From 80d3245f4ab92290b476fc7519d2381a1efab351 Mon Sep 17 00:00:00 2001
From: Anders Broman <anders.broman@ericsson.com>
Date: Mon, 28 Jan 2013 15:41:45 +0000
Subject: [PATCH] Try to detect duplicated packets due to mirroring/span ports
 by comparing src MAC addresses.

svn path=/trunk/; revision=47324
---
 tap-rtp-common.c      | 13 +++++++++++++
 ui/gtk/rtp_analysis.c | 21 +++++++++++++++------
 ui/gtk/rtp_analysis.h |  8 +++++---
 3 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/tap-rtp-common.c b/tap-rtp-common.c
index 2706e8a332..23f6eeb4da 100644
--- a/tap-rtp-common.c
+++ b/tap-rtp-common.c
@@ -450,6 +450,10 @@ int rtp_packet_analyse(tap_rtp_stat_t *statinfo,
 
 	/*  Is this the first packet we got in this direction? */
 	if (statinfo->first_packet) {
+		/* Save the MAC address of the first RTP frame */
+		if( pinfo->dl_src.type == AT_ETHER){
+			COPY_ADDRESS(&(statinfo->first_packet_mac_addr), &(pinfo->dl_src));
+		}
 		statinfo->start_seq_nr = rtpinfo->info_seq_num;
 		statinfo->stop_seq_nr = rtpinfo->info_seq_num;
 		statinfo->seq_num = rtpinfo->info_seq_num;
@@ -482,6 +486,15 @@ int rtp_packet_analyse(tap_rtp_stat_t *statinfo,
 	/* Reset flags */
 	statinfo->flags = 0;
 
+	/* Chek for duplicates (src mac differs from first_packet_mac_addr) */
+	if( pinfo->dl_src.type == AT_ETHER){
+		if(!ADDRESSES_EQUAL(&(statinfo->first_packet_mac_addr), &(pinfo->dl_src))){
+			statinfo->flags |= STAT_FLAG_DUP_PKT;
+			statinfo->delta = current_time-(statinfo->time);
+			return 0;
+		}
+	}
+
 	/* When calculating expected rtp packets the seq number can wrap around
 	 * so we have to count the number of cycles
 	 * Variable cycles counts the wraps around in forwarding connection and
diff --git a/ui/gtk/rtp_analysis.c b/ui/gtk/rtp_analysis.c
index cda714017d..2b538db1c3 100644
--- a/ui/gtk/rtp_analysis.c
+++ b/ui/gtk/rtp_analysis.c
@@ -555,6 +555,7 @@ static const GdkColor COLOR_DEFAULT = {0, 0xffff, 0xffff, 0xffff};
 static const GdkColor COLOR_ERROR = {0, 0xffff, 0xbfff, 0xbfff};
 static const GdkColor COLOR_WARNING = {0, 0xffff, 0xdfff, 0xbfff};
 static const GdkColor COLOR_CN = {0, 0xbfff, 0xbfff, 0xffff};
+GdkColor yellow = {0, 0xffff, 0xffff, 0x0000};
 COLOR_T_EVENT g_snprintf(color_str, sizeof(color_str), "#ef8c bfff ffff");
 static const GdkColor COLOR_FOREGROUND = {0, 0x0000, 0x0000, 0x0000};
 */
@@ -569,7 +570,7 @@ rtp_packet_add_info(GtkWidget *list, user_data_t * user_data,
 	gchar	   timeStr[32];
 	struct tm *tm_tmp;
 	time_t	   then;
-	gchar	   status[40];
+	gchar	   status[80];
 	gchar	   color_str[14];
 
 	then = pinfo->fd->abs_ts.secs;
@@ -602,6 +603,11 @@ rtp_packet_add_info(GtkWidget *list, user_data_t * user_data,
 		/* color = COLOR_ERROR; */
 		g_snprintf(color_str, sizeof(color_str), "#ffffbfffbfff");
 	}
+	else if (statinfo->flags & STAT_FLAG_DUP_PKT) {
+		g_snprintf(status, sizeof(status), "Suspected duplicate(MAC address) only delta time calculated");
+		/* color = Yellow; */
+		g_snprintf(color_str, sizeof(color_str), "#ffffffff0000");
+	}
 	else if (statinfo->flags & STAT_FLAG_REG_PT_CHANGE) {
 		if (statinfo->flags & STAT_FLAG_PT_T_EVENT) {
 			g_snprintf(status, sizeof(status), "Payload changed to PT=%u telephone/event", statinfo->pt);
@@ -1353,9 +1359,10 @@ dialog_graph_draw(user_data_t* user_data)
 				   * ((last_interval-interval)/user_data->dlg.dialog_graph.interval + 1))
 				+ left_x_border;
 
