forked from karlheyes/icecast-kh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathNEWS
2079 lines (1874 loc) · 97.2 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Feature differences from SVN trunk
. FLV wrapping for mp3/aac listeners requesting it with ?type=.flv
. define a fixed number of worker threads (default 1) for processing clients
. allow for wildcards (*[] expansion) in mount-name and ban/allow files
. can limit mountpoint by outgoing bandwidth as well as a max listeners count
. can drop new listeners if server-wide bitrate is above a limit
. server xml reload, and reopen logging available via admin url
. When max-listeners reached, a HTTP 302 code can be sent to redirect
clients to alternative slave hosts.
. authenticated relays, those that match the relay user/pass, bypass the
max-listener/bandwidth check. slaves can use a different auth to listeners
. mount can filter out theora content, useful for defining a local relay
of a theora+vorbis stream to have a vorbis only stream from the same source.
. handlers setting for URL authenticator, for N requests at a time.
any extra tags are shown in the conf/icecast.xml.dist file
2.4.0-kh9
. pre-roll logging options. like access log but report client details of intros played. Can be
per-mount or global. Also allow for IP recording to prevent intro play if reconnected within
N seconds.
. add tag ssl-cafile to refer to a CA bundle other than the default. This way the cert is not
required to include it.
. allow /admin/metadata to accept param intro or preroll to change the intro file used on a source.
. split explicit mounts from list into a tree for quick lookup. speeds up updating with many mount
definitions.
. max-listeners setting in limits for server wide limitations.
. worker balancing updates. avoid a lot of bouncing between workers for sources and allow more
listeners to be attracted to their source worker.
. clean up shutdown procedure for race handling.
. smaller SSL handling cleanup.
. log messaging update.
. mpeg parsing updates. Allows for better detection and reporting, identifies mismatches better,
and detects a few more frame types. The sync structure is also reduced so should help in caching.
. rate averaging update.
. minor tuning for intro drops, fix for 0- range requests and intros.
. delay opening intro file until stream has started up, allows for format matching.
. lessen write lock scope when reading xml.
. failing to bind a socket at startup should be a termination event, although not on a reload.
2.4.0-kh8
. Logging. An issue was reported on log cycling triggers, should be the last now. This time it
seems to stem from a cycle triggered externally where a new log is created for appending before
doing the reopen. This is now fixed.
. Expand the worker limiter when processing lots of clients in one pass. This was leading to
some seeing sources not getting cleaned up as the listeners were not getting serviced. There
is still a cap but is extermely large and can be bypassed on cleanup cases.
. Incoming worker thread added. Normally incoming clients, after passing the initial IP checks
get passed on to worker threads for subsequent pocessing. This can lead to a lot of wakeup
for the usual worker threads to process these especially if they are short (eg playlist) or
involve filtering or kicking off auth. The extreme case being a DoS type of thing, where the
wakeup often causes the worker to do a big list traversal slowing things down as it gets busy.
This new worker thread deals with the initial aspects, http parsing, initial request handling
and is only moved to the normal workers for sources, listeners and some static content.
. Add "headers" and "header_prefix" options onto auth url. To bring into line with the Xiph
build. It is possible that some sites would want to inspect certain headers passed by
clients to authenticate. We do not want to pass all of them as that can be large and for such
situations, particular headers are limited, the prime example of these is cookies. To avoid
POST tag name clashes with existing established tags passed in aurl auth, these headers are
supplied with a prefix, defaulting to "ClientHeader-"
. Stats. A number of global stats are now reported every 10 seconds or the next second if
they have changed. This reduces load on a stats link and can save on logging if you have
that level enabled.
. A small set of code cleanups
2.4.0-kh7
. fix up recent ssl update to build against openssl 1.1
. drop range requests on streams, was breaking iOS 11.
. log typo fix
2.4.0-kh6
. drop client is read channel is closed off, handles proxies better like AWS.
. Logging
better log messaging at startup if change owner used.
fixed race bug generally affecting the per-mount logs, excessive purging.
fix auto log cyclying
. Add listeners= to POST on auth url. current listener count in the stats
. internal improvement to cached entries for addresses
. SSL updates
build fix where no SSL is available
allow for DH/ECDH
allow for reading the cert before dropping privs, but keep certificate if reload is fails.
crash fix if no SSL certificate defined.
small fix for internal openssl threading.
2.4.0-kh5
. use a separate thread for logging, prevents worker stalls in certain setups.
. backward compatibile playlist archive setting fix.
. update IPv6 handling. This is really an internal update but allows for both
IPv4/IPv6 listening sockets to be created from one listen-socket block. This
allows for windows builds to have IPv6 as well.
. autodetect SSL connections on incoming sockets. No need for <ssl> in listen-socket
now but is still there for compatability.
. add <ssl-private-key> in <paths> to allow for combined PEM or for separate SSL
key/certificate files.
. select https/http URL in autogenerated m3u based on incoming request.
. minor update to windows service creation. No functional change
2.4.0-kh4
. handle really short icy intervals from relayed streams.
. updates for header handling, ranges, auth/html5 etc
. invalidate requests on windows ending with dot, could be used for extension trickery
. have clients stats reported once per second instead of after a change.
. use CORK/PUSH setting if available else fall back to nodelay.
. added so-mss setting to listen-socket.
. missing run-on setting for master now fixed, defaults to 30s.
. auth cmd drops LD_PRELOAD, stdin/out/err and handle errors better.
. various internal code cleanups, boundary checks, log messages
. build updates
- autofoo mostly from rubenk
- type cleanups for win64
2.4.0-kh3
. fixes for range handling for certain players like iphone/chrome
. fixes for burst handling with intro playback
. ID3 pushed into the frame parser.
. adjustments to having a wider range of block sizes on non-ogg streams
. adjustments to scheduling of clients.
