4 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
6 * SPDX-License-Identifier: GPL-2.0-or-later
13 #include "file_wrappers.h"
17 * Symbian's btsnoop format is derived from Sun's snoop format.
18 * See RFC 1761 for a description of the "snoop" file format.
21 /* Magic number in "btsnoop" files. */
22 static const char btsnoop_magic[] = {
23 'b', 't', 's', 'n', 'o', 'o', 'p', '\0'
26 /* "btsnoop" file header (minus magic number). */
28 guint32 version; /* version number (should be 1) */
29 guint32 datalink; /* datalink type */
32 /* "btsnoop" record header. */
33 struct btsnooprec_hdr {
34 guint32 orig_len; /* actual length of packet */
35 guint32 incl_len; /* number of octets captured in file */
36 guint32 flags; /* packet flags */
37 guint32 cum_drops; /* cumulative number of dropped packets */
38 gint64 ts_usec; /* timestamp microseconds */
41 /* H1 is unframed data with the packet type encoded in the flags field of capture header */
42 /* It can be used for any datalink by placing logging above the datalink layer of HCI */
43 #define KHciLoggerDatalinkTypeH1 1001
44 /* H4 is the serial HCI with packet type encoded in the first byte of each packet */
45 #define KHciLoggerDatalinkTypeH4 1002
46 /* CSR's PPP derived bluecore serial protocol - in practice we log in H1 format after deframing */
47 #define KHciLoggerDatalinkTypeBCSP 1003
48 /* H5 is the official three wire serial protocol derived from BCSP*/
49 #define KHciLoggerDatalinkTypeH5 1004
51 #define KHciLoggerDatalinkLinuxMonitor 2001
52 /* BlueZ 5 Simulator */
53 #define KHciLoggerDatalinkBlueZ5Simulator 2002
55 #define KHciLoggerHostToController 0
56 #define KHciLoggerControllerToHost 0x00000001
57 #define KHciLoggerACLDataFrame 0
58 #define KHciLoggerCommandOrEvent 0x00000002
60 static const gint64 KUnixTimeBase = G_GINT64_CONSTANT(0x00dcddb30f2f8000); /* offset from symbian - unix time */
62 static gboolean btsnoop_read(wtap *wth, int *err, gchar **err_info,
64 static gboolean btsnoop_seek_read(wtap *wth, gint64 seek_off,
65 wtap_rec *rec, Buffer *buf, int *err, gchar **err_info);
66 static gboolean btsnoop_read_record(wtap *wth, FILE_T fh,
67 wtap_rec *rec, Buffer *buf, int *err, gchar **err_info);
69 wtap_open_return_val btsnoop_open(wtap *wth, int *err, gchar **err_info)
71 char magic[sizeof btsnoop_magic];
72 struct btsnoop_hdr hdr;
74 int file_encap=WTAP_ENCAP_UNKNOWN;
76 /* Read in the string that should be at the start of a "btsnoop" file */
77 if (!wtap_read_bytes(wth->fh, magic, sizeof magic, err, err_info)) {
78 if (*err != WTAP_ERR_SHORT_READ)
79 return WTAP_OPEN_ERROR;
80 return WTAP_OPEN_NOT_MINE;
83 if (memcmp(magic, btsnoop_magic, sizeof btsnoop_magic) != 0) {
84 return WTAP_OPEN_NOT_MINE;
87 /* Read the rest of the header. */
88 if (!wtap_read_bytes(wth->fh, &hdr, sizeof hdr, err, err_info))
89 return WTAP_OPEN_ERROR;
92 * Make sure it's a version we support.
