Update version to 1.9.13

Update documentation for doorbird devices

.github/workflows/build.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Setup Go
         uses: actions/setup-go@v5
-        with: { go-version: '1.22' }
+        with: { go-version: '1.25' }
 
       - name: Build go2rtc_win64
         env: { GOOS: windows, GOARCH: amd64 }
@@ -29,7 +29,7 @@ jobs:
         with: { name: go2rtc_win64, path: go2rtc.exe }
 
       - name: Build go2rtc_win32
-        env: { GOOS: windows, GOARCH: 386, GOTOOLCHAIN: go1.20.14 }
+        env: { GOOS: windows, GOARCH: 386 }
         run: go build -ldflags "-s -w" -trimpath
       - name: Upload go2rtc_win32
         uses: actions/upload-artifact@v4
@@ -85,7 +85,7 @@ jobs:
         with: { name: go2rtc_linux_mipsel, path: go2rtc }
 
       - name: Build go2rtc_mac_amd64
-        env: { GOOS: darwin, GOARCH: amd64, GOTOOLCHAIN: go1.20.14 }
+        env: { GOOS: darwin, GOARCH: amd64 }
         run: go build -ldflags "-s -w" -trimpath
       - name: Upload go2rtc_mac_amd64
         uses: actions/upload-artifact@v4
@@ -102,14 +102,14 @@ jobs:
         env: { GOOS: freebsd, GOARCH: amd64 }
         run: go build -ldflags "-s -w" -trimpath
       - name: Upload go2rtc_freebsd_amd64
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with: { name: go2rtc_freebsd_amd64, path: go2rtc }
 
       - name: Build go2rtc_freebsd_arm64
         env: { GOOS: freebsd, GOARCH: arm64 }
         run: go build -ldflags "-s -w" -trimpath
       - name: Upload go2rtc_freebsd_arm64
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with: { name: go2rtc_freebsd_arm64, path: go2rtc }
 
   docker-master:
@@ -124,7 +124,7 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ${{ github.repository }}
+            name=${{ github.repository }},enable=${{ github.event.repository.fork == false }}
             ghcr.io/${{ github.repository }}
           tags: |
             type=ref,event=branch
@@ -138,14 +138,14 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
+        if: github.event_name == 'push' && github.event.repository.fork == false
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GitHub Container Registry
-        if: github.event_name != 'pull_request'
+        if: github.event_name == 'push'
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -156,6 +156,7 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
+          file: docker/Dockerfile
           platforms: |
             linux/amd64
             linux/386
@@ -180,7 +181,7 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ${{ github.repository }}
+            name=${{ github.repository }},enable=${{ github.event.repository.fork == false }}
             ghcr.io/${{ github.repository }}
           flavor: |
             suffix=-hardware,onlatest=true
@@ -197,14 +198,14 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
+        if: github.event_name == 'push' && github.event.repository.fork == false
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      
+
       - name: Login to GitHub Container Registry
-        if: github.event_name != 'pull_request'
+        if: github.event_name == 'push'
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -215,10 +216,65 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
-          file: hardware.Dockerfile
+          file: docker/hardware.Dockerfile
           platforms: linux/amd64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta-hw.outputs.tags }}
           labels: ${{ steps.meta-hw.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+  docker-rockchip:
+    name: Build docker rockchip
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta-rk
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            name=${{ github.repository }},enable=${{ github.event.repository.fork == false }}
+            ghcr.io/${{ github.repository }}
+          flavor: |
+            suffix=-rockchip,onlatest=true
+            latest=auto
+          tags: |
+            type=ref,event=branch
+            type=semver,pattern={{version}},enable=false
+            type=match,pattern=v(.*),group=1
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        if: github.event_name == 'push' && github.event.repository.fork == false
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        if: github.event_name == 'push'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: docker/rockchip.Dockerfile
+          platforms: linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta-rk.outputs.tags }}
+          labels: ${{ steps.meta-rk.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/test.yml

@@ -26,7 +26,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.24'
 
       - name: Build Go binary
         run: go build -ldflags "-s -w" -trimpath -o ./go2rtc
@@ -79,6 +79,7 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
+          file: docker/Dockerfile
           platforms: linux/${{ matrix.platform }}
           push: false
           load: true
@@ -92,7 +93,7 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
-          file: hardware.Dockerfile
+          file: docker/hardware.Dockerfile
           platforms: linux/amd64
           push: false
           load: true

.gitignore

@@ -4,10 +4,14 @@
 go2rtc.yaml
 go2rtc.json
 
+go2rtc_freebsd*
 go2rtc_linux*
 go2rtc_mac*
 go2rtc_win*
 
+/go2rtc
+/go2rtc.exe
+
 0_test.go
 
 .DS_Store

api/openapi.yaml

@@ -237,6 +237,62 @@ paths:
 
 
 
+  /api/preload:
+    get:
+      summary: Get all preloaded streams
+      tags: [ Streams list ]
+      responses:
+        "200":
+          description: ""
+          content:
+            application/json: { example: { camera1: "video&audio", camera2: "video" } }
+    put:
+      summary: Preload new stream
+      tags: [ Streams list ]
+      parameters:
+        - name: src
+          in: query
+          description: Stream source (name)
+          required: true
+          schema: { type: string }
+          example: "camera1"
+        - name: video
+          in: query
+          description: Video codecs filter
+          required: false
+          schema: { type: string }
+          example: all,h264,h265,...
+        - name: audio
+          in: query
+          description: Audio codecs filter
+          required: false
+          schema: { type: string }
+          example: all,aac,opus,...
+        - name: microphone
+          in: query
+          description: Microphone codecs filter
+          required: false
+          schema: { type: string }
+          example: all,aac,opus,...
+      responses:
+            default:
+              description: Default response
+    delete:
+      summary: Delete preloaded stream
+      tags: [ Streams list ]
+      parameters:
+        - name: src
+          in: query
+          description: Stream source (name)
+          required: true
+          schema: { type: string }
+          example: "camera1"
+      responses:
+            default:
+              description: Default response
+
+
+
   /api/streams?src={src}:
     get:
       summary: Get stream info in JSON format

docker/Dockerfile

@@ -1,20 +1,11 @@
 # syntax=docker/dockerfile:labs
 
 # 0. Prepare images
-ARG PYTHON_VERSION="3.11"
-ARG GO_VERSION="1.22"
+ARG PYTHON_VERSION="3.13"
+ARG GO_VERSION="1.25"
 
 
-# 1. Download ngrok binary (for support arm/v6)
-FROM alpine AS ngrok
-ARG TARGETARCH
-ARG TARGETOS
-
-ADD https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-${TARGETOS}-${TARGETARCH}.tgz /
-RUN tar -xzf /ngrok-v3-stable-${TARGETOS}-${TARGETARCH}.tgz -C /bin
-
-
-# 2. Build go2rtc binary
+# 1. Build go2rtc binary
 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS build
 ARG TARGETPLATFORM
 ARG TARGETOS
@@ -35,14 +26,14 @@ COPY . .
 RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 go build -ldflags "-s -w" -trimpath
 
 
-# 3. Final image
+# 2. Final image
 FROM python:${PYTHON_VERSION}-alpine AS base
 
 # Install ffmpeg, tini (for signal handling),
 # and other common tools for the echo source.
 # alsa-plugins-pulse for ALSA support (+0MB)
 # font-droid for FFmpeg drawtext filter (+2MB)
-RUN apk add --no-cache tini ffmpeg bash curl jq alsa-plugins-pulse font-droid
+RUN apk add --no-cache tini ffmpeg ffplay bash curl jq alsa-plugins-pulse font-droid
 
 # Hardware Acceleration for Intel CPU (+50MB)
 ARG TARGETARCH
@@ -55,7 +46,6 @@ RUN if [ "${TARGETARCH}" = "amd64" ]; then apk add --no-cache libva-intel-driver
 # RUN libva-vdpau-driver mesa-vdpau-gallium (+150MB total)
 
 COPY --from=build /build/go2rtc /usr/local/bin/
-COPY --from=ngrok /bin/ngrok /usr/local/bin/
 
 ENTRYPOINT ["/sbin/tini", "--"]
 VOLUME /config

docker/README.md

@@ -0,0 +1,50 @@
+## Versions
+
+- `alexxit/go2rtc:latest` - latest release based on `alpine` (`amd64`, `386`, `arm/v6`, `arm/v7`, `arm64`) with support hardware transcoding for Intel iGPU and Raspberry
+- `alexxit/go2rtc:latest-hardware` - latest release based on `debian 13` (`amd64`) with support hardware transcoding for Intel iGPU, AMD GPU and NVidia GPU
+- `alexxit/go2rtc:latest-rockchip` - latest release based on `debian 12` (`arm64`) with support hardware transcoding for Rockchip RK35xx
+- `alexxit/go2rtc:master` - latest unstable version based on `alpine`
+- `alexxit/go2rtc:master-hardware` - latest unstable version based on `debian 13` (`amd64`)
+- `alexxit/go2rtc:master-rockchip` - latest unstable version based on `debian 12` (`arm64`)
+
+## Docker compose
+
+```yaml
+services:
+  go2rtc:
+    image: alexxit/go2rtc
+    network_mode: host       # important for WebRTC, HomeKit, UDP cameras
+    privileged: true         # only for FFmpeg hardware transcoding
+    restart: unless-stopped  # autorestart on fail or config change from WebUI
+    environment:
+      - TZ=Atlantic/Bermuda  # timezone in logs
+    volumes:
+      - "~/go2rtc:/config"   # folder for go2rtc.yaml file (edit from WebUI)
+```
+
+## Basic Deployment
+
+```bash
+docker run -d \
+  --name go2rtc \
+  --network host \
+  --privileged \
+  --restart unless-stopped \
+  -e TZ=Atlantic/Bermuda \
+  -v ~/go2rtc:/config \
+  alexxit/go2rtc
+```
+
+## Deployment with GPU Acceleration
+
+```bash
+docker run -d \
+  --name go2rtc \
+  --network host \
+  --privileged \
+  --restart unless-stopped \
+  -e TZ=Atlantic/Bermuda \
+  --gpus all \
+  -v ~/go2rtc:/config \
+  alexxit/go2rtc:latest-hardware
+```

docker/hardware.Dockerfile

@@ -4,16 +4,11 @@
 # only debian 13 (trixie) has latest ffmpeg
 # https://packages.debian.org/trixie/ffmpeg
 ARG DEBIAN_VERSION="trixie-slim"
-ARG GO_VERSION="1.22-bookworm"
-ARG NGROK_VERSION="3"
-
-FROM debian:${DEBIAN_VERSION} AS base
-FROM golang:${GO_VERSION} AS go
-FROM ngrok/ngrok:${NGROK_VERSION} AS ngrok
+ARG GO_VERSION="1.25-bookworm"
 
 
 # 1. Build go2rtc binary
-FROM --platform=$BUILDPLATFORM go AS build
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION} AS build
 ARG TARGETPLATFORM
 ARG TARGETOS
 ARG TARGETARCH
@@ -31,34 +26,28 @@ COPY . .
 RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 go build -ldflags "-s -w" -trimpath
 
 
-# 2. Collect all files
-FROM scratch AS rootfs
+# 2. Final image
+FROM debian:${DEBIAN_VERSION}
 
-COPY --link --from=build /build/go2rtc /usr/local/bin/
-COPY --link --from=ngrok /bin/ngrok /usr/local/bin/
-
-# 3. Final image
-FROM base
 # Prepare apt for buildkit cache
 RUN rm -f /etc/apt/apt.conf.d/docker-clean \
   && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache
-# Install ffmpeg, bash (for run.sh), tini (for signal handling),
+
+# Install ffmpeg, tini (for signal handling),
 # and other common tools for the echo source.
 # non-free for Intel QSV support (not used by go2rtc, just for tests)
 # mesa-va-drivers for AMD APU
 # libasound2-plugins for ALSA support
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked --mount=type=cache,target=/var/lib/apt,sharing=locked \
     echo 'deb http://deb.debian.org/debian trixie non-free' > /etc/apt/sources.list.d/debian-non-free.list && \
-    apt-get -y update && apt-get -y install tini ffmpeg \
+    apt-get -y update && apt-get -y install ffmpeg tini \
         python3 curl jq \
         intel-media-va-driver-non-free \
         mesa-va-drivers \
         libasound2-plugins && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
-COPY --link --from=rootfs / /
-
-
+COPY --from=build /build/go2rtc /usr/local/bin/
 
 ENTRYPOINT ["/usr/bin/tini", "--"]
 VOLUME /config

docker/rockchip.Dockerfile

@@ -0,0 +1,50 @@
+# syntax=docker/dockerfile:labs
+
+# 0. Prepare images
+ARG PYTHON_VERSION="3.13-slim-bookworm"
+ARG GO_VERSION="1.25-bookworm"
+
+
+# 1. Build go2rtc binary
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION} AS build
+ARG TARGETPLATFORM
+ARG TARGETOS
+ARG TARGETARCH
+
+ENV GOOS=${TARGETOS}
+ENV GOARCH=${TARGETARCH}
+
+WORKDIR /build
+
+# Cache dependencies
+COPY go.mod go.sum ./
+RUN --mount=type=cache,target=/root/.cache/go-build go mod download
+
+COPY . .
+RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 go build -ldflags "-s -w" -trimpath
+
+
+# 2. Final image
+FROM python:${PYTHON_VERSION}
+
+# Prepare apt for buildkit cache
+RUN rm -f /etc/apt/apt.conf.d/docker-clean \
+  && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache
+
+# Install ffmpeg, tini (for signal handling),
+# and other common tools for the echo source.
+# libasound2-plugins for ALSA support
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get -y update && apt-get -y install tini \
+        curl jq \
+        libasound2-plugins && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+COPY --from=build /build/go2rtc /usr/local/bin/
+ADD --chmod=755 https://github.com/MarcA711/Rockchip-FFmpeg-Builds/releases/download/6.1-8-no_extra_dump/ffmpeg /usr/local/bin
+
+ENTRYPOINT ["/usr/bin/tini", "--"]
+VOLUME /config
+WORKDIR /config
+
+CMD ["go2rtc", "-config", "/config/go2rtc.yaml"]

examples/go2rtc_mjpeg/main.go

@@ -0,0 +1,26 @@
+package main
+
+import (
+	"github.com/AlexxIT/go2rtc/internal/api"
+	"github.com/AlexxIT/go2rtc/internal/api/ws"
+	"github.com/AlexxIT/go2rtc/internal/app"
+	"github.com/AlexxIT/go2rtc/internal/ffmpeg"
+	"github.com/AlexxIT/go2rtc/internal/mjpeg"
+	"github.com/AlexxIT/go2rtc/internal/streams"
+	"github.com/AlexxIT/go2rtc/internal/v4l2"
+	"github.com/AlexxIT/go2rtc/pkg/shell"
+)
+
+func main() {
+	app.Init()
+	streams.Init()
+
+	api.Init()
+	ws.Init()
+
+	ffmpeg.Init()
+	mjpeg.Init()
+	v4l2.Init()
+
+	shell.RunUntilSignal()
+}

examples/homekit_info/main.go

@@ -54,7 +54,7 @@ var chars = map[string]string{
 	"21C": "Third Party Camera Active",
 	"21D": "Camera Operating Mode Indicator",
 	"11B": "Night Vision",
-	"129": "Supported Data Stream Transport Configuration",
+	//"129": "Supported Data Stream Transport Configuration",
 	"37":  "Version",
 	"131": "Setup Data Stream Transport",
 	"130": "Supported Data Stream Transport Configuration",

examples/mod_pinggy/go.mod

@@ -0,0 +1,9 @@
+module pinggy
+
+go 1.25
+
+require (
+	github.com/Pinggy-io/pinggy-go/pinggy v0.6.9 // indirect
+	golang.org/x/crypto v0.8.0 // indirect
+	golang.org/x/sys v0.7.0 // indirect
+)

examples/mod_pinggy/go.sum

@@ -0,0 +1,39 @@
+github.com/Pinggy-io/pinggy-go/pinggy v0.6.9 h1:lzZ00JK6BUGQXnpkJZ+cVj8kIkXsmiVBUci9uEkSwEY=
+github.com/Pinggy-io/pinggy-go/pinggy v0.6.9/go.mod h1:V1Sxb+4zyr36o9atZiqtT4XhsKtW1RSb2GvsbTbTJYw=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
+golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

examples/mod_pinggy/main.go

@@ -0,0 +1,41 @@
+package main
+
+import (
+	"log"
+	"os"
+
+	"github.com/Pinggy-io/pinggy-go/pinggy"
+)
+
+func main() {
+	tunType := os.Args[1]
+	address := os.Args[2]
+
+	log.SetFlags(log.Llongfile | log.LstdFlags)
+
+	config := pinggy.Config{
+		Type:              pinggy.TunnelType(tunType),
+		TcpForwardingAddr: address,
+
+		//SshOverSsl: true,
+		//Stdout:     os.Stderr,
+		//Stderr:     os.Stderr,
+	}
+
+	if tunType == "http" {
+		hman := pinggy.CreateHeaderManipulationAndAuthConfig()
+		//hman.SetReverseProxy(address)
+		//hman.SetPassPreflight(true)
+		//hman.SetNoReverseProxy()
+		config.HeaderManipulationAndAuth = hman
+	}
+
+	pl, err := pinggy.ConnectWithConfig(config)
+	if err != nil {
+		log.Panicln(err)
+	}
+	log.Println("Addrs: ", pl.RemoteUrls())
+	//err = pl.InitiateWebDebug("localhost:3424")
+	//log.Println(err)
+	pl.StartForwarding()
+}

examples/onvif_client/README.md

@@ -0,0 +1,5 @@
+## Example
+
+```shell
+go run examples/onvif_client/main.go http://admin:password@192.168.10.90 GetAudioEncoderConfigurations
+```

examples/onvif_client/main.go

@@ -0,0 +1,75 @@
+package main
+
+import (
+	"log"
+	"net/url"
+	"os"
+
+	"github.com/AlexxIT/go2rtc/pkg/onvif"
+)
+
+func main() {
+	var rawURL = os.Args[1]
+	var operation = os.Args[2]
+	var token string
+	if len(os.Args) > 3 {
+		token = os.Args[3]
+	}
+
+	client, err := onvif.NewClient(rawURL)
+	if err != nil {
+		log.Panic(err)
+	}
+
+	var b []byte
+
+	switch operation {
+	case onvif.ServiceGetServiceCapabilities:
+		b, err = client.MediaRequest(operation)
+	case onvif.DeviceGetCapabilities,
+		onvif.DeviceGetDeviceInformation,
+		onvif.DeviceGetDiscoveryMode,
+		onvif.DeviceGetDNS,
+		onvif.DeviceGetHostname,
+		onvif.DeviceGetNetworkDefaultGateway,
+		onvif.DeviceGetNetworkInterfaces,
+		onvif.DeviceGetNetworkProtocols,
+		onvif.DeviceGetNTP,
+		onvif.DeviceGetScopes,
+		onvif.DeviceGetServices,
+		onvif.DeviceGetSystemDateAndTime,
+		onvif.DeviceSystemReboot:
+		b, err = client.DeviceRequest(operation)
+	case onvif.MediaGetProfiles,
+		onvif.MediaGetVideoEncoderConfigurations,
+		onvif.MediaGetVideoSources,
+		onvif.MediaGetVideoSourceConfigurations,
+		onvif.MediaGetAudioEncoderConfigurations,
+		onvif.MediaGetAudioSources,
+		onvif.MediaGetAudioSourceConfigurations:
+		b, err = client.MediaRequest(operation)
+	case onvif.MediaGetProfile:
+		b, err = client.GetProfile(token)
+	case onvif.MediaGetVideoSourceConfiguration:
+		b, err = client.GetVideoSourceConfiguration(token)
+	case onvif.MediaGetStreamUri:
+		b, err = client.GetStreamUri(token)
+	case onvif.MediaGetSnapshotUri:
+		b, err = client.GetSnapshotUri(token)
+	default:
+		log.Printf("unknown action\n")
+	}
+
+	if err != nil {
+		log.Printf("%s\n", err)
+	}
+
+	u, err := url.Parse(rawURL)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if err = os.WriteFile(u.Hostname()+"_"+operation+".xml", b, 0644); err != nil {
+		log.Printf("%s\n", err)
+	}
+}

go.mod

@@ -1,49 +1,50 @@
 module github.com/AlexxIT/go2rtc
 
-go 1.20
+go 1.24.0
 
 require (
-	github.com/asticode/go-astits v1.13.0
-	github.com/expr-lang/expr v1.16.9
+	github.com/asticode/go-astits v1.14.0
+	github.com/eclipse/paho.mqtt.golang v1.5.1
+	github.com/expr-lang/expr v1.17.6
+	github.com/google/uuid v1.6.0
 	github.com/gorilla/websocket v1.5.3
 	github.com/mattn/go-isatty v0.0.20
-	github.com/miekg/dns v1.1.62
-	github.com/pion/ice/v2 v2.3.36
-	github.com/pion/interceptor v0.1.37
-	github.com/pion/rtcp v1.2.14
-	github.com/pion/rtp v1.8.9
-	github.com/pion/sdp/v3 v3.0.9
-	github.com/pion/srtp/v2 v2.0.20
-	github.com/pion/stun v0.6.1
-	github.com/pion/webrtc/v3 v3.3.4
-	github.com/rs/zerolog v1.33.0
+	github.com/miekg/dns v1.1.69
+	github.com/pion/ice/v4 v4.1.0
+	github.com/pion/interceptor v0.1.42
+	github.com/pion/rtcp v1.2.16
+	github.com/pion/rtp v1.8.26
+	github.com/pion/sdp/v3 v3.0.16
+	github.com/pion/srtp/v3 v3.0.9
+	github.com/pion/stun/v3 v3.0.2
+	github.com/pion/webrtc/v4 v4.1.8
+	github.com/rs/zerolog v1.34.0
 	github.com/sigurn/crc16 v0.0.0-20240131213347-83fcde1e29d1
 	github.com/sigurn/crc8 v0.0.0-20220107193325-2243fe600f9f
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.11.1
 	github.com/tadglines/go-pkgs v0.0.0-20210623144937-b983b20f54f9
-	golang.org/x/crypto v0.28.0
+	golang.org/x/crypto v0.46.0
+	golang.org/x/net v0.48.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	github.com/asticode/go-astikit v0.45.0 // indirect
+	github.com/asticode/go-astikit v0.57.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/google/uuid v1.6.0 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/pion/datachannel v1.5.9 // indirect
-	github.com/pion/dtls/v2 v2.2.12 // indirect
-	github.com/pion/logging v0.2.2 // indirect
-	github.com/pion/mdns v0.0.12 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/pion/datachannel v1.5.10 // indirect
+	github.com/pion/dtls/v3 v3.0.9 // indirect
+	github.com/pion/logging v0.2.4 // indirect
+	github.com/pion/mdns/v2 v2.1.0 // indirect
 	github.com/pion/randutil v0.1.0 // indirect
-	github.com/pion/sctp v1.8.33 // indirect
-	github.com/pion/transport/v2 v2.2.10 // indirect
-	github.com/pion/turn/v2 v2.1.6 // indirect
+	github.com/pion/sctp v1.8.41 // indirect
+	github.com/pion/transport/v3 v3.1.1 // indirect
+	github.com/pion/turn/v4 v4.1.3 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/wlynxg/anet v0.0.5 // indirect
-	golang.org/x/mod v0.18.0 // indirect
-	golang.org/x/net v0.27.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/tools v0.22.0 // indirect
+	golang.org/x/mod v0.31.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/tools v0.40.0 // indirect
 )