. added agent to listener remove on url auth
. force SSLv3 off the ciphers.
2.4.0-kh2
. possible global listener count error fixed
. possible crash with FLV and fallback handling fixed
. FLV throttle fixup when dealing with files
. fix up case for requeue on lagging client.
. use throttling thresholds based on bitrate
. scale non-ogg blocks based on bitrate but still enforce a send limit with an
optional <max-send-size> tag. not usually needed
. implementation of HTTP keep-alive, mainly for web type requests.
. add <redirect-to> tag in <mount>, similar to <redirect> but allows for expansion
such as ${mount}. the redirect tag is just an alias of this now.
. intro file sending had no burst calculations.
. allow for auth bypass in certain very limited cases, like small range requests used
by certain clients, or HEAD requests.
. HTTP header cleanups depending on the request, content length etc
. allow for byte accurate drop, this is for range requests for some clients.
. shutdown cleanups, to avoid stalls.
. tidy up xml page error reporting.
. build updates
2.4.0-kh1
. fix for the 'Detected an entity reference loop' message
. header parsing in auth url updated to handle spacing better
. preload default mime types then try to load the mime types file
. fix ssl routines to handle stalls better
. fix issue raised by Klaas Jan, handle blank usernames and encode them to keep the validity of the CLF format.
. cleanup xslt cache/reader processing.
. make PUT the same as SOURCE, handle 100 Continue header
. allow type=.fla as a trigger for FLV wrapping
. user the real/effective/saved user/group calls if available
. prevent worker pipes being passed to exec'd processes, and force FD 0 1 2 to close
. fix header line Content-Disposition
. avoid possible race case in relay removal.
. for ogg feeds, make sure a new block is allocated at the start, else bad parsing could occur.
. use 2.4.x setting for default SSL cipher settings.
. allow for moving a lagging listener to the front of the queue
. send a CORS template for both HEAD and OPTIONS requests, HEAD needs expanding though
. open up the write throttle for unparsed file content
. use original mountpoint in listener disconnection for auth/accesslog selection
. Apply x-forwarded-for to source clients
. treat some failure cases correctly if auth presume innocent setting is in use
. add YP sanity checks for obviously incorrect cases
. various log message cleanups.
. various crash cases fixed.
2.3.3-kh11
. added IP and user agent to POST for mount_add/_remove request
. relay run-on setting added (default 30 seconds). For on-demand relays, this is
how long the relay will continue with no listeners.
. prevent memory leak with short send xsl requests.
. added message for excessively long duration spent going through a worker client list.
. for cached lists like banned IPs, place wildcards separately to fully specified entries,
as the matching broke in such cases. The wildcards list now separate from the tree.
. add the nodelay thing back in, normally if doesn't make a difference but in certain
cases it can affect packet scheduling and cause stalls. Seen on very high bitrates.
. added cipher list tag for compatibility with recent icecast 2.4.x builds
. Add ID3 skipping to file reader. This prevents resync occurring.
. Added CORS headers for html based playback cases.
. pass through unknown metadata on relayed ICY through to the requesting listeners.
. some minor tunings to help large bitrate cases.
. avoid rare case of crash with delayed worker, seen with AIS but substantial delay
could of caused a race on stats with restarting sources.
. A few tweaks for restarting on-demand relays on failure cases.
. A few bad pointer cases fixed, typically restarting relay stats, hard to trigger.
. added UTF8 check on updated stats routines.
. added content-disposition header for xsl sending non-html content.
. minor changes to YP scheduling/logging.
2.3.3-kh10
. xslt update race fix
. Format
mpeg parsing can be bypassed if mpeg4 is detected.
mpeg assumed by default even application/octet for streams only.
EBML streaming working again.
Ogg handler was getting stuck with large pages, typically intro via libcurl.
. Auth
Fix up intro content from auth.
Presume innocent setting was being ignore if the queue was full.
Added referer to auth command
. Relay updates.
uses single structure for all relays, with timestamps. makes better
handling of startup, shutdown and changes to relays.
A redirect response handled better, if user/pass returned.
Queue cleanup on inactive relay, reduce memory use in such cases.
. issue CORS headers, just wildcard for now.
. yp race fixed, make sure yp_currently_playing is not dependent on YP add completing
. stats client bug on initial stats dump fixed
. various internal setting tweaks to trigger events or limit actions.
. various lockup and crash cases fixed.
2.3.3-kh9
. Allow for ${mount} to be specified in dump-file, on-[dis]connect, fallback-mount and
intro. Useful in cases where a wildcard mount block is used but requires these options
. avoid possible corruption case with FLV listeners and a change in samplerate
. move trigger for override later. when first block added not on initialised
. delay purging of file handles as they could be referenced by inactive mounts for slaves
. fix for outgoing bitrate and global listeners stats not updating in some cases.
. tunings and code re-arrangement to prevent busy loops.
. fix for passed through content.
. prevent possible live lock on sources with limit rate set.
. fix for http parameter parsing
. stats send link improved. Not many use this but could be used by slaves later on
. build fixes
2.3.3-kh8
. Auth remove could be triggered twice if no stream content comes in before time out
. Incorrect content type sent for aac files
. The lag check on the queue could trigger a crash, One case was handled now both are.
. Drop SO_REUSEADDR for win32, can break things over reload.
. Make file requests use normal HTTP response, while streams go through the agent checks.
It seems that for asx playlists, wmp didn't handle ICY, but requires it for streams
. Fix up the log size setting when using the 2.3 way or doing it. it was being ignored
. Add ID back into per-listener details as some use 2.3.2 pages, typically centova users
. 64bit type clean up.
2.3.3-kh7
. processing certain mpeg intro file could lead to a listener disconnection.
. prevent the '(n' appearing in metadata for mp3/aac streams.
