6 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 #include "file_wrappers.h"
33 * Symbian's btsnoop format is derived from Sun's snoop format.
34 * See RFC 1761 for a description of the "snoop" file format.
37 /* Magic number in "btsnoop" files. */
38 static const char btsnoop_magic[] = {
39 'b', 't', 's', 'n', 'o', 'o', 'p', '\0'
42 /* "btsnoop" file header (minus magic number). */
44 guint32 version; /* version number (should be 1) */
45 guint32 datalink; /* datalink type */
48 /* "btsnoop" record header. */
49 struct btsnooprec_hdr {
50 guint32 orig_len; /* actual length of packet */
51 guint32 incl_len; /* number of octets captured in file */
52 guint32 flags; /* packet flags */
53 guint32 cum_drops; /* cumulative number of dropped packets */
54 gint64 ts_usec; /* timestamp microseconds */
57 /* H1 is unframed data with the packet type encoded in the flags field of capture header */
58 /* It can be used for any datalink by placing logging above the datalink layer of HCI */
59 #define KHciLoggerDatalinkTypeH1 1001
60 /* H4 is the serial HCI with packet type encoded in the first byte of each packet */
61 #define KHciLoggerDatalinkTypeH4 1002
62 /* CSR's PPP derived bluecore serial protocol - in practice we log in H1 format after deframing */
63 #define KHciLoggerDatalinkTypeBCSP 1003
64 /* H5 is the official three wire serial protocol derived from BCSP*/
65 #define KHciLoggerDatalinkTypeH5 1004
67 #define KHciLoggerDatalinkLinuxMonitor 2001
68 /* BlueZ 5 Simulator */
69 #define KHciLoggerDatalinkBlueZ5Simulator 2002
71 #define KHciLoggerHostToController 0
72 #define KHciLoggerControllerToHost 0x00000001
73 #define KHciLoggerACLDataFrame 0
74 #define KHciLoggerCommandOrEvent 0x00000002
76 static const gint64 KUnixTimeBase = G_GINT64_CONSTANT(0x00dcddb30f2f8000); /* offset from symbian - unix time */
78 static gboolean btsnoop_read(wtap *wth, int *err, gchar **err_info,
80 static gboolean btsnoop_seek_read(wtap *wth, gint64 seek_off,
81 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
82 static gboolean btsnoop_read_record(wtap *wth, FILE_T fh,
83 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
85 int btsnoop_open(wtap *wth, int *err, gchar **err_info)
88 char magic[sizeof btsnoop_magic];
89 struct btsnoop_hdr hdr;
91 int file_encap=WTAP_ENCAP_UNKNOWN;
93 /* Read in the string that should be at the start of a "btsnoop" file */
94 errno = WTAP_ERR_CANT_READ;
95 bytes_read = file_read(magic, sizeof magic, wth->fh);
96 if (bytes_read != sizeof magic) {
97 *err = file_error(wth->fh, err_info);
98 if (*err != 0 && *err != WTAP_ERR_SHORT_READ)
103 if (memcmp(magic, btsnoop_magic, sizeof btsnoop_magic) != 0) {
107 /* Read the rest of the header. */
108 errno = WTAP_ERR_CANT_READ;
109 bytes_read = file_read(&hdr, sizeof hdr, wth->fh);
110 if (bytes_read != sizeof hdr) {
111 *err = file_error(wth->fh, err_info);
113 *err = WTAP_ERR_SHORT_READ;
118 * Make sure it's a version we support.
120 hdr.version = g_ntohl(hdr.version);
121 if (hdr.version != 1) {
122 *err = WTAP_ERR_UNSUPPORTED;
123 *err_info = g_strdup_printf("btsnoop: version %u unsupported", hdr.version);
127 hdr.datalink = g_ntohl(hdr.datalink);
128 switch (hdr.datalink) {
129 case KHciLoggerDatalinkTypeH1:
130 file_encap=WTAP_ENCAP_BLUETOOTH_HCI;
132 case KHciLoggerDatalinkTypeH4:
133 file_encap=WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR;
135 case KHciLoggerDatalinkTypeBCSP:
136 *err = WTAP_ERR_UNSUPPORTED;
137 *err_info = g_strdup_printf("btsnoop: BCSP capture logs unsupported");
139 case KHciLoggerDatalinkTypeH5:
140 *err = WTAP_ERR_UNSUPPORTED;
141 *err_info = g_strdup_printf("btsnoop: H5 capture logs unsupported");
143 case KHciLoggerDatalinkLinuxMonitor:
144 file_encap=WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR;
146 case KHciLoggerDatalinkBlueZ5Simulator:
147 *err = WTAP_ERR_UNSUPPORTED;
148 *err_info = g_strdup_printf("btsnoop: BlueZ 5 Simulator capture logs unsupported");
151 *err = WTAP_ERR_UNSUPPORTED;
152 *err_info = g_strdup_printf("btsnoop: datalink type %u unknown or unsupported", hdr.datalink);
156 wth->subtype_read = btsnoop_read;
157 wth->subtype_seek_read = btsnoop_seek_read;
158 wth->file_encap = file_encap;
159 wth->snapshot_length = 0; /* not available in header */
160 wth->tsprecision = WTAP_FILE_TSPREC_USEC;
161 wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_BTSNOOP;
165 static gboolean btsnoop_read(wtap *wth, int *err, gchar **err_info,
168 *data_offset = file_tell(wth->fh);
170 return btsnoop_read_record(wth, wth->fh, &wth->phdr, wth->frame_buffer,
174 static gboolean btsnoop_seek_read(wtap *wth, gint64 seek_off,
175 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
177 if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
180 return btsnoop_read_record(wth, wth->random_fh, phdr, buf, err, err_info);
183 static gboolean btsnoop_read_record(wtap *wth, FILE_T fh,
184 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
187 struct btsnooprec_hdr hdr;
193 /* Read record header. */
195 errno = WTAP_ERR_CANT_READ;
196 bytes_read = file_read(&hdr, sizeof hdr, fh);
197 if (bytes_read != sizeof hdr) {
198 *err = file_error(fh, err_info);
199 if (*err == 0 && bytes_read != 0)
200 *err = WTAP_ERR_SHORT_READ;
204 packet_size = g_ntohl(hdr.incl_len);
205 orig_size = g_ntohl(hdr.orig_len);
206 flags = g_ntohl(hdr.flags);
207 if (packet_size > WTAP_MAX_PACKET_SIZE) {
209 * Probably a corrupt capture file; don't blow up trying
210 * to allocate space for an immensely-large packet.
212 *err = WTAP_ERR_BAD_FILE;
213 *err_info = g_strdup_printf("btsnoop: File has %u-byte packet, bigger than maximum of %u",
214 packet_size, WTAP_MAX_PACKET_SIZE);
218 ts = GINT64_FROM_BE(hdr.ts_usec);
221 phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
222 phdr->ts.secs = (guint)(ts / 1000000);
223 phdr->ts.nsecs = (guint)((ts % 1000000) * 1000);
224 phdr->caplen = packet_size;
225 phdr->len = orig_size;
226 if(wth->file_encap == WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR)
228 phdr->pseudo_header.p2p.sent = (flags & KHciLoggerControllerToHost) ? FALSE : TRUE;
229 } else if(wth->file_encap == WTAP_ENCAP_BLUETOOTH_HCI) {
230 phdr->pseudo_header.bthci.sent = (flags & KHciLoggerControllerToHost) ? FALSE : TRUE;
231 if(flags & KHciLoggerCommandOrEvent)
233 if(phdr->pseudo_header.bthci.sent)
235 phdr->pseudo_header.bthci.channel = BTHCI_CHANNEL_COMMAND;
239 phdr->pseudo_header.bthci.channel = BTHCI_CHANNEL_EVENT;
244 phdr->pseudo_header.bthci.channel = BTHCI_CHANNEL_ACL;
246 } else if (wth->file_encap == WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR) {
247 phdr->pseudo_header.btmon.opcode = flags & 0xFFFF;
248 phdr->pseudo_header.btmon.adapter_id = flags >> 16;
252 /* Read packet data. */
253 return wtap_read_packet_bytes(fh, buf, phdr->caplen, err, err_info);
256 /* Returns 0 if we could write the specified encapsulation type,
257 an error indication otherwise. */
258 int btsnoop_dump_can_write_encap(int encap)
260 /* Per-packet encapsulations aren't supported. */
261 if (encap == WTAP_ENCAP_PER_PACKET)
262 return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
264 /* XXX - for now we only support WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR and WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR */
265 if (encap != WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR && encap != WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR)
266 return WTAP_ERR_UNSUPPORTED_ENCAP;
271 struct hci_flags_mapping
278 static const struct hci_flags_mapping hci_flags[] =
280 { 0x02, TRUE, KHciLoggerHostToController|KHciLoggerACLDataFrame }, /* HCI_H4_TYPE_ACL */
281 { 0x02, FALSE, KHciLoggerControllerToHost|KHciLoggerACLDataFrame }, /* HCI_H4_TYPE_ACL */
282 { 0x01, TRUE, KHciLoggerHostToController|KHciLoggerCommandOrEvent }, /* HCI_H4_TYPE_CMD */
283 { 0x04, FALSE, KHciLoggerControllerToHost|KHciLoggerCommandOrEvent }, /* HCI_H4_TYPE_EVT */
286 static guint8 btsnoop_lookup_flags(guint8 hci_type, gboolean sent, guint8 *flags)
290 for (i=0; i < G_N_ELEMENTS(hci_flags); ++i)
292 if (hci_flags[i].hci_type == hci_type &&
293 hci_flags[i].sent == sent)
295 *flags = hci_flags[i].flags;
302 static gboolean btsnoop_dump_partial_rec_hdr(wtap_dumper *wdh _U_,
303 const struct wtap_pkthdr *phdr,
304 const union wtap_pseudo_header *pseudo_header,
305 const guint8 *pd, int *err,
306 struct btsnooprec_hdr *rec_hdr)
312 if (!btsnoop_lookup_flags(*pd, pseudo_header->p2p.sent, &flags)) {
313 *err = WTAP_ERR_UNSUPPORTED;
317 nsecs = phdr->ts.nsecs;
318 ts_usec = ((gint64) phdr->ts.secs * 1000000) + (nsecs / 1000);
319 ts_usec += KUnixTimeBase;
321 rec_hdr->flags = GUINT32_TO_BE(flags);
322 rec_hdr->cum_drops = GUINT32_TO_BE(0);
323 rec_hdr->ts_usec = GINT64_TO_BE(ts_usec);
328 /* FIXME: How do we support multiple backends?*/
329 static gboolean btsnoop_dump_h1(wtap_dumper *wdh,
330 const struct wtap_pkthdr *phdr,
331 const guint8 *pd, int *err)
333 const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
334 struct btsnooprec_hdr rec_hdr;
337 * Don't write out anything bigger than we can read.
338 * (This will also fail on a caplen of 0, as it should.)
340 if (phdr->caplen-1 > WTAP_MAX_PACKET_SIZE) {
341 *err = WTAP_ERR_PACKET_TOO_LARGE;
345 if (!btsnoop_dump_partial_rec_hdr(wdh, phdr, pseudo_header, pd, err, &rec_hdr))
348 rec_hdr.incl_len = GUINT32_TO_BE(phdr->caplen-1);
349 rec_hdr.orig_len = GUINT32_TO_BE(phdr->len-1);
351 if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof rec_hdr, err))
354 wdh->bytes_dumped += sizeof rec_hdr;
356 /* Skip HCI packet type */
359 if (!wtap_dump_file_write(wdh, pd, phdr->caplen-1, err))
362 wdh->bytes_dumped += phdr->caplen-1;
367 static gboolean btsnoop_dump_h4(wtap_dumper *wdh,
368 const struct wtap_pkthdr *phdr,
369 const guint8 *pd, int *err)
371 const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
372 struct btsnooprec_hdr rec_hdr;
374 /* Don't write out anything bigger than we can read. */
375 if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
376 *err = WTAP_ERR_PACKET_TOO_LARGE;
380 if (!btsnoop_dump_partial_rec_hdr(wdh, phdr, pseudo_header, pd, err, &rec_hdr))
383 rec_hdr.incl_len = GUINT32_TO_BE(phdr->caplen);
384 rec_hdr.orig_len = GUINT32_TO_BE(phdr->len);
386 if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof rec_hdr, err))
389 wdh->bytes_dumped += sizeof rec_hdr;
391 if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
394 wdh->bytes_dumped += phdr->caplen;
399 /* FIXME: How do we support multiple backends?*/
400 gboolean btsnoop_dump_open_h1(wtap_dumper *wdh, int *err)
402 struct btsnoop_hdr file_hdr;
404 /* This is a libpcap file */
405 wdh->subtype_write = btsnoop_dump_h1;
406 wdh->subtype_close = NULL;
408 /* Write the file header. */
409 switch (wdh->file_type_subtype) {
411 case WTAP_FILE_TYPE_SUBTYPE_BTSNOOP:
412 wdh->tsprecision = WTAP_FILE_TSPREC_USEC;
416 /* We should never get here - our open routine
417 should only get called for the types above. */
418 *err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
422 if (!wtap_dump_file_write(wdh, btsnoop_magic, sizeof btsnoop_magic, err))
425 wdh->bytes_dumped += sizeof btsnoop_magic;
427 /* current "btsnoop" format is 1 */
428 file_hdr.version = GUINT32_TO_BE(1);
429 /* HCI type encoded in first byte */
430 file_hdr.datalink = GUINT32_TO_BE(KHciLoggerDatalinkTypeH1);
432 if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
435 wdh->bytes_dumped += sizeof file_hdr;
440 /* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
442 gboolean btsnoop_dump_open_h4(wtap_dumper *wdh, int *err)
444 struct btsnoop_hdr file_hdr;
446 /* This is a libpcap file */
447 wdh->subtype_write = btsnoop_dump_h4;
448 wdh->subtype_close = NULL;
450 /* Write the file header. */
451 switch (wdh->file_type_subtype) {
453 case WTAP_FILE_TYPE_SUBTYPE_BTSNOOP:
454 wdh->tsprecision = WTAP_FILE_TSPREC_USEC;
458 /* We should never get here - our open routine
459 should only get called for the types above. */
460 *err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
464 if (!wtap_dump_file_write(wdh, btsnoop_magic, sizeof btsnoop_magic, err))
467 wdh->bytes_dumped += sizeof btsnoop_magic;
469 /* current "btsnoop" format is 1 */
470 file_hdr.version = GUINT32_TO_BE(1);
471 /* HCI type encoded in first byte */
472 file_hdr.datalink = GUINT32_TO_BE(KHciLoggerDatalinkTypeH4);
474 if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
477 wdh->bytes_dumped += sizeof file_hdr;