1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
|
/* packet-bluetooth.h
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#ifndef __PACKET_BLUETOOTH_H__
#define __PACKET_BLUETOOTH_H__
#include <epan/packet.h>
#include "packet-usb.h"
#include "packet-ubertooth.h"
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
#define PROTO_DATA_BLUETOOTH_SERVICE_UUID 0
#define BLUETOOTH_DATA_SRC 0
#define BLUETOOTH_DATA_DST 1
#define HCI_H4_TYPE_CMD 0x01
#define HCI_H4_TYPE_ACL 0x02
#define HCI_H4_TYPE_SCO 0x03
#define HCI_H4_TYPE_EVT 0x04
#define HCI_H4_TYPE_ISO 0x05
#define HCI_OGF_LINK_CONTROL 0x01
#define HCI_OGF_LINK_POLICY 0x02
#define HCI_OGF_HOST_CONTROLLER 0x03
#define HCI_OGF_INFORMATIONAL 0x04
#define HCI_OGF_STATUS 0x05
#define HCI_OGF_TESTING 0x06
#define HCI_OGF_LOW_ENERGY 0x08
#define HCI_OGF_LOGO_TESTING 0x3e
#define HCI_OGF_VENDOR_SPECIFIC 0x3f
#define HCI_VENDOR_DEFAULT 0
#define DID_VENDOR_ID_SOURCE_BLUETOOTH_SIG 1
#define DID_VENDOR_ID_SOURCE_USB_FORUM 2
#define ACCESS_ADDRESS_ADVERTISING 0x8e89bed6
extern int proto_bluetooth;
extern const value_string bluetooth_address_type_vals[];
#define STATUS_SUCCESS 0x00
#define UUID_GATT_PRIMARY_SERVICE_DECLARATION 0x2800
#define UUID_GATT_SECONDARY_SERVICE_DECLARATION 0x2801
#define UUID_GATT_INCLUDE_DECLARATION 0x2802
#define UUID_GATT_CHARACTERISTIC_DECLARATION 0x2803
/* We support Bluetooth over various interfaces, interface_id and adapter_id
is used to decode further payload. Case: there is a host. Host has X
interfaces. Each interface has Y adapter. Each adapter has ACL handle or
L2CAP CID. ACL handle has L2CAP CID and/or L2CAP PSM. L2CAP CID or
L2CAP PSM has RFCOMM channel or other end-protocol like OBEX, AVRCP, HID,
AVDTP, BNEP etc. RFCOMM channel has end-protocol like OBEX, HFP, etc.
Important note: correct payload decoding should store needed data using
key contain interface_id, adapter_id, ..., last_channel_type (for example
RFCOMM channel, transaction_id, frame number etc. )
interface_id - interface id provided by Wireshark, see "frame.interface_id",
in case where is only one interface id HCI_INTERFACE_DEFAULT
is used (for example open BTSNOOP file with HCI H4 protocol)
adapter_id - identified Bluetooth device (interface, for example Linux
hci0, hci1, etc.)
*/
#define HCI_INTERFACE_DEFAULT 0
#define HCI_ADAPTER_DEFAULT 0
typedef enum {
BT_PD_NONE, /* no protocol data */
BT_PD_BTHCI, /* struct bthci_phdr * */
BT_PD_BTMON, /* struct btmon_phdr * */
BT_PD_URB_INFO, /* urb_info_t * */
BT_PD_UBERTOOTH_DATA /* ubertooth_data_t * */
} bt_protocol_data_type;
/* chandle_sessions: interface_id + adapter_id + connection_handle + frame_number -> connect_in_frame, disconnect_in_frame */
/* chandle_to_bdaddr: interface_id + adapter_id + connection_handle + frame_number -> bd_addr[6] */
/* chandle_to_mode: interface_id + adapter_id + connection_handle + frame_number -> mode */
/* shandle_to_chandle: interface_id + adapter_id + stream_handle + frame_number -> connection_handle */
/* bdaddr_to_name: bd_addr[6] + frame_number -> name */
/* bdaddr_to_role: bd_addr[6] + frame_number -> role */
/* localhost_bdaddr: interface_id + adapter_id + frame_number -> bd_addr[6] */
/* localhost_name: interface_id + adapter_id + frame_number -> name */
typedef struct _bluetooth_data_t {
uint32_t interface_id;
uint32_t adapter_id;
uint32_t *adapter_disconnect_in_frame;
wmem_tree_t *chandle_sessions;
wmem_tree_t *chandle_to_bdaddr;
wmem_tree_t *chandle_to_mode;
wmem_tree_t *shandle_to_chandle;
wmem_tree_t *bdaddr_to_name;
wmem_tree_t *bdaddr_to_role;
wmem_tree_t *localhost_bdaddr;
wmem_tree_t *localhost_name;
wmem_tree_t *hci_vendors;
bt_protocol_data_type previous_protocol_data_type;
union {
void *none;
struct bthci_phdr *bthci;
struct btmon_phdr *btmon;
urb_info_t *urb;
ubertooth_data_t *ubertooth_data;
} previous_protocol_data;
} bluetooth_data_t;
#define BT_LINK_TYPE_UNKNOWN 0
#define BT_LINK_TYPE_ACL 1
#define BT_LINK_TYPE_SCO 2
#define BT_LINK_TYPE_LL 3
#define BT_LINK_TYPE_ISO 4
typedef struct _chandle_session_t {
uint32_t connect_in_frame;
uint32_t disconnect_in_frame;
uint32_t link_type;
} chandle_session_t;
typedef struct _remote_bdaddr_t {
uint32_t interface_id;
uint32_t adapter_id;
uint16_t chandle;
uint8_t bd_addr[6];
} remote_bdaddr_t;
typedef struct _device_name_t {
uint32_t bd_addr_oui;
uint32_t bd_addr_id;
char *name;
} device_name_t;
typedef struct _device_role_t {
uint32_t role;
uint32_t change_in_frame;
} device_role_t;
typedef struct _connection_mode_t {
int32_t mode;
uint32_t change_in_frame;
} connection_mode_t;
typedef struct _stream_connection_handle_pair_t {
int32_t chandle;
uint32_t change_in_frame;
} stream_connection_handle_pair_t;
#define ROLE_UNKNOWN 0
#define ROLE_CENTRAL 1
#define ROLE_PERIPHERAL 2
typedef struct _localhost_bdaddr_entry_t {
uint32_t interface_id;
uint32_t adapter_id;
uint8_t bd_addr[6];
} localhost_bdaddr_entry_t;
typedef struct _localhost_name_entry_t {
uint32_t interface_id;
uint32_t adapter_id;
char *name;
} localhost_name_entry_t;
typedef struct _bluetooth_tap_data_t {
uint32_t interface_id;
uint32_t adapter_id;
} bluetooth_tap_data_t;
typedef struct _hci_vendor_data_t {
uint16_t manufacturer;
uint16_t hci_revision;
uint16_t lmp_subversion;
uint32_t change_in_frame;
struct _hci_vendor_data_t *previous;
} hci_vendor_data_t;
typedef struct _uuid_t {
uint16_t bt_uuid;
uint8_t size;
uint8_t data[16];
} bluetooth_uuid_t;
enum bluetooth_device_type {
BLUETOOTH_DEVICE_BD_ADDR,
BLUETOOTH_DEVICE_NAME,
BLUETOOTH_DEVICE_LOCAL_ADAPTER,
BLUETOOTH_DEVICE_LOCAL_VERSION,
BLUETOOTH_DEVICE_REMOTE_VERSION,
BLUETOOTH_DEVICE_RESET,
