2 * Routines for Bluetooth Low Energy Link Layer dissection
3 * https://www.bluetooth.org/Technical/Specifications/adopted.htm
5 * Copyright 2013, Mike Ryan, mikeryan /at/ isecpartners /dot/ com
6 * Copyright 2013, Michal Labedzki for Tieto Corporation
7 * Copyright 2014, Christopher D. Kilgour, techie at whiterocker dot com
8 * Copyright 2017, Stig Bjorlykke for Nordic Semiconductor
10 * Wireshark - Network traffic analyzer
11 * By Gerald Combs <gerald@wireshark.org>
12 * Copyright 1998 Gerald Combs
14 * SPDX-License-Identifier: GPL-2.0-or-later
19 #include <epan/packet.h>
20 #include <epan/prefs.h>
21 #include <epan/expert.h>
22 #include <epan/proto_data.h>
23 #include <epan/reassemble.h>
25 #include <wiretap/wtap.h>
27 #include "packet-btle.h"
28 #include "packet-bthci_cmd.h"
29 #include "packet-bthci_acl.h"
31 static int proto_btle = -1;
32 static int proto_btle_rf = -1;
33 static int proto_nordic_ble = -1;
35 static int hf_access_address = -1;
36 static int hf_crc = -1;
37 static int hf_master_bd_addr = -1;
38 static int hf_slave_bd_addr = -1;
39 static int hf_length = -1;
40 static int hf_advertising_header = -1;
41 static int hf_advertising_header_pdu_type = -1;
42 static int hf_advertising_header_ch_sel = -1;
43 static int hf_advertising_header_rfu_1 = -1;
44 static int hf_advertising_header_randomized_tx = -1;
45 static int hf_advertising_header_randomized_rx = -1;
46 static int hf_advertising_header_reserved = -1;
47 static int hf_advertising_header_length = -1;
48 static int hf_advertising_address = -1;
49 static int hf_initiator_addresss = -1;
50 static int hf_scanning_address = -1;
51 static int hf_scan_response_data = -1;
52 static int hf_link_layer_data = -1;
53 static int hf_link_layer_data_access_address = -1;
54 static int hf_link_layer_data_crc_init = -1;
55 static int hf_link_layer_data_window_size = -1;
56 static int hf_link_layer_data_window_offset = -1;
57 static int hf_link_layer_data_interval = -1;
58 static int hf_link_layer_data_latency = -1;
59 static int hf_link_layer_data_timeout = -1;
60 static int hf_link_layer_data_channel_map = -1;
61 static int hf_link_layer_data_hop = -1;
62 static int hf_link_layer_data_sleep_clock_accuracy = -1;
63 static int hf_data_header = -1;
64 static int hf_data_header_length = -1;
65 static int hf_data_header_rfu = -1;
66 static int hf_data_header_llid = -1;
67 static int hf_data_header_more_data = -1;
68 static int hf_data_header_sequence_number = -1;
69 static int hf_data_header_next_expected_sequence_number = -1;
70 static int hf_control_opcode = -1;
71 static int hf_l2cap_index = -1;
72 static int hf_l2cap_fragment = -1;
73 static int hf_control_reject_opcode = -1;
74 static int hf_control_error_code = -1;
75 static int hf_control_unknown_type = -1;
76 static int hf_control_version_number = -1;
77 static int hf_control_company_id = -1;
78 static int hf_control_subversion_number = -1;
79 static int hf_control_feature_set = -1;
80 static int hf_control_feature_set_le_encryption = -1;
81 static int hf_control_feature_set_connection_parameters_request_procedure = -1;
82 static int hf_control_feature_set_extended_reject_indication = -1;
83 static int hf_control_feature_set_slave_initiated_features_exchange = -1;
84 static int hf_control_feature_set_le_ping = -1;
85 static int hf_control_feature_set_le_pkt_len_ext = -1;
86 static int hf_control_feature_set_ll_privacy = -1;
87 static int hf_control_feature_set_ext_scan_flt_pol = -1;
88 static int hf_control_feature_set_le_2m_phy = -1;
89 static int hf_control_feature_set_stable_modulation_index_transmitter = -1;
90 static int hf_control_feature_set_stable_modulation_index_receiver = -1;
91 static int hf_control_feature_set_le_coded_phy = -1;
92 static int hf_control_feature_set_le_extended_advertising = -1;
93 static int hf_control_feature_set_le_periodic_advertising = -1;
94 static int hf_control_feature_set_channel_selection_algorithm_2 = -1;
95 static int hf_control_feature_set_le_power_class_1 = -1;
96 static int hf_control_feature_set_minimum_number_of_used_channels_procedure = -1;
97 static int hf_control_feature_set_reserved_bits = -1;
98 static int hf_control_feature_set_reserved = -1;
99 static int hf_control_window_size = -1;
100 static int hf_control_window_offset = -1;
101 static int hf_control_interval = -1;
102 static int hf_control_latency = -1;
103 static int hf_control_timeout = -1;
104 static int hf_control_instant = -1;
105 static int hf_control_interval_min = -1;
106 static int hf_control_interval_max = -1;
107 static int hf_control_preffered_periodicity = -1;
108 static int hf_control_reference_connection_event_count = -1;
109 static int hf_control_offset_0 = -1;
110 static int hf_control_offset_1 = -1;
111 static int hf_control_offset_2 = -1;
112 static int hf_control_offset_3 = -1;
113 static int hf_control_offset_4 = -1;
114 static int hf_control_offset_5 = -1;
115 static int hf_control_channel_map = -1;
116 static int hf_control_random_number = -1;
117 static int hf_control_encrypted_diversifier = -1;
118 static int hf_control_master_session_key_diversifier = -1;
119 static int hf_control_master_session_initialization_vector = -1;
120 static int hf_control_slave_session_key_diversifier = -1;
121 static int hf_control_slave_session_initialization_vector = -1;
122 static int hf_control_max_rx_octets = -1;
123 static int hf_control_max_rx_time = -1;
124 static int hf_control_max_tx_octets = -1;
125 static int hf_control_max_tx_time = -1;
126 static int hf_control_phys_sender_le_1m_phy = -1;
127 static int hf_control_phys_sender_le_2m_phy = -1;
128 static int hf_control_phys_sender_le_coded_phy = -1;
129 static int hf_control_phys_update_le_1m_phy = -1;
130 static int hf_control_phys_update_le_2m_phy = -1;
131 static int hf_control_phys_update_le_coded_phy = -1;
132 static int hf_control_phys_reserved_bits = -1;
133 static int hf_control_tx_phys = -1;
134 static int hf_control_rx_phys = -1;
135 static int hf_control_m_to_s_phy = -1;
136 static int hf_control_s_to_m_phy = -1;
137 static int hf_control_phys = -1;
138 static int hf_control_phys_le_1m_phy = -1;
139 static int hf_control_phys_le_2m_phy = -1;
140 static int hf_control_phys_le_coded_phy = -1;
141 static int hf_control_min_used_channels = -1;
142 static int hf_btle_l2cap_msg_fragments = -1;
143 static int hf_btle_l2cap_msg_fragment = -1;
144 static int hf_btle_l2cap_msg_fragment_overlap = -1;
145 static int hf_btle_l2cap_msg_fragment_overlap_conflicts = -1;
146 static int hf_btle_l2cap_msg_fragment_multiple_tails = -1;
147 static int hf_btle_l2cap_msg_fragment_too_long_fragment = -1;
148 static int hf_btle_l2cap_msg_fragment_error = -1;
149 static int hf_btle_l2cap_msg_fragment_count = -1;
150 static int hf_btle_l2cap_msg_reassembled_in = -1;
151 static int hf_btle_l2cap_msg_reassembled_length = -1;
154 static gint ett_btle = -1;
155 static gint ett_advertising_header = -1;
156 static gint ett_link_layer_data = -1;
157 static gint ett_data_header = -1;
158 static gint ett_features = -1;
159 static gint ett_tx_phys = -1;
160 static gint ett_rx_phys = -1;
161 static gint ett_m_to_s_phy = -1;
162 static gint ett_s_to_m_phy = -1;
163 static gint ett_phys = -1;
164 static gint ett_channel_map = -1;
165 static gint ett_scan_response_data = -1;
166 static gint ett_btle_l2cap_msg_fragment = -1;
167 static gint ett_btle_l2cap_msg_fragments = -1;
170 static const int *hfx_control_feature_set_1[] = {
171 &hf_control_feature_set_le_encryption,
172 &hf_control_feature_set_connection_parameters_request_procedure,
173 &hf_control_feature_set_extended_reject_indication,
174 &hf_control_feature_set_slave_initiated_features_exchange,
175 &hf_control_feature_set_le_ping,
176 &hf_control_feature_set_le_pkt_len_ext,
177 &hf_control_feature_set_ll_privacy,
178 &hf_control_feature_set_ext_scan_flt_pol,
182 static const int *hfx_control_feature_set_2[] = {
183 &hf_control_feature_set_le_2m_phy,
184 &hf_control_feature_set_stable_modulation_index_transmitter,
185 &hf_control_feature_set_stable_modulation_index_receiver,
186 &hf_control_feature_set_le_coded_phy,
187 &hf_control_feature_set_le_extended_advertising,
188 &hf_control_feature_set_le_periodic_advertising,
189 &hf_control_feature_set_channel_selection_algorithm_2,
190 &hf_control_feature_set_le_power_class_1,
194 static const int *hfx_control_feature_set_3[] = {
195 &hf_control_feature_set_minimum_number_of_used_channels_procedure,
196 &hf_control_feature_set_reserved_bits,
200 static const int *hfx_control_phys_sender[] = {
201 &hf_control_phys_sender_le_1m_phy,
202 &hf_control_phys_sender_le_2m_phy,
203 &hf_control_phys_sender_le_coded_phy,
204 &hf_control_phys_reserved_bits,
208 static const int *hfx_control_phys_update[] = {
209 &hf_control_phys_update_le_1m_phy,
210 &hf_control_phys_update_le_2m_phy,
211 &hf_control_phys_update_le_coded_phy,
