Schulzrinne, et. al. Standards Track [Page 65] RFC 2326 Real Time Streaming Protocol April 1998 Client C requests a presentation from media server M . The movie is stored in a container file. The client has obtained an RTSP URL to the container file. C->M: DESCRIBE rtsp://foo/twister RTSP/1.0 CSeq: 1 M->C: RTSP/1.0 200 OK CSeq: 1 Content-Type: application/sdp Content-Length: 164 v=0 o=- 2890844256 2890842807 IN IP4 172.16.2.93 s=RTSP Session i=An Example of RTSP Session Usage a=control:rtsp://foo/twister t=0 0 m=audio 0 RTP/AVP 0 a=control:rtsp://foo/twister/audio m=video 0 RTP/AVP 26 a=control:rtsp://foo/twister/video C->M: SETUP rtsp://foo/twister/audio RTSP/1.0 CSeq: 2 Transport: RTP/AVP;unicast;client_port=8000-8001 M->C: RTSP/1.0 200 OK CSeq: 2 Transport: RTP/AVP;unicast;client_port=8000-8001; server_port=9000-9001 Session: 12345678 C->M: SETUP rtsp://foo/twister/video RTSP/1.0 CSeq: 3 Transport: RTP/AVP;unicast;client_port=8002-8003 Session: 12345678 M->C: RTSP/1.0 200 OK CSeq: 3 Transport: RTP/AVP;unicast;client_port=8002-8003; server_port=9004-9005 Session: 12345678 C->M: PLAY rtsp://foo/twister RTSP/1.0 CSeq: 4 Range: npt=0- Session: 12345678 Schulzrinne, et. al. Standards Track [Page 66] RFC 2326 Real Time Streaming Protocol April 1998 M->C: RTSP/1.0 200 OK CSeq: 4 Session: 12345678 RTP-Info: url=rtsp://foo/twister/video; seq=9810092;rtptime=3450012 C->M: PAUSE rtsp://foo/twister/video RTSP/1.0 CSeq: 5 Session: 12345678 M->C: RTSP/1.0 460 Only aggregate operation allowed CSeq: 5 C->M: PAUSE rtsp://foo/twister RTSP/1.0 CSeq: 6 Session: 12345678 M->C: RTSP/1.0 200 OK CSeq: 6 Session: 12345678 C->M: SETUP rtsp://foo/twister RTSP/1.0 CSeq: 7 Transport: RTP/AVP;unicast;client_port=10000 M->C: RTSP/1.0 459 Aggregate operation not allowed CSeq: 7 In the first instance of failure, the client tries to pause one stream (in this case video) of the presentation. This is disallowed for that presentation by the server. In the second instance, the aggregate URL may not be used for SETUP and one control message is required per stream to set up transport parameters. This keeps the syntax of the Transport header simple and allows easy parsing of transport information by firewalls. 14.3 Single Stream Container Files Some RTSP servers may treat all files as though they are "container files", yet other servers may not support such a concept. Because of this, clients SHOULD use the rules set forth in the session description for request URLs, rather than assuming that a consistent URL may always be used throughout. Here's an example of how a multi- stream server might expect a single-stream file to be served: Accept: application/x-rtsp-mh, application/sdp Schulzrinne, et. al. Standards Track [Page 67] RFC 2326 Real Time Streaming Protocol April 1998 CSeq: 1 S->C RTSP/1.0 200 OK CSeq: 1 Content-base: rtsp://foo.com/test.wav/ Content-type: application/sdp Content-length: 48 v=0 o=- 872653257 872653257 IN IP4 172.16.2.187 s=mu-law wave file i=audio test t=0 0 m=audio 0 RTP/AVP 0 a=control:streamid=0 C->S SETUP rtsp://foo.com/test.wav/streamid=0 RTSP/1.0 Transport: RTP/AVP/UDP;unicast; client_port=6970-6971;mode=play CSeq: 2 S->C RTSP/1.0 200 OK Transport: RTP/AVP/UDP;unicast;client_port=6970-6971; server_port=6970-6971;mode=play CSeq: 2 Session: 2034820394 C->S PLAY rtsp://foo.com/test.wav RTSP/1.0 CSeq: 3 Session: 2034820394 S->C RTSP/1.0 200 OK CSeq: 3 Session: 2034820394 RTP-Info: url=rtsp://foo.com/test.wav/streamid=0; seq=981888;rtptime=3781123 Note the different URL in the SETUP command, and then the switch back to the aggregate URL in the PLAY command. This makes complete sense when there are multiple streams with aggregate control, but is less than intuitive in the special case where the number of streams is one. In this special case, it is recommended that servers be forgiving of implementations that send: C->S PLAY rtsp://foo.com/test.wav/streamid=0 RTSP/1.0 CSeq: 3 Schulzrinne, et. al. Standards Track [Page 68] RFC 2326 Real Time Streaming Protocol April 1998 In the worst case, servers should send back: S->C RTSP/1.0 460 Only aggregate operation allowed CSeq: 3 One would also hope that server implementations are also forgiving of the following: C->S SETUP rtsp://foo.com/test.wav RTSP/1.0 Transport: rtp/avp/udp;client_port=6970-6971;mode=play CSeq: 2 Since there is only a single stream in this file, it's not ambiguous what this means. 14.4 Live Media Presentation Using Multicast The media server M chooses the multicast address and port. Here, we assume that the web server only contains a pointer to the full description, while the media server M maintains the full description. C->W: GET /concert.sdp HTTP/1.1 Host: www.example.com W->C: HTTP/1.1 200 OK Content-Type: application/x-rtsl <session> <track src="rtsp://live.example.com/concert/audio"> </session> C->M: DESCRIBE rtsp://live.example.com/concert/audio RTSP/1.0 CSeq: 1 M->C: RTSP/1.0 200 OK CSeq: 1 Content-Type: application/sdp Content-Length: 44 v=0 o=- 2890844526 2890842807 IN IP4 192.16.24.202 s=RTSP Session m=audio 3456 RTP/AVP 0 a=control:rtsp://live.example.com/concert/audio c=IN IP4 224.2.0.1/16 C->M: SETUP rtsp://live.example.com/concert/audio RTSP/1.0 CSeq: 2 Schulzrinne, et. al. Standards Track [Page 69] RFC 2326 