. Avoid listener remove event if source client passes auth but is rejected due to the
source being in use
. initialise mpeg resync count on first frame found, prevents looping fallback files
with ID3 or other content from dropping listener after so many times.
. fix relays not overriding listeners from a fallback when starting up.
. introduce lazy slave stats update for updating virtual mountpoints, this reduces
the stats generated if you have many mountpoints with frequent starts and stops.
. drop PE substitution in metadata, only do the likes of &
. allow for source queue shrinkage. With the rwlock merging, the queues were left to expand to
queue-size whether listeners were lagging or not, this helps reduce unwanted parts of the queue.
. allow for listener processing to be skipped if it would stall waiting on lock.
. stats link update, like issuiing NEW commands first at connection before EVENT, not
important for most people
. Various log message updates and small scale lock range updates.
2.3.3-kh6
. update response header code for returning 200/206. On streams, do not send 206, but
allow it for file requests.
. migrate some legacy source stats calls to newer API, reduces workload.
. fix some corner cases for queue handling.
. tweaks for response headers for iphone and blackberry
. fix for some cases where listener_remove is not triggered.
. fix for override fallback file through cascade.
. do not use spin locks on BSD for now, use mutexes.
. mpeg parsing for processing files handled better now.
. fix for handling privileged ports over reload.
. fix for SOCK_CLOEXEC on linux where it is not implemented
. allow for multiple args to be supplied to on-[dis]connect scripts.
. various performance tunings all over, along with a few race fixes and memory leaks
2.3.3-kh5
. crash fix with intro files. intro reader requires larger buffer
2.3.3-kh4
. burst size of less than 1400 was not handled correctly with recent rwlock changes
. some memory reduction for FLV listeners.
. Missing xsl could cause a busy loop.
. fixed a crash when listener reached end of the queue. Certain assumptions about buffer
of queue accounting were changed with rwlocks, exposed a crash case.
. on some multi-processor setups, it was possible that certain listeners could trigger
a busy worker due to old (cached?) data, work around applied.
. A listener that started off a new on-demand relay could be only partially initialised
a lead to a crash later on
. report of recent flash update on FF15 when requesting non-FLV content. Expected header
identifying flash is no longer present so now we check for swf in referer.
. Add short write handler for clients requesting short ranges (eg Apple)
. The stats handle for normal file or fallback files were altered in a previous release
which prevented a lookup of listener details via admin requests. now fixed.
. only move inactive relay client to another worker when there is sufficient difference
. honor auth options "allow_duplicate_users" and "drop_existing_listener" settings for
webroot files
. proxy cache avoidance headers more generally used.
. minor memory leak on moving clients over fallback.
. code cleanup
2.3.3-kh3
. crash fix with invalid stats handle with fallback to file
. merge Opus module from trunk
. Force NTPL to prefer writers over readers for rwlocks
. bitrate estimation scales better now.
. where possible, use pread to avoid mutex locks on file reads, win32 needs fixing up
. make xsl lookup cache scale better, force a reload via a separate thread to prevent
worker stalls.
. various tunings for client rescheduling
. small changes to client balancing across workers
. small changes to log messages.
. reference a git hash code is available
2.3.3-kh2
. sent value passed to listener_remove in kh1 could be wrong on 32bit setups
. avoid clearing queue on relay restart, it exposed a crash case with lock changes
. make TCP sockets not pass to on-[dis]connect scripts. useless work avoided
. hijack source fix required with lock changes, to avoid mis-calculated lags drops
. refcount bug missed for sending to master relays. possible memory corruption
. more worker balancing changes, to spread loading more evenly.
. missing delay for blocking file client, has an effect of higher cpu usage
. rare override failure case handled better.
. various minor fixes, including log format, memory leak and stats.
2.3.3-kh1
. Big change with rwlocks replacing mutexes. It's internal but can have a big effect
on load pattern usage. In cases with many listeners on a single mount we can now
spread clients across all workers. A number of balancing changes were done to
assist in localising related clients but may need more tweaking. A side effect
of these changes is that queues are only shrunk when there are no listeners, so
queues can take up more memory than usual but that could of happened before.
. fix bad reference for file-based content like intro/fallback with FLV
. make the minimum duration of an on-demand relay last until it would be classed as
working, any less then it could be skipped or disabled for a short time.
. skip entity decoding if none required. For cases where metadata has & causing
the libxml2 to spit out warnings like "no name".
. If no sockets are opened at the start then exit.
. Win32. standardize on format for date, back to proper timezone numbers
. Log AAC samplerate change in stream.
. Add <inactivity-timeout> in <limits> to stop icecast when there are no sources
. Add <x-forwarded-for> into <paths> for IP substitution from load balancers
. Added referer= to listener_add POST.
. Added sent= to listener_remove POST (bytes)
. sync ebml/webm format parser with 2.3.3, not tried it myself.
. minor tweaks for rescheduling on high bitrate streams, terminating sources, URL
auth handling if disabled and busy relay restarting.
2.3.2-kh33
. Expand file open limit to match <clients> if possible, warn if less.
. Fix possible client leak. legacy code removal.
. updated mpeg parser to be more specific on bits to match for. It should increase
the tolerance for changes in the stream format (CRC, samplerate etc).
. reload forces an update of active streams, was missing from a previous update.
. Realplayer based apps fix for aac+. Assumes certain response header.
. drop requirement for matching each / in mount-name.
. content type needed truncating in rare cases before format could be set up
. prevent too much being read in one go when reading ogg data.
. internal change to swapping of hijacked clients, possible crash fix.
. Add timeout for sync mode handling. Should never trigger really.
. fallback over multiple mounts works again
. a few small log reporting changes.
2.3.2-kh32
. Reduce memory copies with large stream lists from master
. internal FLV buffer management cleaned up, possible crash case avoided.
