From 95c1f2f7c90178202fb4d79e15cd0be113e97e8e Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Thu, 30 Oct 2003 03:11:03 +0000 Subject: From Marcel Holtmann: support for reading Linux Bluez Bluetooth stack "hcidump -w" traces. Note that Jesper Peterson contributed support for reading Endace ERF files. svn path=/trunk/; revision=8824 --- wiretap/AUTHORS | 3 +- wiretap/Makefile.am | 4 +- wiretap/Makefile.nmake | 3 +- wiretap/file_access.c | 8 ++- wiretap/hcidump.c | 157 +++++++++++++++++++++++++++++++++++++++++++++++++ wiretap/hcidump.h | 28 +++++++++ wiretap/wtap.h | 10 ++-- 7 files changed, 205 insertions(+), 8 deletions(-) create mode 100644 wiretap/hcidump.c create mode 100644 wiretap/hcidump.h (limited to 'wiretap') diff --git a/wiretap/AUTHORS b/wiretap/AUTHORS index b9a58ff61f..8194ce4ddd 100644 --- a/wiretap/AUTHORS +++ b/wiretap/AUTHORS @@ -18,5 +18,6 @@ Markus Steinmann Mark C. Brown Martin Warnes Thierry Martin -Jesper Peterson +Jesper Peterson +Marcel Holtmann diff --git a/wiretap/Makefile.am b/wiretap/Makefile.am index e4501e52c6..9780aff8e4 100644 --- a/wiretap/Makefile.am +++ b/wiretap/Makefile.am @@ -1,7 +1,7 @@ # Makefile.am # Automake file for Wiretap # -# $Id: Makefile.am,v 1.45 2003/08/26 07:10:38 guy Exp $ +# $Id: Makefile.am,v 1.46 2003/10/30 03:11:02 guy Exp $ # # Ethereal - Network traffic analyzer # By Gerald Combs @@ -54,6 +54,8 @@ libwiretap_a_SOURCES = \ file_access.c \ file_wrappers.c \ file_wrappers.h \ + hcidump.c \ + hcidump.h \ i4btrace.c \ i4btrace.h \ i4b_trace.h \ diff --git a/wiretap/Makefile.nmake b/wiretap/Makefile.nmake index 2555798b7d..9e38b2f7b6 100644 --- a/wiretap/Makefile.nmake +++ b/wiretap/Makefile.nmake @@ -1,5 +1,5 @@ # -# $Id: Makefile.nmake,v 1.35 2003/10/10 21:31:53 guy Exp $ +# $Id: Makefile.nmake,v 1.36 2003/10/30 03:11:02 guy Exp $ # include ..\config.nmake @@ -25,6 +25,7 @@ OBJECTS=ascend-grammar.obj \ etherpeek.obj \ file_access.obj \ file_wrappers.obj \ + hcidump.obj \ i4btrace.obj \ iptrace.obj \ lanalyzer.obj \ diff --git a/wiretap/file_access.c b/wiretap/file_access.c index 74e4bb6260..f5ef156da1 100644 --- a/wiretap/file_access.c +++ b/wiretap/file_access.c @@ -1,6 +1,6 @@ /* file_access.c * - * $Id: file_access.c,v 1.3 2003/10/01 07:11:47 guy Exp $ + * $Id: file_access.c,v 1.4 2003/10/30 03:11:02 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez @@ -70,6 +70,7 @@ #include "cosine.h" #include "5views.h" #include "erf.h" +#include "hcidump.h" /* The open_file_* routines should return: * @@ -120,6 +121,7 @@ static int (*const open_routines[])(wtap *, int *) = { dbs_etherwatch_open, cosine_open, erf_open, + hcidump_open, }; #define N_FILE_TYPES (sizeof open_routines / sizeof open_routines[0]) @@ -435,6 +437,10 @@ static const struct file_type_info { /* WTAP_FILE_ERF */ { "Endace DAG capture", "erf", NULL, NULL }, + + /* WTAP_FILE_HCIDUMP */ + { "Bluetooth HCI dump", "hcidump", + NULL, NULL }, }; /* Name that should be somewhat descriptive. */ diff --git a/wiretap/hcidump.c b/wiretap/hcidump.c new file mode 100644 index 0000000000..f61c092c82 --- /dev/null +++ b/wiretap/hcidump.c @@ -0,0 +1,157 @@ +/* hcidump.c + * + * $Id: hcidump.c,v 1.1 2003/10/30 03:11:02 guy Exp $ + * + * Copyright (c) 2003 by Marcel Holtmann + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "wtap-int.h" +#include "file_wrappers.h" +#include "buffer.h" +#include "hcidump.h" + +struct dump_hdr { + guint16 len; + guint8 in; + guint8 pad; + guint32 ts_sec; + guint32 ts_usec; +}; + +#define DUMP_HDR_SIZE (sizeof(struct dump_hdr)) + +static gboolean hcidump_read(wtap *wth, int *err, long *data_offset) +{ + struct dump_hdr dh; + guint8 *buf; + int bytes_read, packet_size; + + *data_offset = wth->data_offset; + + bytes_read = file_read(&dh, 1, DUMP_HDR_SIZE, wth->fh); + if (bytes_read != DUMP_HDR_SIZE) { + *err = file_error(wth->fh); + if (*err == 0 && bytes_read != 0) + *err = WTAP_ERR_SHORT_READ; + return FALSE; + } + wth->data_offset += DUMP_HDR_SIZE; + + packet_size = g_ntohs(dh.len); + if (packet_size > WTAP_MAX_PACKET_SIZE) { + /* + * Probably a corrupt capture file; don't blow up trying + * to allocate space for an immensely-large packet. + */ + g_message("hcidump: File has %u-byte packet, bigger than maximum of %u", + packet_size, WTAP_MAX_PACKET_SIZE); + *err = WTAP_ERR_BAD_RECORD; + return FALSE; + } + + buffer_assure_space(wth->frame_buffer, packet_size); + buf = buffer_start_ptr(wth->frame_buffer); + + bytes_read = file_read(buf, 1, packet_size, wth->fh); + if (bytes_read != packet_size) { + *err = file_error(wth->fh); + if (*err == 0) + *err = WTAP_ERR_SHORT_READ; + return FALSE; + } + wth->data_offset += packet_size; + + wth->phdr.ts.tv_sec = g_ntohl(dh.ts_sec); + wth->phdr.ts.tv_usec = g_ntohl(dh.ts_usec); + wth->phdr.caplen = packet_size; + wth->phdr.len = packet_size; + wth->phdr.pkt_encap = WTAP_ENCAP_BLUETOOTH_H4; + + wth->pseudo_header.p2p.sent = (dh.in ? FALSE : TRUE); + + return TRUE; +} + +static gboolean hcidump_seek_read(wtap *wth, long seek_off, union wtap_pseudo_header *pseudo_header, guint8 *pd, int length, int *err) +{ + struct dump_hdr dh; + int bytes_read; + + if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) + return FALSE; + + bytes_read = file_read(&dh, 1, DUMP_HDR_SIZE, wth->random_fh); + if (bytes_read != DUMP_HDR_SIZE) { + *err = file_error(wth->random_fh); + if (*err == 0 && bytes_read != 0) + *err = WTAP_ERR_SHORT_READ; + return FALSE; + } + + bytes_read = file_read(pd, 1, length, wth->random_fh); + if (bytes_read != length) { + *err = file_error(wth->random_fh); + if (*err == 0) + *err = WTAP_ERR_SHORT_READ; + return FALSE; + } + + pseudo_header->p2p.sent = (dh.in ? FALSE : TRUE); + + return TRUE; +} + +int hcidump_open(wtap *wth, int *err) +{ + struct dump_hdr dh; + guint8 type; + int bytes_read; + + bytes_read = file_read(&dh, 1, DUMP_HDR_SIZE, wth->fh); + if (bytes_read != DUMP_HDR_SIZE) { + *err = file_error(wth->fh); + return (*err != 0) ? -1 : 0; + } + + if (dh.in != 0 && dh.in != 1 && dh.pad != 0 && g_ntohs(dh.len) < 1) + return 0; + + bytes_read = file_read(&type, 1, 1, wth->fh); + if (bytes_read != 1) { + *err = file_error(wth->fh); + return (*err != 0) ? -1 : 0; + } + + if (type < 1 || type > 4) + return 0; + + if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) + return -1; + + wth->file_type = WTAP_FILE_HCIDUMP; + wth->file_encap = WTAP_ENCAP_BLUETOOTH_H4; + wth->snapshot_length = 0; + + wth->subtype_read = hcidump_read; + wth->subtype_seek_read = hcidump_seek_read; + + return 1; +} diff --git a/wiretap/hcidump.h b/wiretap/hcidump.h new file mode 100644 index 0000000000..134fbf0fb4 --- /dev/null +++ b/wiretap/hcidump.h @@ -0,0 +1,28 @@ +/* hcidump.h + * + * $Id: hcidump.h,v 1.1 2003/10/30 03:11:02 guy Exp $ + * + * Copyright (c) 2003 by Marcel Holtmann + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ + +#ifndef __HCIDUMP_H__ +#define __HCIDUMP_H__ + +int hcidump_open(wtap *wth, int *err); + +#endif diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 5671803c7f..b752515843 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -1,6 +1,6 @@ /* wtap.h * - * $Id: wtap.h,v 1.142 2003/10/25 07:17:28 guy Exp $ + * $Id: wtap.h,v 1.143 2003/10/30 03:11:03 guy Exp $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez @@ -129,9 +129,10 @@ #define WTAP_ENCAP_ENC 37 #define WTAP_ENCAP_PFLOG 38 #define WTAP_ENCAP_CHDLC_WITH_PHDR 39 +#define WTAP_ENCAP_BLUETOOTH_H4 40 /* last WTAP_ENCAP_ value + 1 */ -#define WTAP_NUM_ENCAP_TYPES 40 +#define WTAP_NUM_ENCAP_TYPES 41 /* File types that can be read by wiretap. We support writing some many of these file types, too, so we @@ -172,9 +173,10 @@ #define WTAP_FILE_COSINE 33 #define WTAP_FILE_5VIEWS 34 #define WTAP_FILE_ERF 35 +#define WTAP_FILE_HCIDUMP 36 /* last WTAP_FILE_ value + 1 */ -#define WTAP_NUM_FILE_TYPES 36 +#define WTAP_NUM_FILE_TYPES 37 /* * Maximum packet size we'll support. @@ -350,7 +352,7 @@ struct ieee_802_11_phdr { struct cosine_phdr { guint8 encap; /* COSINE_ENCAP_* as defined above */ guint8 direction; /* COSINE_DIR_*, as defined above */ - char if_name[COSINE_MAX_IF_NAME_LEN]; /* Encap & Logical I/F name */ + char if_name[COSINE_MAX_IF_NAME_LEN]; /* Encap & Logical I/F name */ guint16 pro; /* Protocol */ guint16 off; /* Offset */ guint16 pri; /* Priority */ -- cgit v1.2.3