1 /* packet-btbb.c 2 * Routines for Bluetooth baseband dissection 3 * Copyright 2009, Michael Ossmann <[email protected]> 4 * 5 * $Id$ 6 * 7 * Wireshark - Network traffic analyzer 8 * By Gerald Combs <[email protected]> 9 * Copyright 1998 Gerald Combs 10 * 11 * This program is free software; you can redistribute it and/or 12 * modify it under the terms of the GNU General Public License 13 * as published by the Free Software Foundation; either version 2 14 * of the License, or (at your option) any later version. 15 * 16 * This program is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 * GNU General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License 22 * along with this program; if not, write to the Free Software 23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 24 */ 25 26 #ifdef HAVE_CONFIG_H 27 # include "config.h" 28 #endif 29 30 #include <wireshark/config.h> /* needed for epan/gcc-4.x */ 31 #include <epan/packet.h> 32 #include <epan/prefs.h> 33 34 /* function prototypes */ 35 void proto_reg_handoff_btbb(void); 36 37 /* initialize the protocol and registered fields */ 38 static int proto_btbb = -1; 39 static int hf_btbb_meta = -1; 40 static int hf_btbb_dir = -1; 41 static int hf_btbb_clk = -1; 42 static int hf_btbb_channel = -1; 43 static int hf_btbb_addrbits = -1; 44 static int hf_btbb_clkbits = -1; 45 static int hf_btbb_pkthdr = -1; 46 static int hf_btbb_ltaddr = -1; 47 static int hf_btbb_type = -1; 48 static int hf_btbb_flags = -1; 49 static int hf_btbb_flow = -1; 50 static int hf_btbb_arqn = -1; 51 static int hf_btbb_seqn = -1; 52 static int hf_btbb_hec = -1; 53 static int hf_btbb_payload = -1; 54 static int hf_btbb_pldhdr = -1; 55 static int hf_btbb_llid = -1; 56 static int hf_btbb_pldflow = -1; 57 static int hf_btbb_length = -1; 58 static int hf_btbb_pldbody = -1; 59 static int hf_btbb_crc = -1; 60 static int hf_btbb_fhs_parity = -1; 61 static int hf_btbb_fhs_lap = -1; 62 static int hf_btbb_fhs_eir = -1; 63 static int hf_btbb_fhs_sr = -1; 64 static int hf_btbb_fhs_uap = -1; 65 static int hf_btbb_fhs_nap = -1; 66 static int hf_btbb_fhs_class = -1; 67 static int hf_btbb_fhs_ltaddr = -1; 68 static int hf_btbb_fhs_clk = -1; 69 static int hf_btbb_fhs_psmode = -1; 70 71 /* field values */ 72 static const true_false_string direction = { 73 "Slave to Master", 74 "Master to Slave" 75 }; 76 77 static const true_false_string clock_bits = { 78 "27", 79 "6" 80 }; 81 82 static const true_false_string address_bits = { 83 "48 (NAP known)", 84 "32 (NAP unknown)" 85 }; 86 87 static const value_string packet_types[] = { 88 /* generic names for unknown logical transport */ 89 { 0x0, "NULL" }, 90 { 0x1, "POLL" }, 91 { 0x2, "FHS" }, 92 { 0x3, "DM1" }, 93 { 0x4, "DH1/2-DH1" }, 94 { 0x5, "HV1" }, 95 { 0x6, "HV2/2-EV3" }, 96 { 0x7, "HV3/EV3/3-EV3" }, 97 { 0x8, "DV/3-DH1" }, 98 { 0x9, "AUX1" }, 99 { 0xa, "DM3/2-DH3" }, 100 { 0xb, "DH3/3-DH3" }, 101 { 0xc, "EV4/2-EV5" }, 102 { 0xd, "EV5/3-EV5" }, 103 { 0xe, "DM5/2-DH5" }, 104 { 0xf, "DH5/3-DH5" }, 105 { 0, NULL } 106 }; 107 108 static const value_string sr_modes[] = { 109 { 0x0, "R0" }, 110 { 0x1, "R1" }, 111 { 0x2, "R2" }, 112 { 0x3, "Reserved" }, 113 { 0, NULL } 114 }; 115 116 static const range_string ps_modes[] = { 117 { 0x0, 0x0, "Mandatory scan mode" }, 118 { 0x1, 0x7, "Reserved" }, 119 { 0, 0, NULL } 120 }; 121 122 static const value_string llid_codes[] = { 123 { 0x0, "undefined" }, 124 { 0x1, "Continuation fragment of an L2CAP message (ACL-U)" }, 125 { 0x2, "Start of an L2CAP message or no fragmentation (ACL-U)" }, 126 { 0x3, "LMP message (ACL-C)" }, 127 { 0, NULL } 128 }; 129 130 /* initialize the subtree pointers */ 131 static gint ett_btbb = -1; 132 static gint ett_btbb_meta = -1; 133 static gint ett_btbb_pkthdr = -1; 134 static gint ett_btbb_flags = -1; 135 static gint ett_btbb_payload = -1; 136 static gint ett_btbb_pldhdr = -1; 137 138 /* subdissectors */ 139 static dissector_handle_t btlmp_handle = NULL; 140 static dissector_handle_t btl2cap_handle = NULL; 141 142 /* packet header flags */ 143 static const int *flag_fields[] = { 144 &hf_btbb_flow, 145 &hf_btbb_arqn, 146 &hf_btbb_seqn, 147 NULL 148 }; 149 150 /* one byte payload header */ 151 int 152 dissect_payload_header1(proto_tree *tree, tvbuff_t *tvb, int offset) 153 { 154 proto_item *hdr_item; 155 proto_tree *hdr_tree; 156 157 DISSECTOR_ASSERT(tvb_length_remaining(tvb, offset) >= 1); 158 159 hdr_item = proto_tree_add_item(tree, hf_btbb_pldhdr, tvb, offset, 1, ENC_NA); 160 hdr_tree = proto_item_add_subtree(hdr_item, ett_btbb_pldhdr); 161 162 proto_tree_add_item(hdr_tree, hf_btbb_llid, tvb, offset, 1, ENC_NA); 163 proto_tree_add_item(hdr_tree, hf_btbb_pldflow, tvb, offset, 1, ENC_NA); 164 proto_tree_add_item(hdr_tree, hf_btbb_length, tvb, offset, 1, ENC_NA); 165 166 /* payload length */ 167 return tvb_get_guint8(tvb, offset) >> 3; 168 } 169 170 void 171 dissect_fhs(proto_tree *tree, tvbuff_t *tvb, int offset) 172 { 173 proto_item *fhs_item; 174 proto_tree *fhs_tree; 175 176 DISSECTOR_ASSERT(tvb_length_remaining(tvb, offset) == 20); 177 178 fhs_item = proto_tree_add_item(tree, hf_btbb_payload, tvb, offset, -1, ENC_NA); 179 fhs_tree = proto_item_add_subtree(fhs_item, ett_btbb_payload); 180 181 proto_tree_add_item(fhs_tree, hf_btbb_fhs_parity, tvb, offset, 5, ENC_LITTLE_ENDIAN); 182 offset += 4; 183 184 proto_tree_add_item(fhs_tree, hf_btbb_fhs_lap, tvb, offset, 4, ENC_LITTLE_ENDIAN); 185 offset += 3; 186 187 proto_tree_add_item(fhs_tree, hf_btbb_fhs_eir, tvb, offset, 1, ENC_NA); 188 /* skipping 1 undefined bit */ 189 proto_tree_add_item(fhs_tree, hf_btbb_fhs_sr, tvb, offset, 1, ENC_NA); 190 /* skipping 2 reserved bits */ 191 offset += 1; 192 193 proto_tree_add_item(fhs_tree, hf_btbb_fhs_uap, tvb, offset, 1, ENC_NA); 194 offset += 1; 195 196 proto_tree_add_item(fhs_tree, hf_btbb_fhs_nap, tvb, offset, 