Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / ui / tap-rtp-analysis.c
blob177164fcad6f12fa6026a4a670c08a72200d0e6d
1 /* tap-rtp-analysis.c
2 * RTP stream handler functions used by tshark and wireshark
4 * Copyright 2008, Ericsson AB
5 * By Balint Reczey <balint.reczey@ericsson.com>
7 * most functions are copied from ui/gtk/rtp_stream.c and ui/gtk/rtp_analysis.c
8 * Copyright 2003, Alcatel Business Systems
9 * By Lars Ruoff <lars.ruoff@gmx.net>
11 * Wireshark - Network traffic analyzer
12 * By Gerald Combs <gerald@wireshark.org>
13 * Copyright 1998 Gerald Combs
15 * SPDX-License-Identifier: GPL-2.0-or-later
18 #include "config.h"
20 #include <glib.h>
22 #include <math.h>
23 #include "globals.h"
25 #include <string.h>
26 #include <epan/rtp_pt.h>
27 #include <epan/addr_resolv.h>
28 #include <epan/proto_data.h>
29 #include <epan/dissectors/packet-rtp.h>
30 #include "rtp_stream.h"
31 #include "tap-rtp-common.h"
32 #include "tap-rtp-analysis.h"
34 typedef struct _key_value {
35 uint32_t key;
36 uint32_t value;
37 } key_value;
40 /* RTP sampling clock rates for fixed payload types as defined in
41 https://www.iana.org/assignments/rtp-parameters/rtp-parameters.xhtml */
42 static const key_value clock_map[] = {
43 {PT_PCMU, 8000},
44 {PT_1016, 8000},
45 {PT_G721, 8000},
46 {PT_GSM, 8000},
47 {PT_G723, 8000},
48 {PT_DVI4_8000, 8000},
49 {PT_DVI4_16000, 16000},
50 {PT_LPC, 8000},
51 {PT_PCMA, 8000},
52 {PT_G722, 8000},
53 {PT_L16_STEREO, 44100},
54 {PT_L16_MONO, 44100},
55 {PT_QCELP, 8000},
56 {PT_CN, 8000},
57 {PT_MPA, 90000},
58 {PT_G728, 8000},
59 {PT_G728, 8000},
60 {PT_DVI4_11025, 11025},
61 {PT_DVI4_22050, 22050},
62 {PT_G729, 8000},
63 {PT_CN_OLD, 8000},
64 {PT_CELB, 90000},
65 {PT_JPEG, 90000},
66 {PT_NV, 90000},
67 {PT_H261, 90000},
68 {PT_MPV, 90000},
69 {PT_MP2T, 90000},
70 {PT_H263, 90000},
73 #define NUM_CLOCK_VALUES array_length(clock_map)
75 static uint32_t
76 get_clock_rate(uint32_t key)
78 size_t i;
80 for (i = 0; i < NUM_CLOCK_VALUES; i++) {
81 if (clock_map[i].key == key)
82 return clock_map[i].value;
84 return 0;
87 typedef struct _mimetype_and_clock {
88 const char *pt_mime_name_str;
89 uint32_t value;
90 } mimetype_and_clock;
91 /* RTP sampling clock rates for
92 "In addition to the RTP payload formats (encodings) listed in the RTP
93 Payload Types table, there are additional payload formats that do not
94 have static RTP payload types assigned but instead use dynamic payload
95 type number assignment. Each payload format is named by a registered
96 media subtype"
97 https://www.iana.org/assignments/rtp-parameters/rtp-parameters.xhtml.
