[mythtv] Proposed change to Network Communications
Peter Bennett
pgbennett at comcast.net
Wed Mar 8 17:08:09 UTC 2017
Thank you everybody for the useful feedback.
There are some concerns about security, and the idea that my system is
open to the world through IPV6 has caused me some concern also. However,
that is not limited to MythTV. I have a default installation of Apache
for testing mythweb, and it is listening on all interfaces. ssh is
listening on all interfaces. Other people across the world have tested
my ipv6 address and they see my apache front page and my ssh login
prompt. This problem needs to be solved outside of MythTV.
I have noticed with Comcast that my global ipv6 address is changing
frequently, daily or every couple of days. The entire address including
the 64-bit prefix is changing. I don't know if this is the new norm, but
it has advantages and disadvantages. One advantage is it makes it
difficult for others to harvest my ipv6 address.
If some hacker can access my MythTV, he can mess with my schedules and
recordings, but it would require a lot of work figuring out the
protocol, and not for much gain. On the other hand he can access my
mythweb on apache with a browser, on the well known port 80 and much
more easily cause havoc there.
I think I should remove the code that prevents binding on an interface
that is not there yet, as suggested by both Roger Siddons and Stephen
Worthington. (i.e. allow IP_FREEBIND).
I do not see any great disadvantage in listening on all addresses, if
you have special interfaces for a network tuner or a VLAN, VPN etc, it
is unlikely you would get connections coming into those interfaces.
My long term thought is that this could be step one of a move towards
getting rid of the necessity of selecting ip addresses. We could
eliminate the ip address selection altogether and just have the "this is
master backend" checkbox. Frontends could find the backend using upnp.
Internally the system could manage the ip addresses it uses to
communicate. If the ip address changes daily, the system maybe could
handle that if it was listening on all addresses. What happens to
connections that are active when your ip address changes?
Peter
More information about the mythtv-dev
mailing list