rtsp server not connecting

jap937 · March 30, 2021, 9:39am

hi,

I am attempting to create a rtsp server using gstreamer.
the stream works fine on my jetson-nano with ubuntu(L4T), but when pushing the application on balenaOS, vlc cannot connect.

the ports (rtsp:554, udp:5003) appear to be opened using netstat -tuplen | grep '554\|5003'

is it possible that due to security reasons, some of the ports have been restricted?

iamsolankiamit · March 30, 2021, 9:48am

Hey, I am assuming you are on a multi-container application, in which case you need to enable the ports from your docker container, you can read more on multi-container networking here.

jap937 · March 30, 2021, 9:54am

i am using a single container created without a docker-compose file (so it is privileged)

klutchell · March 30, 2021, 1:48pm

Hey @jap937, we aren’t blocking any of those ports in balenaOS so they should be available for streaming. Do you have a Dockerfile example you can share with us? Have you tried running this same container on L4T Ubuntu or were you running the app directly on the host in your previous test?

klutchell · March 30, 2021, 1:50pm

#status

jap937 · March 30, 2021, 2:47pm

thanks for the answer. It is unfortunate that the issue is not as simple as opening a port.
i run/built the exact same dockerfile on L4T Ubuntu where it works fine.
I also open the stream from a different PC than the server with vlc.

the relevant layers of the dockerfile is:

FROM balenalib/jetson-nano-ubuntu:bionic
# Update to 32.4.4 repository if the base image uses an older one
RUN sed -i 's/r32 main/r32.4 main/g' /etc/apt/sources.list.d/nvidia.list

RUN apt-get update && apt-get install -y wget tar lbzip2 python3 libegl1 && \
    wget https://developer.nvidia.com/embedded/L4T/r32_Release_v4.4/r32_Release_v4.4-GMC3/T210/Tegra210_Linux_R32.4.4_aarch64.tbz2 && \
    tar xf Tegra210_Linux_R32.4.4_aarch64.tbz2 && \
    cd Linux_for_Tegra && \
    sed -i 's/config.tbz2\"/config.tbz2\" --exclude=etc\/hosts --exclude=etc\/hostname/g' apply_binaries.sh && \
    sed -i 's/install --owner=root --group=root \"${QEMU_BIN}\" \"${L4T_ROOTFS_DIR}\/usr\/bin\/\"/#install --owner=root --group=root \"${QEMU_BIN}\" \"${L4T_ROOTFS_DIR}\/usr\/bin\/\"/g' nv_tegra/nv-apply-debs.sh && \
    sed -i 's/chroot . \//  /g' nv_tegra/nv-apply-debs.sh && \
    ./apply_binaries.sh -r / --target-overlay && cd .. \
    rm -rf Tegra210_Linux_R32.4.2_aarch64.tbz2 && \
    rm -rf Linux_for_Tegra && \
    echo "/usr/lib/aarch64-linux-gnu/tegra" > /etc/ld.so.conf.d/nvidia-tegra.conf && ldconfig

RUN echo 'install gstreamer tools' &&\
    apt-get -y install libgstreamer1.0-0 gstreamer1.0-plugins-base \
    gobject-introspection gir1.2-gst-rtsp-server-1.0 \
    gstreamer1.0-plugins-good gstreamer1.0-plugins-bad \
    gstreamer1.0-plugins-ugly gstreamer1.0-libav \
    gstreamer1.0-tools \
    libgstrtspserver-1.0-0 \
    libgstrtspserver-1.0-dev \
    libgstrtspserver-1.0-dev \
    libgstreamer-plugins-base1.0-dev

klutchell · March 30, 2021, 3:02pm

Have you also checked that the ports are listening on the host OS as well as in the container?
I ask because the netstat -tuplen | grep '554\|5003' does not run on the current releases of balenaOS but something like lsof -iTCP -sTCP:LISTEN and lsof -iUDP -P -n | egrep -v '(127|::1)' would list listening ports.

jap937 · March 31, 2021, 7:22am

it appears the ports are opened. the UDP port 5003 is shown when vlc attempts to connect, but vlc always times out.

$ lsof -iTCP -sTCP:LISTEN`
python3 303234 root 64u IPv4 2074196 0t0 TCP *:rtsp (LISTEN)

$ lsof -iUDP -P -n | egrep -v ‘(127|::1)’`
python3 303234 root 152u IPv4 3174290 0t0 UDP *:5003

rahul-thakoor · April 5, 2021, 10:35am

Hey there

Can you confirm what address you are using in vlc to access the stream? are you using the device ip or are you trying to access it via the device public url?

I ask because the stream wouldn’t be available over the public url.

Thanks for confirming

jap937 · April 6, 2021, 11:15am

the address i use is rtsp://192.168.178.xx/test (this will default to port 554)
it is not a public url, but on my local network.

chriswiggins · April 7, 2021, 5:21am

Is the container running with network_mode: host? We had to do this (outside of balena) to get RTP/UDP working properly

jap937 · April 7, 2021, 7:03am

the container appears to be running as host by default

#balena inspect main_3475362_17540

       },
        "NetworkMode": "host",
        "PortBindings": {},
        "RestartPolicy": {
            "Name": "always",
            "MaximumRetryCount": 0
        },

phil-d-wilson · April 9, 2021, 7:22am

Hi Jasper,

Would you mind creating a docker-compose, to test, just so that we can explicitly set everything you need and discount them? So the service should run with host networking, use the port command to map port 554 and also run the service as privileged. If that still doesn’t work, then I think we need to replace your dockerfile with something simpler that produces an RTSP feed, and narrow down whether this is a docker issue, or something not working with your service.

Phil

jakogut · April 15, 2021, 12:23am

Hi Jasper,

Have you had a chance to try the suggestion Phil made above?

jap937 · April 15, 2021, 7:40am

sorry for the delayed response,
I am currently trying to get the compose file to work(getting familiar with them now).
would this be what you suggested?

version: '2'
services:
    myservice:
        build: ./
        volumes:
            - "resin-data:/data"
        privileged: true
        network_mode: host
        ports:
            - 80:80
            - 554:554
            - 5003:5003
volumes:
    resin-data:

jap937 · April 16, 2021, 12:35pm

update: explicitly opening ports did not change the outcome

version: '2.1'
networks: {}
volumes:
  resin-data: {}
services:
  main:
    build:
      context: .
      dockerfile: tmp/Dockerfile
    ports:
      - '80:80'
      - '554:554'
      - '5003:5003'
    privileged: true
    tty: true
    restart: always
    network_mode: host
    volumes:
      - 'resin-data:/data'
    labels:
      io.resin.features.kernel-modules: '1'
      io.resin.features.firmware: '1'
      io.resin.features.dbus: '1'
      io.resin.features.supervisor-api: '1'
      io.resin.features.resin-api: '1'

Hades32 · April 16, 2021, 2:57pm

Hey Jasper,
yes, that should work, although if you’re using network_mode: host you can’t re-map ports. But as you’re mapping them without changing them, this shouldn’t be a problem.
Maybe you’re just missing the last line, but to be valid YAML the resin-data volume should have some definition or just be {}
Let us know if it works

rmorillo24 · April 22, 2021, 8:46am

Hi Jasper,
I was wondering if you had a chance to try that docker-compose file. It’d be nice to know if you got it working finally.

jap937 · April 22, 2021, 11:48am

as i mentioned, there is no change in the outcome. the vlc still times out when connecting to the rtsp server
answer

Hades32 · April 22, 2021, 11:58am

Hello Jasper,
it’s hard to say without knowing the rest of your network setup.
But can you connect to those ports from the host where your VLC is running? E.g. just by doing a curl YOUR_DEVICE_IP:554? As it’s not HTTP there will be an error, but at least there shouldn’t be a timeout.
If there is a timeout, then you have a problem with your network setup, as BalenaOS does not setup any firewall that would block that traffic.
You can try checking your host’s firewall and look into routing setup, but that’s somewhat out side of what we can help with