94 hdr.version = g_ntohl(hdr.version);
95 if (hdr.version != 1) {
96 *err = WTAP_ERR_UNSUPPORTED;
97 *err_info = g_strdup_printf("btsnoop: version %u unsupported", hdr.version);
98 return WTAP_OPEN_ERROR;
101 hdr.datalink = g_ntohl(hdr.datalink);
102 switch (hdr.datalink) {
103 case KHciLoggerDatalinkTypeH1:
104 file_encap=WTAP_ENCAP_BLUETOOTH_HCI;
106 case KHciLoggerDatalinkTypeH4:
107 file_encap=WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR;
109 case KHciLoggerDatalinkTypeBCSP:
110 *err = WTAP_ERR_UNSUPPORTED;
111 *err_info = g_strdup("btsnoop: BCSP capture logs unsupported");
112 return WTAP_OPEN_ERROR;
113 case KHciLoggerDatalinkTypeH5:
114 *err = WTAP_ERR_UNSUPPORTED;
115 *err_info = g_strdup("btsnoop: H5 capture logs unsupported");
116 return WTAP_OPEN_ERROR;
117 case KHciLoggerDatalinkLinuxMonitor:
118 file_encap=WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR;
120 case KHciLoggerDatalinkBlueZ5Simulator:
121 *err = WTAP_ERR_UNSUPPORTED;
122 *err_info = g_strdup("btsnoop: BlueZ 5 Simulator capture logs unsupported");
123 return WTAP_OPEN_ERROR;
125 *err = WTAP_ERR_UNSUPPORTED;
126 *err_info = g_strdup_printf("btsnoop: datalink type %u unknown or unsupported", hdr.datalink);
127 return WTAP_OPEN_ERROR;
130 wth->subtype_read = btsnoop_read;
131 wth->subtype_seek_read = btsnoop_seek_read;
132 wth->file_encap = file_encap;
133 wth->snapshot_length = 0; /* not available in header */
134 wth->file_tsprec = WTAP_TSPREC_USEC;
135 wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_BTSNOOP;
136 return WTAP_OPEN_MINE;
139 static gboolean btsnoop_read(wtap *wth, int *err, gchar **err_info,
142 *data_offset = file_tell(wth->fh);
144 return btsnoop_read_record(wth, wth->fh, &wth->rec, wth->rec_data,
148 static gboolean btsnoop_seek_read(wtap *wth, gint64 seek_off,
149 wtap_rec *rec, Buffer *buf, int *err, gchar **err_info)
151 if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
154 return btsnoop_read_record(wth, wth->random_fh, rec, buf, err, err_info);
157 static gboolean btsnoop_read_record(wtap *wth, FILE_T fh,
158 wtap_rec *rec, Buffer *buf, int *err, gchar **err_info)
160 struct btsnooprec_hdr hdr;
166 /* Read record header. */
168 if (!wtap_read_bytes_or_eof(fh, &hdr, sizeof hdr, err, err_info))
171 packet_size = g_ntohl(hdr.incl_len);
172 orig_size = g_ntohl(hdr.orig_len);
173 flags = g_ntohl(hdr.flags);
174 if (packet_size > WTAP_MAX_PACKET_SIZE_STANDARD) {
176 * Probably a corrupt capture file; don't blow up trying
177 * to allocate space for an immensely-large packet.
179 *err = WTAP_ERR_BAD_FILE;
180 *err_info = g_strdup_printf("btsnoop: File has %u-byte packet, bigger than maximum of %u",
181 packet_size, WTAP_MAX_PACKET_SIZE_STANDARD);
185 ts = GINT64_FROM_BE(hdr.ts_usec);
188 rec->rec_type = REC_TYPE_PACKET;
189 rec->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
190 rec->ts.secs = (guint)(ts / 1000000);
191 rec->ts.nsecs = (guint)((ts % 1000000) * 1000);
192 rec->rec_header.packet_header.caplen = packet_size;
193 rec->rec_header.packet_header.len = orig_size;
194 if(wth->file_encap == WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR)
196 rec->rec_header.packet_header.pseudo_header.p2p.sent = (flags & KHciLoggerControllerToHost) ? FALSE : TRUE;
197 } else if(wth->file_encap == WTAP_ENCAP_BLUETOOTH_HCI) {
198 rec->rec_header.packet_header.pseudo_header.bthci.sent = (flags & KHciLoggerControllerToHost) ? FALSE : TRUE;
199 if(flags & KHciLoggerCommandOrEvent)
201 if(rec->rec_header.packet_header.pseudo_header.bthci.sent)
203 rec->rec_header.packet_header.pseudo_header.bthci.channel = BTHCI_CHANNEL_COMMAND;
207 rec->rec_header.packet_header.pseudo_header.bthci.channel = BTHCI_CHANNEL_EVENT;
212 rec->rec_header.packet_header.pseudo_header.bthci.channel = BTHCI_CHANNEL_ACL;
214 } else if (wth->file_encap == WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR) {
215 rec->rec_header.packet_header.pseudo_header.btmon.opcode = flags & 0xFFFF;
216 rec->rec_header.packet_header.pseudo_header.btmon.adapter_id = flags >> 16;
220 /* Read packet data. */
221 return wtap_read_packet_bytes(fh, buf, rec->rec_header.packet_header.caplen, err, err_info);
224 /* Returns 0 if we could write the specified encapsulation type,
225 an error indication otherwise. */
226 int btsnoop_dump_can_write_encap(int encap)
228 /* Per-packet encapsulations aren't supported. */
229 if (encap == WTAP_ENCAP_PER_PACKET)
230 return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
232 /* XXX - for now we only support WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR and WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR */
233 if (encap != WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR && encap != WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR)
234 return WTAP_ERR_UNWRITABLE_ENCAP;
239 struct hci_flags_mapping
246 static const struct hci_flags_mapping hci_flags[] =
248 { 0x02, TRUE, KHciLoggerHostToController|KHciLoggerACLDataFrame }, /* HCI_H4_TYPE_ACL */
249 { 0x02, FALSE, KHciLoggerControllerToHost|KHciLoggerACLDataFrame }, /* HCI_H4_TYPE_ACL */
250 { 0x01, TRUE, KHciLoggerHostToController|KHciLoggerCommandOrEvent }, /* HCI_H4_TYPE_CMD */
251 { 0x04, FALSE, KHciLoggerControllerToHost|KHciLoggerCommandOrEvent }, /* HCI_H4_TYPE_EVT */
254 static guint8 btsnoop_lookup_flags(guint8 hci_type, gboolean sent, guint8 *flags)
258 for (i=0; i < G_N_ELEMENTS(hci_flags); ++i)
260 if (hci_flags[i].hci_type == hci_type &&
261 hci_flags[i].sent == sent)
263 *flags = hci_flags[i].flags;
270 static gboolean btsnoop_format_partial_rec_hdr(
272 const union wtap_pseudo_header *pseudo_header,
273 const guint8 *pd, int *err, gchar **err_info,
274 struct btsnooprec_hdr *rec_hdr)
280 if (!btsnoop_lookup_flags(*pd, pseudo_header->p2p.sent, &flags)) {
281 *err = WTAP_ERR_UNWRITABLE_REC_DATA;
282 *err_info = g_strdup_printf("btsnoop: hci_type 0x%02x for %s data isn't supported",
284 pseudo_header->p2p.sent ? "sent" : "received");
288 nsecs = rec->ts.nsecs;
289 ts_usec = ((gint64) rec->ts.secs * 1000000) + (nsecs / 1000);
290 ts_usec += KUnixTimeBase;
292 rec_hdr->flags = GUINT32_TO_BE(flags);
293 rec_hdr->cum_drops = GUINT32_TO_BE(0);
294 rec_hdr->ts_usec = GINT64_TO_BE(ts_usec);
299 /* FIXME: How do we support multiple backends?*/
300 static gboolean btsnoop_dump_h1(wtap_dumper *wdh,
302 const guint8 *pd, int *err, gchar **err_info)
304 const union wtap_pseudo_header *pseudo_header = &rec->rec_header.packet_header.pseudo_header;
305 struct btsnooprec_hdr rec_hdr;
307 /* We can only write packet records. */
308 if (rec->rec_type != REC_TYPE_PACKET) {
309 *err = WTAP_ERR_UNWRITABLE_REC_TYPE;
314 * Don't write out anything bigger than we can read.
315 * (This will also fail on a caplen of 0, as it should.)
