3 * File format support for Rabbit Labs CAM Inspector files
4 * Copyright (c) 2013 by Martin Kaiser <martin@kaiser.cx>
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 /* CAM Inspector is a commercial log tool for DVB-CI
27 it stores recorded packets between a CI module and a DVB receiver,
28 using a proprietary file format
30 a CAM Inspector file consists of 16bit blocks
31 the first byte contains payload data,
32 the second byte contains a "transaction type"
34 we currently support the following transaction types
36 0x20 == data transfer from CI module to host
37 0x22 == host reads the lower byte of the size register
38 0x23 == host reads the higher byte of the size register
39 0x2A == host writes the lower byte of the size register
40 0x2B == host writes the higher byte of the size register
41 0x28 == data transfer from host to CI module
43 using these transaction types, we can identify and assemble data transfers
44 from the host to the CAM and vice versa
46 a host->module data transfer will use the following transactions
47 one 0x2A and one 0x2B transaction to write the 16bit size
48 <size> 0x28 transactions to transfer one byte at a time
49 this will be assembled into one packet
51 the module->host transfer is similar
54 when we run into an error while assembling a data transfer, the
55 primary goal is to recover so that we can handle the next transfer
56 correctly (all files I used for testing contained errors where
57 apparently the logging hardware missed some bytes)
64 #include "file_wrappers.h"
69 #define TRANS_CAM_HOST 0x20
70 #define TRANS_READ_SIZE_LOW 0x22
71 #define TRANS_READ_SIZE_HIGH 0x23
72 #define TRANS_HOST_CAM 0x28
73 #define TRANS_WRITE_SIZE_LOW 0x2A
74 #define TRANS_WRITE_SIZE_HIGH 0x2B
76 #define IS_TRANS_SIZE(x) \
77 ((x)==TRANS_WRITE_SIZE_LOW || (x)==TRANS_WRITE_SIZE_HIGH || \
78 (x)==TRANS_READ_SIZE_LOW || (x)==TRANS_READ_SIZE_HIGH)
87 #define RESET_STAT_VALS \
89 *dat_trans_type = 0x00; \
91 size_stat = SIZE_HAVE_NONE; \
94 #define SIZE_ADD_LOW \
95 { size_stat = (size_stat==SIZE_HAVE_HIGH ? SIZE_HAVE_ALL : SIZE_HAVE_LOW); }
97 #define SIZE_ADD_HIGH \
98 { size_stat = (size_stat==SIZE_HAVE_LOW ? SIZE_HAVE_ALL : SIZE_HAVE_HIGH); }
100 /* PCAP DVB-CI pseudo-header, see http://www.kaiser.cx/pcap-dvbci.html */
101 #define DVB_CI_PSEUDO_HDR_VER 0
102 #define DVB_CI_PSEUDO_HDR_LEN 4
103 #define DVB_CI_PSEUDO_HDR_CAM_TO_HOST 0xFF
104 #define DVB_CI_PSEUDO_HDR_HOST_TO_CAM 0xFE
107 /* find the transaction type for the data bytes of the next packet
108 and the number of data bytes in that packet
109 the fd is moved such that it can be used in a subsequent call
110 to retrieve the data */
112 find_next_pkt_dat_type_len(FILE_T fh,
113 guint8 *dat_trans_type, /* transaction type used for the data bytes */
114 guint16 *dat_len, /* the number of data bytes in the packet */
115 int *err, gchar **err_info)
118 size_read_t size_stat;
120 if (!dat_trans_type || !dat_len)
126 if (!wtap_read_bytes_or_eof(fh, block, sizeof(block), err, err_info)) {
131 /* our strategy is to continue reading until we have a high and a
132 low size byte for the same direction, duplicates or spurious data
136 case TRANS_READ_SIZE_LOW:
137 if (*dat_trans_type != TRANS_CAM_HOST)
139 *dat_trans_type = TRANS_CAM_HOST;
140 *dat_len |= block[0];
143 case TRANS_READ_SIZE_HIGH:
144 if (*dat_trans_type != TRANS_CAM_HOST)
146 *dat_trans_type = TRANS_CAM_HOST;
147 *dat_len |= (block[0] << 8);
150 case TRANS_WRITE_SIZE_LOW:
151 if (*dat_trans_type != TRANS_HOST_CAM)
153 *dat_trans_type = TRANS_HOST_CAM;
154 *dat_len |= block[0];
157 case TRANS_WRITE_SIZE_HIGH:
158 if (*dat_trans_type != TRANS_HOST_CAM)
160 *dat_trans_type = TRANS_HOST_CAM;
161 *dat_len |= (block[0] << 8);
167 } while (size_stat != SIZE_HAVE_ALL);
173 /* buffer allocated by the caller, must be long enough to hold
174 dat_len bytes, ... */