Real Time Streaming Protocol April 1998 Transport: RTP/AVP;multicast M->C: RTSP/1.0 200 OK CSeq: 2 Transport: RTP/AVP;multicast;destination=224.2.0.1; port=3456-3457;ttl=16 Session: 0456804596 C->M: PLAY rtsp://live.example.com/concert/audio RTSP/1.0 CSeq: 3 Session: 0456804596 M->C: RTSP/1.0 200 OK CSeq: 3 Session: 0456804596 14.5 Playing media into an existing session A conference participant C wants to have the media server M play back a demo tape into an existing conference. C indicates to the media server that the network addresses and encryption keys are already given by the conference, so they should not be chosen by the server. The example omits the simple ACK responses. C->M: DESCRIBE rtsp://server.example.com/demo/548/sound RTSP/1.0 CSeq: 1 Accept: application/sdp M->C: RTSP/1.0 200 1 OK Content-type: application/sdp Content-Length: 44 v=0 o=- 2890844526 2890842807 IN IP4 192.16.24.202 s=RTSP Session i=See above t=0 0 m=audio 0 RTP/AVP 0 C->M: SETUP rtsp://server.example.com/demo/548/sound RTSP/1.0 CSeq: 2 Transport: RTP/AVP;multicast;destination=225.219.201.15; port=7000-7001;ttl=127 Conference: [email protected]%20Starr M->C: RTSP/1.0 200 OK CSeq: 2 Transport: RTP/AVP;multicast;destination=225.219.201.15; Schulzrinne, et. al. Standards Track [Page 70] RFC 2326 Real Time Streaming Protocol April 1998 port=7000-7001;ttl=127 Session: 91389234234 Conference: [email protected]%20Starr C->M: PLAY rtsp://server.example.com/demo/548/sound RTSP/1.0 CSeq: 3 Session: 91389234234 M->C: RTSP/1.0 200 OK CSeq: 3 14.6 Recording The conference participant client C asks the media server M to record the audio and video portions of a meeting. The client uses the ANNOUNCE method to provide meta-information about the recorded session to the server. C->M: ANNOUNCE rtsp://server.example.com/meeting RTSP/1.0 CSeq: 90 Content-Type: application/sdp Content-Length: 121 v=0 o=camera1 3080117314 3080118787 IN IP4 195.27.192.36 s=IETF Meeting, Munich - 1 i=The thirty-ninth IETF meeting will be held in Munich, Germany u=http://www.ietf.org/meetings/Munich.html e=IETF Channel 1 <[email protected]> p=IETF Channel 1 +49-172-2312 451 c=IN IP4 224.0.1.11/127 t=3080271600 3080703600 a=tool:sdr v2.4a6 a=type:test m=audio 21010 RTP/AVP 5 c=IN IP4 224.0.1.11/127 a=ptime:40 m=video 61010 RTP/AVP 31 c=IN IP4 224.0.1.12/127 M->C: RTSP/1.0 200 OK CSeq: 90 C->M: SETUP rtsp://server.example.com/meeting/audiotrack RTSP/1.0 CSeq: 91 Transport: RTP/AVP;multicast;destination=224.0.1.11; port=21010-21011;mode=record;ttl=127 Schulzrinne, et. al. Standards Track [Page 71] RFC 2326 Real Time Streaming Protocol April 1998 M->C: RTSP/1.0 200 OK CSeq: 91 Session: 50887676 Transport: RTP/AVP;multicast;destination=224.0.1.11; port=21010-21011;mode=record;ttl=127 C->M: SETUP rtsp://server.example.com/meeting/videotrack RTSP/1.0 CSeq: 92 Session: 50887676 Transport: RTP/AVP;multicast;destination=224.0.1.12; port=61010-61011;mode=record;ttl=127 M->C: RTSP/1.0 200 OK CSeq: 92 Transport: RTP/AVP;multicast;destination=224.0.1.12; port=61010-61011;mode=record;ttl=127 C->M: RECORD rtsp://server.example.com/meeting RTSP/1.0 CSeq: 93 Session: 50887676 Range: clock=19961110T1925-19961110T2015 M->C: RTSP/1.0 200 OK CSeq: 93 15 Syntax The RTSP syntax is described in an augmented Backus-Naur form (BNF) as used in RFC 2068 [2]. 15.1 Base Syntax OCTET = <any 8-bit sequence of data> CHAR = <any US-ASCII character (octets 0 - 127)> UPALPHA = <any US-ASCII uppercase letter "A".."Z"> LOALPHA = <any US-ASCII lowercase letter "a".."z"> ALPHA = UPALPHA | LOALPHA DIGIT = <any US-ASCII digit "0".."9"> CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)> CR = <US-ASCII CR, carriage return (13)> LF = <US-ASCII LF, linefeed (10)> SP = <US-ASCII SP, space (32)> HT = <US-ASCII HT, horizontal-tab (9)> <"> = <US-ASCII double-quote mark (34)> CRLF = CR LF Schulzrinne, et. al. Standards Track [Page 72] RFC 2326 Real Time Streaming Protocol April 1998 LWS = [CRLF] 1*( SP | HT ) TEXT = <any OCTET except CTLs> tspecials = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <"> | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT token = 1*<any CHAR except CTLs or tspecials> quoted-string = ( <"> *(qdtext) <"> ) qdtext = <any TEXT except <">> quoted-pair = "\" CHAR message-header = field-name ":" [ field-value ] CRLF field-name = token field-value = *( field-content | LWS ) field-content = <the OCTETs making up the field-value and consisting of either *TEXT or combinations of token, tspecials, and quoted-string> safe = "\$" | "-" | "_" | "." | "+" extra = "!" | "*" | "$'$" | "(" | ")" | "," hex = DIGIT | "A" | "B" | "C" | "D" | "E" | "F" | "a" | "b" | "c" | "d" | "e" | "f" escape = "\%" hex hex reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" unreserved = alpha | digit | safe | extra xchar = unreserved | reserved | escape 16 Security Considerations Because of the similarity in syntax and usage between RTSP servers and HTTP servers, the security considerations outlined in [H15] apply. Specifically, please note the following: Authentication Mechanisms: RTSP and HTTP share common authentication schemes, and thus should follow the same prescriptions with regards to authentication. See [H15.1] for client authentication issues, and [H15.2] for issues regarding support for multiple authentication mechanisms. Abuse of Server Log Information: RTSP and HTTP servers will presumably have similar logging mechanisms, and thus should be equally guarded in protecting the contents of those logs, thus protecting the privacy of the Schulzrinne, et. al. Standards Track [Page 73] RFC 2326 Real Time Streaming Protocol April 1998 users of the servers. See [H15.3] for HTTP server recommendations regarding server logs. Transfer of Sensitive Information: There is no reason to believe that information transferred via RTSP may be any less sensitive than that normally transmitted via HTTP. Therefore, all of the precautions regarding the protection of data privacy and user privacy apply to implementors of RTSP clients, servers, and proxies. See [H15.4] for further details. Attacks Based On File and Path Names: Though RTSP URLs are opaque handles that do not necessarily have file system semantics, it is anticipated that many implementations will translate portions of the request URLs directly to file system calls. In such cases, file systems SHOULD follow the precautions outlined in [H15.5], such as checking for ".." in path components. Personal Information: RTSP clients are often privy to the same information that HTTP clients are (user name, location, etc.) and thus should be equally. See [H15.6] for further recommendations. Privacy Issues Connected to Accept Headers: Since may of the same "Accept" headers exist in RTSP as in HTTP, the same caveats outlined in [H15.7] with regards to their use should be followed. DNS Spoofing: Presumably, given the longer connection times typically associated to RTSP sessions relative to HTTP sessions, RTSP client DNS optimizations should be less prevalent. Nonetheless, the recommendations provided in [H15.8] are still relevant to any implementation which attempts to rely on a DNS-to-IP mapping to hold beyond a single use of the mapping. Location Headers and Spoofing: If a single server supports multiple organizations that do not trust one another, then it must check the values of Location and Content-Location headers in responses that are generated under control of said organizations to make sure that they do not attempt to invalidate resources over which they have no authority. ([H15.9]) In addition to the recommendations in the current HTTP specification (RFC 2068 [2], as of this writing), future HTTP specifications may provide additional guidance on security issues. Schulzrinne, et. al. Standards Track [Page 74] RFC 2326 Real Time Streaming Protocol April 1998 The following are added considerations for RTSP implementations. Concentrated denial-of-service attack: The protocol offers the opportunity for a remote-controlled denial-of-service attack. The attacker may initiate traffic flows to one or more IP addresses by specifying them as the destination in SETUP requests. While the attacker's IP address may be known in this case, this is not always useful in prevention of more attacks or ascertaining the attackers identity. Thus, an RTSP server SHOULD only allow client- specified destinations for RTSP-initiated traffic flows if the server has verified the client's identity, either against a database of known users using RTSP authentication mechanisms (preferably digest authentication or stronger), or other secure means. Session hijacking: Since there is no relation between a transport layer connection and an RTSP session, it is possible for a malicious client to issue requests with random session identifiers which would affect unsuspecting clients. The server SHOULD use a large, random and non-sequential session identifier to minimize the possibility of this kind of attack. Authentication: Servers SHOULD implement both basic and digest [8] authentication. In environments requiring tighter security for the control messages, the RTSP control stream may be encrypted. Stream issues: RTSP only provides for stream control. Stream delivery issues are not covered in this section, nor in the rest of this memo. RTSP implementations will most likely rely on other protocols such as RTP, IP multicast, RSVP and IGMP, and should address security considerations brought up in those and other applicable specifications. Persistently suspicious behavior: RTSP servers SHOULD return error code 403 (Forbidden) upon receiving a single instance of behavior which is deemed a security risk. RTSP servers SHOULD also be aware of attempts to probe the server for weaknesses and entry points and MAY arbitrarily disconnect and ignore further requests clients which are deemed to be in violation of local security policy. Schulzrinne, et. al. Standards Track [Page 75] RFC 2326 Real Time Streaming Protocol April 1998 Appendix A: RTSP Protocol State Machines The RTSP client and server state machines describe the behavior of the protocol from RTSP session initialization through RTSP session termination. State is defined on a per object basis. An object is uniquely identified by the stream URL and the RTSP session identifier. Any request/reply using aggregate URLs denoting RTSP presentations composed of multiple streams will have an effect on the individual states of all the streams. For example, if the presentation /movie contains two streams, /movie/audio and /movie/video, then the following command: PLAY rtsp://foo.com/movie RTSP/1.0 CSeq: 559 Session: 12345678 will have an effect on the states of movie/audio and movie/video. This example does not imply a standard way to represent streams in URLs or a relation to the filesystem. See Section 3.2. The requests OPTIONS, ANNOUNCE, DESCRIBE, GET_PARAMETER, SET_PARAMETER do not have any effect on client or server state and are therefore not listed in the state tables. A.1 Client State Machine The client can assume the following states: Init: SETUP has been sent, waiting for reply. Ready: SETUP reply received or PAUSE reply received while in Playing state. Playing: PLAY reply received Recording: RECORD reply received In general, the client changes state on receipt of replies to requests. Note that some requests are effective at a future time or position (such as a PAUSE), and state also changes accordingly. If no explicit SETUP is required for the object (for example, it is Schulzrinne, et. al. Standards Track [Page 76] RFC 2326 Real Time Streaming Protocol April 1998 available via a multicast group), state begins at Ready. In this case, there are only two states, Ready and Playing. The client also changes state from Playing/Recording to Ready when the end of the requested range is reached. The "next state" column indicates the state assumed after receiving a success response (2xx). If a request yields a status code of 3xx, the state becomes Init, and a status code of 4xx yields no change in state. Messages not listed for each state MUST NOT be issued by the client in that state, with the exception of messages not affecting state, as listed above. Receiving a REDIRECT from the server is equivalent to receiving a 3xx redirect status from the server. state message sent next state after response Init SETUP Ready TEARDOWN Init Ready PLAY Playing RECORD Recording TEARDOWN Init SETUP Ready Playing PAUSE Ready TEARDOWN Init PLAY Playing SETUP Playing (changed transport) Recording PAUSE Ready TEARDOWN Init RECORD Recording SETUP Recording (changed transport) A.2 Server State Machine The server can assume the following states: Init: The initial state, no valid SETUP has been received yet. Ready: Last SETUP received was successful, reply sent or after playing, last PAUSE received was successful, reply sent. Playing: Last PLAY received was successful, reply sent. Data is being sent. Recording: The server is recording media data. Schulzrinne, et. al. Standards Track [Page 77] RFC 2326 Real Time Streaming Protocol April 1998 In general, the server changes state on receiving requests. If the server is in state Playing or Recording and in unicast mode, it MAY revert to Init and tear down the RTSP session if it has not received "wellness" information, such as RTCP reports or RTSP commands, from the client for a defined interval, with a default of one minute. The server can declare another timeout value in the Session response header (Section 12.37). If the server is in state Ready, it MAY revert to Init if it does not receive an RTSP request for an interval of more than one minute. Note that some requests (such as PAUSE) may be effective at a future time or position, and server state changes at the appropriate time. The server reverts from state Playing or Recording to state Ready at the end of the range requested by the client. The REDIRECT message, when sent, is effective immediately unless it has a Range header specifying when the redirect is effective. In such a case, server state will also change at the appropriate time. If no explicit SETUP is required for the object, the state starts at Ready and there are only two states, Ready and Playing. The "next state" column indicates the state assumed after sending a success response (2xx). If a request results in a status code of 3xx, the state becomes Init. A status code of 4xx results in no change. state message received next state Init SETUP Ready TEARDOWN Init Ready PLAY Playing SETUP Ready TEARDOWN Init RECORD Recording Playing PLAY Playing PAUSE Ready TEARDOWN Init SETUP Playing Recording RECORD Recording PAUSE Ready TEARDOWN Init SETUP Recording Schulzrinne, et. al. Standards Track [Page 78] RFC 2326 Real Time Streaming Protocol April 1998 Appendix B: Interaction with RTP RTSP allows media clients to control selected, non-contiguous sections of media presentations, rendering those streams with an RTP media layer[24]. The media layer rendering the RTP stream should not be affected by jumps in NPT. Thus, both RTP sequence numbers and RTP timestamps MUST be continuous and monotonic across jumps of NPT. As an example, assume a clock frequency of 8000 Hz, a packetization interval of 100 ms and an initial sequence number and timestamp of zero. First we play NPT 10 through 15, then skip ahead and play NPT 18 through 20. The first segment is presented as RTP packets with sequence numbers 0 through 49 and timestamp 0 through 39,200. The second segment consists of RTP packets with sequence number 50 through 69, with timestamps 40,000 through 55,200. We cannot assume that the RTSP client can communicate with the RTP media agent, as the two may be independent processes. If the RTP timestamp shows the same gap as the NPT, the media agent will assume that there is a pause in the presentation. If the jump in NPT is large enough, the RTP timestamp may roll over and the media agent may believe later packets to be duplicates of packets just played out. For certain datatypes, tight integration between the RTSP layer and the RTP layer will be necessary. This by no means precludes the above restriction. Combined RTSP/RTP media clients should use the RTP-Info field to determine whether incoming RTP packets were sent before or after a seek. For continuous audio, the server SHOULD set the RTP marker bit at the beginning of serving a new PLAY request. This allows the client to perform playout delay adaptation. For scaling (see Section 12.34), RTP timestamps should correspond to the playback timing. For example, when playing video recorded at 30 frames/second at a scale of two and speed (Section 12.35) of one, the server would drop every second frame to maintain and deliver video packets with the normal timestamp spacing of 3,000 per frame, but NPT would increase by 1/15 second for each video frame. The client can maintain a correct display of NPT by noting the RTP timestamp value of the first packet arriving after repositioning. The sequence parameter of the RTP-Info (Section 12.33) header provides the first sequence number of the next segment. Schulzrinne, et. al. Standards Track [Page 79] RFC 2326 Real Time Streaming Protocol April 1998 Appendix C: Use of SDP for RTSP Session Descriptions The Session Description Protocol (SDP, RFC 2327 [6]) may be used to describe streams or presentations in RTSP. Such usage is limited to specifying means of access and encoding(s) for: aggregate control: A presentation composed of streams from one or more servers that are not available for aggregate control. Such a description is typically retrieved by HTTP or other non-RTSP means. However, they may be received with ANNOUNCE methods. non-aggregate control: A presentation composed of multiple streams from a single server that are available for aggregate control. Such a description is typically returned in reply to a DESCRIBE request on a URL, or received in an ANNOUNCE method. This appendix describes how an SDP file, retrieved, for example, through HTTP, determines the operation of an RTSP session. It also describes how a client should interpret SDP content returned in reply to a DESCRIBE request. SDP provides no mechanism by which a client can distinguish, without human guidance, between several media streams to be rendered simultaneously and a set of alternatives (e.g., two audio streams spoken in different languages). C.1 Definitions The terms "session-level", "media-level" and other key/attribute names and values used in this appendix are to be used as defined in SDP (RFC 2327 [6]): C.1.1 Control URL The "a=control:" attribute is used to convey the control URL. This attribute is used both for the session and media descriptions. If used for individual media, it indicates the URL to be used for controlling that particular media stream. If found at the session level, the attribute indicates the URL for aggregate control. Example: a=control:rtsp://example.com/foo This attribute may contain either relative and absolute URLs, following the rules and conventions set out in RFC 1808 [25]. Implementations should look for a base URL in the following order: Schulzrinne, et. al. Standards Track [Page 80] RFC 2326 Real Time Streaming Protocol April 1998 1. The RTSP Content-Base field 2. The RTSP Content-Location field 3. The RTSP request URL If this attribute contains only an asterisk (*), then the URL is treated as if it were an empty embedded URL, and thus inherits the entire base URL. C.1.2 Media streams The "m=" field is used to enumerate the streams. It is expected that all the specified streams will be rendered with appropriate synchronization. If the session is unicast, the port number serves as a recommendation from the server to the client; the client still has to include it in its SETUP request and may ignore this recommendation. If the server has no preference, it SHOULD set the port number value to zero. Example: m=audio 0 RTP/AVP 31 C.1.3 Payload type(s) The payload type(s) are specified in the "m=" field. In case the payload type is a static payload type from RFC 1890 [1], no other information is required. In case it is a dynamic payload type, the media attribute "rtpmap" is used to specify what the media is. The "encoding name" within the "rtpmap" attribute may be one of those specified in RFC 1890 (Sections 5 and 6), or an experimental encoding with a "X-" prefix as specified in SDP (RFC 2327 [6]). Codec- specific parameters are not specified in this field, but rather in the "fmtp" attribute described below. Implementors seeking to register new encodings should follow the procedure in RFC 1890 [1]. If the media type is not suited to the RTP AV profile, then it is recommended that a new profile be created and the appropriate profile name be used in lieu of "RTP/AVP" in the "m=" field. C.1.4 Format-specific parameters Format-specific parameters are conveyed using the "fmtp" media attribute. The syntax of the "fmtp" attribute is specific to the encoding(s) that the attribute refers to. Note that the packetization interval is conveyed using the "ptime" attribute. Schulzrinne, et. al. Standards Track [Page 81] RFC 2326 Real Time Streaming Protocol April 1998 C.1.5 Range of presentation The "a=range" attribute defines the total time range of the stored session. (The length of live sessions can be deduced from the "t" and "r" parameters.) Unless the presentation contains media streams of different durations, the range attribute is a session-level attribute. The unit is specified first, followed by the value range. The units and their values are as defined in Section 3.5, 3.6 and 3.7. Examples: a=range:npt=0-34.4368 a=range:clock=19971113T2115-19971113T2203 C.1.6 Time of availability The "t=" field MUST contain suitable values for the start and stop times for both aggregate and non-aggregate stream control. With aggregate control, the server SHOULD indicate a stop time value for which it guarantees the description to be valid, and a start time that is equal to or before the time at which the DESCRIBE request was received. It MAY also indicate start and stop times of 0, meaning that the session is always available. With non-aggregate control, the values should reflect the actual period for which the session is available in keeping with SDP semantics, and not depend on other means (such as the life of the web page containing the description) for this purpose. C.1.7 Connection Information In SDP, the "c=" field contains the destination address for the media stream. However, for on-demand unicast streams and some multicast streams, the destination address is specified by the client via the SETUP request. Unless the media content has a fixed destination address, the "c=" field is to be set to a suitable null value. For addresses of type "IP4", this value is "0.0.0.0". C.1.8 Entity Tag The optional "a=etag" attribute identifies a version of the session description. It is opaque to the client. SETUP requests may include this identifier in the If-Match field (see section 12.22) to only allow session establishment if this attribute value still corresponds to that of the current description. The attribute value is opaque and may contain any character allowed within SDP attribute values. Example: a=etag:158bb3e7c7fd62ce67f12b533f06b83a Schulzrinne, et. al. Standards Track [Page 82] RFC 2326 Real Time Streaming Protocol April 1998 One could argue that the "o=" field provides identical functionality. However, it does so in a manner that would put constraints on servers that need to support multiple session description types other than SDP for the same piece of media content. C.2 Aggregate Control Not Available If a presentation does not support aggregate control and multiple media sections are specified, each section MUST have the control URL specified via the "a=control:" attribute. Example: v=0 o=- 2890844256 2890842807 IN IP4 204.34.34.32 s=I came from a web page t=0 0 c=IN IP4 0.0.0.0 m=video 8002 RTP/AVP 31 a=control:rtsp://audio.com/movie.aud m=audio 8004 RTP/AVP 3 a=control:rtsp://video.com/movie.vid Note that the position of the control URL in the description implies that the client establishes separate RTSP control sessions to the servers audio.com and video.com. It is recommended that an SDP file contains the complete media initialization information even if it is delivered to the media client through non-RTSP means. This is necessary as there is no mechanism to indicate that the client should request more detailed media stream information via DESCRIBE. C.3 Aggregate Control Available In this scenario, the server has multiple streams that can be controlled as a whole. In this case, there are both media-level "a=control:" attributes, which are used to specify the stream URLs, and a session-level "a=control:" attribute which is used as the request URL for aggregate control. If the media-level URL is relative, it is resolved to absolute URLs according to Section C.1.1 above. If the presentation comprises only a single stream, the media-level "a=control:" attribute may be omitted altogether. However, if the presentation contains more than one stream, each media stream section MUST contain its own "a=control" attribute. Schulzrinne, et. al. Standards Track [Page 83] RFC 2326 Real Time Streaming Protocol April 1998 Example: v=0 o=- 2890844256 2890842807 IN IP4 204.34.34.32 s=I contain i=<more info> t=0 0 c=IN IP4 0.0.0.0 a=control:rtsp://example.com/movie/ m=video 8002 RTP/AVP 31 a=control:trackID=1 m=audio 8004 RTP/AVP 3 a=control:trackID=2 In this example, the client is required to establish a single RTSP session to the server, and uses the URLs rtsp://example.com/movie/trackID=1 and rtsp://example.com/movie/trackID=2 to set up the video and audio streams, respectively. The URL rtsp://example.com/movie/ controls the whole movie. Schulzrinne, et. al. Standards Track [Page 84] RFC 2326 Real Time Streaming Protocol April 1998 Appendix D: Minimal RTSP implementation D.1 Client A client implementation MUST be able to do the following : * Generate the following requests: SETUP, TEARDOWN, and one of PLAY (i.e., a minimal playback client) or RECORD (i.e., a minimal recording client). If RECORD is implemented, ANNOUNCE must be implemented as well. * Include the following headers in requests: CSeq, Connection, Session, Transport. If ANNOUNCE is implemented, the capability to include headers Content-Language, Content-Encoding, Content- Length, and Content-Type should be as well. * Parse and understand the following headers in responses: CSeq, Connection, Session, Transport, Content-Language, Content- Encoding, Content-Length, Content-Type. If RECORD is implemented, the Location header must be understood as well. RTP-compliant implementations should also implement RTP-Info. * Understand the class of each error code received and notify the end-user, if one is present, of error codes in classes 4xx and 5xx. The notification requirement may be relaxed if the end-user explicitly does not want it for one or all status codes. * Expect and respond to asynchronous requests from the server, such as ANNOUNCE. This does not necessarily mean that it should implement the ANNOUNCE method, merely that it MUST respond positively or negatively to any request received from the server. Though not required, the following are highly recommended at the time of publication for practical interoperability with initial implementations and/or to be a "good citizen". * Implement RTP/AVP/UDP as a valid transport. * Inclusion of the User-Agent header. * Understand SDP session descriptions as defined in Appendix C * Accept media initialization formats (such as SDP) from standard input, command line, or other means appropriate to the operating environment to act as a "helper application" for other applications (such as web browsers). There may be RTSP applications different from those initially envisioned by the contributors to the RTSP specification for which the requirements above do not make sense. Therefore, the recommendations above serve only as guidelines instead of strict requirements. Schulzrinne, et. al. Standards Track [Page 85] RFC 2326 Real Time Streaming Protocol April 1998 D.1.1 Basic Playback To support on-demand playback of media streams, the client MUST additionally be able to do the following: * generate the PAUSE request; * implement the REDIRECT method, and the Location header. D.1.2 Authentication-enabled In order to access media presentations from RTSP servers that require authentication, the client MUST additionally be able to do the following: * recognize the 401 status code; * parse and include the WWW-Authenticate header; * implement Basic Authentication and Digest Authentication. D.2 Server A minimal server implementation MUST be able to do the following: * Implement the following methods: SETUP, TEARDOWN, OPTIONS and either PLAY (for a minimal playback server) or RECORD (for a minimal recording server). If RECORD is implemented, ANNOUNCE should be implemented as well. * Include the following headers in responses: Connection, Content-Length, Content-Type, Content-Language, Content-Encoding, Transport, Public. The capability to include the Location header should be implemented if the RECORD method is. RTP-compliant implementations should also implement the RTP-Info field. * Parse and respond appropriately to the following headers in requests: Connection, Session, Transport, Require. Though not required, the following are highly recommended at the time of publication for practical interoperability with initial implementations and/or to be a "good citizen". * Implement RTP/AVP/UDP as a valid transport. * Inclusion of the Server header. * Implement the DESCRIBE method. * Generate SDP session descriptions as defined in Appendix C There may be RTSP applications different from those initially envisioned by the contributors to the RTSP specification for which the requirements above do not make sense. Therefore, the recommendations above serve only as guidelines instead of strict requirements. Schulzrinne, et. al. Standards Track [Page 86] RFC 2326 Real Time Streaming Protocol April 1998 D.2.1 Basic Playback To support on-demand playback of media streams, the server MUST additionally be able to do the following: * Recognize the Range header, and return an error if seeking is not supported. * Implement the PAUSE method. In addition, in order to support commonly-accepted user interface features, the following are highly recommended for on-demand media servers: * Include and parse the Range header, with NPT units. Implementation of SMPTE units is recommended. * Include the length of the media presentation in the media initialization information. * Include mappings from data-specific timestamps to NPT. When RTP is used, the rtptime portion of the RTP-Info field may be used to map RTP timestamps to NPT. Client implementations may use the presence of length information to determine if the clip is seekable, and visibly disable seeking features for clips for which the length information is unavailable. A common use of the presentation length is to implement a "slider bar" which serves as both a progress indicator and a timeline positioning tool. Mappings from RTP timestamps to NPT are necessary to ensure correct positioning of the slider bar. D.2.2 Authentication-enabled In order to correctly handle client authentication, the server MUST additionally be able to do the following: * Generate the 401 status code when authentication is required for the resource. * Parse and include the WWW-Authenticate header * Implement Basic Authentication and Digest Authentication Schulzrinne, et. al. Standards Track [Page 87] RFC 2326 Real Time Streaming Protocol April 1998 Appendix E: Authors' Addresses Henning Schulzrinne Dept. of Computer Science Columbia University 1214 Amsterdam Avenue New York, NY 10027 USA EMail: [email protected] Anup Rao Netscape Communications Corp. 501 E. Middlefield Road Mountain View, CA 94043 USA EMail: [email protected] Robert Lanphier RealNetworks 1111 Third Avenue Suite 2900 Seattle, WA 98101 USA EMail: [email protected] Schulzrinne, et. al. Standards Track [Page 88] RFC 2326 Real Time Streaming Protocol April 1998 Appendix F: Acknowledgements This memo is based on the functionality of the original RTSP document submitted in October 96. It also borrows format and descriptions from HTTP/1.1. This document has benefited greatly from the comments of all those participating in the MMUSIC-WG. In addition to those already mentioned, the following individuals have contributed to this specification: Rahul Agarwal, Torsten Braun, Brent Browning, Bruce Butterfield, Steve Casner, Francisco Cortes, Kelly Djahandari, Martin Dunsmuir, Eric Fleischman, Jay Geagan, Andy Grignon, V. Guruprasad, Peter Haight, Mark Handley, Brad Hefta-Gaub, John K. Ho, Philipp Hoschka, Anne Jones, Anders Klemets, Ruth Lang, Stephanie Leif, Jonathan Lennox, Eduardo F. Llach, Rob McCool, David Oran, Maria Papadopouli, Sujal Patel, Ema Patki, Alagu Periyannan, Igor Plotnikov, Pinaki Shah, David Singer, Jeff Smith, Alexander Sokolsky, Dale Stammen, and John Francis Stracke. Schulzrinne, et. al. Standards Track [Page 89] RFC 2326 Real Time Streaming Protocol April 1998 References 1 Schulzrinne, H., "RTP profile for audio and video conferences with minimal control", RFC 1890, January 1996. 2 Fielding, R., Gettys, J., Mogul, J., Nielsen, H., and T. Berners-Lee, "Hypertext transfer protocol - HTTP/1.1", RFC 2068, January 1997. 3 Yergeau, F., Nicol, G., Adams, G., and M. Duerst, "Internationalization of the hypertext markup language", RFC 2070, January 1997. 4 Bradner, S., "Key words for use in RFCs to indicate requirement levels", BCP 14, RFC 2119, March 1997. 5 ISO/IEC, "Information technology - generic coding of moving pictures and associated audio information - part 6: extension for digital storage media and control," Draft International Standard ISO 13818-6, International Organization for Standardization ISO/IEC JTC1/SC29/WG11, Geneva, Switzerland, Nov. 1995. 6 Handley, M., and V. Jacobson, "SDP: Session Description Protocol", RFC 2327, April 1998. 7 Franks, J., Hallam-Baker, P., and J. Hostetler, "An extension to HTTP: digest access authentication", RFC 2069, January 1997. 8 Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980. 9 Hinden, B. and C. Partridge, "Version 2 of the reliable data protocol (RDP)", RFC 1151, April 1990. 10 Postel, J., "Transmission control protocol", STD 7, RFC 793, September 1981. 11 H. Schulzrinne, "A comprehensive multimedia control architecture for the Internet," in Proc. International Workshop on Network and Operating System Support for Digital Audio and Video (NOSSDAV), (St. Louis, Missouri), May 1997. 12 International Telecommunication Union, "Visual telephone systems and equipment for local area networks which provide a non-guaranteed quality of service," Recommendation H.323, Telecommunication Standardization Sector of ITU, Geneva, Switzerland, May 1996. Schulzrinne, et. al. Standards Track [Page 90] RFC 2326 Real Time Streaming Protocol April 1998 13 McMahon, P., "GSS-API authentication method for SOCKS version 5", RFC 1961, June 1996. 14 J. Miller, P. Resnick, and D. Singer, "Rating services and rating systems (and their machine readable descriptions)," Recommendation REC-PICS-services-961031, W3C (World Wide Web Consortium), Boston, Massachusetts, Oct. 1996. 15 J. Miller, T. Krauskopf, P. Resnick, and W. Treese, "PICS label distribution label syntax and communication protocols," Recommendation REC-PICS-labels-961031, W3C (World Wide Web Consortium), Boston, Massachusetts, Oct. 1996. 16 Crocker, D. and P. Overell, "Augmented BNF for syntax specifications: ABNF", RFC 2234, November 1997. 17 Braden, B., "Requirements for internet hosts - application and support", STD 3, RFC 1123, October 1989. 18 Elz, R., "A compact representation of IPv6 addresses", RFC 1924, April 1996. 19 Berners-Lee, T., Masinter, L. and M. McCahill, "Uniform resource locators (URL)", RFC 1738, December 1994. 20 Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC 2279, January 1998. 22 Braden, B., "T/TCP - TCP extensions for transactions functional specification", RFC 1644, July 1994. 22 W. R. Stevens, TCP/IP illustrated: the implementation, vol. 2. Reading, Massachusetts: Addison-Wesley, 1994. 23 Schulzrinne, H., Casner, S., Frederick, R. and V. Jacobson, "RTP: a transport protocol for real-time applications", RFC 1889, January 1996. 24 Fielding, R., "Relative uniform resource locators", RFC 1808, June 1995. Schulzrinne, et. al. Standards Track [Page 91] RFC 2326 Real Time Streaming Protocol April 1998 Full Copyright Statement Copyright (C) The Internet Society (1998). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Schulzrinne, et. al. Standards Track [Page 92]