RTP and UDP

Hello,

> I wonder How to distingiush the RTP header from the UDP
> header, It seems as if there is no peculiar features for RTP
> header.In your lib, you think the UDP destination ports value in
> RTP headers can not appear in the single UDP headers,is it
> enough and abundant? your lib offers several UDP destination
> ports of RTP,However,is it all RTP ports?

In the RTP standard, there is no UDP port reserved for RTP traffic. The UDP ports are chosen dynamically by the applications that create RTP packets. This fact makes difficult for the ROHC library to detect the IP/UDP/RTP streams among the non-RTP IP/UDP streams.

The very first versions of the ROHC library implemented the RTP detection with a fixed list of UDP ports that were considered as used only for RTP traffic. The list was static, it could only be changed by editing the source code of the library and building it again. In short, it was not very useful.

At some time in past, the list of UDP ports was made more dynamic: several functions were added to the public API of the ROHC library to manage the list (add/remove/reset). Defining the list of UDP ports dedicated to RTP traffic was left to the application that uses the library.

Later, a more flexible method was added. A new method was needed because, even if the list of UDP ports was dynamic, some UDP ports should still be reserved to RTP traffic for all source and destination IP addresses. That doesn't fit how things are in the real world. So, the library has now a way to specify a user function that is called for every UDP packet: the function shall be written by the application that uses the ROHC library, the function shall return true if the packet is RTP and false if it doesn't, the function may perform any action to take that decision, that's up to the application to write its own function that fits its needs.

Please find hereafter several examples of RTP detection:
* basic example with one single static UDP port: https://bazaar.launchpad.net/~didier-barvaux/rohc/rohc-1.7.x/view/head:/examples/rtp_detection.c
* more advanced example that tries to perform some Deep Packet Inspection (DPI, https://en.wikipedia.org/wiki/Deep_packet_inspection) to detection whether the first bytes of the UDP payload match one RTP header or not: https://bazaar.launchpad.net/~didier-barvaux/rohc/rohc-1.7.x/view/head:/app/sniffer/sniffer.c#L1739

A smart (but complicated) way to detect RTP streams for an application could be to analyze all the SIP packets (UDP port 5060 or TCP port 5060) to detect the UDP ports that the SIP phone and the SIP server will use.

Regards,
Didier

Hello,
    The rtp_detect_cb(...) in the https://bazaar.launchpad.net/~didier-barvaux/rohc/rohc-1.7.x/view/head:/app/sniffer/sniffer.c#L1739 is enough and accurate for RTP detection from the UDP streams? Are there any negligence or improvement for it? Thank you.
     It seems as if the RTP detection in lib 1.7.0 is also implemented by a fixed list of UDP ports that are considered as used only for RTP traffic.

Regards,
CXS

Hello,

> The rtp_detect_cb(...) in the [...]/sniffer.c#L1739 is enough and accurate
> for RTP detection from the UDP streams? Are there any negligence or
> improvement for it? Thank you.

It entirely depends on your needs. And on your RTP streams. Think of it as a good start that may be modified to fit your needs.

> It seems as if the RTP detection in lib 1.7.0 is also implemented by a
> fixed list of UDP ports that are considered as used only for RTP traffic.

Yes, but that code is considered as deprecated in favor of the callback function. It will be removed in next version. I advise you that you don't use it in new code.

Regards,
Didier

Hi,

If you want safer RTP flow identification, you can also you Deep Packet
Inspection (DPI) tools, such as TIE or libprotoident
 that give very good results for determining the related protocol stack
used by applications

Cheers

Cédric

2014-09-21 13:26 GMT+02:00 Didier Barvaux <
<email address hidden>>:

> Question #254639 on rohc changed:
> https://answers.launchpad.net/rohc/+question/254639
>
> Status: Open => Answered
>
> Didier Barvaux proposed the following answer:
> Hello,
>
> > The rtp_detect_cb(...) in the [...]/sniffer.c#L1739 is enough and
> accurate
> > for RTP detection from the UDP streams? Are there any negligence or
> > improvement for it? Thank you.
>
> It entirely depends on your needs. And on your RTP streams. Think of it
> as a good start that may be modified to fit your needs.
>
> > It seems as if the RTP detection in lib 1.7.0 is also implemented by
> a
> > fixed list of UDP ports that are considered as used only for RTP traffic.
>
> Yes, but that code is considered as deprecated in favor of the callback
> function. It will be removed in next version. I advise you that you
> don't use it in new code.
>
> Regards,
> Didier
>
> --
> You received this question notification because you are a member of ROHC
> Team, which is an answer contact for rohc.
>
> _______________________________________________
> Mailing list: https://launchpad.net/~rohc
> Post to : <email address hidden>
> Unsubscribe : https://launchpad.net/~rohc
> More help : https://help.launchpad.net/ListHelp
>

as for "rohc-1.7.0\rohc-1.7.0\test\non_regression\inputs\ipv6\udp\rtp\video1\source.pcap",this file shows that the UDP length of RTP packets is greater than 200 bytes, and the UDP ports are not all even, so, is there anything wrong with the rules in the rtp_detect_cb(...) in the https://bazaar.launchpad.net/~didier-barvaux/rohc/rohc-1.7.x/view/head:/app/sniffer/sniffer.c#L1739? Thank you.

Hello,

The RTP detection from the sniffer is targeted at VoIP traffic, that's why it decides that packets that are greater than 200 bytes are not RTP. That's an implementation choice. The video1 test file contains a video stream. It is much larger than VoIP and won't be detected as RTP by the sniffer tool.

The RTP standard (RFC 3550, §11) says that RTP should use even destination ports. The video1 test file contains a RTP video stream with destination port 1234 as expected. However, the RTP detection from the sniffer is not correct, it shall not check the source port to be an even number. I fixed that.

Regards,
Didier

Thanks Didier Barvaux, that solved my question.

Hello,
  In the rtp_detect_cb(...) in the https://bazaar.launchpad.net/~didier-barvaux/rohc/rohc-1.7.x/view/head:/app/sniffer/sniffer.c#L1739,when thinking about that SIP (UDP/5060) is not RTP,I think the "&&" should become "||" as below, do you think so?
         /* SIP (UDP/5060) is not RTP */
 if(ntohs(udp_sport) == sip_port || ntohs(udp_dport) == sip_port)
 {
  goto not_rtp;
 }
  By the way, on the other side,the RTP profile is not Implemented completely in your lib,for example,it does not support the CSRC Presence,so,when can we have the honour to read your complete implementation RTP code? thank you.

Regards,
cxs

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Hello,

> In the rtp_detect_cb(...) in the [...], when thinking about that SIP (UDP/5060)
> is not RTP,I think the "&&" should become "||" as below, do you think so?

Yes, the test could probably be relaxed, but the sniffer is only a test tool, so that isn't very important. The real fix should probably to perform better DPI.

> By the way, on the other side,the RTP profile is not Implemented completely
> in your lib,for example,it does not support the CSRC Presence,so,when can we
> have the honour to read your complete implementation RTP code?

I didn't plan to add support for the CSRC field yet. I didn't encounter is in real world situations yet. Do you use this field? If yes, please send me some traffic captures so I can implement support for it.

Regards,
Didier

Now I can see it,thank you.