176 read_packet_data(FILE_T fh, guint8 dat_trans_type, guint8 *buf, guint16 dat_len,
177 int *err, gchar **err_info)
181 guint16 bytes_count = 0;
186 /* we're not checking for end-of-file here, we read as many bytes as
187 we can get (up to dat_len) and return those
188 end-of-file will be detected when we search for the next packet */
191 while (bytes_count < dat_len) {
192 if (!wtap_read_bytes_or_eof(fh, block, sizeof(block), err, err_info))
195 if (block[1] == dat_trans_type) {
199 else if (IS_TRANS_SIZE(block[1])) {
200 /* go back before the size transaction block
201 the next packet should be able to pick up this block */
202 if (-1 == file_seek(fh, -(gint64)sizeof(block), SEEK_CUR, err))
212 /* create a DVB-CI pseudo header
213 return its length or -1 for error */
215 create_pseudo_hdr(guint8 *buf, guint8 dat_trans_type, guint16 dat_len)
220 buf[0] = DVB_CI_PSEUDO_HDR_VER;
222 if (dat_trans_type==TRANS_CAM_HOST)
223 buf[1] = DVB_CI_PSEUDO_HDR_CAM_TO_HOST;
224 else if (dat_trans_type==TRANS_HOST_CAM)
225 buf[1] = DVB_CI_PSEUDO_HDR_HOST_TO_CAM;
229 buf[2] = (dat_len>>8) & 0xFF;
230 buf[3] = dat_len & 0xFF;
232 return DVB_CI_PSEUDO_HDR_LEN;
237 camins_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
238 int *err, gchar **err_info)
240 guint8 dat_trans_type;
243 gint offset, bytes_read;
245 if (!find_next_pkt_dat_type_len(fh, &dat_trans_type, &dat_len, err, err_info))
248 * The maximum value of length is 65535, which, even after
249 * DVB_CI_PSEUDO_HDR_LEN is added to it, is less than
250 * WTAP_MAX_PACKET_SIZE will ever be, so we don't need to check
254 ws_buffer_assure_space(buf, DVB_CI_PSEUDO_HDR_LEN+dat_len);
255 p = ws_buffer_start_ptr(buf);
256 /* NULL check for p is done in create_pseudo_hdr() */
257 offset = create_pseudo_hdr(p, dat_trans_type, dat_len);
259 /* shouldn't happen, all invalid packets must be detected by
260 find_next_pkt_dat_type_len() */
261 *err = WTAP_ERR_INTERNAL;
265 bytes_read = read_packet_data(fh, dat_trans_type,
266 &p[offset], dat_len, err, err_info);
267 /* 0<=bytes_read<=dat_len is very likely a corrupted packet
268 we let the dissector handle this */
271 offset += bytes_read;
273 phdr->rec_type = REC_TYPE_PACKET;
274 phdr->pkt_encap = WTAP_ENCAP_DVBCI;
275 /* timestamps aren't supported for now */
276 phdr->caplen = offset;
284 camins_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
286 *data_offset = file_tell(wth->fh);
288 return camins_read_packet(wth->fh, &wth->phdr, wth->frame_buffer, err,
294 camins_seek_read(wtap *wth, gint64 seek_off,
295 struct wtap_pkthdr *pkthdr, Buffer *buf, int *err, gchar **err_info)
297 if (-1 == file_seek(wth->random_fh, seek_off, SEEK_SET, err))
300 return camins_read_packet(wth->random_fh, pkthdr, buf, err, err_info);
305 wtap_open_return_val camins_open(wtap *wth, int *err, gchar **err_info)
307 guint8 found_start_blocks = 0;
311 /* all CAM Inspector files I've looked at have at least two blocks of
312 0x00 0xE1 within the first 20 bytes */
314 if (!wtap_read_bytes(wth->fh, block, sizeof(block), err, err_info)) {
315 if (*err == WTAP_ERR_SHORT_READ)
317 return WTAP_OPEN_ERROR;
320 if (block[0]==0x00 && block[1] == 0xE1)
321 found_start_blocks++;
326 if (found_start_blocks < 2)
327 return WTAP_OPEN_NOT_MINE; /* no CAM Inspector file */
329 /* rewind the fh so we re-read from the beginning */
330 if (-1 == file_seek(wth->fh, 0, SEEK_SET, err))
331 return WTAP_OPEN_ERROR;
333 wth->file_encap = WTAP_ENCAP_DVBCI;
334 wth->snapshot_length = 0;
335 wth->file_tsprec = WTAP_TSPREC_MSEC;
339 wth->subtype_read = camins_read;
340 wth->subtype_seek_read = camins_seek_read;
341 wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_CAMINS;
344 return WTAP_OPEN_MINE;
349 * Editor modelines - http://www.wireshark.org/tools/modelines.html
354 * indent-tabs-mode: nil
357 * vi: set shiftwidth=4 tabstop=8 expandtab:
358 * :indentSize=4:tabSize=8:noTabs=true: