and sending a SIGHUP; all clients will continue as if nothing had happened
(unless you delete the stream they are watching, of course).
Cubemap also survives the encoder dying and reconnecting.
- - Per-stream fwmark support, for TCP pacing through tc (separate config needed).
+ - Support for setting max pacing rate through the fq packet scheduler
+ (depends on Linux 3.13 or newer).
- Reflects anything VLC can reflect over HTTP, even the muxes VLC
has problems reflecting itself (in particular, FLV).
+ - Multicast support, both for sending and receiving (supports only protocols
+ that can go over UDP, e.g. MPEG-TS). Supports both ASM and SSM.
+ - TLS output support, through the TLSe library (requires libtomcrypt)
+ and the Linux kernel's kTLS (Linux 4.13 or newer). There are a few
+ limitations; see below.
- IPv4 support. Yes, Cubemap even supports (some) legacy protocols.
HOWTO:
- sudo aptitude install libprotobuf-dev protobuf-compiler
+ sudo apt install libprotobuf-dev protobuf-compiler libsystemd-dev libtomcrypt-dev
+ ./configure
make -j4
-If you want to use HTTP input (you probably want to), patch VLC with the
-included file vlc-metacube.diff. Then start the VLC encoder with the
-“metacube” flag to the http access mux, like this:
+If you want to use HTTP input (you probably want to), you want VLC 2.2.0
+or newer. Then start the VLC encoder with the “metacube” flag to the http
+access mux, like this:
cvlc [...] --sout '#std{access=http{metacube,mime=video/x-flv},mux=flv,dst=:4013/test.flv}'
keeps going.
+Notes on TLS support:
+
+Cubemap supports TLS on output, so that you can play video on TLS
+web sites without issues with mixed content. TLS on input streams is
+not (yet) supported.
+
+TLS requires kTLS, ie., Linux >= 4.13 with CONFIG_TLS enabled. Only cipher
+suites supported by kTLS is supposed, ie., AES-128-GCM (if no such cipher
+suite is available, the connection will be aborted). If the server is restarted
+before the key exchange for a connection is completed, that connection will
+not survive the restart, unlike all other connections. (This is a TLSe
+limitation.) You can have different certificates on different ports (and
+have separate ports for TLS and non-TLS), but SNI is not yet supported.
+
+
Munin plugins:
To activate these, symlink them into /etc/munin/plugins. If you don't put
Legalese:
-Copyright 2013 Steinar H. Gunderson <sgunderson@bigfoot.com>.
+Copyright 2013 Steinar H. Gunderson <steinar+cubemap@gunderson.no>.
Licensed under the GNU GPL, version 2. See the included COPYING file.
+
+See tlse/LICENSE for TLSe licensing.