99 NOTE: Please keep the mimetypes in case insensitive alphabetical order.
101 static const mimetype_and_clock mimetype_and_clock_map[] = {
102 {"AMR", 8000}, /* [RFC4867][RFC3267] */
103 {"AMR-WB", 16000}, /* [RFC4867][RFC3267] */
104 {"BMPEG", 90000}, /* [RFC2343],[RFC3555] */
105 {"BT656", 90000}, /* [RFC2431],[RFC3555] */
106 {"DV", 90000}, /* [RFC3189] */
107 {"EVRC", 8000}, /* [RFC3558] */
108 {"EVRC0", 8000}, /* [RFC4788] */
109 {"EVRC1", 8000}, /* [RFC4788] */
110 {"EVRCB", 8000}, /* [RFC4788] */
111 {"EVRCB0", 8000}, /* [RFC4788] */
112 {"EVRCB1", 8000}, /* [RFC4788] */
113 {"EVRCWB", 16000}, /* [RFC5188] */
114 {"EVRCWB0", 16000}, /* [RFC5188] */
115 {"EVRCWB1", 16000}, /* [RFC5188] */
116 {"EVS", 16000}, /* [3GPP TS 26.445] */
117 {"G7221", 16000}, /* [RFC3047] */
118 {"G726-16", 8000}, /* [RFC3551][RFC4856] */
119 {"G726-24", 8000}, /* [RFC3551][RFC4856] */
120 {"G726-32", 8000}, /* [RFC3551][RFC4856] */
121 {"G726-40", 8000}, /* [RFC3551][RFC4856] */
122 {"G729D", 8000}, /* [RFC3551][RFC4856] */
123 {"G729E", 8000}, /* [RFC3551][RFC4856] */
124 {"GSM-EFR", 8000}, /* [RFC3551] */
125 {"H263-1998", 90000}, /* [RFC2429],[RFC3555] */
126 {"H263-2000", 90000}, /* [RFC2429],[RFC3555] */
127 {"H264", 90000}, /* [RFC3984] */
128 {"MP1S", 90000}, /* [RFC2250],[RFC3555] */
129 {"MP2P", 90000}, /* [RFC2250],[RFC3555] */
130 {"MP4V-ES", 90000}, /* [RFC3016] */
131 {"mpa-robust", 90000}, /* [RFC3119] */
132 {"opus", 48000}, /* [RFC7587] */
133 {"pointer", 90000}, /* [RFC2862] */
134 {"raw", 90000}, /* [RFC4175] */
135 {"red", 1000}, /* [RFC4102] */
136 {"SMV", 8000}, /* [RFC3558] */
137 {"SMV0", 8000}, /* [RFC3558] */
138 {"t140", 1000}, /* [RFC4103] */
139 {"telephone-event", 8000}, /* [RFC4733] */
142 #define NUM_DYN_CLOCK_VALUES array_length(mimetype_and_clock_map)
144 static uint32_t
145 get_dyn_pt_clock_rate(const char *payload_type_str)
147 int i;
149 /* Search for matching mimetype in reverse order to avoid false matches
150 * when pt_mime_name_str is the prefix of payload_type_str */
151 for (i = NUM_DYN_CLOCK_VALUES - 1; i > -1 ; i--) {
152 if (g_ascii_strncasecmp(mimetype_and_clock_map[i].pt_mime_name_str,payload_type_str,(strlen(mimetype_and_clock_map[i].pt_mime_name_str))) == 0)
153 return mimetype_and_clock_map[i].value;
156 return 0;
159 #define TIMESTAMP_DIFFERENCE(v1,v2) ((int64_t)v2-(int64_t)v1)
161 /****************************************************************************/
162 void
163 rtppacket_analyse(tap_rtp_stat_t *statinfo,
164 const packet_info *pinfo,
165 const struct _rtp_info *rtpinfo)
167 double current_time;
168 double current_jitter = 0;
169 double current_diff = 0;
170 double nominaltime;
171 double nominaltime_diff;
172 double arrivaltime;
173 double expected_time;
174 double absskew;
175 uint32_t clock_rate;
176 bool in_time_sequence;
178 /* Store the current time */
179 current_time = nstime_to_msec(&pinfo->rel_ts);
181 /* Is this the first packet we got in this direction? */
182 if (statinfo->first_packet) {
183 statinfo->start_seq_nr = rtpinfo->info_extended_seq_num;
184 statinfo->stop_seq_nr = rtpinfo->info_extended_seq_num;
185 statinfo->seq_num = rtpinfo->info_seq_num;
186 statinfo->start_time = current_time;
187 statinfo->timestamp = rtpinfo->info_extended_timestamp;
188 statinfo->seq_timestamp = rtpinfo->info_extended_timestamp;
189 statinfo->time = current_time;
190 statinfo->lastnominaltime = 0;
191 statinfo->lastarrivaltime = 0;
192 statinfo->pt = rtpinfo->info_payload_type;
193 statinfo->reg_pt = rtpinfo->info_payload_type;