BLUETOOTH_DEVICE_SCAN,
BLUETOOTH_DEVICE_VOICE_SETTING,
BLUETOOTH_DEVICE_AUTHENTICATION,
BLUETOOTH_DEVICE_ENCRYPTION,
BLUETOOTH_DEVICE_CLASS_OF_DEVICE,
BLUETOOTH_DEVICE_SIMPLE_PAIRING_MODE,
BLUETOOTH_DEVICE_PAGE_TIMEOUT,
BLUETOOTH_DEVICE_INQUIRY_MODE,
BLUETOOTH_DEVICE_MTUS,
BLUETOOTH_DEVICE_LE_MTU
};
typedef struct _bluetooth_device_tap_t {
uint32_t interface_id;
uint32_t adapter_id;
bool is_local;
bool has_bd_addr;
uint8_t bd_addr[6];
enum bluetooth_device_type type;
union {
char *name;
struct {
uint8_t hci_version;
uint16_t hci_revision;
uint8_t lmp_version;
uint16_t lmp_subversion;
uint16_t manufacturer;
} local_version;
struct {
uint8_t lmp_version;
uint16_t lmp_subversion;
uint16_t manufacturer;
} remote_version;
uint8_t scan;
uint16_t page_timeout;
uint8_t authentication;
uint8_t encryption;
uint32_t class_of_device;
uint16_t voice_setting;
uint8_t simple_pairing_mode;
uint8_t inquiry_mode;
struct {
uint16_t acl_mtu;
uint8_t sco_mtu;
uint16_t acl_packets;
uint16_t sco_packets;
} mtus;
struct {
uint16_t acl_mtu;
uint16_t iso_mtu;
uint16_t acl_packets;
uint16_t iso_packets;
} le_mtus;
} data;
} bluetooth_device_tap_t;
enum bluetooth_hci_summary_type {
BLUETOOTH_HCI_SUMMARY_OPCODE,
BLUETOOTH_HCI_SUMMARY_EVENT_OPCODE,
BLUETOOTH_HCI_SUMMARY_EVENT,
BLUETOOTH_HCI_SUMMARY_SUBEVENT,
BLUETOOTH_HCI_SUMMARY_VENDOR_OPCODE,
BLUETOOTH_HCI_SUMMARY_VENDOR_EVENT_OPCODE,
BLUETOOTH_HCI_SUMMARY_VENDOR_EVENT,
BLUETOOTH_HCI_SUMMARY_STATUS,
BLUETOOTH_HCI_SUMMARY_STATUS_PENDING,
BLUETOOTH_HCI_SUMMARY_REASON,
BLUETOOTH_HCI_SUMMARY_HARDWARE_ERROR
};
typedef struct _bluetooth_hci_summary_tap_t {
uint32_t interface_id;
uint32_t adapter_id;
uint16_t ocf;
uint8_t ogf;
uint8_t event;
uint8_t subevent;
uint8_t status;
uint8_t reason;
uint8_t hardware_error;
const char *name;
enum bluetooth_hci_summary_type type;
} bluetooth_hci_summary_tap_t;
typedef struct _bluetooth_eir_ad_data_t {
uint32_t interface_id;
uint32_t adapter_id;
uint8_t *bd_addr;
} bluetooth_eir_ad_data_t;
extern int bluetooth_device_tap;
extern int bluetooth_hci_summary_tap;
WS_DLL_PUBLIC const value_string bluetooth_uuid_vals[];
extern dissector_table_t bluetooth_uuid_table;
WS_DLL_PUBLIC wmem_tree_t *bluetooth_uuids;
WS_DLL_PUBLIC value_string_ext bluetooth_uuid_vals_ext;
WS_DLL_PUBLIC value_string_ext bluetooth_company_id_vals_ext;
extern uint32_t bluetooth_max_disconnect_in_frame;
extern int dissect_bd_addr(int hf_bd_addr, packet_info *pinfo, proto_tree *tree,
tvbuff_t *tvb, int offset, bool is_local_bd_addr,
uint32_t interface_id, uint32_t adapter_id, uint8_t *bdaddr);
extern void bluetooth_unit_1p25_ms(char *buf, uint32_t value);
extern void bluetooth_unit_0p125_ms(char *buf, uint32_t value);
extern bluetooth_uuid_t get_bluetooth_uuid(tvbuff_t *tvb, int offset, int size);
WS_DLL_PUBLIC const char *print_bluetooth_uuid(wmem_allocator_t *pool, bluetooth_uuid_t *uuid);
WS_DLL_PUBLIC const char *print_numeric_bluetooth_uuid(wmem_allocator_t *pool, bluetooth_uuid_t *uuid);
extern void save_local_device_name_from_eir_ad(tvbuff_t *tvb, int offset,
packet_info *pinfo, uint8_t size, bluetooth_data_t *bluetooth_data);
WS_DLL_PUBLIC bluetooth_data_t *
dissect_bluetooth_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 4
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* vi: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/
|
