[release] v3.1.1

the repository https://github.com/kerberos-io/snap-agent is linked to the snap build system and will generate new releases

.github/workflows/docker-dev.yml

@@ -6,6 +6,8 @@ on:
 
 jobs:
   build-amd64:
+    # If contains the keyword "#release" in the commit message.
+    if: ${{ !contains(github.event.head_commit.message, '#release') }}
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -31,6 +33,8 @@ jobs:
     - name: Create new and append to latest manifest
       run: docker buildx imagetools create -t kerberos/agent-dev:latest kerberos/agent-dev:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
   build-other:
+    # If contains the keyword "#release" in the commit message.
+    if: ${{ !contains(github.event.head_commit.message, '#release') }}
     runs-on: ubuntu-latest
     strategy:
       matrix:

.github/workflows/docker-nightly.yml

@@ -7,6 +7,8 @@ on:
 
 jobs:
   build-amd64:
+      # If contains the keyword "[release]" in the commit message.
+      if: "contains(github.event.head_commit.message, '[release]')"
       runs-on: ubuntu-latest
       strategy:
         matrix:
@@ -26,10 +28,12 @@ jobs:
       - name: Available platforms
         run: echo ${{ steps.buildx.outputs.platforms }}
       - name: Run Buildx
-        run: docker buildx build --platform linux/${{matrix.architecture}} -t kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7) --push . 
+        run: cd agent && docker buildx build --platform linux/${{matrix.architecture}} -t kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7) --push . 
       - name: Create new and append to manifest
-        run: docker buildx imagetools create -t kerberos/agent-nightly:$(echo $GITHUB_SHA | cut -c1-7) kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
+        run: cd agent && docker buildx imagetools create -t kerberos/agent-nightly:$(echo $GITHUB_SHA | cut -c1-7) kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
   build-other:
+    # If contains the keyword "[release]" in the commit message.
+    if: "contains(github.event.head_commit.message, '[release]')"
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -49,6 +53,6 @@ jobs:
     - name: Available platforms
       run: echo ${{ steps.buildx.outputs.platforms }}
     - name: Run Buildx
-      run: docker buildx build --platform linux/${{matrix.architecture}} -t kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7) --push . 
+      run: cd agent && docker buildx build --platform linux/${{matrix.architecture}} -t kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7) --push . 
     - name: Create new and append to manifest
-      run: docker buildx imagetools create --append -t kerberos/agent-nightly:$(echo $GITHUB_SHA | cut -c1-7) kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)
+      run: cd agent && docker buildx imagetools create --append -t kerberos/agent-nightly:$(echo $GITHUB_SHA | cut -c1-7) kerberos/agent-nightly:arch-$(echo ${{matrix.architecture}} | tr / -)-$(echo $GITHUB_SHA | cut -c1-7)

.github/workflows/docker.yml

@@ -2,6 +2,7 @@ name: Docker master build
 
 on:
   push:
+    # If pushed to master branch.
     branches: [ master ]
 
 env:
@@ -9,6 +10,8 @@ env:
   
 jobs:
   build-amd64:
+    # If contains the keyword "[release]" in the commit message.
+    if: "contains(github.event.head_commit.message, '[release]')"
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -67,6 +70,8 @@ jobs:
       #- name: Use Snapcraft
       #  run: tar -xf agent-${{matrix.architecture}}.tar && snapcraft 
   build-other:
+    # If contains the keyword "[release]" in the commit message.
+    if: "contains(github.event.head_commit.message, '[release]')"
     runs-on: ubuntu-latest
     permissions:
       contents: write

