[mythtv] Proposed change to Network Communications

Peter Bennett pgbennett at comcast.net
Wed Mar 8 17:08:09 UTC 2017 

Thank you everybody for the useful feedback.

There are some concerns about security, and the idea that my system is 
open to the world through IPV6 has caused me some concern also. However, 
that is not limited to MythTV. I have a default installation of Apache 
for testing mythweb, and it is listening on all interfaces. ssh is 
listening on all interfaces. Other people across the world have tested 
my ipv6 address and they see my apache front page and my ssh login 
prompt. This problem needs to be solved outside of MythTV.

I have noticed with Comcast that my global ipv6 address is changing 
frequently, daily or every couple of days. The entire address including 
the 64-bit prefix is changing. I don't know if this is the new norm, but 
it has advantages and disadvantages. One advantage is it makes it 
difficult for others to harvest my ipv6 address.

If some hacker can access my MythTV, he can mess with my schedules and 
recordings, but it would require a lot of work figuring out the 
protocol, and not for much gain. On the other hand he can access my 
mythweb on apache with a browser, on the well known port 80 and much 
more easily cause havoc there.

I think I should remove the code that prevents binding on an interface 
that is not there yet, as suggested by both Roger Siddons and Stephen 
Worthington. (i.e. allow IP_FREEBIND).

I do not see any great disadvantage in listening on all addresses, if 
you have special interfaces for a network tuner or a VLAN, VPN etc, it 
is unlikely you would get connections coming into those interfaces.

My long term thought is that this could be step one of a move towards 
getting rid of the necessity of selecting ip addresses. We could 
eliminate the ip address selection altogether and just have the "this is 
master backend" checkbox. Frontends could find the backend using upnp. 
Internally the system could manage the ip addresses it uses to 
communicate. If the ip address changes daily, the system maybe could 
handle that if it was listening on all addresses. What happens to 
connections that are active when your ip address changes?

Peter

More information about the mythtv-dev mailing list