RVOIP RTP Core
Overview
The rtp-core library provides comprehensive RTP/RTCP implementation and secure media transport capabilities for the rvoip VoIP stack. It handles all packet-level operations in the media transport layer, including RTP/RTCP packet processing, network transport, security (DTLS-SRTP), buffer management, and statistics collection.
Architecture
The RTP Core sits at the foundation of the media transport stack, providing reliable and secure packet-level communication:
┌─────────────────────────────────────────┐
│ Application Layer │
├─────────────────────────────────────────┤
│ rvoip-media-core │
├─────────────────────────────────────────┤
│ rvoip-rtp-core ⬅️ YOU ARE HERE
├─────────────────────────────────────────┤
│ Network Layer │
└─────────────────────────────────────────┘
Key Components
- RTP/RTCP Processing: Complete RFC 3550 implementation with all packet types
- Security Layer: DTLS-SRTP, SDES-SRTP, MIKEY (PSK/PKE), and ZRTP implementations
- Transport Management: UDP, TCP with multiplexing and connection management
- Buffer Management: Adaptive jitter buffer and high-performance memory pooling
- Statistics & Monitoring: Comprehensive quality metrics and network analysis
- Payload Formats: Support for audio/video codecs (G.711, G.722, Opus, VP8/VP9)
Security Architecture
The library provides a complete multimedia security ecosystem with multiple protocols:
┌─────────────────────────────────────────────────────────────┐
│ Security Protocols │
├─────────────────┬──────────────┬─────────────┬─────────────┤
│ ZRTP │ MIKEY-PSK │ MIKEY-PKE │ SDES-SRTP │
│ (P2P Calls) │ (Enterprise) │ (PKI-based) │ (SIP-based) │
├─────────────────┴──────────────┴─────────────┴─────────────┤
│ DTLS-SRTP │
│ (WebRTC Compatible) │
├─────────────────────────────────────────────────────────────┤
│ SRTP/SRTCP Core │
│ (AES-CM/GCM, HMAC-SHA1/256) │
└─────────────────────────────────────────────────────────────┘
Features
✅ Completed Features
RTP/RTCP Implementation
- ✅ Complete RFC 3550 compliant RTP/RTCP packet processing
- ✅ All RTCP packet types: SR, RR, SDES, BYE, APP, XR (RFC 3611)
- ✅ RTP header extensions support (RFC 8285, one-byte and two-byte formats)
- ✅ CSRC management for conferencing and mixing scenarios
- ✅ Sequence number tracking with reordering and duplicate detection
- ✅ Timestamp management and clock rate conversion
- ✅ SSRC collision detection and resolution
Security Protocols
- ✅ SRTP/SRTCP: Complete RFC 3711 implementation
- ✅ AES-CM (Counter Mode) and AES-GCM encryption
- ✅ HMAC-SHA1 authentication (80-bit and 32-bit variants)
- ✅ Key derivation functions and IV generation
- ✅ Replay protection and tamper detection
- ✅ Multiple cipher suite support
- ✅ DTLS-SRTP: WebRTC-compatible secure transport
- ✅ DTLS 1.2 handshake protocol with cookie exchange
- ✅ ECDHE key exchange using P-256 curve
- ✅ Certificate-based authentication
- ✅ SRTP key derivation from DTLS handshake
- ✅ ZRTP: Zero-configuration peer-to-peer security
- ✅ Diffie-Hellman key exchange without PKI
- ✅ SAS (Short Authentication String) verification
- ✅ Perfect forward secrecy
- ✅ Voice path authentication
- ✅ MIKEY Protocols: Enterprise key management
- ✅ MIKEY-PSK: Pre-shared key mode for corporate environments
- ✅ MIKEY-PKE: Public key encryption with X.509 certificates
- ✅ Certificate Authority (CA) support
- ✅ RSA encryption and digital signatures
- ✅ SDES-SRTP: SDP-based key exchange for SIP compatibility
Transport and Network
- ✅ UDP transport with symmetric RTP support
- ✅ TCP transport for reliable delivery
- ✅ RTCP multiplexing (RFC 5761) on single port
- ✅ Smart port allocation strategies (Sequential, Random, Incremental)
- ✅ Cross-platform socket validation (Windows, macOS, Linux)
- ✅ IPv4/IPv6 dual-stack support