README.md

@@ -111,7 +111,7 @@ This repository contains everything you'll need to know about our core product,
 - Simplified and modern user interface.
 - Multi architecture (ARMv7, ARMv8, amd64, etc).).
 - Multi stream, for example recording in H265, live streaming and motion detection in H264.
-- Multi camera support: IP Cameras (H264 and H265), USB cameras and Raspberry Pi Cameras [through a RTSP proxy](https://github.com/kerberos-io/camera-to-rtsp
+- Multi camera support: IP Cameras (H264 and H265), USB cameras and Raspberry Pi Cameras [through a RTSP proxy](https://github.com/kerberos-io/camera-to-rtsp).
 - Single camera per instance (e.g. one container per camera).
 - Low resolution streaming through MQTT and high resolution streaming through WebRTC (only supports H264/PCM).
 - Backchannel audio from Kerberos Hub to IP camera (requires PCM ULAW codec)
@@ -226,6 +226,7 @@ Next to attaching the configuration file, it is also possible to override the co
 | `AGENT_TURN_USERNAME`                   | TURN username used for WebRTC.                                                                  | "username1"                    |
 | `AGENT_TURN_PASSWORD`                   | TURN password used for WebRTC.                                                                  | "password1"                    |
 | `AGENT_CLOUD`                           | Store recordings in Kerberos Hub (s3), Kerberos Vault (kstorage) or Dropbox (dropbox).          | "s3"                           |
+| `AGENT_HUB_ENCRYPTION`                  | Turning on/off encryption of traffic from your Kerberos Agent to Kerberos Hub.                  | "true"                         |
 | `AGENT_HUB_URI`                         | The Kerberos Hub API, defaults to our Kerberos Hub SAAS.                                        | "https://api.hub.domain.com"   |
 | `AGENT_HUB_KEY`                         | The access key linked to your account in Kerberos Hub.                                          | ""                             |
 | `AGENT_HUB_PRIVATE_KEY`                 | The secret access key linked to your account in Kerberos Hub.                                   | ""                             |

deployments/binary/README.md

@@ -9,7 +9,7 @@ Kerberos Agents are now also shipped as static binaries. Within the Docker image
 
 You can run the binary as following on port `8080`:
 
-    main run cameraname 8080
+    main -action=run -port=80
 
 ## Systemd
 
@@ -18,7 +18,7 @@ When running on a Linux OS you might consider to auto-start the Kerberos Agent u
     [Unit]
     Wants=network.target
     [Service]
-    ExecStart=/home/pi/agent/main run camera 80
+    ExecStart=/home/pi/agent/main -action=run -port=80
     WorkingDirectory=/home/pi/agent/
     [Install]
     WantedBy=multi-user.target

machinery/data/config/config.json

@@ -107,6 +107,7 @@
 	"turn_username": "username1",
 	"turn_password": "password1",
 	"heartbeaturi": "",
+	"hub_encryption": "true",
 	"hub_uri": "https://api.cloud.kerberos.io",
 	"hub_key": "",
 	"hub_private_key": "",

machinery/docs/docs.go

@@ -279,6 +279,40 @@ const docTemplate = `{
                 }
             }
         },
+        "/api/camera/onvif/verify": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Will verify the ONVIF connectivity.",
+                "tags": [
+                    "onvif"
+                ],
+                "summary": "Will verify the ONVIF connectivity.",
+                "operationId": "verify-onvif",
+                "parameters": [
+                    {
+                        "description": "OnvifCredentials",
+                        "name": "config",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.OnvifCredentials"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/api/camera/onvif/zoom": {
             "post": {
                 "description": "Zooming in or out the camera.",
@@ -590,40 +624,6 @@ const docTemplate = `{
                 }
             }
         },
-        "/api/onvif/verify": {
-            "post": {
-                "security": [
-                    {
-                        "Bearer": []
-                    }
-                ],
-                "description": "Will verify the ONVIF connectivity.",
-                "tags": [
-                    "onvif"
-                ],
-                "summary": "Will verify the ONVIF connectivity.",
-                "operationId": "verify-onvif",
-                "parameters": [
-                    {
-                        "description": "OnvifCredentials",
-                        "name": "config",
-                        "in": "body",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/models.OnvifCredentials"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "OK",
-                        "schema": {
-                            "$ref": "#/definitions/models.APIResponse"
-                        }
-                    }
-                }
-            }
-        },
         "/api/persistence/verify": {
             "post": {
                 "security": [

machinery/docs/swagger.json

@@ -271,6 +271,40 @@
                 }
             }
         },
+        "/api/camera/onvif/verify": {
+            "post": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "description": "Will verify the ONVIF connectivity.",
+                "tags": [
+                    "onvif"
+                ],
+                "summary": "Will verify the ONVIF connectivity.",
+                "operationId": "verify-onvif",
+                "parameters": [
+                    {
+                        "description": "OnvifCredentials",
+                        "name": "config",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.OnvifCredentials"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/models.APIResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/api/camera/onvif/zoom": {
             "post": {
                 "description": "Zooming in or out the camera.",
@@ -582,40 +616,6 @@
                 }
             }
         },
-        "/api/onvif/verify": {
-            "post": {
-                "security": [
-                    {
-                        "Bearer": []
-                    }
-                ],
-                "description": "Will verify the ONVIF connectivity.",
-                "tags": [
-                    "onvif"
-                ],
-                "summary": "Will verify the ONVIF connectivity.",
-                "operationId": "verify-onvif",
-                "parameters": [
-                    {
-                        "description": "OnvifCredentials",
-                        "name": "config",
-                        "in": "body",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/models.OnvifCredentials"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "OK",
-                        "schema": {
-                            "$ref": "#/definitions/models.APIResponse"
-                        }
-                    }
-                }
-            }
-        },
         "/api/persistence/verify": {
             "post": {
                 "security": [

machinery/docs/swagger.yaml

@@ -494,6 +494,27 @@ paths:
       summary: Will return the ONVIF presets for the specific camera.
       tags:
       - onvif
+  /api/camera/onvif/verify:
+    post:
+      description: Will verify the ONVIF connectivity.
+      operationId: verify-onvif
+      parameters:
+      - description: OnvifCredentials
+        in: body
+        name: config
+        required: true
+        schema:
+          $ref: '#/definitions/models.OnvifCredentials'
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/models.APIResponse'
+      security:
+      - Bearer: []
+      summary: Will verify the ONVIF connectivity.
+      tags:
+      - onvif
   /api/camera/onvif/zoom:
     post:
       description: Zooming in or out the camera.
@@ -700,27 +721,6 @@ paths:
       summary: Get Authorization token.
       tags:
       - authentication
-  /api/onvif/verify:
-    post:
-      description: Will verify the ONVIF connectivity.
-      operationId: verify-onvif
-      parameters:
-      - description: OnvifCredentials
-        in: body
-        name: config
-        required: true
-        schema:
-          $ref: '#/definitions/models.OnvifCredentials'
-      responses:
-        "200":
-          description: OK
-          schema:
-            $ref: '#/definitions/models.APIResponse'
-      security:
-      - Bearer: []
-      summary: Will verify the ONVIF connectivity.
-      tags:
-      - onvif
   /api/persistence/verify:
     post:
       description: Will verify the persistence.

machinery/src/capture/Gortsplib.go

@@ -351,7 +351,7 @@ func (g *Golibrtsp) ConnectBackChannel(ctx context.Context) (err error) {
 }
 
 // Start the RTSP client, and start reading packets.
-func (g *Golibrtsp) Start(ctx context.Context, queue *packets.Queue, configuration *models.Configuration, communication *models.Communication) (err error) {
+func (g *Golibrtsp) Start(ctx context.Context, streamType string, queue *packets.Queue, configuration *models.Configuration, communication *models.Communication) (err error) {
 	log.Log.Debug("capture.golibrtsp.Start(): started")
 
 	// called when a MULAW audio RTP packet arrives
@@ -360,7 +360,7 @@ func (g *Golibrtsp) Start(ctx context.Context, queue *packets.Queue, configurati
 			// decode timestamp
 			pts, ok := g.Client.PacketPTS(g.AudioG711Media, rtppkt)
 			if !ok {
-				log.Log.Warning("capture.golibrtsp.Start(): " + "unable to get PTS")
+				log.Log.Debug("capture.golibrtsp.Start(): " + "unable to get PTS")
 				return
 			}
 
@@ -443,7 +443,7 @@ func (g *Golibrtsp) Start(ctx context.Context, queue *packets.Queue, configurati
 				// decode timestamp
 				pts, ok := g.Client.PacketPTS(g.VideoH264Media, rtppkt)
 				if !ok {
-					log.Log.Warning("capture.golibrtsp.Start(): " + "unable to get PTS")
+					log.Log.Debug("capture.golibrtsp.Start(): " + "unable to get PTS")
 					return
 				}
 
