Wireshark - Packet capture RtmpSampleAccess

Fix with FMS

I think what is working here for FMS is also working for Wowza servers but I never tried. To fix your problem with Flash Media Server, you can add this two simple line of code inside the application.onConnect function :

appClient.audioSampleAccess = "/";
appClient.videoSampleAccess = "/";

It seem that you can also just edit your application.xml file to add the following inside the Application node :

<AudioSampleAccess enabled=”true”>/</AudioSampleAccess>
<VideoSampleAccess enabled=”true”>/</VideoSampleAccess>

Beaware that using “/” will allow snapshot on all your streams, you can restrict it accordingly to your needs.

Fix with Red5

On last April I posted a patch to Red5 community that let you handle the problem in the same way that FMS does (Ticket #APPSERVER-315 #498). So, to let your client access the stream, you will need to edit the red5-web.xml of your application :

<bean id="rtmpSampleAccess" class="org.red5.server.stream.RtmpSampleAccess">
    <property name="audioAllowed" value="true"/>
    <property name="videoAllowed" value="true"/>
</bean>

All the Red5 project is designed to use beans which make this application quite flexible. So, in the same way, you can implement your own class and add every security check you want before allowing the access to your RTMP streams. All you need to do is implementing a new class with the IRtmpSampleAccess interface and create a bean using your class.

Even with those changes, you could still get the error message if the stream buffer is empty. So be sure to use a proper try/catch in your client application and also to listen for the “NetStatusEvent.NET_STATUS” event. You can start capturing data when the NET_STATUS event return an event.info.code as “NetStream.Buffer.Full” and stop capturing data on “NetStream.Buffer.Empty”.

I will consider that you have a running Red5 server and you know how a Red5 application work. It’s quite easy to install, just have a look there if you need : http://osflash.org/red5/help

The Spring DTD based configuration

Here is the power of Spring, AOP and the Beans. In your Red5 installation copy the JETM jar file to the lib directory, then edit the conf/red5-common.xml as following :

<bean id="etmMonitor"
class="etm.core.monitor.NestedMonitor"
init-method="start" destroy-method="stop"/>

<bean id="etmHttpConsole"
class="etm.contrib.console.HttpConsoleServer"
init-method="start" destroy-method="stop" autowire="constructor"/>

Those two new beans are there to instantiate the JETM monitor and activate the HTTP console, by default the JETM console listen on port 40000.

So, at this point if you run your red5 server you will just see two new line in your logs :

7 juin 2009 19:48:36 etm.core.monitor.EtmMonitorSupport start
INFO: JETM 1.2.3 started.

Now, we need to define which services we want to track. For example, on the oflaDemo application, we can track what’s going on  by simply adding those other beans to this config file : oflaDemo/WEB-INF/red5-web.xml

<bean id="etmMethodCallInterceptor"
class="etm.contrib.aop.aopalliance.EtmMethodCallInterceptor"
autowire="constructor"/>

<bean id="etmAutoProxy"
class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">

<property name="interceptorNames">
<list>
<value>etmMethodCallInterceptor</value>
</list>
</property>
<property name="beanNames">
<value>web.*</value>
</property>

</bean>

From now, we are monitoring all the web.* bean from oflaDemo, this means, if you connect to oflaDemo (http://localhost:5080/demos/ofla_demo.html), view a stream etc, then go to the console (http://localhost:40000) you will see some interesting statistics like the average time spend in your Application start method etc.

JETM Console - Red5 with oflaDemo

The programmatic way

If you need more detailed statistics you can implement the lib in your application. It’s what I do now as I can have better detail and select what I really want to track, also you can manage all the JETM configuration thru an xml file. To do that you just need to change your web.handler bean definition to call an init method and implement this method in your application.

In MyTest/WEB-INF/red5-web.xml :

<bean id="web.handler"
class="org.example.red5.MyTestApplication"
init-method="init" singleton="true">

Then implement the init method in MyTestApplication :

private EtmMonitor profiler = EtmManager.getEtmMonitor();

public void init()
throws URISyntaxException
{
log.debug("Application initialized: {}", getClass().getName());

URL url = getClass().getClassLoader().getResource("jetm-mytest.xml");
try {
XmlEtmConfigurator.configure(new FileInputStream(url.getPath()));
if (!profiler.isStarted())
profiler.start();
} catch (FileNotFoundException fne) {
log.warn(fne.getMessage());
}
}

Add the jetm-mytest.xml file in your classpath like in red5/conf or in MyTest/WEB-INF/lib. The xml file look like something like that :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jetm-config PUBLIC "-// void.fm //DTD JETM Config 1.2//EN"
"http://jetm.void.fm/dtd/jetm_config_1_2.dtd">

<jetm-config timer="sun">

<aggregator-chain>

<chain-element class="etm.core.aggregation.BufferedTimedAggregator">
<!-- Set aggregation interval to 1 second -->
<property name="aggregationInterval">1000</property>
</chain-element>

<chain-element class="etm.contrib.aggregation.log.CommonsLoggingAggregator">
<!-- Set commons-logging log category -->
<property name="logName">etm-result</property>
</chain-element>

<chain-root class="etm.core.aggregation.persistence.PersistentRootAggregator">
<property name="aggregationInterval">10000</property>
</chain-root>

</aggregator-chain>

<extension>
<plugin class="etm.contrib.console.HttpConsoleServerPlugin">
<property name="listenPort">40000</property>
<property name="expanded">true</property>
<property name="worker-size">3</property>
</plugin>
</extension>

</jetm-config>

That’s it, now when you want to collect the statistic in one of your method or in a specific process you can just do something like that :

public void MyMethod() {

EtmPoint point = profiler.createPoint(getClass().getName()+"#MyMethod");

... Your stuff ...

point.collect();

}

All this is a succinct introduction, you can go further and do some amazing things. JETM is a really powerful tool to improve your application performance.