go.sum

@@ -1,77 +1,69 @@
 github.com/asticode/go-astikit v0.30.0/go.mod h1:h4ly7idim1tNhaVkdVBeXQZEE3L0xblP7fCWbgwipF0=
-github.com/asticode/go-astikit v0.45.0 h1:08to/jrbod9tchF2bJ9moW+RTDK7DBUxLdIeSE7v7Sw=
-github.com/asticode/go-astikit v0.45.0/go.mod h1:h4ly7idim1tNhaVkdVBeXQZEE3L0xblP7fCWbgwipF0=
-github.com/asticode/go-astits v1.13.0 h1:XOgkaadfZODnyZRR5Y0/DWkA9vrkLLPLeeOvDwfKZ1c=
-github.com/asticode/go-astits v1.13.0/go.mod h1:QSHmknZ51pf6KJdHKZHJTLlMegIrhega3LPWz3ND/iI=
+github.com/asticode/go-astikit v0.57.1 h1:fEykwH98Nny08kcRbk4uer+S8h0rKveCIpG9F6NVLuA=
+github.com/asticode/go-astikit v0.57.1/go.mod h1:fV43j20UZYfXzP9oBn33udkvCvDvCDhzjVqoLFuuYZE=
+github.com/asticode/go-astits v1.14.0 h1:zkgnZzipx2XX5mWycqsSBeEyDH58+i4HtyF4j2ROb00=
+github.com/asticode/go-astits v1.14.0/go.mod h1:QSHmknZ51pf6KJdHKZHJTLlMegIrhega3LPWz3ND/iI=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/expr-lang/expr v1.16.9 h1:WUAzmR0JNI9JCiF0/ewwHB1gmcGw5wW7nWt8gc6PpCI=
-github.com/expr-lang/expr v1.16.9/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
+github.com/eclipse/paho.mqtt.golang v1.5.1 h1:/VSOv3oDLlpqR2Epjn1Q7b2bSTplJIeV2ISgCl2W7nE=
+github.com/eclipse/paho.mqtt.golang v1.5.1/go.mod h1:1/yJCneuyOoCOzKSsOTUc0AJfpsItBGWvYpBLimhArU=
+github.com/expr-lang/expr v1.17.6 h1:1h6i8ONk9cexhDmowO/A64VPxHScu7qfSl2k8OlINec=
+github.com/expr-lang/expr v1.17.6/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
-github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ=
-github.com/pion/datachannel v1.5.9 h1:LpIWAOYPyDrXtU+BW7X0Yt/vGtYxtXQ8ql7dFfYUVZA=
-github.com/pion/datachannel v1.5.9/go.mod h1:kDUuk4CU4Uxp82NH4LQZbISULkX/HtzKa4P7ldf9izE=
-github.com/pion/dtls/v2 v2.2.7/go.mod h1:8WiMkebSHFD0T+dIU+UeBaoV7kDhOW5oDCzZ7WZ/F9s=
-github.com/pion/dtls/v2 v2.2.12 h1:KP7H5/c1EiVAAKUmXyCzPiQe5+bCJrpOeKg/L05dunk=
-github.com/pion/dtls/v2 v2.2.12/go.mod h1:d9SYc9fch0CqK90mRk1dC7AkzzpwJj6u2GU3u+9pqFE=
-github.com/pion/ice/v2 v2.3.36 h1:SopeXiVbbcooUg2EIR8sq4b13RQ8gzrkkldOVg+bBsc=
-github.com/pion/ice/v2 v2.3.36/go.mod h1:mBF7lnigdqgtB+YHkaY/Y6s6tsyRyo4u4rPGRuOjUBQ=
-github.com/pion/interceptor v0.1.37 h1:aRA8Zpab/wE7/c0O3fh1PqY0AJI3fCSEM5lRWJVorwI=
-github.com/pion/interceptor v0.1.37/go.mod h1:JzxbJ4umVTlZAf+/utHzNesY8tmRkM2lVmkS82TTj8Y=
-github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
-github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
-github.com/pion/mdns v0.0.12 h1:CiMYlY+O0azojWDmxdNr7ADGrnZ+V6Ilfner+6mSVK8=
-github.com/pion/mdns v0.0.12/go.mod h1:VExJjv8to/6Wqm1FXK+Ii/Z9tsVk/F5sD/N70cnYFbk=
+github.com/miekg/dns v1.1.69 h1:Kb7Y/1Jo+SG+a2GtfoFUfDkG//csdRPwRLkCsxDG9Sc=
+github.com/miekg/dns v1.1.69/go.mod h1:7OyjD9nEba5OkqQ/hB4fy3PIoxafSZJtducccIelz3g=
+github.com/pion/datachannel v1.5.10 h1:ly0Q26K1i6ZkGf42W7D4hQYR90pZwzFOjTq5AuCKk4o=
+github.com/pion/datachannel v1.5.10/go.mod h1:p/jJfC9arb29W7WrxyKbepTU20CFgyx5oLo8Rs4Py/M=
+github.com/pion/dtls/v3 v3.0.9 h1:4AijfFRm8mAjd1gfdlB1wzJF3fjjR/VPIpJgkEtvYmM=
+github.com/pion/dtls/v3 v3.0.9/go.mod h1:abApPjgadS/ra1wvUzHLc3o2HvoxppAh+NZkyApL4Os=
+github.com/pion/ice/v4 v4.1.0 h1:YlxIii2bTPWyC08/4hdmtYq4srbrY0T9xcTsTjldGqU=
+github.com/pion/ice/v4 v4.1.0/go.mod h1:5gPbzYxqenvn05k7zKPIZFuSAufolygiy6P1U9HzvZ4=
+github.com/pion/interceptor v0.1.42 h1:0/4tvNtruXflBxLfApMVoMubUMik57VZ+94U0J7cmkQ=
+github.com/pion/interceptor v0.1.42/go.mod h1:g6XYTChs9XyolIQFhRHOOUS+bGVGLRfgTCUzH29EfVU=
+github.com/pion/logging v0.2.4 h1:tTew+7cmQ+Mc1pTBLKH2puKsOvhm32dROumOZ655zB8=
+github.com/pion/logging v0.2.4/go.mod h1:DffhXTKYdNZU+KtJ5pyQDjvOAh/GsNSyv1lbkFbe3so=
+github.com/pion/mdns/v2 v2.1.0 h1:3IJ9+Xio6tWYjhN6WwuY142P/1jA0D5ERaIqawg/fOY=
+github.com/pion/mdns/v2 v2.1.0/go.mod h1:pcez23GdynwcfRU1977qKU0mDxSeucttSHbCSfFOd9A=
 github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
 github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
-github.com/pion/rtcp v1.2.12/go.mod h1:sn6qjxvnwyAkkPzPULIbVqSKI5Dv54Rv7VG0kNxh9L4=
-github.com/pion/rtcp v1.2.14 h1:KCkGV3vJ+4DAJmvP0vaQShsb0xkRfWkO540Gy102KyE=
-github.com/pion/rtcp v1.2.14/go.mod h1:sn6qjxvnwyAkkPzPULIbVqSKI5Dv54Rv7VG0kNxh9L4=
-github.com/pion/rtp v1.8.3/go.mod h1:pBGHaFt/yW7bf1jjWAoUjpSNoDnw98KTMg+jWWvziqU=
-github.com/pion/rtp v1.8.9 h1:E2HX740TZKaqdcPmf4pw6ZZuG8u5RlMMt+l3dxeu6Wk=
-github.com/pion/rtp v1.8.9/go.mod h1:pBGHaFt/yW7bf1jjWAoUjpSNoDnw98KTMg+jWWvziqU=
-github.com/pion/sctp v1.8.33 h1:dSE4wX6uTJBcNm8+YlMg7lw1wqyKHggsP5uKbdj+NZw=
-github.com/pion/sctp v1.8.33/go.mod h1:beTnqSzewI53KWoG3nqB282oDMGrhNxBdb+JZnkCwRM=
-github.com/pion/sdp/v3 v3.0.9 h1:pX++dCHoHUwq43kuwf3PyJfHlwIj4hXA7Vrifiq0IJY=
-github.com/pion/sdp/v3 v3.0.9/go.mod h1:B5xmvENq5IXJimIO4zfp6LAe1fD9N+kFv+V/1lOdz8M=
-github.com/pion/srtp/v2 v2.0.20 h1:HNNny4s+OUmG280ETrCdgFndp4ufx3/uy85EawYEhTk=
-github.com/pion/srtp/v2 v2.0.20/go.mod h1:0KJQjA99A6/a0DOVTu1PhDSw0CXF2jTkqOoMg3ODqdA=
-github.com/pion/stun v0.6.1 h1:8lp6YejULeHBF8NmV8e2787BogQhduZugh5PdhDyyN4=
-github.com/pion/stun v0.6.1/go.mod h1:/hO7APkX4hZKu/D0f2lHzNyvdkTGtIy3NDmLR7kSz/8=
-github.com/pion/transport/v2 v2.2.1/go.mod h1:cXXWavvCnFF6McHTft3DWS9iic2Mftcz1Aq29pGcU5g=
-github.com/pion/transport/v2 v2.2.3/go.mod h1:q2U/tf9FEfnSBGSW6w5Qp5PFWRLRj3NjLhCCgpRK4p0=
-github.com/pion/transport/v2 v2.2.4/go.mod h1:q2U/tf9FEfnSBGSW6w5Qp5PFWRLRj3NjLhCCgpRK4p0=
-github.com/pion/transport/v2 v2.2.10 h1:ucLBLE8nuxiHfvkFKnkDQRYWYfp8ejf4YBOPfaQpw6Q=
-github.com/pion/transport/v2 v2.2.10/go.mod h1:sq1kSLWs+cHW9E+2fJP95QudkzbK7wscs8yYgQToO5E=
-github.com/pion/transport/v3 v3.0.1/go.mod h1:UY7kiITrlMv7/IKgd5eTUcaahZx5oUN3l9SzK5f5xE0=
-github.com/pion/transport/v3 v3.0.7 h1:iRbMH05BzSNwhILHoBoAPxoB9xQgOaJk+591KC9P1o0=
-github.com/pion/turn/v2 v2.1.3/go.mod h1:huEpByKKHix2/b9kmTAM3YoX6MKP+/D//0ClgUYR2fY=
-github.com/pion/turn/v2 v2.1.6 h1:Xr2niVsiPTB0FPtt+yAWKFUkU1eotQbGgpTIld4x1Gc=
-github.com/pion/turn/v2 v2.1.6/go.mod h1:huEpByKKHix2/b9kmTAM3YoX6MKP+/D//0ClgUYR2fY=
-github.com/pion/webrtc/v3 v3.3.4 h1:v2heQVnXTSqNRXcaFQVOhIOYkLMxOu1iJG8uy1djvkk=
-github.com/pion/webrtc/v3 v3.3.4/go.mod h1:liNa+E1iwyzyXqNUwvoMRNQ10x8h8FOeJKL8RkIbamE=
+github.com/pion/rtcp v1.2.16 h1:fk1B1dNW4hsI78XUCljZJlC4kZOPk67mNRuQ0fcEkSo=
+github.com/pion/rtcp v1.2.16/go.mod h1:/as7VKfYbs5NIb4h6muQ35kQF/J0ZVNz2Z3xKoCBYOo=
+github.com/pion/rtp v1.8.26 h1:VB+ESQFQhBXFytD+Gk8cxB6dXeVf2WQzg4aORvAvAAc=
+github.com/pion/rtp v1.8.26/go.mod h1:rF5nS1GqbR7H/TCpKwylzeq6yDM+MM6k+On5EgeThEM=
+github.com/pion/sctp v1.8.41 h1:20R4OHAno4Vky3/iE4xccInAScAa83X6nWUfyc65MIs=
+github.com/pion/sctp v1.8.41/go.mod h1:2wO6HBycUH7iCssuGyc2e9+0giXVW0pyCv3ZuL8LiyY=
+github.com/pion/sdp/v3 v3.0.16 h1:0dKzYO6gTAvuLaAKQkC02eCPjMIi4NuAr/ibAwrGDCo=
+github.com/pion/sdp/v3 v3.0.16/go.mod h1:9tyKzznud3qiweZcD86kS0ff1pGYB3VX+Bcsmkx6IXo=
+github.com/pion/srtp/v3 v3.0.9 h1:lRGF4G61xxj+m/YluB3ZnBpiALSri2lTzba0kGZMrQY=
+github.com/pion/srtp/v3 v3.0.9/go.mod h1:E+AuWd7Ug2Fp5u38MKnhduvpVkveXJX6J4Lq4rxUYt8=
+github.com/pion/stun/v3 v3.0.2 h1:BJuGEN2oLrJisiNEJtUTJC4BGbzbfp37LizfqswblFU=
+github.com/pion/stun/v3 v3.0.2/go.mod h1:JFJKfIWvt178MCF5H/YIgZ4VX3LYE77vca4b9HP60SA=
+github.com/pion/transport/v3 v3.1.1 h1:Tr684+fnnKlhPceU+ICdrw6KKkTms+5qHMgw6bIkYOM=
+github.com/pion/transport/v3 v3.1.1/go.mod h1:+c2eewC5WJQHiAA46fkMMzoYZSuGzA/7E2FPrOYHctQ=
+github.com/pion/turn/v4 v4.1.3 h1:jVNW0iR05AS94ysEtvzsrk3gKs9Zqxf6HmnsLfRvlzA=
+github.com/pion/turn/v4 v4.1.3/go.mod h1:TD/eiBUf5f5LwXbCJa35T7dPtTpCHRJ9oJWmyPLVT3A=
+github.com/pion/webrtc/v4 v4.1.8 h1:ynkjfiURDQ1+8EcJsoa60yumHAmyeYjz08AaOuor+sk=
+github.com/pion/webrtc/v4 v4.1.8/go.mod h1:KVaARG2RN0lZx0jc7AWTe38JpPv+1/KicOZ9jN52J/s=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.4.0/go.mod h1:NWz/XGvpEW1FyYQ7fCx4dqYBLlfTcE+A9FLAkNKqjFE=
@@ -79,97 +71,41 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
-github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8=
-github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
+github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
+github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
+github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
 github.com/sigurn/crc16 v0.0.0-20240131213347-83fcde1e29d1 h1:NVK+OqnavpyFmUiKfUMHrpvbCi2VFoWTrcpI7aDaJ2I=
 github.com/sigurn/crc16 v0.0.0-20240131213347-83fcde1e29d1/go.mod h1:9/etS5gpQq9BJsJMWg1wpLbfuSnkm8dPF6FdW2JXVhA=
 github.com/sigurn/crc8 v0.0.0-20220107193325-2243fe600f9f h1:1R9KdKjCNSd7F8iGTxIpoID9prlYH8nuNYKt0XvweHA=
 github.com/sigurn/crc8 v0.0.0-20220107193325-2243fe600f9f/go.mod h1:vQhwQ4meQEDfahT5kd61wLAF5AAeh5ZPLVI4JJ/tYo8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/tadglines/go-pkgs v0.0.0-20210623144937-b983b20f54f9 h1:aeN+ghOV0b2VCmKKO3gqnDQ8mLbpABZgRR2FVYx4ouI=
 github.com/tadglines/go-pkgs v0.0.0-20210623144937-b983b20f54f9/go.mod h1:roo6cZ/uqpwKMuvPG0YmzI5+AmUiMWfjCBZpGXqbTxE=
-github.com/wlynxg/anet v0.0.3/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA=
 github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU=
 github.com/wlynxg/anet v0.0.5/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
-golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
-golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
-golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
-golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
-golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
-golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
-golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
+golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
-golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
-golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/alsa/alsa.go

@@ -0,0 +1,7 @@
+//go:build !(linux && (386 || amd64 || arm || arm64 || mipsle))
+
+package alsa
+
+func Init() {
+	// not supported
+}

internal/alsa/alsa_linux.go

@@ -0,0 +1,83 @@
+//go:build linux && (386 || amd64 || arm || arm64 || mipsle)
+
+package alsa
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/AlexxIT/go2rtc/internal/api"
+	"github.com/AlexxIT/go2rtc/internal/streams"
+	"github.com/AlexxIT/go2rtc/pkg/alsa"
+	"github.com/AlexxIT/go2rtc/pkg/alsa/device"
+)
+
+func Init() {
+	streams.HandleFunc("alsa", alsa.Open)
+
+	api.HandleFunc("api/alsa", apiAlsa)
+}
+
+func apiAlsa(w http.ResponseWriter, r *http.Request) {
+	files, err := os.ReadDir("/dev/snd/")
+	if err != nil {
+		return
+	}
+
+	var sources []*api.Source
+
+	for _, file := range files {
+		if !strings.HasPrefix(file.Name(), "pcm") {
+			continue
+		}
+
+		path := "/dev/snd/" + file.Name()
+
+		dev, err := device.Open(path)
+		if err != nil {
+			continue
+		}
+
+		info, err := dev.Info()
+		if err == nil {
+			formats := formatsToString(dev.ListFormats())
+			r1, r2 := dev.RangeRates()
+			c1, c2 := dev.RangeChannels()
+			source := &api.Source{
+				Name: info.ID,
+				Info: fmt.Sprintf("Formats: %s, Rates: %d-%d, Channels: %d-%d", formats, r1, r2, c1, c2),
+				URL:  "alsa:device?audio=" + path,
+			}
+			if !strings.Contains(source.Name, info.Name) {
+				source.Name += ", " + info.Name
+			}
+			sources = append(sources, source)
+		}
+
+		_ = dev.Close()
+	}
+
+	api.ResponseSources(w, sources)
+}
+
+func formatsToString(formats []byte) string {
+	var s string
+	for i, format := range formats {
+		if i > 0 {
+			s += " "
+		}
+		switch format {
+		case 2:
+			s += "s16le"
+		case 10:
+			s += "s32le"
+		default:
+			s += strconv.Itoa(int(format))
+		}
+
+	}
+	return s
+}

internal/api/api.go

@@ -7,6 +7,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"slices"
 	"strconv"
 	"strings"
 	"sync"
@@ -23,6 +24,7 @@ func Init() {
 			Listen     string `yaml:"listen"`
 			Username   string `yaml:"username"`
 			Password   string `yaml:"password"`
+			LocalAuth  bool   `yaml:"local_auth"`
 			BasePath   string `yaml:"base_path"`
 			StaticDir  string `yaml:"static_dir"`
 			Origin     string `yaml:"origin"`
@@ -30,6 +32,8 @@ func Init() {
 			TLSCert    string `yaml:"tls_cert"`
 			TLSKey     string `yaml:"tls_key"`
 			UnixListen string `yaml:"unix_listen"`
+
+			AllowPaths []string `yaml:"allow_paths"`
 		} `yaml:"api"`
 	}
 
@@ -43,6 +47,7 @@ func Init() {
 		return
 	}
 
+	allowPaths = cfg.Mod.AllowPaths
 	basePath = cfg.Mod.BasePath
 	log = app.GetLogger("api")
 
@@ -61,7 +66,7 @@ func Init() {
 	}
 
 	if cfg.Mod.Username != "" {
-		Handler = middlewareAuth(cfg.Mod.Username, cfg.Mod.Password, Handler) // 2nd
+		Handler = middlewareAuth(cfg.Mod.Username, cfg.Mod.Password, cfg.Mod.LocalAuth, Handler) // 2nd
 	}
 
 	if log.Trace().Enabled() {
@@ -69,6 +74,8 @@ func Init() {
 	}
 
 	if cfg.Mod.Listen != "" {
+		_, port, _ := net.SplitHostPort(cfg.Mod.Listen)
+		Port, _ = strconv.Atoi(port)
 		go listen("tcp", cfg.Mod.Listen)
 	}
 
@@ -92,10 +99,6 @@ func listen(network, address string) {
 
 	log.Info().Str("addr", address).Msg("[api] listen")
 
-	if network == "tcp" {
-		Port = ln.Addr().(*net.TCPAddr).Port
-	}
-
 	server := http.Server{
 		Handler:           Handler,
 		ReadHeaderTimeout: 5 * time.Second, // Example: Set to 5 seconds
@@ -154,6 +157,10 @@ func HandleFunc(pattern string, handler http.HandlerFunc) {
 	if len(pattern) == 0 || pattern[0] != '/' {
 		pattern = basePath + "/" + pattern
 	}
+	if allowPaths != nil && !slices.Contains(allowPaths, pattern) {
+		log.Trace().Str("path", pattern).Msg("[api] ignore path not in allow_paths")
+		return
+	}
 	log.Trace().Str("path", pattern).Msg("[api] register path")
 	http.HandleFunc(pattern, handler)
 }
@@ -187,6 +194,7 @@ func Response(w http.ResponseWriter, body any, contentType string) {
 
 const StreamNotFound = "stream not found"
 
+var allowPaths []string
 var basePath string
 var log zerolog.Logger
 
@@ -197,9 +205,13 @@ func middlewareLog(next http.Handler) http.Handler {
 	})
 }
 
-func middlewareAuth(username, password string, next http.Handler) http.Handler {
+func isLoopback(remoteAddr string) bool {
+	return strings.HasPrefix(remoteAddr, "127.") || strings.HasPrefix(remoteAddr, "[::1]") || remoteAddr == "@"
+}
+
+func middlewareAuth(username, password string, localAuth bool, next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if !strings.HasPrefix(r.RemoteAddr, "127.") && !strings.HasPrefix(r.RemoteAddr, "[::1]") && r.RemoteAddr != "@" {
+		if localAuth || !isLoopback(r.RemoteAddr) {
 			user, pass, ok := r.BasicAuth()
 			if !ok || user != username || pass != password {
 				w.Header().Set("Www-Authenticate", `Basic realm="go2rtc"`)

internal/api/static.go

@@ -1,8 +1,9 @@
 package api
 
 import (
-	"github.com/AlexxIT/go2rtc/www"
 	"net/http"
+
+	"github.com/AlexxIT/go2rtc/www"
 )
 
 func initStatic(staticDir string) {

internal/api/ws/ws.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/AlexxIT/go2rtc/internal/api"
 	"github.com/AlexxIT/go2rtc/internal/app"
+	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/gorilla/websocket"
 	"github.com/rs/zerolog"
 )
@@ -37,16 +38,21 @@ var log zerolog.Logger
 type Message struct {
 	Type  string `json:"type"`
 	Value any    `json:"value,omitempty"`
-	Raw   []byte `json:"-"`
 }
 
 func (m *Message) String() (value string) {
-	_ = json.Unmarshal(m.Raw, &value)
+	if s, ok := m.Value.(string); ok {
+		return s
+	}
 	return
 }
 
 func (m *Message) Unmarshal(v any) error {
-	return json.Unmarshal(m.Raw, v)
+	b, err := json.Marshal(m.Value)
+	if err != nil {
+		return err
+	}
+	return json.Unmarshal(b, v)
 }
 
 type WSHandler func(tr *Transport, msg *Message) error
@@ -113,11 +119,8 @@ func apiWS(w http.ResponseWriter, r *http.Request) {
 	})
 
 	for {
-		var raw struct {
-			Type  string          `json:"type"`
-			Value json.RawMessage `json:"value"`
-		}
-		if err = ws.ReadJSON(&raw); err != nil {
+		msg := new(Message)
+		if err = ws.ReadJSON(msg); err != nil {
 			if !websocket.IsCloseError(err, websocket.CloseNoStatusReceived) {
 				log.Trace().Err(err).Caller().Send()
 			}
@@ -125,14 +128,13 @@ func apiWS(w http.ResponseWriter, r *http.Request) {
 			break
 		}
 
-		msg := &Message{Type: raw.Type, Raw: raw.Value}
-
 		log.Trace().Str("type", msg.Type).Msg("[api] ws msg")
 
 		if handler := wsHandlers[msg.Type]; handler != nil {
 			go func() {
 				if err = handler(tr, msg); err != nil {
-					tr.Write(&Message{Type: "error", Value: msg.Type + ": " + err.Error()})
+					errMsg := core.StripUserinfo(err.Error())
+					tr.Write(&Message{Type: "error", Value: msg.Type + ": " + errMsg})
 				}
 			}()
 		}

internal/app/README.md

@@ -19,15 +19,15 @@ go2rtc -c log.format=text -c /config/go2rtc.yaml -c rtsp.listen='' -c /usr/local
 
 ## Environment variables
 
-Also go2rtc support templates for using environment variables in any part of config:
+There is support for loading external variables into the config. First, they will be attempted to be loaded from [credential files](https://systemd.io/CREDENTIALS). If `CREDENTIALS_DIRECTORY` is not set, then the key will be loaded from an environment variable. If no environment variable is set, then the string will be left as-is.
 
 ```yaml
 streams:
   camera1: rtsp://rtsp:${CAMERA_PASSWORD}@192.168.1.123/av_stream/ch0
 
 rtsp:
-  username: ${RTSP_USER:admin}   # "admin" if env "RTSP_USER" not set
-  password: ${RTSP_PASS:secret}  # "secret" if env "RTSP_PASS" not set
+  username: ${RTSP_USER:admin}   # "admin" if "RTSP_USER" not set
+  password: ${RTSP_PASS:secret}  # "secret" if "RTSP_PASS" not set
 ```
 
 ## JSON Schema

internal/app/app.go

@@ -11,6 +11,7 @@ import (
 
 var (
 	Version    string
+	Modules    []string
 	UserAgent  string
 	ConfigPath string
 	Info       = make(map[string]any)
@@ -76,6 +77,16 @@ func Init() {
 	if ConfigPath != "" {
 		Logger.Info().Str("path", ConfigPath).Msg("config")
 	}
+
+	var cfg struct {
+		Mod struct {
+			Modules []string `yaml:"modules"`
+		} `yaml:"app"`
+	}
+
+	LoadConfig(&cfg)
+
+	Modules = cfg.Mod.Modules
 }
 
 func readRevisionTime() (revision, vcsTime string) {

internal/app/config.go

@@ -5,8 +5,9 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+	"sync"
 
-	"github.com/AlexxIT/go2rtc/pkg/shell"
+	"github.com/AlexxIT/go2rtc/pkg/creds"
 	"github.com/AlexxIT/go2rtc/pkg/yaml"
 )
 
@@ -18,15 +19,20 @@ func LoadConfig(v any) {
 	}
 }
 
-func PatchConfig(key string, value any, path ...string) error {
+var configMu sync.Mutex
+
+func PatchConfig(path []string, value any) error {
 	if ConfigPath == "" {
 		return errors.New("config file disabled")
 	}
 
+	configMu.Lock()
+	defer configMu.Unlock()
+
 	// empty config is OK
 	b, _ := os.ReadFile(ConfigPath)
 
-	b, err := yaml.Patch(b, key, value, path...)
+	b, err := yaml.Patch(b, path, value)
 	if err != nil {
 		return err
 	}
@@ -65,13 +71,15 @@ func initConfig(confs flagConfig) {
 			// config as file
 			if ConfigPath == "" {
 				ConfigPath = conf
+				initStorage()
 			}
 
 			if data, _ = os.ReadFile(conf); data == nil {
 				continue
 			}
 
-			data = []byte(shell.ReplaceEnvVars(string(data)))
+			loadEnv(data)
+			data = creds.ReplaceVars(data)
 			configs = append(configs, data)
 		}
 	}

internal/app/log.go

@@ -3,12 +3,15 @@ package app
 import (
 	"io"
 	"os"
+	"strings"
+	"sync"
 
+	"github.com/AlexxIT/go2rtc/pkg/creds"
 	"github.com/mattn/go-isatty"
 	"github.com/rs/zerolog"
 )
 
-var MemoryLog = newBuffer(16)
+var MemoryLog = newBuffer()
 
 func GetLogger(module string) zerolog.Logger {
 	if s, ok := modules[module]; ok {
@@ -38,11 +41,17 @@ func initLogger() {
 
 	var writer io.Writer
 
-	switch modules["output"] {
+	switch output, path, _ := strings.Cut(modules["output"], ":"); output {
 	case "stderr":
 		writer = os.Stderr
 	case "stdout":
 		writer = os.Stdout
+	case "file":
+		if path == "" {
+			path = "go2rtc.log"
+		}
+		// if fail - only MemoryLog will be available
+		writer, _ = os.OpenFile(path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
 	}
 
 	timeFormat := modules["time"]
@@ -80,6 +89,8 @@ func initLogger() {
 		writer = MemoryLog
 	}
 
+	writer = creds.SecretWriter(writer)
+
 	lvl, _ := zerolog.ParseLevel(modules["level"])
 	Logger = zerolog.New(writer).Level(lvl)
 
@@ -99,15 +110,19 @@ var modules = map[string]string{
 	"time":   zerolog.TimeFormatUnixMs,
 }
 
-const chunkSize = 1 << 16
+const (
+	chunkCount = 16
+	chunkSize  = 1 << 16
+)
 
 type circularBuffer struct {
 	chunks [][]byte
 	r, w   int
+	mu     sync.Mutex
 }
 
-func newBuffer(chunks int) *circularBuffer {
-	b := &circularBuffer{chunks: make([][]byte, 0, chunks)}
+func newBuffer() *circularBuffer {
+	b := &circularBuffer{chunks: make([][]byte, 0, chunkCount)}
 	// create first chunk
 	b.chunks = append(b.chunks, make([]byte, 0, chunkSize))
 	return b
@@ -116,16 +131,17 @@ func newBuffer(chunks int) *circularBuffer {
 func (b *circularBuffer) Write(p []byte) (n int, err error) {
 	n = len(p)
 
+	b.mu.Lock()
 	// check if chunk has size
 	if len(b.chunks[b.w])+n > chunkSize {
 		// increase write chunk index
-		if b.w++; b.w == cap(b.chunks) {
+		if b.w++; b.w == chunkCount {
 			b.w = 0
 		}
 		// check overflow
 		if b.r == b.w {
 			// increase read chunk index
-			if b.r++; b.r == cap(b.chunks) {
+			if b.r++; b.r == chunkCount {
 				b.r = 0
 			}
 		}
@@ -140,29 +156,34 @@ func (b *circularBuffer) Write(p []byte) (n int, err error) {
 	}
 
 	b.chunks[b.w] = append(b.chunks[b.w], p...)
+	b.mu.Unlock()
 	return
 }
 
 func (b *circularBuffer) WriteTo(w io.Writer) (n int64, err error) {
-	for i := b.r; ; {
-		var nn int
-		if nn, err = w.Write(b.chunks[i]); err != nil {
-			return
-		}
-		n += int64(nn)
+	buf := make([]byte, 0, chunkCount*chunkSize)
 
+	// use temp buffer inside mutex because w.Write can take some time
+	b.mu.Lock()
+	for i := b.r; ; {
+		buf = append(buf, b.chunks[i]...)
 		if i == b.w {
 			break
 		}
-		if i++; i == cap(b.chunks) {
+		if i++; i == chunkCount {
 			i = 0
 		}
 	}
-	return
+	b.mu.Unlock()
+
+	nn, err := w.Write(buf)
+	return int64(nn), err
 }
 
 func (b *circularBuffer) Reset() {
+	b.mu.Lock()
 	b.chunks[0] = b.chunks[0][:0]
 	b.r = 0
 	b.w = 0
+	b.mu.Unlock()
 }

internal/app/storage.go

@@ -0,0 +1,56 @@
+package app
+
+import (
+	"sync"
+
+	"github.com/AlexxIT/go2rtc/pkg/creds"
+	"github.com/AlexxIT/go2rtc/pkg/yaml"
+)
+
+func initStorage() {
+	storage = &envStorage{data: make(map[string]string)}
+	creds.SetStorage(storage)
+}
+
+func loadEnv(data []byte) {
+	var cfg struct {
+		Env map[string]string `yaml:"env"`
+	}
+
+	if err := yaml.Unmarshal(data, &cfg); err != nil {
+		return
+	}
+
+	storage.mu.Lock()
+	for name, value := range cfg.Env {
+		storage.data[name] = value
+		creds.AddSecret(value)
+	}
+	storage.mu.Unlock()
+}
+
+var storage *envStorage
+
+type envStorage struct {
+	data map[string]string
+	mu   sync.Mutex
+}
+
+func (s *envStorage) SetValue(name, value string) error {
+	if err := PatchConfig([]string{"env", name}, value); err != nil {
+		return err
+	}
+
+	s.mu.Lock()
+	s.data[name] = value
+	s.mu.Unlock()
+
+	return nil
+}
+
+func (s *envStorage) GetValue(name string) (value string, ok bool) {
+	s.mu.Lock()
+	value, ok = s.data[name]
+	s.mu.Unlock()
+	return
+}

internal/debug/stack.go

@@ -29,8 +29,8 @@ var stackSkip = [][]byte{
 	[]byte("created by github.com/AlexxIT/go2rtc/internal/homekit.Init"),
 
 	// webrtc/api.go
-	[]byte("created by github.com/pion/ice/v2.NewTCPMuxDefault"),
-	[]byte("created by github.com/pion/ice/v2.NewUDPMuxDefault"),
+	[]byte("created by github.com/pion/ice/v4.NewTCPMuxDefault"),
+	[]byte("created by github.com/pion/ice/v4.NewUDPMuxDefault"),
 }
 
 func stackHandler(w http.ResponseWriter, r *http.Request) {

internal/doorbird/doorbird.go

@@ -0,0 +1,36 @@
+package doorbird
+
+import (
+	"net/url"
+
+	"github.com/AlexxIT/go2rtc/internal/streams"
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	"github.com/AlexxIT/go2rtc/pkg/doorbird"
+)
+
+func Init() {
+	streams.RedirectFunc("doorbird", func(rawURL string) (string, error) {
+		u, err := url.Parse(rawURL)
+		if err != nil {
+			return "", err
+		}
+
+		// https://www.doorbird.com/downloads/api_lan.pdf
+		switch u.Query().Get("media") {
+		case "video":
+			u.Path = "/bha-api/video.cgi"
+		case "audio":
+			u.Path = "/bha-api/audio-receive.cgi"
+		default:
+			return "", nil
+		}
+
+		u.Scheme = "http"
+
+		return u.String(), nil
+	})
+
+	streams.HandleFunc("doorbird", func(source string) (core.Producer, error) {
+		return doorbird.Dial(source)
+	})
+}

internal/echo/echo.go

@@ -2,7 +2,9 @@ package echo
 
 import (
 	"bytes"
+	"errors"
 	"os/exec"
+	"slices"
 
 	"github.com/AlexxIT/go2rtc/internal/app"
 	"github.com/AlexxIT/go2rtc/internal/streams"
@@ -10,11 +12,25 @@ import (
 )
 
 func Init() {
+	var cfg struct {
+		Mod struct {
+			AllowPaths []string `yaml:"allow_paths"`
+		} `yaml:"echo"`
+	}
+
+	app.LoadConfig(&cfg)
+
+	allowPaths := cfg.Mod.AllowPaths
+
 	log := app.GetLogger("echo")
 
 	streams.RedirectFunc("echo", func(url string) (string, error) {
 		args := shell.QuoteSplit(url[5:])
 