. return 501 instead of 400 for HEAD requests, helps some players.
. stats updating reduced now that relays always have clients, also reduce locking.
. missing user/pass setting for metadata update from shoutcast style source and url auth
. Experimental. send variable block framing if requested by listener
. Experimental. allow <include>/dir/*.xml</include> in <icecast> for breaking xml up
. Experimental. webm work by David Richards
. Experimental. source client hijacking. replace existing source with another. has to
to allowed via auth url currently to prevent bouncing of clients with auto-reconnect.
. Add duration to all access, error and playlist logs, allows re-opening them after a
number of seconds elapsed, 0 by default. set size trigger to 50Meg default.
. possible busy loop in kh31 in cases where fallback is defined
. fix for win32 error reporting and missing uninstall link in programs list
. added "timeout" (default 5) and "on_error_wait" (default 60) to auth url options.
. sync up headers handled by auth cmd with auth url.
. Added missing stream format checks for certain error cases.
. speedup for icy metadata and avoid length bug on inline urls.
. A number of possible lock fixes and checks are now added for odd cases.
2.3.2-kh31
. Add generic scattered IO routines, listeners wanting FLV wrapping now use this which
saves a lot of memory copying and therefore load.
. build setup for mingw32. This should help with library updates for us, drop GUI build
. relay restarting fixes included for certain error cases. relays are treaated as
failed if they stop within 60 seconds and skip on to next server if specified.
. a better trigger for on-demand relay if fallback has listeners.
. on reload when changeowner used, allow for listening sockets to be reopend but
prevent closing priviledged ports unless missing from xml
. prevent unescape routine from creating non-printable chars
. ignore per-mount username when source is using shoutcast protocol.
. URL auth can now accept a "ice-username: ..." in the response headers for setting the
username. For setups that use query args for auth
. expand args applied to xsl requests, url encoded now.
. modify k and m in bitrates to be on 1000 not 1024
. accesslog modification to parsing, optionally set <type> in <accesslog> to CLF-ESC
to escape-encode strings instead of using "".
. if falling back to file, the bitrate used takes, in order of priority, incoming
bitrate, limit-rate and then [value] in filename eg /fallback-[128]
. fix a large ogg page bug, flac is probably the only one showing this up currently
. fix a couple of rare crash cases with file serving clients.
. prevent intro file sending when override triggered.
. make access log report query args on the request, but truncate the strings if too long.
. minor change to send limiter
. move incoming rate limiter to source client specific code.
. Add server-wide redirect tags.
. use per-source stats handles for updates, reduces lookups and avoids taking a
shared lock.
. minor log message changes.
. fix fallback trigger if source timeout occurs
. fix possible sources count inconsistency with failed relays
. entity expansion in stats conversion routines added
. fixup debug allocation code. not normally used.
2.3.2-kh30
. stats updates.
Split stats lock into global and source stats locks, reduces contention.
Updated internal API for using a stats handle for quick lookup when updating
several stats at once.
Make metadata_updated stat to be sent last in the initial listing, we would want
that to appear after title, useful as a trigger for updates.
make NEW also report the content type after the mountpoint
. re-work metadata insert merge with shoutcast inserts for mp3/aac, do metadata
followed by stream data instead of the other way around, reduces code.
. fix url decode crash bug with %invalid code.
. prevent yp add if required data is missing.
. allow for all args to be supplied to xsl transforms from request not just mount
. xsl transforms are written direct to refbufs, so should avoid a memory copy on
each transform, should help in cases of large data sets.
. Add redirect tag on <mount>
. change default to allow ogg matadata via url (for consistency with trunk).
. have master relays supply auth by default.
. allow for quick responses to be tried and possible close the connection, saves
rescheduling the worker for just closing the socket.
. streamlist.txt was not getting tried if /admin/streams failed. IE kh slave to a
2.3.2 master.
. reduce duration of when the config write lock is held when doing reload.
. a number of tunings for rescheduling clients (source and stats mainly).
. small reworking of client_t creation and accounting.
. missing redirect new listener case not handled.
. source count could get out of sync in certainly failing relay cases.
. a few cases of memory leaks fixed, not commonly used but can accumulate in
certain setups, eg intros via auth or reloading frequently.
. fix win32 snprintf missing nul char bug
. automatically set nofile and corefile size limits to max allowed, for debug
2.3.2-kh29
. prevent crash with very small burst size (eg 0).
. fix possible race with relay restart and headers used in stats update
. fix possible mpeg issues causing a crash or getting stuck in an allocation loop on bad input.
. An FLV listener could trigger a corruption in the metadata for non-FLV listeners. More likely
to occur when starting on-demand relays.
. relays that have only been connected for a few seconds will be treated as if it had failed to
restart and listeners will be droped or moved.
. fix possible server stall if reload requested and auth listeners were pending on auth queue
. Fix a number of cases where listeners kept a relay from restarting because of an incorrect
internal state, a stuck relay.
. revert to reserving a new relay source later in client processing. The relay is still installed
immediately (with client) but the source could clash with another already reserved.
. listener triggers wakeup of inactive on-demand relay, which allows us to reduce the scheduling
of inactive relay clients.
. when relays are updated, only wakeup workers once, not for each relay.
. stats cleanup on disabled or failed relay start
. on-demand relays minimum transfer set to 2Meg
. make rejected_mount and stream_auth work properly again for URL auth
. possible listener cleanup race if auth used at exit. We now keep listener on the worker even
if inactive until complete.
. expanded FLV metadata, double and bool settings, adds audiocodecid, audiosamplerate, stereo and
various entries from stats.
. slave relay could of been redirected, now it is marked as a slave by the master so bypassess
various limit checks.
. If auth server does not respond then disable URL requests for listeners for 60 seconds. Keeps
icecast from clogging up if link to auth server breaks. Some people use auth for non-auth
accounting or listener intro, so extra option added to allow those by default (option
presume_innocent set to yes to allow listener even if auth not active).
. Make auth refcount change based on threads holding it not clients, simplifies the shutdown or
busy startup case.
. move non-ogg metadata update code into one place, and fix-up use of inline URL parsing and
possible short write in rare cases.
. slow down listener thread (therefore reduce new incoming listeners) if relay starts up, more
so if many relays start or auth queues are full.
. increase internal settings, max auth handlers to 100, auth queue to 300 and listen queue to 64
. fix ogg stream dump-file.
. reduce frequency of rebalancing across workers with many streams, reduces lock contention
. use alloca instead of malloc for non-ogg metadata/stream merge, minor speedup
. new listeners (with queryargs or user:pass) redirected because of icecast will
have their supplied auth details added to new location.
. recreate worker pipe if it fails or else we could busy loop.
. add error code to recoverable list for accept, and prevent listener thread slow down in those
cases, seems to affect FreeBSD more than others although it could affect others.
. revert listener stat names for listclients to 2.3.2 case for now
. minor log message cleanups.
2.3.2-kh28
. fix possible short send shoutcast metadata inserts getting corrupted
. fix a few possible flv issues when metadata is missing.
. add filter routine for mpeg parsing, used for file inputs like intro or fallback
. add mpeg ts frame marker to frame alignment code.
. add min-queue-size mount setting, defaults to burst size so backward compatible.
players can request anything up to min-queue-setting with the initial-burst
header or burst= arg
. worker shutdown forces clients to process, should allow for quicker termination
or moving to another worker.
. stats client tidy up, prevent a few more stats going through to slave, report
slave auth failure properly, and initialize settings for inc/dec updates
. introduce SYNC flag to source to keep internal counts consistent when moving or
terminating listeners
. add proxy/cache avoidance headers
. drop start timer from relay as we use the more general client schedule timer
. removed the relay recheck each second as the relays are now installed and started
via the clients on the workers. saves work with many relays.
. possible crash point on relay details change, or xml reload
. offset in file serving was always 0 even if range was requested.
. add in the 7.xsl hack for compatability
. A few internal code and log message cleanups.
2.3.2-kh27
. use the tree locks instead of stats lock, this should lessen contention with many
stats updates, typicaly of setups with many streams.
. rework previous non-ogg metadata short-write fix, was not complete.
. previous non-ogg metadata fix exposed problem if file fallback used.
. remove possible race waking up a worker, could result in crash.
. add <max-stream-duration> to <mount> (in seconds), could even be used to cycle
dump files on a relay.
. leave public setting as-is when on-demand relay stops.
. minor legacy code cleanup
2.3.2-kh26
. fix possible content corruption on shoutcast metadata inserted streams if a short
send occurs during metadata sending.
. do not list non-hidden streams in /admin/stream[list|streams] and make sure auth
applies to /admin/streams.
. allow for the so-sndbuf option per-mount as well as on all connections.
. old style bind-address setting (not listen-socket) was not working
. allow a negative ban-client value to use the internal deny block of IPs to prevent
more than 1 IP connecting at the same time.
. small code changes for main worker thread
2.3.2-kh25
. FLV clients could skip frames on a truncated write, leading to playback problems.
. various client scheduling tunings, allows quicker reschedule when only some data
was written. This seems to affect win32 more than others, especially with burst
. fix shoutcast-inline metadata bug involving a URL
. per listener mpeg checking only verifies 1 frame as queue is already checked
. set non-ogg intial blocksize to 1400 again, now that blocks can be more flexible
in size
. filter out multiple / in requests
. the 2.3 log archive setting wasn't handled correctly.
. certain relay configuration (multiple addresses) could leak a file descriptor
on failure.
. possible NULL pointer crash in metadata update.
. possible sources count not decreased if relay fails.
. fix for possible relay change restart
. worker lock changes, now we only take the lock when adding clients. This reduces
some lock order complexity when moving clients around and means that no locking
is done for most of the time.
. relay changes are tagged and changed by the client functions.
. compile cleanups
2.3.2-kh24
. Allow for per-listener wrapping of existing mp3/aac streams when requested with
a type=.flv as a query arg. The actual trigger could be anything we want but this
allows for using the existing mountpoint, with easy mapping for URL auth and for
matching an extension in the player. Works with intro and fallback handling.
. mpeg parser is more complete, handles more cases, avoiding bad input cases
. fix possible bad pointer in ogg headers case.
. fix for shoutcast-style metadata writes being truncated.
. fixes for non-ogg buffer alignment causing resync or stalled streams.
. prevent a failed stream list request from dropping current relays
. handle relay startup shutdown better for memory usage and listeners
. use Host header if available for buildm3u
2.3.2-kh23
. if an inactive on-demand relay detects listeners on fallback then start relay
but do not move listeners until the connection is complete.
. fix race condition with restarting non-ogg relays and stats being generated
. make auth queue limit 150 before rejection.
. A number of relay related fixes. these typically occur when a relay is either
restarted or was removed (eg disappeared from a master). There is also a
possible case of long held locking that is now gone.
. add <ban-client>N</ban-client> mount option to add client IP to the internal
banned list for N seconds. subsequent attempts that have not timed out extend
the ban period. A stat count of banned entries is produced each second
. reload from admin page was not restarting listen thread if signalfd used.
. increase default queue block size on non-ogg streams to 2900
. mpeg parsing fix for odd cases. This could appear as corrupt or stalled streams
. fix listing of stats and listener details on fallback files
. fix Location header reference from auth url
2.3.2-kh22
. Add mp3/aac sync marker alignment code. This makes the internal buffers contain
whole frames. allows for better transistion when moving listeners.
