onvif-server
An ONVIF Profile S streaming-core device server library for Rust. Implement the service traits for your camera hardware to expose a device that standard ONVIF clients (Frigate, Home Assistant, ONVIF Device Manager, NVRs) can discover and stream from. See the coverage table below for exactly what is supported.
ONVIF Profile S coverage
| Service | Status |
|---|---|
| Device | Supported |
| Media | Supported |
| PTZ | Supported |
| Imaging | Supported |
| Events | Supported |
"Supported" means the service is routed and covers the Profile S streaming core — not every operation in each ONVIF service. For exactly which operations are implemented, which are backed by your trait, which return static responses, their default behaviour, and which fault, see the Operation Coverage matrix and Capabilities & Limitations.
Features
| Feature | Default | Description |
|---|---|---|
discovery |
no | WS-Discovery multicast listener on 239.255.255.250:3702 via socket2 |
Installation
The discovery feature
To enable WS-Discovery (auto-discovery on the local network):
MSRV
See the MSRV badge above — the minimum supported Rust version is the rust-version
declared in the crate's Cargo.toml.
Quick start
An empty impl DeviceService for MyCamera {} compiles, but a real client faults
immediately — GetDeviceInformation and GetStreamUri have no working default.
This is the smallest device a client can actually use (the
minimal_device example, runnable with
cargo run --example minimal_device):
use async_trait;
use ;
async
DeviceService is the only required service — .build() returns
Err(BuildError::MissingRequiredService) if it is omitted. All other services
(Media, PTZ, Imaging, Events) are optional; unregistered services are simply not
advertised and their routes are not mounted. See the
user guide for a
no-credentials curl smoke test, and the
Operation Coverage matrix
for what each operation does by default.
Implementing service traits
All five traits (DeviceService, MediaService, PTZService, ImagingService,
EventService) provide default implementations for every method. Unoverridden
methods return Err(OnvifError::NotImplemented), which the SOAP layer converts to a
well-formed SOAP fault with the ONVIF ter:ActionNotSupported subcode. Clients see a
standards-compliant fault rather than a connection error.
You can implement services incrementally: start with the methods your ONVIF client actually calls and add more as needed.
WS-Security
Call .auth(username, password) on the builder to enable WS-Security UsernameToken
digest authentication. When enabled, every SOAP request must carry a valid
UsernameToken header; requests without one receive a SOAP authentication fault.
GetSystemDateAndTime is automatically exempt from authentication, as required by
the ONVIF specification (clients must retrieve device time before they can compute a
valid digest).
When .auth() is not called the server runs unauthenticated and all operations
are accessible without credentials.
WS-Discovery
Enable the discovery feature and the server spawns a background UDP listener when
.run() is called:
- Joins IPv4 multicast group
239.255.255.250on port3702. - Parses incoming datagrams; ignores anything that is not a well-formed WS-Discovery
Probemessage. - Responds with a
ProbeMatchesmessage embedding the device XAddr (http://<advertised_host>:<port>/onvif/device_service) and a stable EndpointReference UUID.
Use .discovery_uuid(uuid::Uuid) on the builder to supply a fixed UUID so the
device identity is stable across restarts. When not set, a random UUID-v4 is
generated at build time.
The probe-parsing and probe-response helpers (discovery_is_probe,
discovery_build_probe_match) are always compiled and available without the feature
flag, which makes them usable in tests.
Example: virtual PTZ camera
The virtual_ptz example is a fully functional in-memory PTZ camera implementing all
five service traits. It demonstrates sharing state across multiple service
registrations using Arc<Mutex<_>>.
cargo run --example virtual_ptz
The server starts on port 8080 with credentials admin/admin. Connect any ONVIF
client (ONVIF Device Manager, VLC, Frigate, Home Assistant, python-onvif-zeep) to
http://<host>:8080/onvif/device_service.
Documentation
- API reference: https://docs.rs/onvif-server
- User guide (mdBook): https://navistau.github.io/onvif-server/
Contributing
See CONTRIBUTING.md.
License
The Rust source code in this repository is dual-licensed under either:
- MIT License (LICENSE-MIT), or
- Apache License, Version 2.0 (LICENSE-APACHE)
at your option.
The bundled WSDL and XSD files under wsdl/ are verbatim official ONVIF
specification documents and are not covered by the MIT/Apache-2.0 licenses above.
They are distributed under the ONVIF license; see LICENSE-ONVIF for
the full terms.
Copyright Joshua Hogendorn / NavistAu.