+		if allowPaths != nil && !slices.Contains(allowPaths, args[0]) {
+			return "", errors.New("echo: bin not in allow_paths: " + args[0])
+		}
+
 		b, err := exec.Command(args[0], args[1:]...).Output()
 		if err != nil {
 			return "", err
@@ -26,4 +42,5 @@ func Init() {
 
 		return string(b), nil
 	})
+	streams.MarkInsecure("echo")
 }

internal/eseecloud/eseecloud.go

@@ -0,0 +1,10 @@
+package eseecloud
+
+import (
+	"github.com/AlexxIT/go2rtc/internal/streams"
+	"github.com/AlexxIT/go2rtc/pkg/eseecloud"
+)
+
+func Init() {
+	streams.HandleFunc("eseecloud", eseecloud.Dial)
+}

internal/exec/README.md

@@ -0,0 +1,12 @@
+## Backchannel
+
+- You can check audio card names in the **Go2rtc > WebUI > Add**
+- You can specify multiple backchannel lines with different codecs
+
+```yaml
+sources:
+  two_way_audio_win:
+    - exec:ffmpeg -hide_banner -f dshow -i "audio=Microphone (High Definition Audio Device)" -c pcm_s16le -ar 16000 -ac 1 -f wav -
+    - exec:ffplay -nodisp -probesize 32 -f s16le -ar 16000 -#backchannel=1#audio=s16le/16000
+    - exec:ffplay -nodisp -probesize 32 -f alaw -ar 8000 -#backchannel=1#audio=alaw/8000
+```

internal/exec/closer.go

@@ -1,39 +0,0 @@
-package exec
-
-import (
-	"errors"
-	"net/url"
-	"os"
-	"os/exec"
-	"syscall"
-	"time"
-
-	"github.com/AlexxIT/go2rtc/pkg/core"
-)
-
-// closer support custom killsignal with custom killtimeout
-type closer struct {
-	cmd   *exec.Cmd
-	query url.Values
-}
-
-func (c *closer) Close() (err error) {
-	sig := os.Kill
-	if s := c.query.Get("killsignal"); s != "" {
-		sig = syscall.Signal(core.Atoi(s))
-	}
-
-	log.Trace().Msgf("[exec] kill with signal=%d", sig)
-	err = c.cmd.Process.Signal(sig)
-
-	if s := c.query.Get("killtimeout"); s != "" {
-		timeout := time.Duration(core.Atoi(s)) * time.Second
-		timer := time.AfterFunc(timeout, func() {
-			log.Trace().Msgf("[exec] kill after timeout=%s", s)
-			_ = c.cmd.Process.Kill()
-		})
-		defer timer.Stop() // stop timer if Wait ends before timeout
-	}
-
-	return errors.Join(err, c.cmd.Wait())
-}

internal/exec/exec.go

@@ -9,9 +9,10 @@ import (
 	"io"
 	"net/url"
 	"os"
-	"os/exec"
+	"slices"
 	"strings"
 	"sync"
+	"syscall"
 	"time"
 
 	"github.com/AlexxIT/go2rtc/internal/app"
@@ -19,13 +20,23 @@ import (
 	"github.com/AlexxIT/go2rtc/internal/streams"
 	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/magic"
+	"github.com/AlexxIT/go2rtc/pkg/pcm"
 	pkg "github.com/AlexxIT/go2rtc/pkg/rtsp"
 	"github.com/AlexxIT/go2rtc/pkg/shell"
-	"github.com/AlexxIT/go2rtc/pkg/stdin"
 	"github.com/rs/zerolog"
 )
 
 func Init() {
+	var cfg struct {
+		Mod struct {
+			AllowPaths []string `yaml:"allow_paths"`
+		} `yaml:"exec"`
+	}
+
+	app.LoadConfig(&cfg)
+
+	allowPaths = cfg.Mod.AllowPaths
+
 	rtsp.HandleFunc(func(conn *pkg.Conn) bool {
 		waitersMu.Lock()
 		waiter := waiters[conn.URL.Path]
@@ -45,11 +56,14 @@ func Init() {
 	})
 
 	streams.HandleFunc("exec", execHandle)
+	streams.MarkInsecure("exec")
 
 	log = app.GetLogger("exec")
 }
 
-func execHandle(rawURL string) (core.Producer, error) {
+var allowPaths []string
+
+func execHandle(rawURL string) (prod core.Producer, err error) {
 	rawURL, rawQuery, _ := strings.Cut(rawURL, "#")
 	query := streams.ParseQuery(rawQuery)
 
@@ -67,39 +81,59 @@ func execHandle(rawURL string) (core.Producer, error) {
 		rawURL = rawURL[:i] + "rtsp://127.0.0.1:" + rtsp.Port + path + rawURL[i+8:]
 	}
 
-	args := shell.QuoteSplit(rawURL[5:]) // remove `exec:`
-	cmd := exec.Command(args[0], args[1:]...)
+	cmd := shell.NewCommand(rawURL[5:]) // remove `exec:`
 	cmd.Stderr = &logWriter{
 		buf:   make([]byte, 512),
 		debug: log.Debug().Enabled(),
 	}
 
-	if query.Get("backchannel") == "1" {
-		return stdin.NewClient(cmd)
+	if allowPaths != nil && !slices.Contains(allowPaths, cmd.Args[0]) {
+		return nil, errors.New("exec: bin not in allow_paths: " + cmd.Args[0])
 	}
 
-	cl := &closer{cmd: cmd, query: query}
+	if s := query.Get("killsignal"); s != "" {
+		sig := syscall.Signal(core.Atoi(s))
+		cmd.Cancel = func() error {
+			log.Debug().Msgf("[exec] kill with signal=%d", sig)
+			return cmd.Process.Signal(sig)
+		}
+	}
+
+	if s := query.Get("killtimeout"); s != "" {
+		cmd.WaitDelay = time.Duration(core.Atoi(s)) * time.Second
+	}
+
+	if query.Get("backchannel") == "1" {
+		return pcm.NewBackchannel(cmd, query.Get("audio"))
+	}
 
 	if path == "" {
-		return handlePipe(rawURL, cmd, cl)
+		prod, err = handlePipe(rawURL, cmd)
+	} else {
+		prod, err = handleRTSP(rawURL, cmd, path)
 	}
 
-	return handleRTSP(rawURL, cmd, cl, path)
+	if err != nil {
+		_ = cmd.Close()
+	}
+
+	return
 }
 
-func handlePipe(source string, cmd *exec.Cmd, cl io.Closer) (core.Producer, error) {
+func handlePipe(source string, cmd *shell.Command) (core.Producer, error) {
 	stdout, err := cmd.StdoutPipe()
 	if err != nil {
 		return nil, err
 	}
 
-	rc := struct {
+	rd := struct {
 		io.Reader
 		io.Closer
 	}{
 		// add buffer for pipe reader to reduce syscall
 		bufio.NewReaderSize(stdout, core.BufferSize),
-		cl,
+		// stop cmd on close pipe call
+		cmd,
 	}
 
 	log.Debug().Strs("args", cmd.Args).Msg("[exec] run pipe")
@@ -110,9 +144,8 @@ func handlePipe(source string, cmd *exec.Cmd, cl io.Closer) (core.Producer, erro
 		return nil, err
 	}
 
-	prod, err := magic.Open(rc)
+	prod, err := magic.Open(rd)
 	if err != nil {
-		_ = rc.Close()
 		return nil, fmt.Errorf("exec/pipe: %w\n%s", err, cmd.Stderr)
 	}
 
@@ -126,7 +159,7 @@ func handlePipe(source string, cmd *exec.Cmd, cl io.Closer) (core.Producer, erro
 	return prod, nil
 }
 
-func handleRTSP(source string, cmd *exec.Cmd, cl io.Closer, path string) (core.Producer, error) {
+func handleRTSP(source string, cmd *shell.Command, path string) (core.Producer, error) {
 	if log.Trace().Enabled() {
 		cmd.Stdout = os.Stdout
 	}
@@ -152,23 +185,22 @@ func handleRTSP(source string, cmd *exec.Cmd, cl io.Closer, path string) (core.P
 		return nil, err
 	}
 
-	done := make(chan error, 1)
-	go func() {
-		done <- cmd.Wait()
-	}()
+	timeout := time.NewTimer(30 * time.Second)
+	defer timeout.Stop()
 
 	select {
-	case <-time.After(time.Minute):
+	case <-timeout.C:
+		// haven't received data from app in timeout
 		log.Error().Str("source", source).Msg("[exec] timeout")
-		_ = cl.Close()
 		return nil, errors.New("exec: timeout")
-	case <-done:
-		// limit message size
+	case <-cmd.Done():
+		// app fail before we receive any data
 		return nil, fmt.Errorf("exec/rtsp\n%s", cmd.Stderr)
 	case prod := <-waiter:
+		// app started successfully
 		log.Debug().Stringer("launch", time.Since(ts)).Msg("[exec] run rtsp")
 		setRemoteInfo(prod, source, cmd.Args)
-		prod.OnClose = cl.Close
+		prod.OnClose = cmd.Close
 		return prod, nil
 	}
 }

internal/expr/README.md

@@ -12,34 +12,94 @@
   - `fetch` - JS-like HTTP requests
   - `match` - JS-like RegExp queries
 
-## Examples
+## Fetch examples
+
+Multiple fetch requests are executed within a single session. They share the same cookie.
+
+**HTTP GET**
+
+```js
+var r = fetch('https://example.org/products.json');
+```
+
+**HTTP POST JSON**
+
+```js
+var r = fetch('https://example.org/post', {
+    method: 'POST',
+    // Content-Type: application/json will be set automatically
+    json: {username: 'example'}
+});
+```
+
+**HTTP POST Form**
+
+```js
+var r = fetch('https://example.org/post', {
+    method: 'POST',
+    // Content-Type: application/x-www-form-urlencoded will be set automatically
+    data: {username: 'example', password: 'password'}
+});
+```
+
+## Script examples
 
 **Two way audio for Dahua VTO**
 
 ```yaml
 streams:
   dahua_vto: |
-    expr: let host = "admin:password@192.168.1.123";
-    fetch("http://"+host+"/cgi-bin/configManager.cgi?action=setConfig&Encode[0].MainFormat[0].Audio.Compression=G.711A&Encode[0].MainFormat[0].Audio.Frequency=8000").ok
-        ? "rtsp://"+host+"/cam/realmonitor?channel=1&subtype=0&unicast=true&proto=Onvif" : ""
+    expr:
+    let host = 'admin:password@192.168.1.123';
+
+    var r = fetch('http://' + host + '/cgi-bin/configManager.cgi?action=setConfig&Encode[0].MainFormat[0].Audio.Compression=G.711A&Encode[0].MainFormat[0].Audio.Frequency=8000');
+
+    'rtsp://' + host + '/cam/realmonitor?channel=1&subtype=0&unicast=true&proto=Onvif'
 ```
 
 **dom.ru**
 
-You can get credentials via:
-
-- https://github.com/alexmorbo/domru (file `/share/domru/accounts`)
-- https://github.com/ad/domru
+You can get credentials from https://github.com/ad/domru
 
 ```yaml
 streams:
   dom_ru: |
-    expr: let camera = "99999999"; let token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; let operator = 99;
-    fetch("https://myhome.novotelecom.ru/rest/v1/forpost/cameras/"+camera+"/video", {
-      headers: {Authorization: "Bearer "+token, Operator: operator}
+    expr:
+    let camera   = '***';
+    let token    = '***';
+    let operator = '***';
+
+    fetch('https://myhome.proptech.ru/rest/v1/forpost/cameras/' + camera + '/video', {
+      headers: {
+        'Authorization': 'Bearer ' + token,
+        'User-Agent': 'Google sdkgphone64x8664 | Android 14 | erth | 8.26.0 (82600010) | 0 | 0 | 0',
+        'Operator': operator
+      }
     }).json().data.URL
 ```
 
+**dom.ufanet.ru**
+
+```yaml
+streams:
+  ufanet_ru: |
+    expr:
+    let username = '***';
+    let password = '***';
+    let cameraid = '***';
+
+    let r1 = fetch('https://ucams.ufanet.ru/api/internal/login/', {
+      method: 'POST',
+      data: {username: username, password: password}
+    });
+    let r2 = fetch('https://ucams.ufanet.ru/api/v0/cameras/this/?lang=ru', {
+      method: 'POST',
+      json: {'fields': ['token_l', 'server'], 'token_l_ttl': 3600, 'numbers': [cameraid]},
+    }).json().results[0];
+
+    'rtsp://' + r2.server.domain + '/' + r2.number + '?token=' + r2.token_l
+```
+
 **Parse HLS files from Apple**
 
 Same example in two languages - python and expr.

internal/expr/expr.go

@@ -12,7 +12,7 @@ func Init() {
 	log := app.GetLogger("expr")
 
 	streams.RedirectFunc("expr", func(url string) (string, error) {
-		v, err := expr.Run(url[5:])
+		v, err := expr.Eval(url[5:], nil)
 		if err != nil {
 			return "", err
 		}
@@ -25,4 +25,5 @@ func Init() {
 
 		return url, nil
 	})
+	streams.MarkInsecure("expr")
 }

internal/ffmpeg/ffmpeg.go

@@ -80,7 +80,7 @@ var defaults = map[string]string{
 	// `-profile high -level 4.1` - most used streaming profile
 	// `-pix_fmt:v yuv420p` - important for Telegram
 	"h264":  "-c:v libx264 -g 50 -profile:v high -level:v 4.1 -preset:v superfast -tune:v zerolatency -pix_fmt:v yuv420p",
-	"h265":  "-c:v libx265 -g 50 -profile:v main -level:v 5.1 -preset:v superfast -tune:v zerolatency -pix_fmt:v yuv420p",
+	"h265":  "-c:v libx265 -g 50 -profile:v main -x265-params level=5.1:high-tier=0 -preset:v superfast -tune:v zerolatency -pix_fmt:v yuv420p",
 	"mjpeg": "-c:v mjpeg",
 	//"mjpeg": "-c:v mjpeg -force_duplicated_matrix:v 1 -huffman:v 0 -pix_fmt:v yuvj420p",
 
@@ -113,6 +113,7 @@ var defaults = map[string]string{
 	"pcm/48000":  "-c:a pcm_s16be -ar:a 48000 -ac:a 1",
 	"pcml":       "-c:a pcm_s16le -ar:a 8000 -ac:a 1",
 	"pcml/8000":  "-c:a pcm_s16le -ar:a 8000 -ac:a 1",
+	"pcml/16000": "-c:a pcm_s16le -ar:a 16000 -ac:a 1",
 	"pcml/44100": "-c:a pcm_s16le -ar:a 44100 -ac:a 1",
 
 	// hardware Intel and AMD on Linux
@@ -129,8 +130,9 @@ var defaults = map[string]string{
 	// hardware Rockchip
 	// important to use custom ffmpeg https://github.com/AlexxIT/go2rtc/issues/768
 	// hevc - doesn't have a profile setting
-	"h264/rkmpp": "-c:v h264_rkmpp_encoder -g 50 -bf 0 -profile:v high -level:v 4.1",
-	"h265/rkmpp": "-c:v hevc_rkmpp_encoder -g 50 -bf 0 -level:v 5.1",
+	"h264/rkmpp":  "-c:v h264_rkmpp -g 50 -bf 0 -profile:v high -level:v 4.1",
+	"h265/rkmpp":  "-c:v hevc_rkmpp -g 50 -bf 0 -profile:v main -level:v 5.1",
+	"mjpeg/rkmpp": "-c:v mjpeg_rkmpp",
 
 	// hardware NVidia on Linux and Windows
 	// preset=p2 - faster, tune=ll - low latency
@@ -179,6 +181,7 @@ func parseArgs(s string) *ffmpeg.Args {
 		Version: verAV,
 	}
 
+	var source = s
 	var query url.Values
 	if i := strings.IndexByte(s, '#'); i >= 0 {
 		query = streams.ParseQuery(s[i+1:])
@@ -221,6 +224,10 @@ func parseArgs(s string) *ffmpeg.Args {
 		default:
 			s += "?video&audio"
 		}
+		s += "&source=ffmpeg:" + url.QueryEscape(source)
+		for _, v := range query["query"] {
+			s += "&" + v
+		}
 		args.Input = inputTemplate("rtsp", s, query)
 	} else if i = strings.Index(s, "?"); i > 0 {
 		switch s[:i] {

internal/ffmpeg/ffmpeg_test.go

@@ -251,15 +251,33 @@ func _TestParseArgsHwV4l2m2m(t *testing.T) {
 }
 
 func TestParseArgsHwRKMPP(t *testing.T) {
-	// [HTTP-MJPEG] video will be transcoded to H264
-	args := parseArgs("http://example.com#video=h264#hardware=rkmpp")
-	require.Equal(t, `ffmpeg -hide_banner -fflags nobuffer -flags low_delay -i http://example.com -c:v h264_rkmpp_encoder -g 50 -bf 0 -profile:v high -level:v 4.1 -an -user_agent ffmpeg/go2rtc -rtsp_transport tcp -f rtsp {output}`, args.String())
-
-	args = parseArgs("http://example.com#video=h264#rotate=180#hardware=rkmpp")
-	require.Equal(t, `ffmpeg -hide_banner -fflags nobuffer -flags low_delay -i http://example.com -c:v h264_rkmpp_encoder -g 50 -bf 0 -profile:v high -level:v 4.1 -an -vf "transpose=1,transpose=1" -user_agent ffmpeg/go2rtc -rtsp_transport tcp -f rtsp {output}`, args.String())
-
-	args = parseArgs("http://example.com#video=h264#height=320#hardware=rkmpp")
-	require.Equal(t, `ffmpeg -hide_banner -fflags nobuffer -flags low_delay -i http://example.com -c:v h264_rkmpp_encoder -g 50 -bf 0 -profile:v high -level:v 4.1 -height 320 -an -user_agent ffmpeg/go2rtc -rtsp_transport tcp -f rtsp {output}`, args.String())
+	tests := []struct {
+		name   string
+		source string
+		expect string
+	}{
+		{
+			name:   "[FILE] transcoding to H264",
+			source: "bbb.mp4#video=h264#hardware=rkmpp",
+			expect: `ffmpeg -hide_banner -hwaccel rkmpp -hwaccel_output_format drm_prime -afbc rga -re -i bbb.mp4 -c:v h264_rkmpp -g 50 -bf 0 -profile:v high -level:v 4.1 -an -user_agent ffmpeg/go2rtc -rtsp_transport tcp -f rtsp {output}`,
+		},
+		{
+			name:   "[FILE] transcoding with rotation",
+			source: "bbb.mp4#video=h264#rotate=180#hardware=rkmpp",
+			expect: `ffmpeg -hide_banner -hwaccel rkmpp -hwaccel_output_format drm_prime -afbc rga -re -i bbb.mp4 -c:v h264_rkmpp -g 50 -bf 0 -profile:v high -level:v 4.1 -an -vf "format=drm_prime|nv12,hwupload,vpp_rkrga=transpose=4" -user_agent ffmpeg/go2rtc -rtsp_transport tcp -f rtsp {output}`,
+		},
+		{
+			name:   "[FILE] transcoding with scaling",
+			source: "bbb.mp4#video=h264#height=320#hardware=rkmpp",
+			expect: `ffmpeg -hide_banner -hwaccel rkmpp -hwaccel_output_format drm_prime -afbc rga -re -i bbb.mp4 -c:v h264_rkmpp -g 50 -bf 0 -profile:v high -level:v 4.1 -an -vf "format=drm_prime|nv12,hwupload,scale_rkrga=-1:320:force_original_aspect_ratio=0" -user_agent ffmpeg/go2rtc -rtsp_transport tcp -f rtsp {output}`,
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			args := parseArgs(test.source)
+			require.Equal(t, test.expect, args.String())
+		})
+	}
 }
 
 func _TestParseArgsHwCuda(t *testing.T) {

internal/ffmpeg/hardware/README.md

@@ -0,0 +1,106 @@
+# Hardware
+
+You **DON'T** need hardware acceleration if:
+
+- you not using [FFmpeg source](https://github.com/AlexxIT/go2rtc#source-ffmpeg)
+- you using only `#video=copy` for FFmpeg source
+- you using only `#audio=...` (any audio) transcoding for FFmpeg source
+
+You **NEED** hardware acceleration if you using `#video=h264`, `#video=h265`, `#video=mjpeg` (video) transcoding.
+
+## Important
+
+- Acceleration is disabled by default because it can be unstable (it can be changed in future)
+- go2rtc can automatically detect supported hardware acceleration if enabled
+- go2rtc will enable hardware decoding only if hardware encoding supported
+- go2rtc will use the same GPU for decoder and encoder
+- Intel and AMD will switch to software decoder if input codec is not supported with hardware decoder
+- NVidia will fail if input codec is not supported with hardware decoder
+- Raspberry always uses software decoder
+
+```yaml
+streams:
+  # auto select hardware encoder
+  camera1_hw: ffmpeg:rtsp://rtsp:12345678@192.168.1.123/av_stream/ch0#video=h264#hardware
+  
+  # manual select hardware encoder (vaapi, cuda, v4l2m2m, dxva2, videotoolbox)
+  camera1_vaapi: ffmpeg:rtsp://rtsp:12345678@192.168.1.123/av_stream/ch0#video=h264#hardware=vaapi
+```
+
+## Docker and Hass Addon
+
+There are two versions of the Docker container and Hass Add-on:
+
+- Latest (alpine) support hardware acceleration for Intel iGPU (CPU with Graphics) and Raspberry.
+- Hardware (debian 12) support Intel iGPU, AMD GPU, NVidia GPU.
+
+## Intel iGPU
+
+**Supported on:** Windows binary, Linux binary, Docker, Hass Addon.
+
+If you have Intel CPU Sandy Bridge (2011) with Graphics, you already have support hardware decoding/encoding for `AVC/H.264`.
+
+If you have Intel CPU Skylake (2015) with Graphics, you already have support hardware decoding/encoding for `AVC/H.264`, `HEVC/H.265` and `MJPEG`.
+
+Read more [here](https://en.wikipedia.org/wiki/Intel_Quick_Sync_Video#Hardware_decoding_and_encoding) and [here](https://en.wikipedia.org/wiki/Intel_Graphics_Technology#Capabilities_(GPU_video_acceleration)).
+
+Linux and Docker:
+
+- It may be important to have the latest version of the OS with the latest version of the Linux kernel. For example, on my **Debian 10 (kernel 4.19)** it did not work, but after update to **Debian 11 (kernel 5.10)** all was fine.
+- In case of troube check you have `/dev/dri/` folder on your host.
+
+Docker users should add `--privileged` option to container for access to Hardware.
+
+**PS.** Supported via [VAAPI](https://trac.ffmpeg.org/wiki/Hardware/VAAPI) engine on Linux and [DXVA2+QSV](https://trac.ffmpeg.org/wiki/Hardware/QuickSync) engine on Windows.
+
+## AMD GPU
+
+*I don't have the hardware for test support!!!*
+
+**Supported on:** Linux binary, Docker, Hass Addon.
+
+Docker users should install: `alexxit/go2rtc:master-hardware`. Docker users should add `--privileged` option to container for access to Hardware.
+
+Hass Addon users should install **go2rtc master hardware** version.
+
+**PS.** Supported via [VAAPI](https://trac.ffmpeg.org/wiki/Hardware/VAAPI) engine.
+
+## NVidia GPU
+
+**Supported on:** Windows binary, Linux binary, Docker.
+
+Docker users should install: `alexxit/go2rtc:master-hardware`.
+
+Read more [here](https://docs.frigate.video/configuration/hardware_acceleration) and [here](https://jellyfin.org/docs/general/administration/hardware-acceleration/#nvidia-hardware-acceleration-on-docker-linux).
+
+**PS.** Supported via [CUDA](https://trac.ffmpeg.org/wiki/HWAccelIntro#CUDANVENCNVDEC) engine.
+
+## Raspberry Pi 3
+
+**Supported on:** Linux binary, Docker, Hass Addon.
+
+I don't recommend using transcoding on the Raspberry Pi 3. It's extreamly slow, even with hardware acceleration. Also it may fail when transcoding 2K+ stream.
+
+## Raspberry Pi 4
+
+*I don't have the hardware for test support!!!*
+
+**Supported on:** Linux binary, Docker, Hass Addon.
+
+**PS.** Supported via [v4l2m2m](https://lalitm.com/hw-encoding-raspi/) engine.
+
+## macOS
+
+In my tests, transcoding is faster on the M1 CPU than on the M1 GPU. Transcoding time on M1 CPU better than any Intel iGPU and comparable to NVidia RTX 2070.
+
+**PS.** Supported via [videotoolbox](https://trac.ffmpeg.org/wiki/HWAccelIntro#VideoToolbox) engine.
+
+## Rockchip
+
+- Important to use custom FFmpeg with Rockchip support from [@nyanmisaka](https://github.com/nyanmisaka/ffmpeg-rockchip)
+  - Static binaries from [@MarcA711](https://github.com/MarcA711/Rockchip-FFmpeg-Builds/releases/)
+- Important to have Linux kernel 5.10 or 6.1
+
+**Tested**
+
+- [Orange Pi 3B](https://www.armbian.com/orangepi3b/) with Armbian 6.1, support transcoding H264, H265, MJPEG

internal/ffmpeg/hardware/hardware.go

@@ -128,19 +128,32 @@ func MakeHardware(args *ffmpeg.Args, engine string, defaults map[string]string)
 		case EngineRKMPP:
 			args.Codecs[i] = defaults[name+"/"+engine]
 
-			for j, filter := range args.Filters {
-				if strings.HasPrefix(filter, "scale=") {
-					args.Filters = append(args.Filters[:j], args.Filters[j+1:]...)
+			if !args.HasFilters("drawtext=") {
+				args.Input = "-hwaccel rkmpp -hwaccel_output_format drm_prime -afbc rga " + args.Input
 
-					width, height, _ := strings.Cut(filter[6:], ":")
-					if width != "-1" {
-						args.Codecs[i] += " -width " + width
+				for i, filter := range args.Filters {
+					if strings.HasPrefix(filter, "scale=") {
+						args.Filters[i] = "scale_rkrga=" + filter[6:] + ":force_original_aspect_ratio=0"
 					}
-					if height != "-1" {
-						args.Codecs[i] += " -height " + height
+					if strings.HasPrefix(filter, "transpose=") {
+						if filter == "transpose=1,transpose=1" { // 180 degrees half-turn
+							args.Filters[i] = "vpp_rkrga=transpose=4" // reversal
+						} else {
+							args.Filters[i] = "vpp_rkrga=transpose=" + filter[10:]
+						}
 					}
-					break
 				}
+
+				if len(args.Filters) > 0 {
+					// fix if input doesn't support hwaccel, do nothing when support
+					// insert as first filter before hardware scale and transpose
+					args.InsertFilter("format=drm_prime|nv12,hwupload")
+				}
+			} else {
+				// enable software pixel for drawtext, scale and transpose
+				args.Input = "-hwaccel rkmpp -hwaccel_output_format nv12 -afbc rga " + args.Input
+
+				args.AddFilter("hwupload")
 			}
 		}
 	}

internal/ffmpeg/hardware/hardware_unix.go

@@ -11,8 +11,9 @@ import (
 const (
 	ProbeV4L2M2MH264 = "-f lavfi -i testsrc2 -t 1 -c h264_v4l2m2m -f null -"
 	ProbeV4L2M2MH265 = "-f lavfi -i testsrc2 -t 1 -c hevc_v4l2m2m -f null -"
-	ProbeRKMPPH264   = "-f lavfi -i testsrc2 -t 1 -c h264_rkmpp_encoder -f null -"
-	ProbeRKMPPH265   = "-f lavfi -i testsrc2 -t 1 -c hevc_rkmpp_encoder -f null -"
+	ProbeRKMPPH264   = "-f lavfi -i testsrc2 -t 1 -c h264_rkmpp -f null -"
+	ProbeRKMPPH265   = "-f lavfi -i testsrc2 -t 1 -c hevc_rkmpp -f null -"
+	ProbeRKMPPJPEG   = "-f lavfi -i testsrc2 -t 1 -c mjpeg_rkmpp -f null -"
 	ProbeVAAPIH264   = "-init_hw_device vaapi -f lavfi -i testsrc2 -t 1 -vf format=nv12,hwupload -c h264_vaapi -f null -"
 	ProbeVAAPIH265   = "-init_hw_device vaapi -f lavfi -i testsrc2 -t 1 -vf format=nv12,hwupload -c hevc_vaapi -f null -"
 	ProbeVAAPIJPEG   = "-init_hw_device vaapi -f lavfi -i testsrc2 -t 1 -vf format=nv12,hwupload -c mjpeg_vaapi -f null -"
@@ -39,6 +40,10 @@ func ProbeAll(bin string) []*api.Source {
 				Name: runToString(bin, ProbeRKMPPH265),
 				URL:  "ffmpeg:...#video=h265#hardware=" + EngineRKMPP,
 			},
+			{
+				Name: runToString(bin, ProbeRKMPPJPEG),
+				URL:  "ffmpeg:...#video=mjpeg#hardware=" + EngineRKMPP,
+			},
 		}
 	}
 
@@ -83,6 +88,10 @@ func ProbeHardware(bin, name string) string {
 			if run(bin, ProbeRKMPPH265) {
 				return EngineRKMPP
 			}
+		case "mjpeg":
+			if run(bin, ProbeRKMPPJPEG) {
+				return EngineRKMPP
+			}
 		}
 
 		return EngineSoftware

internal/ffmpeg/producer.go

@@ -42,9 +42,11 @@ func NewProducer(url string) (core.Producer, error) {
 			Codecs: []*core.Codec{
 				// OPUS will always marked as OPUS/48000/2
 				{Name: core.CodecOpus, ClockRate: 48000, Channels: 2},
+				{Name: core.CodecPCML, ClockRate: 16000},
 				{Name: core.CodecPCM, ClockRate: 16000},
 				{Name: core.CodecPCMA, ClockRate: 16000},
 				{Name: core.CodecPCMU, ClockRate: 16000},
+				{Name: core.CodecPCML, ClockRate: 8000},
 				{Name: core.CodecPCM, ClockRate: 8000},
 				{Name: core.CodecPCMA, ClockRate: 8000},
 				{Name: core.CodecPCMU, ClockRate: 8000},
@@ -94,9 +96,11 @@ func (p *Producer) newURL() string {
 		codec := receiver.Codec
 		switch codec.Name {
 		case core.CodecOpus:
-			s += "#audio=opus"
+			s += "#audio=opus/16000"
 		case core.CodecAAC:
 			s += "#audio=aac/16000"
+		case core.CodecPCML:
+			s += "#audio=pcml/" + strconv.Itoa(int(codec.ClockRate))
 		case core.CodecPCM:
 			s += "#audio=pcm/" + strconv.Itoa(int(codec.ClockRate))
 		case core.CodecPCMA:

internal/flussonic/flussonic.go

@@ -0,0 +1,10 @@
+package flussonic
+
+import (
+	"github.com/AlexxIT/go2rtc/internal/streams"
+	"github.com/AlexxIT/go2rtc/pkg/flussonic"
+)
+
+func Init() {
+	streams.HandleFunc("flussonic", flussonic.Dial)
+}

internal/hass/api.go

@@ -30,10 +30,10 @@ func apiStream(w http.ResponseWriter, r *http.Request) {
 		// 1. link to go2rtc stream: rtsp://...:8554/{stream_name}
 		// 2. static link to Hass camera
 		// 3. dynamic link to Hass camera
-		if streams.Patch(v.Name, v.Channels.First.Url) != nil {
+		if _, err := streams.Patch(v.Name, v.Channels.First.Url); err == nil {
 			apiOK(w, r)
 		} else {
-			http.Error(w, "", http.StatusBadRequest)
+			http.Error(w, err.Error(), http.StatusBadRequest)
 		}
 
 	// /stream/{id}/channel/0/webrtc

internal/hass/hass.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"os"
 	"path"
+	"strings"
 	"sync"
 
 	"github.com/AlexxIT/go2rtc/internal/api"
@@ -37,8 +38,13 @@ func Init() {
 	api.HandleFunc("/streams", apiOK)
 	api.HandleFunc("/stream/", apiStream)
 
-	streams.RedirectFunc("hass", func(url string) (string, error) {
-		if location := entities[url[5:]]; location != "" {
+	streams.RedirectFunc("hass", func(rawURL string) (string, error) {
+		rawURL, rawQuery, _ := strings.Cut(rawURL, "#")
+
+		if location := entities[rawURL[5:]]; location != "" {
+			if rawQuery != "" {
+				return location + "#" + rawQuery, nil
+			}
 			return location, nil
 		}
 

internal/hls/ws.go

@@ -11,7 +11,7 @@ import (
 )
 
 func handlerWSHLS(tr *ws.Transport, msg *ws.Message) error {
-	stream := streams.GetOrPatch(tr.Request.URL.Query())
+	stream, _ := streams.GetOrPatch(tr.Request.URL.Query())
 	if stream == nil {
 		return errors.New(api.StreamNotFound)
 	}

internal/homekit/api.go

@@ -3,6 +3,7 @@ package homekit
 import (
 	"errors"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
 	"strings"
@@ -14,56 +15,97 @@ import (
 	"github.com/AlexxIT/go2rtc/pkg/mdns"
 )
 
-func apiHandler(w http.ResponseWriter, r *http.Request) {
+func apiDiscovery(w http.ResponseWriter, r *http.Request) {
+	sources, err := discovery()
+	if err != nil {
+		api.Error(w, err)
+		return
+	}
+
+	urls := findHomeKitURLs()
+	for id, u := range urls {
+		deviceID := u.Query().Get("device_id")
+		for _, source := range sources {
+			if strings.Contains(source.URL, deviceID) {
+				source.Location = id
+				break
+			}
+		}
+	}
+
+	for _, source := range sources {
+		if source.Location == "" {
+			source.Location = " "
+		}
+	}
+
+	api.ResponseSources(w, sources)
+}
+
+func apiHomekit(w http.ResponseWriter, r *http.Request) {
+	if err := r.ParseForm(); err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
 	switch r.Method {
 	case "GET":
-		sources, err := discovery()
-		if err != nil {
-			api.Error(w, err)
-			return
-		}
-
-		urls := findHomeKitURLs()
-		for id, u := range urls {
-			deviceID := u.Query().Get("device_id")
-			for _, source := range sources {
-				if strings.Contains(source.URL, deviceID) {
-					source.Location = id
-					break
-				}
+		if id := r.Form.Get("id"); id != "" {
+			if srv := servers[id]; srv != nil {
+				api.ResponsePrettyJSON(w, srv)
+			} else {
+				http.Error(w, "server not found", http.StatusNotFound)
 			}
+		} else {
+			api.ResponsePrettyJSON(w, servers)
 		}
 
-		for _, source := range sources {
-			if source.Location == "" {
-				source.Location = " "
-			}
-		}
-
-		api.ResponseSources(w, sources)
-
 	case "POST":
-		if err := r.ParseMultipartForm(1024); err != nil {
-			api.Error(w, err)
-			return
-		}
-
-		if err := apiPair(r.Form.Get("id"), r.Form.Get("url")); err != nil {
-			api.Error(w, err)
+		id := r.Form.Get("id")
+		rawURL := r.Form.Get("src") + "&pin=" + r.Form.Get("pin")
+		if err := apiPair(id, rawURL); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 		}
 
 	case "DELETE":
-		if err := r.ParseMultipartForm(1024); err != nil {
-			api.Error(w, err)
-			return
-		}
-
-		if err := apiUnpair(r.Form.Get("id")); err != nil {
-			api.Error(w, err)
+		id := r.Form.Get("id")
+		if err := apiUnpair(id); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 		}
 	}
 }
 
+func apiHomekitAccessories(w http.ResponseWriter, r *http.Request) {
+	id := r.URL.Query().Get("id")
+	stream := streams.Get(id)
+	if stream == nil {
+		http.Error(w, "", http.StatusNotFound)
+		return
+	}
+
+	rawURL := findHomeKitURL(stream.Sources())
+	if rawURL == "" {
+		http.Error(w, "", http.StatusBadRequest)
+		return
+	}
+
+	client, err := hap.Dial(rawURL)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	defer client.Close()
+
+	res, err := client.Get(hap.PathAccessories)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", api.MimeJSON)
+	_, _ = io.Copy(w, res.Body)
+}
+
 func discovery() ([]*api.Source, error) {
 	var sources []*api.Source
 
@@ -103,7 +145,7 @@ func apiPair(id, url string) error {
 
 	streams.New(id, conn.URL())
 
-	return app.PatchConfig(id, conn.URL(), "streams")
+	return app.PatchConfig([]string{"streams", id}, conn.URL())
 }
 
 func apiUnpair(id string) error {
@@ -112,7 +154,7 @@ func apiUnpair(id string) error {
 		return errors.New(api.StreamNotFound)
 	}
 
-	rawURL := findHomeKitURL(stream)
+	rawURL := findHomeKitURL(stream.Sources())
 	if rawURL == "" {
 		return errors.New("not homekit source")
 	}
@@ -123,15 +165,15 @@ func apiUnpair(id string) error {
 
 	streams.Delete(id)
 
-	return app.PatchConfig(id, nil, "streams")
+	return app.PatchConfig([]string{"streams", id}, nil)
 }
 
 func findHomeKitURLs() map[string]*url.URL {
 	urls := map[string]*url.URL{}
-	for id, stream := range streams.Streams() {
-		if rawURL := findHomeKitURL(stream); rawURL != "" {
+	for name, sources := range streams.GetAllSources() {
+		if rawURL := findHomeKitURL(sources); rawURL != "" {
 			if u, err := url.Parse(rawURL); err == nil {
-				urls[id] = u
+				urls[name] = u
 			}
 		}
 	}

internal/homekit/homekit.go

@@ -2,8 +2,6 @@ package homekit
 
 import (
 	"errors"
-	"io"
-	"net"
 	"net/http"
 	"strings"
 
@@ -26,6 +24,7 @@ func Init() {
 			Name          string   `yaml:"name"`
 			DeviceID      string   `yaml:"device_id"`
 			DevicePrivate string   `yaml:"device_private"`
+			CategoryID    string   `yaml:"category_id"`
 			Pairings      []string `yaml:"pairings"`
 		} `yaml:"homekit"`
 	}
@@ -35,12 +34,15 @@ func Init() {
 
 	streams.HandleFunc("homekit", streamHandler)
 
-	api.HandleFunc("api/homekit", apiHandler)
+	api.HandleFunc("api/homekit", apiHomekit)
+	api.HandleFunc("api/homekit/accessories", apiHomekitAccessories)
+	api.HandleFunc("api/discovery/homekit", apiDiscovery)
 
 	if cfg.Mod == nil {
 		return
 	}
 
+	hosts = map[string]*server{}
 	servers = map[string]*server{}
 	var entries []*mdns.ServiceEntry
 
@@ -63,36 +65,19 @@ func Init() {
 
 		deviceID := calcDeviceID(conf.DeviceID, id) // random MAC-address
 		name := calcName(conf.Name, deviceID)
+		setupID := calcSetupID(id)
 
 		srv := &server{
 			stream:   id,
-			srtp:     srtp.Server,
 			pairings: conf.Pairings,
+			setupID:  setupID,
 		}
 
 		srv.hap = &hap.Server{
-			Pin:           pin,
-			DeviceID:      deviceID,
-			DevicePrivate: calcDevicePrivate(conf.DevicePrivate, id),
-			GetPair:       srv.GetPair,
-			AddPair:       srv.AddPair,
-			Handler:       homekit.ServerHandler(srv),
-		}
-
-		if url := findHomeKitURL(stream); url != "" {
-			// 1. Act as transparent proxy for HomeKit camera
-			dial := func() (net.Conn, error) {
-				client, err := homekit.Dial(url, srtp.Server)
-				if err != nil {
-					return nil, err
-				}
-				return client.Conn(), nil
-			}
-			srv.hap.Handler = homekit.ProxyHandler(srv, dial)
-		} else {
-			// 2. Act as basic HomeKit camera
-			srv.accessory = camera.NewAccessory("AlexxIT", "go2rtc", name, "-", app.Version)
-			srv.hap.Handler = homekit.ServerHandler(srv)
+			Pin:             pin,
+			DeviceID:        deviceID,
+			DevicePrivate:   calcDevicePrivate(conf.DevicePrivate, id),
+			GetClientPublic: srv.GetPair,
 		}
 
 		srv.mdns = &mdns.ServiceEntry{
@@ -106,22 +91,31 @@ func Init() {
 				hap.TXTProtoVersion: "1.1",
 				hap.TXTStateNumber:  "1",
 				hap.TXTStatusFlags:  hap.StatusNotPaired,
-				hap.TXTCategory:     hap.CategoryCamera,
-				hap.TXTSetupHash:    srv.hap.SetupHash(),
+				hap.TXTCategory:     calcCategoryID(conf.CategoryID),
+				hap.TXTSetupHash:    hap.SetupHash(setupID, deviceID),
 			},
 		}
 		entries = append(entries, srv.mdns)
 
 		srv.UpdateStatus()
 
+		if url := findHomeKitURL(stream.Sources()); url != "" {
+			// 1. Act as transparent proxy for HomeKit camera
+			srv.proxyURL = url
+		} else {
+			// 2. Act as basic HomeKit camera
+			srv.accessory = camera.NewAccessory("AlexxIT", "go2rtc", name, "-", app.Version)
+		}
+
 		host := srv.mdns.Host(mdns.ServiceHAP)
-		servers[host] = srv
+		hosts[host] = srv
+		servers[id] = srv
+
+		log.Trace().Msgf("[homekit] new server: %s", srv.mdns)
 	}
 
-	api.HandleFunc(hap.PathPairSetup, hapPairSetup)
-	api.HandleFunc(hap.PathPairVerify, hapPairVerify)
-
-	log.Trace().Msgf("[homekit] mdns: %s", entries)
+	api.HandleFunc(hap.PathPairSetup, hapHandler)
+	api.HandleFunc(hap.PathPairVerify, hapHandler)
 
 	go func() {
 		if err := mdns.Serve(mdns.ServiceHAP, entries); err != nil {
@@ -131,6 +125,7 @@ func Init() {
 }
 
 var log zerolog.Logger
+var hosts map[string]*server
 var servers map[string]*server
 
 func streamHandler(rawURL string) (core.Producer, error) {
@@ -142,52 +137,39 @@ func streamHandler(rawURL string) (core.Producer, error) {
 	client, err := homekit.Dial(rawURL, srtp.Server)
 	if client != nil && rawQuery != "" {
 		query := streams.ParseQuery(rawQuery)
+		client.MaxWidth = core.Atoi(query.Get("maxwidth"))
+		client.MaxHeight = core.Atoi(query.Get("maxheight"))
 		client.Bitrate = parseBitrate(query.Get("bitrate"))
 	}
 
 	return client, err
 }
 
-func hapPairSetup(w http.ResponseWriter, r *http.Request) {
-	srv, ok := servers[r.Host]
-	if !ok {
+func resolve(host string) *server {
+	if len(hosts) == 1 {
+		for _, srv := range hosts {
+			return srv
+		}
+	}
+	if srv, ok := hosts[host]; ok {
+		return srv
+	}
+	return nil
+}
+
+func hapHandler(w http.ResponseWriter, r *http.Request) {
+	// Can support multiple HomeKit cameras on single port ONLY for Apple devices.
+	// Doesn't support Home Assistant and any other open source projects
+	// because they don't send the host header in requests.
+	srv := resolve(r.Host)
+	if srv == nil {
 		log.Error().Msg("[homekit] unknown host: " + r.Host)
 		return
 	}
-
-	conn, rw, err := w.(http.Hijacker).Hijack()
-	if err != nil {
-		return
-	}
-
-	defer conn.Close()
-
-	if err = srv.hap.PairSetup(r, rw, conn); err != nil {
-		log.Error().Err(err).Caller().Send()
-	}
+	srv.Handle(w, r)
 }
 
-func hapPairVerify(w http.ResponseWriter, r *http.Request) {
-	srv, ok := servers[r.Host]
-	if !ok {
-		log.Error().Msg("[homekit] unknown host: " + r.Host)
-		return
-	}
-
-	conn, rw, err := w.(http.Hijacker).Hijack()
-	if err != nil {
-		return
-	}
-
-	defer conn.Close()
-
-	if err = srv.hap.PairVerify(r, rw, conn); err != nil && err != io.EOF {
-		log.Error().Err(err).Caller().Send()
-	}
-}
-
-func findHomeKitURL(stream *streams.Stream) string {
-	sources := stream.Sources()
+func findHomeKitURL(sources []string) string {
 	if len(sources) == 0 {
 		return ""
 	}
@@ -200,7 +182,7 @@ func findHomeKitURL(stream *streams.Stream) string {
 	if strings.HasPrefix(url, "hass") {
 		location, _ := streams.Location(url)
 		if strings.HasPrefix(location, "homekit") {
-			return url
+			return location
 		}
 	}
 

internal/homekit/server.go

@@ -4,10 +4,16 @@ import (
 	"crypto/ed25519"
 	"crypto/sha512"
 	"encoding/hex"
+	"encoding/json"
+	"errors"
 	"fmt"
+	"io"
 	"net"
+	"net/http"
 	"net/url"
+	"slices"
 	"strings"
+	"sync"
 
 	"github.com/AlexxIT/go2rtc/internal/app"
 	"github.com/AlexxIT/go2rtc/internal/ffmpeg"
@@ -16,23 +22,142 @@ import (
 	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/hap"
 	"github.com/AlexxIT/go2rtc/pkg/hap/camera"
+	"github.com/AlexxIT/go2rtc/pkg/hap/hds"
 	"github.com/AlexxIT/go2rtc/pkg/hap/tlv8"
 	"github.com/AlexxIT/go2rtc/pkg/homekit"
 	"github.com/AlexxIT/go2rtc/pkg/magic"
 	"github.com/AlexxIT/go2rtc/pkg/mdns"
-	"github.com/AlexxIT/go2rtc/pkg/srtp"
 )
 
 type server struct {
-	stream    string      // stream name from YAML
-	hap       *hap.Server // server for HAP connection and encryption
-	mdns      *mdns.ServiceEntry
-	srtp      *srtp.Server
-	accessory *hap.Accessory // HAP accessory
-	pairings  []string       // pairings list
+	hap  *hap.Server // server for HAP connection and encryption
+	mdns *mdns.ServiceEntry
 
-	streams  map[string]*homekit.Consumer
-	consumer *homekit.Consumer
+	pairings []string // pairings list
+	conns    []any
+	mu       sync.Mutex
+
+	accessory *hap.Accessory // HAP accessory
+	consumer  *homekit.Consumer
+	proxyURL  string
+	setupID   string
+	stream    string // stream name from YAML
+}
+
+func (s *server) MarshalJSON() ([]byte, error) {
+	v := struct {
+		Name       string `json:"name"`
+		DeviceID   string `json:"device_id"`
+		Paired     int    `json:"paired,omitempty"`
+		CategoryID string `json:"category_id,omitempty"`
+		SetupCode  string `json:"setup_code,omitempty"`
+		SetupID    string `json:"setup_id,omitempty"`
+		Conns      []any  `json:"connections,omitempty"`
+	}{
+		Name:       s.mdns.Name,
+		DeviceID:   s.mdns.Info[hap.TXTDeviceID],
+		CategoryID: s.mdns.Info[hap.TXTCategory],
+		Paired:     len(s.pairings),
+		Conns:      s.conns,
+	}
+	if v.Paired == 0 {
+		v.SetupCode = s.hap.Pin
+		v.SetupID = s.setupID
+	}
+	return json.Marshal(v)
+}
+
+func (s *server) Handle(w http.ResponseWriter, r *http.Request) {
+	conn, rw, err := w.(http.Hijacker).Hijack()
+	if err != nil {
+		return
+	}
+
+	defer conn.Close()
+
+	// Fix reading from Body after Hijack.
+	r.Body = io.NopCloser(rw)
+
+	switch r.RequestURI {
+	case hap.PathPairSetup:
+		id, key, err := s.hap.PairSetup(r, rw)
+		if err != nil {
+			log.Error().Err(err).Caller().Send()
+			return
+		}
+
+		s.AddPair(id, key, hap.PermissionAdmin)
+
+	case hap.PathPairVerify:
+		id, key, err := s.hap.PairVerify(r, rw)
+		if err != nil {
+			log.Debug().Err(err).Caller().Send()
+			return
+		}
+
+		log.Debug().Str("stream", s.stream).Str("client_id", id).Msgf("[homekit] %s: new conn", conn.RemoteAddr())
+
+		controller, err := hap.NewConn(conn, rw, key, false)
+		if err != nil {
+			log.Error().Err(err).Caller().Send()
+			return
+		}
+
+		s.AddConn(controller)
+		defer s.DelConn(controller)
+
+		var handler homekit.HandlerFunc
+
+		switch {
+		case s.accessory != nil:
+			handler = homekit.ServerHandler(s)
+		case s.proxyURL != "":
+			client, err := hap.Dial(s.proxyURL)
+			if err != nil {
+				log.Error().Err(err).Caller().Send()
+				return
+			}
+			handler = homekit.ProxyHandler(s, client.Conn)
+		}
+
+		// If your iPhone goes to sleep, it will be an EOF error.
+		if err = handler(controller); err != nil && !errors.Is(err, io.EOF) {
+			log.Error().Err(err).Caller().Send()
+			return
+		}
+	}
+}
+
+type logger struct {
+	v any
+}
+
+func (l logger) String() string {
+	switch v := l.v.(type) {
+	case *hap.Conn:
+		return "hap " + v.RemoteAddr().String()
+	case *hds.Conn:
+		return "hds " + v.RemoteAddr().String()
+	case *homekit.Consumer:
+		return "rtp " + v.RemoteAddr
+	}
+	return "unknown"
+}
+
+func (s *server) AddConn(v any) {
+	log.Trace().Str("stream", s.stream).Msgf("[homekit] add conn %s", logger{v})
+	s.mu.Lock()
+	s.conns = append(s.conns, v)
+	s.mu.Unlock()
+}
+
+func (s *server) DelConn(v any) {
+	log.Trace().Str("stream", s.stream).Msgf("[homekit] del conn %s", logger{v})
+	s.mu.Lock()
+	if i := slices.Index(s.conns, v); i >= 0 {
+		s.conns = slices.Delete(s.conns, i, i+1)
+	}
+	s.mu.Unlock()
 }
 
 func (s *server) UpdateStatus() {
@@ -44,12 +169,68 @@ func (s *server) UpdateStatus() {
 	}
 }
 
+func (s *server) pairIndex(id string) int {
+	id = "client_id=" + id
+	for i, pairing := range s.pairings {
+		if strings.HasPrefix(pairing, id) {
+			return i
+		}
+	}
+	return -1
+}
+
+func (s *server) GetPair(id string) []byte {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	if i := s.pairIndex(id); i >= 0 {
+		query, _ := url.ParseQuery(s.pairings[i])
+		b, _ := hex.DecodeString(query.Get("client_public"))
+		return b
+	}
+	return nil
+}
+
+func (s *server) AddPair(id string, public []byte, permissions byte) {
+	log.Debug().Str("stream", s.stream).Msgf("[homekit] add pair id=%s public=%x perm=%d", id, public, permissions)
+
+	s.mu.Lock()
+	if s.pairIndex(id) < 0 {
+		s.pairings = append(s.pairings, fmt.Sprintf(
+			"client_id=%s&client_public=%x&permissions=%d", id, public, permissions,
+		))
+		s.UpdateStatus()
+		s.PatchConfig()
+	}
+	s.mu.Unlock()
+}
+
+func (s *server) DelPair(id string) {
+	log.Debug().Str("stream", s.stream).Msgf("[homekit] del pair id=%s", id)
+
+	s.mu.Lock()
+	if i := s.pairIndex(id); i >= 0 {
+		s.pairings = append(s.pairings[:i], s.pairings[i+1:]...)
+		s.UpdateStatus()
+		s.PatchConfig()
+	}
+	s.mu.Unlock()
+}
+
+func (s *server) PatchConfig() {
+	if err := app.PatchConfig([]string{"homekit", s.stream, "pairings"}, s.pairings); err != nil {
+		log.Error().Err(err).Msgf(
+			"[homekit] can't save %s pairings=%v", s.stream, s.pairings,
+		)
+	}
+}
+
 func (s *server) GetAccessories(_ net.Conn) []*hap.Accessory {
 	return []*hap.Accessory{s.accessory}
 }
 
 func (s *server) GetCharacteristic(conn net.Conn, aid uint8, iid uint64) any {
-	log.Trace().Msgf("[homekit] %s: get char aid=%d iid=0x%x", conn.RemoteAddr(), aid, iid)
+	log.Trace().Str("stream", s.stream).Msgf("[homekit] get char aid=%d iid=0x%x", aid, iid)
 
 	char := s.accessory.GetCharacterByID(iid)
 	if char == nil {
@@ -59,11 +240,12 @@ func (s *server) GetCharacteristic(conn net.Conn, aid uint8, iid uint64) any {
 
 	switch char.Type {
 	case camera.TypeSetupEndpoints:
-		if s.consumer == nil {
+		consumer := s.consumer
+		if consumer == nil {
 			return nil
 		}
 
-		answer := s.consumer.GetAnswer()
+		answer := consumer.GetAnswer()
 		v, err := tlv8.MarshalBase64(answer)
 		if err != nil {
 			return nil
@@ -76,7 +258,7 @@ func (s *server) GetCharacteristic(conn net.Conn, aid uint8, iid uint64) any {
 }
 
 func (s *server) SetCharacteristic(conn net.Conn, aid uint8, iid uint64, value any) {
-	log.Trace().Msgf("[homekit] %s: set char aid=%d iid=0x%x value=%v", conn.RemoteAddr(), aid, iid, value)
+	log.Trace().Str("stream", s.stream).Msgf("[homekit] set char aid=%d iid=0x%x value=%v", aid, iid, value)
 
 	char := s.accessory.GetCharacterByID(iid)
 	if char == nil {
@@ -86,61 +268,64 @@ func (s *server) SetCharacteristic(conn net.Conn, aid uint8, iid uint64, value a
 
 	switch char.Type {
 	case camera.TypeSetupEndpoints:
-		var offer camera.SetupEndpoints
-		if err := tlv8.UnmarshalBase64(value.(string), &offer); err != nil {
+		var offer camera.SetupEndpointsRequest
+		if err := tlv8.UnmarshalBase64(value, &offer); err != nil {
 			return
 		}
 
-		s.consumer = homekit.NewConsumer(conn, srtp2.Server)
-		s.consumer.SetOffer(&offer)
+		consumer := homekit.NewConsumer(conn, srtp2.Server)
+		consumer.SetOffer(&offer)
+		s.consumer = consumer
 
 	case camera.TypeSelectedStreamConfiguration:
-		var conf camera.SelectedStreamConfig
-		if err := tlv8.UnmarshalBase64(value.(string), &conf); err != nil {
+		var conf camera.SelectedStreamConfiguration
+		if err := tlv8.UnmarshalBase64(value, &conf); err != nil {
 			return
 		}
 
-		log.Trace().Msgf("[homekit] %s stream id=%x cmd=%d", conn.RemoteAddr(), conf.Control.SessionID, conf.Control.Command)
+		log.Trace().Str("stream", s.stream).Msgf("[homekit] stream id=%x cmd=%d", conf.Control.SessionID, conf.Control.Command)
 
 		switch conf.Control.Command {
 		case camera.SessionCommandEnd:
-			if consumer := s.streams[conf.Control.SessionID]; consumer != nil {
-				_ = consumer.Stop()
+			for _, consumer := range s.conns {
+				if consumer, ok := consumer.(*homekit.Consumer); ok {
+					if consumer.SessionID() == conf.Control.SessionID {
+						_ = consumer.Stop()
+						return
+					}
+				}
 			}
 
 		case camera.SessionCommandStart:
-			if s.consumer == nil {
+			consumer := s.consumer
+			if consumer == nil {
 				return
 			}
 
-			if !s.consumer.SetConfig(&conf) {
+			if !consumer.SetConfig(&conf) {
 				log.Warn().Msgf("[homekit] wrong config")
 				return
 			}
 
-			if s.streams == nil {
-				s.streams = map[string]*homekit.Consumer{}
-			}
-
-			s.streams[conf.Control.SessionID] = s.consumer
+			s.AddConn(consumer)
 
 			stream := streams.Get(s.stream)
-			if err := stream.AddConsumer(s.consumer); err != nil {
+			if err := stream.AddConsumer(consumer); err != nil {
 				return
 			}
 
 			go func() {
-				_, _ = s.consumer.WriteTo(nil)
-				stream.RemoveConsumer(s.consumer)
+				_, _ = consumer.WriteTo(nil)
+				stream.RemoveConsumer(consumer)
 
-				delete(s.streams, conf.Control.SessionID)
+				s.DelConn(consumer)
 			}()
 		}
 	}
 }
 
 func (s *server) GetImage(conn net.Conn, width, height int) []byte {
-	log.Trace().Msgf("[homekit] %s: get image width=%d height=%d", conn.RemoteAddr(), width, height)
+	log.Trace().Str("stream", s.stream).Msgf("[homekit] get image width=%d height=%d", width, height)
 
 	stream := streams.Get(s.stream)
 	cons := magic.NewKeyframe()
@@ -166,69 +351,6 @@ func (s *server) GetImage(conn net.Conn, width, height int) []byte {
 	return b
 }
 
-func (s *server) GetPair(conn net.Conn, id string) []byte {
-	log.Trace().Msgf("[homekit] %s: get pair id=%s", conn.RemoteAddr(), id)
-
-	for _, pairing := range s.pairings {
-		if !strings.Contains(pairing, id) {
-			continue
-		}
-
-		query, err := url.ParseQuery(pairing)
-		if err != nil {
-			continue
-		}
-
-		if query.Get("client_id") != id {
-			continue
-		}
-
-		s := query.Get("client_public")
-		b, _ := hex.DecodeString(s)
-		return b
-	}
-	return nil
-}
-
-func (s *server) AddPair(conn net.Conn, id string, public []byte, permissions byte) {
-	log.Trace().Msgf("[homekit] %s: add pair id=%s public=%x perm=%d", conn.RemoteAddr(), id, public, permissions)
-
-	query := url.Values{
-		"client_id":     []string{id},
-		"client_public": []string{hex.EncodeToString(public)},
-		"permissions":   []string{string('0' + permissions)},
-	}
-	if s.GetPair(conn, id) == nil {
-		s.pairings = append(s.pairings, query.Encode())
-		s.UpdateStatus()
-		s.PatchConfig()
-	}
-}
-
-func (s *server) DelPair(conn net.Conn, id string) {
-	log.Trace().Msgf("[homekit] %s: del pair id=%s", conn.RemoteAddr(), id)
-
-	id = "client_id=" + id
-	for i, pairing := range s.pairings {
-		if !strings.Contains(pairing, id) {
-			continue
-		}
-
-		s.pairings = append(s.pairings[:i], s.pairings[i+1:]...)
-		s.UpdateStatus()
-		s.PatchConfig()
-		break
-	}
-}
-
-func (s *server) PatchConfig() {
-	if err := app.PatchConfig("pairings", s.pairings, "homekit", s.stream); err != nil {
-		log.Error().Err(err).Msgf(
-			"[homekit] can't save %s pairings=%v", s.stream, s.pairings,
-		)
-	}
-}
-
 func calcName(name, seed string) string {
 	if name != "" {
 		return name
@@ -263,3 +385,21 @@ func calcDevicePrivate(private, seed string) []byte {
 	b := sha512.Sum512([]byte(seed))
 	return ed25519.NewKeyFromSeed(b[:ed25519.SeedSize])
 }
+
+func calcSetupID(seed string) string {
+	b := sha512.Sum512([]byte(seed))
+	return fmt.Sprintf("%02X%02X", b[44], b[46])
+}
+
+func calcCategoryID(categoryID string) string {
+	switch categoryID {
+	case "bridge":
+		return hap.CategoryBridge
+	case "doorbell":
+		return hap.CategoryDoorbell
+	}
+	if core.Atoi(categoryID) > 0 {
+		return categoryID
+	}
+	return hap.CategoryCamera
+}

internal/http/http.go

@@ -14,6 +14,7 @@ import (
 	"github.com/AlexxIT/go2rtc/pkg/image"
 	"github.com/AlexxIT/go2rtc/pkg/magic"
 	"github.com/AlexxIT/go2rtc/pkg/mpjpeg"
+	"github.com/AlexxIT/go2rtc/pkg/pcm"
 	"github.com/AlexxIT/go2rtc/pkg/tcp"
 )
 