317 if (rec->rec_header.packet_header.caplen-1 > WTAP_MAX_PACKET_SIZE_STANDARD) {
318 *err = WTAP_ERR_PACKET_TOO_LARGE;
322 if (!btsnoop_format_partial_rec_hdr(rec, pseudo_header, pd, err, err_info,
326 rec_hdr.incl_len = GUINT32_TO_BE(rec->rec_header.packet_header.caplen-1);
327 rec_hdr.orig_len = GUINT32_TO_BE(rec->rec_header.packet_header.len-1);
329 if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof rec_hdr, err))
332 wdh->bytes_dumped += sizeof rec_hdr;
334 /* Skip HCI packet type */
337 if (!wtap_dump_file_write(wdh, pd, rec->rec_header.packet_header.caplen-1, err))
340 wdh->bytes_dumped += rec->rec_header.packet_header.caplen-1;
345 static gboolean btsnoop_dump_h4(wtap_dumper *wdh,
347 const guint8 *pd, int *err, gchar **err_info)
349 const union wtap_pseudo_header *pseudo_header = &rec->rec_header.packet_header.pseudo_header;
350 struct btsnooprec_hdr rec_hdr;
352 /* We can only write packet records. */
353 if (rec->rec_type != REC_TYPE_PACKET) {
354 *err = WTAP_ERR_UNWRITABLE_REC_TYPE;
358 /* Don't write out anything bigger than we can read. */
359 if (rec->rec_header.packet_header.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
360 *err = WTAP_ERR_PACKET_TOO_LARGE;
364 if (!btsnoop_format_partial_rec_hdr(rec, pseudo_header, pd, err, err_info,
368 rec_hdr.incl_len = GUINT32_TO_BE(rec->rec_header.packet_header.caplen);
369 rec_hdr.orig_len = GUINT32_TO_BE(rec->rec_header.packet_header.len);
371 if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof rec_hdr, err))
374 wdh->bytes_dumped += sizeof rec_hdr;
376 if (!wtap_dump_file_write(wdh, pd, rec->rec_header.packet_header.caplen, err))
379 wdh->bytes_dumped += rec->rec_header.packet_header.caplen;
384 /* FIXME: How do we support multiple backends?*/
385 gboolean btsnoop_dump_open_h1(wtap_dumper *wdh, int *err)
387 struct btsnoop_hdr file_hdr;
389 /* This is a btsnoop file */
390 wdh->subtype_write = btsnoop_dump_h1;
392 /* Write the file header. */
393 if (!wtap_dump_file_write(wdh, btsnoop_magic, sizeof btsnoop_magic, err))
396 wdh->bytes_dumped += sizeof btsnoop_magic;
398 /* current "btsnoop" format is 1 */
399 file_hdr.version = GUINT32_TO_BE(1);
400 /* HCI type encoded in first byte */
401 file_hdr.datalink = GUINT32_TO_BE(KHciLoggerDatalinkTypeH1);
403 if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
406 wdh->bytes_dumped += sizeof file_hdr;
411 /* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
413 gboolean btsnoop_dump_open_h4(wtap_dumper *wdh, int *err)
415 struct btsnoop_hdr file_hdr;
417 /* This is a btsnoop file */
418 wdh->subtype_write = btsnoop_dump_h4;
420 /* Write the file header. */
421 if (!wtap_dump_file_write(wdh, btsnoop_magic, sizeof btsnoop_magic, err))
424 wdh->bytes_dumped += sizeof btsnoop_magic;
426 /* current "btsnoop" format is 1 */
427 file_hdr.version = GUINT32_TO_BE(1);
428 /* HCI type encoded in first byte */
429 file_hdr.datalink = GUINT32_TO_BE(KHciLoggerDatalinkTypeH4);
431 if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
434 wdh->bytes_dumped += sizeof file_hdr;
440 * Editor modelines - http://www.wireshark.org/tools/modelines.html
445 * indent-tabs-mode: nil
448 * vi: set shiftwidth=4 tabstop=8 expandtab:
449 * :indentSize=4:tabSize=8:noTabs=true: