MT#63317 remove duplicate header parsing

Pass down RTP/RTCP header to crypto functions so that they don't need to
parse it out again.

Change-Id: I551ab6a668cc99c903cde8807f6f9c10fc0cf6d5

daemon/crypto.c

@@ -18,22 +18,22 @@
 
 #include "xt_RTPENGINE.h"
 
-static int aes_cm_encrypt_rtp(struct crypto_context *, struct rtp_header *, str *, uint32_t);
-static int aes_cm_encrypt_rtcp(struct crypto_context *, struct rtcp_packet *, str *, uint32_t);
-static int aes_gcm_encrypt_rtp(struct crypto_context *, struct rtp_header *, str *, uint32_t);
-static int aes_gcm_decrypt_rtp(struct crypto_context *, struct rtp_header *, str *, uint32_t);
-static int aes_gcm_encrypt_rtcp(struct crypto_context *, struct rtcp_packet *, str *, uint32_t);
-static int aes_gcm_decrypt_rtcp(struct crypto_context *, struct rtcp_packet *, str *, uint32_t);
+static int aes_cm_encrypt_rtp(struct crypto_context *, const struct rtp_header *, str *, uint32_t);
+static int aes_cm_encrypt_rtcp(struct crypto_context *, const struct rtcp_packet *, str *, uint32_t);
+static int aes_gcm_encrypt_rtp(struct crypto_context *, const struct rtp_header *, str *, uint32_t);
+static int aes_gcm_decrypt_rtp(struct crypto_context *, const struct rtp_header *, str *, uint32_t);
+static int aes_gcm_encrypt_rtcp(struct crypto_context *, const struct rtcp_packet *, str *, uint32_t);
+static int aes_gcm_decrypt_rtcp(struct crypto_context *, const struct rtcp_packet *, str *, uint32_t);
 static int hmac_sha1_rtp(struct crypto_context *, char *out, str *in, uint32_t);
 static int hmac_sha1_rtcp(struct crypto_context *, char *out, str *in);
-static int aes_f8_encrypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s, uint32_t idx);
-static int aes_f8_encrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, str *s, uint32_t idx);
+static int aes_f8_encrypt_rtp(struct crypto_context *c, const struct rtp_header *r, str *s, uint32_t idx);
+static int aes_f8_encrypt_rtcp(struct crypto_context *c, const struct rtcp_packet *r, str *s, uint32_t idx);
 static int aes_cm_session_key_init(struct crypto_context *c);
 static int aes_gcm_session_key_init(struct crypto_context *c);
 static int aes_f8_session_key_init(struct crypto_context *c);
 static int evp_session_key_cleanup(struct crypto_context *c);
-static int null_crypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s, uint32_t idx);
-static int null_crypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, str *s, uint32_t idx);
+static int null_crypt_rtp(struct crypto_context *c, const struct rtp_header *r, str *s, uint32_t idx);
+static int null_crypt_rtcp(struct crypto_context *c, const struct rtcp_packet *r, str *s, uint32_t idx);
 
 /* all lengths are in bytes */
 struct crypto_suite __crypto_suites[] = {
@@ -534,12 +534,12 @@ static int aes_cm_encrypt(struct crypto_context *c, uint32_t ssrc, str *s, uint3
 }
 
 /* rfc 3711 section 4.1 */
-static int aes_cm_encrypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s, uint32_t idx) {
+static int aes_cm_encrypt_rtp(struct crypto_context *c, const struct rtp_header *r, str *s, uint32_t idx) {
 	return aes_cm_encrypt(c, r->ssrc, s, idx);
 }
 
 /* rfc 3711 sections 3.4 and 4.1 */
-static int aes_cm_encrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, str *s, uint32_t idx) {
+static int aes_cm_encrypt_rtcp(struct crypto_context *c, const struct rtcp_packet *r, str *s, uint32_t idx) {
 	return aes_cm_encrypt(c, r->ssrc, s, idx);
 }
 
@@ -558,7 +558,7 @@ union aes_gcm_rtp_iv {
 _Static_assert(offsetof(union aes_gcm_rtp_iv, seq) == 10,
                "union aes_gcm_rtp_iv not packed");
 