@@ -527,10 +527,17 @@ func (g *Golibrtsp) Start(ctx context.Context, queue *packets.Queue, configurati
 				if idrPresent {
 					// Increment packets, so we know the device
 					// is not blocking.
-					r := communication.PackageCounter.Load().(int64)
-					log.Log.Debug("capture.golibrtsp.Start(): packet size " + strconv.Itoa(len(pkt.Data)))
-					communication.PackageCounter.Store((r + 1) % 1000)
-					communication.LastPacketTimer.Store(time.Now().Unix())
+					if streamType == "main" {
+						r := communication.PackageCounter.Load().(int64)
+						log.Log.Debug("capture.golibrtsp.Start(): packet size " + strconv.Itoa(len(pkt.Data)))
+						communication.PackageCounter.Store((r + 1) % 1000)
+						communication.LastPacketTimer.Store(time.Now().Unix())
+					} else if streamType == "sub" {
+						r := communication.PackageCounterSub.Load().(int64)
+						log.Log.Debug("capture.golibrtsp.Start(): packet size " + strconv.Itoa(len(pkt.Data)))
+						communication.PackageCounterSub.Store((r + 1) % 1000)
+						communication.LastPacketTimerSub.Store(time.Now().Unix())
+					}
 				}
 			}
 
@@ -554,7 +561,7 @@ func (g *Golibrtsp) Start(ctx context.Context, queue *packets.Queue, configurati
 				// decode timestamp
 				pts, ok := g.Client.PacketPTS(g.VideoH265Media, rtppkt)
 				if !ok {
-					log.Log.Warning("capture.golibrtsp.Start(): " + "unable to get PTS")
+					log.Log.Debug("capture.golibrtsp.Start(): " + "unable to get PTS")
 					return
 				}
 
@@ -637,10 +644,17 @@ func (g *Golibrtsp) Start(ctx context.Context, queue *packets.Queue, configurati
 				if isRandomAccess {
 					// Increment packets, so we know the device
 					// is not blocking.
-					r := communication.PackageCounter.Load().(int64)
-					log.Log.Debug("capture.golibrtsp.Start(): packet size " + strconv.Itoa(len(pkt.Data)))
-					communication.PackageCounter.Store((r + 1) % 1000)
-					communication.LastPacketTimer.Store(time.Now().Unix())
+					if streamType == "main" {
+						r := communication.PackageCounter.Load().(int64)
+						log.Log.Debug("capture.golibrtsp.Start(): packet size " + strconv.Itoa(len(pkt.Data)))
+						communication.PackageCounter.Store((r + 1) % 1000)
+						communication.LastPacketTimer.Store(time.Now().Unix())
+					} else if streamType == "sub" {
+						r := communication.PackageCounterSub.Load().(int64)
+						log.Log.Debug("capture.golibrtsp.Start(): packet size " + strconv.Itoa(len(pkt.Data)))
+						communication.PackageCounterSub.Store((r + 1) % 1000)
+						communication.LastPacketTimerSub.Store(time.Now().Unix())
+					}
 				}
 			}
 

machinery/src/capture/RTSPClient.go

@@ -44,7 +44,7 @@ type RTSPClient interface {
 	ConnectBackChannel(ctx context.Context) error
 
 	// Start the RTSP client, and start reading packets.
-	Start(ctx context.Context, queue *packets.Queue, configuration *models.Configuration, communication *models.Communication) error
+	Start(ctx context.Context, streamType string, queue *packets.Queue, configuration *models.Configuration, communication *models.Communication) error
 
 	// Start the RTSP client, and start reading packets.
 	StartBackChannel(ctx context.Context) (err error)

machinery/src/capture/main.go

@@ -564,17 +564,23 @@ func VerifyCamera(c *gin.Context) {
 				}
 			}
 
-			if videoIdx > -1 {
-				c.JSON(200, models.APIResponse{
-					Message: "All good, detected a H264 codec.",
-					Data:    streams,
-				})
+			err := rtspClient.Close()
+			if err == nil {
+				if videoIdx > -1 {
+					c.JSON(200, models.APIResponse{
+						Message: "All good, detected a H264 codec.",
+						Data:    streams,
+					})
+				} else {
+					c.JSON(400, models.APIResponse{
+						Message: "Stream doesn't have a H264 codec, we only support H264 so far.",
+					})
+				}
 			} else {
 				c.JSON(400, models.APIResponse{
-					Message: "Stream doesn't have a H264 codec, we only support H264 so far.",
+					Message: "Something went wrong while closing the connection " + err.Error(),
 				})
 			}
-
 		} else {
 			c.JSON(400, models.APIResponse{
 				Message: err.Error(),

machinery/src/cloud/Cloud.go

@@ -290,7 +290,7 @@ loop:
 						onvifPresetsList = []byte("[]")
 					}
 				} else {
-					log.Log.Error("cloud.HandleHeartBeat(): error while getting PTZ configurations: " + err.Error())
+					log.Log.Debug("cloud.HandleHeartBeat(): error while getting PTZ configurations: " + err.Error())
 					onvifPresetsList = []byte("[]")
 				}
 