-			if (user_data->dlg.dialog_graph.graph[i]
-.items[interval/user_data->dlg.dialog_graph.interval].flags & (STAT_FLAG_WRONG_SEQ|STAT_FLAG_MARKER)) {
-				if (user_data->dlg.dialog_graph.graph[i].items[interval/user_data->dlg.dialog_graph.interval].flags & STAT_FLAG_WRONG_SEQ) {
+			if (user_data->dlg.dialog_graph.graph[i].items[interval/user_data->dlg.dialog_graph.interval].flags & 
+				(STAT_FLAG_WRONG_SEQ|STAT_FLAG_MARKER|STAT_FLAG_DUP_PKT)) {
+				if (user_data->dlg.dialog_graph.graph[i].items[interval/user_data->dlg.dialog_graph.interval].flags & 
+					(STAT_FLAG_WRONG_SEQ|STAT_FLAG_DUP_PKT)) {
 					g_strlcpy(label_string, "x", sizeof(label_string));
 				} else {
 					g_strlcpy(label_string, "m", sizeof(label_string));
@@ -3547,7 +3554,8 @@ create_rtp_dialog(user_data_t* user_data)
 		str_src, user_data->port_src_fwd, str_dst, user_data->port_dst_fwd, user_data->ssrc_fwd);
 
 	g_snprintf(label_forward_tree, sizeof(label_forward_tree),
-		"Analysing stream from  %s port %u  to  %s port %u   SSRC = 0x%X",
+		"Analysing stream from  %s port %u  to  %s port %u   SSRC = 0x%X \n"
+		"Note many things affects the accurasy of the analysis, use with caution",
 		str_src, user_data->port_src_fwd, str_dst, user_data->port_dst_fwd, user_data->ssrc_fwd);
 
 
@@ -3555,7 +3563,8 @@ create_rtp_dialog(user_data_t* user_data)
 	g_strlcpy(str_dst, get_addr_name(&(user_data->dst_rev)), sizeof(str_dst));
 
 	g_snprintf(label_reverse, sizeof(label_reverse),
-		"Analysing stream from  %s port %u  to  %s port %u   SSRC = 0x%X",
+		"Analysing stream from  %s port %u  to  %s port %u   SSRC = 0x%X \n"
+		"Note many things affects the accurasy of the analysis, use with caution",
 		str_src, user_data->port_src_rev, str_dst, user_data->port_dst_rev, user_data->ssrc_rev);
 
 	/* Start a notebook for flipping between sets of changes */
diff --git a/ui/gtk/rtp_analysis.h b/ui/gtk/rtp_analysis.h
index 675a1382b1..2eb495c96b 100644
--- a/ui/gtk/rtp_analysis.h
+++ b/ui/gtk/rtp_analysis.h
@@ -64,12 +64,13 @@ typedef struct _bw_history_item {
 #define BUFF_BW 300 
 
 typedef struct _tap_rtp_stat_t {
-	gboolean first_packet;     /* do not use in code that is called after rtp_packet_analyse */
+	gboolean first_packet;     /**< do not use in code that is called after rtp_packet_analyse */
 	                           /* use (flags & STAT_FLAG_FIRST) instead */
 	/* all of the following fields will be initialized after
 	 * rtp_packet_analyse has been called
 	 */
-	guint32 flags;             /* see STAT_FLAG-defines below */
+	address first_packet_mac_addr;	/**< MAC address of first packet, used to determine duplicates due to mirroring */
+	guint32 flags;					/* see STAT_FLAG-defines below */
 	guint16 seq_num;
 	guint32 timestamp;
 	guint32 first_timestamp;
@@ -88,7 +89,7 @@ typedef struct _tap_rtp_stat_t {
 	double sumTS;
 	double sumt2;
 	double sumtTS;
-	double time;           /* Unit is ms */
+	double time;           /**< Unit is ms */
 	double start_time;
 	double lastnominaltime;
 	double max_delta;
@@ -118,6 +119,7 @@ typedef struct _tap_rtp_stat_t {
 #define STAT_FLAG_REG_PT_CHANGE		0x040
 #define STAT_FLAG_WRONG_TIMESTAMP	0x080
 #define STAT_FLAG_PT_T_EVENT		0x100
+#define STAT_FLAG_DUP_PKT			0x200
 
 /* forward */
 struct _rtp_info;