Hello! The following RTP detector:
http://bazaar.launchpad.net/~didier-barvaux/rohc/main/view/head:/app/sniffer/sniffer.c#L1722 which try to decide if RTP by single packet can be enhanced to do deep packet inspection, by verifying that SSRC is stable for certain thershold period. #NOTE: as Rtp_Arr[] is internal to the detector it access it directly instead via rtp_private. The new source: /*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*/ #define RTP_APPROVE_THOLD (5) #define MAX_RTP_CID (8) typedef struct rtp_entry { uint8_t Cnt2Rtp; // if free == 0, count (RTP_APPROVE_THOLD)5,4,3,2,1(RTP Approved) uint8_t TBD; // PT? uint16_t TBD16; // ...? uint32_t LastPktTm; // Last-Packet-TimeStamp, in sec uint32_t srcIp; // Source-IP, Kept in BigEndian uint32_t SSRC; // SSRC, Kept in BigEndian } rtp_ent_t; rtp_ent_t Rtp_Arr[ MAX_RTP_CID ]; /*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*/ /** * @brief The detection callback which do detect RTP stream * * @param ip The inner ip packet * @param udp The udp header of the packet * @param payload The payload of the packet * @param payload_size The size of the payload (in bytes) == udp.udp_length-8(=udp_header_size) * @return 1 if the packet is an RTP packet, 0 otherwise */ static bool rtp_detect_cb(const unsigned char *const ip, const unsigned char *const udp, const unsigned char *const payload, const unsigned int payload_size, void *const rtp_private) { const uint16_t max_well_known_port = 1024; const uint16_t sip_port = 5060; uint32_t ssrc, src_ip; uint16_t udp_sport; uint16_t udp_dport; //uint16_t udp_len; //==payload_size+8 uint8_t rtp_pt; uint32_t ts_now; int jj, freeNdx; bool is_rtp = false; //assert(ip != NULL); //assert(udp != NULL); //assert(payload != NULL); //assert(rtp_private == NULL); if( !ip || !udp || !payload) { //cprintf("%srtp_detector_cb called with NULL ptr%s\n", ATR_RED, ATR_OFF); goto not_rtp; } bins.Detect++; /* retrieve UDP source and destination ports and UDP length */ udp_sport = htons(*(uint16_t *)&udp[0]); //memcpy(&udp_sport, udp, sizeof(uint16_t)); udp_dport = htons(*(uint16_t *)&udp[2]); //memcpy(&udp_dport, udp + 2, sizeof(uint16_t)); //udp_len = htons(*(uint16_t *)&udp[4]); //memcpy(&udp_len, udp + 4, sizeof(uint16_t));//NO-NEED==payload_size+8 /* RTP streams do not use well known ports */ if((udp_sport <= max_well_known_port) || (udp_dport <= max_well_known_port)) { goto not_rtp; } /* SIP (UDP/5060) is not RTP */ if((udp_sport == sip_port) && (udp_dport == sip_port)) { goto not_rtp; } /* the UDP destination port of RTP packet is even (the RTCP destination * port are RTP destination port + 1, so it is odd) */ if(((udp_sport % 2) != 0) || ((udp_dport % 2) != 0)) { goto not_rtp; } /* UDP Length shall not be too large */ if(payload_size > 192) { goto not_rtp; } /* UDP payload shall at least contain the smallest RTP header */ if(payload_size < 12) { goto not_rtp; } /* RTP Version bits shall be 2, eXtension-bit4 should be 0 */ if((payload[0] & 0xd0) != 0x80) { goto not_rtp; }//..is Ver==2 & X==0? #define DEEP_PKT_INSPECT // Make sure it is RTP session by RTP_APPROVE_THOLD packets inspection /* RTP payload type shall be: * G.711/PCMU (0), GSM (0x03), ITU-T G.723 (0x04), * ITU-T G.729 (0x12), dynamic RTP type 97 (0x61), * telephony-event (0x65), Speex (0x72), * or dynamic RTP type 125 (0x7d) */ rtp_pt = payload[1] & 0x7f; #ifndef DEEP_PKT_INSPECT if ((rtp_pt != 0x00) && (rtp_pt != 0x03) && (rtp_pt != 0x04) && (rtp_pt != 0x12) && (rtp_pt != 0x61) && (rtp_pt != 0x65) && (rtp_pt != 0x72) && (rtp_pt != 0x7d)) { goto not_rtp; } #endif /*!DEEP_PKT_INSPECT*/ /* we think that the UDP packet is a RTP packet */ #ifdef DEEP_PKT_INSPECT ssrc = *((uint32_t *)&payload[ 8 ]); // Let's keep it in Big Endian format src_ip = *((uint32_t *)&ip[ 12 ]); // Let's keep it in Big Endian format freeNdx = -1; ts_now = time(0); // ts_now = tp_now >> 20; //Note: tp_now is time in usec since application start, means >> 20 => 1.048576sec for (jj = 0; jj < MAX_RTP_CID; jj++) { register uint32_t DiffTm; // Delta T in seconds DiffTm = ts_now - Rtp_Arr[ jj ].LastPktTm; if (DiffTm >> 4) // Is Delta-T > 16sec Rtp_Arr[ jj ].Cnt2Rtp = 0; // Mark free if ((freeNdx < 0) && (Rtp_Arr[ jj ].Cnt2Rtp == 0)) freeNdx = jj; // Record tentative entry, if non-existing entry if ((Rtp_Arr[ jj ].SSRC == ssrc) && (Rtp_Arr[ jj ].srcIp == src_ip)) { if (Rtp_Arr[ jj ].Cnt2Rtp > 1) Rtp_Arr[ jj ].Cnt2Rtp--; Rtp_Arr[ jj ].LastPktTm = ts_now; if (Rtp_Arr[ jj ].Cnt2Rtp == 1) { bins.isRtp++; is_rtp = true; } break; // Found => stop search }//..this rtp-session entry found }//..search for rtp-session entry if ((jj == MAX_RTP_CID) &&(freeNdx >= 0)) { printf("rtp_detector_cb Set rtp entry:%d w/ Ip:0x%x-%x pt:x%x\n", freeNdx, src_ip, ssrc, rtp_pt); Rtp_Arr[ freeNdx ].Cnt2Rtp = RTP_APPROVE_THOLD; Rtp_Arr[ freeNdx ].LastPktTm = ts_now; Rtp_Arr[ freeNdx ].srcIp = src_ip; Rtp_Arr[ freeNdx ].SSRC = ssrc; }//..rtp-session entry not-found => assign "free" entry #else /*DEEP_PKT_INSPECT?*/ bins.isRtp++; is_rtp = true; #endif /*!DEEP_PKT_INSPECT*/ not_rtp: return is_rtp; }//..rtp_detect_cb() Gil Beniamini Gilat Satellite Networks - R&D [email protected]<mailto:[email protected]> Phone: (972)-3-9252427 Fax:(972)-3-9293040 IMPORTANT - This email and any attachments is intended for the above named addressee(s), and may contain information which is confidential or privileged. If you are not the intended recipient, please inform the sender immediately and delete this email: you should not copy or use this e-mail for any purpose nor disclose its contents to any person.
_______________________________________________ Mailing list: https://launchpad.net/~rohc Post to : [email protected] Unsubscribe : https://launchpad.net/~rohc More help : https://help.launchpad.net/ListHelp