@@ -87,6 +88,9 @@ func do(req *http.Request) (core.Producer, error) {
 		return image.Open(res)
 	case ct == "multipart/x-mixed-replace":
 		return mpjpeg.Open(res.Body)
+	//https://www.iana.org/assignments/media-types/audio/basic
+	case ct == "audio/basic":
+		return pcm.Open(res.Body)
 	}
 
 	return magic.Open(res.Body)

internal/ivideon/ivideon.go

@@ -2,12 +2,9 @@ package ivideon
 
 import (
 	"github.com/AlexxIT/go2rtc/internal/streams"
-	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/ivideon"
 )
 
 func Init() {
-	streams.HandleFunc("ivideon", func(source string) (core.Producer, error) {
-		return ivideon.Dial(source)
-	})
+	streams.HandleFunc("ivideon", ivideon.Dial)
 }

internal/mjpeg/init.go

@@ -36,8 +36,7 @@ func Init() {
 var log zerolog.Logger
 
 func handlerKeyframe(w http.ResponseWriter, r *http.Request) {
-	src := r.URL.Query().Get("src")
-	stream := streams.Get(src)
+	stream, _ := streams.GetOrPatch(r.URL.Query())
 	if stream == nil {
 		http.Error(w, api.StreamNotFound, http.StatusNotFound)
 		return
@@ -146,7 +145,7 @@ func inputMjpeg(w http.ResponseWriter, r *http.Request) {
 }
 
 func handlerWS(tr *ws.Transport, _ *ws.Message) error {
-	stream := streams.GetOrPatch(tr.Request.URL.Query())
+	stream, _ := streams.GetOrPatch(tr.Request.URL.Query())
 	if stream == nil {
 		return errors.New(api.StreamNotFound)
 	}

internal/mp4/mp4.go

@@ -91,7 +91,7 @@ func handlerMP4(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	stream := streams.GetOrPatch(query)
+	stream, _ := streams.GetOrPatch(query)
 	if stream == nil {
 		http.Error(w, api.StreamNotFound, http.StatusNotFound)
 		return

internal/mp4/ws.go

@@ -11,7 +11,7 @@ import (
 )
 
 func handlerWSMSE(tr *ws.Transport, msg *ws.Message) error {
-	stream := streams.GetOrPatch(tr.Request.URL.Query())
+	stream, _ := streams.GetOrPatch(tr.Request.URL.Query())
 	if stream == nil {
 		return errors.New(api.StreamNotFound)
 	}
@@ -43,7 +43,7 @@ func handlerWSMSE(tr *ws.Transport, msg *ws.Message) error {
 }
 
 func handlerWSMP4(tr *ws.Transport, msg *ws.Message) error {
-	stream := streams.GetOrPatch(tr.Request.URL.Query())
+	stream, _ := streams.GetOrPatch(tr.Request.URL.Query())
 	if stream == nil {
 		return errors.New(api.StreamNotFound)
 	}

internal/nest/init.go

@@ -2,6 +2,7 @@ package nest
 
 import (
 	"net/http"
+	"strings"
 
 	"github.com/AlexxIT/go2rtc/internal/api"
 	"github.com/AlexxIT/go2rtc/internal/streams"
@@ -38,11 +39,12 @@ func apiNest(w http.ResponseWriter, r *http.Request) {
 
 	var items []*api.Source
 
-	for name, deviceID := range devices {
-		query.Set("device_id", deviceID)
+	for _, device := range devices {
+		query.Set("device_id", device.DeviceID)
+		query.Set("protocols", strings.Join(device.Protocols, ","))
 
 		items = append(items, &api.Source{
-			Name: name, URL: "nest:?" + query.Encode(),
+			Name: device.Name, URL: "nest:?" + query.Encode(),
 		})
 	}
 

internal/ngrok/README.md

@@ -0,0 +1,52 @@
+With ngrok integration, you can get external access to your streams in situations when you have Internet with a private IP address.
+
+- you may need external access for two different things:
+    - WebRTC stream, so you need a tunnel WebRTC TCP port (ex. 8555)
+    - go2rtc web interface, so you need a tunnel API HTTP port (ex. 1984)
+- ngrok supports authorization for your web interface
+- ngrok automatically adds HTTPS to your web interface
+
+The ngrok free subscription has the following limitations:
+
+- You can reserve a free domain for serving the web interface, but the TCP address you get will always be random and change with each restart of the ngrok agent (not a problem for WebRTC stream)
+- You can forward multiple ports from a single agent, but you can only run one ngrok agent on the free plan
+
+go2rtc will automatically get your external TCP address (if you enable it in ngrok config) and use it with WebRTC connection (if you enable it in webrtc config).
+
+You need to manually download the [ngrok agent app](https://ngrok.com/download) for your OS and register with the [ngrok service](https://ngrok.com/signup).
+
+**Tunnel for only WebRTC Stream**
+
+You need to add your [ngrok authtoken](https://dashboard.ngrok.com/get-started/your-authtoken) and WebRTC TCP port to YAML:
+
+```yaml
+ngrok:
+  command: ngrok tcp 8555 --authtoken eW91IHNoYWxsIG5vdCBwYXNzCnlvdSBzaGFsbCBub3QgcGFzcw
+```
+
+**Tunnel for WebRTC and Web interface**
+
+You need to create `ngrok.yaml` config file and add it to the go2rtc config:
+
+```yaml
+ngrok:
+  command: ngrok start --all --config ngrok.yaml
+```
+
+ngrok config example:
+
+```yaml
+version: "2"
+authtoken: eW91IHNoYWxsIG5vdCBwYXNzCnlvdSBzaGFsbCBub3QgcGFzcw
+tunnels:
+  api:
+    addr: 1984  # use the same port as in the go2rtc config
+    proto: http
+    basic_auth:
+      - admin:password  # you can set login/pass for your web interface
+  webrtc:
+    addr: 8555  # use the same port as in the go2rtc config
+    proto: tcp
+```
+
+See the [ngrok agent documentation](https://ngrok.com/docs/agent/config/) for more details on the ngrok configuration file.

internal/onvif/README.md

@@ -0,0 +1,25 @@
+# ONVIF
+
+A regular camera has a single video source (`GetVideoSources`) and two profiles (`GetProfiles`).
+
+Go2rtc has one video source and one profile per stream.
+
+## Tested clients
+
+Go2rtc works as ONVIF server:
+
+- Happytime onvif client (windows)
+- Home Assistant ONVIF integration (linux)
+- Onvier (android)
+- ONVIF Device Manager (windows)
+
+PS. Support only TCP transport for RTSP protocol. UDP and HTTP transports - unsupported yet.
+
+## Tested cameras
+
+Go2rtc works as ONVIF client:
+
+- Dahua IPC-K42
+- OpenIPC
+- Reolink RLC-520A
+- TP-Link Tapo TC60

internal/onvif/onvif.go

@@ -45,6 +45,10 @@ func streamOnvif(rawURL string) (core.Producer, error) {
 
 	log.Debug().Msgf("[onvif] new uri=%s", uri)
 
+	if err = streams.Validate(uri); err != nil {
+		return nil, err
+	}
+
 	return streams.GetProducer(uri)
 }
 
@@ -55,49 +59,73 @@ func onvifDeviceService(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	action := onvif.GetRequestAction(b)
-	if action == "" {
+	operation := onvif.GetRequestAction(b)
+	if operation == "" {
 		http.Error(w, "malformed request body", http.StatusBadRequest)
 		return
 	}
 
-	log.Trace().Msgf("[onvif] %s", action)
+	log.Trace().Msgf("[onvif] server request %s %s:\n%s", r.Method, r.RequestURI, b)
 
-	var res string
+	switch operation {
+	case onvif.DeviceGetNetworkInterfaces, // important for Hass
+		onvif.DeviceGetSystemDateAndTime, // important for Hass
+		onvif.DeviceGetDiscoveryMode,
+		onvif.DeviceGetDNS,
+		onvif.DeviceGetHostname,
+		onvif.DeviceGetNetworkDefaultGateway,
+		onvif.DeviceGetNetworkProtocols,
+		onvif.DeviceGetNTP,
+		onvif.DeviceGetScopes,
+		onvif.MediaGetVideoEncoderConfigurations,
+		onvif.MediaGetAudioEncoderConfigurations,
+		onvif.MediaGetAudioSources,
+		onvif.MediaGetAudioSourceConfigurations:
+		b = onvif.StaticResponse(operation)
 
-	switch action {
-	case onvif.ActionGetCapabilities:
+	case onvif.DeviceGetCapabilities:
 		// important for Hass: Media section
-		res = onvif.GetCapabilitiesResponse(r.Host)
+		b = onvif.GetCapabilitiesResponse(r.Host)
 
-	case onvif.ActionGetSystemDateAndTime:
-		// important for Hass
-		res = onvif.GetSystemDateAndTimeResponse()
+	case onvif.DeviceGetServices:
+		b = onvif.GetServicesResponse(r.Host)
 
-	case onvif.ActionGetNetworkInterfaces:
-		// important for Hass: none
-		res = onvif.GetNetworkInterfacesResponse()
-
-	case onvif.ActionGetDeviceInformation:
+	case onvif.DeviceGetDeviceInformation:
 		// important for Hass: SerialNumber (unique server ID)
-		res = onvif.GetDeviceInformationResponse("", "go2rtc", app.Version, r.Host)
+		b = onvif.GetDeviceInformationResponse("", "go2rtc", app.Version, r.Host)
 
-	case onvif.ActionGetServiceCapabilities:
+	case onvif.ServiceGetServiceCapabilities:
 		// important for Hass
-		res = onvif.GetServiceCapabilitiesResponse()
+		// TODO: check path links to media
+		b = onvif.GetMediaServiceCapabilitiesResponse()
 
-	case onvif.ActionSystemReboot:
-		res = onvif.SystemRebootResponse()
+	case onvif.DeviceSystemReboot:
+		b = onvif.StaticResponse(operation)
 
 		time.AfterFunc(time.Second, func() {
 			os.Exit(0)
 		})
 
-	case onvif.ActionGetProfiles:
-		// important for Hass: H264 codec, width, height
-		res = onvif.GetProfilesResponse(streams.GetAll())
+	case onvif.MediaGetVideoSources:
+		b = onvif.GetVideoSourcesResponse(streams.GetAllNames())
 
-	case onvif.ActionGetStreamUri:
+	case onvif.MediaGetProfiles:
+		// important for Hass: H264 codec, width, height
+		b = onvif.GetProfilesResponse(streams.GetAllNames())
+
+	case onvif.MediaGetProfile:
+		token := onvif.FindTagValue(b, "ProfileToken")
+		b = onvif.GetProfileResponse(token)
+
+	case onvif.MediaGetVideoSourceConfigurations:
+		// important for Happytime Onvif Client
+		b = onvif.GetVideoSourceConfigurationsResponse(streams.GetAllNames())
+
+	case onvif.MediaGetVideoSourceConfiguration:
+		token := onvif.FindTagValue(b, "ConfigurationToken")
+		b = onvif.GetVideoSourceConfigurationResponse(token)
+
+	case onvif.MediaGetStreamUri:
 		host, _, err := net.SplitHostPort(r.Host)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -105,16 +133,23 @@ func onvifDeviceService(w http.ResponseWriter, r *http.Request) {
 		}
 
 		uri := "rtsp://" + host + ":" + rtsp.Port + "/" + onvif.FindTagValue(b, "ProfileToken")
-		res = onvif.GetStreamUriResponse(uri)
+		b = onvif.GetStreamUriResponse(uri)
+
+	case onvif.MediaGetSnapshotUri:
+		uri := "http://" + r.Host + "/api/frame.jpeg?src=" + onvif.FindTagValue(b, "ProfileToken")
+		b = onvif.GetSnapshotUriResponse(uri)
 
 	default:
-		http.Error(w, "unsupported action", http.StatusBadRequest)
+		http.Error(w, "unsupported operation", http.StatusBadRequest)
+		log.Warn().Msgf("[onvif] unsupported operation: %s", operation)
 		log.Debug().Msgf("[onvif] unsupported request:\n%s", b)
 		return
 	}
 
+	log.Trace().Msgf("[onvif] server response:\n%s", b)
+
 	w.Header().Set("Content-Type", "application/soap+xml; charset=utf-8")
-	if _, err = w.Write([]byte(res)); err != nil {
+	if _, err = w.Write(b); err != nil {
 		log.Error().Err(err).Caller().Send()
 	}
 }
@@ -160,7 +195,7 @@ func apiOnvif(w http.ResponseWriter, r *http.Request) {
 		}
 
 		if l := log.Trace(); l.Enabled() {
-			b, _ := client.GetProfiles()
+			b, _ := client.MediaRequest(onvif.MediaGetProfiles)
 			l.Msgf("[onvif] src=%s profiles:\n%s", src, b)
 		}
 

internal/pinggy/README.md

@@ -0,0 +1,54 @@
+# Pinggy
+
+[Pinggy](https://pinggy.io/) - nice service for public tunnels to your local services.
+
+**Features:**
+
+- A free account does not require registration.
+- It does not require downloading third-party binaries and works over the SSH protocol.
+- Works with HTTP, TCP and UDP protocols.
+- Creates HTTPS for your HTTP services.
+
+> [!IMPORTANT]
+> A free account creates a tunnel with a random address that only works for an hour. It is suitable for testing purposes ONLY.
+
+> [!CAUTION]
+> Public access to go2rtc without authorization puts your entire home network at risk. Use with caution.
+
+**Why:**
+
+- It's easy to set up HTTPS for testing two-way audio.
+- It's easy to check whether external access via WebRTC technology will work.
+- It's easy to share direct access to your RTSP or HTTP camera with the go2rtc developer. If such access is necessary to debug your problem.
+
+## Configuration
+
+You will find public links in the go2rtc log after startup.
+
+**Tunnel to go2rtc WebUI.**
+
+```yaml
+pinggy:
+  tunnel: http://localhost:1984
+```
+
+**Tunnel to RTSP camera.**
+
+For example, you have camera: `rtsp://admin:password@192.168.1.123/cam/realmonitor?channel=1&subtype=0`
+
+```yaml
+pinggy:
+  tunnel: tcp://192.168.10.91:554
+```
+
+In go2rtc logs you will get similar output:
+
+```
+16:17:43.167 INF [pinggy] proxy url=tcp://abcde-123-123-123-123.a.free.pinggy.link:12345
+```
+
+Now you have working stream:
+
+```
+rtsp://admin:password@abcde-123-123-123-123.a.free.pinggy.link:12345/cam/realmonitor?channel=1&subtype=0
+```

internal/pinggy/pinggy.go

@@ -0,0 +1,60 @@
+package pinggy
+
+import (
+	"net/url"
+
+	"github.com/AlexxIT/go2rtc/internal/app"
+	"github.com/AlexxIT/go2rtc/pkg/pinggy"
+	"github.com/rs/zerolog"
+)
+
+func Init() {
+	var cfg struct {
+		Mod struct {
+			Tunnel string `yaml:"tunnel"`
+		} `yaml:"pinggy"`
+	}
+
+	app.LoadConfig(&cfg)
+
+	if cfg.Mod.Tunnel == "" {
+		return
+	}
+
+	log = app.GetLogger("pinggy")
+
+	u, err := url.Parse(cfg.Mod.Tunnel)
+	if err != nil {
+		log.Error().Err(err).Send()
+		return
+	}
+
+	go proxy(u.Scheme, u.Host)
+}
+
+var log zerolog.Logger
+
+func proxy(proto, address string) {
+	client, err := pinggy.NewClient(proto)
+	if err != nil {
+		log.Error().Err(err).Send()
+		return
+	}
+	defer client.Close()
+
+	urls, err := client.GetURLs()
+	if err != nil {
+		log.Error().Err(err).Send()
+		return
+	}
+
+	for _, s := range urls {
+		log.Info().Str("url", s).Msgf("[pinggy] proxy")
+	}
+
+	err = client.Proxy(address)
+	if err != nil {
+		log.Error().Err(err).Send()
+		return
+	}
+}

internal/ring/ring.go

@@ -0,0 +1,106 @@
+package ring
+
+import (
+	"net/http"
+	"net/url"
+
+	"fmt"
+
+	"github.com/AlexxIT/go2rtc/internal/api"
+	"github.com/AlexxIT/go2rtc/internal/streams"
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	"github.com/AlexxIT/go2rtc/pkg/ring"
+)
+
+func Init() {
+	streams.HandleFunc("ring", func(source string) (core.Producer, error) {
+		return ring.Dial(source)
+	})
+
+	api.HandleFunc("api/ring", apiRing)
+}
+
+func apiRing(w http.ResponseWriter, r *http.Request) {
+	query := r.URL.Query()
+	var ringAPI *ring.RingApi
+
+	// Check auth method
+	if email := query.Get("email"); email != "" {
+		// Email/Password Flow
+		password := query.Get("password")
+		code := query.Get("code")
+
+		var err error
+		ringAPI, err = ring.NewRestClient(ring.EmailAuth{
+			Email:    email,
+			Password: password,
+		}, nil)
+
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		// Try authentication (this will trigger 2FA if needed)
+		if _, err = ringAPI.GetAuth(code); err != nil {
+			if ringAPI.Using2FA {
+				// Return 2FA prompt
+				api.ResponseJSON(w, map[string]interface{}{
+					"needs_2fa": true,
+					"prompt":    ringAPI.PromptFor2FA,
+				})
+				return
+			}
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+	} else if refreshToken := query.Get("refresh_token"); refreshToken != "" {
+		// Refresh Token Flow
+		if refreshToken == "" {
+			http.Error(w, "either email/password or refresh_token is required", http.StatusBadRequest)
+			return
+		}
+
+		var err error
+		ringAPI, err = ring.NewRestClient(ring.RefreshTokenAuth{
+			RefreshToken: refreshToken,
+		}, nil)
+
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+	} else {
+		http.Error(w, "either email/password or refresh token is required", http.StatusBadRequest)
+		return
+	}
+
+	devices, err := ringAPI.FetchRingDevices()
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	cleanQuery := url.Values{}
+	cleanQuery.Set("refresh_token", ringAPI.RefreshToken)
+
+	var items []*api.Source
+	for _, camera := range devices.AllCameras {
+		cleanQuery.Set("camera_id", fmt.Sprint(camera.ID))
+		cleanQuery.Set("device_id", camera.DeviceID)
+
+		// Stream source
+		items = append(items, &api.Source{
+			Name: camera.Description,
+			URL:  "ring:?" + cleanQuery.Encode(),
+		})
+
+		// Snapshot source
+		items = append(items, &api.Source{
+			Name: camera.Description + " Snapshot",
+			URL:  "ring:?" + cleanQuery.Encode() + "&snapshot",
+		})
+	}
+
+	api.ResponseSources(w, items)
+}

internal/rtmp/README.md

@@ -0,0 +1,60 @@
+## Tested client
+
+| From   | To                              | Comment |
+|--------|---------------------------------|---------|
+| go2rtc | Reolink RLC-520A fw. v3.1.0.801 | OK      |
+
+**go2rtc.yaml**
+
+```yaml
+streams:
+  rtmp-reolink1: rtmp://192.168.10.92/bcs/channel0_main.bcs?channel=0&stream=0&user=admin&password=password
+  rtmp-reolink2: rtmp://192.168.10.92/bcs/channel0_sub.bcs?channel=0&stream=1&user=admin&password=password
+  rtmp-reolink3: rtmp://192.168.10.92/bcs/channel0_ext.bcs?channel=0&stream=1&user=admin&password=password
+```
+
+## Tested server
+
+| From                   | To     | Comment             |
+|------------------------|--------|---------------------|
+| OBS 31.0.2             | go2rtc | OK                  |
+| OpenIPC 2.5.03.02-lite | go2rtc | OK                  |
+| FFmpeg 6.1             | go2rtc | OK                  |
+| GoPro Black 12         | go2rtc | OK, 1080p, 5000kbps |
+
+**go2rtc.yaml**
+
+```yaml
+rtmp:
+  listen: :1935
+streams:
+  tmp:
+```
+
+**OBS**
+ 
+Settings > Stream:
+
+- Service: Custom
+- Server: rtmp://192.168.10.101/tmp
+- Stream Key: <empty>
+- Use auth: <disabled>
+
+**OpenIPC**
+
+WebUI > Majestic > Settings > Outgoing
+
+- Enable
+- Address: rtmp://192.168.10.101/tmp
+- Save
+- Restart
+
+**FFmpeg**
+
+```shell
+ffmpeg -re -i bbb.mp4 -c copy -f flv rtmp://192.168.10.101/tmp
+```
+
+**GoPro**
+
+GoPro Quik > Camera > Translation > Other

internal/rtsp/rtsp.go

@@ -1,6 +1,7 @@
 package rtsp
 
 import (
+	"errors"
 	"io"
 	"net"
 	"net/url"
@@ -147,6 +148,7 @@ func tcpHandler(conn *rtsp.Conn) {
 	var closer func()
 
 	trace := log.Trace().Enabled()
+	level := zerolog.WarnLevel
 
 	conn.Listen(func(msg any) {
 		if trace {
@@ -184,12 +186,38 @@ func tcpHandler(conn *rtsp.Conn) {
 				}
 			}
 
+			if query.Get("backchannel") == "1" {
+				conn.Medias = append(conn.Medias, &core.Media{
+					Kind:      core.KindAudio,
+					Direction: core.DirectionRecvonly,
+					Codecs: []*core.Codec{
+						{Name: core.CodecOpus, ClockRate: 48000, Channels: 2},
+						{Name: core.CodecPCM, ClockRate: 16000},
+						{Name: core.CodecPCMA, ClockRate: 16000},
+						{Name: core.CodecPCMU, ClockRate: 16000},
+						{Name: core.CodecPCM, ClockRate: 8000},
+						{Name: core.CodecPCMA, ClockRate: 8000},
+						{Name: core.CodecPCMU, ClockRate: 8000},
+					},
+				})
+			}
+
 			if s := query.Get("pkt_size"); s != "" {
 				conn.PacketSize = uint16(core.Atoi(s))
 			}
 
+			// param name like ffmpeg style https://ffmpeg.org/ffmpeg-protocols.html
+			if s := query.Get("log_level"); s != "" {
+				if lvl, err := zerolog.ParseLevel(s); err == nil {
+					level = lvl
+				}
+			}
+
+			// will help to protect looping requests to same source
+			conn.Connection.Source = query.Get("source")
+
 			if err := stream.AddConsumer(conn); err != nil {
-				log.Warn().Err(err).Str("stream", name).Msg("[rtsp]")
+				log.WithLevel(level).Err(err).Str("stream", name).Msg("[rtsp]")
 				return
 			}
 
@@ -226,8 +254,10 @@ func tcpHandler(conn *rtsp.Conn) {
 	})
 
 	if err := conn.Accept(); err != nil {
-		if err != io.EOF {
-			log.Warn().Err(err).Caller().Send()
+		if errors.Is(err, rtsp.FailedAuth) {
+			log.Warn().Str("remote_addr", conn.Connection.RemoteAddr).Msg("[rtsp] failed authentication")
+		} else if err != io.EOF {
+			log.WithLevel(level).Err(err).Caller().Send()
 		}
 		if closer != nil {
 			closer()

internal/streams/README.md

@@ -1,8 +1,55 @@
-## Testing notes
+## Examples
 
 ```yaml
 streams:
-  test1-basic: ffmpeg:virtual?video#video=h264
-  test2-reconnect: ffmpeg:virtual?video&duration=10#video=h264
-  test3-execkill: exec:./examples/rtsp_client/rtsp_client/rtsp_client {output}
+  # known RTSP sources
+  rtsp-dahua1:   rtsp://admin:password@192.168.10.90/cam/realmonitor?channel=1&subtype=0&unicast=true&proto=Onvif
+  rtsp-dahua2:   rtsp://admin:password@192.168.10.90/cam/realmonitor?channel=1&subtype=1
+  rtsp-tplink1:  rtsp://admin:password@192.168.10.91/stream1
+  rtsp-tplink2:  rtsp://admin:password@192.168.10.91/stream2
+  rtsp-reolink1: rtsp://admin:password@192.168.10.92/h264Preview_01_main
+  rtsp-reolink2: rtsp://admin:password@192.168.10.92/h264Preview_01_sub
+  rtsp-sonoff1:  rtsp://admin:password@192.168.10.93/av_stream/ch0
+  rtsp-sonoff2:  rtsp://admin:password@192.168.10.93/av_stream/ch1
+
+  # known RTMP sources
+  rtmp-reolink1: rtmp://192.168.10.92/bcs/channel0_main.bcs?channel=0&stream=0&user=admin&password=password
+  rtmp-reolink2: rtmp://192.168.10.92/bcs/channel0_sub.bcs?channel=0&stream=1&user=admin&password=password
+  rtmp-reolink3: rtmp://192.168.10.92/bcs/channel0_ext.bcs?channel=0&stream=1&user=admin&password=password
+
+  # known HTTP sources
+  http-reolink1: http://192.168.10.92/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=admin&password=password
+  http-reolink2: http://192.168.10.92/flv?port=1935&app=bcs&stream=channel0_sub.bcs&user=admin&password=password
+  http-reolink3: http://192.168.10.92/flv?port=1935&app=bcs&stream=channel0_ext.bcs&user=admin&password=password
+
+  # known ONVIF sources
+  onvif-dahua1:   onvif://admin:password@192.168.10.90?subtype=MediaProfile00000
+  onvif-dahua2:   onvif://admin:password@192.168.10.90?subtype=MediaProfile00001
+  onvif-dahua3:   onvif://admin:password@192.168.10.90?subtype=MediaProfile00000&snapshot
+  onvif-tplink1:  onvif://admin:password@192.168.10.91:2020?subtype=profile_1
+  onvif-tplink2:  onvif://admin:password@192.168.10.91:2020?subtype=profile_2
+  onvif-reolink1: onvif://admin:password@192.168.10.92:8000?subtype=000
+  onvif-reolink2: onvif://admin:password@192.168.10.92:8000?subtype=001
+  onvif-reolink3: onvif://admin:password@192.168.10.92:8000?subtype=000&snapshot
+  onvif-openipc1: onvif://admin:password@192.168.10.95:80?subtype=PROFILE_000
+  onvif-openipc2: onvif://admin:password@192.168.10.95:80?subtype=PROFILE_001
+
+  # some EXEC examples
+  exec-h264-pipe:   exec:ffmpeg -re -i bbb.mp4 -c copy -f h264 -
+  exec-flv-pipe:    exec:ffmpeg -re -i bbb.mp4 -c copy -f flv -
+  exec-mpegts-pipe: exec:ffmpeg -re -i bbb.mp4 -c copy -f mpegts -
+  exec-adts-pipe:   exec:ffmpeg -re -i bbb.mp4 -c copy -f adts -
+  exec-mjpeg-pipe:  exec:ffmpeg -re -i bbb.mp4 -c mjpeg -f mjpeg -
+  exec-hevc-pipe:   exec:ffmpeg -re -i bbb.mp4 -c libx265 -preset superfast -tune zerolatency -f hevc -
+  exec-wav-pipe:    exec:ffmpeg -re -i bbb.mp4 -c pcm_alaw -ar 8000 -ac 1 -f wav -
+  exec-y4m-pipe:    exec:ffmpeg -re -i bbb.mp4 -c rawvideo -f yuv4mpegpipe -
+  exec-pcma-pipe:   exec:ffmpeg -re -i numb.mp3 -c:a pcm_alaw -ar:a 8000 -ac:a 1 -f wav -
+  exec-pcmu-pipe:   exec:ffmpeg -re -i numb.mp3 -c:a pcm_mulaw -ar:a 8000 -ac:a 1 -f wav -
+  exec-s16le-pipe:  exec:ffmpeg -re -i numb.mp3 -c:a pcm_s16le -ar:a 16000 -ac:a 1 -f wav -
+
+  # some FFmpeg examples
+  ffmpeg-video-h264: ffmpeg:virtual?video#video=h264
+  ffmpeg-video-4K:   ffmpeg:virtual?video&size=4K#video=h264
+  ffmpeg-video-10s:  ffmpeg:virtual?video&duration=10#video=h264
+  ffmpeg-video-src2: ffmpeg:virtual?video=testsrc2&size=2K#video=h264
 ```

internal/streams/add_consumer.go

@@ -22,6 +22,12 @@ func (s *Stream) AddConsumer(cons core.Consumer) (err error) {
 
 	producers:
 		for prodN, prod := range s.producers {
+			// check for loop request, ex. `camera1: ffmpeg:camera1`
+			if info, ok := cons.(core.Info); ok && prod.url == info.GetSource() {
+				log.Trace().Msgf("[streams] skip cons=%d prod=%d", consN, prodN)
+				continue
+			}
+
 			if prodErrors[prodN] != nil {
 				log.Trace().Msgf("[streams] skip cons=%d prod=%d", consN, prodN)
 				continue
@@ -129,7 +135,7 @@ func formatError(consMedias, prodMedias []*core.Media, prodErrors []error) error
 		for _, media := range prodMedias {
 			if media.Direction == core.DirectionRecvonly {
 				for _, codec := range media.Codecs {
-					prod = appendString(prod, codec.PrintName())
+					prod = appendString(prod, media.Kind+":"+codec.PrintName())
 				}
 			}
 		}
@@ -137,7 +143,7 @@ func formatError(consMedias, prodMedias []*core.Media, prodErrors []error) error
 		for _, media := range consMedias {
 			if media.Direction == core.DirectionSendonly {
 				for _, codec := range media.Codecs {
-					cons = appendString(cons, codec.PrintName())
+					cons = appendString(cons, media.Kind+":"+codec.PrintName())
 				}
 			}
 		}

internal/streams/api.go

@@ -5,10 +5,14 @@ import (
 
 	"github.com/AlexxIT/go2rtc/internal/api"
 	"github.com/AlexxIT/go2rtc/internal/app"
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	"github.com/AlexxIT/go2rtc/pkg/creds"
 	"github.com/AlexxIT/go2rtc/pkg/probe"
 )
 
 func apiStreams(w http.ResponseWriter, r *http.Request) {
+	w = creds.SecretResponse(w)
+
 	query := r.URL.Query()
 	src := query.Get("src")
 
@@ -27,7 +31,7 @@ func apiStreams(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		cons := probe.NewProbe(query)
+		cons := probe.Create("probe", query)
 		if len(cons.Medias) != 0 {
 			cons.WithRequest(r)
 			if err := stream.AddConsumer(cons); err != nil {
@@ -48,12 +52,12 @@ func apiStreams(w http.ResponseWriter, r *http.Request) {
 			name = src
 		}
 