194 if (pinfo->net_src.type == AT_IPv6) {
195 statinfo->bw_history[statinfo->bw_index].bytes = rtpinfo->info_data_len + 48;
196 } else {
197 statinfo->bw_history[statinfo->bw_index].bytes = rtpinfo->info_data_len + 28;
199 statinfo->bw_history[statinfo->bw_index].time = current_time;
200 statinfo->bw_index++;
201 if (pinfo->net_src.type == AT_IPv6) {
202 statinfo->total_bytes += rtpinfo->info_data_len + 48;
203 } else {
204 statinfo->total_bytes += rtpinfo->info_data_len + 28;
206 statinfo->bandwidth = (double)(statinfo->total_bytes*8)/1000;
207 /* Not needed ? initialised to zero? */
208 statinfo->delta = 0;
209 statinfo->max_delta = 0;
210 statinfo->min_delta = -1;
211 statinfo->mean_delta = 0;
212 statinfo->jitter = 0;
213 statinfo->min_jitter = -1;
214 statinfo->max_jitter = 0;
215 statinfo->diff = 0;
217 statinfo->total_nr++;
218 statinfo->flags |= STAT_FLAG_FIRST;
219 if (rtpinfo->info_marker_set) {
220 statinfo->flags |= STAT_FLAG_MARKER;
222 statinfo->first_packet_num = pinfo->num;
223 statinfo->first_packet = false;
224 return;
227 /* Reset flags */
228 statinfo->flags = 0;
230 /* When calculating expected rtp packets the seq number can wrap around.
231 * The RTP dissector does an extended sequence number calculation and
232 * passes it here so we use that for the number of cycles.
234 * XXX How to determine number of cycles with all possible lost, late
235 * and duplicated packets without any doubt? It seems to me that
236 * because of all possible combination of late, duplicated or lost
237 * packets this can only be more or less a good approximation.
238 * The RTP dissector doesn't do exactly the algorithm in RFC 3550 A.1
239 * but could be modified.
241 * There are some combinations (rare but theoretically possible),
242 * where it won't work correctly - statistic may be wrong then.
245 /* Check if time sequence of packets is in order. Use the extended
246 * timestamp that the RTP dissector has already calculated.
248 if (statinfo->seq_timestamp <= rtpinfo->info_extended_timestamp) {
249 // Normal timestamp sequence
250 in_time_sequence = true;
251 } else {
252 // New packet is not in sequence (is in past)
253 in_time_sequence = false;
254 statinfo->flags |= STAT_FLAG_WRONG_TIMESTAMP;
257 /* Since it is difficult to count lost, duplicate or late packets separately,
258 * we would like to know at least how many times the sequence number was not ok
260 * RFC 3550 Appendix A.1 recommends storing the bad sequence number after
261 * a jump so we can see if we get consecutive in-order sequence numbers
262 * that indicate the other side restarted, see #10665. Handling that would
263 * require additional changes in the number of packets expected.
266 /* If the current seq number equals the last one or if we are here for
267 * the first time, then it is ok, we just store the current one as the last one
269 if ( in_time_sequence &&
270 ( (statinfo->seq_num+1 == rtpinfo->info_seq_num) || (statinfo->flags & STAT_FLAG_FIRST) )
272 statinfo->seq_num = rtpinfo->info_seq_num;
274 /* If the first one is 65535 we wrap */
275 else if ( in_time_sequence &&
276 ( (statinfo->seq_num == 65535) && (rtpinfo->info_seq_num == 0) )
278 statinfo->seq_num = rtpinfo->info_seq_num;
280 /* Lost packets. If the prev seq is enormously larger than the cur seq
281 * we assume that instead of being massively late we lost the packet(s)
282 * that would have indicated the sequence number wrapping. An imprecise
283 * heuristic at best, but it seems to work well enough.
284 * https://gitlab.com/wireshark/wireshark/-/issues/5958 */
285 else if ( in_time_sequence &&
286 (statinfo->seq_num+1 < rtpinfo->info_seq_num || statinfo->seq_num - rtpinfo->info_seq_num > 0xFF00)
288 statinfo->seq_num = rtpinfo->info_seq_num;
289 statinfo->sequence++;
290 statinfo->flags |= STAT_FLAG_WRONG_SEQ;
292 /* Late or duplicated */
293 else if (statinfo->seq_num+1 > rtpinfo->info_seq_num) {
294 statinfo->sequence++;
295 statinfo->flags |= STAT_FLAG_WRONG_SEQ;
298 /* Check payload type */
299 if (rtpinfo->info_payload_type == PT_CN
300 || rtpinfo->info_payload_type == PT_CN_OLD)
301 statinfo->flags |= STAT_FLAG_PT_CN;
302 if (statinfo->pt == PT_CN
303 || statinfo->pt == PT_CN_OLD)
304 statinfo->flags |= STAT_FLAG_FOLLOW_PT_CN;
305 if (rtpinfo->info_payload_type != statinfo->pt)
306 statinfo->flags |= STAT_FLAG_PT_CHANGE;
307 statinfo->pt = rtpinfo->info_payload_type;
310 * Return for unknown payload types
311 * Ignore jitter calculation for clockrate = 0
313 if (statinfo->pt < 96 ){
314 clock_rate = get_clock_rate(statinfo->pt);
315 } else { /* Dynamic PT */
316 if ( rtpinfo->info_payload_type_str != NULL ) {
317 /* Is it a "telephone-event" ?
318 * Timestamp is not increased for telepone-event packets impacting
319 * calculation of Jitter Skew and clock drift.
320 * see 2.2.1 of RFC 4733
322 if (g_ascii_strncasecmp("telephone-event",rtpinfo->info_payload_type_str,(strlen("telephone-event")))==0) {
323 clock_rate = 0;
324 statinfo->flags |= STAT_FLAG_PT_T_EVENT;
325 } else {
326 if(rtpinfo->info_payload_rate !=0) {
327 clock_rate = rtpinfo->info_payload_rate;
328 } else {
329 clock_rate = get_dyn_pt_clock_rate(rtpinfo->info_payload_type_str);
332 } else {
333 clock_rate = 0;
337 /* diff/jitter/skew calculations are done just for in sequence packets */
338 /* Note, "in_time_sequence" just means relative to the first packet in
339 * stream (within 0x80000000), excluding packets that are before the first
340 * packet in timestamp (or implausibly far away.)
341 * XXX: Do we really need to exclude those? The underlying problem in
342 * #16330 was not allowing the time difference to be negative.
344 if ( in_time_sequence || true ) {
345 /* XXX: We try to handle clock rate changes, but if the clock rate
346 * changed during a dropped packet (or if we go backwards because
347 * a packet is reordered), it won't be quite right.