Steps will be :

1. Create an image with dd
2. Build a new device using the image with an encrypt algorythm by using losetup
3. Format the device using mkfs.ext3
4. Mount the device and start using it !

Of course, when you have mounted the device, your data are readable to anyone who have access to the mounted directory.

Create an image with dd

root@vm-ubuntu-lamp:~# dd if=/dev/zero of=encrypted.img bs=4k count=1000 seek=4001
1000+0 records in
1000+0 records out
4096000 bytes (4,1 MB) copied, 0,10063 seconds, 40,7 MB/s
We now have a raw image file using 4MB.

root@vm-ubuntu-lamp:~# ls -l encrypted.img
-rw-r--r-- 1 root root 20484096 2008-07-12 13:38 encrypted.img
root@vm-ubuntu-lamp:~# du -hs encrypted.img
4,0M    encrypted.img

Create the encrypted device

root@vm-ubuntu-lamp:~# losetup -e aes /dev/loop0 encrypted.img
Password:
ioctl: LOOP_SET_STATUS: Invalid argument

Ooops.. Something wrong. Our losetup bin isn’t patched to use AES. On ubuntu/debian based OS, it’s is to deal.

apt-get install loop-aes-utils
root@vm-ubuntu-lamp:~# losetup -e aes /dev/loop0 encrypted.img
Password:
ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (128 bits) not supported by kernel

Hmm.. Still not good, we need now to patch or change our kernel for support encryption. We have to check if the “aes” and “cryptoloop” modules are loaded, if not we will load them.

root@vm-ubuntu-lamp:~# lsmod | grep aes
root@vm-ubuntu-lamp:~# modprobe aes
root@vm-ubuntu-lamp:~# lsmod | grep aes
aes                    28608  0
root@vm-ubuntu-lamp:~# lsmod | grep cryptoloop
root@vm-ubuntu-lamp:~# modprobe cryptoloop
root@vm-ubuntu-lamp:~# lsmod | grep crypto
cryptoloop              4096  0
loop                   17928  1 cryptoloop

If you don’t have the module with your current kernel, you will have to build it by activate the some kernel options.

CONFIG_BLK_DEV_LOOP=m
CONFIG_BLK_DEV_CRYPTOLOOP=m
CONFIG_CRYPTO_AES=m
CONFIG_CRYPTO_AES_586=m

Now we should be ok to load our encrypted image.
root@vm-ubuntu-lamp:~# losetup -e aes /dev/loop0 encrypted.img
Password:

Format the device with a proper filesystem

root@vm-ubuntu-lamp:~# mkfs.ext3 /dev/loop0
mke2fs 1.40-WIP (14-Nov-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
5016 inodes, 20004 blocks
1000 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=20709376
3 block groups
8192 blocks per group, 8192 fragments per group
1672 inodes per group
Superblock backups stored on blocks:
8193

Writing inode tables: done
Creating journal (1400 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 39 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Mount the device

Easiest step, just have to use the mount command.

root@vm-ubuntu-lamp:~# mkdir /mnt/encrypted
root@vm-ubuntu-lamp:~# mount /dev/loop0 /mnt/encrypted

root@vm-ubuntu-lamp:~# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda1              7850996   1346292   6105892  19% /
varrun                   63052        40     63012   1% /var/run
varlock                  63052         0     63052   0% /var/lock
procbususb               63052        68     62984   1% /proc/bus/usb
udev                     63052        68     62984   1% /dev
devshm                   63052         0     63052   0% /dev/shm
/dev/loop0               19366      1578     16788   9% /mnt/encrypted

root@vm-ubuntu-lamp:~# df -H
Filesystem             Size   Used  Avail Use% Mounted on
/dev/sda1              8,1G   1,4G   6,3G  19% /
varrun                  65M    41k    65M   1% /var/run
varlock                 65M      0    65M   0% /var/lock
procbususb              65M    70k    65M   1% /proc/bus/usb
udev                    65M    70k    65M   1% /dev
devshm                  65M      0    65M   0% /dev/shm
/dev/loop0              20M   1,7M    18M   9% /mnt/encrypted

If you want to go further on this subject : Encryption HOWTO

Print a sequence of number

nicolas@macvin:~$ seq 1 10
1 2 3 4 5 6 7 8 9 10
nicolas@macvin:~$ seq 0 2 10
0 2 4 6 8 10
nicolas@macvin:~$ echo {1..10}
1 2 3 4 5 6 7 8 9 10

Print a sequence of letters

nicolas@macvin:~$ echo {a..g}
a b c d e f g

Hope this will help you while doing a loop or building some hash directories :

nicolas@macvin:~$  mkdir -p test/{1..10}/{1..10}

Enjoy !