Skip to content

Instantly share code, notes, and snippets.

View mondain's full-sized avatar
🏠
Working from home

Paul Gregoire mondain

🏠
Working from home
184 followers · 166 following
View GitHub Profile
@mondain
mondain / red5-ws-leak.md
Created April 23, 2025 17:05
Red5 WsSession leak fix

Change log for WsSession leak in Red5; new version 2.0.16 released 4/23/2025

The leak was primarily seen during regular use of Red5 Pro's RTC client which uses a WebSocket for the initial connection with a switch to DataChannel if accepted / configured in the RTC client during startup.

Classes modified:

  • org.red5.net.websocket.WebSocketConnection - local reference to the connected scope was modified from a WeakReference to the WebSocketScope itself and marked final. In the ctor the scope is also added to the WsSession user properties for consolidated access within Tomcat. Several timeout properties were also added from the latest Tomcat 11.x documentation: BLOCKING_SEND_TIMEOUT our default to 8000ms, ABNORMAL_SESSION_CLOSE_SEND_TIMEOUT our default 10000ms, SESSION_CLOSE_TIMEOUT our default 5000ms. The properties are standard for Tomcat and may be modified at-will via system property override; all values are long type in milliseconds. The maximum idle timeout is now configured to use the largest
@mondain
mondain / WHIP-SDP-Offers.md
Created January 17, 2025 16:30
WHIP-SDP-Offers as of Jan 2025

WHIP SDP Offers

List of SDP offers from current browser versions.

Chrome on Linux

v=0
o=- 2163966416233761195 2 IN IP4 127.0.0.1
s=-
@mondain
mondain / red5pro-client-API-old.md
Last active October 31, 2024 15:02
Old - WebRTC client API for Red5 Pro

Client API

Defines communication between a browser client using Javascript and a server listening on a WebSocket. Requests and responses are communicated using JSON.

Author

Paul Gregoire

Prerequisites

  • Chrome or Firefox
@mondain
mondain / logger-update.md
Created April 29, 2024 17:12
Address SLF4J logger update

Red5 updated its slf4j and logback libraries recently to address security vulnerabilities; in doing so, this broke the old code in Red5 open source logging that allowed the separation of logging into additional contexts such as those used by custom webapps and Red5 Pro cloudstorage. The symptom of which was difficult to catch since it just prevented logging without any indication. Currently, the only work-arounds are to replace the logger libraries with the older versions or replace every use of Red5LoggerFactory with the SLF4J default interface LoggerFactory; the SLF4J factory does not accept a context. Here is an example:

/*
 * The recent updates for SLF4J prevents Red5 logger factory use of a context,
 * it does not work in the latest Red5 open source libraries. We suggest a 
 * replacement in the interim.
 */
@mondain
mondain / proscope-handler.md
Created April 22, 2024 17:55
Updating a custom Red5 application to newer Red5 Pro Server before handler patch is available

This document assumes that you've upgraded to 12.x of Red5 Pro prior to any patches addressing custom Red5 application scope handling. To get your application working, follow the steps below:

  • Add the dependency to your pom for red5pro-commons:
	<dependency>
		<groupId>com.red5pro</groupId>
		<artifactId>red5pro-common</artifactId>
		<version>12.0.1.0</version>
		<scope>compile</version>
@mondain
mondain / migration-to-red5-1.3.32.md
Created March 28, 2024 15:34
Migration to Red5 1.3.32

In conf/red5-common.xml the MP3 and M4A entries must be removed to prevent startup exceptions, unless an MP3/M4A support jar is included in the classpath (Not yet available). Remove or comment out the following entries from the streamableFileFactory bean:

  <bean id="mp3FileService" class="org.red5.server.service.mp3.impl.MP3Service"/>
  <bean id="m4aFileService" class="org.red5.server.service.m4a.impl.M4AService"/>

Remove this entire bean entry:

@mondain
mondain / SBOM-01102024.md
Last active January 11, 2024 16:59
Vulnerabilities in Red5

Addressing of critical and high vulerability alerts

The following three updates will cover the majority of issues detected; this report is for Red5 open source specifically and should apply to implementations utilizing the server.

  • Spring 5.3.31
  • Slf4j 2.0.11
  • Logback 1.4.14

The update to Spring 6.0.x is delayed due to its requirement on JDK 17.

@mondain
mondain / obs-2-red5pro.md
Created July 3, 2023 17:50
OBS with libdatachannel to Red5 Pro version 11.0

Offer from OBS with libdatachannel:

v=0
o=rtc 1749923962 0 IN IP4 127.0.0.1
s=-
t=0 0
a=msid-semantic:WMS *
a=group:BUNDLE 0 1
a=setup:actpass
@mondain
mondain / whip-ideas.md
Last active April 19, 2023 15:39
WHIP

WHIP with trickle:

sequenceDiagram
    participant wc as WHIP Client
    participant ws as WHIP Server
    wc->>+ws: OPTIONS /whip/endpoint/stream1
    ws-->>wc: HTTP Response with headers and optional Link header containing ICE servers
    wc->>ws: POST /whip/endpoint/stream1 with SDP Offer
 ws--&gt;&gt;wc: HTTP Response with SDP Answer with candidates and Location header "/whip/resource/stream1"
@mondain
mondain / whep-ideas.md
Last active April 19, 2023 15:25
WHEP brainstorming

WHEP Mode 1 with trickle:

sequenceDiagram
    participant wc as WHEP Client
    participant ws as WHEP Server
    wc->>+ws: OPTIONS /whep/endpoint/stream1?requestId=subscriber1
    ws-->>wc: HTTP Response with headers and optional Link header containing ICE servers
    wc->>ws: POST /whep/endpoint/stream1?requestId=subscriber1
    ws-->>wc: HTTP Response with SDP Offer with candidates and Location header "/whep/resource/stream1"