[vlc-devel] [PATCH 14/14] upnp_server: add the upnp server module

Alaric Senat dev.asenat at posteo.net
Thu Mar 25 13:49:39 UTC 2021


We can work on adding a whitelist system based on client's IP. The 
server owner
could set it up beforehand in a config file or accept incoming access 
via UI dialogs ("SomeIP is trying to access your media via upnp do you
accept?"). That might be the best we can offer in term of monitoring 
accessing the server unfortunately. Ofc, this technique has flaws:
  - It can be bypassed quite easily to say the least.
  - It makes it a bit harder for the users that just want a media 
server at home
    to deploy their server (having to setup static IP on authorized 
clients and
    fill in their ip into the server, ehrr).

 > Besides, it's not a problem of *when* UPnP is enabled. It's a 
problem of *who*
 > can do *what* with it. Stating the obvious here, but authorized and
 > unauthorized clients will coexist.

I think it's both. UPNP/DLNA aren't designed around security and data 
at all, we will only find tradeoffs on that regard. Being transparent 
about that
with the users and making sure the server is enabled only whenever they 
want it
to be on is equaly important.

 > It looks like this is creating a private player instance (very good) 
in the
 > main VLC process (very bad). For reliability and stability, separate 
 > really need to run a separate process, especially if transcode or 
 > "complex" streaming output filters are involved.

I like the idea. I don't think this will come for the test version as 
needs quite a lot of rework. The players could spawn in a separate 
process and
output their transcoded data in some shared memory that will be used by 
libupnp http server.

Thanks for the suggestion.


More information about the vlc-devel mailing list