1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
|
/* rtpdump.c
*
* Wiretap Library
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
*
* Support for RTPDump file format
* Copyright (c) 2023 by David Perry <boolean263@protonmail.com>
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
/* The rtpdump file format is the "dump" format as generated by rtpdump from
* <https://github.com/irtlab/rtptools>. It starts with an ASCII text header:
*
* #!rtpplay1.0 source_address/port\n
*
* followed by a binary header:
*
* typedef struct {
* struct timeval start; // start of recording (GMT)
* uint32_t source; // network source (multicast)
* uint16_t port; // UDP port
* } RD_hdr_t;
*
* Note that the SAME source address and port are included twice in
* this header, as seen here:
* <https://github.com/irtlab/rtptools/blob/9356740cb0c/rtpdump.c#L189>
*
* Wireshark can also generate rtpdump files, but it uses DIFFERENT addresses
* and ports in the text vs binary headers. See rtp_write_header() in
* ui/tap-rtp-common.c -- Wireshark puts the destination address and port
* in the text header, but the source address and port in the binary header.
*
* Wireshark may also generate the file with an IPv6 address in the text
* header, whereas rtpdump only supports IPv4 here. The binary header
* can't hold an IPv6 address without fully breaking compatibility with
* the rtptools project, so Wireshark truncates the address.
*
* Either way, each packet which follows is a RTP or RTCP packet of the form
*
* typedef struct {
* uint16_t length; // length of original packet, including header
* uint16_t plen; // actual header+payload length for RTP, 0 for RTCP
* uint32_t offset; // ms since the start of recording
* } RD_packet_t;
*
* followed by length bytes of packet data.
*/
#include "config.h"
#include <wtap-int.h>
#include <file_wrappers.h>
#include <wsutil/exported_pdu_tlvs.h>
#include <wsutil/inet_addr.h>
#include <wsutil/nstime.h>
#include <wsutil/strtoi.h>
#include <wsutil/wslog.h>
#include "rtpdump.h"
#include <string.h>
/* NB. I've included the version string in the magic for stronger identification.
* If we add/change version support, we'll also need to edit:
* - wiretap/mime_file.c
* - resources/freedesktop/org.wireshark.Wireshark-mime.xml
* - epan/dissectors/file-rtpdump.c
*/
#define RTP_MAGIC "#!rtpplay1.0 "
#define RTP_MAGIC_LEN 13
/* Reasonable maximum length for the RTP header (after the magic):
* - WS_INET6_ADDRSTRLEN characters for a IPv6 address
* - 1 for a slash
* - 5 characters for a port number
* - 1 character for a newline
* - 4 bytes for each of start seconds, start useconds, IPv4 address
* - 2 bytes for each of port, padding
* and 2 bytes of fudge factor, just in case.
*/
#define RTP_HEADER_MAX_LEN 25+WS_INET6_ADDRSTRLEN
/* Reasonable buffer size for holding the Exported PDU headers:
* - 8 bytes for the port type header
* - 8 bytes for one port
* - 4+EXP_PDU_TAG_IPV6_LEN for one IPv6 address
* (same space would hold 2 IPv4 addresses with room to spare)
*/
#define RTP_BUFFER_INIT_LEN 20+EXP_PDU_TAG_IPV6_LEN
static gboolean
rtpdump_read(wtap *wth, wtap_rec *rec, Buffer *buf,
int *err, gchar **err_info,
gint64 *data_offset);
static gboolean
rtpdump_seek_read(wtap *wth, gint64 seek_off,
wtap_rec *rec, Buffer *buf,
int *err, gchar **err_info);
static void
rtpdump_close(wtap *wth);
static int rtpdump_file_type_subtype = -1;
typedef union ip_addr_u {
ws_in4_addr ipv4;
ws_in6_addr ipv6;
} ip_addr_t;
typedef struct rtpdump_priv_s {
Buffer epdu_headers;
nstime_t start_time;
} rtpdump_priv_t;
void register_rtpdump(void);
wtap_open_return_val
rtpdump_open(wtap *wth, int *err, char **err_info)
{
guint8 buf_magic[RTP_MAGIC_LEN];
char ch = '\0';
rtpdump_priv_t *priv = NULL;
ip_addr_t txt_addr;
ws_in4_addr bin_addr;
guint16 txt_port = 0;
guint16 bin_port = 0;
GString *header_str = NULL;
gboolean is_ipv6 = FALSE;
gboolean got_ip = FALSE;
nstime_t start_time = NSTIME_INIT_ZERO;
Buffer *buf;
if (!wtap_read_bytes(wth->fh, buf_magic, RTP_MAGIC_LEN, err, err_info)) {
return (*err == WTAP_ERR_SHORT_READ)
? WTAP_OPEN_NOT_MINE
: WTAP_OPEN_ERROR;
}
if (strncmp(buf_magic, RTP_MAGIC, RTP_MAGIC_LEN) != 0) {
return WTAP_OPEN_NOT_MINE;
}
/* Parse the text header for an IP and port. */
header_str = g_string_sized_new(RTP_HEADER_MAX_LEN);
do {
if (!wtap_read_bytes(wth->fh, &ch, 1, err, err_info)) {
g_string_free(header_str, TRUE);
return (*err == WTAP_ERR_SHORT_READ)
? WTAP_OPEN_NOT_MINE
: WTAP_OPEN_ERROR;
}
if (ch == '/') {
/* Everything up to now should be an IP address */
if (ws_inet_pton4(header_str->str, &txt_addr.ipv4)) {
is_ipv6 = FALSE;
}
else if (ws_inet_pton6(header_str->str, &txt_addr.ipv6)) {
is_ipv6 = TRUE;
}
else {
*err = WTAP_ERR_BAD_FILE;
*err_info = ws_strdup("rtpdump: bad IP in header text");
g_string_free(header_str, TRUE);
return WTAP_OPEN_ERROR;
}
got_ip = TRUE;
g_string_truncate(header_str, 0);
}
else if (ch == '\n') {
if (!got_ip) {
*err = WTAP_ERR_BAD_FILE;
*err_info = ws_strdup("rtpdump: no IP in header text");
g_string_free(header_str, TRUE);
return WTAP_OPEN_ERROR;
}
if (!ws_strtou16(header_str->str, NULL, &txt_port)) {
*err = WTAP_ERR_BAD_FILE;
*err_info = ws_strdup("rtpdump: bad port in header text");
g_string_free(header_str, TRUE);
return WTAP_OPEN_ERROR;
}
break;
}
else if (g_ascii_isprint(ch)) {
g_string_append_c(header_str, ch);
}
else {
g_string_free(header_str, TRUE);
return WTAP_OPEN_NOT_MINE;
}
} while (ch != '\n');
g_string_free(header_str, TRUE);
if (!got_ip || txt_port == 0) {
*err = WTAP_ERR_BAD_FILE;
*err_info = ws_strdup("rtpdump: bad header text");
return WTAP_OPEN_ERROR;
}
/* Whether generated by rtpdump or Wireshark, the binary header
* has the source IP and port. If the text header has an IPv6 address,
* this address was likely truncated from an IPv6 address as well
* and is likely inaccurate, so we will ignore it.
*/
#define FAIL G_STMT_START { \
return (*err == WTAP_ERR_SHORT_READ) \
? WTAP_OPEN_NOT_MINE \
: WTAP_OPEN_ERROR; \
} G_STMT_END
if (!wtap_read_bytes(wth->fh, &start_time.secs, 4, err, err_info)) FAIL;
start_time.secs = g_ntohl(start_time.secs);
if (!wtap_read_bytes(wth->fh, &start_time.nsecs, 4, err, err_info)) FAIL;
start_time.nsecs = g_ntohl(start_time.nsecs) * 1000;
if (!wtap_read_bytes(wth->fh, &bin_addr, 4, err, err_info)) FAIL;
if (!wtap_read_bytes(wth->fh, &bin_port, 2, err, err_info)) FAIL;
bin_port = g_ntohs(bin_port);
/* Finally, padding */
if (!wtap_read_bytes(wth->fh, NULL, 2, err, err_info)) FAIL;
#undef FAIL
/* If we made it this far, we have all the info we need to generate
* most of the Exported PDU headers for every packet in this stream.
*/
priv = g_new0(rtpdump_priv_t, 1);
priv->start_time = start_time;
buf = &priv->epdu_headers; /* shorthand */
ws_buffer_init(buf, RTP_BUFFER_INIT_LEN);
wtap_buffer_append_epdu_uint(buf, EXP_PDU_TAG_PORT_TYPE, EXP_PDU_PT_UDP);
if (is_ipv6) {
/* File must be generated by Wireshark. Text address is IPv6 destination,
* binary address is invalid and ignored here.
*/
wtap_buffer_append_epdu_tag(buf, EXP_PDU_TAG_IPV6_DST, (const guint8 *)&txt_addr.ipv6, EXP_PDU_TAG_IPV6_LEN);
wtap_buffer_append_epdu_uint(buf, EXP_PDU_TAG_DST_PORT, txt_port);
}
else if (txt_addr.ipv4 == bin_addr && txt_port == bin_port) {
/* File must be generated by rtpdump. Both addresses are IPv4 source. */
wtap_buffer_append_epdu_tag(buf, EXP_PDU_TAG_IPV4_SRC, (const guint8 *)&bin_addr, EXP_PDU_TAG_IPV4_LEN);
wtap_buffer_append_epdu_uint(buf, EXP_PDU_TAG_SRC_PORT, bin_port);
}
else {
/* File must be generated by Wireshark. Text is IPv4 destination,
* binary is IPv4 source.
*/
wtap_buffer_append_epdu_tag(buf, EXP_PDU_TAG_IPV4_DST, (const guint8 *)&txt_addr.ipv4, EXP_PDU_TAG_IPV4_LEN);
wtap_buffer_append_epdu_uint(buf, EXP_PDU_TAG_DST_PORT, txt_port);
wtap_buffer_append_epdu_tag(buf, EXP_PDU_TAG_IPV4_SRC, (const guint8 *)&bin_addr, EXP_PDU_TAG_IPV4_LEN);
wtap_buffer_append_epdu_uint(buf, EXP_PDU_TAG_SRC_PORT, bin_port);
}
wth->priv = (void *)priv;
wth->subtype_close = rtpdump_close;
wth->subtype_read = rtpdump_read;
wth->subtype_seek_read = rtpdump_seek_read;
wth->file_type_subtype = rtpdump_file_type_subtype;
wth->file_encap = WTAP_ENCAP_WIRESHARK_UPPER_PDU;
/* Starting timestamp has microsecond precision, but delta time
* between packets is only milliseconds.
*/
wth->file_tsprec = WTAP_TSPREC_MSEC;
return WTAP_OPEN_MINE;
}
static gboolean
rtpdump_read_packet(wtap *wth, FILE_T fh, wtap_rec *rec, Buffer *buf,
int *err, gchar **err_info)
{
rtpdump_priv_t *priv = (rtpdump_priv_t *)wth->priv;
nstime_t ts = NSTIME_INIT_ZERO;
guint32 epdu_len = 0; /* length of the Exported PDU headers we add */
const guint8 hdr_len = 8; /* Header comprised of the following 3 fields: */
guint16 length; /* length of packet, including this header (may
be smaller than plen if not whole packet recorded) */
guint16 plen; /* actual header+payload length for RTP, 0 for RTCP */
guint32 offset; /* milliseconds since the start of recording */
if (!wtap_read_bytes_or_eof(fh, (void *)&length, 2, err, err_info)) return FALSE;
length = g_ntohs(length);
if (!wtap_read_bytes(fh, (void *)&plen, 2, err, err_info)) return FALSE;
plen = g_ntohs(plen);
if (!wtap_read_bytes(fh, (void *)&offset, 4, err, err_info)) return FALSE;
offset = g_ntohl(offset);
/* Set length to remaining length of packet data */
length -= hdr_len;
ws_buffer_append_buffer(buf, &priv->epdu_headers);
if (plen == 0) {
/* RTCP sample */
plen = length;
wtap_buffer_append_epdu_string(buf, EXP_PDU_TAG_DISSECTOR_NAME, "rtcp");
}
else {
/* RTP sample */
wtap_buffer_append_epdu_string(buf, EXP_PDU_TAG_DISSECTOR_NAME, "rtp");
}
epdu_len = wtap_buffer_append_epdu_end(buf);
/* Offset is milliseconds since the start of recording */
ts.secs = offset / 1000;
ts.nsecs = (offset % 1000) * 1000000;
nstime_sum(&rec->ts, &priv->start_time, &ts);
rec->presence_flags |= WTAP_HAS_TS | WTAP_HAS_CAP_LEN;
rec->rec_header.packet_header.caplen = epdu_len + plen;
rec->rec_header.packet_header.len = epdu_len + length;
rec->rec_type = REC_TYPE_PACKET;
return wtap_read_packet_bytes(fh, buf, length, err, err_info);
}
static gboolean
rtpdump_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info,
gint64 *data_offset)
{
*data_offset = file_tell(wth->fh);
return rtpdump_read_packet(wth, wth->fh, rec, buf, err, err_info);
}
static gboolean
rtpdump_seek_read(wtap *wth, gint64 seek_off, wtap_rec *rec,
Buffer *buf, int *err, gchar **err_info)
{
if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
return FALSE;
return rtpdump_read_packet(wth, wth->random_fh, rec, buf, err, err_info);
}
static void
rtpdump_close(wtap *wth)
{
rtpdump_priv_t *priv = (rtpdump_priv_t *)wth->priv;
ws_buffer_free(&priv->epdu_headers);
}
static const struct supported_block_type rtpdump_blocks_supported[] = {
/* We support packet blocks, with no comments or other options. */
{ WTAP_BLOCK_PACKET, MULTIPLE_BLOCKS_SUPPORTED, NO_OPTIONS_SUPPORTED }
};
static const struct file_type_subtype_info rtpdump_info = {
"RTPDump stream file", "rtpdump", "rtp", "rtpdump",
FALSE, BLOCKS_SUPPORTED(rtpdump_blocks_supported),
NULL, NULL, NULL
};
void register_rtpdump(void)
{
rtpdump_file_type_subtype = wtap_register_file_type_subtype(&rtpdump_info);
}
|