349 nominaltime_diff = (double)(TIMESTAMP_DIFFERENCE(statinfo->seq_timestamp, rtpinfo->info_extended_timestamp));
351 /* Can only analyze defined sampling rates */
352 if (clock_rate != 0) {
353 statinfo->clock_rate = clock_rate;
354 /* Convert from sampling clock to ms */
355 nominaltime_diff = nominaltime_diff /(clock_rate/1000);
357 /* Calculate the current jitter(in ms) */
358 if (!statinfo->first_packet) {
359 expected_time = statinfo->time + nominaltime_diff;
360 current_diff = fabs(current_time - expected_time);
361 current_jitter = (15 * statinfo->jitter + current_diff) / 16;
363 statinfo->delta = current_time-(statinfo->time);
364 statinfo->jitter = current_jitter;
365 statinfo->diff = current_diff;
367 nominaltime = statinfo->lastnominaltime + nominaltime_diff;
368 arrivaltime = statinfo->lastarrivaltime + statinfo->delta;
369 /* Calculate skew, i.e. absolute jitter that also catches clock drift
370 * Skew is positive if TS (nominal) is too fast
372 statinfo->skew = nominaltime - arrivaltime;
373 absskew = fabs(statinfo->skew);
374 if (absskew > fabs(statinfo->max_skew)) {
375 statinfo->max_skew = statinfo->skew;
377 /* Gather data for calculation of average, minimum and maximum framerate based on timestamp */
378 #if 0
379 if (numPackets > 0 && (!hardPayloadType || !alternatePayloadType)) {
380 /* Skip first packet and possibly alternate payload type packets */
381 double dt;
382 dt = nominaltime - statinfo->lastnominaltime;
383 sumdt += 1.0 * dt;
384 numdt += (dt != 0 ? 1 : 0);
385 mindt = (dt < mindt ? dt : mindt);
386 maxdt = (dt > maxdt ? dt : maxdt);
388 #endif
389 /* Gather data for calculation of skew least square */
390 statinfo->sumt += 1.0 * arrivaltime;
391 statinfo->sumTS += 1.0 * nominaltime;
392 statinfo->sumt2 += 1.0 * arrivaltime * arrivaltime;
393 statinfo->sumtTS += 1.0 * arrivaltime * nominaltime;
394 statinfo->lastnominaltime = nominaltime;
395 statinfo->lastarrivaltime = arrivaltime;
396 } else {
397 if (!statinfo->first_packet) {
398 statinfo->delta = current_time-(statinfo->time);
403 /* Calculate the BW in Kbps adding the IP+UDP header to the RTP -> 20bytes(IP) + 8bytes(UDP) */
404 if (pinfo->net_src.type == AT_IPv6) {
405 statinfo->bw_history[statinfo->bw_index].bytes = rtpinfo->info_data_len + 48;
406 } else {
407 statinfo->bw_history[statinfo->bw_index].bytes = rtpinfo->info_data_len + 28;
409 statinfo->bw_history[statinfo->bw_index].time = current_time;
411 /* Check if there are more than 1sec in the history buffer to calculate BW in bps. If so, remove those for the calculation */
412 while ((statinfo->bw_history[statinfo->bw_start_index].time+1000/* ms */)<current_time){
413 statinfo->total_bytes -= statinfo->bw_history[statinfo->bw_start_index].bytes;
414 statinfo->bw_start_index++;
415 if (statinfo->bw_start_index == BUFF_BW) statinfo->bw_start_index=0;
417 /* IP hdr + UDP + RTP */
418 if (pinfo->net_src.type == AT_IPv6){
419 statinfo->total_bytes += rtpinfo->info_data_len + 48;
420 }else{
421 statinfo->total_bytes += rtpinfo->info_data_len + 28;
423 statinfo->bandwidth = (double)(statinfo->total_bytes*8)/1000;
424 statinfo->bw_index++;
425 if (statinfo->bw_index == BUFF_BW) statinfo->bw_index = 0;
428 /* Is it a packet with the mark bit set? */
429 if (rtpinfo->info_marker_set) {
430 statinfo->flags |= STAT_FLAG_MARKER;
433 /* Is it a regular packet? */
434 if (!(statinfo->flags & STAT_FLAG_FIRST)
435 && !(statinfo->flags & STAT_FLAG_MARKER)
436 && !(statinfo->flags & STAT_FLAG_PT_CN)
437 && !(statinfo->flags & STAT_FLAG_WRONG_TIMESTAMP)
438 && !(statinfo->flags & STAT_FLAG_FOLLOW_PT_CN)) {
439 /* Include it in maximum delta calculation */
440 if (statinfo->delta > statinfo->max_delta) {
441 statinfo->max_delta = statinfo->delta;
442 statinfo->max_nr = pinfo->num;
444 /* Include it in minimum delta calculation */
445 if (statinfo->min_delta == -1 ) {
446 statinfo->min_delta = statinfo->delta;
447 } else if (statinfo->delta < statinfo->min_delta) {
448 statinfo->min_delta = statinfo->delta;
450 /* Mean delta calculation; average over the deltas between packets.
451 * For N packets there are N-1 deltas between them. The first packet
452 * has total_nr == 1, but here while we're processing the Nth
453 * packet, total_nr isn't incremented yet.
454 * E.g., when we arrive here and total_nr == 1, we're actually on
455 * packet #2, and thus, the first delta. So interestingly, when we
456 * divide by total_nr here, we're not dividing by the number of
457 * packets, but by the number of deltas.
458 * Important: total_nr here is never 0; when the first packet is
459 * handled, that logic increments total_nr from 0 to 1; here, it is
460 * always >=1 .
462 statinfo->mean_delta = (statinfo->mean_delta*(statinfo->total_nr-1) + statinfo->delta) / statinfo->total_nr;
464 if (clock_rate != 0) {
465 /* Maximum and mean jitter calculation */
466 if (statinfo->jitter > statinfo->max_jitter) {
467 statinfo->max_jitter = statinfo->jitter;
469 /* Mean jitter calculation; average over the diffs between packets.
470 * For N packets there are N-1 diffs between them. The first packet
471 * has total_nr == 1, but here while we're processing the Nth
472 * packet, total_nr isn't incremented yet.
473 * E.g., when we arrive here and total_nr == 1, we're actually on
474 * packet #2, and thus, the first diff. So interestingly, when we
475 * divide by total_nr here, we're not dividing by the number of
476 * packets, but by the number of diffs.
477 * Important: total_nr here is never 0; when the first packet is
478 * handled, that logic increments total_nr from 0 to 1; here, it is
479 * always >=1 .
481 statinfo->mean_jitter = (statinfo->mean_jitter*(statinfo->total_nr-1) + current_jitter) / statinfo->total_nr;
483 /* Minimum jitter calculation */
484 if (statinfo->min_jitter == -1 ) {
485 statinfo->min_jitter = statinfo->jitter;
486 } else if (statinfo->jitter < statinfo->min_jitter) {
487 statinfo->min_jitter = statinfo->jitter;
491 /* Regular payload change? (CN ignored) */
492 /* XXX - We should ignore FEC payload type too, but that's determined
493 * out of band (e.g., SDP), see RFCs 5109, 8627, Issue #15403.
495 if (!(statinfo->flags & STAT_FLAG_FIRST)
496 && !(statinfo->flags & STAT_FLAG_PT_CN)) {
497 if ((statinfo->pt != statinfo->reg_pt)
498 && (statinfo->reg_pt != PT_UNDEFINED)) {
499 statinfo->flags |= STAT_FLAG_REG_PT_CHANGE;
503 /* Set regular payload*/
504 if (!(statinfo->flags & STAT_FLAG_PT_CN)) {
505 statinfo->reg_pt = statinfo->pt;
508 if (in_time_sequence) {
509 /* We remember last time just for in_time sequence packets
510 * therefore diff calculations are correct for it
512 statinfo->time = current_time;
513 statinfo->seq_timestamp = rtpinfo->info_extended_timestamp;
515 statinfo->timestamp = rtpinfo->info_extended_timestamp;
516 /* RFC 3550 Appendices A.1, A.3 say that we do *not* change base_seq,
517 * AKA start_seq_nr, when receiving a reordered packet later that has
518 * an earlier sequence number, but it's probably less surprising to do so.
520 statinfo->start_seq_nr = MIN(statinfo->start_seq_nr, rtpinfo->info_extended_seq_num);
521 statinfo->stop_seq_nr = MAX(statinfo->stop_seq_nr, rtpinfo->info_extended_seq_num);
522 statinfo->total_nr++;
523 statinfo->last_payload_len = rtpinfo->info_payload_len;
525 return;