3 * Routines for RTP dissection
4 * RTP = Real time Transport Protocol
6 * Copyright 2000, Philips Electronics N.V.
7 * Written by Andreas Sikkema <andreas.sikkema@philips.com>
9 * $Id: packet-rtp.c,v 1.36 2002/08/28 21:00:30 jmayer Exp $
11 * Ethereal - Network traffic analyzer
12 * By Gerald Combs <gerald@ethereal.com>
13 * Copyright 1998 Gerald Combs
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 * This dissector tries to dissect the RTP protocol according to Annex A
32 * of ITU-T Recommendation H.225.0 (02/98) or RFC 1889
34 * RTP traffic is handled by an even UDP portnumber. This can be any
35 * port number, but there is a registered port available, port 5004
36 * See Annex B of ITU-T Recommendation H.225.0, section B.7
38 * This doesn't dissect older versions of RTP, such as:
40 * the vat protocol ("version 0") - see
42 * ftp://ftp.ee.lbl.gov/conferencing/vat/alpha-test/vatsrc-4.0b2.tar.gz
44 * and look in "session-vat.cc" if you want to write a dissector
45 * (have fun - there aren't any nice header files showing the packet
48 * version 1, as documented in
50 * ftp://gaia.cs.umass.edu/pub/hgschulz/rtp/draft-ietf-avt-rtp-04.txt
59 #include <epan/packet.h>
64 #include "packet-rtp.h"
65 #include <epan/conversation.h>
67 /* RTP header fields */
68 static int proto_rtp = -1;
69 static int hf_rtp_version = -1;
70 static int hf_rtp_padding = -1;
71 static int hf_rtp_extension = -1;
72 static int hf_rtp_csrc_count = -1;
73 static int hf_rtp_marker = -1;
74 static int hf_rtp_payload_type = -1;
75 static int hf_rtp_seq_nr = -1;
76 static int hf_rtp_timestamp = -1;
77 static int hf_rtp_ssrc = -1;
78 static int hf_rtp_csrc_item = -1;
79 static int hf_rtp_data = -1;
80 static int hf_rtp_padding_data = -1;
81 static int hf_rtp_padding_count= -1;
83 /* RTP header extension fields */
84 static int hf_rtp_prof_define = -1;
85 static int hf_rtp_length = -1;
86 static int hf_rtp_hdr_ext = -1;
88 /* RTP fields defining a sub tree */
89 static gint ett_rtp = -1;
90 static gint ett_csrc_list = -1;
91 static gint ett_hdr_ext = -1;
93 static dissector_handle_t h261_handle;
94 static dissector_handle_t mpeg1_handle;
95 static dissector_handle_t data_handle;
97 static gboolean dissect_rtp_heur( tvbuff_t *tvb, packet_info *pinfo,
99 static void dissect_rtp( tvbuff_t *tvb, packet_info *pinfo,
103 * Fields in the first octet of the RTP header.
106 /* Version is the first 2 bits of the first octet*/
107 #define RTP_VERSION(octet) ((octet) >> 6)
109 /* Padding is the third bit; No need to shift, because true is any value
111 #define RTP_PADDING(octet) ((octet) & 0x20)
113 /* Extension bit is the fourth bit */
114 #define RTP_EXTENSION(octet) ((octet) & 0x10)
116 /* CSRC count is the last four bits */
117 #define RTP_CSRC_COUNT(octet) ((octet) & 0xF)
119 static const value_string rtp_version_vals[] =
121 { 0, "Old VAT Version" },
122 { 1, "First Draft Version" },
123 { 2, "RFC 1889 Version" },
128 * Fields in the second octet of the RTP header.