. The number of logs is not limited to 25 now
. small changes to client scheduling
. removed format url lock, source lock is always taken, so this is not needed
. Add <skip-accesslog> boolean to per-mount settings. Prevents logging listener
client details to access log
. evaluate bandwidth usage when adding to the global bitrate, and change throttle
indicator if max bandwidth specified. listeners have varying degrees of
scheduling limits applied. lagging listeners get delayed first, then all do.
. fix long standing bug which could cause a crash on a bad xsl.
. report line numbers on xml errors.
. small work-around to handle odd handling of ICY response for mpc and expected
the content-type header for shoutcast relay and streamtranscoder.
. kh21a. kh20 introduced a bug which could occur with listeners being moved between
workers.
2.3.2-kh21
. Fix possible stall bug when a source exits and when adding a listener, only
keep the source_tree lock held until a source lock can be acquired.
. tighten up where the certain locks are held/released.
. win32 stat return code fix
. added a few internal checks and some log messages.
. fixes from moo, #1646, status response header first always, #1648, return ICY
response for mpc
. make fh_node use tree for quick lookup
. zero out format structure, remove previous stats for restarting relays
. NULL pointer fix in cases where a relay was being cleared of listeners without
a fallback mount, eg being disabled or removed from slave list or reread XML
2.3.2-kh20
. fix possible lock imbalance bug if mutliple workers set
. make sure listeners are not paused if relay is not running
. fix memory leak on each source disconnection.
. fix double free corruption bug if listener_remove used.
. on server shutdown, prevent auth of new listeners only. other auth requests
can continue which allows client details to clean up properly
. relocate where the source count is increased. For source clients it is just
before where it used to be but for relays it is increased before a relay
connection is attempted. Bug in kh19 meant sources kept increasing on relay
restart
. fix possible stalling bug in auth command method.
. listener_connections stat could have a random data bug
. Do not force a master relay recheck on stream start/stop
. build fix on certain platforms.
. small internal code cleanups.
2.3.2-kh19
. add 7.xsl processing to present stats for a shoutcast /7.html request, requires
alias of /7.html to /7.xsl
. avl tree of listeners is back in, workers process lists of clients but the tree
enables a quick listener lookup from a source.
. the admin arg require handler left a lock held if not specified.
. make sure the allow/deny/useragent files reload properly
. initialisation bug for auth, more likely to affect win32 gui.
. content-type has to be lower case for shoutcast to recognise the mime type.
. per-mount access log. <accesslog> <name>/file.log</name> ....
. update to the source shutdown process. reduces code in relay shutdown, no point
in duplication. allow listeners to be placed in a waiting state if source is
waiting to start up.
. do not dump stream stats on on-demand relay failure.
. allow for reporting xml parser warnings to stderr at startup
. fix possible auth related corruption with disconnected clients on slow auth
. type fixup on lag calculation on 32bit systems.
. if streamlist fails then drop all slave relays.
2.3.2-kh18
. for people who use ICE_MUTEX_ABORT (environment var) to trap for long held
locks, change the name to ICE_LOCK_ABORT
. fix possible memory corruption case in stats and threading
. fix vorbis stream bandwidth increase when certain source clients connect
. avoid any ::ffff: in IPs
. YP thread now started from worker as required instead of once per second
. shutdown order and other internal code cleanups
. use signalfd if available for processing signals in connection thread, saves
waking up the thread.
. make sure the auth mountpoint returned is used instead of the listener
supplied one. Allows for redirecting listeners to alternative mounts
. update command auth, works in a similar way to url auth now.
. stats clients work better under much heavier load. stats notifications
are grouped together if possible before sending, this reduces writes in the
many streams case
2.3.2-kh17
. fix possible memory corruption when using multiple workers
. a few minor timing changes, nothing major.
. fix possible race case in multiple file handle close
. kh16b. fix possible crash case with relay failing
. kh16a. some fserve changes exposed a crash bug with flash clients.
2.3.2-kh16
. you can now fallback to file if the initial mountpont is not available as long
as there is a limit-rate set at some point within the fallback chain.
. A header from url listener add "icecast-auth-user: withintro" indicates that
the response contains intro data to be sent to the this listener. Anything
else indicates the previous behaviour.
. allow source clients to be limited by duration, set by time limit header in
url stream auth
. internal changes to average bitrate calculations. blocks are now removed based
on the timestamp not the block count.
. fix possible race with url auth'd listener getting a 404 response
. try throttle file sending based on duration/bytes sent on file handle and split the
file sending function into two (throttled/unthrottled). reduces memory.
. merge in compile-time allocation counters
. Added some stats for fallback files, and metadata_updated for sources
. minor cleanups for internal API. log message cleanups.
. kh15b. fix possible crash on url listener failing.
. kh15a
- fix memory corruption when clients are referring to the same file.
- log buffering on win32 enabled
2.3.2-kh15
. lock mismatch identified, could cause a stall in the worker.
. relay connection timeout was not being set in all cases
. Don't fallback listeners on relay fail if server shutting down
. minor code cleanups.
2.3.2-kh14
. Allow stats/listclients/killclient work with file references
. Add timeout parameter to relay. number of seconds for connect to complete.
. fixes for restarting of relays, especially where changes are detected and
where fallback to files were set.
. repeat fallback file
. tuneup client scheduling for file sending
. added a few validation checks, useragent chars, xml config port ranges
. log message cleanups.
2.3.2-kh13
. on source exit, listeners do not need to be moved to the file serving engine,
just release any shared data and delete client if not on worker. saves process
work at source exit
. fix possible crash bug with long lock held detection.
. allow listener_add response to include intro content
. merge connection_t into client_t, and shrunk connection_t, reduces memory used
. improve some of the internal client scheduling.