212 &hf_control_phys_reserved_bits,
216 static const int *hfx_control_phys[] = {
217 &hf_control_phys_le_1m_phy,
218 &hf_control_phys_le_2m_phy,
219 &hf_control_phys_le_coded_phy,
220 &hf_control_phys_reserved_bits,
225 static expert_field ei_unknown_data = EI_INIT;
226 static expert_field ei_access_address_matched = EI_INIT;
227 static expert_field ei_access_address_bit_errors = EI_INIT;
228 static expert_field ei_access_address_illegal = EI_INIT;
229 static expert_field ei_crc_cannot_be_determined = EI_INIT;
230 static expert_field ei_crc_incorrect = EI_INIT;
231 static expert_field ei_missing_fragment_start = EI_INIT;
232 static expert_field ei_retransmit = EI_INIT;
234 static dissector_handle_t btle_handle;
235 static dissector_handle_t btcommon_ad_handle;
236 static dissector_handle_t btcommon_le_channel_map_handle;
237 static dissector_handle_t btl2cap_handle;
239 static wmem_tree_t *connection_info_tree;
240 static guint32 l2cap_index;
243 static reassembly_table btle_l2cap_msg_reassembly_table;
245 static const fragment_items btle_l2cap_msg_frag_items = {
246 /* Fragment subtrees */
247 &ett_btle_l2cap_msg_fragment,
248 &ett_btle_l2cap_msg_fragments,
249 /* Fragment fields */
250 &hf_btle_l2cap_msg_fragments,
251 &hf_btle_l2cap_msg_fragment,
252 &hf_btle_l2cap_msg_fragment_overlap,
253 &hf_btle_l2cap_msg_fragment_overlap_conflicts,
254 &hf_btle_l2cap_msg_fragment_multiple_tails,
255 &hf_btle_l2cap_msg_fragment_too_long_fragment,
256 &hf_btle_l2cap_msg_fragment_error,
257 &hf_btle_l2cap_msg_fragment_count,
258 /* Reassembled in field */
259 &hf_btle_l2cap_msg_reassembled_in,
260 /* Reassembled length field */
261 &hf_btle_l2cap_msg_reassembled_length,
262 /* Reassembled data field */
265 "BTLE L2CAP fragments"
268 /* Store information about a connection direction */
269 typedef struct _direction_info_t {
270 guint prev_seq_num : 1; /* Previous sequence number for this direction */
271 guint segmentation_started : 1; /* 0 = No, 1 = Yes */
272 guint segment_len_rem; /* The remaining segment length, used to find last segment */
273 guint32 l2cap_index; /* Unique identifier for each L2CAP message */
276 /* Store information about a connection */
277 typedef struct _connection_info_t {
278 /* Address information */
279 guint32 interface_id;
281 guint32 access_address;
283 guint8 master_bd_addr[6];
284 guint8 slave_bd_addr[6];
285 /* Connection information */
286 /* Data used on the first pass to get info from previous frame, result will be in per_packet_data */
287 guint first_data_frame_seen : 1;
288 direction_info_t direction_info[3]; /* UNKNOWN, MASTER_SLAVE and SLAVE_MASTER */
292 typedef struct _btle_frame_info_t {
293 guint retransmit : 1; /* 0 = No, 1 = Retransmitted frame */
294 guint more_fragments : 1; /* 0 = Last fragment, 1 = More fragments */
295 guint missing_start : 1; /* 0 = No, 1 = Missing fragment start */
296 guint32 l2cap_index; /* Unique identifier for each L2CAP message */
299 static const value_string pdu_type_vals[] = {
301 { 0x01, "ADV_DIRECT_IND" },
302 { 0x02, "ADV_NONCONN_IND" },
303 { 0x03, "SCAN_REQ" },
304 { 0x04, "SCAN_RSP" },
305 { 0x05, "CONNECT_REQ" },
306 { 0x06, "ADV_SCAN_IND" },
309 static value_string_ext pdu_type_vals_ext = VALUE_STRING_EXT_INIT(pdu_type_vals);
311 static const value_string sleep_clock_accuracy_vals[] = {
312 { 0x00, "251 ppm to 500 ppm" },
313 { 0x01, "151 ppm to 250 ppm" },
314 { 0x02, "101 ppm to 150 ppm" },
315 { 0x03, "76 ppm to 100 ppm" },
316 { 0x04, "51 ppm to 75 ppm" },
317 { 0x05, "31 ppm to 50 ppm" },
318 { 0x06, "21 ppm to 30 ppm" },
319 { 0x07, "0 ppm to 20 ppm" },
322 static value_string_ext sleep_clock_accuracy_vals_ext = VALUE_STRING_EXT_INIT(sleep_clock_accuracy_vals);
324 static const value_string llid_codes_vals[] = {
325 { 0x01, "Continuation fragment of an L2CAP message, or an Empty PDU" },
326 { 0x02, "Start of an L2CAP message or a complete L2CAP message with no fragmentation" },
327 { 0x03, "Control PDU" },
330 static value_string_ext llid_codes_vals_ext = VALUE_STRING_EXT_INIT(llid_codes_vals);
332 static const value_string control_opcode_vals[] = {
333 { 0x00, "LL_CONNECTION_UPDATE_REQ" },
334 { 0x01, "LL_CHANNEL_MAP_REQ" },
335 { 0x02, "LL_TERMINATE_IND" },
336 { 0x03, "LL_ENC_REQ" },
337 { 0x04, "LL_ENC_RSP" },
338 { 0x05, "LL_START_ENC_REQ" },
339 { 0x06, "LL_START_ENC_RSP" },
340 { 0x07, "LL_UNKNOWN_RSP" },
341 { 0x08, "LL_FEATURE_REQ" },
342 { 0x09, "LL_FEATURE_RSP" },
343 { 0x0A, "LL_PAUSE_ENC_REQ" },
344 { 0x0B, "LL_PAUSE_ENC_RSP" },
345 { 0x0C, "LL_VERSION_IND" },
346 { 0x0D, "LL_REJECT_IND" },
347 { 0x0E, "LL_SLAVE_FEATURE_REQ" },
348 { 0x0F, "LL_CONNECTION_PARAM_REQ" },
349 { 0x10, "LL_CONNECTION_PARAM_RSP" },
350 { 0x11, "LL_REJECT_IND_EXT" },
351 { 0x12, "LL_PING_REQ" },
352 { 0x13, "LL_PING_RSP" },
353 { 0x14, "LL_LENGTH_REQ" },
354 { 0x15, "LL_LENGTH_RSP" },
355 { 0x16, "LL_PHY_REQ" },
356 { 0x17, "LL_PHY_RSP" },
357 { 0x18, "LL_PHY_UPDATE_IND" },
358 { 0x19, "LL_MIN_USED_CHANNELS_IND" },
361 static value_string_ext control_opcode_vals_ext = VALUE_STRING_EXT_INIT(control_opcode_vals);
363 /* Taken from https://www.bluetooth.org/en-us/specification/assigned-numbers/link-layer */
364 static const value_string ll_version_number_vals[] = {
372 static value_string_ext ll_version_number_vals_ext = VALUE_STRING_EXT_INIT(ll_version_number_vals);
374 static const true_false_string tfs_ch_sel = {
379 static const true_false_string tfs_random_public = {
384 void proto_register_btle(void);
385 void proto_reg_handoff_btle(void);
387 static gboolean btle_detect_retransmit = TRUE;
396 * Implements Bluetooth Vol 6, Part B, Section 3.1.1 (ref Figure 3.2)
398 * At entry: tvb is entire BTLE packet without preamble
399 * payload_len is the Length field from the BTLE PDU header
400 * crc_init as defined in the specifications
402 * This implementation operates on nibbles and is therefore
406 btle_crc(tvbuff_t *tvb, const guint8 payload_len, const guint32 crc_init)
408 static const guint16 btle_crc_next_state_flips[256] = {
409 0x0000, 0x32d8, 0x196c, 0x2bb4, 0x0cb6, 0x3e6e, 0x15da, 0x2702,
410 0x065b, 0x3483, 0x1f37, 0x2def, 0x0aed, 0x3835, 0x1381, 0x2159,
411 0x065b, 0x3483, 0x1f37, 0x2def, 0x0aed, 0x3835, 0x1381, 0x2159,
412 0x0000, 0x32d8, 0x196c, 0x2bb4, 0x0cb6, 0x3e6e, 0x15da, 0x2702,
413 0x0cb6, 0x3e6e, 0x15da, 0x2702, 0x0000, 0x32d8, 0x196c, 0x2bb4,
414 0x0aed, 0x3835, 0x1381, 0x2159, 0x065b, 0x3483, 0x1f37, 0x2def,
415 0x0aed, 0x3835, 0x1381, 0x2159, 0x065b, 0x3483, 0x1f37, 0x2def,
416 0x0cb6, 0x3e6e, 0x15da, 0x2702, 0x0000, 0x32d8, 0x196c, 0x2bb4,
417 0x196c, 0x2bb4, 0x0000, 0x32d8, 0x15da, 0x2702, 0x0cb6, 0x3e6e,
418 0x1f37, 0x2def, 0x065b, 0x3483, 0x1381, 0x2159, 0x0aed, 0x3835,
419 0x1f37, 0x2def, 0x065b, 0x3483, 0x1381, 0x2159, 0x0aed, 0x3835,
420 0x196c, 0x2bb4, 0x0000, 0x32d8, 0x15da, 0x2702, 0x0cb6, 0x3e6e,
421 0x15da, 0x2702, 0x0cb6, 0x3e6e, 0x196c, 0x2bb4, 0x0000, 0x32d8,
422 0x1381, 0x2159, 0x0aed, 0x3835, 0x1f37, 0x2def, 0x065b, 0x3483,
423 0x1381, 0x2159, 0x0aed, 0x3835, 0x1f37, 0x2def, 0x065b, 0x3483,
424 0x15da, 0x2702, 0x0cb6, 0x3e6e, 0x196c, 0x2bb4, 0x0000, 0x32d8,
425 0x32d8, 0x0000, 0x2bb4, 0x196c, 0x3e6e, 0x0cb6, 0x2702, 0x15da,
426 0x3483, 0x065b, 0x2def, 0x1f37, 0x3835, 0x0aed, 0x2159, 0x1381,
427 0x3483, 0x065b, 0x2def, 0x1f37, 0x3835, 0x0aed, 0x2159, 0x1381,
428 0x32d8, 0x0000, 0x2bb4, 0x196c, 0x3e6e, 0x0cb6, 0x2702, 0x15da,
429 0x3e6e, 0x0cb6, 0x2702, 0x15da, 0x32d8, 0x0000, 0x2bb4, 0x196c,
430 0x3835, 0x0aed, 0x2159, 0x1381, 0x3483, 0x065b, 0x2def, 0x1f37,
431 0x3835, 0x0aed, 0x2159, 0x1381, 0x3483, 0x065b, 0x2def, 0x1f37,
432 0x3e6e, 0x0cb6, 0x2702, 0x15da, 0x32d8, 0x0000, 0x2bb4, 0x196c,
433 0x2bb4, 0x196c, 0x32d8, 0x0000, 0x2702, 0x15da, 0x3e6e, 0x0cb6,
434 0x2def, 0x1f37, 0x3483, 0x065b, 0x2159, 0x1381, 0x3835, 0x0aed,
435 0x2def, 0x1f37, 0x3483, 0x065b, 0x2159, 0x1381, 0x3835, 0x0aed,
436 0x2bb4, 0x196c, 0x32d8, 0x0000, 0x2702, 0x15da, 0x3e6e, 0x0cb6,
437 0x2702, 0x15da, 0x3e6e, 0x0cb6, 0x2bb4, 0x196c, 0x32d8, 0x0000,
438 0x2159, 0x1381, 0x3835, 0x0aed, 0x2def, 0x1f37, 0x3483, 0x065b,
439 0x2159, 0x1381, 0x3835, 0x0aed, 0x2def, 0x1f37, 0x3483, 0x065b,
440 0x2702, 0x15da, 0x3e6e, 0x0cb6, 0x2bb4, 0x196c, 0x32d8, 0x0000
442 gint offset = 4; /* skip AA, CRC applies over PDU */
443 guint32 state = crc_init;
444 guint8 bytes_to_go = 2+payload_len; /* PDU includes header and payload */
445 while( bytes_to_go-- ) {
446 guint8 byte = tvb_get_guint8(tvb, offset++);
447 guint8 nibble = (byte & 0xf);
448 guint8 byte_index = ((state >> 16) & 0xf0) | nibble;
449 state = ((state << 4) ^ btle_crc_next_state_flips[byte_index]) & 0xffffff;
450 nibble = ((byte >> 4) & 0xf);
451 byte_index = ((state >> 16) & 0xf0) | nibble;
452 state = ((state << 4) ^ btle_crc_next_state_flips[byte_index]) & 0xffffff;
458 * Reverses the bits in each byte of a 32-bit word.