- ✅ Connection lifecycle management
Buffer Management
- ✅ High-performance adaptive jitter buffer
- ✅ Memory pooling to minimize allocations
- ✅ Priority-based transmit buffer with congestion control
- ✅ Global memory limits and resource management
- ✅ Buffer statistics and monitoring
- ✅ Tested with 500 concurrent streams (500,000+ packets)
Payload Formats
- ✅ Audio codecs: G.711 (μ-law/A-law), G.722, Opus
- ✅ Video codecs: VP8, VP9 with RFC 7741/8741 compliance
- ✅ Codec-specific timestamp handling
- ✅ Payload type negotiation and management
- ✅ Custom payload format extensibility
Statistics and Quality Monitoring
- ✅ Comprehensive packet loss and jitter tracking
- ✅ Round-trip time (RTT) measurement
- ✅ Bandwidth estimation and congestion detection
- ✅ MOS score estimation and R-factor calculation
- ✅ Quality metrics aggregation and reporting
- ✅ RTCP report generation and processing
- ✅ Network quality trend analysis
Integration and API
- ✅ Clean MediaTransport trait for media-core integration
- ✅ Event-driven architecture with comprehensive event system
- ✅ Client/Server API separation for different use cases
- ✅ Builder patterns for complex configurations
- ✅ Async/await support throughout
🚧 Planned Features
Performance Optimizations
- 🚧 Zero-copy packet processing optimizations
- 🚧 Hardware acceleration support (AES-NI, etc.)
- 🚧 SIMD optimizations for crypto operations
- 🚧 Lock-free data structures for high concurrency
Advanced Security
- 🚧 Hardware Security Module (HSM) integration
- 🚧 DTLS 1.3 support with 0-RTT handshakes
- 🚧 Post-quantum cryptography preparation
- 🚧 Advanced key rotation and management
Enhanced Reliability
- 🚧 Forward Error Correction (FEC) - RFC 5109
- 🚧 Redundant Encoding (RED) - RFC 2198
- 🚧 Transport-wide congestion control
- 🚧 Automatic quality adaptation
Monitoring and Diagnostics
- 🚧 Real-time performance monitoring
- 🚧 Packet capture and analysis tools
- 🚧 Network topology discovery
- 🚧 Quality degradation alerts
Usage
Basic RTP Session
use *;
async
Secure RTP with DTLS-SRTP
use *;
async
ZRTP Peer-to-Peer Security
use *;
async
Enterprise MIKEY-PKE with Certificates
use *;
async
High-Performance Buffer Configuration
use *;
async
SRTP Implementation
The SRTP implementation follows RFC 3711 and provides enterprise-grade security:
Security Features
-
Encryption Algorithms:
- AES-CM (Counter Mode) encryption
- AES-GCM for authenticated encryption
- NULL encryption (for authentication-only mode)
-
Authentication Algorithms:
- HMAC-SHA1 authentication with 80-bit and 32-bit output
- HMAC-SHA256 for enhanced security
- NULL authentication (for encryption-only mode)
-
Key Management:
- Session key derivation from master keys
- Secure IV generation for encryption
- SRTP context management with replay protection
-
Tamper Detection:
- Authentication tag verification
- Packet modification detection
- Cryptographically secure validation
Implementation Highlights
The implementation includes critical security improvements:
- Authentication Tag Handling: Fixed authentication tag discarding vulnerability by introducing
ProtectedRtpPacketstruct - Tamper Detection: Comprehensive verification of authentication tags
- Key Derivation: Standards-compliant key derivation following RFC 3711 Section 4.3
- Cipher Support: All standard SRTP cipher suites implemented
Example Usage
// Create SRTP crypto context
let crypto_key = new;
let crypto = new?;
// Encrypt RTP packet
let = crypto.encrypt_rtp?;
let protected = new;
// Serialize for transmission
let bytes = protected.serialize?;
// On receiving side - automatically verifies auth tag
let decrypted_packet = crypto.decrypt_rtp?;
Statistics and Quality Monitoring
The library provides comprehensive quality monitoring capabilities:
Quality Metrics
- Packet Loss: Detection and percentage calculation
- Jitter: RFC 3550 compliant jitter calculation
- Latency: Round-trip time measurement
- Bandwidth: Usage estimation and congestion detection
- MOS Score: Voice quality estimation
- R-Factor: ITU-T G.107 quality rating
RTCP Reports
- Sender Reports (SR): Transmission statistics
- Receiver Reports (RR): Reception quality feedback
- Extended Reports (XR): Additional quality metrics
- Source Description (SDES): Participant information
Example Quality Monitoring
// Get comprehensive statistics
let stats = session.get_statistics.await?;
println!;
println!;
println!;
println!;
// Configure quality alerts
session.set_quality_thresholds.await?;
Relationship to Other Crates
Core Dependencies
rvoip-sip-core: SIP message types and SDP handlingtokio: Async runtime for network operationsring: Cryptographic operations for securityrcgen: Certificate generation for DTLS
Integration with rvoip Stack
The RTP Core provides the foundation for media transport in the rvoip stack:
- Upward Interface: Delivers media frames to media-core and call-engine
- Downward Interface: Handles network-level packet transmission/reception
- Security Integration: Provides secure transport for all media communications
- Event Propagation: Notifies upper layers of transport events and quality changes
Testing
Run the comprehensive test suite:
# Run all tests
# Run with specific features
# Run security-specific tests
# Run performance tests
Example Applications
The library includes comprehensive examples demonstrating all features:
# Basic RTP communication
# Secure DTLS-SRTP session
# ZRTP peer-to-peer security
# Enterprise MIKEY-PKE
# High-performance buffers
# Quality monitoring
# Cross-platform compatibility
Performance Characteristics
Throughput
- Packet Processing: 100,000+ packets/second per core
- Concurrent Streams: Tested with 500+ simultaneous streams
- Memory Usage: ~2KB per active stream
- Crypto Operations: Hardware-accelerated when available
Scalability Factors
- Buffer Management: Adaptive sizing based on network conditions
- Memory Pooling: Reduces GC pressure in high-throughput scenarios
- Connection Management: Efficient resource allocation
- Security Context: Minimal overhead for established sessions
Optimization Recommendations
- Security Protocol Selection: ZRTP for P2P, MIKEY for enterprise, DTLS for WebRTC
- Buffer Configuration: Tune based on network RTT and jitter characteristics
- Memory Management: Use memory pooling for high-volume applications
- Transport Selection: UDP for low latency, TCP for reliability
Error Handling
The library provides comprehensive error handling with categorized error types:
use Error;
match rtp_result
Future Improvements
Performance Enhancements
- Hardware Security Module (HSM) integration for private key operations
- Zero-copy packet processing with custom allocators
- SIMD optimizations for cryptographic operations
- Lock-free data structures for ultra-high concurrency
Protocol Extensions
- DTLS 1.3 support with 0-RTT handshakes
- Post-quantum cryptography preparation
- Advanced ZRTP features (voice authentication, key continuity)
- MIKEY-DH hybrid mode for enterprise scenarios
Advanced Features
- Forward Error Correction (FEC) for lossy networks
- Transport-wide congestion control
- Machine learning-based quality prediction
- Real-time network topology adaptation
Contributing
Contributions are welcome! Please see the main rvoip contributing guidelines for details.
For rtp-core specific contributions:
- Ensure RFC compliance for any protocol changes
- Add comprehensive tests for new security features
- Update documentation for any API changes
- Consider performance impact for high-throughput scenarios
License
This project is licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.