2, ENC_LITTLE_ENDIAN); 197 offset += 2; 198 199 proto_tree_add_item(fhs_tree, hf_btbb_fhs_class, tvb, offset, 3, ENC_LITTLE_ENDIAN); 200 offset += 3; 201 202 proto_tree_add_item(fhs_tree, hf_btbb_fhs_ltaddr, tvb, offset, 1, ENC_NA); 203 proto_tree_add_item(fhs_tree, hf_btbb_fhs_clk, tvb, offset, 4, ENC_LITTLE_ENDIAN); 204 offset += 3; 205 206 proto_tree_add_item(fhs_tree, hf_btbb_fhs_psmode, tvb, offset, 1, ENC_NA); 207 offset += 1; 208 209 proto_tree_add_item(fhs_tree, hf_btbb_crc, tvb, offset, 2, ENC_LITTLE_ENDIAN); 210 offset += 2; 211 } 212 213 void 214 dissect_dm1(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int offset) 215 { 216 int len; /* payload length indicated by payload header */ 217 int llid; /* logical link id */ 218 int l2len; /* length indicated by l2cap header */ 219 proto_item *dm1_item; 220 proto_tree *dm1_tree; 221 tvbuff_t *pld_tvb; 222 223 /* 224 * FIXME 225 * I'm probably doing a terrible, terrible thing here, but it gets my 226 * initial test cases working. 227 */ 228 guint16 fake_acl_data; 229 230 DISSECTOR_ASSERT(tvb_length_remaining(tvb, offset) >= 3); 231 232 dm1_item = proto_tree_add_item(tree, hf_btbb_payload, tvb, offset, -1, ENC_NA); 233 dm1_tree = proto_item_add_subtree(dm1_item, ett_btbb_payload); 234 235 len = dissect_payload_header1(dm1_tree, tvb, offset); 236 llid = tvb_get_guint8(tvb, offset) & 0x3; 237 offset += 1; 238 239 DISSECTOR_ASSERT(tvb_length_remaining(tvb, offset) == len + 2); 240 241 if (llid == 3 && btlmp_handle) { 242 /* LMP */ 243 pld_tvb = tvb_new_subset(tvb, offset, len, len); 244 call_dissector(btlmp_handle, pld_tvb, pinfo, dm1_tree); 245 } else if (llid == 2 && btl2cap_handle) { 246 /* unfragmented L2CAP or start of fragment */ 247 l2len = tvb_get_letohs(tvb, offset); 248 if (l2len + 4 == len) { 249 /* unfragmented */ 250 pinfo->private_data = &fake_acl_data; 251 pld_tvb = tvb_new_subset(tvb, offset, len, len); 252 call_dissector(btl2cap_handle, pld_tvb, pinfo, dm1_tree); 253 } else { 254 /* start of fragment */ 255 proto_tree_add_item(dm1_tree, hf_btbb_pldbody, tvb, offset, len, ENC_NA); 256 } 257 } else { 258 proto_tree_add_item(dm1_tree, hf_btbb_pldbody, tvb, offset, len, ENC_NA); 259 } 260 offset += len; 261 262 proto_tree_add_item(dm1_tree, hf_btbb_crc, tvb, offset, 2, ENC_LITTLE_ENDIAN); 263 offset += 2; 264 } 265 266 /* dissect a packet */ 267 static int 268 dissect_btbb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) 269 { 270 proto_item *btbb_item, *meta_item, *pkthdr_item; 271 proto_tree *btbb_tree, *meta_tree, *pkthdr_tree; 272 int offset; 273 guint8 type; 274 char *info; 275 276 /* sanity check: length */ 277 if (tvb_length(tvb) > 0 && tvb_length(tvb) < 9) 278 /* bad length: look for a different dissector */ 279 return 0; 280 281 /* maybe should verify HEC */ 282 283 /* make entries in protocol column and info column on summary display */ 284 if (check_col(pinfo->cinfo, COL_PROTOCOL)) 285 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Bluetooth"); 286 287 if (tvb_length(tvb) == 0) { 288 info = "ID"; 289 } else { 290 type = (tvb_get_guint8(tvb, 6) >> 3) & 0x0f; 291 info = match_strval(type, packet_types); 292 } 293 294 if (check_col(pinfo->cinfo, COL_INFO)) { 295 col_clear(pinfo->cinfo, COL_INFO); 296 col_add_str(pinfo->cinfo, COL_INFO, info); 297 } 298 299 /* see if we are being asked for details */ 300 if (tree) { 301 302 /* create display subtree for the protocol */ 303 offset = 0; 304 btbb_item = proto_tree_add_item(tree, proto_btbb, tvb, offset, -1, ENC_NA); 305 btbb_tree = proto_item_add_subtree(btbb_item, ett_btbb); 306 307 /* ID packets have no header, no payload */ 308 if (tvb_length(tvb) == 0) 309 return 1; 310 311 /* meta data */ 312 meta_item = proto_tree_add_item(btbb_tree, hf_btbb_meta, tvb, offset, 3, ENC_NA); 313 meta_tree = proto_item_add_subtree(meta_item, ett_btbb_meta); 314 315 proto_tree_add_item(meta_tree, hf_btbb_dir, tvb, offset, 1, ENC_NA); 316 proto_tree_add_item(meta_tree, hf_btbb_clk, tvb, offset, 4, ENC_LITTLE_ENDIAN); 317 offset += 4; 318 319 proto_tree_add_item(meta_tree, hf_btbb_channel, tvb, offset, 1, ENC_NA); 320 offset += 1; 321 322 proto_tree_add_item(meta_tree, hf_btbb_clkbits, tvb, offset, 1, ENC_NA); 323 proto_tree_add_item(meta_tree, hf_btbb_addrbits, tvb, offset, 1, ENC_NA); 324 offset += 1; 325 326 /* packet header */ 327 pkthdr_item = proto_tree_add_item(btbb_tree, hf_btbb_pkthdr, tvb, offset, 3, ENC_NA); 328 pkthdr_tree = proto_item_add_subtree(pkthdr_item, ett_btbb_pkthdr); 329 330 proto_tree_add_item(pkthdr_tree, hf_btbb_ltaddr, tvb, offset, 1, ENC_NA); 331 proto_tree_add_item(pkthdr_tree, hf_btbb_type, tvb, offset, 1, ENC_NA); 332 offset += 1; 333 proto_tree_add_bitmask(pkthdr_tree, tvb, offset, hf_btbb_flags, 334 ett_btbb_flags, flag_fields, ENC_NA); 335 offset += 1; 336 proto_tree_add_item(pkthdr_tree, hf_btbb_hec, tvb, offset, 1, ENC_NA); 337 offset += 1; 338 339 /* payload */ 340 switch (type) { 341 case 0x0: /* NULL */ 342 case 0x1: /* POLL */ 343 break; 344 case 0x2: /* FHS */ 345 dissect_fhs(btbb_tree, tvb, offset); 346 break; 347 case 0x3: /* DM1 */ 348 dissect_dm1(btbb_tree, tvb, pinfo, offset); 349 break; 350 case 0x4: /* DH1/2-DH1 */ 351 dissect_dm1(btbb_tree, tvb, pinfo, offset); 352 break; 353 case 0x5: /* HV1 */ 354 case 0x6: /* HV2/2-EV3 */ 355 case 0x7: /* HV3/EV3/3-EV3 */ 356 case 0x8: /* DV/3-DH1 */ 357 case 0x9: /* AUX1 */ 358 case 0xa: /* DM3/2-DH3 */ 359 case 0xb: /* DH3/3-DH3 */ 360 case 0xc: /* EV4/2-EV5 */ 361 case 0xd: /* EV5/3-EV5 */ 362 case 0xe: /* DM5/2-DH5 */ 363 case 0xf: /* DH5/3-DH5 */ 364 proto_tree_add_item(btbb_tree, hf_btbb_payload, tvb, offset, -1, ENC_NA); 365 break; 366 default: 367 break; 368 } 369 } 370 371 /* Return the amount of data this dissector was able to dissect */ 372 return tvb_length(tvb); 