460 * Needed because CRCs are transmitted in bit-reversed order compared
461 * to the rest of the BTLE packet. See BT spec, Vol 6, Part B,
465 reverse_bits_per_byte(const guint32 val)
467 const guint8 nibble_rev[16] = {
468 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe,
469 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf
473 for (byte_index=0; byte_index<4; byte_index++) {
474 guint shiftA = byte_index*8;
475 guint shiftB = shiftA+4;
476 retval |= (nibble_rev[((val >> shiftA) & 0xf)] << shiftB);
477 retval |= (nibble_rev[((val >> shiftB) & 0xf)] << shiftA);
483 dissect_btle(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
485 proto_item *btle_item;
486 proto_tree *btle_tree;
487 proto_item *sub_item;
488 proto_tree *sub_tree;
490 guint32 access_address, length;
494 static const guint8 broadcast_addr[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
495 connection_info_t *connection_info = NULL;
496 wmem_tree_t *wmem_tree;
497 wmem_tree_key_t key[5];
498 guint32 interface_id;
500 guint32 connection_access_address;
501 guint32 frame_number;
502 enum {CRC_INDETERMINATE,
503 CRC_CAN_BE_CALCULATED,
505 CRC_CORRECT} crc_status = CRC_INDETERMINATE;
506 guint32 crc_init = 0x555555; /* default to advertising channel's value */
508 const btle_context_t *btle_context = NULL;
509 bluetooth_data_t *bluetooth_data = NULL;
510 ubertooth_data_t *ubertooth_data = NULL;
512 wmem_list_frame_t *list_data;
519 list_data = wmem_list_frame_prev(wmem_list_tail(pinfo->layers));
521 previous_proto = GPOINTER_TO_INT(wmem_list_frame_data(list_data));
523 if ((previous_proto == proto_btle_rf)||(previous_proto == proto_nordic_ble)) {
524 btle_context = (const btle_context_t *) data;
525 bluetooth_data = btle_context->previous_protocol_data.bluetooth_data;
526 } else if (previous_proto == proto_bluetooth) {
527 bluetooth_data = (bluetooth_data_t *) data;
530 if (bluetooth_data && bluetooth_data->previous_protocol_data_type == BT_PD_UBERTOOTH_DATA) {
531 ubertooth_data = bluetooth_data->previous_protocol_data.ubertooth_data;
535 src_bd_addr = (gchar *) wmem_alloc(pinfo->pool, 6);
536 dst_bd_addr = (gchar *) wmem_alloc(pinfo->pool, 6);
538 if (btle_context && btle_context->crc_checked_at_capture) {
539 crc_status = btle_context->crc_valid_at_capture ? CRC_CORRECT : CRC_INCORRECT;
542 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LE LL");
544 btle_item = proto_tree_add_item(tree, proto_btle, tvb, offset, -1, ENC_NA);
545 btle_tree = proto_item_add_subtree(btle_item, ett_btle);
547 sub_item = proto_tree_add_item(btle_tree, hf_access_address, tvb, offset, 4, ENC_LITTLE_ENDIAN);
548 access_address = tvb_get_letohl(tvb, offset);
550 switch(btle_context->aa_category) {
552 expert_add_info(pinfo, sub_item, &ei_access_address_matched);
555 expert_add_info(pinfo, sub_item, &ei_access_address_illegal);
557 case E_AA_BIT_ERRORS:
558 expert_add_info(pinfo, sub_item, &ei_access_address_bit_errors);
567 interface_id = bluetooth_data->interface_id;
568 else if (pinfo->rec->presence_flags & WTAP_HAS_INTERFACE_ID)
569 interface_id = pinfo->rec->rec_header.packet_header.interface_id;
571 interface_id = HCI_INTERFACE_DEFAULT;
574 adapter_id = ubertooth_data->bus_id << 8 | ubertooth_data->device_address;
575 else if (bluetooth_data)
576 adapter_id = bluetooth_data->adapter_id;
578 adapter_id = HCI_ADAPTER_DEFAULT;
580 frame_number = pinfo->num;
582 if (access_address == ACCESS_ADDRESS_ADVERTISING) {
583 proto_item *advertising_header_item;
584 proto_tree *advertising_header_tree;
585 proto_item *link_layer_data_item;
586 proto_tree *link_layer_data_tree;
587 guint8 pdu_type, ch_sel;
589 if (crc_status == CRC_INDETERMINATE) {
590 /* Advertising channel CRCs can aways be calculated, because CRCInit is always known. */
591 crc_status = CRC_CAN_BE_CALCULATED;
594 advertising_header_item = proto_tree_add_item(btle_tree, hf_advertising_header, tvb, offset, 2, ENC_LITTLE_ENDIAN);
595 advertising_header_tree = proto_item_add_subtree(advertising_header_item, ett_advertising_header);
597 pdu_type = tvb_get_guint8(tvb, offset) & 0x0F;
598 ch_sel = (tvb_get_guint8(tvb, offset) & 0x20) >> 5;
599 proto_item_append_text(advertising_header_item, " (PDU Type: %s, ChSel: %s, TxAdd: %s",
600 val_to_str_ext_const(pdu_type, &pdu_type_vals_ext, "Unknown"),
601 (ch_sel & 0x01) ? tfs_ch_sel.true_string : tfs_ch_sel.false_string,
602 (tvb_get_guint8(tvb, offset) & 0x40) ? tfs_random_public.true_string : tfs_random_public.false_string);
603 proto_tree_add_item(advertising_header_tree, hf_advertising_header_pdu_type, tvb, offset, 1, ENC_LITTLE_ENDIAN);
604 proto_tree_add_item(advertising_header_tree, hf_advertising_header_rfu_1, tvb, offset, 1, ENC_LITTLE_ENDIAN);
605 proto_tree_add_item(advertising_header_tree, hf_advertising_header_ch_sel, tvb, offset, 1, ENC_LITTLE_ENDIAN);
606 proto_tree_add_item(advertising_header_tree, hf_advertising_header_randomized_tx, tvb, offset, 1, ENC_LITTLE_ENDIAN);
608 case 0x00: /* ADV_IND */
609 case 0x02: /* ADV_NONCONN_IND */
610 case 0x04: /* SCAN_RSP */
611 case 0x06: /* ADV_SCAN_IND */
612 proto_tree_add_item(advertising_header_tree, hf_advertising_header_reserved, tvb, offset, 1, ENC_LITTLE_ENDIAN);
615 proto_tree_add_item(advertising_header_tree, hf_advertising_header_randomized_rx, tvb, offset, 1, ENC_LITTLE_ENDIAN);
616 proto_item_append_text(advertising_header_item, ", RxAdd: %s",
617 (tvb_get_guint8(tvb, offset) & 0x80) ? tfs_random_public.true_string : tfs_random_public.false_string);
619 proto_item_append_text(advertising_header_item, ")");
622 col_set_str(pinfo->cinfo, COL_INFO, val_to_str_ext_const(pdu_type, &pdu_type_vals_ext, "Unknown"));
624 proto_tree_add_item(advertising_header_tree, hf_advertising_header_length, tvb, offset, 1, ENC_LITTLE_ENDIAN);
625 item = proto_tree_add_item_ret_uint(btle_tree, hf_length, tvb, offset, 1, ENC_LITTLE_ENDIAN, &length);
626 proto_item_set_hidden(item);
630 case 0x00: /* ADV_IND */
631 case 0x02: /* ADV_NONCONN_IND */
632 case 0x06: /* ADV_SCAN_IND */
633 offset = dissect_bd_addr(hf_advertising_address, pinfo, btle_tree, tvb, offset, TRUE, interface_id, adapter_id, src_bd_addr);
635 set_address(&pinfo->net_src, AT_ETHER, 6, src_bd_addr);
636 copy_address_shallow(&pinfo->dl_src, &pinfo->net_src);
637 copy_address_shallow(&pinfo->src, &pinfo->net_src);
639 set_address(&pinfo->net_dst, AT_ETHER, 6, broadcast_addr);
640 copy_address_shallow(&pinfo->dl_dst, &pinfo->net_dst);
641 copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
643 if (!pinfo->fd->visited) {
646 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_src, sizeof(address));
647 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_src.data, pinfo->dl_src.len);
648 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_SRC, addr);
650 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_dst, sizeof(address));
651 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_dst.data, pinfo->dl_dst.len);
652 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_DST, addr);
655 if (tvb_reported_length_remaining(tvb, offset) > 3) {
656 bluetooth_eir_ad_data_t *ad_data = wmem_new0(wmem_packet_scope(), bluetooth_eir_ad_data_t);
657 ad_data->interface_id = interface_id;
658 ad_data->adapter_id = adapter_id;
659 next_tvb = tvb_new_subset_length(tvb, offset, tvb_reported_length_remaining(tvb, offset) - 3);
660 call_dissector_with_data(btcommon_ad_handle, next_tvb, pinfo, btle_tree, ad_data);
663 offset += tvb_reported_length_remaining(tvb, offset) - 3;
666 case 0x01: /* ADV_DIRECT_IND */
667 offset = dissect_bd_addr(hf_advertising_address, pinfo, btle_tree, tvb, offset, TRUE, interface_id, adapter_id, src_bd_addr);
668 offset = dissect_bd_addr(hf_initiator_addresss, pinfo, btle_tree, tvb, offset, FALSE, interface_id, adapter_id, dst_bd_addr);
670 set_address(&pinfo->net_src, AT_ETHER, 6, src_bd_addr);
671 copy_address_shallow(&pinfo->dl_src, &pinfo->net_src);
672 copy_address_shallow(&pinfo->src, &pinfo->net_src);
674 set_address(&pinfo->net_dst, AT_ETHER, 6, dst_bd_addr);
675 copy_address_shallow(&pinfo->dl_dst, &pinfo->net_dst);
676 copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
678 if (!pinfo->fd->visited) {
681 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_src, sizeof(address));
682 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_src.data, pinfo->dl_src.len);
683 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_SRC, addr);
685 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_dst, sizeof(address));
686 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_dst.data, pinfo->dl_dst.len);
687 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_DST, addr);
691 case 0x03: /* SCAN_REQ */
692 offset = dissect_bd_addr(hf_scanning_address, pinfo, btle_tree, tvb, offset, TRUE, interface_id, adapter_id, src_bd_addr);
693 offset = dissect_bd_addr(hf_advertising_address, pinfo, btle_tree, tvb, offset, FALSE, interface_id, adapter_id, dst_bd_addr);
695 set_address(&pinfo->net_src, AT_ETHER, 6, src_bd_addr);
696 copy_address_shallow(&pinfo->dl_src, &pinfo->net_src);
697 copy_address_shallow(&pinfo->src, &pinfo->net_src);
699 set_address(&pinfo->net_dst, AT_ETHER, 6, dst_bd_addr);
700 copy_address_shallow(&pinfo->dl_dst, &pinfo->net_dst);
701 copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
703 if (!pinfo->fd->visited) {
706 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_src, sizeof(address));
707 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_src.data, pinfo->dl_src.len);
708 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_SRC, addr);
710 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_dst, sizeof(address));
711 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_dst.data, pinfo->dl_dst.len);
712 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_DST, addr);
716 case 0x04: /* SCAN_RSP */
717 offset = dissect_bd_addr(hf_advertising_address, pinfo, btle_tree, tvb, offset, TRUE, interface_id, adapter_id, src_bd_addr);
719 set_address(&pinfo->net_src, AT_ETHER, 6, src_bd_addr);
720 copy_address_shallow(&pinfo->dl_src, &pinfo->net_src);
721 copy_address_shallow(&pinfo->src, &pinfo->net_src);
723 set_address(&pinfo->net_dst, AT_ETHER, 6, broadcast_addr);
724 copy_address_shallow(&pinfo->dl_dst, &pinfo->net_dst);
725 copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
727 if (!pinfo->fd->visited) {
730 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_src, sizeof(address));
731 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_src.data, pinfo->dl_src.len);
732 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_SRC, addr);
734 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_dst, sizeof(address));
735 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_dst.data, pinfo->dl_dst.len);
736 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_DST, addr);
739 sub_item = proto_tree_add_item(btle_tree, hf_scan_response_data, tvb, offset, tvb_reported_length_remaining(tvb, offset) - 3, ENC_NA);
740 sub_tree = proto_item_add_subtree(sub_item, ett_scan_response_data);
742 if (tvb_reported_length_remaining(tvb, offset) > 3) {
743 bluetooth_eir_ad_data_t *ad_data = wmem_new0(wmem_packet_scope(), bluetooth_eir_ad_data_t);
744 ad_data->interface_id = interface_id;
745 ad_data->adapter_id = adapter_id;
746 next_tvb = tvb_new_subset_length(tvb, offset, tvb_reported_length_remaining(tvb, offset) - 3);
747 call_dissector_with_data(btcommon_ad_handle, next_tvb, pinfo, sub_tree, ad_data);
750 offset += tvb_reported_length_remaining(tvb, offset) - 3;
753 case 0x05: /* CONNECT_REQ */
754 offset = dissect_bd_addr(hf_initiator_addresss, pinfo, btle_tree, tvb, offset, FALSE, interface_id, adapter_id, src_bd_addr);
755 offset = dissect_bd_addr(hf_advertising_address, pinfo, btle_tree, tvb, offset, TRUE, interface_id, adapter_id, dst_bd_addr);
757 set_address(&pinfo->net_src, AT_ETHER, 6, src_bd_addr);
758 copy_address_shallow(&pinfo->dl_src, &pinfo->net_src);
759 copy_address_shallow(&pinfo->src, &pinfo->net_src);
761 set_address(&pinfo->net_dst, AT_ETHER, 6, dst_bd_addr);
762 copy_address_shallow(&pinfo->dl_dst, &pinfo->net_dst);
763 copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
765 if (!pinfo->fd->visited) {
768 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_src, sizeof(address));
769 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_src.data, pinfo->dl_src.len);
770 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_SRC, addr);
772 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_dst, sizeof(address));
773 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_dst.data, pinfo->dl_dst.len);
774 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_DST, addr);
777 link_layer_data_item = proto_tree_add_item(btle_tree, hf_link_layer_data, tvb, offset, 22, ENC_NA);
778 link_layer_data_tree = proto_item_add_subtree(link_layer_data_item, ett_link_layer_data);
780 proto_tree_add_item(link_layer_data_tree, hf_link_layer_data_access_address, tvb, offset, 4, ENC_LITTLE_ENDIAN);
781 connection_access_address = tvb_get_letohl(tvb, offset);
784 proto_tree_add_item(link_layer_data_tree, hf_link_layer_data_crc_init, tvb, offset, 3, ENC_LITTLE_ENDIAN);
787 item = proto_tree_add_item_ret_uint(link_layer_data_tree, hf_link_layer_data_window_size, tvb, offset, 1, ENC_LITTLE_ENDIAN, &window_size);
788 proto_item_append_text(item, " (%g msec)", window_size*1.25);
791 item = proto_tree_add_item_ret_uint(link_layer_data_tree, hf_link_layer_data_window_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN, &window_offset);
792 proto_item_append_text(item, " (%g msec)", window_offset*1.25);
795 item = proto_tree_add_item_ret_uint(link_layer_data_tree, hf_link_layer_data_interval, tvb, offset, 2, ENC_LITTLE_ENDIAN, &data_interval);
796 proto_item_append_text(item, " (%g msec)", data_interval*1.25);
799 proto_tree_add_item(link_layer_data_tree, hf_link_layer_data_latency, tvb, offset, 2, ENC_LITTLE_ENDIAN);
802 item = proto_tree_add_item_ret_uint(link_layer_data_tree, hf_link_layer_data_timeout, tvb, offset, 2, ENC_LITTLE_ENDIAN, &data_timeout);
803 proto_item_append_text(item, " (%u msec)", data_timeout*10);
806 sub_item = proto_tree_add_item(link_layer_data_tree, hf_link_layer_data_channel_map, tvb, offset, 5, ENC_NA);
807 sub_tree = proto_item_add_subtree(sub_item, ett_channel_map);
809 call_dissector(btcommon_le_channel_map_handle, tvb_new_subset_length(tvb, offset, 5), pinfo, sub_tree);
812 proto_tree_add_item(link_layer_data_tree, hf_link_layer_data_hop, tvb, offset, 1, ENC_LITTLE_ENDIAN);
813 proto_tree_add_item(link_layer_data_tree, hf_link_layer_data_sleep_clock_accuracy, tvb, offset, 1, ENC_LITTLE_ENDIAN);
816 if (!pinfo->fd->visited) {
818 key[0].key = &interface_id;
820 key[1].key = &adapter_id;
822 key[2].key = &connection_access_address;
824 key[3].key = &frame_number;
828 connection_info = wmem_new0(wmem_file_scope(), connection_info_t);
829 connection_info->interface_id = interface_id;
830 connection_info->adapter_id = adapter_id;
831 connection_info->access_address = connection_access_address;
833 memcpy(connection_info->master_bd_addr, src_bd_addr, 6);
834 memcpy(connection_info->slave_bd_addr, dst_bd_addr, 6);
836 wmem_tree_insert32_array(connection_info_tree, key, connection_info);
841 if (tvb_reported_length_remaining(tvb, offset) > 3) {
842 proto_tree_add_expert(btle_tree, pinfo, &ei_unknown_data, tvb, offset, tvb_reported_length_remaining(tvb, offset) - 3);
843 offset += tvb_reported_length_remaining(tvb, offset) - 3;
846 } else { /* data PDU */
847 proto_item *data_header_item, *seq_item;
848 proto_tree *data_header_tree;
851 guint8 control_opcode;
852 guint32 direction = BTLE_DIR_UNKNOWN;
853 gboolean add_l2cap_index = FALSE;
854 gboolean retransmit = FALSE;
857 direction = btle_context->direction;
860 btle_frame_info_t *btle_frame_info = NULL;
861 fragment_head *frag_btl2cap_msg = NULL;
862 btle_frame_info_t empty_btle_frame_info = {0, 0, 0, 0};
865 key[0].key = &interface_id;
867 key[1].key = &adapter_id;
869 key[2].key = &access_address;
873 oct = tvb_get_guint8(tvb, offset);
874 wmem_tree = (wmem_tree_t *) wmem_tree_lookup32_array(connection_info_tree, key);
876 connection_info = (connection_info_t *) wmem_tree_lookup32_le(wmem_tree, pinfo->num);
877 if (connection_info) {
878 gchar *str_addr_src, *str_addr_dst;
879 /* Holds "unknown" + access_address + NULL, which is the longest string */
880 int str_addr_len = 18 + 1;
882 str_addr_src = (gchar *) wmem_alloc(pinfo->pool, str_addr_len);
883 str_addr_dst = (gchar *) wmem_alloc(pinfo->pool, str_addr_len);
885 sub_item = proto_tree_add_ether(btle_tree, hf_master_bd_addr, tvb, 0, 0, connection_info->master_bd_addr);
886 proto_item_set_generated(sub_item);
888 sub_item = proto_tree_add_ether(btle_tree, hf_slave_bd_addr, tvb, 0, 0, connection_info->slave_bd_addr);
889 proto_item_set_generated(sub_item);
892 case BTLE_DIR_MASTER_SLAVE:
893 g_snprintf(str_addr_src, str_addr_len, "Master_0x%08x", connection_info->access_address);
894 g_snprintf(str_addr_dst, str_addr_len, "Slave_0x%08x", connection_info->access_address);
895 set_address(&pinfo->dl_src, AT_ETHER, sizeof(connection_info->master_bd_addr), connection_info->master_bd_addr);
896 set_address(&pinfo->dl_dst, AT_ETHER, sizeof(connection_info->slave_bd_addr), connection_info->slave_bd_addr);
898 case BTLE_DIR_SLAVE_MASTER:
899 g_snprintf(str_addr_src, str_addr_len, "Slave_0x%08x", connection_info->access_address);
900 g_snprintf(str_addr_dst, str_addr_len, "Master_0x%08x", connection_info->access_address);
901 set_address(&pinfo->dl_src, AT_ETHER, sizeof(connection_info->slave_bd_addr), connection_info->slave_bd_addr);
902 set_address(&pinfo->dl_dst, AT_ETHER, sizeof(connection_info->master_bd_addr), connection_info->master_bd_addr);
905 /* BTLE_DIR_UNKNOWN */
906 g_snprintf(str_addr_src, str_addr_len, "Unknown_0x%08x", connection_info->access_address);
907 g_snprintf(str_addr_dst, str_addr_len, "Unknown_0x%08x", connection_info->access_address);
908 clear_address(&pinfo->dl_src);
909 clear_address(&pinfo->dl_dst);
913 set_address(&pinfo->net_src, AT_STRINGZ, (int)strlen(str_addr_src)+1, str_addr_src);
914 copy_address_shallow(&pinfo->src, &pinfo->net_src);
916 set_address(&pinfo->net_dst, AT_STRINGZ, (int)strlen(str_addr_dst)+1, str_addr_dst);
917 copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
919 if (!pinfo->fd->visited) {
922 btle_frame_info = wmem_new0(wmem_file_scope(), btle_frame_info_t);
923 btle_frame_info->l2cap_index = connection_info->direction_info[direction].l2cap_index;
925 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_src, sizeof(address));
926 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_src.data, pinfo->dl_src.len);
927 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_SRC, addr);
929 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_dst, sizeof(address));
930 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_dst.data, pinfo->dl_dst.len);
931 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_DST, addr);
933 if (!connection_info->first_data_frame_seen) {
934 connection_info->first_data_frame_seen = 1;
935 btle_frame_info->retransmit = 0;
936 connection_info->direction_info[BTLE_DIR_MASTER_SLAVE].prev_seq_num = 0;
937 connection_info->direction_info[BTLE_DIR_SLAVE_MASTER].prev_seq_num = 1;
940 guint8 seq_num = !!(oct & 0x8);
942 if (seq_num != connection_info->direction_info[direction].prev_seq_num) {
943 /* SN is not equal to previous packet (in same direction) SN */
944 btle_frame_info->retransmit = 0;
947 btle_frame_info->retransmit = 1;
949 connection_info->direction_info[direction].prev_seq_num = seq_num;
951 p_add_proto_data(wmem_file_scope(), pinfo, proto_btle, pinfo->curr_layer_num, btle_frame_info);
954 /* Not the first pass */
955 btle_frame_info = (btle_frame_info_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_btle, pinfo->curr_layer_num);
960 if (btle_frame_info == NULL) {
961 btle_frame_info = &empty_btle_frame_info;
963 data_header_item = proto_tree_add_item(btle_tree, hf_data_header, tvb, offset, 2, ENC_LITTLE_ENDIAN);
964 data_header_tree = proto_item_add_subtree(data_header_item, ett_data_header);
966 proto_tree_add_item(data_header_tree, hf_data_header_llid, tvb, offset, 1, ENC_LITTLE_ENDIAN);
967 proto_tree_add_item(data_header_tree, hf_data_header_next_expected_sequence_number, tvb, offset, 1, ENC_LITTLE_ENDIAN);
968 seq_item = proto_tree_add_item(data_header_tree, hf_data_header_sequence_number, tvb, offset, 1, ENC_LITTLE_ENDIAN);
970 if (direction != BTLE_DIR_UNKNOWN) {
971 /* Unable to check valid SN or retransmission without direction */
972 if (btle_frame_info->retransmit == 0) {
973 proto_item_append_text(seq_item, " [OK]");
976 proto_item_append_text(seq_item, " [Wrong]");
977 if (btle_detect_retransmit) {
978 expert_add_info(pinfo, seq_item, &ei_retransmit);
984 proto_tree_add_item(data_header_tree, hf_data_header_more_data, tvb, offset, 1, ENC_LITTLE_ENDIAN);
985 proto_tree_add_item(data_header_tree, hf_data_header_rfu, tvb, offset, 1, ENC_LITTLE_ENDIAN);
986 llid = tvb_get_guint8(tvb, offset) & 0x03;
989 proto_tree_add_item(data_header_tree, hf_data_header_length, tvb, offset, 1, ENC_LITTLE_ENDIAN);
990 item = proto_tree_add_item_ret_uint(btle_tree, hf_length, tvb, offset, 1, ENC_LITTLE_ENDIAN, &length);
991 proto_item_set_hidden(item);
995 case 0x01: /* Continuation fragment of an L2CAP message, or an Empty PDU */
997 tvbuff_t *new_tvb = NULL;
999 pinfo->fragmented = TRUE;
1000 if (connection_info && !retransmit) {
1001 if (!pinfo->fd->visited) {
1002 if (connection_info->direction_info[direction].segmentation_started == 1) {
1003 if (connection_info->direction_info[direction].segment_len_rem >= length) {
1004 connection_info->direction_info[direction].segment_len_rem = connection_info->direction_info[direction].segment_len_rem - length;
1007 * Missing fragment for previous L2CAP and fragment start for this.
1008 * Increase l2cap_index.
1010 btle_frame_info->missing_start = 1;
1011 btle_frame_info->l2cap_index = l2cap_index;
1014 if (connection_info->direction_info[direction].segment_len_rem > 0) {
1015 btle_frame_info->more_fragments = 1;
1018 btle_frame_info->more_fragments = 0;
1019 connection_info->direction_info[direction].segmentation_started = 0;
1020 connection_info->direction_info[direction].segment_len_rem = 0;
1024 * Missing fragment start.
1025 * Set more_fragments and increase l2cap_index to avoid reassembly.
1027 btle_frame_info->more_fragments = 1;
1028 btle_frame_info->missing_start = 1;
1029 btle_frame_info->l2cap_index = l2cap_index;
1034 add_l2cap_index = TRUE;
1036 frag_btl2cap_msg = fragment_add_seq_next(&btle_l2cap_msg_reassembly_table,
1039 btle_frame_info->l2cap_index, /* guint32 ID for fragments belonging together */
1041 length, /* Fragment length */
1042 btle_frame_info->more_fragments); /* More fragments */
1044 new_tvb = process_reassembled_data(tvb, offset, pinfo,
1045 "Reassembled L2CAP",
1047 &btle_l2cap_msg_frag_items,
1053 bthci_acl_data_t *acl_data;
1055 col_set_str(pinfo->cinfo, COL_INFO, "L2CAP Data");
1057 acl_data = wmem_new(wmem_packet_scope(), bthci_acl_data_t);
1058 acl_data->interface_id = interface_id;
1059 acl_data->adapter_id = adapter_id;
1060 acl_data->chandle = 0; /* No connection handle at this layer */
1061 acl_data->remote_bd_addr_oui = 0;
1062 acl_data->remote_bd_addr_id = 0;
1063 acl_data->is_btle = TRUE;
1064 acl_data->is_btle_retransmit = retransmit;
1066 next_tvb = tvb_new_subset_length(tvb, offset, length);
1068 call_dissector_with_data(btl2cap_handle, new_tvb, pinfo, tree, acl_data);
1073 col_set_str(pinfo->cinfo, COL_INFO, "L2CAP Fragment");
1074 item = proto_tree_add_item(btle_tree, hf_l2cap_fragment, tvb, offset, length, ENC_NA);
1075 if (btle_frame_info->missing_start) {
1076 expert_add_info(pinfo, item, &ei_missing_fragment_start);
1081 col_set_str(pinfo->cinfo, COL_INFO, "Empty PDU");
1085 case 0x02: /* Start of an L2CAP message or a complete L2CAP message with no fragmentation */
1087 guint l2cap_len = tvb_get_letohs(tvb, offset);
1088 if (l2cap_len + 4 > length) { /* L2CAP PDU Length excludes the 4 octets header */
1089 pinfo->fragmented = TRUE;
1090 if (connection_info && !retransmit) {
1091 if (!pinfo->fd->visited) {
1092 connection_info->direction_info[direction].segmentation_started = 1;
1093 /* The first two octets in the L2CAP PDU contain the length of the entire
1094 * L2CAP PDU in octets, excluding the Length and CID fields(4 octets).
1096 connection_info->direction_info[direction].segment_len_rem = l2cap_len + 4 - length;
1097 connection_info->direction_info[direction].l2cap_index = l2cap_index;
1098 btle_frame_info->more_fragments = 1;
1099 btle_frame_info->l2cap_index = l2cap_index;
1103 add_l2cap_index = TRUE;
1105 frag_btl2cap_msg = fragment_add_seq_next(&btle_l2cap_msg_reassembly_table,
1108 btle_frame_info->l2cap_index, /* guint32 ID for fragments belonging together */
1110 length, /* Fragment length */
1111 btle_frame_info->more_fragments); /* More fragments */
1113 process_reassembled_data(tvb, offset, pinfo,
1114 "Reassembled L2CAP",
1116 &btle_l2cap_msg_frag_items,
1121 col_set_str(pinfo->cinfo, COL_INFO, "L2CAP Fragment Start");
1122 proto_tree_add_item(btle_tree, hf_l2cap_fragment, tvb, offset, length, ENC_NA);
1125 bthci_acl_data_t *acl_data;
1126 if (connection_info) {
1127 /* Add a L2CAP index for completeness */
1128 if (!pinfo->fd->visited) {
1129 btle_frame_info->l2cap_index = l2cap_index;
1133 add_l2cap_index = TRUE;
1136 col_set_str(pinfo->cinfo, COL_INFO, "L2CAP Data");
1138 acl_data = wmem_new(wmem_packet_scope(), bthci_acl_data_t);
1139 acl_data->interface_id = interface_id;
1140 acl_data->adapter_id = adapter_id;
1141 acl_data->chandle = 0; /* No connection handle at this layer */
1142 acl_data->remote_bd_addr_oui = 0;
1143 acl_data->remote_bd_addr_id = 0;
1144 acl_data->is_btle = TRUE;
1145 acl_data->is_btle_retransmit = retransmit;
1147 next_tvb = tvb_new_subset_length(tvb, offset, length);
1148 call_dissector_with_data(btl2cap_handle, next_tvb, pinfo, tree, acl_data);
1153 case 0x03: /* Control PDU */
1154 proto_tree_add_item(btle_tree, hf_control_opcode, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1155 control_opcode = tvb_get_guint8(tvb, offset);
1158 col_add_fstr(pinfo->cinfo, COL_INFO, "Control Opcode: %s",
1159 val_to_str_ext_const(control_opcode, &control_opcode_vals_ext, "Unknown"));
1161 switch (control_opcode) {
1162 case 0x05: /* LL_START_ENC_REQ */
1163 case 0x06: /* LL_START_ENC_RSP */
1164 case 0x0A: /* LL_PAUSE_ENC_REQ */
1165 case 0x0B: /* LL_PAUSE_ENC_RSP */
1166 case 0x12: /* LL_PING_REQ */
1167 case 0x13: /* LL_PING_RSP */
1168 if (tvb_reported_length_remaining(tvb, offset) > 3) {
1169 proto_tree_add_expert(btle_tree, pinfo, &ei_unknown_data, tvb, offset, tvb_reported_length_remaining(tvb, offset) - 3);
1170 offset += tvb_reported_length_remaining(tvb, offset) - 3;
1174 case 0x00: /* LL_CONNECTION_UPDATE_REQ */
1175 proto_tree_add_item(btle_tree, hf_control_window_size, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1178 proto_tree_add_item(btle_tree, hf_control_window_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1181 proto_tree_add_item(btle_tree, hf_control_interval, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1184 proto_tree_add_item(btle_tree, hf_control_latency, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1187 proto_tree_add_item(btle_tree, hf_control_timeout, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1190 proto_tree_add_item(btle_tree, hf_control_instant, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1194 case 0x01: /* LL_CHANNEL_MAP_REQ */
1195 sub_item = proto_tree_add_item(btle_tree, hf_control_channel_map, tvb, offset, 5, ENC_NA);
1196 sub_tree = proto_item_add_subtree(sub_item, ett_channel_map);
1198 call_dissector(btcommon_le_channel_map_handle, tvb_new_subset_length(tvb, offset, 5), pinfo, sub_tree);
1201 proto_tree_add_item(btle_tree, hf_control_instant, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1205 case 0x02: /* LL_TERMINATE_IND */
1206 case 0x0D: /* LL_REJECT_IND */
1207 proto_tree_add_item(btle_tree, hf_control_error_code, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1211 case 0x03: /* LL_ENC_REQ */
1212 proto_tree_add_item(btle_tree, hf_control_random_number, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1215 proto_tree_add_item(btle_tree, hf_control_encrypted_diversifier, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1218 proto_tree_add_item(btle_tree, hf_control_master_session_key_diversifier, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1221 proto_tree_add_item(btle_tree, hf_control_master_session_initialization_vector, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1225 case 0x04: /* LL_ENC_RSP */
1226 proto_tree_add_item(btle_tree, hf_control_slave_session_key_diversifier, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1229 proto_tree_add_item(btle_tree, hf_control_slave_session_initialization_vector, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1233 case 0x07: /* LL_UNKNOWN_RSP */
1234 proto_tree_add_item(btle_tree, hf_control_unknown_type, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1238 case 0x08: /* LL_FEATURE_REQ */
1239 case 0x09: /* LL_FEATURE_RSP */
1240 case 0x0E: /* LL_SLAVE_FEATURE_REQ */
1241 sub_item = proto_tree_add_item(btle_tree, hf_control_feature_set, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1242 sub_tree = proto_item_add_subtree(sub_item, ett_features);
1244 proto_tree_add_bitmask_list(sub_tree, tvb, offset, 1, hfx_control_feature_set_1, ENC_NA);
1247 proto_tree_add_bitmask_list(sub_tree, tvb, offset, 1, hfx_control_feature_set_2, ENC_NA);
1250 proto_tree_add_bitmask_list(sub_tree, tvb, offset, 1, hfx_control_feature_set_3, ENC_NA);
1253 proto_tree_add_item(sub_tree, hf_control_feature_set_reserved, tvb, offset, 5, ENC_NA);
1257 case 0x0C: /* LL_VERSION_IND */
1258 proto_tree_add_item(btle_tree, hf_control_version_number, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1261 proto_tree_add_item(btle_tree, hf_control_company_id, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1264 proto_tree_add_item(btle_tree, hf_control_subversion_number, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1268 case 0x0F: /* LL_CONNECTION_PARAM_REQ */
1269 case 0x10: /* LL_CONNECTION_PARAM_RSP */
1270 proto_tree_add_item(btle_tree, hf_control_interval_min, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1273 proto_tree_add_item(btle_tree, hf_control_interval_max, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1276 proto_tree_add_item(btle_tree, hf_control_latency, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1279 proto_tree_add_item(btle_tree, hf_control_timeout, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1282 proto_tree_add_item(btle_tree, hf_control_preffered_periodicity, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1285 proto_tree_add_item(btle_tree, hf_control_reference_connection_event_count, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1288 proto_tree_add_item(btle_tree, hf_control_offset_0, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1291 proto_tree_add_item(btle_tree, hf_control_offset_1, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1294 proto_tree_add_item(btle_tree, hf_control_offset_2, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1297 proto_tree_add_item(btle_tree, hf_control_offset_3, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1300 proto_tree_add_item(btle_tree, hf_control_offset_4, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1303 proto_tree_add_item(btle_tree, hf_control_offset_5, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1307 case 0x11: /* LL_REJECT_IND_EXT */
1308 proto_tree_add_item(btle_tree, hf_control_reject_opcode, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1311 proto_tree_add_item(btle_tree, hf_control_error_code, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1315 case 0x14: /* LL_LENGTH_REQ */
1316 case 0x15: /* LL_LENGTH_RSP */
1317 proto_tree_add_item(btle_tree, hf_control_max_rx_octets, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1320 proto_tree_add_item(btle_tree, hf_control_max_rx_time, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1323 proto_tree_add_item(btle_tree, hf_control_max_tx_octets, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1326 proto_tree_add_item(btle_tree, hf_control_max_tx_time, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1330 case 0x16: /* LL_PHY_REQ */
1331 case 0x17: /* LL_PYH_RSP */
1332 proto_tree_add_bitmask(btle_tree, tvb, offset, hf_control_tx_phys, ett_tx_phys, hfx_control_phys_sender, ENC_NA);
1335 proto_tree_add_bitmask(btle_tree, tvb, offset, hf_control_rx_phys, ett_rx_phys, hfx_control_phys_sender, ENC_NA);
1339 case 0x18: /* LL_PHY_UPDATE_IND */
1340 proto_tree_add_bitmask(btle_tree, tvb, offset, hf_control_m_to_s_phy, ett_m_to_s_phy, hfx_control_phys_update, ENC_NA);
1343 proto_tree_add_bitmask(btle_tree, tvb, offset, hf_control_s_to_m_phy, ett_s_to_m_phy, hfx_control_phys_update, ENC_NA);
1346 proto_tree_add_item(btle_tree, hf_control_instant, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1350 case 0x19: /* LL_MIN_USED_CHANNELS_IND */
1351 proto_tree_add_bitmask(btle_tree, tvb, offset, hf_control_phys, ett_phys, hfx_control_phys, ENC_NA);
1354 proto_tree_add_item(btle_tree, hf_control_min_used_channels, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1359 if (tvb_reported_length_remaining(tvb, offset) > 3) {
1360 proto_tree_add_expert(btle_tree, pinfo, &ei_unknown_data, tvb, offset, tvb_reported_length_remaining(tvb, offset) - 3);
1361 offset += tvb_reported_length_remaining(tvb, offset) - 3;
1367 if (tvb_reported_length_remaining(tvb, offset) > 3) {
1368 proto_tree_add_expert(btle_tree, pinfo, &ei_unknown_data, tvb, offset, tvb_reported_length_remaining(tvb, offset) - 3);
1369 offset += tvb_reported_length_remaining(tvb, offset) - 3;
1373 if (add_l2cap_index) {
1374 item = proto_tree_add_uint(btle_tree, hf_l2cap_index, tvb, 0, 0, btle_frame_info->l2cap_index);
1375 proto_item_set_generated(item);
1378 if ((crc_status == CRC_INDETERMINATE) &&
1379 btle_context && btle_context->connection_info_valid) {
1380 /* the surrounding context has provided CRCInit */
1381 crc_init = btle_context->connection_info.CRCInit;
1382 crc_status = CRC_CAN_BE_CALCULATED;
1386 /* BT spec Vol 6, Part B, Section 1.2: CRC is big endian and bits in byte are flipped */
1387 packet_crc = reverse_bits_per_byte(tvb_get_ntoh24(tvb, offset));
1388 sub_item = proto_tree_add_uint(btle_tree, hf_crc, tvb, offset, 3, packet_crc);
1390 if (crc_status == CRC_CAN_BE_CALCULATED) {
1391 guint32 crc = btle_crc(tvb, length, crc_init);
1392 crc_status = (packet_crc == crc) ? CRC_CORRECT : CRC_INCORRECT;
1394 switch(crc_status) {
1395 case CRC_INDETERMINATE:
1396 expert_add_info(pinfo, sub_item, &ei_crc_cannot_be_determined);
1399 expert_add_info(pinfo, sub_item, &ei_crc_incorrect);
1410 proto_register_btle(void)
1413 expert_module_t *expert_module;
1415 static hf_register_info hf[] = {
1416 { &hf_access_address,
1417 { "Access Address", "btle.access_address",
1418 FT_UINT32, BASE_HEX, NULL, 0x0,
1421 { &hf_master_bd_addr,
1422 { "Master Address", "btle.master_bd_addr",
1423 FT_ETHER, BASE_NONE, NULL, 0x0,
1426 { &hf_slave_bd_addr,
1427 { "Slave Address", "btle.slave_bd_addr",
1428 FT_ETHER, BASE_NONE, NULL, 0x0,
1432 { "Length", "btle.length",
1433 FT_UINT8, BASE_DEC, NULL, 0x0,
1436 { &hf_advertising_header,
1437 { "Packet Header", "btle.advertising_header",
1438 FT_UINT16, BASE_HEX, NULL, 0x0,
1441 { &hf_advertising_header_pdu_type,
1442 { "PDU Type", "btle.advertising_header.pdu_type",
1443 FT_UINT8, BASE_HEX | BASE_EXT_STRING, &pdu_type_vals_ext, 0x0F,
1446 { &hf_advertising_header_rfu_1,
1447 { "RFU", "btle.advertising_header.rfu.1",
1448 FT_UINT8, BASE_DEC, NULL, 0x10,
1449 "Reserved for Future Use", HFILL }
1451 { &hf_advertising_header_ch_sel,
1452 { "Channel Selection Algorithm", "btle.advertising_header.ch_sel",
1453 FT_BOOLEAN, 8, TFS(&tfs_ch_sel), 0x20,
1456 { &hf_advertising_header_randomized_tx,
1457 { "Tx Address", "btle.advertising_header.randomized_tx",
1458 FT_BOOLEAN, 8, TFS(&tfs_random_public), 0x40,
1461 { &hf_advertising_header_randomized_rx,
1462 { "Rx Address", "btle.advertising_header.randomized_rx",
1463 FT_BOOLEAN, 8, TFS(&tfs_random_public), 0x80,
1466 { &hf_advertising_header_reserved,
1467 { "Reserved", "btle.advertising_header.reserved",
1468 FT_BOOLEAN, 8, NULL, 0x80,
1471 { &hf_advertising_header_length,
1472 { "Length", "btle.advertising_header.length",
1473 FT_UINT8, BASE_DEC, NULL, 0x0,
1476 { &hf_advertising_address,
1477 { "Advertising Address", "btle.advertising_address",
1478 FT_ETHER, BASE_NONE, NULL, 0x0,
1481 { &hf_initiator_addresss,
1482 { "Initator Address", "btle.initiator_address",
1483 FT_ETHER, BASE_NONE, NULL, 0x0,
1486 { &hf_scanning_address,
1487 { "Scanning Address", "btle.scanning_address",
1488 FT_ETHER, BASE_NONE, NULL, 0x0,
1491 { &hf_scan_response_data,
1492 { "Scan Response Data", "btle.scan_responce_data",
1493 FT_BYTES, BASE_NONE, NULL, 0x0,
1496 { &hf_link_layer_data,
1497 { "Link Layer Data", "btle.link_layer_data",
1498 FT_NONE, BASE_NONE, NULL, 0x0,
1501 { &hf_link_layer_data_access_address,
1502 { "Access Address", "btle.link_layer_data.access_address",
1503 FT_UINT32, BASE_HEX, NULL, 0x0,
1506 { &hf_link_layer_data_crc_init,
1507 { "CRC Init", "btle.link_layer_data.crc_init",
1508 FT_UINT24, BASE_HEX, NULL, 0x0,
1511 { &hf_link_layer_data_window_size,
1512 { "Window Size", "btle.link_layer_data.window_size",
1513 FT_UINT8, BASE_DEC, NULL, 0x0,
1516 { &hf_link_layer_data_window_offset,
1517 { "Window Offset", "btle.link_layer_data.window_offset",
1518 FT_UINT16, BASE_DEC, NULL, 0x0,
1521 { &hf_link_layer_data_interval,
1522 { "Interval", "btle.link_layer_data.interval",
1523 FT_UINT16, BASE_DEC, NULL, 0x0,
1526 { &hf_link_layer_data_latency,
1527 { "Latency", "btle.link_layer_data.latency",
1528 FT_UINT16, BASE_DEC, NULL, 0x0,
1531 { &hf_link_layer_data_timeout,
1532 { "Timeout", "btle.link_layer_data.timeout",
1533 FT_UINT16, BASE_DEC, NULL, 0x0,
1536 { &hf_link_layer_data_channel_map,
1537 { "Channel Map", "btle.link_layer_data.channel_map",
1538 FT_BYTES, BASE_NONE, NULL, 0x0,
1541 { &hf_link_layer_data_hop,
1542 { "Hop", "btle.link_layer_data.hop",
1543 FT_UINT8, BASE_DEC, NULL, 0x1f,
1546 { &hf_link_layer_data_sleep_clock_accuracy,
1547 { "Sleep Clock Accuracy", "btle.link_layer_data.sleep_clock_accuracy",
1548 FT_UINT8, BASE_DEC | BASE_EXT_STRING, &sleep_clock_accuracy_vals_ext, 0xe0,
1552 { "Data Header", "btle.data_header",
1553 FT_UINT16, BASE_HEX, NULL, 0x0,
1556 { &hf_data_header_llid,
1557 { "LLID", "btle.data_header.llid",
1558 FT_UINT8, BASE_HEX | BASE_EXT_STRING, &llid_codes_vals_ext, 0x03,
1559 "Logical Link Identifier", HFILL }
1561 { &hf_data_header_next_expected_sequence_number,
1562 { "Next Expected Sequence Number", "btle.data_header.next_expected_sequence_number",
1563 FT_UINT8, BASE_DEC, NULL, 0x04,
1566 { &hf_data_header_sequence_number,
1567 { "Sequence Number", "btle.data_header.sequence_number",
1568 FT_UINT8, BASE_DEC, NULL, 0x08,
1571 { &hf_data_header_more_data,
1572 { "More Data", "btle.data_header.more_data",
1573 FT_BOOLEAN, 8, NULL, 0x10,
1576 { &hf_data_header_length,
1577 { "Length", "btle.data_header.length",
1578 FT_UINT8, BASE_DEC, NULL, 0x0,
1581 { &hf_data_header_rfu,
1582 { "RFU", "btle.data_header.rfu",
1583 FT_UINT8, BASE_DEC, NULL, 0xE0,
1584 "Reserved for Future Use", HFILL }
1586 { &hf_control_opcode,
1587 { "Control Opcode", "btle.control_opcode",
1588 FT_UINT8, BASE_HEX | BASE_EXT_STRING, &control_opcode_vals_ext, 0x0,
1591 { &hf_control_reject_opcode,
1592 { "Reject Opcode", "btle.control.reject_opcode",
1593 FT_UINT8, BASE_HEX | BASE_EXT_STRING, &control_opcode_vals_ext, 0x0,
1596 { &hf_control_unknown_type,
1597 { "Unknown Type", "btle.control.unknown_type",
1598 FT_UINT8, BASE_HEX | BASE_EXT_STRING, &control_opcode_vals_ext, 0x0,
1601 { &hf_control_error_code,
1602 { "Error Code", "btle.control.error_code",
1603 FT_UINT8, BASE_HEX | BASE_EXT_STRING, &bthci_cmd_status_vals_ext, 0x0,
1606 { &hf_control_version_number,
1607 { "Version Number", "btle.control.version_number",
1608 FT_UINT8, BASE_HEX | BASE_EXT_STRING, &ll_version_number_vals_ext, 0x0,
1611 { &hf_control_company_id,
1612 { "Company Id", "btle.control.company_id",
1613 FT_UINT8, BASE_HEX | BASE_EXT_STRING, &bluetooth_company_id_vals_ext, 0x0,
1616 { &hf_control_subversion_number,
1617 { "Subversion Number", "btle.control.subversion_number",
1618 FT_UINT16, BASE_HEX, NULL, 0x0,
1621 { &hf_control_feature_set,
1622 { "Feature Set", "btle.control.feature_set",
1623 FT_UINT64, BASE_HEX, NULL, 0x0,
1626 { &hf_control_feature_set_le_encryption,
1627 { "LE Encryption", "btle.control.feature_set.le_encryption",
1628 FT_BOOLEAN, 8, NULL, 0x01,
1631 { &hf_control_feature_set_connection_parameters_request_procedure,
1632 { "Connection Parameters Request Procedure", "btle.control.feature_set.connection_parameters_request_procedure",
1633 FT_BOOLEAN, 8, NULL, 0x02,
1636 { &hf_control_feature_set_extended_reject_indication,
1637 { "Extended Reject Indication", "btle.control.feature_set.extended_reject_indication",
1638 FT_BOOLEAN, 8, NULL, 0x04,
1641 { &hf_control_feature_set_slave_initiated_features_exchange,
1642 { "Slave Initiated Features Exchange", "btle.control.feature_set.slave_initiated_features_exchange",
1643 FT_BOOLEAN, 8, NULL, 0x08,
1646 { &hf_control_feature_set_le_ping,
1647 { "LE Ping", "btle.control.feature_set.le_ping",
1648 FT_BOOLEAN, 8, NULL, 0x10,
1651 { &hf_control_feature_set_le_pkt_len_ext,
1652 { "LE Data Packet Length Extension", "btle.control.feature_set.le_pkt_len_ext",
1653 FT_BOOLEAN, 8, NULL, 0x20,
1656 { &hf_control_feature_set_ll_privacy,
1657 { "LL Privacy", "btle.control.feature_set.le_privacy",
1658 FT_BOOLEAN, 8, NULL, 0x40,
1661 { &hf_control_feature_set_ext_scan_flt_pol,
1662 { "Extended Scanner Filter Policies", "btle.control.feature_set.ext_scan_flt_pol",
1663 FT_BOOLEAN, 8, NULL, 0x80,
1666 { &hf_control_feature_set_le_2m_phy,
1667 { "LE 2M PHY", "btle.control.feature_set.le_2m_phy",
1668 FT_BOOLEAN, 8, NULL, 0x01,
1671 { &hf_control_feature_set_stable_modulation_index_transmitter,
1672 { "Stable Modulation Index - Transmitter", "btle.control.feature_set.st_mod_idx_tx",
1673 FT_BOOLEAN, 8, NULL, 0x02,
1676 { &hf_control_feature_set_stable_modulation_index_receiver,
1677 { "Stable Modulation Index - Receiver", "btle.control.feature_set.st_mod_idx_rx",
1678 FT_BOOLEAN, 8, NULL, 0x04,
1681 { &hf_control_feature_set_le_coded_phy,
1682 { "LE Coded PHY", "btle.control.feature_set.le_coded_phy",
1683 FT_BOOLEAN, 8, NULL, 0x08,
1686 { &hf_control_feature_set_le_extended_advertising,
1687 { "LE Extended Advertising", "btle.control.feature_set.le_extended_adv",
1688 FT_BOOLEAN, 8, NULL, 0x10,
1691 { &hf_control_feature_set_le_periodic_advertising,
1692 { "LE Periodic Advertising", "btle.control.feature_set.periodic_adv",
1693 FT_BOOLEAN, 8, NULL, 0x20,
1696 { &hf_control_feature_set_channel_selection_algorithm_2,
1697 { "Channel Selection Algorithm #2", "btle.control.feature_set.ch_sel_2",
1698 FT_BOOLEAN, 8, NULL, 0x40,
1701 { &hf_control_feature_set_le_power_class_1,
1702 { "LE Power Class 1", "btle.control.feature_set.le_power_class_1",
1703 FT_BOOLEAN, 8, NULL, 0x80,
1706 { &hf_control_feature_set_minimum_number_of_used_channels_procedure,
1707 { "Minimum Number of Used Channels Procedure", "btle.control.feature_set.min_num_used_ch_proc",
1708 FT_BOOLEAN, 8, NULL, 0x01,
1711 { &hf_control_feature_set_reserved_bits,
1712 { "Reserved", "btle.control.feature_set.reserved_bits",
1713 FT_UINT8, BASE_DEC, NULL, 0xFE,
1716 { &hf_control_feature_set_reserved,
1717 { "Reserved", "btle.control.feature_set.reserved",
1718 FT_BYTES, BASE_NONE, NULL, 0x0,
1721 { &hf_control_window_size,
1722 { "Window Size", "btle.control.window_size",
1723 FT_UINT8, BASE_DEC, NULL, 0x0,
1726 { &hf_control_window_offset,
1727 { "Window Offset", "btle.control.window_offset",
1728 FT_UINT16, BASE_DEC, NULL, 0x0,
1731 { &hf_control_interval,
1732 { "Interval", "btle.control.interval",
1733 FT_UINT16, BASE_DEC, NULL, 0x0,
1736 { &hf_control_latency,
1737 { "Latency", "btle.control.latency",
1738 FT_UINT16, BASE_DEC, NULL, 0x0,
1741 { &hf_control_timeout,
1742 { "Timeout", "btle.control.timeout",
1743 FT_UINT16, BASE_DEC, NULL, 0x0,
1746 { &hf_control_instant,
1747 { "Instant", "btle.control.instant",
1748 FT_UINT16, BASE_DEC, NULL, 0x0,
1751 { &hf_control_interval_min,
1752 { "Interval Min", "btle.control.interval.min",
1753 FT_UINT16, BASE_DEC, NULL, 0x0,
1756 { &hf_control_interval_max,
1757 { "Interval Max", "btle.control.interval.max",
1758 FT_UINT16, BASE_DEC, NULL, 0x0,
1761 { &hf_control_preffered_periodicity,
1762 { "Preffered Periodicity", "btle.control.preffered_periodicity",
1763 FT_UINT8, BASE_DEC, NULL, 0x0,
1766 { &hf_control_reference_connection_event_count,
1767 { "Reference Connection Event Count","btle.control.reference_connection_event_count",
1768 FT_UINT16, BASE_DEC, NULL, 0x0,
1771 { &hf_control_offset_0,
1772 { "Offset 0", "btle.control.offset.0",
1773 FT_UINT16, BASE_DEC, NULL, 0x0,
1776 { &hf_control_offset_1,
1777 { "Offset 1", "btle.control.offset.1",
1778 FT_UINT16, BASE_DEC, NULL, 0x0,
1781 { &hf_control_offset_2,
1782 { "Offset 2", "btle.control.offset.2",
1783 FT_UINT16, BASE_DEC, NULL, 0x0,
1786 { &hf_control_offset_3,
1787 { "Offset 3", "btle.control.offset.3",
1788 FT_UINT16, BASE_DEC, NULL, 0x0,
1791 { &hf_control_offset_4,
1792 { "Offset 4", "btle.control.offset.4",
1793 FT_UINT16, BASE_DEC, NULL, 0x0,
1796 { &hf_control_offset_5,
1797 { "Offset 5", "btle.control.offset.5",
1798 FT_UINT16, BASE_DEC, NULL, 0x0,
1801 { &hf_control_channel_map,
1802 { "Channel Map", "btle.control.channel_map",
1803 FT_BYTES, BASE_NONE, NULL, 0x0,
1806 { &hf_control_random_number,
1807 { "Random Number", "btle.control.random_number",
1808 FT_UINT64, BASE_DEC_HEX, NULL, 0x0,
1811 { &hf_control_encrypted_diversifier,
1812 { "Encrypted Diversifier", "btle.control.encrypted_diversifier",
1813 FT_UINT16, BASE_DEC_HEX, NULL, 0x0,
1816 { &hf_control_master_session_key_diversifier,
1817 { "Master Session Key Diversifier", "btle.control.master_session_key_diversifier",
1818 FT_UINT64, BASE_DEC_HEX, NULL, 0x0,
1821 { &hf_control_slave_session_key_diversifier,
1822 { "Slave Session Key Diversifier", "btle.control.slave_session_key_diversifier",
1823 FT_UINT64, BASE_DEC_HEX, NULL, 0x0,
1826 { &hf_control_master_session_initialization_vector,
1827 { "Master Session Initialization Vector", "btle.control.master_session_initialization_vector",
1828 FT_UINT32, BASE_DEC_HEX, NULL, 0x0,
1831 { &hf_control_slave_session_initialization_vector,
1832 { "Slave Session Initialization Vector", "btle.control.slave_session_initialization_vector",
1833 FT_UINT64, BASE_DEC_HEX, NULL, 0x0,
1836 { &hf_control_max_rx_octets,
1837 { "Max RX octets", "btle.control.max_rx_octets",
1838 FT_UINT16, BASE_DEC, NULL, 0x0,
1841 { &hf_control_max_rx_time,
1842 { "Max RX time", "btle.control.max_rx_time",
1843 FT_UINT16, BASE_DEC|BASE_UNIT_STRING, &units_microsecond_microseconds, 0x0,
1846 { &hf_control_max_tx_octets,
1847 { "Max TX octets", "btle.control.max_tx_octets",
1848 FT_UINT16, BASE_DEC, NULL, 0x0,
1851 { &hf_control_max_tx_time,
1852 { "Max TX time", "btle.control.max_tx_time",
1853 FT_UINT16, BASE_DEC|BASE_UNIT_STRING, &units_microsecond_microseconds, 0x0,
1856 { &hf_control_phys_sender_le_1m_phy,
1857 { "Sender prefers to use the LE 1M PHY", "btle.control.phys.le_1m_phy",
1858 FT_BOOLEAN, 8, NULL, 0x01,
1861 { &hf_control_phys_sender_le_2m_phy,
1862 { "Sender prefers to use the LE 2M PHY", "btle.control.phys.le_2m_phy",
1863 FT_BOOLEAN, 8, NULL, 0x02,
1866 { &hf_control_phys_sender_le_coded_phy,
1867 { "Sender prefers to use the LE Coded PHY", "btle.control.phys.le_coded_phy",
1868 FT_BOOLEAN, 8, NULL, 0x04,
1871 { &hf_control_phys_update_le_1m_phy,
1872 { "The LE 1M PHY shall be used", "btle.control.phys.le_1m_phy",
1873 FT_BOOLEAN, 8, NULL, 0x01,
1876 { &hf_control_phys_update_le_2m_phy,
1877 { "The LE 2M PHY shall be used", "btle.control.phys.le_2m_phy",
1878 FT_BOOLEAN, 8, NULL, 0x02,
1881 { &hf_control_phys_update_le_coded_phy,
1882 { "The LE Coded PHY shall be used", "btle.control.phys.le_coded_phy",
1883 FT_BOOLEAN, 8, NULL, 0x04,
1886 { &hf_control_phys_reserved_bits,
1887 { "Reserved for future use", "btle.control.phys.reserved",
1888 FT_UINT8, BASE_DEC, NULL, 0xF8,
1891 { &hf_control_tx_phys,
1892 { "TX PHYs", "btle.control.tx_phys",
1893 FT_UINT8, BASE_HEX, NULL, 0x0,
1896 { &hf_control_rx_phys,
1897 { "RX PHYs", "btle.control.rx_phys",
1898 FT_UINT8, BASE_HEX, NULL, 0x0,
1901 { &hf_control_m_to_s_phy,
1902 { "Master to Slave PHY", "btle.control.m_to_s_phy",
1903 FT_UINT8, BASE_HEX, NULL, 0x0,
1906 { &hf_control_s_to_m_phy,
1907 { "Slave to Master PHY", "btle.control.s_to_m_phy",
1908 FT_UINT8, BASE_HEX, NULL, 0x0,
1912 { "PHYs", "btle.control.phys",
1913 FT_UINT8, BASE_HEX, NULL, 0x0,
1916 { &hf_control_phys_le_1m_phy,
1917 { "LE 1M PHY", "btle.control.phys.le_1m_phy",
1918 FT_BOOLEAN, 8, NULL, 0x01,
1921 { &hf_control_phys_le_2m_phy,
1922 { "LE 2M PHY", "btle.control.phys.le_2m_phy",
1923 FT_BOOLEAN, 8, NULL, 0x02,
1926 { &hf_control_phys_le_coded_phy,
1927 { "LE Coded PHY", "btle.control.phys.le_coded_phy",
1928 FT_BOOLEAN, 8, NULL, 0x04,
1931 { &hf_control_min_used_channels,
1932 { "Minimum Used Channels", "btle.control.min_used_channels",
1933 FT_UINT8, BASE_DEC, NULL, 0x0,
1937 { "L2CAP Index", "btle.l2cap_index",
1938 FT_UINT32, BASE_DEC, NULL, 0x0,
1941 { &hf_l2cap_fragment,
1942 { "L2CAP Fragment", "btle.l2cap_data",
1943 FT_NONE, BASE_NONE, NULL, 0x0,
1947 { "CRC", "btle.crc",
1948 FT_UINT24, BASE_HEX, NULL, 0x0,
1951 { &hf_btle_l2cap_msg_fragments,
1952 { "L2CAP fragments", "btle.l2cap.fragments",
1953 FT_NONE, BASE_NONE, NULL, 0x00,
1956 { &hf_btle_l2cap_msg_fragment,
1957 { "L2CAP fragment", "btle.l2cap.fragment",
1958 FT_FRAMENUM, BASE_NONE, NULL, 0x00,
1961 { &hf_btle_l2cap_msg_fragment_overlap,
1962 { "L2CAP fragment overlap", "btle.l2cap.fragment.overlap",
1963 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1966 { &hf_btle_l2cap_msg_fragment_overlap_conflicts,
1967 { "L2CAP fragment overlapping with conflicting data", "btle.l2cap.fragment.overlap.conflicts",
1968 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1971 { &hf_btle_l2cap_msg_fragment_multiple_tails,
1972 { "L2CAP has multiple tail fragments", "btle.l2cap.fragment.multiple_tails",
1973 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1976 { &hf_btle_l2cap_msg_fragment_too_long_fragment,
1977 { "L2CAP fragment too long", "btle.l2cap.fragment.too_long_fragment",
1978 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1981 { &hf_btle_l2cap_msg_fragment_error,
1982 { "L2CAP defragmentation error", "btle.l2cap.fragment.error",
1983 FT_FRAMENUM, BASE_NONE, NULL, 0x00,
1986 { &hf_btle_l2cap_msg_fragment_count,
1987 { "L2CAP fragment count", "btle.l2cap.fragment.count",
1988 FT_UINT32, BASE_DEC, NULL, 0x00,
1991 { &hf_btle_l2cap_msg_reassembled_in,
1992 { "Reassembled in", "btle.l2cap.reassembled.in",
1993 FT_FRAMENUM, BASE_NONE, NULL, 0x00,
1996 { &hf_btle_l2cap_msg_reassembled_length,
1997 { "Reassembled L2CAP length", "btle.l2cap.reassembled.length",
1998 FT_UINT32, BASE_DEC, NULL, 0x00,
2004 static ei_register_info ei[] = {
2006 { "btle.unknown_data", PI_PROTOCOL, PI_NOTE, "Unknown data", EXPFILL }},
2007 { &ei_access_address_matched,
2008 { "btle.access_address.matched", PI_PROTOCOL, PI_NOTE, "AccessAddress matched at capture", EXPFILL }},
2009 { &ei_access_address_bit_errors,
2010 { "btle.access_address.bit_errors", PI_PROTOCOL, PI_WARN, "AccessAddress has errors present at capture", EXPFILL }},
2011 { &ei_access_address_illegal,
2012 { "btle.access_address.illegal", PI_PROTOCOL, PI_ERROR, "AccessAddress has illegal value", EXPFILL }},
2013 { &ei_crc_cannot_be_determined,
2014 { "btle.crc.indeterminate", PI_CHECKSUM, PI_NOTE, "CRC unchecked, not all data available", EXPFILL }},
2015 { &ei_crc_incorrect,
2016 { "btle.crc.incorrect", PI_CHECKSUM, PI_WARN, "Incorrect CRC", EXPFILL }},
2017 { &ei_missing_fragment_start,
2018 { "btle.missing_fragment_start", PI_SEQUENCE, PI_WARN, "Missing Fragment Start", EXPFILL }},
2020 { "btle.retransmit", PI_SEQUENCE, PI_NOTE, "Retransmission", EXPFILL }},
2023 static gint *ett[] = {
2025 &ett_advertising_header,
2026 &ett_link_layer_data,
2035 &ett_scan_response_data,
2036 &ett_btle_l2cap_msg_fragment,
2037 &ett_btle_l2cap_msg_fragments
2040 connection_info_tree = wmem_tree_new_autoreset(wmem_epan_scope(), wmem_file_scope());
2042 proto_btle = proto_register_protocol("Bluetooth Low Energy Link Layer",
2043 "BT LE LL", "btle");
2044 btle_handle = register_dissector("btle", dissect_btle, proto_btle);
2046 proto_register_field_array(proto_btle, hf, array_length(hf));
2047 proto_register_subtree_array(ett, array_length(ett));
2049 expert_module = expert_register_protocol(proto_btle);
2050 expert_register_field_array(expert_module, ei, array_length(ei));
2052 module = prefs_register_protocol_subtree("Bluetooth", proto_btle, NULL);
2053 prefs_register_static_text_preference(module, "version",
2054 "Bluetooth LE LL version: 5.0 (Core)",
2055 "Version of protocol supported by this dissector.");
2057 prefs_register_bool_preference(module, "detect_retransmit",
2058 "Detect retransmission",
2059 "Detect retransmission based on SN (Sequence Number)",
2060 &btle_detect_retransmit);
2062 reassembly_table_register(&btle_l2cap_msg_reassembly_table,
2063 &addresses_reassembly_table_functions);
2065 register_init_routine(btle_init);
2069 proto_reg_handoff_btle(void)
2071 btcommon_ad_handle = find_dissector_add_dependency("btcommon.eir_ad.ad", proto_btle);
2072 btcommon_le_channel_map_handle = find_dissector_add_dependency("btcommon.le_channel_map", proto_btle);
2073 btl2cap_handle = find_dissector_add_dependency("btl2cap", proto_btle);
2075 proto_btle_rf = proto_get_id_by_filter_name("btle_rf");
2076 proto_nordic_ble = proto_get_id_by_filter_name("nordic_ble");
2078 dissector_add_uint("bluetooth.encap", WTAP_ENCAP_BLUETOOTH_LE_LL, btle_handle);
2082 * Editor modelines - https://www.wireshark.org/tools/modelines.html
2087 * indent-tabs-mode: nil
2090 * vi: set shiftwidth=4 tabstop=8 expandtab:
2091 * :indentSize=4:tabSize=8:noTabs=true:
git.samba.org / metze / wireshark / wip.git / blob