szatox Advocate
Joined: 27 Aug 2013 Posts: 3477
|
Posted: Mon Apr 01, 2024 11:45 pm Post subject: Been goofing off, busted NAT; happy Easter eggs |
|
|
VOIP has been a little bit of a boomerang topic for me, I wanted to get it to work, got disappointed, abandoned it, then wanted to make it work again, yada yada....
Anyway, I finally decided to figure out how difficult making a voip phone really is. Did some digging to find out what stuff already exists that I can abuse the hell out of and here we are: I made a very clunky demo.
#1: Media stream
Turns out ffmpeg can do almost anything.
Audio capture, video capture, transcoding, streaming, and finally playback.
a) Encoding video to mpeg4 with either native encoder or libxvid is fast. The playback is almost instantaneous. The native encoder can even use multiple cores, which makes rpi4 fast enough to keep a conversation going. Pretty cool, I did not expect that.
b) UDP transfer is unidirectional. The sender doesn't care whether anyone listens or not. Receiver is able to identify the stream and start playing it at any time. It can gracefully handle some packet loss (Artifacts appear, but it keeps going).
c) Audio delay. Ugh.... This is the "almost" part. I couldn't get the audio out anywhere near as fast as video.
I found AAC-LD and AAC-ELD modes for low latency (rumor says this is what Facetime uses), but ffmpeg won't let me mix them into the stream. Tried various containers, and grepped ffmpeg's source code for hints, I just can't find any output format which would accept AAC-LD. Mp2 and opus in low latency mode don't quite cut it either. Whatever I do, the sound is delayed by like 1.5-2 seconds relative to the input signal, and even the video. I wonder if there is any way to reduce the audio latency to match mpeg4. Right now it is... Well, it surely is usable, but definitely not ideal.
A hint for curious individuals who want to try it:
ffmpeg -f alsa -i default -input_format mjpeg -i /dev/video0 -vcodec mpeg4 -b:v 300k -acodec libfdk_aac -b:a 96k -f mpegts udp://localhost:5678?pkt_size=1024
ffplay -flags low_delay -framedrop udp://localhost:5678 -alwaysontop -fflags nobuffer # requires ffmpeg installed with USE=sdl
#2 Sending data over the internet
Surprise, surprise (no, not really): There are NATs everywhere.
I had a look at RFC describing SIP and STUN, and holly shit, I'm not implementing that. In particular, my jaw dropped when I read about sessions in STUN protocol. Seriously, why does it even need sessions in the first place, I just want to quickly glance at the mirror!?
I guess I'll do it myself then. The thing below is very very basic and equally vulnerable to a low skill DoS against Erlang runtime, but it does successfully poke holes in NATs. As long as both peers can see the server running stun, they should be able to find each other and setup p2p UDP tunnel.
If anyone happened to be very bored, "erlc" compiles the code, "erl -s natbuster init" starts the client on port 12345, "erl -s stun init" starts the poor man's SIP hub on port 9999 (must be visible to both clients). ffmpeg must send its captured udp stream to local client's udp socket (12345), and the data stream received from peer will be available to ffplay on udp port 5678
natbuster:call(peer's callsign) requests a direct UDP tunnel to the other client.
