4 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "file_wrappers.h"
29 * Symbian's btsnoop format is derived from Sun's snoop format.
30 * See RFC 1761 for a description of the "snoop" file format.
33 /* Magic number in "btsnoop" files. */
34 static const char btsnoop_magic[] = {
35 'b', 't', 's', 'n', 'o', 'o', 'p', '\0'
38 /* "btsnoop" file header (minus magic number). */
40 guint32 version; /* version number (should be 1) */
41 guint32 datalink; /* datalink type */
44 /* "btsnoop" record header. */
45 struct btsnooprec_hdr {
46 guint32 orig_len; /* actual length of packet */
47 guint32 incl_len; /* number of octets captured in file */
48 guint32 flags; /* packet flags */
49 guint32 cum_drops; /* cumulative number of dropped packets */
50 gint64 ts_usec; /* timestamp microseconds */
53 /* H1 is unframed data with the packet type encoded in the flags field of capture header */
54 /* It can be used for any datalink by placing logging above the datalink layer of HCI */
55 #define KHciLoggerDatalinkTypeH1 1001
56 /* H4 is the serial HCI with packet type encoded in the first byte of each packet */
57 #define KHciLoggerDatalinkTypeH4 1002
58 /* CSR's PPP derived bluecore serial protocol - in practice we log in H1 format after deframing */
59 #define KHciLoggerDatalinkTypeBCSP 1003
60 /* H5 is the official three wire serial protocol derived from BCSP*/
61 #define KHciLoggerDatalinkTypeH5 1004
63 #define KHciLoggerDatalinkLinuxMonitor 2001
64 /* BlueZ 5 Simulator */
65 #define KHciLoggerDatalinkBlueZ5Simulator 2002
67 #define KHciLoggerHostToController 0
68 #define KHciLoggerControllerToHost 0x00000001
69 #define KHciLoggerACLDataFrame 0
70 #define KHciLoggerCommandOrEvent 0x00000002
72 static const gint64 KUnixTimeBase = G_GINT64_CONSTANT(0x00dcddb30f2f8000); /* offset from symbian - unix time */
74 static gboolean btsnoop_read(wtap *wth, int *err, gchar **err_info,
76 static gboolean btsnoop_seek_read(wtap *wth, gint64 seek_off,
77 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
78 static gboolean btsnoop_read_record(wtap *wth, FILE_T fh,
79 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
81 wtap_open_return_val btsnoop_open(wtap *wth, int *err, gchar **err_info)
83 char magic[sizeof btsnoop_magic];
84 struct btsnoop_hdr hdr;
86 int file_encap=WTAP_ENCAP_UNKNOWN;
88 /* Read in the string that should be at the start of a "btsnoop" file */
89 if (!wtap_read_bytes(wth->fh, magic, sizeof magic, err, err_info)) {
90 if (*err != WTAP_ERR_SHORT_READ)
91 return WTAP_OPEN_ERROR;
92 return WTAP_OPEN_NOT_MINE;
95 if (memcmp(magic, btsnoop_magic, sizeof btsnoop_magic) != 0) {
96 return WTAP_OPEN_NOT_MINE;
99 /* Read the rest of the header. */
100 if (!wtap_read_bytes(wth->fh, &hdr, sizeof hdr, err, err_info))
101 return WTAP_OPEN_ERROR;
104 * Make sure it's a version we support.
106 hdr.version = g_ntohl(hdr.version);
107 if (hdr.version != 1) {
108 *err = WTAP_ERR_UNSUPPORTED;
109 *err_info = g_strdup_printf("btsnoop: version %u unsupported", hdr.version);
110 return WTAP_OPEN_ERROR;
113 hdr.datalink = g_ntohl(hdr.datalink);
114 switch (hdr.datalink) {
115 case KHciLoggerDatalinkTypeH1:
116 file_encap=WTAP_ENCAP_BLUETOOTH_HCI;
118 case KHciLoggerDatalinkTypeH4:
119 file_encap=WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR;
121 case KHciLoggerDatalinkTypeBCSP:
122 *err = WTAP_ERR_UNSUPPORTED;
123 *err_info = g_strdup_printf("btsnoop: BCSP capture logs unsupported");
124 return WTAP_OPEN_ERROR;
125 case KHciLoggerDatalinkTypeH5:
126 *err = WTAP_ERR_UNSUPPORTED;
127 *err_info = g_strdup_printf("btsnoop: H5 capture logs unsupported");
128 return WTAP_OPEN_ERROR;
129 case KHciLoggerDatalinkLinuxMonitor:
130 file_encap=WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR;
132 case KHciLoggerDatalinkBlueZ5Simulator:
133 *err = WTAP_ERR_UNSUPPORTED;
134 *err_info = g_strdup_printf("btsnoop: BlueZ 5 Simulator capture logs unsupported");
135 return WTAP_OPEN_ERROR;
137 *err = WTAP_ERR_UNSUPPORTED;
138 *err_info = g_strdup_printf("btsnoop: datalink type %u unknown or unsupported", hdr.datalink);
139 return WTAP_OPEN_ERROR;
142 wth->subtype_read = btsnoop_read;
143 wth->subtype_seek_read = btsnoop_seek_read;
144 wth->file_encap = file_encap;
145 wth->snapshot_length = 0; /* not available in header */
146 wth->file_tsprec = WTAP_TSPREC_USEC;
147 wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_BTSNOOP;
148 return WTAP_OPEN_MINE;
151 static gboolean btsnoop_read(wtap *wth, int *err, gchar **err_info,
154 *data_offset = file_tell(wth->fh);
156 return btsnoop_read_record(wth, wth->fh, &wth->phdr, wth->frame_buffer,
160 static gboolean btsnoop_seek_read(wtap *wth, gint64 seek_off,
161 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
163 if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
166 return btsnoop_read_record(wth, wth->random_fh, phdr, buf, err, err_info);
169 static gboolean btsnoop_read_record(wtap *wth, FILE_T fh,
170 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
172 struct btsnooprec_hdr hdr;
178 /* Read record header. */
180 if (!wtap_read_bytes_or_eof(fh, &hdr, sizeof hdr, err, err_info))
183 packet_size = g_ntohl(hdr.incl_len);
184 orig_size = g_ntohl(hdr.orig_len);
185 flags = g_ntohl(hdr.flags);
186 if (packet_size > WTAP_MAX_PACKET_SIZE) {
188 * Probably a corrupt capture file; don't blow up trying
189 * to allocate space for an immensely-large packet.
191 *err = WTAP_ERR_BAD_FILE;
192 *err_info = g_strdup_printf("btsnoop: File has %u-byte packet, bigger than maximum of %u",
193 packet_size, WTAP_MAX_PACKET_SIZE);
197 ts = GINT64_FROM_BE(hdr.ts_usec);
200 phdr->rec_type = REC_TYPE_PACKET;
201 phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
202 phdr->ts.secs = (guint)(ts / 1000000);
203 phdr->ts.nsecs = (guint)((ts % 1000000) * 1000);
204 phdr->caplen = packet_size;
205 phdr->len = orig_size;
206 if(wth->file_encap == WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR)
208 phdr->pseudo_header.p2p.sent = (flags & KHciLoggerControllerToHost) ? FALSE : TRUE;
209 } else if(wth->file_encap == WTAP_ENCAP_BLUETOOTH_HCI) {
210 phdr->pseudo_header.bthci.sent = (flags & KHciLoggerControllerToHost) ? FALSE : TRUE;
211 if(flags & KHciLoggerCommandOrEvent)
213 if(phdr->pseudo_header.bthci.sent)
215 phdr->pseudo_header.bthci.channel = BTHCI_CHANNEL_COMMAND;
219 phdr->pseudo_header.bthci.channel = BTHCI_CHANNEL_EVENT;
224 phdr->pseudo_header.bthci.channel = BTHCI_CHANNEL_ACL;
226 } else if (wth->file_encap == WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR) {
227 phdr->pseudo_header.btmon.opcode = flags & 0xFFFF;
228 phdr->pseudo_header.btmon.adapter_id = flags >> 16;
232 /* Read packet data. */
233 return wtap_read_packet_bytes(fh, buf, phdr->caplen, err, err_info);
236 /* Returns 0 if we could write the specified encapsulation type,
237 an error indication otherwise. */
238 int btsnoop_dump_can_write_encap(int encap)
240 /* Per-packet encapsulations aren't supported. */
241 if (encap == WTAP_ENCAP_PER_PACKET)
242 return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
244 /* XXX - for now we only support WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR and WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR */
245 if (encap != WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR && encap != WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR)
246 return WTAP_ERR_UNWRITABLE_ENCAP;
251 struct hci_flags_mapping
258 static const struct hci_flags_mapping hci_flags[] =
260 { 0x02, TRUE, KHciLoggerHostToController|KHciLoggerACLDataFrame }, /* HCI_H4_TYPE_ACL */
261 { 0x02, FALSE, KHciLoggerControllerToHost|KHciLoggerACLDataFrame }, /* HCI_H4_TYPE_ACL */
262 { 0x01, TRUE, KHciLoggerHostToController|KHciLoggerCommandOrEvent }, /* HCI_H4_TYPE_CMD */
263 { 0x04, FALSE, KHciLoggerControllerToHost|KHciLoggerCommandOrEvent }, /* HCI_H4_TYPE_EVT */
266 static guint8 btsnoop_lookup_flags(guint8 hci_type, gboolean sent, guint8 *flags)
270 for (i=0; i < G_N_ELEMENTS(hci_flags); ++i)
272 if (hci_flags[i].hci_type == hci_type &&
273 hci_flags[i].sent == sent)
275 *flags = hci_flags[i].flags;
282 static gboolean btsnoop_format_partial_rec_hdr(
283 const struct wtap_pkthdr *phdr,
284 const union wtap_pseudo_header *pseudo_header,
285 const guint8 *pd, int *err, gchar **err_info,
286 struct btsnooprec_hdr *rec_hdr)
292 if (!btsnoop_lookup_flags(*pd, pseudo_header->p2p.sent, &flags)) {
293 *err = WTAP_ERR_UNWRITABLE_REC_DATA;
294 *err_info = g_strdup_printf("btsnoop: hci_type 0x%02x for %s data isn't supported",
296 pseudo_header->p2p.sent ? "sent" : "received");
300 nsecs = phdr->ts.nsecs;
301 ts_usec = ((gint64) phdr->ts.secs * 1000000) + (nsecs / 1000);
302 ts_usec += KUnixTimeBase;
304 rec_hdr->flags = GUINT32_TO_BE(flags);
305 rec_hdr->cum_drops = GUINT32_TO_BE(0);
306 rec_hdr->ts_usec = GINT64_TO_BE(ts_usec);
311 /* FIXME: How do we support multiple backends?*/
312 static gboolean btsnoop_dump_h1(wtap_dumper *wdh,
313 const struct wtap_pkthdr *phdr,
314 const guint8 *pd, int *err, gchar **err_info)
316 const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
317 struct btsnooprec_hdr rec_hdr;
319 /* We can only write packet records. */
320 if (phdr->rec_type != REC_TYPE_PACKET) {
321 *err = WTAP_ERR_UNWRITABLE_REC_TYPE;
326 * Don't write out anything bigger than we can read.
327 * (This will also fail on a caplen of 0, as it should.)
329 if (phdr->caplen-1 > WTAP_MAX_PACKET_SIZE) {
330 *err = WTAP_ERR_PACKET_TOO_LARGE;
334 if (!btsnoop_format_partial_rec_hdr(phdr, pseudo_header, pd, err, err_info,
338 rec_hdr.incl_len = GUINT32_TO_BE(phdr->caplen-1);
339 rec_hdr.orig_len = GUINT32_TO_BE(phdr->len-1);
341 if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof rec_hdr, err))
344 wdh->bytes_dumped += sizeof rec_hdr;
346 /* Skip HCI packet type */
349 if (!wtap_dump_file_write(wdh, pd, phdr->caplen-1, err))
352 wdh->bytes_dumped += phdr->caplen-1;
357 static gboolean btsnoop_dump_h4(wtap_dumper *wdh,
358 const struct wtap_pkthdr *phdr,
359 const guint8 *pd, int *err, gchar **err_info)
361 const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header;
362 struct btsnooprec_hdr rec_hdr;
364 /* We can only write packet records. */
365 if (phdr->rec_type != REC_TYPE_PACKET) {
366 *err = WTAP_ERR_UNWRITABLE_REC_TYPE;
370 /* Don't write out anything bigger than we can read. */
371 if (phdr->caplen > WTAP_MAX_PACKET_SIZE) {
372 *err = WTAP_ERR_PACKET_TOO_LARGE;
376 if (!btsnoop_format_partial_rec_hdr(phdr, pseudo_header, pd, err, err_info,
380 rec_hdr.incl_len = GUINT32_TO_BE(phdr->caplen);
381 rec_hdr.orig_len = GUINT32_TO_BE(phdr->len);
383 if (!wtap_dump_file_write(wdh, &rec_hdr, sizeof rec_hdr, err))
386 wdh->bytes_dumped += sizeof rec_hdr;
388 if (!wtap_dump_file_write(wdh, pd, phdr->caplen, err))
391 wdh->bytes_dumped += phdr->caplen;
396 /* FIXME: How do we support multiple backends?*/
397 gboolean btsnoop_dump_open_h1(wtap_dumper *wdh, int *err)
399 struct btsnoop_hdr file_hdr;
401 /* This is a btsnoop file */
402 wdh->subtype_write = btsnoop_dump_h1;
404 /* Write the file header. */
405 switch (wdh->file_type_subtype) {
407 case WTAP_FILE_TYPE_SUBTYPE_BTSNOOP:
408 wdh->tsprecision = WTAP_TSPREC_USEC;
412 /* We should never get here - our open routine
413 should only get called for the types above. */
414 *err = WTAP_ERR_UNWRITABLE_FILE_TYPE;
418 if (!wtap_dump_file_write(wdh, btsnoop_magic, sizeof btsnoop_magic, err))
421 wdh->bytes_dumped += sizeof btsnoop_magic;
423 /* current "btsnoop" format is 1 */
424 file_hdr.version = GUINT32_TO_BE(1);
425 /* HCI type encoded in first byte */
426 file_hdr.datalink = GUINT32_TO_BE(KHciLoggerDatalinkTypeH1);
428 if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
431 wdh->bytes_dumped += sizeof file_hdr;
436 /* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
438 gboolean btsnoop_dump_open_h4(wtap_dumper *wdh, int *err)
440 struct btsnoop_hdr file_hdr;
442 /* This is a btsnoop file */
443 wdh->subtype_write = btsnoop_dump_h4;
445 /* Write the file header. */
446 switch (wdh->file_type_subtype) {
448 case WTAP_FILE_TYPE_SUBTYPE_BTSNOOP:
449 wdh->tsprecision = WTAP_TSPREC_USEC;
453 /* We should never get here - our open routine
454 should only get called for the types above. */
455 *err = WTAP_ERR_UNWRITABLE_FILE_TYPE;
459 if (!wtap_dump_file_write(wdh, btsnoop_magic, sizeof btsnoop_magic, err))
462 wdh->bytes_dumped += sizeof btsnoop_magic;
464 /* current "btsnoop" format is 1 */
465 file_hdr.version = GUINT32_TO_BE(1);
466 /* HCI type encoded in first byte */
467 file_hdr.datalink = GUINT32_TO_BE(KHciLoggerDatalinkTypeH4);
469 if (!wtap_dump_file_write(wdh, &file_hdr, sizeof file_hdr, err))
472 wdh->bytes_dumped += sizeof file_hdr;
478 * Editor modelines - http://www.wireshark.org/tools/modelines.html
483 * indent-tabs-mode: nil
486 * vi: set shiftwidth=4 tabstop=8 expandtab:
487 * :indentSize=4:tabSize=8:noTabs=true: