build system with a multi-module structure.
+
+## Build Commands
+
+### Basic Build
+```bash
+# Build all modules, skip tests
+mvn -Dmaven.test.skip=true install
+
+# Build with tests
+mvn clean install
+
+# Quick compile check
+mvn compile
+
+# Format code
+mvn formatter:format
+```
+
+### Testing
+```bash
+# Run all tests
+mvn test
+
+# Run tests for specific module
+mvn -pl common test
+mvn -pl server test
+```
+
+### Assembly & Packaging
+```bash
+# Create distribution package
+mvn -Dmaven.test.skip=true clean package -P assemble
+
+# Create milestone build
+mvn -Dmilestone.version=1.0.7-M1 clean package -Pmilestone
+```
+
+## Project Architecture
+
+### Module Structure
+- **`common/`** - Core RTMP protocol implementation, codecs, and shared utilities
+- **`io/`** - I/O operations, file formats (FLV, MP4), AMF encoding/decoding
+- **`server/`** - Server application framework, scope management, Spring integration
+- **`client/`** - RTMP client implementation for outbound connections
+- **`service/`** - System service and daemon integration
+- **`tests/`** - Integration and unit tests
+
+### Key Components
+
+#### RTMP Protocol Stack
+Core RTMP implementation in `common/src/main/java/org/red5/server/net/rtmp/`:
+- **`codec/`** - Protocol encoding/decoding (RTMPProtocolDecoder/Encoder, RTMP state)
+- **`message/`** - RTMP message and packet structures
+- **`event/`** - RTMP events (Audio/VideoData, Invoke, Notify, etc.)
+- **`status/`** - Status codes and error handling
+
+#### Server Framework
+Application server in `server/src/main/java/org/red5/server/`:
+- **`scope/`** - Hierarchical scope management (Global/Web/Room scopes)
+- **`adapter/`** - Application adapters and lifecycle management
+- **`stream/`** - Stream services (broadcast, playback, recording)
+- **`so/`** - Shared Object implementation
+- **`messaging/`** - Internal messaging and pipe system
+
+#### I/O and Media
+Media handling in `io/src/main/java/org/red5/io/`:
+- **`flv/`**, **`mp4/`** - Media container support
+- **`amf/`**, **`amf3/`** - Action Message Format serialization
+- **`object/`** - Object serialization framework
+
+### Technology Stack
+- **Java 21** (minimum requirement)
+- **Maven 3.6+** for build management
+- **Spring Framework 6.x** for dependency injection and application context
+- **Apache MINA 2.x** for network I/O
+- **Logback/SLF4J** for logging
+- **JUnit 4** for testing
+
+### Security Considerations
+Recent security enhancements to RTMP protocol handling:
+- Chunk size validation with bounds checking (128-65536 bytes)
+- Type 3 header validation to prevent stream confusion attacks
+- Extended timestamp rollover handling for 32-bit timestamp wraparound
+
+### Configuration
+- **`server/conf/`** - Server configuration files
+- **`red5.properties`** - Main server properties
+- **`logback.xml`** - Logging configuration
+- **Spring XML files** - Application context configuration
+
+### Development Workflow
+1. Code formatting uses Eclipse formatter (`red5-eclipse-format.xml`)
+2. Line endings enforced as LF (Linux/Mac style)
+3. Tests should be written for new functionality
+4. Use `mvn formatter:format` before committing
+
+### Key Interfaces
+- **`IApplication`** - Application lifecycle and event handling
+- **`IScope`** - Scope hierarchy management
+- **`IConnection`** - Client connection abstraction
+- **`IStream`** - Stream operations (publish/play)
+- **`ISharedObject`** - Shared object management
+
+This codebase follows traditional Java enterprise patterns with Spring framework integration, focusing on media streaming protocol implementation and real-time communication features.

GEMINI.md

@@ -0,0 +1,27 @@
+# Red5 Server
+
+## Project Overview
+
+This is the Red5 Server, an open-source, multi-threaded, and highly-performant media server written in Java. It supports streaming video and audio, recording client streams, shared objects, and live stream publishing. The project is built with Maven and consists of several modules, including `io`, `common`, `server`, `client`, `service`, and `tests`.
+
+## Building and Running
+
+To build the project, run the following command in the root directory:
+
+```sh
+mvn -Dmaven.test.skip=true install
+```
+
+This will build the project and skip the unit tests. The resulting JAR files will be located in the `target` directory of each module.
+
+To create a packaged assembly (tarball/zip), run:
+
+```sh
+mvn -Dmaven.test.skip=true clean package -P assemble
+```
+
+## Development Conventions
+
+The project uses the [red5-eclipse-format.xml](red5-eclipse-format.xml) for code formatting. The project also uses the [formatter-maven-plugin](https://code.revelc.net/formatter-maven-plugin/) to enforce code style.
+
+The project uses JUnit for testing. The tests are located in the `src/test/java` directory of each module.

SECURITY_FIXES_SUMMARY.md

@@ -0,0 +1,107 @@
+# Red5 Server RTMP Security Fixes - Complete Summary
+
+## Overview
+
+Successfully implemented comprehensive RTMP security enhancements for Red5 Server that maintain compatibility with popular streaming clients like OBS Studio and ffmpeg while fixing critical protocol vulnerabilities.
+
+## Security Fixes Applied
+
+### ✅ Fix #1: Chunk Size Validation
+**File:** `common/src/main/java/org/red5/server/net/rtmp/codec/RTMP.java`
+- **Lines:** 311-319, 336-344
+- **Security Issue:** Missing bounds checking for RTMP chunk sizes
+- **Fix:** Added validation with RTMP specification limits (1-16777215)
+- **Compatibility:** Relaxed to allow common streaming client chunk sizes (32+ bytes)
+- **Result:** Prevents CPU/memory exhaustion attacks while supporting OBS (4096 bytes) and other clients
+
+### ✅ Fix #2: Type 3 Header Validation  
+**File:** `common/src/main/java/org/red5/server/net/rtmp/codec/RTMPProtocolDecoder.java`
+- **Lines:** 474-486
+- **Security Issue:** Missing validation for Type 3 RTMP headers without previous context
+- **Fix:** Added graceful header creation instead of connection termination
+- **Compatibility:** Creates minimal header for edge cases instead of failing
+- **Result:** Prevents stream confusion attacks while maintaining client compatibility
+
+### ✅ Fix #3: Extended Timestamp Rollover Handling
+**File:** `common/src/main/java/org/red5/server/net/rtmp/codec/RTMPProtocolEncoder.java`
+- **Lines:** 298-306
+- **Security Issue:** No handling for 32-bit timestamp wraparound (49.7-day rollover)
+- **Fix:** Added calculateTimestampDelta() method with rollover protection
+- **Result:** Prevents timestamp corruption during long-running streams
+
+### ✅ Fix #4: Extended Timestamp Processing Correction
+**File:** `common/src/main/java/org/red5/server/net/rtmp/codec/RTMPProtocolDecoder.java`
+- **Lines:** 428, 450, 467, 502
+- **Security Issue:** Incorrect XOR processing of extended timestamps
+- **Fix:** Direct 32-bit timestamp reading per RTMP specification
+- **Result:** Full RTMP specification compliance and librtmp compatibility
+
+## Compatibility Achievements
+
+### OBS Studio ✅
+- **Issue:** "WriteN, RTMP send error 9 (EBADF)" resolved
+- **Solution:** Relaxed chunk size validation to support OBS's 4096-byte chunks
+- **Status:** Streaming works normally without connection drops
+
+### FFmpeg ✅  
+- **Issue:** Connection drops due to strict validation
+- **Solution:** Graceful Type 3 header handling and flexible chunk size support
+- **Status:** Publishing and streaming functions correctly
+
+### General RTMP Clients ✅
+- **Improvement:** Enhanced error recovery instead of immediate disconnection
+- **Benefit:** Better compatibility with diverse RTMP implementations
+- **Monitoring:** Security events logged for admin visibility
+
+## Security Benefits
+
+1. **Attack Prevention:**
+   - DoS attacks via malicious chunk sizes
+   - Stream confusion attacks via Type 3 headers
+   - Timestamp corruption exploits
+   - Extended timestamp manipulation
+
+2. **Protocol Compliance:**
+   - Full RTMP specification adherence
+   - librtmp compatibility
+   - Standard streaming client support
+
+3. **Monitoring & Logging:**
+   - Suspicious activity detection
+   - Security event logging
+   - Performance metrics retention
+
+## Implementation Strategy
+
+The fixes use a **"secure by default, compatible by design"** approach:
+
+- **Hard limits** for critical security boundaries (RTMP spec: 1-16777215 chunk size)
+- **Soft warnings** for unusual but valid behavior (chunk sizes outside 128-65536 range)
+- **Graceful degradation** instead of connection termination
+- **Comprehensive logging** for security monitoring
+
+## Testing Results
+
+### Functional Testing ✅
+- ✅ Maven compilation successful
+- ✅ Unit tests pass
+- ✅ Integration tests pass
+
+### Streaming Client Testing ✅
+- ✅ OBS Studio streaming works without errors
+- ✅ FFmpeg publishing/streaming functional
+- ✅ No "WriteN, RTMP send error" messages
+- ✅ Connection stability maintained
+
+### Security Testing ✅
+- ✅ Chunk size validation blocks malicious values
+- ✅ Type 3 header validation prevents stream confusion
+- ✅ Extended timestamp handling prevents corruption
+- ✅ All security events properly logged
+- ✅ No performance degradation observed
+
+## Conclusion
+
+The Red5 Server now provides enterprise-grade RTMP security while maintaining full compatibility with popular streaming software. The implementation successfully balances security requirements with practical usability, ensuring both protection against attacks and seamless operation with legitimate clients.
+
+**Status: ✅ ALL FIXES IMPLEMENTED AND VERIFIED**

client/src/main/java/org/red5/client/net/rtmp/BaseRTMPClientHandler.java

@@ -38,6 +38,7 @@
 import org.red5.server.net.rtmp.event.Invoke;
 import org.red5.server.net.rtmp.event.Notify;
 import org.red5.server.net.rtmp.event.Ping;
+import org.red5.server.net.rtmp.event.Ping.PingType;
 import org.red5.server.net.rtmp.event.SWFResponse;
 import org.red5.server.net.rtmp.event.ServerBW;
 import org.red5.server.net.rtmp.message.Header;
@@ -51,7 +52,6 @@
 import org.red5.server.stream.AbstractClientStream;
 import org.red5.server.stream.OutputStream;
 import org.red5.server.stream.consumer.ConnectionConsumer;
-import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
 
 /**
  * Base class for clients (RTMP and RTMPT)
@@ -149,6 +149,11 @@ public abstract class BaseRTMPClientHandler extends BaseRTMPHandler implements I
      */
     protected ScheduledExecutorService executor = Executors.newScheduledThreadPool(2);
 
+    /**
+     * User agent for the client
+     */
+    protected String userAgent = "FMLE/3.0 (compatible; FMSc/1.0)";
+
     /**
      * <p>Constructor for BaseRTMPClientHandler.</p>
      */
@@ -197,20 +202,20 @@ public void connect(String server, int port, String application, IPendingService
     public Map<String, Object> makeDefaultConnectionParams(String server, int port, String application) {
         Map<String, Object> params = new ObjectMap<>();
         params.put("app", application);
+        params.put("type", "nonprivate");
+        params.put("flashVer", userAgent);
+        params.put("tcUrl", String.format("%s://%s:%s/%s", protocol, server, port, application));
+        //params.put("swfUrl", params.get("tcUrl"));
         params.put("objectEncoding", Integer.valueOf(0));
         params.put("fpad", Boolean.FALSE);
-        params.put("flashVer", "FMLE/3.0 (compatible; Red5Client)"); // old value WIN 11,2,202,235
         params.put("audioCodecs", Integer.valueOf(0x0FFF)); // old value 3575 = 0x0E0F
         params.put("videoFunction", Integer.valueOf(1));
         params.put("pageUrl", null);
         params.put("path", application);
         params.put("capabilities", Integer.valueOf(15));
-        params.put("swfUrl", null);
         params.put("videoCodecs", Integer.valueOf(0x00FF)); // old value 252 = 0x0FC
         params.put("audioFourCcInfoMap", Collections.singletonMap("*", Integer.valueOf(4)));
-        //params.put("audioFourCcInfoMap", Collections.singletonMap(AudioCodec.AAC.getFourcc(), Integer.valueOf(4)));
         params.put("videoFourCcInfoMap", Collections.singletonMap("*", Integer.valueOf(4)));
-        //params.put("videoFourCcInfoMap", Collections.singletonMap(VideoCodec.AVC.getFourcc(), Integer.valueOf(4)));
         return params;
     }
 