-		if New(name, query["src"]...) == nil {
-			http.Error(w, "", http.StatusBadRequest)
+		if _, err := New(name, query["src"]...); err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
 
-		if err := app.PatchConfig(name, query["src"], "streams"); err != nil {
+		if err := app.PatchConfig([]string{"streams", name}, query["src"]); err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 		}
 
@@ -65,8 +69,8 @@ func apiStreams(w http.ResponseWriter, r *http.Request) {
 		}
 
 		// support {input} templates: https://github.com/AlexxIT/go2rtc#module-hass
-		if Patch(name, src) == nil {
-			http.Error(w, "", http.StatusBadRequest)
+		if _, err := Patch(name, src); err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
 		}
 
 	case "POST":
@@ -96,7 +100,7 @@ func apiStreams(w http.ResponseWriter, r *http.Request) {
 	case "DELETE":
 		delete(streams, src)
 
-		if err := app.PatchConfig(src, nil, "streams"); err != nil {
+		if err := app.PatchConfig([]string{"streams", src}, nil); err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 		}
 	}
@@ -120,5 +124,58 @@ func apiStreamsDOT(w http.ResponseWriter, r *http.Request) {
 	}
 	dot = append(dot, '}')
 
+	dot = []byte(creds.SecretString(string(dot)))
+
 	api.Response(w, dot, "text/vnd.graphviz")
 }
+
+func apiPreload(w http.ResponseWriter, r *http.Request) {
+	// GET - return all preloads
+	if r.Method == "GET" {
+		api.ResponseJSON(w, GetPreloads())
+		return
+	}
+
+	query := r.URL.Query()
+	src := query.Get("src")
+
+	switch r.Method {
+	case "PUT":
+		// it's safe to delete from map while iterating
+		for k := range query {
+			switch k {
+			case core.KindVideo, core.KindAudio, "microphone":
+			default:
+				delete(query, k)
+			}
+		}
+
+		rawQuery := query.Encode()
+
+		if err := AddPreload(src, rawQuery); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err := app.PatchConfig([]string{"preload", src}, rawQuery); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
+
+	case "DELETE":
+		if err := DelPreload(src); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if err := app.PatchConfig([]string{"preload", src}, nil); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
+
+	default:
+		http.Error(w, "", http.StatusMethodNotAllowed)
+	}
+}
+
+func apiSchemes(w http.ResponseWriter, r *http.Request) {
+	api.ResponseJSON(w, SupportedSchemes())
+}

internal/streams/api_test.go

@@ -0,0 +1,66 @@
+package streams
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	"github.com/stretchr/testify/require"
+)
+
+func TestApiSchemes(t *testing.T) {
+	// Setup: Register some test handlers and redirects
+	HandleFunc("rtsp", func(url string) (core.Producer, error) { return nil, nil })
+	HandleFunc("rtmp", func(url string) (core.Producer, error) { return nil, nil })
+	RedirectFunc("http", func(url string) (string, error) { return "", nil })
+
+	t.Run("GET request returns schemes", func(t *testing.T) {
+		req := httptest.NewRequest("GET", "/api/schemes", nil)
+		w := httptest.NewRecorder()
+
+		apiSchemes(w, req)
+
+		require.Equal(t, http.StatusOK, w.Code)
+		require.Equal(t, "application/json", w.Header().Get("Content-Type"))
+
+		var schemes []string
+		err := json.Unmarshal(w.Body.Bytes(), &schemes)
+		require.NoError(t, err)
+		require.NotEmpty(t, schemes)
+
+		// Check that our test schemes are in the response
+		require.Contains(t, schemes, "rtsp")
+		require.Contains(t, schemes, "rtmp")
+		require.Contains(t, schemes, "http")
+	})
+}
+
+func TestApiSchemesNoDuplicates(t *testing.T) {
+	// Setup: Register a scheme in both handlers and redirects
+	HandleFunc("duplicate", func(url string) (core.Producer, error) { return nil, nil })
+	RedirectFunc("duplicate", func(url string) (string, error) { return "", nil })
+
+	req := httptest.NewRequest("GET", "/api/schemes", nil)
+	w := httptest.NewRecorder()
+
+	apiSchemes(w, req)
+
+	require.Equal(t, http.StatusOK, w.Code)
+
+	var schemes []string
+	err := json.Unmarshal(w.Body.Bytes(), &schemes)
+	require.NoError(t, err)
+
+	// Count occurrences of "duplicate"
+	count := 0
+	for _, scheme := range schemes {
+		if scheme == "duplicate" {
+			count++
+		}
+	}
+
+	// Should only appear once
+	require.Equal(t, 1, count, "scheme 'duplicate' should appear exactly once")
+}

internal/streams/dot.go

@@ -171,5 +171,6 @@ func (c *conn) label() string {
 	if c.UserAgent != "" {
 		sb.WriteString("\nuser_agent=" + c.UserAgent)
 	}
-	return sb.String()
+	// escape quotes https://github.com/AlexxIT/go2rtc/issues/1603
+	return strings.ReplaceAll(sb.String(), `"`, `'`)
 }

internal/streams/handlers.go

@@ -2,6 +2,7 @@ package streams
 
 import (
 	"errors"
+	"regexp"
 	"strings"
 
 	"github.com/AlexxIT/go2rtc/pkg/core"
@@ -15,6 +16,21 @@ func HandleFunc(scheme string, handler Handler) {
 	handlers[scheme] = handler
 }
 
+func SupportedSchemes() []string {
+	uniqueKeys := make(map[string]struct{}, len(handlers)+len(redirects))
+	for scheme := range handlers {
+		uniqueKeys[scheme] = struct{}{}
+	}
+	for scheme := range redirects {
+		uniqueKeys[scheme] = struct{}{}
+	}
+	resultKeys := make([]string, 0, len(uniqueKeys))
+	for key := range uniqueKeys {
+		resultKeys = append(resultKeys, key)
+	}
+	return resultKeys
+}
+
 func HasProducer(url string) bool {
 	if i := strings.IndexByte(url, ':'); i > 0 {
 		scheme := url[:i]
@@ -95,3 +111,24 @@ func GetConsumer(url string) (core.Consumer, func(), error) {
 
 	return nil, nil, errors.New("streams: unsupported scheme: " + url)
 }
+
+var insecure = map[string]bool{}
+
+func MarkInsecure(scheme string) {
+	insecure[scheme] = true
+}
+
+var sanitize = regexp.MustCompile(`\s`)
+
+func Validate(source string) error {
+	// TODO: Review the entire logic of insecure sources
+	if i := strings.IndexByte(source, ':'); i > 0 {
+		if insecure[source[:i]] {
+			return errors.New("streams: source from insecure producer")
+		}
+	}
+	if sanitize.MatchString(source) {
+		return errors.New("streams: source with spaces may be insecure")
+	}
+	return nil
+}

internal/streams/play.go

@@ -7,7 +7,7 @@ import (
 	"github.com/AlexxIT/go2rtc/pkg/core"
 )
 
-func (s *Stream) Play(source string) error {
+func (s *Stream) Play(urlOrProd any) error {
 	s.mu.Lock()
 	for _, producer := range s.producers {
 		if producer.state == stateInternal && producer.conn != nil {
@@ -16,12 +16,18 @@ func (s *Stream) Play(source string) error {
 	}
 	s.mu.Unlock()
 
-	if source == "" {
-		return nil
-	}
-
+	var source string
 	var src core.Producer
 
+	switch urlOrProd.(type) {
+	case string:
+		if source = urlOrProd.(string); source == "" {
+			return nil
+		}
+	case core.Producer:
+		src = urlOrProd.(core.Producer)
+	}
+
 	for _, producer := range s.producers {
 		if producer.conn == nil {
 			continue
@@ -103,7 +109,7 @@ func (s *Stream) Play(source string) error {
 }
 
 func (s *Stream) AddInternalProducer(conn core.Producer) {
-	producer := &Producer{conn: conn, state: stateInternal}
+	producer := &Producer{conn: conn, state: stateInternal, url: "internal"}
 	s.mu.Lock()
 	s.producers = append(s.producers, producer)
 	s.mu.Unlock()
@@ -140,10 +146,12 @@ func matchMedia(prod core.Producer, cons core.Consumer) bool {
 
 			track, err := prod.GetTrack(prodMedia, prodCodec)
 			if err != nil {
+				log.Warn().Err(err).Msg("[streams] can't get track")
 				continue
 			}
 
 			if err = cons.AddTrack(consMedia, consCodec, track); err != nil {
+				log.Warn().Err(err).Msg("[streams] can't add track")
 				continue
 			}
 

internal/streams/preload.go

@@ -0,0 +1,69 @@
+package streams
+
+import (
+	"fmt"
+	"maps"
+	"net/url"
+	"sync"
+
+	"github.com/AlexxIT/go2rtc/pkg/probe"
+)
+
+type Preload struct {
+	stream *Stream      // Don't output the stream to JSON to not worry about its secrets.
+	Cons   *probe.Probe `json:"consumer"`
+	Query  string       `json:"query"`
+}
+
+var preloads = map[string]*Preload{}
+var preloadsMu sync.Mutex
+
+func AddPreload(name, rawQuery string) error {
+	if rawQuery == "" {
+		rawQuery = "video&audio"
+	}
+
+	query, err := url.ParseQuery(rawQuery)
+	if err != nil {
+		return err
+	}
+
+	preloadsMu.Lock()
+	defer preloadsMu.Unlock()
+
+	if p := preloads[name]; p != nil {
+		p.stream.RemoveConsumer(p.Cons)
+	}
+
+	stream := Get(name)
+	if stream == nil {
+		return fmt.Errorf("streams: stream not found: %s", name)
+	}
+	cons := probe.Create("preload", query)
+
+	if err = stream.AddConsumer(cons); err != nil {
+		return err
+	}
+
+	preloads[name] = &Preload{stream: stream, Cons: cons, Query: rawQuery}
+	return nil
+}
+
+func DelPreload(name string) error {
+	preloadsMu.Lock()
+	defer preloadsMu.Unlock()
+
+	if p := preloads[name]; p != nil {
+		p.stream.RemoveConsumer(p.Cons)
+		delete(preloads, name)
+		return nil
+	}
+
+	return fmt.Errorf("streams: preload not found: %s", name)
+}
+
+func GetPreloads() map[string]*Preload {
+	preloadsMu.Lock()
+	defer preloadsMu.Unlock()
+	return maps.Clone(preloads)
+}

internal/streams/stream.go

@@ -47,11 +47,12 @@ func NewStream(source any) *Stream {
 	}
 }
 
-func (s *Stream) Sources() (sources []string) {
+func (s *Stream) Sources() []string {
+	sources := make([]string, 0, len(s.producers))
 	for _, prod := range s.producers {
 		sources = append(sources, prod.url)
 	}
-	return
+	return sources
 }
 
 func (s *Stream) SetSource(source string) {
@@ -76,7 +77,7 @@ func (s *Stream) RemoveConsumer(cons core.Consumer) {
 }
 
 func (s *Stream) AddProducer(prod core.Producer) {
-	producer := &Producer{conn: prod, state: stateExternal}
+	producer := &Producer{conn: prod, state: stateExternal, url: "external"}
 	s.mu.Lock()
 	s.producers = append(s.producers, producer)
 	s.mu.Unlock()

internal/streams/streams.go

@@ -3,7 +3,6 @@ package streams
 import (
 	"errors"
 	"net/url"
-	"regexp"
 	"sync"
 	"time"
 
@@ -14,8 +13,9 @@ import (
 
 func Init() {
 	var cfg struct {
-		Streams map[string]any `yaml:"streams"`
-		Publish map[string]any `yaml:"publish"`
+		Streams map[string]any    `yaml:"streams"`
+		Publish map[string]any    `yaml:"publish"`
+		Preload map[string]string `yaml:"preload"`
 	}
 
 	app.LoadConfig(&cfg)
@@ -28,38 +28,36 @@ func Init() {
 
 	api.HandleFunc("api/streams", apiStreams)
 	api.HandleFunc("api/streams.dot", apiStreamsDOT)
+	api.HandleFunc("api/preload", apiPreload)
+	api.HandleFunc("api/schemes", apiSchemes)
 
-	if cfg.Publish == nil {
+	if cfg.Publish == nil && cfg.Preload == nil {
 		return
 	}
 
 	time.AfterFunc(time.Second, func() {
+		// range for nil map is OK
 		for name, dst := range cfg.Publish {
 			if stream := Get(name); stream != nil {
 				Publish(stream, dst)
 			}
 		}
+		for name, rawQuery := range cfg.Preload {
+			if err := AddPreload(name, rawQuery); err != nil {
+				log.Error().Err(err).Caller().Send()
+			}
+		}
 	})
 }
 
-func Get(name string) *Stream {
-	return streams[name]
-}
-
-var sanitize = regexp.MustCompile(`\s`)
-
-// Validate - not allow creating dynamic streams with spaces in the source
-func Validate(source string) error {
-	if sanitize.MatchString(source) {
-		return errors.New("streams: invalid dynamic source")
-	}
-	return nil
-}
-
-func New(name string, sources ...string) *Stream {
+func New(name string, sources ...string) (*Stream, error) {
 	for _, source := range sources {
-		if Validate(source) != nil {
-			return nil
+		if !HasProducer(source) {
+			return nil, errors.New("streams: source not supported")
+		}
+
+		if err := Validate(source); err != nil {
+			return nil, err
 		}
 	}
 
@@ -68,10 +66,11 @@ func New(name string, sources ...string) *Stream {
 	streamsMu.Lock()
 	streams[name] = stream
 	streamsMu.Unlock()
-	return stream
+
+	return stream, nil
 }
 
-func Patch(name string, source string) *Stream {
+func Patch(name string, source string) (*Stream, error) {
 	streamsMu.Lock()
 	defer streamsMu.Unlock()
 
@@ -83,7 +82,7 @@ func Patch(name string, source string) *Stream {
 				// link (alias) streams[name] to streams[rtspName]
 				streams[name] = stream
 			}
-			return stream
+			return stream, nil
 		}
 	}
 
@@ -92,46 +91,44 @@ func Patch(name string, source string) *Stream {
 			// link (alias) streams[name] to streams[source]
 			streams[name] = stream
 		}
-		return stream
+		return stream, nil
 	}
 
 	// check if src has supported scheme
 	if !HasProducer(source) {
-		return nil
+		return nil, errors.New("streams: source not supported")
 	}
 
-	if Validate(source) != nil {
-		return nil
+	if err := Validate(source); err != nil {
+		return nil, err
 	}
 
 	// check an existing stream with this name
 	if stream, ok := streams[name]; ok {
 		stream.SetSource(source)
-		return stream
+		return stream, nil
 	}
 
 	// create new stream with this name
 	stream := NewStream(source)
 	streams[name] = stream
-	return stream
+	return stream, nil
 }
 
-func GetOrPatch(query url.Values) *Stream {
+func GetOrPatch(query url.Values) (*Stream, error) {
 	// check if src param exists
 	source := query.Get("src")
 	if source == "" {
-		return nil
+		return nil, errors.New("streams: source empty")
 	}
 
 	// check if src is stream name
-	if stream, ok := streams[source]; ok {
-		return stream
+	if stream := Get(source); stream != nil {
+		return stream, nil
 	}
 
 	// check if name param provided
 	if name := query.Get("name"); name != "" {
-		log.Info().Msgf("[streams] create new stream url=%s", source)
-
 		return Patch(name, source)
 	}
 
@@ -139,21 +136,41 @@ func GetOrPatch(query url.Values) *Stream {
 	return Patch(source, source)
 }
 
-func GetAll() (names []string) {
+var log zerolog.Logger
+
+// streams map
+
+var streams = map[string]*Stream{}
+var streamsMu sync.Mutex
+
+func Get(name string) *Stream {
+	streamsMu.Lock()
+	defer streamsMu.Unlock()
+	return streams[name]
+}
+
+func Delete(name string) {
+	streamsMu.Lock()
+	defer streamsMu.Unlock()
+	delete(streams, name)
+}
+
+func GetAllNames() []string {
+	streamsMu.Lock()
+	names := make([]string, 0, len(streams))
 	for name := range streams {
 		names = append(names, name)
 	}
-	return
+	streamsMu.Unlock()
+	return names
 }
 
-func Streams() map[string]*Stream {
-	return streams
+func GetAllSources() map[string][]string {
+	streamsMu.Lock()
+	sources := make(map[string][]string, len(streams))
+	for name, stream := range streams {
+		sources[name] = stream.Sources()
+	}
+	streamsMu.Unlock()
+	return sources
 }
-
-func Delete(id string) {
-	delete(streams, id)
-}
-
-var log zerolog.Logger
-var streams = map[string]*Stream{}
-var streamsMu sync.Mutex

internal/tapo/tapo.go

@@ -15,4 +15,8 @@ func Init() {
 	streams.HandleFunc("tapo", func(source string) (core.Producer, error) {
 		return tapo.Dial(source)
 	})
+
+	streams.HandleFunc("vigi", func(source string) (core.Producer, error) {
+		return tapo.Dial(source)
+	})
 }

internal/tuya/README.md

@@ -0,0 +1,39 @@
+# Tuya
+
+*[New in v1.9.13](https://github.com/AlexxIT/go2rtc/releases/tag/v1.9.13)*
+
+[Tuya](https://www.tuya.com/) proprietary camera protocol with **two way audio** support. Go2rtc supports `Tuya Smart API` and `Tuya Cloud API`.
+
+**Tuya Smart API (recommended)**:
+- Cameras can be discovered through the go2rtc web interface via Tuya Smart account (Add > Tuya > Select region and fill in email and password > Login).
+- **Smart Life accounts are not supported**, you need to create a Tuya Smart account. If the cameras are already added to the Smart Life app, you need to remove them and add them again to the Tuya Smart app.
+
+**Tuya Cloud API**:
+- Requires setting up a cloud project in the Tuya Developer Platform.
+- Obtain `device_id`, `client_id`, `client_secret`, and `uid` from [Tuya IoT Platform](https://iot.tuya.com/). [Here's a guide](https://xzetsubou.github.io/hass-localtuya/cloud_api/).
+- Please ensure that you have subscribed to the `IoT Video Live Stream` service (Free Trial) in the Tuya Developer Platform, otherwise the stream will not work (Tuya Developer Platform > Service API > Authorize > IoT Video Live Stream).
+
+## Configuration
+
+Use `resolution` parameter to select the stream (not all cameras support `hd` stream through WebRTC even if the camera has it):
+- `hd` - HD stream (default)
+- `sd` - SD stream
+
+```yaml
+streams:
+  # Tuya Smart API: WebRTC main stream (use Add > Tuya to discover the URL)
+  tuya_main:
+    - tuya://protect-us.ismartlife.me?device_id=XXX&email=XXX&password=XXX
+
+  # Tuya Smart API: WebRTC sub stream (use Add > Tuya to discover the URL)
+  tuya_sub:
+    - tuya://protect-us.ismartlife.me?device_id=XXX&email=XXX&password=XXX&resolution=sd
+
+  # Tuya Cloud API: WebRTC main stream
+  tuya_webrtc:
+   - tuya://openapi.tuyaus.com?device_id=XXX&uid=XXX&client_id=XXX&client_secret=XXX
+  
+  # Tuya Cloud API: WebRTC sub stream
+  tuya_webrtc_sd:
+   - tuya://openapi.tuyaus.com?device_id=XXX&uid=XXX&client_id=XXX&client_secret=XXX&resolution=sd
+```

internal/tuya/tuya.go

@@ -0,0 +1,248 @@
+package tuya
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+
+	"github.com/AlexxIT/go2rtc/internal/api"
+	"github.com/AlexxIT/go2rtc/internal/streams"
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	"github.com/AlexxIT/go2rtc/pkg/tuya"
+)
+
+func Init() {
+	streams.HandleFunc("tuya", func(source string) (core.Producer, error) {
+		return tuya.Dial(source)
+	})
+
+	api.HandleFunc("api/tuya", apiTuya)
+}
+
+func apiTuya(w http.ResponseWriter, r *http.Request) {
+	query := r.URL.Query()
+	region := query.Get("region")
+	email := query.Get("email")
+	password := query.Get("password")
+
+	if email == "" || password == "" || region == "" {
+		http.Error(w, "email, password and region are required", http.StatusBadRequest)
+		return
+	}
+
+	var tuyaRegion *tuya.Region
+	for _, r := range tuya.AvailableRegions {
+		if r.Host == region {
+			tuyaRegion = &r
+			break
+		}
+	}
+
+	if tuyaRegion == nil {
+		http.Error(w, fmt.Sprintf("invalid region: %s", region), http.StatusBadRequest)
+		return
+	}
+
+	httpClient := tuya.CreateHTTPClientWithSession()
+
+	_, err := login(httpClient, tuyaRegion.Host, email, password, tuyaRegion.Continent)
+	if err != nil {
+		http.Error(w, fmt.Sprintf("login failed: %v", err), http.StatusInternalServerError)
+		return
+	}
+
+	tuyaAPI, err := tuya.NewTuyaSmartApiClient(
+		httpClient,
+		tuyaRegion.Host,
+		email,
+		password,
+		"",
+	)
+
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	var devices []tuya.Device
+
+	homes, _ := tuyaAPI.GetHomeList()
+	if homes != nil && len(homes.Result) > 0 {
+		for _, home := range homes.Result {
+			roomList, err := tuyaAPI.GetRoomList(strconv.Itoa(home.Gid))
+			if err != nil {
+				continue
+			}
+
+			for _, room := range roomList.Result {
+				for _, device := range room.DeviceList {
+					if (device.Category == "sp" || device.Category == "dghsxj") && !containsDevice(devices, device.DeviceId) {
+						devices = append(devices, device)
+					}
+				}
+			}
+		}
+	}
+
+	sharedHomes, _ := tuyaAPI.GetSharedHomeList()
+	if sharedHomes != nil && len(sharedHomes.Result.SecurityWebCShareInfoList) > 0 {
+		for _, sharedHome := range sharedHomes.Result.SecurityWebCShareInfoList {
+			for _, device := range sharedHome.DeviceInfoList {
+				if (device.Category == "sp" || device.Category == "dghsxj") && !containsDevice(devices, device.DeviceId) {
+					devices = append(devices, device)
+				}
+			}
+		}
+	}
+
+	if len(devices) == 0 {
+		http.Error(w, "no cameras found", http.StatusNotFound)
+		return
+	}
+
+	var items []*api.Source
+	for _, device := range devices {
+		cleanQuery := url.Values{}
+		cleanQuery.Set("device_id", device.DeviceId)
+		cleanQuery.Set("email", email)
+		cleanQuery.Set("password", password)
+		url := fmt.Sprintf("tuya://%s?%s", tuyaRegion.Host, cleanQuery.Encode())
+
+		items = append(items, &api.Source{
+			Name: device.DeviceName,
+			URL:  url,
+		})
+	}
+
+	api.ResponseSources(w, items)
+}
+
+func login(client *http.Client, serverHost, email, password, countryCode string) (*tuya.LoginResult, error) {
+	tokenResp, err := getLoginToken(client, serverHost, email, countryCode)
+	if err != nil {
+		return nil, err
+	}
+
+	encryptedPassword, err := tuya.EncryptPassword(password, tokenResp.Result.PbKey)
+	if err != nil {
+		return nil, fmt.Errorf("failed to encrypt password: %v", err)
+	}
+
+	var loginResp *tuya.PasswordLoginResponse
+	var url string
+
+	loginReq := tuya.PasswordLoginRequest{
+		CountryCode: countryCode,
+		Passwd:      encryptedPassword,
+		Token:       tokenResp.Result.Token,
+		IfEncrypt:   1,
+		Options:     `{"group":1}`,
+	}
+
+	if tuya.IsEmailAddress(email) {
+		url = fmt.Sprintf("https://%s/api/private/email/login", serverHost)
+		loginReq.Email = email
+	} else {
+		url = fmt.Sprintf("https://%s/api/private/phone/login", serverHost)
+		loginReq.Mobile = email
+	}
+
+	loginResp, err = performLogin(client, url, loginReq, serverHost)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if !loginResp.Success {
+		return nil, errors.New(loginResp.ErrorMsg)
+	}
+
+	return &loginResp.Result, nil
+}
+
+func getLoginToken(client *http.Client, serverHost, username, countryCode string) (*tuya.LoginTokenResponse, error) {
+	url := fmt.Sprintf("https://%s/api/login/token", serverHost)
+
+	tokenReq := tuya.LoginTokenRequest{
+		CountryCode: countryCode,
+		Username:    username,
+		IsUid:       false,
+	}
+
+	jsonData, err := json.Marshal(tokenReq)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonData))
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Content-Type", "application/json; charset=utf-8")
+	req.Header.Set("Accept", "*/*")
+	req.Header.Set("Origin", fmt.Sprintf("https://%s", serverHost))
+	req.Header.Set("Referer", fmt.Sprintf("https://%s/login", serverHost))
+	req.Header.Set("X-Requested-With", "XMLHttpRequest")
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	var tokenResp tuya.LoginTokenResponse
+	if err = json.NewDecoder(resp.Body).Decode(&tokenResp); err != nil {
+		return nil, err
+	}
+
+	if !tokenResp.Success {
+		return nil, errors.New("tuya: " + tokenResp.Msg)
+	}
+
+	return &tokenResp, nil
+}
+
+func performLogin(client *http.Client, url string, loginReq tuya.PasswordLoginRequest, serverHost string) (*tuya.PasswordLoginResponse, error) {
+	jsonData, err := json.Marshal(loginReq)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonData))
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Content-Type", "application/json; charset=utf-8")
+	req.Header.Set("Accept", "*/*")
+	req.Header.Set("Origin", fmt.Sprintf("https://%s", serverHost))
+	req.Header.Set("Referer", fmt.Sprintf("https://%s/login", serverHost))
+	req.Header.Set("X-Requested-With", "XMLHttpRequest")
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	var loginResp tuya.PasswordLoginResponse
+	if err := json.NewDecoder(resp.Body).Decode(&loginResp); err != nil {
+		return nil, err
+	}
+
+	return &loginResp, nil
+}
+
+func containsDevice(devices []tuya.Device, deviceID string) bool {
+	for _, device := range devices {
+		if device.DeviceId == deviceID {
+			return true
+		}
+	}
+	return false
+}

internal/v4l2/README.md

@@ -0,0 +1,39 @@
+# V4L2
+
+What you should to know about [V4L2](https://en.wikipedia.org/wiki/Video4Linux):
+
+- V4L2 (Video for Linux API version 2) works only in Linux
+- supports USB cameras and other similar devices
+- one device can only be connected to one software simultaneously
+- cameras support a fixed list of formats, resolutions and frame rates
+- basic cameras supports only RAW (non-compressed) pixel formats
+- regular cameras supports MJPEG format (series of JPEG frames)
+- advances cameras support H264 format (MSE/MP4, WebRTC compatible)
+- using MJPEG and H264 formats (if the camera supports them) won't cost you the CPU usage
+- transcoding RAW format to MJPEG or H264 - will cost you a significant CPU usage
+- H265 (HEVC) format is also supported (if the camera supports it)
+
+Tests show that the basic Keenetic router with MIPS processor can broadcast three MJPEG cameras in the following resolutions: 1600х1200 + 640х480 + 640х480. The USB bus bandwidth is no more enough for larger resolutions. CPU consumption is no more than 5%.
+
+Supported formats for your camera can be found here: **Go2rtc > WebUI > Add > V4L2**.
+
+## RAW format
+
+Example:
+
+```yaml
+streams:
+  camera1: v4l2:device?video=/dev/video0&input_format=yuyv422&video_size=1280x720&framerate=10
+```
+
+Go2rtc supports built-in transcoding of RAW to MJPEG format. This does not need to be additionally configured.
+
+```
+ffplay http://localhost:1984/api/stream.mjpeg?src=camera1
+```
+
+**Important.** You don't have to transcode the RAW format to transmit it over the network. You can stream it in `y4m` format, which is perfectly supported by ffmpeg. It won't cost you a CPU usage. But will require high network bandwidth.
+
+```
+ffplay http://localhost:1984/api/stream.y4m?src=camera1
+```

internal/v4l2/v4l2.go

@@ -0,0 +1,7 @@
+//go:build !(linux && (386 || arm || mipsle || amd64 || arm64))
+
+package v4l2
+
+func Init() {
+	// not supported
+}

internal/v4l2/v4l2_linux.go

@@ -0,0 +1,91 @@
+//go:build linux && (386 || arm || mipsle || amd64 || arm64)
+
+package v4l2
+
+import (
+	"encoding/binary"
+	"fmt"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/AlexxIT/go2rtc/internal/api"
+	"github.com/AlexxIT/go2rtc/internal/streams"
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	"github.com/AlexxIT/go2rtc/pkg/v4l2"
+	"github.com/AlexxIT/go2rtc/pkg/v4l2/device"
+)
+
+func Init() {
+	streams.HandleFunc("v4l2", func(source string) (core.Producer, error) {
+		return v4l2.Open(source)
+	})
+
+	api.HandleFunc("api/v4l2", apiV4L2)
+}
+
+func apiV4L2(w http.ResponseWriter, r *http.Request) {
+	files, err := os.ReadDir("/dev")
+	if err != nil {
+		return
+	}
+
+	var sources []*api.Source
+
+	for _, file := range files {
+		if !strings.HasPrefix(file.Name(), core.KindVideo) {
+			continue
+		}
+
+		path := "/dev/" + file.Name()
+
+		dev, err := device.Open(path)
+		if err != nil {
+			continue
+		}
+
+		formats, _ := dev.ListFormats()
+		for _, fourCC := range formats {
+			name, ffmpeg := findFormat(fourCC)
+			source := &api.Source{Name: name}
+
+			sizes, _ := dev.ListSizes(fourCC)
+			for _, wh := range sizes {
+				if source.Info != "" {
+					source.Info += " "
+				}
+
+				source.Info += fmt.Sprintf("%dx%d", wh[0], wh[1])
+
+				frameRates, _ := dev.ListFrameRates(fourCC, wh[0], wh[1])
+				for _, fr := range frameRates {
+					source.Info += fmt.Sprintf("@%d", fr)
+
+					if source.URL == "" && ffmpeg != "" {
+						source.URL = fmt.Sprintf(
+							"v4l2:device?video=%s&input_format=%s&video_size=%dx%d&framerate=%d",
+							path, ffmpeg, wh[0], wh[1], fr,
+						)
+					}
+				}
+			}
+
+			if source.Info != "" {
+				sources = append(sources, source)
+			}
+		}
+
+		_ = dev.Close()
+	}
+
+	api.ResponseSources(w, sources)
+}
+
+func findFormat(fourCC uint32) (name, ffmpeg string) {
+	for _, format := range device.Formats {
+		if format.FourCC == fourCC {
+			return format.Name, format.FFmpeg
+		}
+	}
+	return string(binary.LittleEndian.AppendUint32(nil, fourCC)), ""
+}

internal/webrtc/README.md

@@ -11,13 +11,15 @@ If an external connection via STUN is used:
 
 - Uses [UDP hole punching](https://en.wikipedia.org/wiki/UDP_hole_punching) technology to bypass NAT even if you not open your server to the World
 - For about 20% of users, the techology will not work because of the [Symmetric NAT](https://tomchen.github.io/symmetric-nat-test/)
-- UDP is not suitable for transmitting 2K and 4K high bitrate video over open networks because of the high loss rate
+- UDP is not suitable for transmitting 2K and 4K high bitrate video over open networks because of the high loss rate:
+  - https://habr.com/ru/companies/flashphoner/articles/480006/
+  - https://www.youtube.com/watch?v=FXVg2ckuKfs
 
 ## Default config
 
 ```yaml
 webrtc:
-  listen: ":8555/tcp"
+  listen: ":8555"
   ice_servers:
     - urls: [ "stun:stun.l.google.com:19302" ]
 ```
@@ -29,7 +31,7 @@ webrtc:
 ```yaml
 webrtc:
   # fix local TCP or UDP or both ports for WebRTC media
-  listen: ":8555/tcp"        # address of your local server
+  listen: ":8555"            # address of your local server
 
   # add additional host candidates manually
   # order is important, the first will have a higher priority
@@ -53,17 +55,20 @@ webrtc:
     # including candidates from the `listen` option
     # use `candidates: []` to remove all auto discovery candidates
     candidates: [ 192.168.1.123 ]
+    
+    # enable localhost candidates
+    loopback: true
 
     # list of network types to be used for connection
     # including candidates from the `listen` option
     networks: [ udp4, udp6, tcp4, tcp6 ]
 
     # list of interfaces to be used for connection
-    # not related to the `listen` option
+    # including interfaces from unspecified `listen` option (empty host)
     interfaces: [ eno1 ]
 
     # list of host IP-addresses to be used for connection
-    # not related to the `listen` option
+    # including IPs from unspecified `listen` option (empty host)
     ips: [ 192.168.1.123 ]
 
     # range for random UDP ports [min, max] to be used for connection
@@ -71,14 +76,16 @@ webrtc:
     udp_ports: [ 50000, 50100 ]
 ```
 
-By default go2rtc uses **fixed TCP** port and multiple **random UDP** ports for each WebRTC connection - `listen: ":8555/tcp"`.
+By default go2rtc uses **fixed TCP** port and **fixed UDP** ports for each **direct** WebRTC connection - `listen: ":8555"`.
 