373 } 374 375 /* register the protocol with Wireshark */ 376 void 377 proto_register_btbb(void) 378 { 379 /* list of fields */ 380 static hf_register_info hf[] = { 381 { &hf_btbb_meta, 382 { "Meta Data", "btbb.meta", 383 FT_NONE, BASE_NONE, NULL, 0x0, 384 "Meta Data About the Packet", HFILL } 385 }, 386 { &hf_btbb_dir, 387 { "Direction", "btbb.dir", 388 FT_BOOLEAN, 8, TFS(&direction), 0x01, 389 "Direction of Transmission", HFILL } 390 }, 391 { &hf_btbb_clk, 392 { "CLK", "btbb.clk", 393 FT_UINT32, BASE_HEX, NULL, 0x0, 394 "Clock bits 1 through 27", HFILL } 395 }, 396 { &hf_btbb_channel, 397 { "Channel", "btbb.channel", 398 FT_UINT8, BASE_DEC, NULL, 0x0, 399 "Channel (0-78)", HFILL } 400 }, 401 { &hf_btbb_clkbits, 402 { "Known Clock Bits", "btbb.clkbits", 403 FT_BOOLEAN, 8, TFS(&clock_bits), 0x01, 404 "Number of Known Master CLK Bits (6 or 27)", HFILL } 405 }, 406 { &hf_btbb_addrbits, 407 { "Known Address Bits", "btbb.addrbits", 408 FT_BOOLEAN, 8, TFS(&address_bits), 0x02, 409 "Number of Known Bits of BD_ADDR (32 or 48)", HFILL } 410 }, 411 { &hf_btbb_pkthdr, 412 { "Packet Header", "btbb.pkthdr", 413 FT_NONE, BASE_NONE, NULL, 0x0, 414 "Bluetooth Baseband Packet Header", HFILL } 415 }, 416 { &hf_btbb_ltaddr, 417 { "LT_ADDR", "btbb.lt_addr", 418 FT_UINT8, BASE_HEX, NULL, 0x07, 419 "Logical Transport Address", HFILL } 420 }, 421 { &hf_btbb_type, 422 { "TYPE", "btbb.type", 423 FT_UINT8, BASE_HEX, VALS(packet_types), 0x78, 424 "Packet Type", HFILL } 425 }, 426 { &hf_btbb_flags, 427 { "Flags", "btbb.flags", 428 FT_UINT8, BASE_HEX, NULL, 0x0, 429 "Packet Header Flags", HFILL } 430 }, 431 { &hf_btbb_flow, 432 { "FLOW", "btbb.flow", 433 FT_BOOLEAN, 8, NULL, 0x01, 434 "Flow control indication", HFILL } 435 }, 436 { &hf_btbb_arqn, 437 { "ARQN", "btbb.arqn", 438 FT_BOOLEAN, 8, NULL, 0x02, 439 "Acknowledgment indication", HFILL } 440 }, 441 { &hf_btbb_seqn, 442 { "SEQN", "btbb.seqn", 443 FT_BOOLEAN, 8, NULL, 0x04, 444 "Sequence number", HFILL } 445 }, 446 { &hf_btbb_hec, 447 { "HEC", "btbb.lt_addr", 448 FT_UINT8, BASE_HEX, NULL, 0x0, 449 "Header Error Check", HFILL } 450 }, 451 { &hf_btbb_payload, 452 { "Payload", "btbb.payload", 453 FT_NONE, BASE_NONE, NULL, 0x0, 454 NULL, HFILL } 455 }, 456 { &hf_btbb_llid, 457 { "LLID", "btbb.llid", 458 FT_UINT8, BASE_HEX, VALS(llid_codes), 0x03, 459 "Logical Link ID", HFILL } 460 }, 461 { &hf_btbb_pldflow, 462 { "Flow", "btbb.flow", 463 FT_BOOLEAN, 8, NULL, 0x04, 464 "Payload Flow indication", HFILL } 465 }, 466 { &hf_btbb_length, 467 { "Length", "btbb.length", 468 FT_UINT8, BASE_DEC, NULL, 0xf8, 469 "Payload Length", HFILL } 470 }, 471 { &hf_btbb_pldhdr, 472 { "Payload Header", "btbb.pldhdr", 473 FT_NONE, BASE_NONE, NULL, 0x0, 474 NULL, HFILL } 475 }, 476 { &hf_btbb_pldbody, 477 { "Payload Body", "btbb.pldbody", 478 FT_BYTES, BASE_NONE, NULL, 0x0, 479 NULL, HFILL } 480 }, 481 { &hf_btbb_crc, 482 { "CRC", "btbb.crc", 483 FT_UINT16, BASE_HEX, NULL, 0x0, 484 "Payload CRC", HFILL } 485 }, 486 { &hf_btbb_fhs_parity, 487 { "Parity", "btbb.parity", 488 /* FIXME not sure why this mask doesn't have an effect. bug? */ 489 FT_UINT64, BASE_HEX, NULL, 0x00000003ffffffff, 490 "LAP parity", HFILL } 491 }, 492 { &hf_btbb_fhs_lap, 493 { "LAP", "btbb.lap", 494 FT_UINT24, BASE_HEX, NULL, 0x03fffffc, 495 "Lower Address Part", HFILL } 496 }, 497 { &hf_btbb_fhs_eir, 498 { "EIR", "btbb.eir", 499 FT_BOOLEAN, 8, NULL, 0x04, 500 "Extended Inquiry Response packet may follow", HFILL } 501 }, 502 { &hf_btbb_fhs_sr, 503 { "SR", "btbb.sr", 504 FT_UINT8, BASE_HEX, VALS(sr_modes), 0x30, 505 "Scan Repetition", HFILL } 506 }, 507 { &hf_btbb_fhs_uap, 508 { "UAP", "btbb.uap", 509 FT_UINT8, BASE_HEX, NULL, 0x0, 510 "Upper Address Part", HFILL } 511 }, 512 { &hf_btbb_fhs_nap, 513 { "NAP", "btbb.nap", 514 FT_UINT16, BASE_HEX, NULL, 0x0, 515 "Non-Significant Address Part", HFILL } 516 }, 517 { &hf_btbb_fhs_class, /* FIXME break out further */ 518 { "Class of Device", "btbb.class", 519 FT_UINT24, BASE_HEX, NULL, 0x0, 520 "Class of Device", HFILL } 521 }, 522 { &hf_btbb_fhs_ltaddr, 523 { "LT_ADDR", "btbb.lt_addr", 524 FT_UINT8, BASE_HEX, NULL, 0x07, 525 "Logical Transport Address", HFILL } 526 }, 527 { &hf_btbb_fhs_clk, 528 { "CLK", "btbb.clk", 529 FT_UINT32, BASE_HEX, NULL, 0x1ffffff8, 530 "Clock bits 2 through 27", HFILL } 531 }, 532 { &hf_btbb_fhs_psmode, 533 { "Page Scan Mode", "btbb.psmode", 534 FT_UINT8, BASE_RANGE_STRING, RVALS(ps_modes), 0xe0, 535 NULL, HFILL } 536 }, 537 }; 538 539 /* protocol subtree arrays */ 540 static gint *ett[] = { 541 &ett_btbb, 542 &ett_btbb_meta, 543 &ett_btbb_pkthdr, 544 &ett_btbb_flags, 545 &ett_btbb_payload, 546 &ett_btbb_pldhdr, 547 }; 548 549 /* register the protocol name and description */ 550 proto_btbb = proto_register_protocol( 551 "Bluetooth Baseband", /* full name */ 552 "btbb", /* short name */ 553 "btbb" /* abbreviation (e.g. for filters) */ 554 ); 555 556 /* register the header fields and subtrees used */ 557 proto_register_field_array(proto_btbb, hf, array_length(hf)); 558 proto_register_subtree_array(ett, array_length(ett)); 559 } 560 561 void 562 proto_reg_handoff_btbb(void) 563 { 564 static gboolean inited = FALSE; 565 566 if (!inited) { 567 dissector_handle_t btbb_handle; 568 569 btbb_handle = new_create_dissector_handle(dissect_btbb, proto_btbb); 570 /* hijacking this ethertype */ 571 dissector_add_uint("ethertype", 0xFFF0, btbb_handle); 572 573 btlmp_handle = find_dissector("btlmp"); 574 btl2cap_handle = find_dissector("btl2cap"); 575 576 inited = TRUE; 577 } 578 } 579 580 /* 581 * Editor modelines - http://www.wireshark.org/tools/modelines.html 582 * 583 * Local variables: 584 * c-basic-offset: 4 585 * tab-width: 8 586 * indent-tabs-mode: nil 587 * End: 588 * 589 * vi: set shiftwidth=4 tabstop=8 expandtab: 590 * :indentSize=4:tabSize=8:noTabs=true: 591 */ 592