. the reading of the mime types file was done too early
. admin/fallback now updates the mount details if available.
. more source lock cleanups. nothing major
. change the order of the header routines, the format specific routine now calls
the general routine.
2.3.2-kh12
. xml based relays could cause a crash on server exit or xml reload
. avoid memory/fd leak on active relay restart.
. cleaner worker thread shutdown.
. win32 update. Prevent Esc closing the GUI. Make the service work better and
is now able to take an alternative xml as parameter. Update libogg in the
build to 1.1.4 and refer to the current directory for dependent DLLs.
2.3.2-kh11
. busy looping caused by truncation on 32bit setups
. avoid possible deadlock between file release and open
. relay client handles were not being cleaned up fully.
. send Host: header on relay connects.
2.3.2-kh10
. big internal thread change. instead of one thread per stream, we now have a fixed number
of worker threads, each processing a set of clients (sources/relays/listeners etc).
- no source or fserve threads now. auth still has thread(s) as the API for libcurl
is blocking
- worker threads with no clients sleep for long durations.
- defaults to 1 worker thread, overridden by <workers> in <limits>
- listeners get moved to the worker thread running the source, helps caching
- sources get moved to a less busy thread if it would help
- each client has a timestamp to indicate when it wants service. The sleep duration
for the worker is based on the next client to be serviced.
. if fallback to file is specified and the requested mount is not active then a 404
response is returned instead of the file contents.
. fserve engine can handle bandwidth limiting per client. Fallback to file uses this
by using the average incoming bitrate of the source stream as the target limit.
. file serving uses an internal cache of open files, so that 1000 listerners do not
suddenly open 1000 files if a fallback to file occurs.
. move listeners admin request can specify another source or file.
. relay changes
- the client structure is always allocated now, instead of when the relay is started.
- listeners stay on relay if switching to another relay master. Only when they all
have failed does the fallback apply.
. post-kh9 fixes
- fix for possible race with rejected new listeners going through auth
- make mp3-metadata-interval 0 work again
- auth htpasswd checks for details provided like user:pass@host:port/mount and if not
then checks as host:port/mount?user=a&pass=b
2.3.2-kh9
. allow shoutcast source client auth work via stream_auth url
. allow for a flash policy file.
. internal cleanup to help merging into trunk
. fix vorbis metadata update via url, broken in recent releases. cleanup some metadata
updating/logging
. drop vorbis stream rebuilding back to flush evert half second, in sync with trunk
. stop false reports of 'not null' in debug logging. no other effect on server
. limit how often the relay mountpoint "already exists" logs.
. minor tweaking to the average bitrate calculation
. remove the internal global time caching, although prevent several time calls if in
succession.
2.3.2-kh8
. fix memory corruption which affected ogg streams.
. fix for unsupported FBSD/win32 spin locking options. abort on initialisation failure.
. win32 fix from kh7 causing stalling source threads. fallout from kh7 build failure
2.3.2-kh7
. merge fix for bug report on trunk for skeleton
. fix for build failure with recent glibc
. fix for admin.cgi metdata updates not applying (kh5 bug).
. minor locking cleanup
. win32 fixes. server restart could cause relay details to become corrupted
. win32 update. updated libxml2/libxslt
2.3.2-kh6
. some source stats were not being reported on the xsl pages.
. win32 access log timestamps should now to correct.
2.3.2-kh5
. stats fixes, crash case in stats handling, and hidden attribute was not honoured
on xsl pages with recent stats changes.
. if requesting /admin/streams via stats method then allow auth via relay user/pass
or mountpoint auth. receives only stats for slaves
. allow url= tag on metadata update for non-ogg streams, adds StreamUrl.
. fixed possible crash with skeleton stream handling
. actually prevent metadata updates if there is a stream already running from a
different IP.
. fix build bug on FBSD7
. allow optional queue-len tag in listen-socket, default is 10
2.3.2-kh4
. Where's the brown paper bag. boolean settings in the xml were being ignored due
to an incorrect test.
2.3.2-kh3
. fixed master not informing slaves of streams bug. caused by missed setting in
the kh2 stats update
. more xml checks for badly formed xml files.
. log files can now be sections not just a single filename ie <errorlog> can
contain <name> <archive> <display> and <level>, accesslog can contain <name>
<ip> and <archive>, playlistlog can contain <name> <archive> <display>. In each
case, name is a filename, archive is a true/false setting for using timestamps
on a reopened file, display is the number of lines to show in the admin page.
2.3.2-kh2
. more stats work. Clients are now processed as needed instead of a dedicated
thread per stats client.
. don't allow raw metadata updates if not from the same IP address as the source
client unless it is from the admin user. For some reason some source client
issue updates even though they are rejected.
. missing lock on streamlist master/slave update, could cause memory corruption.
. update to average bitrate handling.
. allow strftime expansion on dump filename, applies at the time the stream has
started
. removed debian directory, it's not maintained really so leave it to the debian
people to deal with it themselves.
. experimental theora keyframe as png patch added. not built by default
. minor memory leak plugged in fserve
2.3.2-kh1
. remove stats thread. Stats clients still have their own thread and queue.
. fix low bandwidth theora stream problem.
. failing on-demand relays were not being recovered as they should of.
. encode xml entity data for clients useragent/username
. reduce memory usage in avl nodes, seems to benefit win32 more because of the
unused lock handling
. minor patch for kate detection applied. ogg.k.ogg.k
. minor type cleanup for off_t in fserve
2.3-kh34
. Added Kate/Skeleton codec handling within Ogg streams. patch by ogg.k.ogg.k
. small changes for stream directory handling, mostly for error cases.
. added /admin/reset?mount=/mountpoint&setting=x to reset stats for that mountpoint.
without setting= all resetable stats are reset. x can specify peak,read or send
or a combination of them (comma deliminated)
. /admin/streamlist.txt uses the same routine as /admin/streams so does not have
a limit on how much is sent back.