-You can set **fixed TCP** and **fixed UDP** port for all connections - `listen: ":8555"`. This may has lower performance, but it's your choice. 
+You can set **fixed TCP** and **random UDP** port for all connections - `listen: ":8555/tcp"`.
 
 Don't know why, but you can disable TCP port and leave only random UDP ports - `listen: ""`.
 
 ## Config filters
 
+**Importan!** By default go2rtc exclude all Docker-like candidates (`172.16.0.0/12`). This can not be disabled.
+
 Filters allow you to exclude unnecessary candidates. Extra candidates don't make your connection worse or better. But the wrong filter settings can break everything. Skip this setting if you don't understand it.
 
 For example, go2rtc is installed on the host system. And there are unnecessary interfaces. You can keep only the relevant via `interfaces` or `ips` options. You can also exclude IPv6 candidates if your server supports them but your home network does not.
@@ -97,8 +104,6 @@ For example, go2rtc inside closed docker container (ex. [Frigate](https://frigat
 webrtc:
   listen: ":8555"                   # use fixed TCP and UDP ports
   candidates: [ 192.168.1.2:8555 ]  # add manual host candidate (use docker port forwarding)
-  filters:
-    candidates: []                  # skip all internal docker candidates
 ```
 
 ## Userful links

internal/webrtc/candidates.go

@@ -7,7 +7,8 @@ import (
 	"github.com/AlexxIT/go2rtc/internal/api/ws"
 	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/webrtc"
-	pion "github.com/pion/webrtc/v3"
+	"github.com/AlexxIT/go2rtc/pkg/xnet"
+	pion "github.com/pion/webrtc/v4"
 )
 
 type Address struct {
@@ -17,9 +18,11 @@ type Address struct {
 	Priority uint32
 }
 
+var stuns []string
+
 func (a *Address) Host() string {
 	if a.host == "stun" {
-		ip, err := webrtc.GetCachedPublicIP()
+		ip, err := webrtc.GetCachedPublicIP(stuns...)
 		if err != nil {
 			return ""
 		}
@@ -73,6 +76,11 @@ func FilterCandidate(candidate *pion.ICECandidate) bool {
 		return false
 	}
 
+	// remove any Docker-like IP from candidates
+	if ip := net.ParseIP(candidate.Address); ip != nil && xnet.Docker.Contains(ip) {
+		return false
+	}
+
 	// host candidate should be in the hosts list
 	if candidate.Typ == pion.ICECandidateTypeHost && filters.Candidates != nil {
 		if !core.Contains(filters.Candidates, candidate.Address) {

internal/webrtc/client.go

@@ -15,7 +15,7 @@ import (
 	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/webrtc"
 	"github.com/gorilla/websocket"
-	pion "github.com/pion/webrtc/v3"
+	pion "github.com/pion/webrtc/v4"
 )
 
 // streamsHandler supports:
@@ -41,9 +41,11 @@ func streamsHandler(rawURL string) (core.Producer, error) {
 				// https://aws.amazon.com/kinesis/video-streams/
 				// https://docs.aws.amazon.com/kinesisvideostreams-webrtc-dg/latest/devguide/what-is-kvswebrtc.html
 				// https://github.com/orgs/awslabs/repositories?q=kinesis+webrtc
-				return kinesisClient(rawURL, query, "webrtc/kinesis")
+				return kinesisClient(rawURL, query, "webrtc/kinesis", nil)
 			} else if format == "openipc" {
 				return openIPCClient(rawURL, query)
+			} else if format == "switchbot" {
+				return switchbotClient(rawURL, query)
 			} else {
 				return go2rtcClient(rawURL)
 			}
@@ -54,6 +56,8 @@ func streamsHandler(rawURL string) (core.Producer, error) {
 			} else if format == "wyze" {
 				// https://github.com/mrlt8/docker-wyze-bridge
 				return wyzeClient(rawURL)
+			} else if format == "creality" {
+				return crealityClient(rawURL)
 			} else {
 				return whepClient(rawURL)
 			}

internal/webrtc/client_creality.go

@@ -0,0 +1,152 @@
+package webrtc
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	"github.com/AlexxIT/go2rtc/pkg/webrtc"
+	"github.com/pion/sdp/v3"
+)
+
+// https://github.com/AlexxIT/go2rtc/issues/1600
+func crealityClient(url string) (core.Producer, error) {
+	pc, err := PeerConnection(true)
+	if err != nil {
+		return nil, err
+	}
+
+	prod := webrtc.NewConn(pc)
+	prod.FormatName = "webrtc/creality"
+	prod.Mode = core.ModeActiveProducer
+	prod.Protocol = "http"
+	prod.URL = url
+
+	medias := []*core.Media{
+		{Kind: core.KindVideo, Direction: core.DirectionRecvonly},
+	}
+
+	// TODO: return webrtc.SessionDescription
+	offer, err := prod.CreateCompleteOffer(medias)
+	if err != nil {
+		return nil, err
+	}
+
+	log.Trace().Msgf("[webrtc] offer:\n%s", offer)
+
+	body, err := offerToB64(offer)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest("POST", url, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "plain/text")
+
+	// TODO: change http.DefaultClient settings
+	client := http.Client{Timeout: time.Second * 5000}
+	defer client.CloseIdleConnections()
+
+	res, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	answer, err := answerFromB64(res.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	log.Trace().Msgf("[webrtc] answer:\n%s", answer)
+
+	if answer, err = fixCrealitySDP(answer); err != nil {
+		return nil, err
+	}
+
+	if err = prod.SetAnswer(answer); err != nil {
+		return nil, err
+	}
+
+	return prod, nil
+}
+
+func offerToB64(sdp string) (io.Reader, error) {
+	// JS object
+	v := map[string]string{
+		"type": "offer",
+		"sdp":  sdp,
+	}
+
+	// bytes
+	b, err := json.Marshal(v)
+	if err != nil {
+		return nil, err
+	}
+
+	// base64, why? who knows...
+	s := base64.StdEncoding.EncodeToString(b)
+
+	return strings.NewReader(s), nil
+}
+
+func answerFromB64(r io.Reader) (string, error) {
+	// base64
+	b, err := io.ReadAll(r)
+	if err != nil {
+		return "", err
+	}
+
+	// bytes
+	if b, err = base64.StdEncoding.DecodeString(string(b)); err != nil {
+		return "", err
+	}
+
+	// JS object
+	var v map[string]string
+	if err = json.Unmarshal(b, &v); err != nil {
+		return "", err
+	}
+
+	// string "v=0..."
+	return v["sdp"], nil
+}
+
+func fixCrealitySDP(value string) (string, error) {
+	var sd sdp.SessionDescription
+	if err := sd.UnmarshalString(value); err != nil {
+		return "", err
+	}
+
+	md := sd.MediaDescriptions[0]
+
+	// important to skip first codec, because second codec will be used
+	skip := md.MediaName.Formats[0]
+	md.MediaName.Formats = md.MediaName.Formats[1:]
+
+	attrs := make([]sdp.Attribute, 0, len(md.Attributes))
+	for _, attr := range md.Attributes {
+		switch attr.Key {
+		case "fmtp", "rtpmap":
+			// important to skip fmtp with x-google, because this is second fmtp for same codec
+			// and pion library will fail parsing this SDP
+			if strings.HasPrefix(attr.Value, skip) || strings.Contains(attr.Value, "x-google") {
+				continue
+			}
+		}
+		attrs = append(attrs, attr)
+	}
+
+	md.Attributes = attrs
+
+	b, err := sd.Marshal()
+	if err != nil {
+		return "", err
+	}
+	return string(b), nil
+}

internal/webrtc/kinesis.go

@@ -12,7 +12,7 @@ import (
 	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/webrtc"
 	"github.com/gorilla/websocket"
-	pion "github.com/pion/webrtc/v3"
+	pion "github.com/pion/webrtc/v4"
 )
 
 type kinesisRequest struct {
@@ -34,7 +34,10 @@ func (k kinesisResponse) String() string {
 	return fmt.Sprintf("type=%s, payload=%s", k.Type, k.Payload)
 }
 
-func kinesisClient(rawURL string, query url.Values, format string) (core.Producer, error) {
+func kinesisClient(
+	rawURL string, query url.Values, format string,
+	sdpOffer func(prod *webrtc.Conn, query url.Values) (any, error),
+) (core.Producer, error) {
 	// 1. Connect to signalign server
 	conn, _, err := websocket.DefaultDialer.Dial(rawURL, nil)
 	if err != nil {
@@ -108,23 +111,33 @@ func kinesisClient(rawURL string, query url.Values, format string) (core.Produce
 		}
 	})
 
-	medias := []*core.Media{
-		{Kind: core.KindVideo, Direction: core.DirectionRecvonly},
-		{Kind: core.KindAudio, Direction: core.DirectionRecvonly},
+	var payload any
+
+	if sdpOffer == nil {
+		medias := []*core.Media{
+			{Kind: core.KindVideo, Direction: core.DirectionRecvonly},
+			{Kind: core.KindAudio, Direction: core.DirectionRecvonly},
+		}
+
+		// 4. Create offer
+		var offer string
+		if offer, err = prod.CreateOffer(medias); err != nil {
+			return nil, err
+		}
+
+		// 5. Send offer
+		payload = pion.SessionDescription{
+			Type: pion.SDPTypeOffer,
+			SDP:  offer,
+		}
+	} else {
+		if payload, err = sdpOffer(prod, query); err != nil {
+			return nil, err
+		}
 	}
 
-	// 4. Create offer
-	offer, err := prod.CreateOffer(medias)
-	if err != nil {
-		return nil, err
-	}
-
-	// 5. Send offer
 	req.Action = "SDP_OFFER"
-	req.Payload, _ = json.Marshal(pion.SessionDescription{
-		Type: pion.SDPTypeOffer,
-		SDP:  offer,
-	})
+	req.Payload, _ = json.Marshal(payload)
 	if err = conn.WriteJSON(req); err != nil {
 		return nil, err
 	}
@@ -218,5 +231,5 @@ func wyzeClient(rawURL string) (core.Producer, error) {
 		"ice_servers": []string{string(kvs.Servers)},
 	}
 
-	return kinesisClient(kvs.URL, query, "webrtc/wyze")
+	return kinesisClient(kvs.URL, query, "webrtc/wyze", nil)
 }

internal/webrtc/milestone.go

@@ -12,7 +12,7 @@ import (
 	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/tcp"
 	"github.com/AlexxIT/go2rtc/pkg/webrtc"
-	pion "github.com/pion/webrtc/v3"
+	pion "github.com/pion/webrtc/v4"
 )
 
 // This package handles the Milestone WebRTC session lifecycle, including authentication,

internal/webrtc/openipc.go

@@ -9,7 +9,7 @@ import (
 	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/webrtc"
 	"github.com/gorilla/websocket"
-	pion "github.com/pion/webrtc/v3"
+	pion "github.com/pion/webrtc/v4"
 )
 
 func openIPCClient(rawURL string, query url.Values) (core.Producer, error) {

internal/webrtc/server.go

@@ -1,6 +1,7 @@
 package webrtc
 
 import (
+	"encoding/base64"
 	"encoding/json"
 	"io"
 	"net/http"
@@ -12,7 +13,7 @@ import (
 	"github.com/AlexxIT/go2rtc/internal/streams"
 	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/webrtc"
-	pion "github.com/pion/webrtc/v3"
+	pion "github.com/pion/webrtc/v4"
 )
 
 const MimeSDP = "application/sdp"
@@ -62,8 +63,8 @@ func syncHandler(w http.ResponseWriter, r *http.Request) {
 // 2. application/sdp - receive/response SDP via WebRTC-HTTP Egress Protocol (WHEP)
 // 3. other - receive/response raw SDP
 func outputWebRTC(w http.ResponseWriter, r *http.Request) {
-	url := r.URL.Query().Get("src")
-	stream := streams.Get(url)
+	u := r.URL.Query().Get("src")
+	stream := streams.Get(u)
 	if stream == nil {
 		http.Error(w, api.StreamNotFound, http.StatusNotFound)
 		return
@@ -87,6 +88,21 @@ func outputWebRTC(w http.ResponseWriter, r *http.Request) {
 		}
 		offer = desc.SDP
 
+	case "application/x-www-form-urlencoded":
+		if err := r.ParseForm(); err != nil {
+			log.Error().Err(err).Caller().Send()
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+		offerB64 := r.Form.Get("data")
+		b, err := base64.StdEncoding.DecodeString(offerB64)
+		if err != nil {
+			log.Error().Err(err).Caller().Send()
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+		offer = string(b)
+
 	default:
 		body, err := io.ReadAll(r.Body)
 		if err != nil {
@@ -124,6 +140,11 @@ func outputWebRTC(w http.ResponseWriter, r *http.Request) {
 		}
 		err = json.NewEncoder(w).Encode(v)
 
+	case "application/x-www-form-urlencoded":
+		w.Header().Set("Content-Type", mediaType)
+		answerB64 := base64.StdEncoding.EncodeToString([]byte(answer))
+		_, err = w.Write([]byte(answerB64))
+
 	case MimeSDP:
 		w.Header().Set("Content-Type", mediaType)
 		w.WriteHeader(http.StatusCreated)

internal/webrtc/switchbot.go

@@ -0,0 +1,44 @@
+package webrtc
+
+import (
+	"net/url"
+
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	"github.com/AlexxIT/go2rtc/pkg/webrtc"
+)
+
+func switchbotClient(rawURL string, query url.Values) (core.Producer, error) {
+	return kinesisClient(rawURL, query, "webrtc/switchbot", func(prod *webrtc.Conn, query url.Values) (any, error) {
+		medias := []*core.Media{
+			{Kind: core.KindVideo, Direction: core.DirectionRecvonly},
+		}
+
+		offer, err := prod.CreateOffer(medias)
+		if err != nil {
+			return nil, err
+		}
+
+		v := struct {
+			Type       string `json:"type"`
+			SDP        string `json:"sdp"`
+			Resolution int    `json:"resolution"`
+			PlayType   int    `json:"play_type"`
+		}{
+			Type: "offer",
+			SDP:  offer,
+		}
+
+		switch query.Get("resolution") {
+		case "hd":
+			v.Resolution = 0
+		case "sd":
+			v.Resolution = 1
+		case "auto":
+			v.Resolution = 2
+		}
+
+		v.PlayType = core.Atoi(query.Get("play_type")) // zero by default
+
+		return v, nil
+	})
+}

internal/webrtc/webrtc.go

@@ -10,7 +10,7 @@ import (
 	"github.com/AlexxIT/go2rtc/internal/streams"
 	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/webrtc"
-	pion "github.com/pion/webrtc/v3"
+	pion "github.com/pion/webrtc/v4"
 	"github.com/rs/zerolog"
 )
 
@@ -24,9 +24,9 @@ func Init() {
 		} `yaml:"webrtc"`
 	}
 
-	cfg.Mod.Listen = ":8555/tcp"
+	cfg.Mod.Listen = ":8555"
 	cfg.Mod.IceServers = []pion.ICEServer{
-		{URLs: []string{"stun:stun.l.google.com:19302"}},
+		{URLs: []string{"stun:stun.cloudflare.com:3478", "stun:stun.l.google.com:19302"}},
 	}
 
 	app.LoadConfig(&cfg)
@@ -38,6 +38,16 @@ func Init() {
 	address, network, _ := strings.Cut(cfg.Mod.Listen, "/")
 	for _, candidate := range cfg.Mod.Candidates {
 		AddCandidate(network, candidate)
+
+		if strings.HasPrefix(candidate, "stun:") && stuns == nil {
+			for _, ice := range cfg.Mod.IceServers {
+				for _, url := range ice.URLs {
+					if strings.HasPrefix(url, "stun:") {
+						stuns = append(stuns, url[5:])
+					}
+				}
+			}
+		}
 	}
 
 	var err error
@@ -95,7 +105,7 @@ func asyncHandler(tr *ws.Transport, msg *ws.Message) (err error) {
 
 	query := tr.Request.URL.Query()
 	if name := query.Get("src"); name != "" {
-		stream = streams.GetOrPatch(query)
+		stream, _ = streams.GetOrPatch(query)
 		mode = core.ModePassiveConsumer
 		log.Debug().Str("src", name).Msg("[webrtc] new consumer")
 	} else if name = query.Get("dst"); name != "" {

internal/webrtc/webrtc_test.go

@@ -0,0 +1,73 @@
+package webrtc
+
+import (
+	"encoding/json"
+	"strings"
+	"testing"
+
+	"github.com/AlexxIT/go2rtc/internal/api/ws"
+	pion "github.com/pion/webrtc/v4"
+	"github.com/stretchr/testify/require"
+)
+
+func TestWebRTCAPIv1(t *testing.T) {
+	raw := `{"type":"webrtc/offer","value":"v=0\n..."}`
+	msg := new(ws.Message)
+	err := json.Unmarshal([]byte(raw), msg)
+	require.Nil(t, err)
+
+	require.Equal(t, "v=0\n...", msg.String())
+}
+
+func TestWebRTCAPIv2(t *testing.T) {
+	raw := `{"type":"webrtc","value":{"type":"offer","sdp":"v=0\n...","ice_servers":[{"urls":["stun:stun.l.google.com:19302"]}]}}`
+	msg := new(ws.Message)
+	err := json.Unmarshal([]byte(raw), msg)
+	require.Nil(t, err)
+
+	var offer struct {
+		Type       string           `json:"type"`
+		SDP        string           `json:"sdp"`
+		ICEServers []pion.ICEServer `json:"ice_servers"`
+	}
+	err = msg.Unmarshal(&offer)
+	require.Nil(t, err)
+
+	require.Equal(t, "offer", offer.Type)
+	require.Equal(t, "v=0\n...", offer.SDP)
+	require.Equal(t, "stun:stun.l.google.com:19302", offer.ICEServers[0].URLs[0])
+}
+
+func TestCrealitySDP(t *testing.T) {
+	sdp := `v=0
+o=- 1495799811084970 1495799811084970 IN IP4 0.0.0.0
+s=-
+t=0 0
+a=msid-semantic:WMS *
+a=group:BUNDLE 0
+m=video 9 UDP/TLS/RTP/SAVPF 96 98
+a=rtcp-fb:98 nack
+a=rtcp-fb:98 nack pli
+a=fmtp:96 profile-level-id=42e01f;level-asymmetry-allowed=1
+a=fmtp:98 profile-level-id=42e01f;packetization-mode=1;level-asymmetry-allowed=1
+a=fmtp:98 x-google-max-bitrate=6000;x-google-min-bitrate=2000;x-google-start-bitrate=4000
+a=rtpmap:96 H264/90000
+a=rtpmap:98 H264/90000
+a=ssrc:1 cname:pear
+c=IN IP4 0.0.0.0
+a=sendonly
+a=mid:0
+a=rtcp-mux
+a=ice-ufrag:7AVa
+a=ice-pwd:T+F/5y05Paw+mtG5Jrd8N3
+a=ice-options:trickle
+a=fingerprint:sha-256 A5:AB:C0:4E:29:5B:BD:3B:7D:88:24:6C:56:6B:2A:79:A3:76:99:35:57:75:AD:C8:5A:A6:34:20:88:1B:68:EF
+a=setup:passive
+a=candidate:1 1 UDP 2015363327 172.22.233.10 48929 typ host
+a=candidate:2 1 TCP 1015021823 172.22.233.10 0 typ host tcptype active
+a=candidate:3 1 TCP 1010827519 172.22.233.10 60677 typ host tcptype passive
+`
+	sdp, err := fixCrealitySDP(sdp)
+	require.Nil(t, err)
+	require.False(t, strings.Contains(sdp, "x-google-max-bitrate"))
+}

internal/webtorrent/tracker.go

@@ -2,9 +2,10 @@ package webtorrent
 
 import (
 	"fmt"
+	"net/http"
+
 	"github.com/AlexxIT/go2rtc/pkg/webtorrent"
 	"github.com/gorilla/websocket"
-	"net/http"
 )
 
 var upgrader *websocket.Upgrader

internal/wyoming/README.md

@@ -0,0 +1,281 @@
+# Wyoming
+
+This module provide [Wyoming Protocol](https://www.home-assistant.io/integrations/wyoming/) support to create local voice assistants using [Home Assistant](https://www.home-assistant.io/).
+
+- go2rtc can act as [Wyoming Satellite](https://github.com/rhasspy/wyoming-satellite)
+- go2rtc can act as [Wyoming External Microphone](https://github.com/rhasspy/wyoming-mic-external)
+- go2rtc can act as [Wyoming External Sound](https://github.com/rhasspy/wyoming-snd-external)
+- any supported audio source with PCM codec can be used as audio input
+- any supported two-way audio source with PCM codec can be used as audio output
+- any desktop/server microphone/speaker can be used as two-way audio source
+  - supported any OS via FFmpeg or any similar software
+  - supported Linux via alsa source
+- you can change the behavior using the built-in scripting engine
+
+## Typical Voice Pipeline
+
+1. Audio stream (MIC)
+   - any audio source with PCM codec support (include PCMA/PCMU)
+2. Voice Activity Detector (VAD)
+3. Wake Word (WAKE)
+   - [OpenWakeWord](https://www.home-assistant.io/voice_control/create_wake_word/)
+4. Speech-to-Text (STT)
+   - [Whisper](https://github.com/home-assistant/addons/blob/master/whisper/README.md) 
+   - [Vosk](https://github.com/rhasspy/hassio-addons/blob/master/vosk/README.md)
+5. Conversation agent (INTENT)
+   - [Home Assistant](https://www.home-assistant.io/integrations/conversation/)
+6. Text-to-speech (TTS)
+   - [Google Translate](https://www.home-assistant.io/integrations/google_translate/)
+   - [Piper](https://github.com/home-assistant/addons/blob/master/piper/README.md)
+7. Audio stream (SND)
+   - any source with two-way audio (backchannel) and PCM codec support (include PCMA/PCMU)
+
+You can use a large number of different projects for WAKE, STT, INTENT and TTS thanks to the Home Assistant.
+
+And you can use a large number of different technologies for MIC and SND thanks to Go2rtc.
+
+## Configuration
+
+You can optionally specify WAKE service. So go2rtc will start transmitting audio to Home Assistant only after WAKE word. If the WAKE service cannot be connected to or not specified - go2rtc will pass all audio to Home Assistant. In this case WAKE service must be configured in your Voice Assistant pipeline.
+
+You can optionally specify VAD threshold. So go2rtc will start transmitting audio to WAKE service only after some audio noise.
+
+Your stream must support audio transmission in PCM codec (include PCMA/PCMU).
+
+```yaml
+wyoming:
+  stream_name_from_streams_section:
+    listen: :10700 
+    name: "My Satellite"                # optional name
+    wake_uri: tcp://192.168.1.23:10400  # optional WAKE service
+    vad_threshold: 1                    # optional VAD threshold (from 0.1 to 3.5)
+```
+
+Home Assistant -> Settings -> Integrations -> Add -> Wyoming Protocol -> Host + Port from `go2rtc.yaml`
+
+Select one or multiple wake words:
+```yaml
+wake_uri: tcp://192.168.1.23:10400?name=alexa_v0.1&name=hey_jarvis_v0.1&name=hey_mycroft_v0.1&name=hey_rhasspy_v0.1&name=ok_nabu_v0.1
+```
+
+## Events
+
+You can add wyoming event handling using the [expr](https://github.com/AlexxIT/go2rtc/blob/master/internal/expr/README.md) language. For example, to pronounce TTS on some media player from HA.
+
+Turn on the logs to see what kind of events happens.
+
+This is what the default scripts look like:
+
+```yaml
+wyoming:
+  script_example:
+    event:
+      run-satellite: Detect()
+      pause-satellite: Stop()
+      voice-stopped: Pause()
+      audio-stop: PlayAudio() && WriteEvent("played") && Detect()
+      error: Detect()
+      internal-run: WriteEvent("run-pipeline", '{"start_stage":"wake","end_stage":"tts"}') && Stream()
+      internal-detection: WriteEvent("run-pipeline", '{"start_stage":"asr","end_stage":"tts"}') && Stream()
+```
+
+Supported functions and variables:
+
+- `Detect()` - start the VAD and WAKE word detection process
+- `Stream()` - start transmission of audio data to the client (Home Assistant)
+- `Stop()` - stop and disconnect stream without disconnecting client (Home Assistant)
+- `Pause()` - temporary pause of audio transfer, without disconnecting the stream
+- `PlayAudio()` - playing the last audio that was sent from client (Home Assistant)
+- `WriteEvent(type, data)` - send event to client (Home Assistant)
+- `Sleep(duration)` - temporary script pause (ex. `Sleep('1.5s')`)
+- `PlayFile(path)` - play audio from `wav` file
+- `Type` - type (name) of event
+- `Data` - event data in JSON format (ex. `{"text":"how are you"}`)
+- also available other functions from [expr](https://github.com/AlexxIT/go2rtc/blob/master/internal/expr/README.md) module (ex. `fetch`)
+
+If you write a script for an event - the default action is no longer executed. You need to repeat the necessary steps yourself.
+
+In addition to the standard events, there are two additional events:
+
+- `internal-run` - called after `Detect()` when VAD detected, but WAKE service unavailable
+- `internal-detection` - called after `Detect()` when WAKE word detected
+
+**Example 1.** You want to play a sound file when a wake word detected (only `wav` supported):
+
+- `PlayFile` and `PlayAudio` functions are executed synchronously, the following steps will be executed only after they are completed
+
+```yaml
+wyoming:
+  script_example:
+    event:
+      internal-detection: PlayFile('/media/beep.wav') && WriteEvent("run-pipeline", '{"start_stage":"asr","end_stage":"tts"}') && Stream()
+```
+
+**Example 2.** You want to play TTS on a Home Assistant media player:
+
+Each event has a `Type` and `Data` in JSON format. You can use their values in scripts.
+
+- in the `synthesize` step, we get the value of the `text` and call the HA REST API
+- in the `audio-stop` step we get the duration of the TTS in seconds, wait for this time and start the pipeline again
+
+```yaml
+wyoming:
+  script_example:
+    event:
+      synthesize: |
+        let text = fromJSON(Data).text;
+        let token = 'eyJhbGci...';
+        fetch('http://localhost:8123/api/services/tts/speak', {
+          method: 'POST',
+          headers: {'Authorization': 'Bearer '+token,'Content-Type': 'application/json'},
+          body: toJSON({
+            entity_id: 'tts.google_translate_com',
+            media_player_entity_id: 'media_player.google_nest',
+            message: text,
+            language: 'en',
+          }),
+        }).ok
+      audio-stop: |
+        let timestamp = fromJSON(Data).timestamp;
+        let delay = string(timestamp)+'s';
+        Sleep(delay) && WriteEvent("played") && Detect()
+```
+
+## Config examples
+
+Satellite on Windows server using FFmpeg and FFplay.
+
+```yaml
+streams:
+  satellite_win:
+    - exec:ffmpeg -hide_banner -f dshow -i "audio=Microphone (High Definition Audio Device)" -c pcm_s16le -ar 16000 -ac 1 -f wav -
+    - exec:ffplay -hide_banner -nodisp -probesize 32 -f s16le -ar 22050 -#backchannel=1#audio=s16le/22050
+
+wyoming:
+  satellite_win:
+    listen: :10700
+    name: "Windows Satellite"
+    wake_uri: tcp://192.168.1.23:10400
+    vad_threshold: 1
+```
+
+Satellite on Dahua camera with two-way audio support.
+
+```yaml
+streams:
+  dahua_camera:
+    - rtsp://admin:password@192.168.1.123/cam/realmonitor?channel=1&subtype=1&unicast=true&proto=Onvif
+
+wyoming:
+  dahua_camera:
+    listen: :10700
+    name: "Dahua Satellite"
+    wake_uri: tcp://192.168.1.23:10400
+    vad_threshold: 1
+```
+
+Satellite on external wyoming Microphone and Sound.
+
+```yaml
+streams:
+  wyoming_external:
+     - wyoming://192.168.1.23:10600                # wyoming-mic-external
+     - wyoming://192.168.1.23:10601?backchannel=1  # wyoming-snd-external
+
+wyoming:
+   wyoming_external:
+    listen: :10700
+    name: "Wyoming Satellite"
+    wake_uri: tcp://192.168.1.23:10400
+    vad_threshold: 1
+```
+
+## Wyoming External Microphone and Sound
+
+Advanced users, who want to enjoy the [Wyoming Satellite](https://github.com/rhasspy/wyoming-satellite) project, can use go2rtc as a [Wyoming External Microphone](https://github.com/rhasspy/wyoming-mic-external) or [Wyoming External Sound](https://github.com/rhasspy/wyoming-snd-external).
+
+**go2rtc.yaml**
+
+```yaml
+streams:
+  wyoming_mic_external:
+    - exec:ffmpeg -hide_banner -f dshow -i "audio=Microphone (High Definition Audio Device)" -c pcm_s16le -ar 16000 -ac 1 -f wav -
+  wyoming_snd_external:
+    - exec:ffplay -hide_banner -nodisp -probesize 32 -f s16le -ar 22050 -#backchannel=1#audio=s16le/22050
+
+wyoming:
+  wyoming_mic_external:
+    listen: :10600
+    mode: mic
+  wyoming_snd_external:
+    listen: :10601
+    mode: snd
+```
+
+**docker-compose.yml**
+
+```yaml
+version: "3.8"
+services:
+  satellite:
+    build: wyoming-satellite  # https://github.com/rhasspy/wyoming-satellite
+    ports:
+      - "10700:10700"
+    command:
+      - "--name"
+      - "my satellite"
+      - "--mic-uri"
+      - "tcp://192.168.1.23:10600"
+      - "--snd-uri"
+      - "tcp://192.168.1.23:10601"
+      - "--debug"
+```
+
+## Wyoming External Source
+
+**go2rtc.yaml**
+
+```yaml
+streams:
+  wyoming_external:
+    - wyoming://192.168.1.23:10600
+    - wyoming://192.168.1.23:10601?backchannel=1
+```
+
+**docker-compose.yml**
+
+```yaml
+version: "3.8"
+services:
+   microphone:
+      build: wyoming-mic-external  # https://github.com/rhasspy/wyoming-mic-external
+      ports:
+         - "10600:10600"
+      devices:
+         - /dev/snd:/dev/snd
+      group_add:
+         - audio
+      command:
+         - "--device"
+         - "sysdefault"
+         - "--debug"
+   playback:
+      build: wyoming-snd-external  # https://github.com/rhasspy/wyoming-snd-external
+      ports:
+         - "10601:10601"
+      devices:
+         - /dev/snd:/dev/snd
+      group_add:
+         - audio
+      command:
+         - "--device"
+         - "sysdefault"
+         - "--debug"
+```
+
+## Debug
+
+```yaml
+log:
+  wyoming: trace
+```

internal/wyoming/wyoming.go

@@ -0,0 +1,106 @@
+package wyoming
+
+import (
+	"net"
+
+	"github.com/AlexxIT/go2rtc/internal/app"
+	"github.com/AlexxIT/go2rtc/internal/streams"
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	"github.com/AlexxIT/go2rtc/pkg/wyoming"
+	"github.com/rs/zerolog"
+)
+
+func Init() {
+	streams.HandleFunc("wyoming", wyoming.Dial)
+
+	// server
+	var cfg struct {
+		Mod map[string]struct {
+			Listen       string            `yaml:"listen"`
+			Name         string            `yaml:"name"`
+			Mode         string            `yaml:"mode"`
+			Event        map[string]string `yaml:"event"`
+			WakeURI      string            `yaml:"wake_uri"`
+			VADThreshold float32           `yaml:"vad_threshold"`
+		} `yaml:"wyoming"`
+	}
+	app.LoadConfig(&cfg)
+
+	log = app.GetLogger("wyoming")
+
+	for name, cfg := range cfg.Mod {
+		stream := streams.Get(name)
+		if stream == nil {
+			log.Warn().Msgf("[wyoming] missing stream: %s", name)
+			continue
+		}
+
+		if cfg.Name == "" {
+			cfg.Name = name
+		}
+
+		srv := &wyoming.Server{
+			Name:         cfg.Name,
+			Event:        cfg.Event,
+			VADThreshold: int16(1000 * cfg.VADThreshold), // 1.0 => 1000
+			WakeURI:      cfg.WakeURI,
+			MicHandler: func(cons core.Consumer) error {
+				if err := stream.AddConsumer(cons); err != nil {
+					return err
+				}
+				// not best solution
+				if i, ok := cons.(interface{ OnClose(func()) }); ok {
+					i.OnClose(func() {
+						stream.RemoveConsumer(cons)
+					})
+				}
+				return nil
+			},
+			SndHandler: func(prod core.Producer) error {
+				return stream.Play(prod)
+			},
+			Trace: func(format string, v ...any) {
+				log.Trace().Msgf("[wyoming] "+format, v...)
+			},
+			Error: func(format string, v ...any) {
+				log.Error().Msgf("[wyoming] "+format, v...)
+			},
+		}
+		go serve(srv, cfg.Mode, cfg.Listen)
+	}
+}
+
+var log zerolog.Logger
+
+func serve(srv *wyoming.Server, mode, address string) {
+	ln, err := net.Listen("tcp", address)
+	if err != nil {
+		log.Warn().Err(err).Msgf("[wyoming] listen")
+	}
+
+	for {
+		conn, err := ln.Accept()
+		if err != nil {
+			return
+		}
+
+		go handle(srv, mode, conn)
+	}
+}
+
+func handle(srv *wyoming.Server, mode string, conn net.Conn) {
+	addr := conn.RemoteAddr()
+
+	log.Trace().Msgf("[wyoming] %s connected", addr)
+
+	switch mode {
+	case "mic":
+		srv.HandleMic(conn)
+	case "snd":
+		srv.HandleSnd(conn)
+	default:
+		srv.Handle(conn)
+	}
+
+	log.Trace().Msgf("[wyoming] %s disconnected", addr)
+}

internal/xiaomi/README.md

@@ -0,0 +1,50 @@
+# Xiaomi
+
+This source allows you to view cameras from the [Xiaomi Mi Home](https://home.mi.com/) ecosystem.
+
+**Important:**
+
+1. **Not all cameras are supported**. There are several P2P protocol vendors in the Xiaomi ecosystem. 
+Currently, the **CS2** vendor is supported. However, the **TUTK** vendor is not supported.
+2. Each time you connect to the camera, you need internet access to obtain encryption keys.
+3. Connection to the camera is local only.
+
+**Features:**
+
+- Multiple Xiaomi accounts supported
+- Cameras from multiple regions are supported for a single account
+- Two-way audio is supported
+- Cameras with multiple lenses are supported
+
+## Setup
+
+1. Goto go2rtc WebUI > Add > Xiaomi > Login with username and password
+2. Receive verification code by email or phone if required.
+3. Complete the captcha if required.
+4. If everything is OK, your account will be added and you can load cameras from it.
+
+**Example**
+
+```yaml
+xiaomi:
+  1234567890: V1:***
+
+streams:
+  xiaomi1: 	xiaomi://1234567890:cn@192.168.1.123?did=9876543210&model=isa.camera.hlc7
+```
+
+## Configuration
+
+You can change camera's quality: `subtype=hd/sd/auto`
+
+```yaml
+streams:
+  xiaomi1: xiaomi://***&subtype=sd
+```
+
+You can use second channel for Dual cameras: `channel=1`
+
+```yaml
+streams:
+  xiaomi1: xiaomi://***&channel=1
+```

internal/xiaomi/xiaomi.go

@@ -0,0 +1,267 @@
+package xiaomi
+
+import (
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+	"sync"
+
+	"github.com/AlexxIT/go2rtc/internal/api"
+	"github.com/AlexxIT/go2rtc/internal/app"
+	"github.com/AlexxIT/go2rtc/internal/streams"
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	"github.com/AlexxIT/go2rtc/pkg/xiaomi"
+	"github.com/AlexxIT/go2rtc/pkg/xiaomi/miss"
+)
+
+func Init() {
+	var v struct {
+		Cfg map[string]string `yaml:"xiaomi"`
+	}
+	app.LoadConfig(&v)
+
+	tokens = v.Cfg
+
+	log := app.GetLogger("xiaomi")
+
+	streams.HandleFunc("xiaomi", func(rawURL string) (core.Producer, error) {
+		u, err := url.Parse(rawURL)
+		if err != nil {
+			return nil, err
+		}
+
+		if u.User != nil {
+			rawURL, err = getCameraURL(u)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		log.Debug().Msgf("xiaomi: dial %s", rawURL)
+
+		return xiaomi.Dial(rawURL)
+	})
+
+	api.HandleFunc("api/xiaomi", apiXiaomi)
+}
+
+var tokens map[string]string
+var tokensMu sync.Mutex
+
+func getCloud(userID string) (*xiaomi.Cloud, error) {
+	tokensMu.Lock()
+	defer tokensMu.Unlock()
+
+	token := tokens[userID]
+	cloud := xiaomi.NewCloud(AppXiaomiHome)
+	if err := cloud.LoginWithToken(userID, token); err != nil {
+		return nil, err
+	}
+
+	return cloud, nil
+}
+
+func getCameraURL(url *url.URL) (string, error) {
+	clientPublic, clientPrivate, err := miss.GenerateKey()
+	if err != nil {
+		return "", err
+	}
+
+	query := url.Query()
+
+	params := fmt.Sprintf(
+		`{"app_pubkey":"%x","did":"%s","support_vendors":"CS2"}`,
+		clientPublic, query.Get("did"),
+	)
+
+	cloud, err := getCloud(url.User.Username())
+	if err != nil {
+		return "", err
+	}
+
+	region, _ := url.User.Password()
+
+	res, err := cloud.Request(GetBaseURL(region), "/v2/device/miss_get_vendor", params, nil)
+	if err != nil {
+		return "", err
+	}
+
+	var v struct {
+		Vendor struct {
+			VendorID byte `json:"vendor"`
+		} `json:"vendor"`
+		PublicKey string `json:"public_key"`
+		Sign      string `json:"sign"`
+	}
+	if err = json.Unmarshal(res, &v); err != nil {
+		return "", err
+	}
+
+	query.Set("client_public", hex.EncodeToString(clientPublic))
+	query.Set("client_private", hex.EncodeToString(clientPrivate))
+	query.Set("device_public", v.PublicKey)
+	query.Set("sign", v.Sign)
+	query.Set("vendor", getVendorName(v.Vendor.VendorID))
+
+	url.RawQuery = query.Encode()
+	return url.String(), nil
+}
+
+func getVendorName(i byte) string {
+	switch i {
+	case 1:
+		return "tutk"
+	case 3:
+		return "agora"
+	case 4:
+		return "cs2"
+	case 6:
+		return "mtp"
+	}
+	return fmt.Sprintf("%d", i)
+}
+
+func apiXiaomi(w http.ResponseWriter, r *http.Request) {
+	switch r.Method {
+	case "GET":
+		apiDeviceList(w, r)
+	case "POST":
+		apiAuth(w, r)
+	}
+}
+
+func apiDeviceList(w http.ResponseWriter, r *http.Request) {
+	query := r.URL.Query()
+
+	user := query.Get("id")
+	if user == "" {
+		tokensMu.Lock()
+		users := make([]string, 0, len(tokens))
+		for s := range tokens {
+			users = append(users, s)
+		}
+		tokensMu.Unlock()
+
+		api.ResponseJSON(w, users)
+		return
+	}
+
+	err := func() error {
+		cloud, err := getCloud(user)
+		if err != nil {
+			return err
+		}
+
+		region := query.Get("region")
+
+		res, err := cloud.Request(GetBaseURL(region), "/v2/home/device_list_page", "{}", nil)
+		if err != nil {
+			return err
+		}
+		var v struct {
+			List []*Device `json:"list"`
+		}
+
+		if err = json.Unmarshal(res, &v); err != nil {
+			return err
+		}
+
+		var items []*api.Source
+
+		for _, device := range v.List {
+			if !strings.Contains(device.Model, ".camera.") {
+				continue
+			}
+			items = append(items, &api.Source{
+				Name: device.Name,
+				Info: fmt.Sprintf("ip: %s, mac: %s", device.IP, device.MAC),
+				URL:  fmt.Sprintf("xiaomi://%s:%s@%s?did=%s&model=%s", user, region, device.IP, device.Did, device.Model),
+			})
+		}
+
+		api.ResponseSources(w, items)
+		return nil
+	}()
+
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+	}
+}
+
+type Device struct {
+	Did   string `json:"did"`
+	Name  string `json:"name"`
+	Model string `json:"model"`
+	MAC   string `json:"mac"`
+	IP    string `json:"localip"`
+}
+
+var auth *xiaomi.Cloud
+
+func apiAuth(w http.ResponseWriter, r *http.Request) {
+	if err := r.ParseForm(); err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	username := r.Form.Get("username")
+	password := r.Form.Get("password")
+	captcha := r.Form.Get("captcha")
+	verify := r.Form.Get("verify")
+
+	var err error
+
+	switch {
+	case username != "" || password != "":
+		auth = xiaomi.NewCloud(AppXiaomiHome)
+		err = auth.Login(username, password)
+	case captcha != "":
+		err = auth.LoginWithCaptcha(captcha)
+	case verify != "":
+		err = auth.LoginWithVerify(verify)
+	default:
+		http.Error(w, "wrong request", http.StatusBadRequest)
+		return
+	}
+
+	if err == nil {
+		userID, token := auth.UserToken()
+		auth = nil
+
+		tokensMu.Lock()
+		if tokens == nil {
+			tokens = map[string]string{userID: token}
+		} else {
+			tokens[userID] = token
+		}
+		tokensMu.Unlock()
+
+		err = app.PatchConfig([]string{"xiaomi", userID}, token)
+	}
+
+	if err != nil {
+		var login *xiaomi.LoginError
+		if errors.As(err, &login) {
+			w.Header().Set("Content-Type", api.MimeJSON)
+			w.WriteHeader(http.StatusUnauthorized)
+			_ = json.NewEncoder(w).Encode(err)
+			return
+		}
+
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+	}
+}
+
+const AppXiaomiHome = "xiaomiio"
+
+func GetBaseURL(region string) string {
+	switch region {
+	case "de", "i2", "ru", "sg", "us":
+		return "https://" + region + ".api.io.mi.com/app"
+	}
+	return "https://api.io.mi.com/app"
+}

internal/yandex/README.md

@@ -0,0 +1,22 @@
+# Yandex
+
+Source for receiving stream from new [Yandex IP camera](https://alice.yandex.ru/smart-home/security/ipcamera).
+
+## Get Yandex token
+
+1. Install HomeAssistant integration [YandexStation](https://github.com/AlexxIT/YandexStation).
+2. Copy token from HomeAssistant config folder: `/config/.storage/core.config_entries`, key: `"x_token"`.
+
+## Get device ID
+
+1. Open this link in any browser: https://iot.quasar.yandex.ru/m/v3/user/devices
+2. Copy ID of your camera, key: `"id"`.
+
+## Config examples
+
+```yaml
+streams:
+  yandex_stream: yandex:?x_token=XXXX&device_id=XXXX
+  yandex_snapshot: yandex:?x_token=XXXX&device_id=XXXX&snapshot
+  yandex_snapshot_custom_size: yandex:?x_token=XXXX&device_id=XXXX&snapshot=h=540
+```

internal/yandex/goloom.go

@@ -0,0 +1,152 @@
+package yandex
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/AlexxIT/go2rtc/internal/webrtc"
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	xwebrtc "github.com/AlexxIT/go2rtc/pkg/webrtc"
+	"github.com/google/uuid"
+	"github.com/gorilla/websocket"
+	pion "github.com/pion/webrtc/v4"
+)
+
+func goloomClient(serviceURL, serviceName, roomId, participantId, credentials string) (core.Producer, error) {
+	conn, _, err := websocket.DefaultDialer.Dial(serviceURL, nil)
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		time.Sleep(time.Second)
+		_ = conn.Close()
+	}()
+
+	s := fmt.Sprintf(`{"hello": {
+"credentials":"%s","participantId":"%s","roomId":"%s","serviceName":"%s","sdkInitializationId":"%s",
+"capabilitiesOffer":{},"sendAudio":false,"sendSharing":false,"sendVideo":false,
+"sdkInfo":{"hwConcurrency":4,"implementation":"browser","version":"5.4.0"},
+"participantAttributes":{"description":"","name":"mike","role":"SPEAKER"},
+"participantMeta":{"description":"","name":"mike","role":"SPEAKER","sendAudio":false,"sendVideo":false}
+},"uid":"%s"}`,
+		credentials, participantId, roomId, serviceName,
+		uuid.NewString(), uuid.NewString(),
+	)
+
+	err = conn.WriteMessage(websocket.TextMessage, []byte(s))
+	if err != nil {
+		return nil, err
+	}
+
+	if _, _, err = conn.ReadMessage(); err != nil {
+		return nil, err
+	}
+
+	pc, err := webrtc.PeerConnection(true)
+	if err != nil {
+		return nil, err
+	}
+
+	prod := xwebrtc.NewConn(pc)
+	prod.FormatName = "yandex"
+	prod.Mode = core.ModeActiveProducer
+	prod.Protocol = "wss"
+
+	var connState core.Waiter
+
+	prod.Listen(func(msg any) {
+		switch msg := msg.(type) {
+		case pion.PeerConnectionState:
+			switch msg {
+			case pion.PeerConnectionStateConnecting:
+			case pion.PeerConnectionStateConnected:
+				connState.Done(nil)
+			default:
+				connState.Done(errors.New("webrtc: " + msg.String()))
+			}
+		}
+	})
+
+	go func() {
+		for {
+			var msg map[string]json.RawMessage
+			if err = conn.ReadJSON(&msg); err != nil {
+				return
+			}
+
+			for k, v := range msg {
+				switch k {
+				case "uid":
+					continue
+				case "serverHello":
+				case "subscriberSdpOffer":
+					var sdp subscriberSdp
+					if err = json.Unmarshal(v, &sdp); err != nil {
+						return
+					}
+					//log.Trace().Msgf("offer:\n%s", sdp.Sdp)
+					if err = prod.SetOffer(sdp.Sdp); err != nil {
+						return
+					}
+					if sdp.Sdp, err = prod.GetAnswer(); err != nil {
+						return
+					}
+					//log.Trace().Msgf("answer:\n%s", sdp.Sdp)
+
+					var raw []byte
+					if raw, err = json.Marshal(sdp); err != nil {
+						return
+					}
+					s = fmt.Sprintf(`{"uid":"%s","subscriberSdpAnswer":%s}`, uuid.NewString(), raw)
+					if err = conn.WriteMessage(websocket.TextMessage, []byte(s)); err != nil {
+						return
+					}
+				case "webrtcIceCandidate":
+					var candidate webrtcIceCandidate
+					if err = json.Unmarshal(v, &candidate); err != nil {
+						return
+					}
+					if err = prod.AddCandidate(candidate.Candidate); err != nil {
+						return
+					}
+				}
+				//log.Trace().Msgf("%s : %s", k, v)
+			}
+
+			if msg["ack"] != nil {
+				continue
+			}
+
+			s = fmt.Sprintf(`{"uid":%s,"ack":{"status":{"code":"OK"}}}`, msg["uid"])
+			if err = conn.WriteMessage(websocket.TextMessage, []byte(s)); err != nil {
+				return
+			}
+		}
+	}()
+
+	if err = connState.Wait(); err != nil {
+		return nil, err
+	}
+
+	s = fmt.Sprintf(`{"uid":"%s","setSlots":{"slots":[{"width":0,"height":0}],"audioSlotsCount":0,"key":1,"shutdownAllVideo":false,"withSelfView":false,"selfViewVisibility":"ON_LOADING_THEN_HIDE","gridConfig":{}}}`, uuid.NewString())
+	if err = conn.WriteMessage(websocket.TextMessage, []byte(s)); err != nil {
+		return nil, err
+	}
+
+	return prod, nil
+}
+
+type subscriberSdp struct {
+	PcSeq int    `json:"pcSeq"`
+	Sdp   string `json:"sdp"`
+}
+
+type webrtcIceCandidate struct {
+	PcSeq         int    `json:"pcSeq"`
+	Target        string `json:"target"`
+	Candidate     string `json:"candidate"`
+	SdpMid        string `json:"sdpMid"`
+	SdpMlineIndex int    `json:"sdpMlineIndex"`
+}

internal/yandex/yandex.go

@@ -0,0 +1,44 @@
+package yandex
+
+import (
+	"net/url"
+
+	"github.com/AlexxIT/go2rtc/internal/streams"
+	"github.com/AlexxIT/go2rtc/pkg/core"
+	"github.com/AlexxIT/go2rtc/pkg/yandex"
+)
+
+func Init() {
+	streams.HandleFunc("yandex", func(source string) (core.Producer, error) {
+		u, err := url.Parse(source)
+		if err != nil {
+			return nil, err
+		}
+
+		query := u.Query()
+		token := query.Get("x_token")
+
+		session, err := yandex.GetSession(token)
+		if err != nil {
+			return nil, err
+		}
+
+		deviceID := query.Get("device_id")
+
+		if query.Has("snapshot") {
+			rawURL, err := session.GetSnapshotURL(deviceID)
+			if err != nil {
+				return nil, err
+			}
+			rawURL += "/current.jpg?" + query.Get("snapshot") + "#header=Cookie:" + session.GetCookieString(rawURL)
+			return streams.GetProducer(rawURL)
+		}
+
+		room, err := session.WebrtcCreateRoom(deviceID)
+		if err != nil {
+			return nil, err
+		}
+
+		return goloomClient(room.ServiceUrl, room.ServiceName, room.RoomId, room.ParticipantId, room.Credentials)
+	})
+}

main.go

@@ -1,16 +1,22 @@
 package main
 
 import (
+	"slices"
+
+	"github.com/AlexxIT/go2rtc/internal/alsa"
 	"github.com/AlexxIT/go2rtc/internal/api"
 	"github.com/AlexxIT/go2rtc/internal/api/ws"
 	"github.com/AlexxIT/go2rtc/internal/app"
 	"github.com/AlexxIT/go2rtc/internal/bubble"
 	"github.com/AlexxIT/go2rtc/internal/debug"
+	"github.com/AlexxIT/go2rtc/internal/doorbird"
 	"github.com/AlexxIT/go2rtc/internal/dvrip"
 	"github.com/AlexxIT/go2rtc/internal/echo"
+	"github.com/AlexxIT/go2rtc/internal/eseecloud"
 	"github.com/AlexxIT/go2rtc/internal/exec"
 	"github.com/AlexxIT/go2rtc/internal/expr"
 	"github.com/AlexxIT/go2rtc/internal/ffmpeg"
+	"github.com/AlexxIT/go2rtc/internal/flussonic"
 	"github.com/AlexxIT/go2rtc/internal/gopro"
 	"github.com/AlexxIT/go2rtc/internal/hass"
 	"github.com/AlexxIT/go2rtc/internal/hls"
@@ -24,72 +30,89 @@ import (
 	"github.com/AlexxIT/go2rtc/internal/nest"
 	"github.com/AlexxIT/go2rtc/internal/ngrok"
 	"github.com/AlexxIT/go2rtc/internal/onvif"
+	"github.com/AlexxIT/go2rtc/internal/pinggy"
+	"github.com/AlexxIT/go2rtc/internal/ring"
 	"github.com/AlexxIT/go2rtc/internal/roborock"
 	"github.com/AlexxIT/go2rtc/internal/rtmp"
 	"github.com/AlexxIT/go2rtc/internal/rtsp"
 	"github.com/AlexxIT/go2rtc/internal/srtp"
 	"github.com/AlexxIT/go2rtc/internal/streams"
 	"github.com/AlexxIT/go2rtc/internal/tapo"
+	"github.com/AlexxIT/go2rtc/internal/tuya"
+	"github.com/AlexxIT/go2rtc/internal/v4l2"
 	"github.com/AlexxIT/go2rtc/internal/webrtc"
 	"github.com/AlexxIT/go2rtc/internal/webtorrent"
+	"github.com/AlexxIT/go2rtc/internal/wyoming"
+	"github.com/AlexxIT/go2rtc/internal/xiaomi"
+	"github.com/AlexxIT/go2rtc/internal/yandex"
 	"github.com/AlexxIT/go2rtc/pkg/shell"
 )
 
 func main() {
-	app.Version = "1.9.6"
+	app.Version = "1.9.13"
 
-	// 1. Core modules: app, api/ws, streams
+	type module struct {
+		name string
+		init func()
+	}
 
-	app.Init() // init config and logs
+	modules := []module{
+		{"", app.Init},    // init config and logs
+		{"api", api.Init}, // init API before all others
+		{"ws", ws.Init},   // init WS API endpoint
+		{"", streams.Init},
+		// Main sources and servers
+		{"http", http.Init},     // rtsp source, HTTP server
+		{"rtsp", rtsp.Init},     // rtsp source, RTSP server
+		{"webrtc", webrtc.Init}, // webrtc source, WebRTC server
+		// Main API
+		{"mp4", mp4.Init},     // MP4 API
+		{"hls", hls.Init},     // HLS API
+		{"mjpeg", mjpeg.Init}, // MJPEG API
+		// Other sources and servers
+		{"hass", hass.Init},             // hass source, Hass API server
+		{"homekit", homekit.Init},       // homekit source, HomeKit server
+		{"onvif", onvif.Init},           // onvif source, ONVIF API server
+		{"rtmp", rtmp.Init},             // rtmp source, RTMP server
+		{"webtorrent", webtorrent.Init}, // webtorrent source, WebTorrent module
+		{"wyoming", wyoming.Init},
+		// Exec and script sources
+		{"echo", echo.Init},
+		{"exec", exec.Init},
+		{"expr", expr.Init},
+		{"ffmpeg", ffmpeg.Init},
+		// Hardware sources
+		{"alsa", alsa.Init},
+		{"v4l2", v4l2.Init},
+		// Other sources
+		{"bubble", bubble.Init},
+		{"doorbird", doorbird.Init},
+		{"dvrip", dvrip.Init},
+		{"eseecloud", eseecloud.Init},
+		{"flussonic", flussonic.Init},
+		{"gopro", gopro.Init},
+		{"isapi", isapi.Init},
+		{"ivideon", ivideon.Init},
+		{"mpegts", mpegts.Init},
+		{"nest", nest.Init},
+		{"ring", ring.Init},
+		{"roborock", roborock.Init},
+		{"tapo", tapo.Init},
+		{"tuya", tuya.Init},
+		{"xiaomi", xiaomi.Init},
+		{"yandex", yandex.Init},
+		// Helper modules
+		{"debug", debug.Init},
+		{"ngrok", ngrok.Init},
+		{"pinggy", pinggy.Init},
+		{"srtp", srtp.Init},
+	}
 
-	api.Init() // init API before all others
-	ws.Init()  // init WS API endpoint
-
-	streams.Init() // streams module
-
-	// 2. Main sources and servers
-
-	rtsp.Init()   // rtsp source, RTSP server
-	webrtc.Init() // webrtc source, WebRTC server
-
-	// 3. Main API
-
-	mp4.Init()   // MP4 API
-	hls.Init()   // HLS API
-	mjpeg.Init() // MJPEG API
-
-	// 4. Other sources and servers
-
-	hass.Init()       // hass source, Hass API server
-	onvif.Init()      // onvif source, ONVIF API server
-	webtorrent.Init() // webtorrent source, WebTorrent module
-
-	// 5. Other sources
-
-	rtmp.Init()     // rtmp source
-	exec.Init()     // exec source
-	ffmpeg.Init()   // ffmpeg source
-	echo.Init()     // echo source
-	ivideon.Init()  // ivideon source
-	http.Init()     // http/tcp source
-	dvrip.Init()    // dvrip source
-	tapo.Init()     // tapo source
-	isapi.Init()    // isapi source
-	mpegts.Init()   // mpegts passive source
-	roborock.Init() // roborock source
-	homekit.Init()  // homekit source
-	nest.Init()     // nest source
-	bubble.Init()   // bubble source
-	expr.Init()     // expr source
-	gopro.Init()    // gopro source
-
-	// 6. Helper modules
-
-	ngrok.Init() // ngrok module
-	srtp.Init()  // SRTP server
-	debug.Init() // debug API
-
-	// 7. Go
+	for _, m := range modules {
+		if app.Modules == nil || m.name == "" || slices.Contains(app.Modules, m.name) {
+			m.init()
+		}
+	}
 
 	shell.RunUntilSignal()
 }