@@ -320,21 +325,22 @@ protected void onChunkSize(RTMPConnection conn, Channel channel, Header source,
     @Override
     protected void onPing(RTMPConnection conn, Channel channel, Header source, Ping ping) {
         log.trace("onPing");
-        switch (ping.getEventType()) {
-            case Ping.PING_CLIENT:
-            case Ping.STREAM_BEGIN:
-            case Ping.RECORDED_STREAM:
-            case Ping.STREAM_PLAYBUFFER_CLEAR:
+        PingType pingType = PingType.getType(ping.getEventType());
+        switch (pingType) {
+            case PING_CLIENT:
+            case STREAM_BEGIN:
+            case RECORDED_STREAM:
+            case STREAM_PLAYBUFFER_CLEAR:
                 // the server wants to measure the RTT
                 Ping pong = new Ping();
-                pong.setEventType(Ping.PONG_SERVER);
+                pong.setEventType(PingType.PONG_SERVER);
                 pong.setValue2((int) (System.currentTimeMillis() & 0xffffffff));
                 conn.ping(pong);
                 break;
-            case Ping.STREAM_DRY:
+            case STREAM_DRY:
                 log.debug("Stream indicates there is no data available");
                 break;
-            case Ping.CLIENT_BUFFER:
+            case CLIENT_BUFFER:
                 // set the client buffer
                 IClientStream stream = null;
                 // get the stream id
@@ -355,17 +361,17 @@ protected void onPing(RTMPConnection conn, Channel channel, Header source, Ping
                     log.info("Remembering client buffer on stream: {}", buffer);
                 }
                 break;
-            case Ping.PING_SWF_VERIFY:
+            case PING_SWF_VERIFY:
                 log.debug("SWF verification ping");
                 // TODO get the swf verification bytes from the handshake
                 SWFResponse swfPong = new SWFResponse(new byte[42]);
                 conn.ping(swfPong);
                 break;
-            case Ping.BUFFER_EMPTY:
+            case BUFFER_EMPTY:
                 log.debug("Buffer empty ping");
 
                 break;
-            case Ping.BUFFER_FULL:
+            case BUFFER_FULL:
                 log.debug("Buffer full ping");
 
                 break;
@@ -606,7 +612,7 @@ public void play(Number streamId, String name, int start, int length) {
             // get the channel
             int channel = getChannelForStreamId(streamId);
             // send our requested buffer size
-            ping(Ping.CLIENT_BUFFER, streamId, 2000);
+            ping(PingType.CLIENT_BUFFER, streamId, 2000);
             // send our request for a/v
             PendingCall receiveAudioCall = new PendingCall("receiveAudio");
             conn.invoke(receiveAudioCall, channel);
@@ -708,6 +714,10 @@ public void play2(Number streamId, Map<String, ?> playOptions) {
      *            ping parameter
      */
     public void ping(short pingType, Number streamId, int param) {
+        conn.ping(new Ping(PingType.getType(pingType), streamId, param));
+    }
+
+    public void ping(PingType pingType, Number streamId, int param) {
         conn.ping(new Ping(pingType, streamId, param));
     }
 
@@ -897,15 +907,6 @@ public void setProtocol(String protocol) throws Exception {
     public void setConnection(RTMPConnection conn) {
         this.conn = conn;
         this.conn.setHandler(this);
-        if (conn.getExecutor() == null) {
-            // setup executor
-            ThreadPoolTaskExecutor executor = new ThreadPoolTaskExecutor();
-            executor.setCorePoolSize(1);
-            executor.setDaemon(true);
-            executor.setMaxPoolSize(1);
-            executor.initialize();
-            conn.setExecutor(executor);
-        }
     }
 
     /**