Code: | $ cat natbuster.tgz.b64
H4sIAAAAAAACA+0aa2/ayDZf4VfMpooWdKddIITe0hApm1R70TZZlGSvuooiy5gBrIDtO7aTIur/vufMy2PjJGSl9O5KmUYCj8+c93OoFwZTf7bzoqsFq9ft4mf7/UHL/hSr3e3stLu9VqfX6e5393
da7U63t79DWjvfYaVx4nJCdibhmIdLnz8E99T7f+h6syYx43eMx2RwRK7Xu5dXv587l58u/vvpwvnPb5dX58dnn5zfLpzhaJd+gJXdULKIQp4gfLuz3z0glHjuYsG4409w8+wP5+T48+fL4S/nJHtX
33ldf+MVuMkYQoDxd4wv/i/x3273uj0T/+2DDsR/FwBe4/97rLfLcJIuWMP4QfNd/a0XLiMfNtlXDHQHght263U/8JNGk7w9qtc4m/kInZ+jkEcW00azSeu1dXhLr09gO1zeZGRApoCs74VBnC6Sxq
4nSs4uAp6yqQt7kHsIJKJ0EjlhlMhMNPYDl6/omrM0Zu5kwmnCU5apDeRLblSlIyuj/ZgGEzb1AzaB5DYP44QShM5ufgSw0LtFGAMC79Kx40e42ZIPGjU++sHMSfwlw+cOeG4p71lo3CgyJw967/+d
gaxD0B7IuXSjuL9kfMYaWnoqVaU1dwlsodZmLHBAJf0wYkFDHJuxpCGEpYisSYnZ1aqTLxDTZeImwCnBjTdrIWp/QARueIti8D66Plg0f2bBxPEDsOadu8hJGsGpQNq0VCF4HqVjOuL+HTLt8VWUhH
AsYBxgnVu2ajBvMqdfOwcH7Q8IvwjDqCEwvVlHczcW+vQnCwZ4GWjTVjk+5/YAGogQH5GetJDeACYkvNo4PDw6AhvPXc4m9h6WK8Gk4yVceE2G3h1DbN82rHKI2hJfP/voNbYGbcPD1vA05wQegZNf
2SojIlL2QNzZDHQbhInvsUYNKSAppFyvXZO1QHhJR1TbG63QMLtgjKUDzMp4AAZdL/HDAI/rIKREOqDNh9QI8tEkzYx8+waE6Cgjh28tqcgN8AeM1muggNwsMsQxIrX+UW73DvQ4wo3hyLZU8d0IvZ
NIs6IuxBd0DIGZYubwmH/H6rVaHk9IrlbzEFS6bTjFDWRAI0L/ADwSsiaNpbxR7FjcfyyfhYQTMNBaMKO2RNWyGClI0eaG9qaZNKJcAYeHu3O2WIS7R0eGP9sLDHdgppw7km0vjEhWW8tSFIU8V5Zb
xiJ3AVZ7hjxs8pA00sSKA4Xn3uUBaOAhk+IzsIjHIf+LDDganmbkfs4C4sdO5E8asNFUWIvMoSPLQw5n/0tZLLLLCKMllknySLkdhIIgDe/ID0RTEu8yWt8UZY1pQKhKsiOpF3PItYi7b87NEymkEC
RVliGXlICBH8kHghs7FwBjQlT8zJoF2RBWBAS+rBZunka2WEYpMUvQWx1hcQraDReCZF4vxAtdKwJ2rxM8ycqUdAVQEZ5JyiA4VVoqpZ1ydGnmKnJn4aAMgkpXrmSmHGUmorB3eIrJjXRYoqv8VubG
gZ2fZMWoiC5QorMZYTphPC7CS/EL9HW4FR3HpiQCQdmNnLqJqy22J5GiH0IEExWZqHDZH6acweYyhLAEm0YhtCXyGOzwex89L40mGLV+MA350hVRAH9QARe+h4egjJDz4ys8lvAVkRGDsYMx1EBmmn
mlUWEEios6wH45rW5mVLviw64o+Sap5fawe5iKLK13S3Vzo2QVKRX6mr7purBvT+2mS4PnoalaKB2dsiuDViUzleaZiiAvIrVhR6bHs5UDCc3QBs3Lk4o5eEb8Fuu6NQLvr2ZP9vnWYdPsWwQUF2cx
BmZFVYl4mISi9UePl96KaEVFUZ6vdo3Ygm/wW1dclcQzXXPK5c5zE28u6h7nIe+P3YnLZ1oWX3htTdLAkFy3O+9pC/61jbwSIbD4deWEaSL8XZldilXD+clAS0A/sOGohSjnTFfi2nH/5/5JqZALbi
FjJatI5KpjKACuHJl+poR9TbgQ/CSfvmSisPxFa67oLgW9CR43qvejfYM0Yn2z5RCTZ3AbhPeBs2Rx7M6YMo3pBwoYAR8Ow0V9QRnWIx/4zzF8V21XIUzV+FHqxVTZbxLBX0Xht4xLLdwigX38S4yI
FFLIKzg9VfMl55ja4eFJwvv7nZ/GfhInHDPTCWadn2RaBcEG0iwIeh4GHut/6FnAjg2I5J4jqs5vcm4LAybmhoY3d+Gv06Ioj6KqyFDg1lCUnIr7ApiG3mnjmajAjm3DUOV+bftu2zLpAxbN+5k8Cw
pz6sH9YxWLBXYeMuiW84A1AsMLUFZ5hN20/3ZGPbm6IKhA5S14mwDRBurcWhHXBHBANv8rRr+6yI0u9CZtfmMU+2a9ITn5F2lnGNJ7e3tkiLcfU9djZJoGopzEdexRGnq6MBdeuoumoteWl1943z13
oTdOo0YFOHbUFqScL6oA1eQhQV/0Dj1O0uAFr363+f1n/6DXNfe/re77nVZ7v9Xqvt7/fs/7X/SDZ1794hFavPT9kg0Kt5b4gxG99gOWUBmWIhDxYEPeSTJR3L9APlr4LJBXv7Oxk3DG4j5bRskKqB
J5QVc41R98KWcoc7MkBpAvdDhyrtJoweTwdyZLOx46/UV2AhVDgYJSc4EZrq2OUgzYYmJHVGduVDWBlolfl8d2bDpkt2MASbHV2bzmw9lID/fYmtzo5qTQzgBHcl8fc/T4hK8M2QfoQtXNBzlbfHO3
oO878U5BlRQzAqBC8RO9xcfbX5U55RVJRW+rO0jyaPc43mwfwSVUbydkFb5RzbjIuU/wDTAlLstY6/Wca7vtLfFNnmp7s03MukM1DWrJoHZ7CiC6NRWICnhUY1rfNLweo8BnB5/UJnQUOuawDMqvpc
4lR18AzgMUiyVqTiMFy0GJhoy6FE4GdQWKYT9eATtLWb3bTXAxRa2JXqyzS+4v8q20RhWTsjFjie6F4Fs2sLiWYM4wmIbydyXZEulta4hVW7JnI5ZgOCorNjSvoG7ZrJTQPjoZl1AKkSyEGw0R0/QE
Rou9jXs/YpjJR3bQOIzsBG/8H0Be1W6VEVvqq0QNBrPjZTsLlRwLE8XDmhHJd0u76RiukpZsqcuCmCJf6JtTSLToo/gLiYp+K/ifH/sqRl//18Hrel2v6++w/gSki4PgACgAAA==
|
#3 I don't want my face on the internet!
Been thinking of sending ffmpeg traffic through wireguard, and a piece of code similar to the above should actually make automatic configuration of wireguard possible, but I don't really need a full-blown VPN here. Also, it would require root access, and maybe some tricky firewall rules, or maybe 2 additional network namespaces AND some tricky firewall rules...
There's a better way: I can just talk to openssl and ask for:
- ECC key pair
- a shred secret securely computed with ECDH
- encryption with a symmetric cipher of choice
It takes like a grand total of 5 lines of code. Yeah, writing an encrypted point-to-point UDP proxy turned out to be so much easier. Just chacha20 and go, go go!
What a shame apparently not a single voip phone encrypts p2p data stream. To be fair, I haven't bothered to verify this claim; just parroting what I found it next to that line about facetime and aac.
Alright, that's it for now. I hope you guys enjoyed your Easter too _________________ Make Computing Fun Again |
|