3 * File format support for Rabbit Labs CAM Inspector files
4 * Copyright (c) 2013 by Martin Kaiser <martin@kaiser.cx>
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 /* CAM Inspector is a commercial log tool for DVB-CI
27 it stores recorded packets between a CI module and a DVB receiver,
28 using a proprietary file format
30 a CAM Inspector file consists of 16bit blocks
31 the first byte contains payload data,
32 the second byte contains a "transaction type"
34 we currently support the following transaction types
36 0x20 == data transfer from CI module to host
37 0x22 == host reads the lower byte of the size register
38 0x23 == host reads the higher byte of the size register
39 0x2A == host writes the lower byte of the size register
40 0x2B == host writes the higher byte of the size register
41 0x28 == data transfer from host to CI module
43 using these transaction types, we can identify and assemble data transfers
44 from the host to the CAM and vice versa
46 a host->module data transfer will use the following transactions
47 one 0x2A and one 0x2B transaction to write the 16bit size
48 <size> 0x28 transactions to transfer one byte at a time
49 this will be assembled into one packet
51 the module->host transfer is similar
54 when we run into an error while assembling a data transfer, the
55 primary goal is to recover so that we can handle the next transfer
56 correctly (all files I used for testing contained errors where
57 apparently the logging hardware missed some bytes)
66 #include <file_wrappers.h>
67 #include <wsutil/buffer.h>
72 #define TRANS_CAM_HOST 0x20
73 #define TRANS_READ_SIZE_LOW 0x22
74 #define TRANS_READ_SIZE_HIGH 0x23
75 #define TRANS_HOST_CAM 0x28
76 #define TRANS_WRITE_SIZE_LOW 0x2A
77 #define TRANS_WRITE_SIZE_HIGH 0x2B
79 #define IS_TRANS_SIZE(x) \
80 ((x)==TRANS_WRITE_SIZE_LOW || (x)==TRANS_WRITE_SIZE_HIGH || \
81 (x)==TRANS_READ_SIZE_LOW || (x)==TRANS_READ_SIZE_HIGH)
90 #define RESET_STAT_VALS \
92 *dat_trans_type = 0x00; \
94 size_stat = SIZE_HAVE_NONE; \
97 #define SIZE_ADD_LOW \
98 { size_stat = (size_stat==SIZE_HAVE_HIGH ? SIZE_HAVE_ALL : SIZE_HAVE_LOW); }
100 #define SIZE_ADD_HIGH \
101 { size_stat = (size_stat==SIZE_HAVE_LOW ? SIZE_HAVE_ALL : SIZE_HAVE_HIGH); }
103 /* PCAP DVB-CI pseudo-header, see http://www.kaiser.cx/pcap-dvbci.html */
104 #define DVB_CI_PSEUDO_HDR_VER 0
105 #define DVB_CI_PSEUDO_HDR_LEN 4
106 #define DVB_CI_PSEUDO_HDR_CAM_TO_HOST 0xFF
107 #define DVB_CI_PSEUDO_HDR_HOST_TO_CAM 0xFE
110 /* find the transaction type for the data bytes of the next packet
111 and the number of data bytes in that packet
112 the fd is moved such that it can be used in a subsequent call
113 to retrieve the data */
115 find_next_pkt_dat_type_len(FILE_T fh,
116 guint8 *dat_trans_type, /* transaction type used for the data bytes */
117 guint16 *dat_len, /* the number of data bytes in the packet */
118 int *err, gchar **err_info)
121 size_read_t size_stat;
123 if (!dat_trans_type || !dat_len)
129 if (!wtap_read_bytes_or_eof(fh, block, sizeof(block), err, err_info)) {
134 /* our strategy is to continue reading until we have a high and a
135 low size byte for the same direction, duplicates or spurious data
139 case TRANS_READ_SIZE_LOW:
140 if (*dat_trans_type != TRANS_CAM_HOST)
142 *dat_trans_type = TRANS_CAM_HOST;
143 *dat_len |= block[0];
146 case TRANS_READ_SIZE_HIGH:
147 if (*dat_trans_type != TRANS_CAM_HOST)
149 *dat_trans_type = TRANS_CAM_HOST;
150 *dat_len |= (block[0] << 8);
153 case TRANS_WRITE_SIZE_LOW:
154 if (*dat_trans_type != TRANS_HOST_CAM)
156 *dat_trans_type = TRANS_HOST_CAM;
157 *dat_len |= block[0];
160 case TRANS_WRITE_SIZE_HIGH:
161 if (*dat_trans_type != TRANS_HOST_CAM)
163 *dat_trans_type = TRANS_HOST_CAM;
164 *dat_len |= (block[0] << 8);