@@ -320,6 +320,12 @@ loop:
 				} else {
 					log.Log.Debug("cloud.HandleHeartBeat(): no pull point address found.")
 					onvifEventsList = []byte("[]")
+
+					// Try again
+					pullPointAddress, err = onvif.CreatePullPointSubscription(device)
+					if err != nil {
+						log.Log.Debug("cloud.HandleHeartBeat(): error while creating pull point subscription: " + err.Error())
+					}
 				}
 
 			} else {
@@ -444,8 +450,9 @@ loop:
 					}`, config.Key, system.Version, system.CPUId, username, key, name, isEnterprise, system.Hostname, system.Architecture, system.TotalMemory, system.UsedMemory, system.FreeMemory, system.ProcessUsedMemory, macs, ips, "0", "0", "0", uptimeString, boottimeString, config.HubSite, onvifEnabled, onvifZoom, onvifPanTilt, onvifPresets, onvifPresetsList, onvifEventsList, cameraConnected, hasBackChannel)
 
 				// Get the private key to encrypt the data using symmetric encryption: AES.
+				HubEncryption := config.HubEncryption
 				privateKey := config.HubPrivateKey
-				if privateKey != "" {
+				if HubEncryption == "true" && privateKey != "" {
 					// Encrypt the data using AES.
 					encrypted, err := encryption.AesEncrypt([]byte(object), privateKey)
 					if err != nil {
@@ -486,7 +493,9 @@ loop:
 			// If we have a Kerberos Vault connected, we will also send some analytics
 			// to that service.
 			vaultURI = config.KStorage.URI
-			if vaultURI != "" {
+			accessKey := config.KStorage.AccessKey
+			secretAccessKey := config.KStorage.SecretAccessKey
+			if vaultURI != "" && accessKey != "" && secretAccessKey != "" {
 
 				var object = fmt.Sprintf(`{
 					"key" : "%s",

machinery/src/components/Kerberos.go

@@ -36,12 +36,20 @@ func Bootstrap(configDirectory string, configuration *models.Configuration, comm
 	packageCounter.Store(int64(0))
 	communication.PackageCounter = &packageCounter
 
+	var packageCounterSub atomic.Value
+	packageCounterSub.Store(int64(0))
+	communication.PackageCounterSub = &packageCounterSub
+
 	// This is used when the last packet was received (timestamp),
 	// this metric is used to determine if the camera is still online/connected.
 	var lastPacketTimer atomic.Value
 	packageCounter.Store(int64(0))
 	communication.LastPacketTimer = &lastPacketTimer
 
+	var lastPacketTimerSub atomic.Value
+	packageCounterSub.Store(int64(0))
+	communication.LastPacketTimerSub = &lastPacketTimerSub
+
 	// This is used to understand if we have a working Kerberos Hub connection
 	// cloudTimestamp will be updated when successfully sending heartbeats.
 	var cloudTimestamp atomic.Value
@@ -115,14 +123,22 @@ func RunAgent(configDirectory string, configuration *models.Configuration, commu
 	// Establishing the camera connection without backchannel if no substream
 	rtspUrl := config.Capture.IPCamera.RTSP
 	rtspClient := captureDevice.SetMainClient(rtspUrl)
-
-	err := rtspClient.Connect(context.Background())
-	if err != nil {
-		log.Log.Error("components.Kerberos.RunAgent(): error connecting to RTSP stream: " + err.Error())
-		rtspClient.Close()
+	if rtspUrl != "" {
+		err := rtspClient.Connect(context.Background())
+		if err != nil {
+			log.Log.Error("components.Kerberos.RunAgent(): error connecting to RTSP stream: " + err.Error())
+			rtspClient.Close()
+			rtspClient = nil
+			time.Sleep(time.Second * 3)
+			return status
+		}
+	} else {
+		log.Log.Error("components.Kerberos.RunAgent(): no rtsp url found in config, please provide one.")
+		rtspClient = nil
 		time.Sleep(time.Second * 3)
 		return status
 	}
+
 	log.Log.Info("components.Kerberos.RunAgent(): opened RTSP stream: " + rtspUrl)
 
 	// Get the video streams from the RTSP server.
@@ -237,7 +253,10 @@ func RunAgent(configDirectory string, configuration *models.Configuration, commu
 	log.Log.Info("components.Kerberos.RunAgent(): SetMaxGopCount was set with: " + strconv.Itoa(int(config.Capture.PreRecording)+1))
 	queue.SetMaxGopCount(int(config.Capture.PreRecording) + 1) // GOP time frame is set to prerecording (we'll add 2 gops to leave some room).
 	queue.WriteHeader(videoStreams)
-	go rtspClient.Start(context.Background(), queue, configuration, communication)
+	go rtspClient.Start(context.Background(), "main", queue, configuration, communication)
+
+	// Main stream is connected and ready to go.
+	communication.MainStreamConnected = true
 
 	// Try to create backchannel
 	rtspBackChannelClient := captureDevice.SetBackChannelClient(rtspUrl)
@@ -253,7 +272,10 @@ func RunAgent(configDirectory string, configuration *models.Configuration, commu
 		communication.SubQueue = subQueue
 		subQueue.SetMaxGopCount(1) // GOP time frame is set to prerecording (we'll add 2 gops to leave some room).
 		subQueue.WriteHeader(videoSubStreams)
-		go rtspSubClient.Start(context.Background(), subQueue, configuration, communication)
+		go rtspSubClient.Start(context.Background(), "sub", subQueue, configuration, communication)
+
+		// Sub stream is connected and ready to go.
+		communication.SubStreamConnected = true
 	}
 
 	// Handle livestream SD (low resolution over MQTT)
@@ -312,6 +334,8 @@ func RunAgent(configDirectory string, configuration *models.Configuration, commu
 
 	// If we reach this point, we are stopping the stream.
 	communication.CameraConnected = false
+	communication.MainStreamConnected = false
+	communication.SubStreamConnected = false
 
 	// Cancel the main context, this will stop all the other goroutines.
 	(*communication.CancelContext)()
@@ -389,14 +413,19 @@ func RunAgent(configDirectory string, configuration *models.Configuration, commu
 func ControlAgent(communication *models.Communication) {
 	log.Log.Debug("components.Kerberos.ControlAgent(): started")
 	packageCounter := communication.PackageCounter
+	packageSubCounter := communication.PackageCounterSub
 	go func() {
 		// A channel to check the camera activity
 		var previousPacket int64 = 0
+		var previousPacketSub int64 = 0
 		var occurence = 0
+		var occurenceSub = 0
 		for {
 
 			// If camera is connected, we'll check if we are still receiving packets.
 			if communication.CameraConnected {
+
+				// First we'll check the main stream.
 				packetsR := packageCounter.Load().(int64)
 				if packetsR == previousPacket {
 					// If we are already reconfiguring,
@@ -408,16 +437,42 @@ func ControlAgent(communication *models.Communication) {
 					occurence = 0
 				}
 
-				log.Log.Info("components.Kerberos.ControlAgent(): Number of packets read " + strconv.FormatInt(packetsR, 10))
+				log.Log.Info("components.Kerberos.ControlAgent(): Number of packets read from mainstream: " + strconv.FormatInt(packetsR, 10))
 
 				// After 15 seconds without activity this is thrown..
 				if occurence == 3 {
-					log.Log.Info("components.Kerberos.ControlAgent(): Restarting machinery.")
+					log.Log.Info("components.Kerberos.ControlAgent(): Restarting machinery because of blocking mainstream.")
 					communication.HandleBootstrap <- "restart"
 					time.Sleep(2 * time.Second)
 					occurence = 0
 				}
+
+				// Now we'll check the sub stream.
+				packetsSubR := packageSubCounter.Load().(int64)
+				if communication.SubStreamConnected {
+					if packetsSubR == previousPacketSub {
+						// If we are already reconfiguring,
+						// we dont need to check if the stream is blocking.
+						if !communication.IsConfiguring.IsSet() {
+							occurenceSub = occurenceSub + 1
+						}
+					} else {
+						occurenceSub = 0
+					}
+
+					log.Log.Info("components.Kerberos.ControlAgent(): Number of packets read from substream: " + strconv.FormatInt(packetsSubR, 10))
+
+					// After 15 seconds without activity this is thrown..
+					if occurenceSub == 3 {
+						log.Log.Info("components.Kerberos.ControlAgent(): Restarting machinery because of blocking substream.")
+						communication.HandleBootstrap <- "restart"
+						time.Sleep(2 * time.Second)
+						occurenceSub = 0
+					}
+				}
+
 				previousPacket = packageCounter.Load().(int64)
+				previousPacketSub = packageSubCounter.Load().(int64)
 			}
 
 			time.Sleep(5 * time.Second)

machinery/src/config/main.go

@@ -406,6 +406,9 @@ func OverrideWithEnvironmentVariables(configuration *models.Configuration) {
 				break
 
 			/* When connected and storing in Kerberos Hub (SAAS) */
+			case "AGENT_HUB_ENCRYPTION":
+				configuration.Config.HubEncryption = value
+				break
 			case "AGENT_HUB_URI":
 				configuration.Config.HubURI = value
 				break

machinery/src/models/Communication.go

@@ -15,6 +15,8 @@ type Communication struct {
 	CancelContext         *context.CancelFunc
 	PackageCounter        *atomic.Value
 	LastPacketTimer       *atomic.Value
+	PackageCounterSub     *atomic.Value
+	LastPacketTimerSub    *atomic.Value
 	CloudTimestamp        *atomic.Value
 	HandleBootstrap       chan string
 	HandleStream          chan string
@@ -33,5 +35,7 @@ type Communication struct {
 	SubQueue              *packets.Queue
 	Image                 string
 	CameraConnected       bool
+	MainStreamConnected   bool
+	SubStreamConnected    bool
 	HasBackChannel        bool
 }

machinery/src/models/Config.go

@@ -37,6 +37,7 @@ type Config struct {
 	TURNUsername      string       `json:"turn_username" bson:"turn_username"`
 	TURNPassword      string       `json:"turn_password" bson:"turn_password"`
 	HeartbeatURI      string       `json:"heartbeaturi" bson:"heartbeaturi"` /*obsolete*/
+	HubEncryption     string       `json:"hub_encryption" bson:"hub_encryption"`
 	HubURI            string       `json:"hub_uri" bson:"hub_uri"`
 	HubKey            string       `json:"hub_key" bson:"hub_key"`
 	HubPrivateKey     string       `json:"hub_private_key" bson:"hub_private_key"`

machinery/src/onvif/main.go

@@ -312,12 +312,17 @@ func GetPositionFromDevice(configuration models.Configuration) (xsdonvif.PTZVect
 			// Get the PTZ configurations from the device
 			position, err := GetPosition(device, token)
 			if err == nil {
-				// float to string
-				x := strconv.FormatFloat(position.PanTilt.X, 'f', 6, 64)
-				y := strconv.FormatFloat(position.PanTilt.Y, 'f', 6, 64)
-				z := strconv.FormatFloat(position.Zoom.X, 'f', 6, 64)
-				log.Log.Info("onvif.GetPositionFromDevice(): successfully got position (" + x + ", " + y + ", " + z + ")")
-				return position, err
+				if position.PanTilt != nil && position.Zoom != nil {
+					// float to string
+					x := strconv.FormatFloat(position.PanTilt.X, 'f', 6, 64)
+					y := strconv.FormatFloat(position.PanTilt.Y, 'f', 6, 64)
+					z := strconv.FormatFloat(position.Zoom.X, 'f', 6, 64)
+					log.Log.Info("onvif.GetPositionFromDevice(): successfully got position (" + x + ", " + y + ", " + z + ")")
+					return position, err
+				} else {
+					log.Log.Debug("onvif.GetPositionFromDevice(): position is nil")
+					return position, errors.New("position is nil")
+				}
 			} else {
 				log.Log.Debug("onvif.GetPositionFromDevice(): " + err.Error())
 				return position, err
@@ -893,7 +898,7 @@ func GetPTZFunctionsFromDevice(configurations ptz.GetConfigurationsResponse) ([]
 }
 
 // VerifyOnvifConnection godoc
-// @Router /api/onvif/verify [post]
+// @Router /api/camera/onvif/verify [post]
 // @ID verify-onvif
 // @Security Bearer
 // @securityDefinitions.apikey Bearer
@@ -987,7 +992,7 @@ func CreatePullPointSubscription(dev *onvif.Device) (string, error) {
 			stringBody := string(b2)
 			decodedXML, et, err := getXMLNode(stringBody, "CreatePullPointSubscriptionResponse")
 			if err != nil {
-				log.Log.Error("onvif.main.CreatePullPointSubscription(): " + err.Error())
+				log.Log.Debug("onvif.main.CreatePullPointSubscription(): " + err.Error())
 			} else {
 				if err := decodedXML.DecodeElement(&createPullPointSubscriptionResponse, et); err != nil {
 					log.Log.Error("onvif.main.CreatePullPointSubscription(): " + err.Error())

machinery/src/routers/http/Server.go

@@ -41,6 +41,9 @@ import (
 
 func StartServer(configDirectory string, configuration *models.Configuration, communication *models.Communication, captureDevice *capture.Capture) {
 
+	// Set release mode
+	gin.SetMode(gin.ReleaseMode)
+
 	// Initialize REST API
 	r := gin.Default()
 

machinery/src/routers/http/routes.go

@@ -54,11 +54,6 @@ func AddRoutes(r *gin.Engine, authMiddleware *jwt.GinJWTMiddleware, configDirect
 			components.UpdateConfig(c, configDirectory, configuration, communication)
 		})
 
-		// Will verify the current onvif settings.
-		api.POST("/onvif/verify", func(c *gin.Context) {
-			onvif.VerifyOnvifConnection(c)
-		})
-
 		// Will verify the current hub settings.
 		api.POST("/hub/verify", func(c *gin.Context) {
 			cloud.VerifyHub(c)
@@ -94,7 +89,8 @@ func AddRoutes(r *gin.Engine, authMiddleware *jwt.GinJWTMiddleware, configDirect
 		})
 
 		// Onvif specific methods. Doesn't require any authorization.
-
+		// Will verify the current onvif settings.
+		api.POST("/camera/onvif/verify", onvif.VerifyOnvifConnection)
 		api.POST("/camera/onvif/login", LoginToOnvif)
 		api.POST("/camera/onvif/capabilities", GetOnvifCapabilities)
 		api.POST("/camera/onvif/presets", GetOnvifPresets)

snap/hooks/configure

@@ -1,6 +0,0 @@
-#!/bin/sh -e
-
-cp -R $SNAP/data $SNAP_COMMON/
-cp -R $SNAP/www $SNAP_COMMON/
-cp -R $SNAP/version $SNAP_COMMON/
-cp -R $SNAP/mp4fragment $SNAP_COMMON/

snap/snapcraft.yaml

@@ -1,23 +0,0 @@
-name: kerberosio # you probably want to 'snapcraft register <name>'
-base: core22 # the base snap is the execution environment for this snap
-version: '3.0.0' # just for humans, typically '1.2+git' or '1.3.2'
-summary: A stand-alone open source video surveillance system # 79 char long summary
-description: |
-   Kerberos Agent is an isolated and scalable video (surveillance) management
-   agent made available as Open Source under the MIT License. This means that
-   all the source code is available for you or your company, and you can use,
-   transform and distribute the source code; as long you keep a reference of
-   the original license. Kerberos Agent can be used for commercial usage.
-
-grade: stable # stable # must be 'stable' to release into candidate/stable channels
-confinement: strict # use 'strict' once you have the right plugs and slots
-environment:
-  GIN_MODE: release
-apps:
-  agent:
-    command: main -config /var/snap/kerberosio/common
-    plugs: [ network, network-bind ]
-parts:
-  agent:
-    source: . #https://github.com/kerberos-io/agent/releases/download/21c0e01/agent-amd64.tar
-    plugin: dump

ui/src/App.jsx

@@ -100,7 +100,7 @@ class App extends React.Component {
           </div>
         )}
         <div id="page-root">
-          <Sidebar logo={logo} title="Kerberos Agent" version="v1-beta" mobile>
+          <Sidebar logo={logo} title="Kerberos Agent" version="v3.1.1" mobile>
             <Profilebar
               username={username}
               email="support@kerberos.io"