4 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "file_wrappers.h"
26 #include <wsutil/buffer.h>
31 * Symbian's btsnoop format is derived from Sun's snoop format.
32 * See RFC 1761 for a description of the "snoop" file format.
35 /* Magic number in "btsnoop" files. */
36 static const char btsnoop_magic[] = {
37 'b', 't', 's', 'n', 'o', 'o', 'p', '\0'
40 /* "btsnoop" file header (minus magic number). */
42 guint32 version; /* version number (should be 1) */
43 guint32 datalink; /* datalink type */
46 /* "btsnoop" record header. */
47 struct btsnooprec_hdr {
48 guint32 orig_len; /* actual length of packet */
49 guint32 incl_len; /* number of octets captured in file */
50 guint32 flags; /* packet flags */
51 guint32 cum_drops; /* cumulative number of dropped packets */
52 gint64 ts_usec; /* timestamp microseconds */
55 /* H1 is unframed data with the packet type encoded in the flags field of capture header */
56 /* It can be used for any datalink by placing logging above the datalink layer of HCI */
57 #define KHciLoggerDatalinkTypeH1 1001
58 /* H4 is the serial HCI with packet type encoded in the first byte of each packet */
59 #define KHciLoggerDatalinkTypeH4 1002
60 /* CSR's PPP derived bluecore serial protocol - in practice we log in H1 format after deframing */
61 #define KHciLoggerDatalinkTypeBCSP 1003
62 /* H5 is the official three wire serial protocol derived from BCSP*/
63 #define KHciLoggerDatalinkTypeH5 1004
65 #define KHciLoggerDatalinkLinuxMonitor 2001
66 /* BlueZ 5 Simulator */
67 #define KHciLoggerDatalinkBlueZ5Simulator 2002
69 #define KHciLoggerHostToController 0
70 #define KHciLoggerControllerToHost 0x00000001
71 #define KHciLoggerACLDataFrame 0
72 #define KHciLoggerCommandOrEvent 0x00000002
74 static const gint64 KUnixTimeBase = G_GINT64_CONSTANT(0x00dcddb30f2f8000); /* offset from symbian - unix time */
76 static gboolean btsnoop_read(wtap *wth, int *err, gchar **err_info,
78 static gboolean btsnoop_seek_read(wtap *wth, gint64 seek_off,
79 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
80 static gboolean btsnoop_read_record(wtap *wth, FILE_T fh,
81 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
83 int btsnoop_open(wtap *wth, int *err, gchar **err_info)
85 char magic[sizeof btsnoop_magic];
86 struct btsnoop_hdr hdr;
88 int file_encap=WTAP_ENCAP_UNKNOWN;
90 /* Read in the string that should be at the start of a "btsnoop" file */
91 if (!wtap_read_bytes(wth->fh, magic, sizeof magic, err, err_info)) {
92 if (*err != WTAP_ERR_SHORT_READ)
97 if (memcmp(magic, btsnoop_magic, sizeof btsnoop_magic) != 0) {
101 /* Read the rest of the header. */
102 if (!wtap_read_bytes(wth->fh, &hdr, sizeof hdr, err, err_info))
106 * Make sure it's a version we support.
108 hdr.version = g_ntohl(hdr.version);
109 if (hdr.version != 1) {
110 *err = WTAP_ERR_UNSUPPORTED;
111 *err_info = g_strdup_printf("btsnoop: version %u unsupported", hdr.version);
115 hdr.datalink = g_ntohl(hdr.datalink);
116 switch (hdr.datalink) {
117 case KHciLoggerDatalinkTypeH1:
118 file_encap=WTAP_ENCAP_BLUETOOTH_HCI;
120 case KHciLoggerDatalinkTypeH4:
121 file_encap=WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR;
123 case KHciLoggerDatalinkTypeBCSP:
124 *err = WTAP_ERR_UNSUPPORTED;
125 *err_info = g_strdup_printf("btsnoop: BCSP capture logs unsupported");
127 case KHciLoggerDatalinkTypeH5:
128 *err = WTAP_ERR_UNSUPPORTED;
129 *err_info = g_strdup_printf("btsnoop: H5 capture logs unsupported");
131 case KHciLoggerDatalinkLinuxMonitor:
132 file_encap=WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR;
134 case KHciLoggerDatalinkBlueZ5Simulator:
135 *err = WTAP_ERR_UNSUPPORTED;
136 *err_info = g_strdup_printf("btsnoop: BlueZ 5 Simulator capture logs unsupported");
139 *err = WTAP_ERR_UNSUPPORTED;
140 *err_info = g_strdup_printf("btsnoop: datalink type %u unknown or unsupported", hdr.datalink);
144 wth->subtype_read = btsnoop_read;
145 wth->subtype_seek_read = btsnoop_seek_read;
146 wth->file_encap = file_encap;
147 wth->snapshot_length = 0; /* not available in header */
148 wth->file_tsprec = WTAP_TSPREC_USEC;
149 wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_BTSNOOP;
153 static gboolean btsnoop_read(wtap *wth, int *err, gchar **err_info,
156 *data_offset = file_tell(wth->fh);
158 return btsnoop_read_record(wth, wth->fh, &wth->phdr, wth->frame_buffer,
162 static gboolean btsnoop_seek_read(wtap *wth, gint64 seek_off,
163 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
165 if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
168 return btsnoop_read_record(wth, wth->random_fh, phdr, buf, err, err_info);
171 static gboolean btsnoop_read_record(wtap *wth, FILE_T fh,
172 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
174 struct btsnooprec_hdr hdr;
180 /* Read record header. */
182 if (!wtap_read_bytes_or_eof(fh, &hdr, sizeof hdr, err, err_info))
185 packet_size = g_ntohl(hdr.incl_len);
186 orig_size = g_ntohl(hdr.orig_len);
187 flags = g_ntohl(hdr.flags);
188 if (packet_size > WTAP_MAX_PACKET_SIZE) {
190 * Probably a corrupt capture file; don't blow up trying
191 * to allocate space for an immensely-large packet.
193 *err = WTAP_ERR_BAD_FILE;
194 *err_info = g_strdup_printf("btsnoop: File has %u-byte packet, bigger than maximum of %u",
195 packet_size, WTAP_MAX_PACKET_SIZE);
199 ts = GINT64_FROM_BE(hdr.ts_usec);
202 phdr->rec_type = REC_TYPE_PACKET;
203 phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
204 phdr->ts.secs = (guint)(ts / 1000000);
205 phdr->ts.nsecs = (guint)((ts % 1000000) * 1000);
206 phdr->caplen = packet_size;
207 phdr->len = orig_size;
208 if(wth->file_encap == WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR)
210 phdr->pseudo_header.p2p.sent = (flags & KHciLoggerControllerToHost) ? FALSE : TRUE;
211 } else if(wth->file_encap == WTAP_ENCAP_BLUETOOTH_HCI) {
212 phdr->pseudo_header.bthci.sent = (flags & KHciLoggerControllerToHost) ? FALSE : TRUE;
213 if(flags & KHciLoggerCommandOrEvent)
215 if(phdr->pseudo_header.bthci.sent)
217 phdr->pseudo_header.bthci.channel = BTHCI_CHANNEL_COMMAND;
221 phdr->pseudo_header.bthci.channel = BTHCI_CHANNEL_EVENT;
226 phdr->pseudo_header.bthci.channel = BTHCI_CHANNEL_ACL;
228 } else if (wth->file_encap == WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR) {
229 phdr->pseudo_header.btmon.opcode = flags & 0xFFFF;
230 phdr->pseudo_header.btmon.adapter_id = flags >> 16;
234 /* Read packet data. */
235 return wtap_read_packet_bytes(fh, buf, phdr->caplen, err, err_info);
238 /* Returns 0 if we could write the specified encapsulation type,
239 an error indication otherwise. */
240 int btsnoop_dump_can_write_encap(int encap)
242 /* Per-packet encapsulations aren't supported. */
243 if (encap == WTAP_ENCAP_PER_PACKET)
244 return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
246 /* XXX - for now we only support WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR and WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR */
247 if (encap != WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR && encap != WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR)
248 return WTAP_ERR_UNSUPPORTED_ENCAP;
253 struct hci_flags_mapping
260 static const struct hci_flags_mapping hci_flags[] =
262 { 0x02, TRUE, KHciLoggerHostToController|KHciLoggerACLDataFrame }, /* HCI_H4_TYPE_ACL */
263 { 0x02, FALSE, KHciLoggerControllerToHost|KHciLoggerACLDataFrame }, /* HCI_H4_TYPE_ACL */
264 { 0x01, TRUE, KHciLoggerHostToController|KHciLoggerCommandOrEvent }, /* HCI_H4_TYPE_CMD */
265 { 0x04, FALSE, KHciLoggerControllerToHost|KHciLoggerCommandOrEvent }, /* HCI_H4_TYPE_EVT */
268 static guint8 btsnoop_lookup_flags(guint8 hci_type, gboolean sent, guint8 *flags)
272 for (i=0; i < G_N_ELEMENTS(hci_flags); ++i)
274 if (hci_flags[i].hci_type == hci_type &&
275 hci_flags[i].sent == sent)
277 *flags = hci_flags[i].flags;
284 static gboolean btsnoop_dump_partial_rec_hdr(wtap_dumper *wdh _U_,
285 const struct wtap_pkthdr *phdr,
286 const union wtap_pseudo_header *pseudo_header,
287 const guint8 *pd, int *err,
288 struct btsnooprec_hdr *rec_hdr)
294 if (!btsnoop_lookup_flags(*pd, pseudo_header->p2p.sent, &flags)) {
295 *err = WTAP_ERR_UNSUPPORTED;
299 nsecs = phdr->ts.nsecs;
300 ts_usec = ((gint64) phdr->ts.secs * 1000000) + (nsecs / 1000);
301 ts_usec += KUnixTimeBase;
303 rec_hdr->flags = GUINT32_TO_BE(flags);
304 rec_hdr->cum_drops = GUINT32_TO_BE(0);
305 rec_hdr->ts_usec = GINT64_TO_BE(ts_usec);
310 /* FIXME: How do we support multiple backends?*/
311 static gboolean btsnoop_dump_h1(wtap_dumper *wdh,
312 const struct wtap_pkthdr *phdr,
313 const guint8 *pd, int *err)
315 const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
316 struct btsnooprec_hdr rec_hdr;
318 /* We can only write packet records. */
319 if (phdr->rec_type != REC_TYPE_PACKET) {
320 *err = WTAP_ERR_REC_TYPE_UNSUPPORTED;
325 * Don't write out anything bigger than we can read.
326 * (This will also fail on a caplen of 0, as it should.)
328 if (phdr->caplen-1 > WTAP_MAX_PACKET_SIZE) {
329 *err = WTAP_ERR_PACKET_TOO_LARGE;
333 if (!btsnoop_dump_partial_rec_hdr(wdh, phdr, pseudo_header, pd, err, &rec_hdr))
336 rec_hdr.incl_len = GUINT32_TO_BE(phdr->caplen-1);
337 rec_hdr.orig_len = GUINT32_TO_BE(phdr->len-1);
339 if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof rec_hdr, err))
342 wdh->bytes_dumped += sizeof rec_hdr;
344 /* Skip HCI packet type */
347 if (!wtap_dump_file_write(wdh, pd, phdr->caplen-1, err))
350 wdh->bytes_dumped += phdr->caplen-1;
355 static gboolean btsnoop_dump_h4(wtap_dumper *wdh,
356 const struct wtap_pkthdr *phdr,
357 const guint8 *pd, int *err)
359 const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
360 struct btsnooprec_hdr rec_hdr;
362 /* We can only write packet records. */
363 if (phdr->rec_type != REC_TYPE_PACKET) {
364 *err = WTAP_ERR_REC_TYPE_UNSUPPORTED;
368 /* Don't write out anything bigger than we can read. */
369 if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
370 *err = WTAP_ERR_PACKET_TOO_LARGE;
374 if (!btsnoop_dump_partial_rec_hdr(wdh, phdr, pseudo_header, pd, err, &rec_hdr))
377 rec_hdr.incl_len = GUINT32_TO_BE(phdr->caplen);
378 rec_hdr.orig_len = GUINT32_TO_BE(phdr->len);
380 if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof rec_hdr, err))
383 wdh->bytes_dumped += sizeof rec_hdr;
385 if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
388 wdh->bytes_dumped += phdr->caplen;
393 /* FIXME: How do we support multiple backends?*/
394 gboolean btsnoop_dump_open_h1(wtap_dumper *wdh, int *err)
396 struct btsnoop_hdr file_hdr;
398 /* This is a libpcap file */
399 wdh->subtype_write = btsnoop_dump_h1;
400 wdh->subtype_close = NULL;
402 /* Write the file header. */
403 switch (wdh->file_type_subtype) {
405 case WTAP_FILE_TYPE_SUBTYPE_BTSNOOP:
406 wdh->tsprecision = WTAP_TSPREC_USEC;
410 /* We should never get here - our open routine
411 should only get called for the types above. */
412 *err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
416 if (!wtap_dump_file_write(wdh, btsnoop_magic, sizeof btsnoop_magic, err))
419 wdh->bytes_dumped += sizeof btsnoop_magic;
421 /* current "btsnoop" format is 1 */
422 file_hdr.version = GUINT32_TO_BE(1);
423 /* HCI type encoded in first byte */
424 file_hdr.datalink = GUINT32_TO_BE(KHciLoggerDatalinkTypeH1);
426 if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
429 wdh->bytes_dumped += sizeof file_hdr;
434 /* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
436 gboolean btsnoop_dump_open_h4(wtap_dumper *wdh, int *err)
438 struct btsnoop_hdr file_hdr;
440 /* This is a libpcap file */
441 wdh->subtype_write = btsnoop_dump_h4;
442 wdh->subtype_close = NULL;
444 /* Write the file header. */
445 switch (wdh->file_type_subtype) {
447 case WTAP_FILE_TYPE_SUBTYPE_BTSNOOP:
448 wdh->tsprecision = WTAP_TSPREC_USEC;
452 /* We should never get here - our open routine
453 should only get called for the types above. */
454 *err = WTAP_ERR_UNSUPPORTED_FILE_TYPE;
458 if (!wtap_dump_file_write(wdh, btsnoop_magic, sizeof btsnoop_magic, err))
461 wdh->bytes_dumped += sizeof btsnoop_magic;
463 /* current "btsnoop" format is 1 */
464 file_hdr.version = GUINT32_TO_BE(1);
465 /* HCI type encoded in first byte */
466 file_hdr.datalink = GUINT32_TO_BE(KHciLoggerDatalinkTypeH4);
468 if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
471 wdh->bytes_dumped += sizeof file_hdr;