- High-performance, through a design with multiple worker threads,
epoll and sendfile (yes, sendfile); a 2GHz quadcore can saturate
- 10 gigabit Ethernet, given a modern kernel, a modern NIC
- and the right kernel tuning.
+ 10 gigabit Ethernet (even with TLS) given a modern kernel.
- High-availability. You can change any part of the configuration
(and even upgrade to a newer version of Cubemap) by changing cubemap.config
and sending a SIGHUP; all clients will continue as if nothing had happened
(depends on Linux 3.13 or newer).
- Reflects anything VLC can reflect over HTTP, even the muxes VLC
has problems reflecting itself (in particular, FLV).
+ - Multicast support, both for sending and receiving (supports only protocols
+ that can go over UDP, e.g. MPEG-TS). Supports both ASM and SSM.
+ - TLS output support, through the TLSe library (requires libtomcrypt)
+ and the Linux kernel's kTLS (Linux 4.17 or newer). There are a few
+ limitations; see below.
+ - fMP4 (HLS) output support, generating playlists on-the-fly. Note that this
+ requires some extra metadata currently only set by Nageru (not VLC).
- IPv4 support. Yes, Cubemap even supports (some) legacy protocols.
HOWTO:
- sudo aptitude install libprotobuf-dev protobuf-compiler
+ sudo apt install libprotobuf-dev protobuf-compiler libsystemd-dev libtomcrypt-dev
+ ./configure
make -j4
If you want to use HTTP input (you probably want to), you want VLC 2.2.0
Then look through cubemap.config.sample, copy it to cubemap.config,
compile and start cubemap.
+Nageru, my free video mixer, can also produce Metacube streams natively.
+See the manual at https://nageru.sesse.net/doc/ for more information.
+
To upgrade cubemap (after you've compiled a new binary), or to pick up new
config:
keeps going.
+Notes on TLS support:
+
+Cubemap supports TLS on output, so that you can play video on TLS
+web sites without issues with mixed content. TLS on input streams is
+not (yet) supported.
+
+TLS requires kTLS for both send and receive, ie., Linux >= 4.17 with CONFIG_TLS
+enabled. Only cipher suites supported by kTLS is supposed, ie., AES-128-GCM
+(if no such cipher suite is available, the connection will be aborted). If the
+server is restarted before the key exchange for a connection is completed,
+that connection will not survive the restart, unlike all other connections.
+(This is a TLSe limitation.) You can have different certificates on different
+ports (and have separate ports for TLS and non-TLS), but SNI is not yet
+supported.
+
+
Munin plugins:
To activate these, symlink them into /etc/munin/plugins. If you don't put
Legalese:
-Copyright 2013 Steinar H. Gunderson <sgunderson@bigfoot.com>.
+Copyright 2013 Steinar H. Gunderson <steinar+cubemap@gunderson.no>.
Licensed under the GNU GPL, version 2. See the included COPYING file.
+
+See tlse/LICENSE for TLSe licensing.