131 /* Marker is the first bit of the second octet */
132 #define RTP_MARKER(octet) ((octet) & 0x80)
134 /* Payload type is the last 7 bits */
135 #define RTP_PAYLOAD_TYPE(octet) ((octet) & 0x7F)
139 * Table B.2 / H.225.0
147 #define PT_DVI4_8000 5
148 #define PT_DVI4_16000 6
152 #define PT_L16_STEREO 10
153 #define PT_L16_MONO 11
165 static const value_string rtp_payload_type_vals[] =
167 { PT_PCMU, "ITU-T G.711 PCMU" },
168 { PT_1016, "USA Federal Standard FS-1016" },
169 { PT_G721, "ITU-T G.721" },
170 { PT_GSM, "GSM 06.10" },
171 { PT_G723, "ITU-T G.723" },
172 { PT_DVI4_8000, "DVI4 8000 samples/s" },
173 { PT_DVI4_16000, "DVI4 16000 samples/s" },
175 { PT_PCMA, "ITU-T G.711 PCMA" },
176 { PT_G722, "ITU-T G.722" },
177 { PT_L16_STEREO, "16-bit uncompressed audio, stereo" },
178 { PT_L16_MONO, "16-bit uncompressed audio, monaural" },
179 { PT_MPA, "MPEG-I/II Audeo"},
180 { PT_G728, "ITU-T G.728" },
181 { PT_G729, "ITU-T G.729" },
182 { PT_CELB, "Sun CELL-B" },
184 { PT_NV, "'nv' program" },
185 { PT_H261, "ITU-T H.261" },
186 { PT_MPV, "MPEG-I/II Video"},
187 { PT_MP2T, "MPEG-II transport streams"},
188 { PT_H263, "ITU-T H.263" },
192 static address fake_addr;
193 static int heur_init = FALSE;
195 void rtp_add_address( packet_info *pinfo, const unsigned char* ip_addr,
199 conversation_t* pconv;
202 * If this isn't the first time this packet has been processed,
203 * we've already done this work, so we don't need to do it
206 if (pinfo->fd->flags.visited)
209 src_addr.type = AT_IPv4;
211 src_addr.data = ip_addr;
214 * The first time the function is called let the tcp dissector
215 * know that we're interested in traffic
218 heur_dissector_add( "udp", dissect_rtp_heur, proto_rtp );
223 * Check if the ip address an dport combination is not
226 pconv = find_conversation( &src_addr, &fake_addr, PT_UDP, prt, 0, 0 );
230 * XXX - use wildcard address and port B?
233 pconv = conversation_new( &src_addr, &fake_addr, PT_UDP,
234 (guint32) prt, (guint32) 0, 0 );
235 conversation_add_proto_data(pconv, proto_rtp, NULL);
241 static void rtp_init( void )
243 unsigned char* tmp_data;
246 /* Create a fake adddress... */
247 fake_addr.type = AT_IPv4;
250 tmp_data = malloc( fake_addr.len );
251 for ( i = 0; i < fake_addr.len; i++) {
254 fake_addr.data = tmp_data;
259 dissect_rtp_heur( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree )
261 conversation_t* pconv;
263 /* This is a heuristic dissector, which means we get all the TCP
264 * traffic not sent to a known dissector and not claimed by
265 * a heuristic dissector called before us!
266 * So we first check if the frame is really meant for us.
268 if ( ( pconv = find_conversation( &pinfo->src, &fake_addr, pinfo->ptype,
269 pinfo->srcport, 0, 0 ) ) == NULL ) {
271 * The source ip:port combination was not what we were
272 * looking for, check the destination
274 if ( ( pconv = find_conversation( &pinfo->dst, &fake_addr,
275 pinfo->ptype, pinfo->destport, 0, 0 ) ) == NULL ) {
281 * An RTP conversation always has a data item for RTP.
282 * (Its existence is sufficient to indicate that this is an RTP
285 if (conversation_get_proto_data(pconv, proto_rtp) == NULL)
288 dissect_rtp( tvb, pinfo, tree );
294 dissect_rtp_data( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
295 proto_tree *rtp_tree, int offset, unsigned int data_len,
296 unsigned int data_reported_len, unsigned int payload_type )
300 switch( payload_type ) {
302 newtvb = tvb_new_subset( tvb, offset, data_len,
304 call_dissector(h261_handle, newtvb, pinfo, tree);
308 newtvb = tvb_new_subset( tvb, offset, data_len,
310 call_dissector(mpeg1_handle, newtvb, pinfo, tree);
314 proto_tree_add_item( rtp_tree, hf_rtp_data, tvb, offset, data_len, FALSE );
320 dissect_rtp( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree )
322 proto_item *ti = NULL;
323 proto_tree *rtp_tree = NULL;
324 proto_tree *rtp_csrc_tree = NULL;
326 unsigned int version;
327 gboolean padding_set;
328 gboolean extension_set;
329 unsigned int csrc_count;
331 unsigned int payload_type;
333 unsigned int hdr_extension= 0;
334 unsigned int padding_count;
336 unsigned int offset = 0;
342 /* Get the fields in the first octet */
343 octet = tvb_get_guint8( tvb, offset );
344 version = RTP_VERSION( octet );
348 * Unknown or unsupported version.
350 if ( check_col( pinfo->cinfo, COL_PROTOCOL ) ) {
351 col_set_str( pinfo->cinfo, COL_PROTOCOL, "RTP" );
354 if ( check_col( pinfo->cinfo, COL_INFO) ) {
355 col_add_fstr( pinfo->cinfo, COL_INFO,
356 "Unknown RTP version %u", version);
360 ti = proto_tree_add_item( tree, proto_rtp, tvb, offset, -1, FALSE );
361 rtp_tree = proto_item_add_subtree( ti, ett_rtp );
363 proto_tree_add_uint( rtp_tree, hf_rtp_version, tvb,
364 offset, 1, version );
369 padding_set = RTP_PADDING( octet );
370 extension_set = RTP_EXTENSION( octet );
371 csrc_count = RTP_CSRC_COUNT( octet );
373 /* Get the fields in the second octet */
374 octet = tvb_get_guint8( tvb, offset + 1 );
375 marker_set = RTP_MARKER( octet );
376 payload_type = RTP_PAYLOAD_TYPE( octet );
378 /* Get the subsequent fields */
379 seq_num = tvb_get_ntohs( tvb, offset + 2 );
380 timestamp = tvb_get_ntohl( tvb, offset + 4 );
381 sync_src = tvb_get_ntohl( tvb, offset + 8 );
383 if ( check_col( pinfo->cinfo, COL_PROTOCOL ) ) {
384 col_set_str( pinfo->cinfo, COL_PROTOCOL, "RTP" );
387 if ( check_col( pinfo->cinfo, COL_INFO) ) {
388 col_add_fstr( pinfo->cinfo, COL_INFO,
389 "Payload type=%s, SSRC=%u, Seq=%u, Time=%u%s",
390 val_to_str( payload_type, rtp_payload_type_vals,
395 marker_set ? ", Mark" : "");
399 ti = proto_tree_add_item( tree, proto_rtp, tvb, offset, -1, FALSE );
400 rtp_tree = proto_item_add_subtree( ti, ett_rtp );
402 proto_tree_add_uint( rtp_tree, hf_rtp_version, tvb,
403 offset, 1, version );
404 proto_tree_add_boolean( rtp_tree, hf_rtp_padding, tvb,
405 offset, 1, padding_set );
406 proto_tree_add_boolean( rtp_tree, hf_rtp_extension, tvb,
407 offset, 1, extension_set );
408 proto_tree_add_uint( rtp_tree, hf_rtp_csrc_count, tvb,
409 offset, 1, csrc_count );
412 proto_tree_add_boolean( rtp_tree, hf_rtp_marker, tvb, offset,
414 proto_tree_add_uint( rtp_tree, hf_rtp_payload_type, tvb,
415 offset, 1, payload_type );
418 /* Sequence number 16 bits (2 octets) */
419 proto_tree_add_uint( rtp_tree, hf_rtp_seq_nr, tvb, offset, 2, seq_num );
422 /* Timestamp 32 bits (4 octets) */
423 proto_tree_add_uint( rtp_tree, hf_rtp_timestamp, tvb, offset, 4, timestamp );
426 /* Synchronization source identifier 32 bits (4 octets) */
427 proto_tree_add_uint( rtp_tree, hf_rtp_ssrc, tvb, offset, 4, sync_src );
431 if ( csrc_count > 0 ) {
432 ti = proto_tree_add_text(rtp_tree, tvb, offset, csrc_count * 4, "Contributing Source identifiers");
433 rtp_csrc_tree = proto_item_add_subtree( ti, ett_csrc_list );
434 for (i = 0; i < csrc_count; i++ ) {
435 csrc_item = tvb_get_ntohl( tvb, offset );
436 proto_tree_add_uint_format( rtp_csrc_tree,
437 hf_rtp_csrc_item, tvb, offset, 4,
445 /* Optional RTP header extension */
446 if ( extension_set ) {
447 /* Defined by profile field is 16 bits (2 octets) */
448 proto_tree_add_uint( rtp_tree, hf_rtp_prof_define, tvb, offset, 2, tvb_get_ntohs( tvb, offset ) );
451 hdr_extension = tvb_get_ntohs( tvb, offset );
452 proto_tree_add_uint( rtp_tree, hf_rtp_length, tvb,
453 offset, 2, hdr_extension);
455 if ( hdr_extension > 0 ) {
456 ti = proto_tree_add_text(rtp_tree, tvb, offset, csrc_count * 4, "Header extensions");
457 /* I'm re-using the old tree variable here
458 from the CSRC list!*/
459 rtp_csrc_tree = proto_item_add_subtree( ti,
461 for (i = 0; i < hdr_extension; i++ ) {
462 proto_tree_add_uint( rtp_csrc_tree, hf_rtp_hdr_ext, tvb, offset, 4, tvb_get_ntohl( tvb, offset ) );
470 * This RTP frame has padding - find it.
472 * The padding count is found in the LAST octet of
473 * the packet; it contains the number of octets
474 * that can be ignored at the end of the packet.
476 if (tvb_length(tvb) < tvb_reported_length(tvb)) {
478 * We don't *have* the last octet of the
479 * packet, so we can't get the padding
482 * Put an indication of that into the
483 * tree, and just put in a raw data
486 proto_tree_add_text(rtp_tree, tvb, 0, 0,
487 "Frame has padding, but not all the frame data was captured");
488 call_dissector(data_handle,
489 tvb_new_subset(tvb, offset, -1, -1),
494 padding_count = tvb_get_guint8( tvb,
495 tvb_reported_length( tvb ) - 1 );
497 tvb_reported_length_remaining( tvb, offset ) - padding_count;
500 * There's data left over when you take out
501 * the padding; dissect it.
503 dissect_rtp_data( tvb, pinfo, tree, rtp_tree,
509 } else if (data_len < 0) {
511 * The padding count is bigger than the
512 * amount of RTP payload in the packet!
513 * Clip the padding count.
515 * XXX - put an item in the tree to indicate
516 * that the padding count is bogus?
519 tvb_reported_length_remaining(tvb, offset);
521 if (padding_count > 1) {
523 * There's more than one byte of padding;
524 * show all but the last byte as padding
527 proto_tree_add_item( rtp_tree, hf_rtp_padding_data,
528 tvb, offset, padding_count - 1, FALSE );
529 offset += padding_count - 1;
532 * Show the last byte in the PDU as the padding
535 proto_tree_add_item( rtp_tree, hf_rtp_padding_count,
536 tvb, offset, 1, FALSE );
542 dissect_rtp_data( tvb, pinfo, tree, rtp_tree, offset,
543 tvb_length_remaining( tvb, offset ),
544 tvb_reported_length_remaining( tvb, offset ),
551 proto_register_rtp(void)
553 static hf_register_info hf[] =
562 VALS(rtp_version_vals),
594 "Contributing source identifiers count",
616 &hf_rtp_payload_type,
622 VALS(rtp_payload_type_vals),
654 "Synchronization Source identifier",
666 "Defined by profile",
724 &hf_rtp_padding_data,
736 &hf_rtp_padding_count,
757 proto_rtp = proto_register_protocol("Real-Time Transport Protocol",
759 proto_register_field_array(proto_rtp, hf, array_length(hf));
760 proto_register_subtree_array(ett, array_length(ett));
762 register_dissector("rtp", dissect_rtp, proto_rtp);
765 register_init_routine( &rtp_init );
770 proto_reg_handoff_rtp(void)
772 dissector_handle_t rtp_handle;
775 * Get handles for the H.261 and MPEG-1 dissectors.
777 h261_handle = find_dissector("h261");
778 mpeg1_handle = find_dissector("mpeg1");
779 data_handle = find_dissector("data");
782 * Register this dissector as one that can be selected by a
785 rtp_handle = find_dissector("rtp");
786 dissector_add_handle("udp.port", rtp_handle);
git.samba.org / obnox / wireshark / wip.git / blob