. updated win32 code, windows service should be ok again. service name now
includes version to help multiple installs but windows may require a reboot
between removing a service and installing that same service again.
. fix possible crash on reload of xml with bad tags
. small update of web pages
. added per-mount stat for total mbytes sent
2.3-kh33
. master/slave update.
slave mode only issues a streamlist.txt request if the /admin/streams request
fails. /admin/streams also acts as an mountpoint for the slave relays by
passing a mount= arg and auth.
You can now define a <mount> for /admin/streams to define how slave
authentication is done eg url (listener_add) or htpasswd.
Once authenticated, the slave can bypass any limits like max listeners etc.
The slave also allows for defining a <master> tag block instead of <master-*>
tags allowed are <username> <password> <server> <port> <redirect> <bind>
auth url can take an "icecast-slave: 1" header, which makes client act as a
slave and bypass mount limits.
. build fixups for OpenBSD and cases where IPV6_V6ONLY is missing
. move 'clients' limit check to after admin request check, means admin commands
can work even if the limit is reached. removes a lock taken as well.
. drop connections to known slave relays if we find that the destination source
is a fallback to file, as this would cause high bandwidth usage.
. stats fix for inactive on-demand relay stats without a mount definition.
. added some minor consistency checks.
2.3-kh32
. crash fix for a failing on-demand relay.
. incorrect logfile settings for timestamp setting, for playlist and access.log
. update for win32 build and initialization.
2.3-kh31
. hard to trigger but possible race condition on source startup.
. long standing bug identified with many descriptors (eg > 1024 listeners)
. allow YP thread to skip a non-responsive server.
2.3-kh30
. crash fix if no user/pass supplied when stream_auth in use.
. the admin=1 was not passed in POST for stream_auth on metadata updates
2.3-kh29
. some small code re-organisation in kh28 caused auth htpasswd to fail new
listeners
. work around FBSD issue with listening on IPv4/IPv6 sockets
2.3-kh28
. race fix in yp thread startup.
. manageauth userlist page was blank due to a NULL check, fixed.
. add rejected_mount auth option to redirect unathenticated listeners to an
alternative mountpoint. eg subscription stream redirected to low bitrate
. Allow for url auth to handle 'Mountpoint: ' header for redirecting listeners
if they are to be rejected to an alternative mountpoint on the same server.
This is as opposed to the Location: header which gets a player to redirect,
maybe to an alternative server.
2.3-kh27
. fix potential fserve thread race
. merge listener inline shoutcast metadata into previous block write. It is
very common and saves writing a very short packet per listener at metadata.
. reduce log memory usage when caching lines for web display
. reduce memory usage slightly on 64bit systems, in refbuf/avl storage
. be more 32/64bit clean
. fix possible corruption if reducing qblock size over reload
. get stats thread to update global outgoing_kbitrate stat, no point flooding
the stats queue.
2.3-kh26
. internal code cleanups
. fixed accidental bug which caused problems for non-ogg streams without a
mount defined
. if listener_remove used then remove queue reference before auth performed as
queue will expand. race case between auth and source thread on refcounting.
. Add error reporting with above case, makes identification easier.
2.3-kh25
. kh24 had a lockup bug on reload if auth url used.
. Don't pass listeners to the authentication queue if no auth handler defined
. auth listener_remove was not triggering if listener_add was not specified.
. make sure avl tree for mime types is cleared.
. remove pthread_exit in fserve, older glibc had a memory leak
. fix memory leak/corruption in YP handler, also make YP thread startup instead
of polling frequently.
. redo server connection lookup. Now we refcount the server connection details
from the xml, make the client refer to it. reduces locking as well
. always call the xml reload from the slave thread.
. fix memory leak over reload, when using multiple master within relay
. incorrect output appended to streamlist output for relays.
. race between stream shutdown and listener_remove could cause memory corruption
with queue buffers. Make source clear less strict.
. cleanup any fserve clients after other threads are down, removes lock race
. reduce burst limiter for listeners on sources.
. if available, log file descriptor limit allowed by kernel.
2.3-kh24
. make auth threads start/stop dynamically. reduces latency for auth'd listeners.
The handlers setting is still the maximum number of threads for that auth
. ip allow/deny list wasn't working right due to fnmatch return value.
. fix memory leak which occured on reload events.
. fix possible corruption when connection thread restarts from reload
. add <deny-agents> tag in <paths>. Drops listeners with useragents matching the
pattern in the specified file.
. internal code cleanups
2.3-kh23
. file serve thread is dynamically started/stopped, latency seems much better when
compared to a sleep/polling loop
. sometimes the empty virtual mountpoint stats were being provided instead of the
real source stats. This should finish off some of the work done earlier on stats
. Don't be case sensitive on range header in fserve parsing.
. a typo in the POST for listener_remove got by, ip and duration were not correct.
. small code cleanups from merges with trunk
. minor fix for global listeners count
. listener remove wasn't being triggered for listeners on sources.
2.3-kh22
. Implement a global outgoing_kbitrate stat, sum of all listeners on all sources.
. Small updates on the average bitrate handling
. implement a server-wide bandwidth limiter check for new listeners. If <max-bandwidth>
in <limits> is defined then new listeners can be rejected/redirected.
. drop non-gcc compiler flags from configure.in, drop _XOPEN_SOURCE as well
. send Cache control header, just in case proxies are involved
. another flash (on IE as well) hack posted on forum.
2.3-kh21
. IP ban/allow files can now use wildcard expansion to matching addresses
. allow mount= param on webroot xsl pages
. check for missing type in mount authentcation
. fix corruption if listen socket failed.
. if using a change owner setup, do the listener socket setup early (for root privs)