170 } while (size_stat != SIZE_HAVE_ALL);
176 /* buffer allocated by the caller, must be long enough to hold
177 dat_len bytes, ... */
179 read_packet_data(FILE_T fh, guint8 dat_trans_type, guint8 *buf, guint16 dat_len,
180 int *err, gchar **err_info)
184 guint16 bytes_count = 0;
189 /* we're not checking for end-of-file here, we read as many bytes as
190 we can get (up to dat_len) and return those
191 end-of-file will be detected when we search for the next packet */
194 while (bytes_count < dat_len) {
195 if (!wtap_read_bytes_or_eof(fh, block, sizeof(block), err, err_info))
198 if (block[1] == dat_trans_type) {
202 else if (IS_TRANS_SIZE(block[1])) {
203 /* go back before the size transaction block
204 the next packet should be able to pick up this block */
205 if (-1 == file_seek(fh, -(gint64)sizeof(block), SEEK_CUR, err))
215 /* create a DVB-CI pseudo header
216 return its length or -1 for error */
218 create_pseudo_hdr(guint8 *buf, guint8 dat_trans_type, guint16 dat_len)
223 buf[0] = DVB_CI_PSEUDO_HDR_VER;
225 if (dat_trans_type==TRANS_CAM_HOST)
226 buf[1] = DVB_CI_PSEUDO_HDR_CAM_TO_HOST;
227 else if (dat_trans_type==TRANS_HOST_CAM)
228 buf[1] = DVB_CI_PSEUDO_HDR_HOST_TO_CAM;
232 buf[2] = (dat_len>>8) & 0xFF;
233 buf[3] = dat_len & 0xFF;
235 return DVB_CI_PSEUDO_HDR_LEN;
240 camins_read_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf,
241 int *err, gchar **err_info)
243 guint8 dat_trans_type;
246 gint offset, bytes_read;
248 if (!find_next_pkt_dat_type_len(fh, &dat_trans_type, &dat_len, err, err_info))
251 ws_buffer_assure_space(buf, DVB_CI_PSEUDO_HDR_LEN+dat_len);
252 p = ws_buffer_start_ptr(buf);
253 /* NULL check for p is done in create_pseudo_hdr() */
254 offset = create_pseudo_hdr(p, dat_trans_type, dat_len);
256 /* shouldn't happen, all invalid packets must be detected by
257 find_next_pkt_dat_type_len() */
258 *err = WTAP_ERR_INTERNAL;
262 bytes_read = read_packet_data(fh, dat_trans_type,
263 &p[offset], dat_len, err, err_info);
264 /* 0<=bytes_read<=dat_len is very likely a corrupted packet
265 we let the dissector handle this */
268 offset += bytes_read;
270 phdr->rec_type = REC_TYPE_PACKET;
271 phdr->pkt_encap = WTAP_ENCAP_DVBCI;
272 /* timestamps aren't supported for now */
273 phdr->caplen = offset;
281 camins_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
283 *data_offset = file_tell(wth->fh);
285 return camins_read_packet(wth->fh, &wth->phdr, wth->frame_buffer, err,
291 camins_seek_read(wtap *wth, gint64 seek_off,
292 struct wtap_pkthdr *pkthdr, Buffer *buf, int *err, gchar **err_info)
294 if (-1 == file_seek(wth->random_fh, seek_off, SEEK_SET, err))
297 return camins_read_packet(wth->random_fh, pkthdr, buf, err, err_info);
302 int camins_open(wtap *wth, int *err, gchar **err_info _U_)
304 guint8 found_start_blocks = 0;
308 /* all CAM Inspector files I've looked at have at least two blocks of
309 0x00 0xE1 within the first 20 bytes */
311 if (!wtap_read_bytes(wth->fh, block, sizeof(block), err, err_info)) {
312 if (*err == WTAP_ERR_SHORT_READ)
317 if (block[0]==0x00 && block[1] == 0xE1)
318 found_start_blocks++;
323 if (found_start_blocks < 2)
324 return 0; /* no CAM Inspector file */
326 /* rewind the fh so we re-read from the beginning */
327 if (-1 == file_seek(wth->fh, 0, SEEK_SET, err))
330 wth->file_encap = WTAP_ENCAP_DVBCI;
331 wth->snapshot_length = 0;
332 wth->file_tsprec = WTAP_TSPREC_MSEC;
336 wth->subtype_read = camins_read;
337 wth->subtype_seek_read = camins_seek_read;
338 wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_CAMINS;
346 * Editor modelines - http://www.wireshark.org/tools/modelines.html
351 * indent-tabs-mode: nil
354 * vi: set shiftwidth=4 tabstop=8 expandtab:
355 * :indentSize=4:tabSize=8:noTabs=true: