3 * Routines for RTP dissection
4 * RTP = Real time Transport Protocol
6 * Copyright 2000, Philips Electronics N.V.
7 * Written by Andreas Sikkema <andreas.sikkema@philips.com>
9 * Ethereal - Network traffic analyzer
10 * By Gerald Combs <gerald@zing.org>
11 * Copyright 1998 Gerald Combs
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version 2
17 * of the License, or (at your option) any later version.
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
30 * This dissector tries to dissect the RTP protocol according to Annex A
31 * of ITU-T Recommendation H.225.0 (02/98) or RFC 1889
33 * RTP traffic is handled by an even UDP portnumber. This can be any
34 * port number, but there is a registered port available, port 5004
35 * See Annex B of ITU-T Recommendation H.225.0, section B.7
46 #ifdef HAVE_SYS_TYPES_H
47 # include <sys/types.h>
50 #ifdef HAVE_NETINET_IN_H
51 # include <netinet/in.h>
57 #include "packet-rtp.h"
58 #include "packet-h261.h"
59 #include "conversation.h"
61 /* RTP header fields */
62 static int proto_rtp = -1;
63 static int hf_rtp_version = -1;
64 static int hf_rtp_padding = -1;
65 static int hf_rtp_extension = -1;
66 static int hf_rtp_csrc_count = -1;
67 static int hf_rtp_marker = -1;
68 static int hf_rtp_payload_type = -1;
69 static int hf_rtp_seq_nr = -1;
70 static int hf_rtp_timestamp = -1;
71 static int hf_rtp_ssrc = -1;
72 static int hf_rtp_csrc_item = -1;
73 static int hf_rtp_data = -1;
74 static int hf_rtp_padding_data = -1;
75 static int hf_rtp_padding_count= -1;
77 /* RTP header extension fields */
78 static int hf_rtp_prof_define = -1;
79 static int hf_rtp_length = -1;
80 static int hf_rtp_hdr_ext = -1;
82 /* RTP fields defining a sub tree */
83 static gint ett_rtp = -1;
84 static gint ett_csrc_list = -1;
85 static gint ett_hdr_ext = -1;
88 * Fields in the first octet of the RTP header.
91 /* Version is the first 2 bits of the first octet*/
92 #define RTP_VERSION(octet) ((octet) >> 6)
94 /* Padding is the third bit; No need to shift, because true is any value
96 #define RTP_PADDING(octet) ((octet) & 0x20)
98 /* Extension bit is the fourth bit */
99 #define RTP_EXTENSION(octet) ((octet) & 0x10)
101 /* CSRC count is the last four bits */
102 #define RTP_CSRC_COUNT(octet) ((octet) & 0xF)
104 static const value_string rtp_version_vals[] =
106 { 0, "Old VAT Version" },
107 { 1, "First Draft Version" },
108 { 2, "RFC 1889 Version" },
113 * Fields in the second octet of the RTP header.
116 /* Marker is the first bit of the second octet */
117 #define RTP_MARKER(octet) ((octet) & 0x80)
119 /* Payload type is the last 7 bits */
120 #define RTP_PAYLOAD_TYPE(octet) ((octet) & 0x7F)
124 * Table B.2 / H.225.0
135 static const value_string rtp_payload_type_vals[] =
137 { PT_PCMU, "ITU-T G.711 PCMU" },
138 { PT_PCMA, "ITU-T G.711 PCMA" },
139 { PT_G722, "ITU-T G.722" },
140 { PT_G723, "ITU-T G.723" },
141 { PT_G728, "ITU-T G.728" },
142 { PT_G729, "ITU-T G.729" },
143 { PT_H261, "ITU-T H.261" },
144 { PT_H263, "ITU-T H.263" },
148 static address fake_addr;
149 static int heur_init = FALSE;
151 static const char rtp_proto[] = "RTP";
153 void rtp_add_address( const unsigned char* ip_addr, int prt )
156 conversation_t* pconv = ( conversation_t* ) NULL;
158 src_addr.type = AT_IPv4;
160 src_addr.data = ip_addr;
163 * The first time the function is called let the tcp dissector
164 * know that we're interested in traffic
167 heur_dissector_add( "udp", dissect_rtp_heur );
172 * Check if the ip address an dport combination is not
175 pconv = find_conversation( &src_addr, &fake_addr, PT_UDP, prt, 0, 0 );
181 conversation_new( &src_addr, &fake_addr, PT_UDP, (guint32) prt,
182 (guint32) 0, ( void * ) rtp_proto, 0 );
188 static void rtp_init( void )
190 unsigned char* tmp_data;
193 /* Create a fake adddress... */
194 fake_addr.type = AT_IPv4;
197 tmp_data = malloc( fake_addr.len );
198 for ( i = 0; i < fake_addr.len; i++) {
201 fake_addr.data = tmp_data;
206 dissect_rtp_heur( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree )
208 conversation_t* pconv;
210 if (!proto_is_protocol_enabled(proto_rtp))
211 return FALSE; /* RTP has been disabled */
213 /* This is a heuristic dissector, which means we get all the TCP
214 * traffic not sent to a known dissector and not claimed by
215 * a heuristic dissector called before us!
216 * So we first check if the frame is really meant for us.
218 if ( ( pconv = find_conversation( &pi.src, &fake_addr, pi.ptype,
219 pi.srcport, 0, 0 ) ) == NULL ) {
221 * The source ip:port combination was not what we were
222 * looking for, check the destination
224 if ( ( pconv = find_conversation( &pi.dst, &fake_addr,
225 pi.ptype, pi.destport, 0, 0 ) ) == NULL ) {
231 * An RTP conversation always contains data
233 if ( pconv->data == NULL )
237 * An RTP conversation data always contains "RTP"
239 if ( strcmp( pconv->data, rtp_proto ) != 0 )
242 dissect_rtp( tvb, pinfo, tree );
248 dissect_rtp_data( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, proto_tree *rtp_tree, int offset, unsigned int data_len, unsigned int payload_type )
252 switch( payload_type ) {
255 * What does reported length DO?
257 newtvb = tvb_new_subset( tvb, offset, data_len, -1 );
258 dissect_h261(newtvb, pinfo, tree);
261 proto_tree_add_bytes( rtp_tree, hf_rtp_data, tvb, offset, data_len, tvb_get_ptr( tvb, offset, data_len ) );
267 dissect_rtp( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree )
269 proto_item *ti = NULL;
270 proto_tree *rtp_tree = NULL;
271 proto_tree *rtp_csrc_tree = NULL;
273 unsigned int version;
274 gboolean padding_set;
275 gboolean extension_set;
276 unsigned int csrc_count;
278 unsigned int payload_type;
280 unsigned int hdr_extension= 0;
281 unsigned int padding_count= 0;
282 unsigned int offset = 0;
288 CHECK_DISPLAY_AS_DATA(proto_rtp, tvb, pinfo, tree);
290 pinfo->current_proto = "RTP";
292 /* Get the fields in the first octet */
293 octet = tvb_get_guint8( tvb, offset );
294 version = RTP_VERSION( octet );
295 padding_set = RTP_PADDING( octet );
296 extension_set = RTP_EXTENSION( octet );
297 csrc_count = RTP_CSRC_COUNT( octet );
299 /* Get the fields in the second octet */
300 octet = tvb_get_guint8( tvb, offset + 1 );
301 marker_set = RTP_MARKER( octet );
302 payload_type = RTP_PAYLOAD_TYPE( octet );
304 /* Get the subsequent fields */
305 seq_num = tvb_get_ntohs( tvb, offset + 2 );
306 timestamp = tvb_get_ntohl( tvb, offset + 4 );
307 sync_src = tvb_get_ntohl( tvb, offset + 8 );
309 if ( check_col( pinfo->fd, COL_PROTOCOL ) ) {
310 col_set_str( pinfo->fd, COL_PROTOCOL, "RTP" );
313 if ( check_col( pinfo->fd, COL_INFO) ) {
314 col_add_fstr( pinfo->fd, COL_INFO,
315 "Payload type=%s, SSRC=%u, Seq=%u, Time=%u%s",
316 val_to_str( payload_type, rtp_payload_type_vals,
321 marker_set ? ", Mark" : "");
325 ti = proto_tree_add_item( tree, proto_rtp, tvb, offset, tvb_length_remaining( tvb, offset ), FALSE );
326 rtp_tree = proto_item_add_subtree( ti, ett_rtp );
328 proto_tree_add_uint( rtp_tree, hf_rtp_version, tvb,
329 offset, 1, version );
330 proto_tree_add_boolean( rtp_tree, hf_rtp_padding, tvb,
331 offset, 1, padding_set );
332 proto_tree_add_boolean( rtp_tree, hf_rtp_extension, tvb,
333 offset, 1, extension_set );
334 proto_tree_add_uint( rtp_tree, hf_rtp_csrc_count, tvb,
335 offset, 1, csrc_count );
338 proto_tree_add_boolean( rtp_tree, hf_rtp_marker, tvb, offset,
340 proto_tree_add_uint( rtp_tree, hf_rtp_payload_type, tvb,
341 offset, 1, payload_type );
344 /* Sequence number 16 bits (2 octets) */
345 proto_tree_add_uint( rtp_tree, hf_rtp_seq_nr, tvb, offset, 2, seq_num );
348 /* Timestamp 32 bits (4 octets) */
349 proto_tree_add_uint( rtp_tree, hf_rtp_timestamp, tvb, offset, 4, timestamp );
352 /* Synchronization source identifier 32 bits (4 octets) */
353 proto_tree_add_uint( rtp_tree, hf_rtp_ssrc, tvb, offset, 4, sync_src );
357 if ( csrc_count > 0 ) {
358 ti = proto_tree_add_text(rtp_tree, tvb, offset, csrc_count * 4, "Contributing Source identifiers");
359 rtp_csrc_tree = proto_item_add_subtree( ti, ett_csrc_list );
360 for (i = 0; i < csrc_count; i++ ) {
361 csrc_item = tvb_get_ntohl( tvb, offset );
362 proto_tree_add_uint_format( rtp_csrc_tree,
363 hf_rtp_csrc_item, tvb, offset, 4,
371 /* Optional RTP header extension */
372 if ( extension_set ) {
373 /* Defined by profile field is 16 bits (2 octets) */
374 proto_tree_add_uint( rtp_tree, hf_rtp_prof_define, tvb, offset, 2, tvb_get_ntohs( tvb, offset ) );
377 hdr_extension = tvb_get_ntohs( tvb, offset );
378 proto_tree_add_uint( rtp_tree, hf_rtp_length, tvb,
379 offset, 2, hdr_extension);
380 if ( hdr_extension > 0 ) {
381 ti = proto_tree_add_text(rtp_tree, tvb, offset, csrc_count * 4, "Header extensions");
382 /* I'm re-using the old tree variable here
383 from the CSRC list!*/
384 rtp_csrc_tree = proto_item_add_subtree( ti,
386 for (i = 0; i < hdr_extension; i++ ) {
387 proto_tree_add_uint( rtp_csrc_tree, hf_rtp_hdr_ext, tvb, offset, 4, tvb_get_ntohl( tvb, offset ) );
393 * The padding count is found in the LAST octet of the packet
394 * This contains the number of octets that can be ignored at
395 * the end of the packet
398 padding_count = tvb_get_guint8( tvb, tvb_length( tvb ) - 1 );
399 if ( padding_count > 0 ) {
400 dissect_rtp_data( tvb, pinfo, tree, rtp_tree, offset, tvb_length( tvb ) - padding_count, payload_type );
401 offset = tvb_length( tvb ) - padding_count;
402 proto_tree_add_item( rtp_tree, hf_rtp_padding_data, tvb, offset, padding_count - 1, FALSE );
403 offset += padding_count - 1;
404 proto_tree_add_item( rtp_tree, hf_rtp_padding_count, tvb, offset, 1, FALSE );
407 proto_tree_add_item( rtp_tree, hf_rtp_padding_count, tvb, tvb_length( tvb ) - 1, 1, FALSE );
411 dissect_rtp_data( tvb, pinfo, tree, rtp_tree, offset, tvb_length_remaining( tvb, offset ) - padding_count, payload_type );
417 proto_register_rtp(void)
419 static hf_register_info hf[] =
428 VALS(rtp_version_vals),
460 "Contributing source identifiers count",
482 &hf_rtp_payload_type,
488 VALS(rtp_payload_type_vals),
520 "Synchronization Source identifier",
532 "Defined by profile",
590 &hf_rtp_padding_data,
602 &hf_rtp_padding_count,
623 proto_rtp = proto_register_protocol("Real-Time Transport Protocol", "rtp");
624 proto_register_field_array(proto_rtp, hf, array_length(hf));
625 proto_register_subtree_array(ett, array_length(ett));
628 register_init_routine( &rtp_init );
git.samba.org / obnox / wireshark / wip.git / blob