-static int aes_gcm_encrypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s, uint32_t idx) {
+static int aes_gcm_encrypt_rtp(struct crypto_context *c, const struct rtp_header *r, str *s, uint32_t idx) {
 	union aes_gcm_rtp_iv iv;
 	int len, ciphertext_len;
 
@@ -587,7 +587,7 @@ static int aes_gcm_encrypt_rtp(struct crypto_context *c, struct rtp_header *r, s
 	return 0;
 }
 
-static int aes_gcm_decrypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s, uint32_t idx) {
+static int aes_gcm_decrypt_rtp(struct crypto_context *c, const struct rtp_header *r, str *s, uint32_t idx) {
 	union aes_gcm_rtp_iv iv;
 	int len, plaintext_len;
 
@@ -634,7 +634,7 @@ union aes_gcm_rtcp_iv {
 _Static_assert(offsetof(union aes_gcm_rtcp_iv, srtcp) == 8,
                "union aes_gcm_rtcp_iv not packed");
 
-static int aes_gcm_encrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, str *s, uint32_t idx) {
+static int aes_gcm_encrypt_rtcp(struct crypto_context *c, const struct rtcp_packet *r, str *s, uint32_t idx) {
 	union aes_gcm_rtcp_iv iv;
 	uint32_t e_idx;
 	int len, ciphertext_len;
@@ -665,7 +665,7 @@ static int aes_gcm_encrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r,
 	return 0;
 }
 
-static int aes_gcm_decrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, str *s, uint32_t idx) {
+static int aes_gcm_decrypt_rtcp(struct crypto_context *c, const struct rtcp_packet *r, str *s, uint32_t idx) {
 	union aes_gcm_rtcp_iv iv;
 	uint32_t e_idx;
 	int len, plaintext_len;
@@ -761,7 +761,7 @@ done:
 }
 
 /* rfc 3711 section 4.1.2.2 */
-static int aes_f8_encrypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s, uint32_t idx) {
+static int aes_f8_encrypt_rtp(struct crypto_context *c, const struct rtp_header *r, str *s, uint32_t idx) {
 	unsigned char iv[16];
 	uint32_t roc;
 
@@ -776,7 +776,7 @@ static int aes_f8_encrypt_rtp(struct crypto_context *c, struct rtp_header *r, st
 }
 
 /* rfc 3711 section 4.1.2.3 */
-static int aes_f8_encrypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, str *s, uint32_t idx) {
+static int aes_f8_encrypt_rtcp(struct crypto_context *c, const struct rtcp_packet *r, str *s, uint32_t idx) {
 	unsigned char iv[16];
 	uint32_t i;
 
@@ -930,10 +930,10 @@ static int evp_session_key_cleanup(struct crypto_context *c) {
 	return 0;
 }
 
-static int null_crypt_rtp(struct crypto_context *c, struct rtp_header *r, str *s, uint32_t idx) {
+static int null_crypt_rtp(struct crypto_context *c, const struct rtp_header *r, str *s, uint32_t idx) {
 	return 0;
 }
-static int null_crypt_rtcp(struct crypto_context *c, struct rtcp_packet *r, str *s, uint32_t idx) {
+static int null_crypt_rtcp(struct crypto_context *c, const struct rtcp_packet *r, str *s, uint32_t idx) {
 	return 0;
 }
 

daemon/media_socket.c

@@ -112,10 +112,14 @@ static int __k_null(struct rtpengine_srtp *s, struct packet_stream *);
 static int __k_srtp_encrypt(struct rtpengine_srtp *s, struct packet_stream *);
 static int __k_srtp_decrypt(struct rtpengine_srtp *s, struct packet_stream *);
 
-static int call_avp2savp_rtp(str *s, struct packet_stream *, struct ssrc_entry_call *);
-static int call_savp2avp_rtp(str *s, struct packet_stream *, struct ssrc_entry_call *);
-static int call_avp2savp_rtcp(str *s, struct packet_stream *, struct ssrc_entry_call *);
-static int call_savp2avp_rtcp(str *s, struct packet_stream *, struct ssrc_entry_call *);
+static int call_avp2savp_rtp(const struct rtp_header *, str *s, str *payload, struct packet_stream *,
+		struct ssrc_entry_call *);
+static int call_savp2avp_rtp(const struct rtp_header *, str *s, str *payload, struct packet_stream *,
+		struct ssrc_entry_call *);
+static int call_avp2savp_rtcp(const struct rtcp_packet *, str *s, str *payload, struct packet_stream *,
+		struct ssrc_entry_call *);
+static int call_savp2avp_rtcp(const struct rtcp_packet *, str *s, str *payload, struct packet_stream *,
+		struct ssrc_entry_call *);
 
 
 static struct logical_intf *__get_logical_interface(const str *name, sockfamily_t *fam);
@@ -1470,21 +1474,25 @@ static void stream_fd_closed(int fd, void *p) {
 
 
 
-static int call_avp2savp_rtp(str *s, struct packet_stream *stream, struct ssrc_entry_call *ssrc_ctx)
+static int call_avp2savp_rtp(const struct rtp_header *rtp, str *s, str *payload, struct packet_stream *stream,
+		struct ssrc_entry_call *ssrc_ctx)
 {
-	return rtp_avp2savp(s, &stream->crypto, ssrc_ctx);
+	return rtp_avp2savp(rtp, s, payload, &stream->crypto, ssrc_ctx);
 }
-static int call_avp2savp_rtcp(str *s, struct packet_stream *stream, struct ssrc_entry_call *ssrc_ctx)
+static int call_avp2savp_rtcp(const struct rtcp_packet *rtcp, str *s, str *payload, struct packet_stream *stream,
+		struct ssrc_entry_call *ssrc_ctx)
 {
-	return rtcp_avp2savp(s, &stream->crypto, ssrc_ctx);
+	return rtcp_avp2savp(rtcp, s, payload, &stream->crypto, ssrc_ctx);
 }
-static int call_savp2avp_rtp(str *s, struct packet_stream *stream, struct ssrc_entry_call *ssrc_ctx)
+static int call_savp2avp_rtp(const struct rtp_header *rtp, str *s, str *payload, struct packet_stream *stream,
+		struct ssrc_entry_call *ssrc_ctx)
 {
-	return rtp_savp2avp(s, &stream->selected_sfd->crypto, ssrc_ctx);
+	return rtp_savp2avp(rtp, s, payload, &stream->selected_sfd->crypto, ssrc_ctx);
 }
-static int call_savp2avp_rtcp(str *s, struct packet_stream *stream, struct ssrc_entry_call *ssrc_ctx)
+static int call_savp2avp_rtcp(const struct rtcp_packet *rtcp, str *s, str *payload, struct packet_stream *stream,
+		struct ssrc_entry_call *ssrc_ctx)
 {
-	return rtcp_savp2avp(s, &stream->selected_sfd->crypto, ssrc_ctx);
+	return rtcp_savp2avp(rtcp, s, payload, &stream->selected_sfd->crypto, ssrc_ctx);
 }
 
 
@@ -2411,18 +2419,22 @@ static int media_packet_decrypt(struct packet_handler_ctx *phc)
 	struct sink_handler *first_sh = phc->sinks->length ? phc->sinks->head->data : NULL;
 	const struct streamhandler *sh = __determine_handler(phc->in_srtp, first_sh);
 
-	// XXX use an array with index instead of if/else
-	if (G_LIKELY(!phc->rtcp))
+	rewrite_arg header;
+	if (G_LIKELY(!phc->rtcp)) {
 		phc->decrypt_func = sh->in->rtp_crypt;
-	else
+		header.rtp = phc->mp.rtp;
+	}
+	else {
 		phc->decrypt_func = sh->in->rtcp_crypt;
+		header.rtcp = phc->mp.rtcp;
+	}
 
 	/* return values are: 0 = forward packet, -1 = error/don't forward,
 	 * 1 = forward and push update to redis */
 	int ret = 0;
 	if (phc->decrypt_func) {
 		str ori_s = phc->s;
-		ret = phc->decrypt_func(&phc->s, phc->in_srtp, phc->mp.ssrc_in);
+		ret = phc->decrypt_func(header, &phc->s, &phc->mp.payload, phc->in_srtp, phc->mp.ssrc_in);
 		// XXX for stripped auth tag and duplicate invocations of rtp_payload
 		// XXX transcoder uses phc->mp.payload
 		phc->mp.payload.len -= ori_s.len - phc->s.len;
@@ -2463,7 +2475,16 @@ int media_packet_encrypt(rewrite_func encrypt_func, struct packet_stream *out, s
 			memcpy(p->plain.s, p->s.s, p->s.len);
 			p->plain_free_func = bufferpool_unref;
 		}
-		int encret = encrypt_func(&p->s, out, mp->ssrc_out);
+
+		rewrite_arg header = {};
+		str payload = STR_NULL;
+		if (mp->rtp)
+			header.rtp = rtp_payload(&payload, &p->s, NULL);
+		else if (mp->rtcp)
+			header.rtcp = rtcp_payload(&payload, &p->s);
+
+		int encret = encrypt_func(header, &p->s, &payload, out, mp->ssrc_out);
+
 		if (encret == 1)
 			ret |= 0x02;
 		else if (encret != 0)

daemon/rtcp.c

@@ -842,15 +842,16 @@ error:
 }
 
 /* rfc 3711 section 3.4 */
-int rtcp_avp2savp(str *s, struct crypto_context *c, struct ssrc_entry_call *ssrc_ctx) {
-	struct rtcp_packet *rtcp;
+int rtcp_avp2savp(const struct rtcp_packet *rtcp, str *s, str *payload, struct crypto_context *c,
+		struct ssrc_entry_call *ssrc_ctx)
+{
 	unsigned int i;
 	uint32_t *idx;
-	str to_auth, payload;
+	str to_auth;
 
 	if (G_UNLIKELY(!ssrc_ctx))
 		return -1;
-	if (!(rtcp = rtcp_payload(&payload, s)))
+	if (G_UNLIKELY(!rtcp))
 		return -1;
 	if (check_session_keys(c))
 		return -1;
@@ -859,15 +860,15 @@ int rtcp_avp2savp(str *s, struct crypto_context *c, struct ssrc_entry_call *ssrc
 	g_autoptr(crypto_debug_string) cds = crypto_debug_init(true);
 	crypto_debug_printf(cds, "RTCP SSRC %" PRIx32 ", idx %u, plain pl: ",
 			rtcp->ssrc, i);
-	crypto_debug_dump(cds, &payload);
+	crypto_debug_dump(cds, payload);
 
-	int prev_len = payload.len;
-	if (!c->params.session_params.unencrypted_srtcp && crypto_encrypt_rtcp(c, rtcp, &payload, i))
+	size_t prev_len = payload->len;
+	if (!c->params.session_params.unencrypted_srtcp && crypto_encrypt_rtcp(c, rtcp, payload, i))
 		return -1;
-	s->len += payload.len - prev_len;
+	s->len += payload->len - prev_len;
 
 	crypto_debug_printf(cds, ", enc pl: ");
-	crypto_debug_dump(cds, &payload);
+	crypto_debug_dump(cds, payload);
 
 	idx = (void *) s->s + s->len;
 	*idx = htonl((c->params.session_params.unencrypted_srtcp ? 0ULL : 0x80000000ULL) | i);
@@ -890,16 +891,17 @@ int rtcp_avp2savp(str *s, struct crypto_context *c, struct ssrc_entry_call *ssrc
 
 
 /* rfc 3711 section 3.4 */
-int rtcp_savp2avp(str *s, struct crypto_context *c, struct ssrc_entry_call *ssrc_ctx) {
-	struct rtcp_packet *rtcp;
-	str payload, to_auth, to_decrypt, auth_tag;
+int rtcp_savp2avp(const struct rtcp_packet *rtcp, str *s, str *payload, struct crypto_context *c,
+		struct ssrc_entry_call *ssrc_ctx)
+{
+	str to_auth, to_decrypt, auth_tag;
 	uint32_t idx;
 	char hmac[20];
 	const char *err;
 
 	if (G_UNLIKELY(!ssrc_ctx))
 		return -1;
-	if (!(rtcp = rtcp_payload(&payload, s)))
+	if (G_UNLIKELY(!rtcp))
 		return -1;
 	if (check_session_keys(c))
 		return -1;
@@ -908,7 +910,7 @@ int rtcp_savp2avp(str *s, struct crypto_context *c, struct ssrc_entry_call *ssrc
 
 	if (srtp_payloads(&to_auth, &to_decrypt, &auth_tag, NULL,
 			c->params.crypto_suite->srtcp_auth_tag, c->params.mki_len,
-			s, &payload))
+			s, payload))
 		return -1;
 
 	crypto_debug_printf(cds, "RTCP SSRC %" PRIx32 ", enc pl: ",
@@ -1601,7 +1603,9 @@ void rtcp_send_report(struct call_media *media, struct ssrc_entry_call *ssrc_out
 	if (crypt_handler && crypt_handler->out->rtcp_crypt) {
 		g_string_set_size(sr, sr->len + RTP_BUFFER_TAIL_ROOM);
 		rtcp_packet = STR_LEN(sr->str, sr->len - RTP_BUFFER_TAIL_ROOM);
-		crypt_handler->out->rtcp_crypt(&rtcp_packet, ps, ssrc_out);
+		str payload;
+		struct rtcp_packet *header = rtcp_payload(&payload, &rtcp_packet);
+		crypt_handler->out->rtcp_crypt(header, &rtcp_packet, &payload, ps, ssrc_out);
 	}
 
 	socket_sendto(&ps->selected_sfd->socket, rtcp_packet.s, rtcp_packet.len, &ps->endpoint);

daemon/rtp.c

@@ -43,7 +43,7 @@ error:
 	return -1;
 }
 
-static unsigned int packet_index(struct ssrc_entry_call *ssrc_ctx, struct rtp_header *rtp,
+static unsigned int packet_index(struct ssrc_entry_call *ssrc_ctx, const struct rtp_header *rtp,
 		crypto_debug_string **cds)
 {
 	uint16_t seq;
@@ -102,14 +102,15 @@ void rtp_append_mki(str *s, struct crypto_context *c, crypto_debug_string *cds)
 }
 
 /* rfc 3711, section 3.3 */
-int rtp_avp2savp(str *s, struct crypto_context *c, struct ssrc_entry_call *ssrc_ctx) {
-	struct rtp_header *rtp;
-	str payload, to_auth;
+int rtp_avp2savp(const struct rtp_header *rtp, str *s, str *payload, struct crypto_context *c,
+		struct ssrc_entry_call *ssrc_ctx)
+{
+	str to_auth;
 	unsigned int index;
 
 	if (G_UNLIKELY(!ssrc_ctx))
 		return -1;
-	if (!(rtp = rtp_payload(&payload, s, NULL)))
+	if (G_UNLIKELY(!rtp))
 		return -1;
 	if (check_session_keys(c))
 		return -1;
@@ -118,16 +119,16 @@ int rtp_avp2savp(str *s, struct crypto_context *c, struct ssrc_entry_call *ssrc_
 	index = packet_index(ssrc_ctx, rtp, &cds);
 
 	crypto_debug_printf(cds, ", plain pl: ");
-	crypto_debug_dump(cds, &payload);
+	crypto_debug_dump(cds, payload);
 
 	/* rfc 3711 section 3.1 */
-	int prev_len = payload.len;
-	if (!c->params.session_params.unencrypted_srtp && crypto_encrypt_rtp(c, rtp, &payload, index))
+	size_t prev_len = payload->len;
+	if (!c->params.session_params.unencrypted_srtp && crypto_encrypt_rtp(c, rtp, payload, index))
 		return -1;
-	s->len += payload.len - prev_len;
+	s->len += payload->len - prev_len;
 
 	crypto_debug_printf(cds, ", enc pl: ");
-	crypto_debug_dump(cds, &payload);
+	crypto_debug_dump(cds, payload);
 
 	to_auth = *s;
 
@@ -144,12 +145,12 @@ int rtp_avp2savp(str *s, struct crypto_context *c, struct ssrc_entry_call *ssrc_
 }
 
 // just updates the ext_seq in ssrc
-int rtp_update_index(str *s, struct packet_stream *ps, struct ssrc_entry_call *ssrc) {
-	struct rtp_header *rtp;
-
+int rtp_update_index(const struct rtp_header *rtp, str *s, str *payload, struct packet_stream *ps,
+		struct ssrc_entry_call *ssrc)
+{
 	if (G_UNLIKELY(!ssrc))
 		return -1;
-	if (!(rtp = rtp_payload(NULL, s, NULL)))
+	if (G_UNLIKELY(!rtp))
 		return -1;
 	g_autoptr(crypto_debug_string) cds = NULL;
 	packet_index(ssrc, rtp, &cds);
@@ -157,15 +158,16 @@ int rtp_update_index(str *s, struct packet_stream *ps, struct ssrc_entry_call *s
 }
 
 /* rfc 3711, section 3.3 */
-int rtp_savp2avp(str *s, struct crypto_context *c, struct ssrc_entry_call *ssrc_ctx) {
-	struct rtp_header *rtp;
+int rtp_savp2avp(const struct rtp_header *rtp, str *s, str *payload, struct crypto_context *c,
+		struct ssrc_entry_call *ssrc_ctx)
+{
 	unsigned int index;
-	str payload, to_auth, to_decrypt, auth_tag;
+	str to_auth, to_decrypt, auth_tag;
 	char hmac[20];
 
 	if (G_UNLIKELY(!ssrc_ctx))
 		return -1;
-	if (!(rtp = rtp_payload(&payload, s, NULL)))
+	if (G_UNLIKELY(!rtp))
 		return -1;
 	if (check_session_keys(c))
 		return -1;
@@ -175,7 +177,7 @@ int rtp_savp2avp(str *s, struct crypto_context *c, struct ssrc_entry_call *ssrc_
 	if (srtp_payloads(&to_auth, &to_decrypt, &auth_tag, NULL,
 			c->params.session_params.unauthenticated_srtp ? 0 : c->params.crypto_suite->srtp_auth_tag,
 			c->params.mki_len,
-			s, &payload))
+			s, payload))
 		return -1;
 
 	crypto_debug_printf(cds, ", enc pl: ");

include/crypto.h

@@ -19,8 +19,8 @@ struct crypto_context;
 struct rtp_header;
 struct rtcp_packet;
 
-typedef int (*crypto_func_rtp)(struct crypto_context *, struct rtp_header *, str *, uint32_t);
-typedef int (*crypto_func_rtcp)(struct crypto_context *, struct rtcp_packet *, str *, uint32_t);
+typedef int (*crypto_func_rtp)(struct crypto_context *, const struct rtp_header *, str *, uint32_t);
+typedef int (*crypto_func_rtcp)(struct crypto_context *, const struct rtcp_packet *, str *, uint32_t);
 typedef int (*hash_func_rtp)(struct crypto_context *, char *out, str *in, uint32_t);
 typedef int (*hash_func_rtcp)(struct crypto_context *, char *out, str *in);
 typedef int (*session_key_init_func)(struct crypto_context *);
@@ -119,22 +119,22 @@ INLINE int crypto_params_sdes_cmp(const struct crypto_params_sdes *cs, gconstpoi
 }
 
 
-INLINE int crypto_encrypt_rtp(struct crypto_context *c, struct rtp_header *rtp,
+INLINE int crypto_encrypt_rtp(struct crypto_context *c, const struct rtp_header *rtp,
 		str *payload, uint32_t index)
 {
 	return c->params.crypto_suite->encrypt_rtp(c, rtp, payload, index);
 }
-INLINE int crypto_decrypt_rtp(struct crypto_context *c, struct rtp_header *rtp,
+INLINE int crypto_decrypt_rtp(struct crypto_context *c, const struct rtp_header *rtp,
 		str *payload, uint32_t index)
 {
 	return c->params.crypto_suite->decrypt_rtp(c, rtp, payload, index);
 }
-INLINE int crypto_encrypt_rtcp(struct crypto_context *c, struct rtcp_packet *rtcp,
+INLINE int crypto_encrypt_rtcp(struct crypto_context *c, const struct rtcp_packet *rtcp,
 		str *payload, uint32_t index)
 {
 	return c->params.crypto_suite->encrypt_rtcp(c, rtcp, payload, index);
 }
-INLINE int crypto_decrypt_rtcp(struct crypto_context *c, struct rtcp_packet *rtcp,
+INLINE int crypto_decrypt_rtcp(struct crypto_context *c, const struct rtcp_packet *rtcp,
 		str *payload, uint32_t index)
 {
 	return c->params.crypto_suite->decrypt_rtcp(c, rtcp, payload, index);

include/media_socket.h

@@ -29,7 +29,13 @@ TYPED_GQUEUE(stream_fd, stream_fd)
 
 
 typedef int rtcp_filter_func(struct media_packet *, GQueue *);
-typedef int (*rewrite_func)(str *, struct packet_stream *, struct ssrc_entry_call *);
+
+typedef union {
+	const struct rtp_header *rtp;
+	const struct rtcp_packet *rtcp;
+} rewrite_arg __attribute__ ((__transparent_union__));
+typedef int (*rewrite_func)(rewrite_arg header, str *packet, str *payload, struct packet_stream *,
+		struct ssrc_entry_call *);
 
 
 enum transport_protocol_index {

include/rtcp.h

@@ -17,8 +17,10 @@ extern struct rtcp_handler *rtcp_transcode_handler;
 extern struct rtcp_handler *rtcp_sink_handler;
 
 
-int rtcp_avp2savp(str *, struct crypto_context *, struct ssrc_entry_call *);
-int rtcp_savp2avp(str *, struct crypto_context *, struct ssrc_entry_call *);
+int rtcp_avp2savp(const struct rtcp_packet *, str *packet, str *payload, struct crypto_context *,
+		struct ssrc_entry_call *);
+int rtcp_savp2avp(const struct rtcp_packet *, str *packet, str *payload, struct crypto_context *,
+		struct ssrc_entry_call *);
 
 __attribute__((nonnull(2)))
 struct rtcp_packet *rtcp_payload(str *p, const str *s);

include/rtp.h

@@ -16,10 +16,13 @@ typedef GString crypto_debug_string;
 
 const rtp_payload_type *get_rtp_payload_type(unsigned int, struct codec_store *);
 
-int rtp_avp2savp(str *, struct crypto_context *, struct ssrc_entry_call *);
-int rtp_savp2avp(str *, struct crypto_context *, struct ssrc_entry_call *);
+int rtp_avp2savp(const struct rtp_header *, str *packet, str *payload, struct crypto_context *,
+		struct ssrc_entry_call *);
+int rtp_savp2avp(const struct rtp_header *, str *packet, str *payload, struct crypto_context *,
+		struct ssrc_entry_call *);
 
-int rtp_update_index(str *, struct packet_stream *, struct ssrc_entry_call *);
+int rtp_update_index(const struct rtp_header *, str *packet, str *payload, struct packet_stream *,
+		struct ssrc_entry_call *);
 
 void rtp_append_mki(str *s, struct crypto_context *c, crypto_debug_string *);
 int srtp_payloads(str *to_auth, str *to_decrypt, str *auth_tag, str *mki,

t/aead-decrypt.c

@@ -61,7 +61,9 @@ int main(int argc, char **argv) {
 		.stats = &stats,
 	};
 
-	int ret = rtp_savp2avp(&s, &cc, &se);
+	str payload;
+	struct rtp_header *rtp = rtp_payload(&payload, &s, NULL);
+	int ret = rtp_savp2avp(rtp, &s, &payload, &cc, &se);
 	assert(ret == 0);
 	printf("idx %d ROC %d\n", se.stats->ext_seq, se.stats->ext_seq >> 16);
 	return 0;