3 * File format support for Rabbit Labs CAM Inspector files
4 * Copyright (c) 2013 by Martin Kaiser <martin@kaiser.cx>
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * SPDX-License-Identifier: GPL-2.0-or-later
14 /* CAM Inspector is a commercial log tool for DVB-CI
15 it stores recorded packets between a CI module and a DVB receiver,
16 using a proprietary file format
18 a CAM Inspector file consists of 16bit blocks
19 the first byte contains payload data,
20 the second byte contains a "transaction type"
22 we currently support the following transaction types
24 0x20 == data transfer from CI module to host
25 0x22 == host reads the lower byte of the size register
26 0x23 == host reads the higher byte of the size register
27 0x2A == host writes the lower byte of the size register
28 0x2B == host writes the higher byte of the size register
29 0x28 == data transfer from host to CI module
31 using these transaction types, we can identify and assemble data transfers
32 from the host to the CAM and vice versa
34 a host->module data transfer will use the following transactions
35 one 0x2A and one 0x2B transaction to write the 16bit size
36 <size> 0x28 transactions to transfer one byte at a time
37 this will be assembled into one packet
39 the module->host transfer is similar
41 a CAM Inspector file uses a 44-bit time counter to keep track of the
42 time. the counter is in units of 1us. a timestamp block in the file
43 updates a part of the global time counter. a timestamp contains a 2-bit
44 relative position within the time counter and an 11-bit value for
48 when we run into an error while assembling a data transfer, the
49 primary goal is to recover so that we can handle the next transfer
50 correctly (all files I used for testing contained errors where
51 apparently the logging hardware missed some bytes)
59 #include "file_wrappers.h"
64 #define TRANS_CAM_HOST 0x20
65 #define TRANS_READ_SIZE_LOW 0x22
66 #define TRANS_READ_SIZE_HIGH 0x23
67 #define TRANS_HOST_CAM 0x28
68 #define TRANS_WRITE_SIZE_LOW 0x2A
69 #define TRANS_WRITE_SIZE_HIGH 0x2B
71 #define IS_TRANS_SIZE(x) \
72 ((x)==TRANS_WRITE_SIZE_LOW || (x)==TRANS_WRITE_SIZE_HIGH || \
73 (x)==TRANS_READ_SIZE_LOW || (x)==TRANS_READ_SIZE_HIGH)
75 /* a block contains a timestamp if the upper three bits are 0 */
76 #define IS_TIMESTAMP(x) (((x) & 0xE0) == 0x00)
78 /* a timestamp consists of a 2-bit position, followed by an 11-bit value. */
79 #define TS_VALUE_SHIFT 11
80 #define TS_POS_MASK (0x3 << TS_VALUE_SHIFT)
81 #define TS_VALUE_MASK G_GUINT64_CONSTANT((1 << TS_VALUE_SHIFT) - 1)
90 #define RESET_STAT_VALS \
92 *dat_trans_type = 0x00; \
94 size_stat = SIZE_HAVE_NONE; \
97 #define SIZE_ADD_LOW \
98 { size_stat = (size_stat==SIZE_HAVE_HIGH ? SIZE_HAVE_ALL : SIZE_HAVE_LOW); }
100 #define SIZE_ADD_HIGH \
101 { size_stat = (size_stat==SIZE_HAVE_LOW ? SIZE_HAVE_ALL : SIZE_HAVE_HIGH); }
103 /* PCAP DVB-CI pseudo-header, see http://www.kaiser.cx/pcap-dvbci.html */
104 #define DVB_CI_PSEUDO_HDR_VER 0
105 #define DVB_CI_PSEUDO_HDR_LEN 4
106 #define DVB_CI_PSEUDO_HDR_CAM_TO_HOST 0xFF
107 #define DVB_CI_PSEUDO_HDR_HOST_TO_CAM 0xFE
110 /* Detect a camins file by looking at the blocks that access the 16bit
111 size register. The matching blocks to access the upper and lower 8bit
112 must be no further than 5 blocks apart.
113 A file may have errors that affect the size blocks. Therefore, we
114 read the entire file and require that we have much more valid pairs
116 static gboolean detect_camins_file(FILE_T fh)
121 guint8 search_block = 0;
122 guint8 gap_count = 0;
123 guint32 valid_pairs = 0, invalid_pairs = 0;
125 while (wtap_read_bytes(fh, block, sizeof(block), &err, &err_info)) {
126 if (err == WTAP_ERR_SHORT_READ)
129 if (search_block != 0) {
130 /* We're searching for a matching block to complete the pair. */
132 if (block[1] == search_block) {
138 /* We didn't find it. */
141 /* Give up the search, we have no pair. */
148 /* We're not searching for a matching block at the moment.
149 If we see a size read/write block of one type, the matching
150 block is the the other type and we can start searching. */
152 if (block[1] == TRANS_READ_SIZE_LOW) {
153 search_block = TRANS_READ_SIZE_HIGH;
156 else if (block[1] == TRANS_READ_SIZE_HIGH) {
157 search_block = TRANS_READ_SIZE_LOW;
160 else if (block[1] == TRANS_WRITE_SIZE_LOW) {
161 search_block = TRANS_WRITE_SIZE_HIGH;
164 else if (block[1] == TRANS_WRITE_SIZE_HIGH) {
165 search_block = TRANS_WRITE_SIZE_LOW;
171 /* For valid_pairs == invalid_pairs == 0, this isn't a camins file.
172 Don't change > into >= */
173 if (valid_pairs > 10 * invalid_pairs)
180 /* update the current time counter with infos from a timestamp block */
181 static void process_timestamp(guint16 timestamp, guint64 *time_us)
189 val = timestamp & TS_VALUE_MASK;
190 pos = (timestamp & TS_POS_MASK) >> TS_VALUE_SHIFT;
191 shift = TS_VALUE_SHIFT * pos;
193 *time_us &= ~(TS_VALUE_MASK << shift);
194 *time_us |= (val << shift);
198 /* find the transaction type for the data bytes of the next packet
199 and the number of data bytes in that packet
200 the fd is moved such that it can be used in a subsequent call
202 if requested by the caller, we increment the time counter as we
203 walk through the file */
205 find_next_pkt_info(FILE_T fh,
206 guint8 *dat_trans_type, /* transaction type used for the data bytes */
207 guint16 *dat_len, /* the number of data bytes in the packet */
209 int *err, gchar **err_info)
212 size_read_t size_stat;
214 if (!dat_trans_type || !dat_len)
220 if (!wtap_read_bytes_or_eof(fh, block, sizeof(block), err, err_info)) {
225 /* our strategy is to continue reading until we have a high and a
226 low size byte for the same direction, duplicates or spurious data
230 case TRANS_READ_SIZE_LOW:
231 if (*dat_trans_type != TRANS_CAM_HOST)
233 *dat_trans_type = TRANS_CAM_HOST;
234 *dat_len |= block[0];
237 case TRANS_READ_SIZE_HIGH:
238 if (*dat_trans_type != TRANS_CAM_HOST)
240 *dat_trans_type = TRANS_CAM_HOST;
241 *dat_len |= (block[0] << 8);
244 case TRANS_WRITE_SIZE_LOW:
245 if (*dat_trans_type != TRANS_HOST_CAM)
247 *dat_trans_type = TRANS_HOST_CAM;
248 *dat_len |= block[0];
251 case TRANS_WRITE_SIZE_HIGH:
252 if (*dat_trans_type != TRANS_HOST_CAM)
254 *dat_trans_type = TRANS_HOST_CAM;
255 *dat_len |= (block[0] << 8);
259 if (IS_TIMESTAMP(block[1]))
260 process_timestamp(pletoh16(block), time_us);
263 } while (size_stat != SIZE_HAVE_ALL);
269 /* buffer allocated by the caller, must be long enough to hold
270 dat_len bytes, ... */
272 read_packet_data(FILE_T fh, guint8 dat_trans_type, guint8 *buf, guint16 dat_len,
273 guint64 *time_us, int *err, gchar **err_info)
277 guint16 bytes_count = 0;
282 /* we're not checking for end-of-file here, we read as many bytes as
283 we can get (up to dat_len) and return those
284 end-of-file will be detected when we search for the next packet */
287 while (bytes_count < dat_len) {
288 if (!wtap_read_bytes_or_eof(fh, block, sizeof(block), err, err_info))
291 if (block[1] == dat_trans_type) {
295 else if (IS_TIMESTAMP(block[1])) {
296 process_timestamp(pletoh16(block), time_us);
298 else if (IS_TRANS_SIZE(block[1])) {
299 /* go back before the size transaction block
300 the next packet should be able to pick up this block */
301 if (-1 == file_seek(fh, -(gint64)sizeof(block), SEEK_CUR, err))
311 /* create a DVB-CI pseudo header
312 return its length or -1 for error */
314 create_pseudo_hdr(guint8 *buf, guint8 dat_trans_type, guint16 dat_len)
319 buf[0] = DVB_CI_PSEUDO_HDR_VER;
321 if (dat_trans_type==TRANS_CAM_HOST)
322 buf[1] = DVB_CI_PSEUDO_HDR_CAM_TO_HOST;
323 else if (dat_trans_type==TRANS_HOST_CAM)
324 buf[1] = DVB_CI_PSEUDO_HDR_HOST_TO_CAM;
328 buf[2] = (dat_len>>8) & 0xFF;
329 buf[3] = dat_len & 0xFF;
331 return DVB_CI_PSEUDO_HDR_LEN;
336 camins_read_packet(FILE_T fh, wtap_rec *rec, Buffer *buf,
337 guint64 *time_us, int *err, gchar **err_info)
339 guint8 dat_trans_type;
342 gint offset, bytes_read;
344 if (!find_next_pkt_info(
345 fh, &dat_trans_type, &dat_len, time_us, err, err_info))
348 * The maximum value of length is 65535, which, even after
349 * DVB_CI_PSEUDO_HDR_LEN is added to it, is less than
350 * WTAP_MAX_PACKET_SIZE_STANDARD will ever be, so we don't need to check
354 ws_buffer_assure_space(buf, DVB_CI_PSEUDO_HDR_LEN+dat_len);
355 p = ws_buffer_start_ptr(buf);
356 /* NULL check for p is done in create_pseudo_hdr() */
357 offset = create_pseudo_hdr(p, dat_trans_type, dat_len);
359 /* shouldn't happen, all invalid packets must be detected by
360 find_next_pkt_info() */
361 *err = WTAP_ERR_INTERNAL;
365 bytes_read = read_packet_data(fh, dat_trans_type,
366 &p[offset], dat_len, time_us, err, err_info);
367 /* 0<=bytes_read<=dat_len is very likely a corrupted packet
368 we let the dissector handle this */
371 offset += bytes_read;
373 rec->rec_type = REC_TYPE_PACKET;
374 rec->rec_header.packet_header.pkt_encap = WTAP_ENCAP_DVBCI;
376 rec->presence_flags = WTAP_HAS_TS;
377 rec->ts.secs = (time_t)(*time_us / (1000 * 1000));
378 rec->ts.nsecs = (int)(*time_us % (1000 *1000) * 1000);
380 rec->rec_header.packet_header.caplen = offset;
381 rec->rec_header.packet_header.len = offset;
388 camins_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
390 *data_offset = file_tell(wth->fh);
392 return camins_read_packet(wth->fh, &wth->rec, wth->rec_data,
393 (guint64 *)(wth->priv), err, err_info);
398 camins_seek_read(wtap *wth, gint64 seek_off, wtap_rec *rec, Buffer *buf,
399 int *err, gchar **err_info)
401 if (-1 == file_seek(wth->random_fh, seek_off, SEEK_SET, err))
404 return camins_read_packet(wth->random_fh, rec, buf, NULL, err, err_info);
408 wtap_open_return_val camins_open(wtap *wth, int *err, gchar **err_info _U_)
410 if (!detect_camins_file(wth->fh))
411 return WTAP_OPEN_NOT_MINE; /* no CAM Inspector file */
413 /* rewind the fh so we re-read from the beginning */
414 if (-1 == file_seek(wth->fh, 0, SEEK_SET, err))
415 return WTAP_OPEN_ERROR;
417 wth->file_encap = WTAP_ENCAP_DVBCI;
418 wth->snapshot_length = 0;
419 wth->file_tsprec = WTAP_TSPREC_USEC;
421 /* wth->priv stores a pointer to the global time counter. we update
422 it as we go through the file sequentially. */
423 wth->priv = g_malloc0(sizeof(guint64));
425 wth->subtype_read = camins_read;
426 wth->subtype_seek_read = camins_seek_read;
427 wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_CAMINS;
430 return WTAP_OPEN_MINE;
435 * Editor modelines - http://www.wireshark.org/tools/modelines.html
440 * indent-tabs-mode: nil
443 * vi: set shiftwidth=4 tabstop=8 expandtab:
444 * :indentSize=4:tabSize=8:noTabs=true: