search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-btbredr_rf.c
blob162053bde90822ba30de6ef8db6a3450f09a0778
1 /* packet-btbredr_rf.c
2 * Routines for Bluetooth Pseudoheader for BR/EDR Baseband
3 *
4 * Copyright 2020, Thomas Sailer <t.sailer@alumni.ethz.ch>
5 * Copyright 2014, Michal Labedzki for Tieto Corporation
6 * Copyright 2014, Dominic Spill <dominicgs@gmail.com>
7 *
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
11 *
12 * SPDX-License-Identifier: GPL-2.0-or-later
13 */
14
15 #include "config.h"
16
17 #include <epan/packet.h>
18 #include <epan/expert.h>
19 #include <epan/proto_data.h>
20 #include <epan/reassemble.h>
21
22 #include <wiretap/wtap.h>
23
24 #include "packet-bluetooth.h"
25 #include "packet-btbredr_rf.h"
26 #include "packet-bthci_acl.h"
27
28 /*
29 * Future Improvements:
30 * - De-Whiten if the capture hardware did not already do it and we have the UAP
31 */
32
33 static int proto_btbredr_rf;
34 static int proto_btbredr_fhs;
35
36 static int hf_rf_channel;
37 static int hf_uncertain_rf_channel;
38 static int hf_signal_power;
39 static int hf_invalid_signal_power;
40 static int hf_noise_power;
41 static int hf_invalid_noise_power;
42 static int hf_access_address_offenses;
43 static int hf_payload_transport_rate;
44 static int hf_payload_transport_rate_payload;
45 static int hf_payload_transport_rate_transport;
46 static int hf_payload_transport_rate_ignored;
47 static int hf_corrected_header_bits;
48 static int hf_corrected_payload_bits;
49 static int hf_lower_address_part;
50 static int hf_reference_lower_address_part;
51 static int hf_invalid_reference_lower_address_part;
52 static int hf_reference_upper_addres_part;
53 static int hf_invalid_reference_upper_addres_part;
54 static int hf_whitened_packet_header;
55 static int hf_invalid_packet_header;
56 static int hf_packet_header;
57 static int hf_packet_header_reserved;
58 static int hf_packet_header_lt_addr;
59 static int hf_packet_header_type;
60 static int hf_packet_header_type_any;
61 static int hf_packet_header_type_sco_br;
62 static int hf_packet_header_type_esco_br;
63 static int hf_packet_header_type_esco_edr;
64 static int hf_packet_header_type_acl_br;
65 static int hf_packet_header_type_acl_edr;
66 static int hf_packet_header_type_cpb_br;
67 static int hf_packet_header_type_cpb_edr;
68 static int hf_packet_header_flow_control;
69 static int hf_packet_header_acknowledge_indication;
70 static int hf_packet_header_sequence_number;
71 static int hf_packet_header_header_error_check;
72 static int hf_packet_header_broken_lt_addr;
73 static int hf_packet_header_broken_type;
74 static int hf_packet_header_broken_type_any;
75 static int hf_packet_header_broken_type_sco_br;
76 static int hf_packet_header_broken_type_esco_br;
77 static int hf_packet_header_broken_type_esco_edr;
78 static int hf_packet_header_broken_type_acl_br;
79 static int hf_packet_header_broken_type_acl_edr;
80 static int hf_packet_header_broken_type_cpb_br;
81 static int hf_packet_header_broken_type_cpb_edr;
82 static int hf_packet_header_broken_flow_control;
83 static int hf_packet_header_broken_acknowledge_indication;
84 static int hf_packet_header_broken_sequence_number;
85 static int hf_packet_header_broken_header_error_check;
86 static int hf_flags;
87 static int hf_flags_reserved_15_14;
88 static int hf_flags_mic_pass;
89 static int hf_flags_mic_checked;
90 static int hf_flags_crc_pass;
91 static int hf_flags_crc_checked;
92 static int hf_flags_hec_pass;
93 static int hf_flags_hec_checked;
94 static int hf_flags_reference_upper_addres_part_valid;
95 static int hf_flags_rf_channel_aliasing;
96 static int hf_flags_br_edr_data_present;
97 static int hf_flags_reference_lower_address_part_valid;
98 static int hf_flags_bredr_payload_decrypted;
99 static int hf_flags_noise_power_valid;
100 static int hf_flags_signal_power_valid;
101 static int hf_flags_packet_header_and_br_edr_payload_dewhitened;
102 static int hf_whitened_data;
103 static int hf_encrypted_data;
104 static int hf_data;
105 static int hf_isochronous_data;
106 static int hf_asynchronous_data;
107 static int hf_l2cap_fragment;
108 static int hf_crc;
109 static int hf_payload_header2;
110 static int hf_payload_header2_llid;
111 static int hf_payload_header2_flow;
112 static int hf_payload_header2_length;
113 static int hf_payload_header2_rfu;
114 static int hf_payload_header1;
115 static int hf_payload_header1_llid;
116 static int hf_payload_header1_flow;
117 static int hf_payload_header1_length;
118 static int hf_l2cap_msg_fragments;
119 static int hf_l2cap_msg_fragment;
120 static int hf_l2cap_msg_fragment_overlap;
121 static int hf_l2cap_msg_fragment_overlap_conflicts;
122 static int hf_l2cap_msg_fragment_multiple_tails;
123 static int hf_l2cap_msg_fragment_too_long_fragment;
124 static int hf_l2cap_msg_fragment_error;
125 static int hf_l2cap_msg_fragment_count;
126 static int hf_l2cap_msg_reassembled_in;
127 static int hf_l2cap_msg_reassembled_length;
128 static int hf_fhs_parity;
129 static int hf_fhs_lap;
130 static int hf_fhs_eir;
131 static int hf_fhs_reserved;
132 static int hf_fhs_sr;
133 static int hf_fhs_sp;
134 static int hf_fhs_uap;
135 static int hf_fhs_nap;
136 static int hf_fhs_class;
137 static int hf_fhs_ltaddr;
138 static int hf_fhs_clk;
139 static int hf_fhs_pagescanmode;
140
141 #define FLAGS_MIC_PASS 0x2000
142 #define FLAGS_MIC_CHECKED 0x1000
143 #define FLAGS_CRC_PASS 0x0800
144 #define FLAGS_CRC_CHECKED 0x0400
145 #define FLAGS_HEC_PASS 0x0200
146 #define FLAGS_HEC_CHECKED 0x0100
147 #define FLAGS_REFERENCE_UPPER_ADDRES_PART_VALID 0x0080
148 #define FLAGS_RF_CHANNEL_ALIASING 0x0040
149 #define FLAGS_BR_EDR_DATA_PRESENT 0x0020
150 #define FLAGS_REFERENCE_LOWER_ADDRESS_PART_VALID 0x0010
151 #define FLAGS_BREDR_PAYLOAD_DECRYPTED 0x0008
152 #define FLAGS_NOISE_POWER_VALID 0x0004
153 #define FLAGS_SIGNAL_POWER_VALID 0x0002
154 #define FLAGS_PACKET_HEADER_AND_BR_EDR_PAYLOAD_DEWHITENED 0x0001
155
156 static int * const hfx_payload_transport_rate[] = {
157 &hf_payload_transport_rate_payload,
158 &hf_payload_transport_rate_transport,
159 NULL
160 };
161
162 static expert_field ei_unexpected_data;
163 static expert_field ei_reserved_not_zero;
164 static expert_field ei_incorrect_packet_header_or_hec;
165 static expert_field ei_packet_header_with_hec_not_checked;
166 static expert_field ei_broken_packet_header_format;
167 static expert_field ei_incorrect_crc;
168 static expert_field ei_missing_fragment_start;
169 static expert_field ei_esco_incorrect_ltaddr;
170 static expert_field ei_esco_incorrect_length;
171
172 static int ett_btbredr_rf;
173 static int ett_flags;
174 static int ett_payload_transport_rate;
175 static int ett_packet_header;
176 static int ett_bluetooth_header;
177 static int ett_payload_header;
178 static int ett_l2cap_msg_fragment;
179 static int ett_l2cap_msg_fragments;
180 static int ett_btbredr_fhs;
181
182 static dissector_table_t packet_type_sco_br_table;
183 static dissector_table_t packet_type_esco_br_table;
184 static dissector_table_t packet_type_esco_edr_table;
185 static dissector_table_t packet_type_acl_br_table;
186 static dissector_table_t packet_type_acl_edr_table;
187 static dissector_table_t packet_type_cpb_br_table;
188 static dissector_table_t packet_type_cpb_edr_table;
189
190 static dissector_handle_t btlmp_handle;
191 static dissector_handle_t btl2cap_handle;
192
193 static dissector_handle_t btbredr_rf_handle;
194 static dissector_handle_t btbredr_fhs_handle;
195
196 static wmem_tree_t *connection_info_tree;
197 static wmem_tree_t *device_info_tree;
198
199 typedef struct _device_info_t {
200 uint32_t interface_id;
201 uint32_t adapter_id;
202 uint8_t bd_addr[6];
203 int8_t dir;
204 } device_info_t;
205
206 #define BDADDR_CENTRAL 0
207 #define BDADDR_PERIPHERAL 1
208
209 typedef struct _btbredr_frame_info_t {
210 unsigned retransmit : 1; /* 0 = No, 1 = Retransmitted frame */
211 unsigned ack : 1; /* 0 = Nack, 1 = Ack */
212 unsigned more_fragments : 1; /* 0 = Last fragment, 1 = More fragments */
213 unsigned missing_start : 1; /* 0 = No, 1 = Missing fragment start */
214 uint32_t l2cap_index; /* Unique identifier for each L2CAP message */
215 } btbredr_frame_info_t;
216
217 typedef struct {
218 bluetooth_data_t *bluetooth_data;
219 connection_info_t *connection_info;
220 device_info_t *device_info;
221 } btbredr_fhs_data_t;
222
223 static const uint8_t null_bd_addr[6] = { 0, 0, 0, 0, 0, 0 };
224
225 /* Reassembly */
226 static reassembly_table l2cap_msg_reassembly_table;
227
228 static const fragment_items l2cap_msg_frag_items = {
229 /* Fragment subtrees */
230 &ett_l2cap_msg_fragment,
231 &ett_l2cap_msg_fragments,
232 /* Fragment fields */
233 &hf_l2cap_msg_fragments,
234 &hf_l2cap_msg_fragment,
235 &hf_l2cap_msg_fragment_overlap,
236 &hf_l2cap_msg_fragment_overlap_conflicts,
237 &hf_l2cap_msg_fragment_multiple_tails,
238 &hf_l2cap_msg_fragment_too_long_fragment,
239 &hf_l2cap_msg_fragment_error,
240 &hf_l2cap_msg_fragment_count,
241 /* Reassembled in field */
242 &hf_l2cap_msg_reassembled_in,
243 /* Reassembled length field */
244 &hf_l2cap_msg_reassembled_length,
245 /* Reassembled data field */
246 NULL,
247 /* Tag */
248 "BT BR/EDR L2CAP fragments"
249 };
250
251 static const value_string payload_transport_rate_transport_vals[] = {
252 { 0x00, "Any" },
253 { 0x01, "SCO" },
254 { 0x02, "eSCO" },
255 { 0x03, "ACL" },
256 { 0x04, "CPB" },
257 { 0, NULL }
258 };
259
260 #define TRANSPORT_ANY 0x00
261 #define TRANSPORT_SCO 0x10
262 #define TRANSPORT_eSCO 0x20
263 #define TRANSPORT_ACL 0x30
264 #define TRANSPORT_CPB 0x40
265
266
267 static const value_string payload_transport_rate_payload_vals[] = {
268 { 0x00, "Basic Rate with GFSK demodulation" },
269 { 0x01, "Enhanced Data Rate with PI/2-DQPSK demodulation" },
270 { 0x02, "Enhanced Data Rate with 8DPSK demodulation" },
271 { 0, NULL }
272 };
273
274 static const value_string payload_transport_rate_payload_abbrev_vals[] = {
275 { 0x00, "BR 1Mbps" },
276 { 0x01, "EDR 2Mbps" },
277 { 0x02, "EDR 3Mbps" },
278 { 0, NULL }
279 };
280
281 #define PAYLOAD_BR 0x00
282 #define PAYLOAD_EDR_2 0x01
283 #define PAYLOAD_EDR_3 0x02
284
285 #define PACKET_TYPE_UNKNOWN -1
286
287 static const value_string packet_type_any_vals[] = {
288 { 0x00, "NULL" },
289 { 0x01, "POLL" },
290 { 0x02, "FHS" },
291 { 0x03, "DM1" },
292 { 0x04, "DH1/2-DH1" },
293 { 0x05, "HV1" },
294 { 0x06, "HV2/2-EV3" },
295 { 0x07, "HV3/EV3/3-EV3" },
296 { 0x08, "DV/3-DH1" },
297 { 0x09, "AUX1" },
298 { 0x0A, "DM3/2-DH3" },
299 { 0x0B, "DH3/3-DH3" },
300 { 0x0C, "EV4/2-EV5" },
301 { 0x0D, "EV5/3-EV5" },
302 { 0x0E, "DM5/2-DH5" },
303 { 0x0F, "DH5/3-DH5" },
304 { 0, NULL }
305 };
306
307 static const value_string packet_type_sco_br_vals[] = {
308 { 0x00, "NULL" },
309 { 0x01, "POLL" },
310 { 0x02, "FHS" },
311 { 0x03, "DM1" },
312 { 0x04, "undefined" },
313 { 0x05, "HV1" },
314 { 0x06, "HV2" },
315 { 0x07, "HV3" },
316 { 0x08, "DV" },
317 { 0x09, "undefined" },
318 { 0x0A, "undefined" },
319 { 0x0B, "undefined" },
320 { 0x0C, "undefined" },
321 { 0x0D, "undefined" },
322 { 0x0E, "undefined" },
323 { 0x0F, "undefined" },
324 { 0, NULL }
325 };
326
327 static const value_string packet_type_esco_br_vals[] = {
328 { 0x00, "NULL" },
329 { 0x01, "POLL" },
330 { 0x02, "reserved" },
331 { 0x03, "reserved" },
332 { 0x04, "undefined" },
333 { 0x05, "undefined" },
334 { 0x06, "undefined" },
335 { 0x07, "EV3" },
336 { 0x08, "undefined" },
337 { 0x09, "undefined" },
338 { 0x0A, "undefined" },
339 { 0x0B, "undefined" },
340 { 0x0C, "EV4" },
341 { 0x0D, "EV5" },
342 { 0x0E, "undefined" },
343 { 0x0F, "undefined" },
344 { 0, NULL }
345 };
346
347 static const value_string packet_type_esco_edr_vals[] = {
348 { 0x00, "NULL" },
349 { 0x01, "POLL" },
350 { 0x02, "reserved" },
351 { 0x03, "reserved" },
352 { 0x04, "undefined" },
353 { 0x05, "undefined" },
354 { 0x06, "2-EV3" },
355 { 0x07, "3-EV3" },
356 { 0x08, "undefined" },
357 { 0x09, "undefined" },
358 { 0x0A, "undefined" },
359 { 0x0B, "undefined" },
360 { 0x0C, "2-EV5" },
361 { 0x0D, "3-EV5" },
362 { 0x0E, "undefined" },
363 { 0x0F, "undefined" },
364 { 0, NULL }
365 };
366
367 static const value_string packet_type_acl_br_vals[] = {
368 { 0x00, "NULL" },
369 { 0x01, "POLL" },
370 { 0x02, "FHS" },
371 { 0x03, "DM1" },
372 { 0x04, "DH1" },
373 { 0x05, "undefined" },
374 { 0x06, "undefined" },
375 { 0x07, "undefined" },
376 { 0x08, "undefined" },
377 { 0x09, "AUX1" },
378 { 0x0A, "DM3" },
379 { 0x0B, "DH3" },
380 { 0x0C, "undefined" },
381 { 0x0D, "undefined" },
382 { 0x0E, "DM5" },
383 { 0x0F, "DH5" },
384 { 0, NULL }
385 };
386
387 static const value_string packet_type_acl_edr_vals[] = {
388 { 0x00, "NULL" },
389 { 0x01, "POLL" },
390 { 0x02, "FHS" },
391 { 0x03, "DM1" },
392 { 0x04, "2-DH1" },
393 { 0x05, "undefined" },
394 { 0x06, "undefined" },
395 { 0x07, "undefined" },
396 { 0x08, "3-DH1" },
397 { 0x09, "AUX1" },
398 { 0x0A, "2-DH3" },
399 { 0x0B, "3-DH3" },
400 { 0x0C, "undefined" },
401 { 0x0D, "undefined" },
402 { 0x0E, "2-DH5" },
403 { 0x0F, "3-DH5" },
404 { 0, NULL }
405 };
406
407 static const value_string packet_type_cpb_br_vals[] = {
408 { 0x00, "NULL" },
409 { 0x01, "reserved" },
410 { 0x02, "reserved" },
411 { 0x03, "DM1" },
412 { 0x04, "DH1" },
413 { 0x05, "undefined" },
414 { 0x06, "undefined" },
415 { 0x07, "undefined" },
416 { 0x08, "undefined" },
417 { 0x09, "undefined" },
418 { 0x0A, "DM3" },
419 { 0x0B, "DH3" },
420 { 0x0C, "undefined" },
421 { 0x0D, "undefined" },
422 { 0x0E, "DM5" },
423 { 0x0F, "DH5" },
424 { 0, NULL }
425 };
426
427 static const value_string packet_type_cpb_edr_vals[] = {
428 { 0x00, "NULL" },
429 { 0x01, "reserved" },
430 { 0x02, "reserved" },
431 { 0x03, "DM1" },
432 { 0x04, "2-DH1" },
433 { 0x05, "undefined" },
434 { 0x06, "undefined" },
435 { 0x07, "undefined" },
436 { 0x08, "3-DH1" },
437 { 0x09, "undefined" },
438 { 0x0A, "2-DH3" },
439 { 0x0B, "3-DH3" },
440 { 0x0C, "undefined" },
441 { 0x0D, "undefined" },
442 { 0x0E, "2-DH5" },
443 { 0x0F, "3-DH5" },
444 { 0, NULL }
445 };
446
447 static const val64_string fhs_scan_repetition_vals[] = {
448 { 0x00, "R0" },
449 { 0x01, "R1" },
450 { 0x02, "R2" },
451 { 0, NULL }
452 };
453
454 static const value_string fhs_page_scan_mode_vals[] = {
455 { 0x00, "Mandatory Scan Mode" },
456 { 0, NULL }
457 };
458
459 void proto_register_btbredr_rf(void);
460 void proto_reg_handoff_btbredr_rf(void);
461
462 static uint8_t
463 reverse_bits(uint8_t value)
464 {
465 value = ((value >> 1) & 0x55) | ((value << 1) & 0xaa);
466 value = ((value >> 2) & 0x33) | ((value << 2) & 0xcc);
467 value = ((value >> 4) & 0x0f) | ((value << 4) & 0xf0);
468 return value;
469 }
470
471 static bool
472 broken_check_hec(uint8_t uap, uint32_t header)
473 {
474 uint8_t hec;
475 uint16_t header_data;
476 uint8_t lfsr;
477 int8_t i;
478
479 hec = header & 0xFF;
480 header_data = (header >> 8) & 0x3F;
481
482 lfsr = uap;
483
484 for (i = 9; i >= 0; i -= 1) {
485 if (lfsr & 0x80)
486 lfsr ^= 0x65;
487
488 lfsr = (lfsr << 1) | (((lfsr >> 7) ^ (header_data >> i)) & 0x01);
489 }
490
491 lfsr = reverse_bits(lfsr);
492
493 return lfsr == hec;
494 }
495
496 static bool
497 check_hec(uint8_t uap, uint32_t header)
498 {
499 static const uint32_t crc_poly_rev_bt_hec = 0xe5;
500 header &= 0x3ffff;
501 header ^= reverse_bits(uap) & 0xff;
502 for (unsigned i = 0; i < 10; ++i, header >>= 1)
503 if (header & 1)
504 header ^= (crc_poly_rev_bt_hec << 1);
505 return !header;
506 }
507
508 static bool
509 check_crc(uint8_t uap, tvbuff_t *tvb, int offset, int len)
510 {
511 static const uint16_t crc_poly_rev_bt_pdu = 0x8408;
512 uint16_t crc = reverse_bits(uap);
513 crc <<= 8;
514 for (; len > 0; --len, ++offset) {
515 crc ^= tvb_get_uint8(tvb, offset) & 0xff;
516 for (unsigned i = 0; i < 8; ++i) {
517 uint16_t x = crc & 1;
518 crc >>= 1;
519 crc ^= crc_poly_rev_bt_pdu & -x;
520 }
521 }
522 return !crc;
523 }
524
525 static uint32_t
526 extract_lap(const uint8_t bd_addr[6])
527 {
528 uint32_t lap = bd_addr[3];
529 lap <<= 8;
530 lap |= bd_addr[4];
531 lap <<= 8;
532 lap |= bd_addr[5];
533 return lap;
534 }
535
536 static bool
537 is_reserved_lap(uint32_t lap)
538 {
539 return (lap >= 0x9e8b00) && (lap <= 0x9e8b3f);
540 }
541
542 static connection_info_t *
543 lookup_connection_info(uint32_t interface_id, uint32_t adapter_id, uint32_t lap, uint32_t ltaddr, uint32_t pktnum)
544 {
545 connection_info_t *cinfo;
546 wmem_tree_key_t key[6];
547 key[0].length = 1;
548 key[0].key = &interface_id;
549 key[1].length = 1;
550 key[1].key = &adapter_id;
551 key[2].length = 1;
552 key[2].key = &lap;
553 key[3].length = 1;
554 key[3].key = &ltaddr;
555 key[4].length = 1;
556 key[4].key = &pktnum;
557 key[5].length = 0;
558 key[5].key = NULL;
559 cinfo = (connection_info_t *) wmem_tree_lookup32_array_le(connection_info_tree, key);
560 if (!cinfo)
561 return NULL;
562 if (cinfo->interface_id != interface_id || cinfo->adapter_id != adapter_id ||
563 extract_lap(cinfo->bd_addr[BDADDR_CENTRAL]) != lap || cinfo->lt_addr != ltaddr)
564 return NULL;
565 return cinfo;
566 }
567
568 connection_info_t *
569 btbredr_rf_add_esco_link(connection_info_t *cinfo, packet_info *pinfo, uint8_t handle, uint32_t ltaddr, uint16_t pktszms, uint16_t pktszsm)
570 {
571 connection_info_t *ecinfo;
572 uint32_t lap;
573 wmem_tree_key_t key[6];
574 if (!cinfo || !pinfo || ltaddr >= 8 || !ltaddr)
575 return NULL;
576 lap = extract_lap(cinfo->bd_addr[BDADDR_CENTRAL]);
577 ecinfo = lookup_connection_info(cinfo->interface_id, cinfo->adapter_id, lap, ltaddr, pinfo->num);
578 if (ecinfo && (memcmp(cinfo->bd_addr[BDADDR_CENTRAL], ecinfo->bd_addr[BDADDR_CENTRAL], 6) ||
579 memcmp(cinfo->bd_addr[BDADDR_PERIPHERAL], ecinfo->bd_addr[BDADDR_PERIPHERAL], 6) ||
580 !ecinfo->esco || ecinfo->escohandle != handle || ecinfo->escosize[0] != pktszms ||
581 ecinfo->escosize[1] != pktszsm))
582 ecinfo = NULL;
583 if (ecinfo)
584 return ecinfo;
585 ecinfo = wmem_new0(wmem_file_scope(), connection_info_t);
586 ecinfo->interface_id = cinfo->interface_id;
587 ecinfo->adapter_id = cinfo->adapter_id;
588 ecinfo->lt_addr = ltaddr;
589 ecinfo->timestamp = cinfo->timestamp;
590 ecinfo->btclock = cinfo->btclock;
591 memcpy(ecinfo->bd_addr[BDADDR_CENTRAL], cinfo->bd_addr[BDADDR_CENTRAL], 6);
592 memcpy(ecinfo->bd_addr[BDADDR_PERIPHERAL], cinfo->bd_addr[BDADDR_PERIPHERAL], 6);
593 ecinfo->escosize[0] = pktszms;
594 ecinfo->escosize[1] = pktszsm;
595 ecinfo->escohandle = handle;
596 ecinfo->esco = 1;
597 key[0].length = 1;
598 key[0].key = &cinfo->interface_id;
599 key[1].length = 1;
600 key[1].key = &cinfo->adapter_id;
601 key[2].length = 1;
602 key[2].key = &lap;
603 key[3].length = 1;
604 key[3].key = &ltaddr;
605 key[4].length = 1;
606 key[4].key = &pinfo->num;
607 key[5].length = 0;
608 key[5].key = NULL;
609 wmem_tree_insert32_array(connection_info_tree, key, ecinfo);
610 return ecinfo;
611 }
612
613 void
614 btbredr_rf_remove_esco_link(connection_info_t *cinfo, packet_info *pinfo, uint8_t handle)
615 {
616 connection_info_t *ecinfo;
617 uint32_t lap;
618 wmem_tree_key_t key[6];
619 if (!cinfo || !pinfo)
620 return;
621 lap = extract_lap(cinfo->bd_addr[BDADDR_CENTRAL]);
622 for (uint32_t ltaddr = 1; ltaddr < 8; ++ltaddr) {
623 ecinfo = lookup_connection_info(cinfo->interface_id, cinfo->adapter_id, lap, ltaddr, pinfo->num);
624 if (!ecinfo)
625 continue;
626 if (memcmp(cinfo->bd_addr[BDADDR_CENTRAL], ecinfo->bd_addr[BDADDR_CENTRAL], 6) ||
627 memcmp(cinfo->bd_addr[BDADDR_PERIPHERAL], ecinfo->bd_addr[BDADDR_PERIPHERAL], 6) ||
628 !ecinfo->esco || ecinfo->escohandle != handle)
629 continue;
630 key[0].length = 1;
631 key[0].key = &cinfo->interface_id;
632 key[1].length = 1;
633 key[1].key = &cinfo->adapter_id;
634 key[2].length = 1;
635 key[2].key = &lap;
636 key[3].length = 1;
637 key[3].key = &ltaddr;
638 key[4].length = 1;
639 key[4].key = &pinfo->num;
640 key[5].length = 0;
641 key[5].key = NULL;
642 wmem_tree_insert32_array(connection_info_tree, key, ecinfo);
643 }
644 }
645
646 static int
647 dissect_btbredr_rf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
648 {
649 proto_item *btbredr_rf_item;
650 proto_tree *btbredr_rf_tree;
651 proto_item *flags_item;
652 proto_tree *flags_tree;
653 proto_item *header_item = NULL;
654 proto_tree *header_tree;
655 proto_item *reserved_item;
656 proto_item *hec_item = NULL;
657 int offset = 0;
658 int hf_x;
659 int header_mode;
660 uint32_t interface_id;
661 uint32_t adapter_id;
662 uint16_t flags;
663 uint32_t lap;
664 uint8_t uap = 0;
665 uint32_t ltaddr = 0;
666 uint8_t payload_and_transport;
667 int16_t packet_type = PACKET_TYPE_UNKNOWN;
668 const char *packet_type_str = "Unknown";
669 dissector_table_t packet_type_table = NULL;
670 bool decrypted;
671 int isochronous_length = 0;
672 bool isochronous_crc = false;
673 bool isochronous_esco = false;
674 int data_length = 0;
675 int data_header = 0;
676 bool data_crc = false;
677 bool arqn = false;
678 bool seqn = false;
679 int direction = -1;
680 btbredr_frame_info_t *frame_info = NULL;
681 connection_info_t *connection_info = NULL;
682 device_info_t *device_info = NULL;
683 bluetooth_data_t *bluetooth_data = (bluetooth_data_t *) data;
684
685 if (bluetooth_data)
686 interface_id = bluetooth_data->interface_id;
687 else if (pinfo->rec->presence_flags & WTAP_HAS_INTERFACE_ID)
688 interface_id = pinfo->rec->rec_header.packet_header.interface_id;
689 else
690 interface_id = HCI_INTERFACE_DEFAULT;
691
692 if (bluetooth_data)
693 adapter_id = bluetooth_data->adapter_id;
694 else
695 adapter_id = HCI_ADAPTER_DEFAULT;
696
697 btbredr_rf_item = proto_tree_add_item(tree, proto_btbredr_rf, tvb, offset, -1, ENC_NA);
698 btbredr_rf_tree = proto_item_add_subtree(btbredr_rf_item, ett_btbredr_rf);
699
700 col_set_str(pinfo->cinfo, COL_PROTOCOL, "BT BR/EDR RF");
701
702 if (tvb_captured_length(tvb) >= 21) {
703 flags = tvb_get_uint16(tvb, 20, ENC_LITTLE_ENDIAN);
704 } else {
705 flags = 0;
706 }
707
708 if (flags & FLAGS_RF_CHANNEL_ALIASING)
709 hf_x = hf_uncertain_rf_channel;
710 else
711 hf_x = hf_rf_channel;
712 proto_tree_add_item(btbredr_rf_tree, hf_x, tvb, offset, 1, ENC_NA);
713 offset += 1;
714
715 if (flags & FLAGS_SIGNAL_POWER_VALID)
716 hf_x = hf_signal_power;
717 else
718 hf_x = hf_invalid_signal_power;
719 proto_tree_add_item(btbredr_rf_tree, hf_x, tvb, offset, 1, ENC_NA);
720 offset += 1;
721
722 if (flags & FLAGS_NOISE_POWER_VALID)
723 hf_x = hf_noise_power;
724 else
725 hf_x = hf_invalid_noise_power;
726 proto_tree_add_item(btbredr_rf_tree, hf_x, tvb, offset, 1, ENC_NA);
727 offset += 1;
728
729 proto_tree_add_item(btbredr_rf_tree, hf_access_address_offenses, tvb, offset, 1, ENC_NA);
730 offset += 1;
731
732 payload_and_transport = tvb_get_uint8(tvb, offset);
733
734 col_add_fstr(pinfo->cinfo, COL_INFO, "Transport: %s (%s), RF Channel: %s%2u",
735 val_to_str_const(payload_and_transport >> 4, payload_transport_rate_transport_vals, "Unknown"),
736 val_to_str_const(payload_and_transport & 0xF, payload_transport_rate_payload_abbrev_vals, "Unknown"),
737 (flags & FLAGS_RF_CHANNEL_ALIASING) ? "~" : "",
738 tvb_get_uint8(tvb, 0));
739
740 if (payload_and_transport == 0xFF)
741 proto_tree_add_item(btbredr_rf_tree, hf_payload_transport_rate_ignored, tvb, offset, 1, ENC_NA);
742 else
743 proto_tree_add_bitmask(btbredr_rf_tree, tvb, offset, hf_payload_transport_rate, ett_payload_transport_rate, hfx_payload_transport_rate, ENC_LITTLE_ENDIAN);
744 offset += 1;
745
746 proto_tree_add_item(btbredr_rf_tree, hf_corrected_header_bits, tvb, offset, 1, ENC_NA);
747 offset += 1;
748
749 proto_tree_add_item(btbredr_rf_tree, hf_corrected_payload_bits, tvb, offset, 2, ENC_LITTLE_ENDIAN);
750 offset += 2;
751
752 proto_tree_add_item(btbredr_rf_tree, hf_lower_address_part, tvb, offset, 4, ENC_LITTLE_ENDIAN);
753 lap = tvb_get_uint32(tvb, offset, ENC_LITTLE_ENDIAN) & 0xffffff;
754 offset += 4;
755
756 if (!is_reserved_lap(lap)) {
757 wmem_tree_key_t key[4];
758 key[0].length = 1;
759 key[0].key = &interface_id;
760 key[1].length = 1;
761 key[1].key = &adapter_id;
762 key[2].length = 1;
763 key[2].key = &lap;
764 key[3].length = 0;
765 key[3].key = NULL;
766
767 device_info = (device_info_t *) wmem_tree_lookup32_array(device_info_tree, key);
768 }
769
770 if (device_info) {
771 direction = (device_info->dir == pinfo->p2p_dir) ? BDADDR_CENTRAL : BDADDR_PERIPHERAL;
772 uap = device_info->bd_addr[2];
773 }
774
775 if (flags & FLAGS_REFERENCE_LOWER_ADDRESS_PART_VALID)
776 hf_x = hf_reference_lower_address_part;
777 else
778 hf_x = hf_invalid_reference_lower_address_part;
779 proto_tree_add_item(btbredr_rf_tree, hf_x, tvb, offset, 3, ENC_LITTLE_ENDIAN);
780 offset += 3;
781
782 if (flags & FLAGS_REFERENCE_UPPER_ADDRES_PART_VALID) {
783 hf_x = hf_reference_upper_addres_part;
784 uap = tvb_get_uint8(tvb, offset);
785 } else {
786 hf_x = hf_invalid_reference_upper_addres_part;
787 }
788 proto_tree_add_item(btbredr_rf_tree, hf_x, tvb, offset, 1, ENC_NA);
789 offset += 1;
790
791 {
792 uint32_t hdr = tvb_get_uint32(tvb, offset, ENC_LITTLE_ENDIAN);
793 bool have_uap = device_info || !!(flags & FLAGS_REFERENCE_UPPER_ADDRES_PART_VALID);
794 bool is_inquiry = is_reserved_lap(lap);
795 bool is_inquiry_fhs = is_inquiry && (((hdr >> 3) & 0x0f) == 2);
796 bool is_inquiry_broken_fhs = is_inquiry && (((hdr >> 11) & 0x0f) == 2);
797 if (is_inquiry && !(is_inquiry_fhs || is_inquiry_broken_fhs))
798 header_mode = -2;
799 else if (!(flags & FLAGS_PACKET_HEADER_AND_BR_EDR_PAYLOAD_DEWHITENED))
800 header_mode = -1;
801 else if ((have_uap || is_inquiry_fhs) && check_hec(is_inquiry_fhs ? 0 : uap, hdr))
802 header_mode = 1;
803 else if ((have_uap || is_inquiry_broken_fhs) && broken_check_hec(is_inquiry_broken_fhs ? 0 : uap, hdr))
804 header_mode = 2;
805 else if (!have_uap)
806 header_mode = -1;
807 else
808 header_mode = 0;
809 }
810
811 decrypted = !!(flags & FLAGS_BREDR_PAYLOAD_DECRYPTED);
812
813 if (header_mode == -1) {
814 proto_tree_add_item(btbredr_rf_tree, hf_whitened_packet_header, tvb, offset, 4, ENC_LITTLE_ENDIAN);
815 } else if (header_mode == -2) {
816 proto_tree_add_item(btbredr_rf_tree, hf_invalid_packet_header, tvb, offset, 4, ENC_LITTLE_ENDIAN);
817 } else if (header_mode == 2) {
818 // broken header format
819 header_item = proto_tree_add_item(btbredr_rf_tree, hf_packet_header, tvb, offset, 4, ENC_LITTLE_ENDIAN);
820 header_tree = proto_item_add_subtree(header_item, ett_bluetooth_header);
821
822 proto_tree_add_item(header_tree, hf_packet_header_reserved, tvb, offset, 4, ENC_LITTLE_ENDIAN);
823 proto_tree_add_item(header_tree, hf_packet_header_broken_lt_addr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
824 ltaddr = (tvb_get_uint32(tvb, offset, ENC_LITTLE_ENDIAN) >> 15) & 7;
825 arqn = (tvb_get_uint32(tvb, offset, ENC_LITTLE_ENDIAN) >> 9) & 1;
826 seqn = (tvb_get_uint32(tvb, offset, ENC_LITTLE_ENDIAN) >> 8) & 1;
827
828 if (payload_and_transport == (TRANSPORT_SCO | PAYLOAD_BR)) {
829 proto_tree_add_item(header_tree, hf_packet_header_broken_type_sco_br, tvb, offset, 4, ENC_LITTLE_ENDIAN);
830
831 packet_type = (tvb_get_uint8(tvb, offset + 1) >> 3) & 0xF;
832 packet_type_str = val_to_str_const(packet_type, packet_type_sco_br_vals, "Unknown");
833 packet_type_table = packet_type_sco_br_table;
834 } else if (payload_and_transport == (TRANSPORT_eSCO | PAYLOAD_BR)) {
835 proto_tree_add_item(header_tree, hf_packet_header_broken_type_esco_br, tvb, offset, 4, ENC_LITTLE_ENDIAN);
836
837 packet_type = (tvb_get_uint8(tvb, offset + 1) >> 3) & 0xF;
838 packet_type_str = val_to_str_const(packet_type, packet_type_esco_br_vals, "Unknown");
839 packet_type_table = packet_type_esco_br_table;
840 } else if (payload_and_transport == (TRANSPORT_eSCO | PAYLOAD_EDR_2) || payload_and_transport == (TRANSPORT_eSCO | PAYLOAD_EDR_3)) {
841 proto_tree_add_item(header_tree, hf_packet_header_broken_type_esco_edr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
842
843 packet_type = (tvb_get_uint8(tvb, offset + 1) >> 3) & 0xF;
844 packet_type_str = val_to_str_const(packet_type, packet_type_esco_edr_vals, "Unknown");
845 packet_type_table = packet_type_esco_edr_table;
846 } else if (payload_and_transport == (TRANSPORT_ACL | PAYLOAD_BR)) {
847 proto_tree_add_item(header_tree, hf_packet_header_broken_type_acl_br, tvb, offset, 4, ENC_LITTLE_ENDIAN);
848
849 packet_type = (tvb_get_uint8(tvb, offset + 1) >> 3) & 0xF;
850 packet_type_str = val_to_str_const(packet_type, packet_type_acl_br_vals, "Unknown");
851 packet_type_table = packet_type_acl_br_table;
852 } else if (payload_and_transport == (TRANSPORT_ACL | PAYLOAD_EDR_2) || payload_and_transport == (TRANSPORT_ACL | PAYLOAD_EDR_3)) {
853 proto_tree_add_item(header_tree, hf_packet_header_broken_type_acl_edr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
854
855 packet_type = (tvb_get_uint8(tvb, offset + 1) >> 3) & 0xF;
856 packet_type_str = val_to_str_const(packet_type, packet_type_acl_edr_vals, "Unknown");
857 packet_type_table = packet_type_acl_edr_table;
858 } else if (payload_and_transport == (TRANSPORT_CPB | PAYLOAD_BR)) {
859 proto_tree_add_item(header_tree, hf_packet_header_broken_type_cpb_br, tvb, offset, 4, ENC_LITTLE_ENDIAN);
860
861 packet_type = (tvb_get_uint8(tvb, offset + 1) >> 3) & 0xF;
862 packet_type_str = val_to_str_const(packet_type, packet_type_cpb_br_vals, "Unknown");
863 packet_type_table = packet_type_cpb_br_table;
864 } else if (payload_and_transport == (TRANSPORT_CPB | PAYLOAD_EDR_2) || payload_and_transport == (TRANSPORT_ACL | PAYLOAD_EDR_3)) {
865 proto_tree_add_item(header_tree, hf_packet_header_broken_type_cpb_edr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
866
867 packet_type = (tvb_get_uint8(tvb, offset + 1) >> 3) & 0xF;
868 packet_type_str = val_to_str_const(packet_type, packet_type_cpb_edr_vals, "Unknown");
869 packet_type_table = packet_type_cpb_edr_table;
870 } else if ((payload_and_transport >> 4) == TRANSPORT_ANY) {
871 proto_tree_add_item(header_tree, hf_packet_header_broken_type_any, tvb, offset, 4, ENC_LITTLE_ENDIAN);
872
873 packet_type = (tvb_get_uint8(tvb, offset + 1) >> 3) & 0xF;
874 packet_type_str = val_to_str_const(packet_type, packet_type_any_vals, "Unknown");
875 } else {
876 proto_tree_add_item(header_tree, hf_packet_header_broken_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
877 }
878
879 proto_tree_add_item(header_tree, hf_packet_header_broken_flow_control, tvb, offset, 4, ENC_LITTLE_ENDIAN);
880 proto_tree_add_item(header_tree, hf_packet_header_broken_acknowledge_indication, tvb, offset, 4, ENC_LITTLE_ENDIAN);
881 proto_tree_add_item(header_tree, hf_packet_header_broken_sequence_number, tvb, offset, 4, ENC_LITTLE_ENDIAN);
882 hec_item = proto_tree_add_item(header_tree, hf_packet_header_broken_header_error_check, tvb, offset, 4, ENC_LITTLE_ENDIAN);
883 } else if (header_mode >= 0) {
884 // header format according to Core_v5.2.pdf Vol 2 Part B Chapter 6.4
885 header_item = proto_tree_add_item(btbredr_rf_tree, hf_packet_header, tvb, offset, 4, ENC_LITTLE_ENDIAN);
886 header_tree = proto_item_add_subtree(header_item, ett_bluetooth_header);
887
888 proto_tree_add_item(header_tree, hf_packet_header_lt_addr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
889 ltaddr = tvb_get_uint32(tvb, offset, ENC_LITTLE_ENDIAN) & 7;
890 arqn = (tvb_get_uint32(tvb, offset, ENC_LITTLE_ENDIAN) >> 8) & 1;
891 seqn = (tvb_get_uint32(tvb, offset, ENC_LITTLE_ENDIAN) >> 9) & 1;
892
893 if (payload_and_transport == (TRANSPORT_SCO | PAYLOAD_BR)) {
894 proto_tree_add_item(header_tree, hf_packet_header_type_sco_br, tvb, offset, 4, ENC_LITTLE_ENDIAN);
895
896 packet_type = (tvb_get_uint8(tvb, offset) >> 3) & 0xF;
897 packet_type_str = val_to_str_const(packet_type, packet_type_sco_br_vals, "Unknown");
898 packet_type_table = packet_type_sco_br_table;
899 } else if (payload_and_transport == (TRANSPORT_eSCO | PAYLOAD_BR)) {
900 proto_tree_add_item(header_tree, hf_packet_header_type_esco_br, tvb, offset, 4, ENC_LITTLE_ENDIAN);
901
902 packet_type = (tvb_get_uint8(tvb, offset) >> 3) & 0xF;
903 packet_type_str = val_to_str_const(packet_type, packet_type_esco_br_vals, "Unknown");
904 packet_type_table = packet_type_esco_br_table;
905 } else if (payload_and_transport == (TRANSPORT_eSCO | PAYLOAD_EDR_2) || payload_and_transport == (TRANSPORT_eSCO | PAYLOAD_EDR_3)) {
906 proto_tree_add_item(header_tree, hf_packet_header_type_esco_edr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
907
908 packet_type = (tvb_get_uint8(tvb, offset) >> 3) & 0xF;
909 packet_type_str = val_to_str_const(packet_type, packet_type_esco_edr_vals, "Unknown");
910 packet_type_table = packet_type_esco_edr_table;
911 } else if (payload_and_transport == (TRANSPORT_ACL | PAYLOAD_BR)) {
912 proto_tree_add_item(header_tree, hf_packet_header_type_acl_br, tvb, offset, 4, ENC_LITTLE_ENDIAN);
913
914 packet_type = (tvb_get_uint8(tvb, offset) >> 3) & 0xF;
915 packet_type_str = val_to_str_const(packet_type, packet_type_acl_br_vals, "Unknown");
916 packet_type_table = packet_type_acl_br_table;
917 } else if (payload_and_transport == (TRANSPORT_ACL | PAYLOAD_EDR_2) || payload_and_transport == (TRANSPORT_ACL | PAYLOAD_EDR_3)) {
918 proto_tree_add_item(header_tree, hf_packet_header_type_acl_edr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
919
920 packet_type = (tvb_get_uint8(tvb, offset) >> 3) & 0xF;
921 packet_type_str = val_to_str_const(packet_type, packet_type_acl_edr_vals, "Unknown");
922 packet_type_table = packet_type_acl_edr_table;
923 } else if (payload_and_transport == (TRANSPORT_CPB | PAYLOAD_BR)) {
924 proto_tree_add_item(header_tree, hf_packet_header_type_cpb_br, tvb, offset, 4, ENC_LITTLE_ENDIAN);
925
926 packet_type = (tvb_get_uint8(tvb, offset) >> 3) & 0xF;
927 packet_type_str = val_to_str_const(packet_type, packet_type_cpb_br_vals, "Unknown");
928 packet_type_table = packet_type_cpb_br_table;
929 } else if (payload_and_transport == (TRANSPORT_CPB | PAYLOAD_EDR_2) || payload_and_transport == (TRANSPORT_ACL | PAYLOAD_EDR_3)) {
930 proto_tree_add_item(header_tree, hf_packet_header_type_cpb_edr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
931
932 packet_type = (tvb_get_uint8(tvb, offset) >> 3) & 0xF;
933 packet_type_str = val_to_str_const(packet_type, packet_type_cpb_edr_vals, "Unknown");
934 packet_type_table = packet_type_cpb_edr_table;
935 } else if ((payload_and_transport >> 4) == TRANSPORT_ANY) {
936 proto_tree_add_item(header_tree, hf_packet_header_type_any, tvb, offset, 4, ENC_LITTLE_ENDIAN);
937
938 packet_type = (tvb_get_uint8(tvb, offset) >> 3) & 0xF;
939 packet_type_str = val_to_str_const(packet_type, packet_type_any_vals, "Unknown");
940 } else {
941 proto_tree_add_item(header_tree, hf_packet_header_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
942 }
943
944 proto_tree_add_item(header_tree, hf_packet_header_flow_control, tvb, offset, 4, ENC_LITTLE_ENDIAN);
945 proto_tree_add_item(header_tree, hf_packet_header_acknowledge_indication, tvb, offset, 4, ENC_LITTLE_ENDIAN);
946 proto_tree_add_item(header_tree, hf_packet_header_sequence_number, tvb, offset, 4, ENC_LITTLE_ENDIAN);
947 hec_item = proto_tree_add_item(header_tree, hf_packet_header_header_error_check, tvb, offset, 4, ENC_LITTLE_ENDIAN);
948 proto_tree_add_item(header_tree, hf_packet_header_reserved, tvb, offset, 4, ENC_LITTLE_ENDIAN);
949 }
950
951 switch (header_mode) {
952 case -2:
953 col_set_str(pinfo->cinfo, COL_INFO, (lap == 0x9e8b33) ? "GIAC" : "DIAC");
954 break;
955
956 case -1:
957 expert_add_info(pinfo, hec_item, &ei_packet_header_with_hec_not_checked);
958 break;
959
960 case 0:
961 expert_add_info(pinfo, hec_item, &ei_incorrect_packet_header_or_hec);
962 break;
963
964 case 2:
965 expert_add_info(pinfo, header_item, &ei_broken_packet_header_format);
966 break;
967
968 default:
969 break;
970 }
971
972 if (header_mode > 0 && ltaddr)
973 connection_info = lookup_connection_info(interface_id, adapter_id, lap, ltaddr, pinfo->num);
974
975 if (connection_info && direction >= 0) {
976 set_address(&pinfo->dl_src, AT_ETHER, sizeof(connection_info->bd_addr[0]), connection_info->bd_addr[direction]);
977 set_address(&pinfo->dl_dst, AT_ETHER, sizeof(connection_info->bd_addr[0]), connection_info->bd_addr[1 - direction]);
978 set_address(&pinfo->net_src, AT_ETHER, sizeof(connection_info->bd_addr[0]), connection_info->bd_addr[direction]);
979 set_address(&pinfo->net_dst, AT_ETHER, sizeof(connection_info->bd_addr[0]), connection_info->bd_addr[1 - direction]);
980 } else {
981 clear_address(&pinfo->dl_dst);
982 clear_address(&pinfo->net_dst);
983 if (header_mode > 0 && !ltaddr && device_info) {
984 set_address(&pinfo->dl_src, AT_ETHER, sizeof(device_info->bd_addr), device_info->bd_addr);
985 set_address(&pinfo->net_src, AT_ETHER, sizeof(device_info->bd_addr), device_info->bd_addr);
986 } else {
987 clear_address(&pinfo->dl_src);
988 clear_address(&pinfo->net_src);
989 }
990 }
991 copy_address_shallow(&pinfo->src, &pinfo->net_src);
992 copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
993
994 offset += 4;
995
996 flags_item = proto_tree_add_item(btbredr_rf_tree, hf_flags, tvb, offset, 2, ENC_LITTLE_ENDIAN);
997 flags_tree = proto_item_add_subtree(flags_item, ett_flags);
998
999 flags = tvb_get_uint16(tvb, offset, ENC_LITTLE_ENDIAN);
1000
1001 reserved_item = proto_tree_add_item(flags_tree, hf_flags_reserved_15_14, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1002 if (flags & 0xC000) {
1003 expert_add_info(pinfo, reserved_item, &ei_reserved_not_zero);
1004 }
1005
1006 proto_tree_add_item(flags_tree, hf_flags_mic_pass, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1007 proto_tree_add_item(flags_tree, hf_flags_mic_checked, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1008 proto_tree_add_item(flags_tree, hf_flags_crc_pass, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1009 proto_tree_add_item(flags_tree, hf_flags_crc_checked, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1010 proto_tree_add_item(flags_tree, hf_flags_hec_pass, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1011 proto_tree_add_item(flags_tree, hf_flags_hec_checked, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1012 proto_tree_add_item(flags_tree, hf_flags_reference_upper_addres_part_valid, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1013 proto_tree_add_item(flags_tree, hf_flags_rf_channel_aliasing, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1014 proto_tree_add_item(flags_tree, hf_flags_br_edr_data_present, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1015 proto_tree_add_item(flags_tree, hf_flags_reference_lower_address_part_valid, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1016 proto_tree_add_item(flags_tree, hf_flags_bredr_payload_decrypted, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1017 proto_tree_add_item(flags_tree, hf_flags_noise_power_valid, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1018 proto_tree_add_item(flags_tree, hf_flags_signal_power_valid, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1019 proto_tree_add_item(flags_tree, hf_flags_packet_header_and_br_edr_payload_dewhitened, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1020
1021 offset += 2;
1022
1023 if ((flags & (FLAGS_SIGNAL_POWER_VALID | FLAGS_NOISE_POWER_VALID)) == (FLAGS_SIGNAL_POWER_VALID | FLAGS_NOISE_POWER_VALID)) {
1024 col_append_fstr(pinfo->cinfo, COL_INFO, " (SP: %4i, NP: %4i)",
1025 (int)tvb_get_int8(tvb, 1), (int)tvb_get_int8(tvb, 2));
1026 } else if (flags & FLAGS_SIGNAL_POWER_VALID) {
1027 col_append_fstr(pinfo->cinfo, COL_INFO, " (SP: %4i)",
1028 (int)tvb_get_int8(tvb, 1));
1029 } else if (flags & FLAGS_NOISE_POWER_VALID) {
1030 col_append_fstr(pinfo->cinfo, COL_INFO, " (NP: %4i)",
1031 (int)tvb_get_int8(tvb, 2));
1032 }
1033
1034 if (flags & FLAGS_PACKET_HEADER_AND_BR_EDR_PAYLOAD_DEWHITENED)
1035 col_append_fstr(pinfo->cinfo, COL_INFO, ", Packet Type: %s", packet_type_str);
1036
1037 // Packet Type Table
1038 if (payload_and_transport == (TRANSPORT_SCO | PAYLOAD_BR)) {
1039 switch (packet_type) {
1040 case 0: // NULL
1041 case 1: // POLL
1042 isochronous_length = 0;
1043 isochronous_crc = false;
1044 data_length = 0;
1045 data_header = 0;
1046 data_crc = false;
1047 break;
1048
1049 case 2: // FHS
1050 isochronous_length = 0;
1051 isochronous_crc = false;
1052 data_length = 18;
1053 data_header = 0;
1054 data_crc = true;
1055 decrypted = true;
1056 break;
1057
1058 case 3: // DM1
1059 isochronous_length = 0;
1060 isochronous_crc = false;
1061 data_length = 18;
1062 data_header = 1;
1063 data_crc = true;
1064 break;
1065
1066 case 5: // HV1
1067 isochronous_length = 10;
1068 isochronous_crc = false;
1069 data_length = 0;
1070 data_header = 0;
1071 data_crc = false;
1072 break;
1073
1074 case 6: // HV2
1075 isochronous_length = 20;
1076 isochronous_crc = false;
1077 data_length = 0;
1078 data_header = 0;
1079 data_crc = false;
1080 break;
1081
1082 case 7: // HV3
1083 isochronous_length = 30;
1084 isochronous_crc = false;
1085 data_length = 0;
1086 data_header = 0;
1087 data_crc = false;
1088 break;
1089
1090 case 8: // DV
1091 isochronous_length = 10;
1092 isochronous_crc = false;
1093 data_length = 10;
1094 data_header = 1;
1095 data_crc = true;
1096 break;
1097
1098 default:
1099 break;
1100 }
1101 } else if (payload_and_transport == (TRANSPORT_eSCO | PAYLOAD_BR)) {
1102 switch (packet_type) {
1103 case 0: // NULL
1104 case 1: // POLL
1105 isochronous_length = 0;
1106 isochronous_crc = false;
1107 data_length = 0;
1108 data_header = 0;
1109 data_crc = false;
1110 break;
1111
1112 case 7: // EV3
1113 isochronous_length = 30;
1114 isochronous_crc = true;
1115 isochronous_esco = true;
1116 data_length = 0;
1117 data_header = 0;
1118 data_crc = false;
1119 break;
1120
1121 case 12: // EV4
1122 isochronous_length = 120;
1123 isochronous_crc = true;
1124 isochronous_esco = true;
1125 data_length = 0;
1126 data_header = 0;
1127 data_crc = false;
1128 break;
1129
1130 case 13: // EV5
1131 isochronous_length = 180;
1132 isochronous_crc = true;
1133 isochronous_esco = true;
1134 data_length = 0;
1135 data_header = 0;
1136 data_crc = false;
1137 break;
1138
1139 default:
1140 break;
1141 }
1142 } else if (payload_and_transport == (TRANSPORT_eSCO | PAYLOAD_EDR_2) || payload_and_transport == (TRANSPORT_eSCO | PAYLOAD_EDR_3)) {
1143 switch (packet_type) {
1144 case 0: // NULL
1145 case 1: // POLL
1146 isochronous_length = 0;
1147 isochronous_crc = false;
1148 data_length = 0;
1149 data_header = 0;
1150 data_crc = false;
1151 break;
1152
1153 case 6: // 2-EV3
1154 isochronous_length = 60;
1155 isochronous_crc = true;
1156 isochronous_esco = true;
1157 data_length = 0;
1158 data_header = 0;
1159 data_crc = false;
1160 break;
1161
1162 case 7: // 3-EV3
1163 isochronous_length = 90;
1164 isochronous_crc = true;
1165 isochronous_esco = true;
1166 data_length = 0;
1167 data_header = 0;
1168 data_crc = false;
1169 break;
1170
1171 case 12: // 2-EV5
1172 isochronous_length = 360;
1173 isochronous_crc = true;
1174 isochronous_esco = true;
1175 data_length = 0;
1176 data_header = 0;
1177 data_crc = false;
1178 break;
1179
1180 case 13: // 3-EV5
1181 isochronous_length = 540;
1182 isochronous_crc = true;
1183 isochronous_esco = true;
1184 data_length = 0;
1185 data_header = 0;
1186 data_crc = false;
1187 break;
1188
1189 default:
1190 break;
1191 }
1192 } else if (payload_and_transport == (TRANSPORT_ACL | PAYLOAD_BR)) {
1193 switch (packet_type) {
1194 case 0: // NULL
1195 case 1: // POLL
1196 isochronous_length = 0;
1197 isochronous_crc = false;
1198 data_length = 0;
1199 data_header = 0;
1200 data_crc = false;
1201 break;
1202
1203 case 2: // FHS
1204 isochronous_length = 0;
1205 isochronous_crc = false;
1206 data_length = 18;
1207 data_header = 0;
1208 data_crc = true;
1209 decrypted = true;
1210 break;
1211
1212 case 3: // DM1
1213 isochronous_length = 0;
1214 isochronous_crc = false;
1215 data_length = 18;
1216 data_header = 1;
1217 data_crc = true;
1218 break;
1219
1220 case 4: // DH1
1221 isochronous_length = 0;
1222 isochronous_crc = false;
1223 data_length = 28;
1224 data_header = 1;
1225 data_crc = true;
1226 break;
1227
1228 case 9: // AUX1
1229 isochronous_length = 0;
1230 isochronous_crc = false;
1231 data_length = 30;
1232 data_header = 1;
1233 data_crc = false;
1234 break;
1235
1236 case 10: // DM3
1237 isochronous_length = 0;
1238 isochronous_crc = false;
1239 data_length = 123;
1240 data_header = 2;
1241 data_crc = true;
1242 break;
1243
1244 case 11: // DH3
1245 isochronous_length = 0;
1246 isochronous_crc = false;
1247 data_length = 185;
1248 data_header = 2;
1249 data_crc = true;
1250 break;
1251
1252 case 14: // DM5
1253 isochronous_length = 0;
1254 isochronous_crc = false;
1255 data_length = 226;
1256 data_header = 2;
1257 data_crc = true;
1258 break;
1259
1260 case 15: // DH5
1261 isochronous_length = 0;
1262 isochronous_crc = false;
1263 data_length = 341;
1264 data_header = 2;
1265 data_crc = true;
1266 break;
1267
1268 default:
1269 break;
1270 }
1271 } else if (payload_and_transport == (TRANSPORT_ACL | PAYLOAD_EDR_2) || payload_and_transport == (TRANSPORT_ACL | PAYLOAD_EDR_3)) {
1272 switch (packet_type) {
1273 case 0: // NULL
1274 case 1: // POLL
1275 isochronous_length = 0;
1276 isochronous_crc = false;
1277 data_length = 0;
1278 data_header = 0;
1279 data_crc = false;
1280 break;
1281
1282 case 2: // FHS
1283 isochronous_length = 0;
1284 isochronous_crc = false;
1285 data_length = 18;
1286 data_header = 0;
1287 data_crc = true;
1288 decrypted = true;
1289 break;
1290
1291 case 3: // DM1
1292 isochronous_length = 0;
1293 isochronous_crc = false;
1294 data_length = 18;
1295 data_header = 1;
1296 data_crc = true;
1297 break;
1298
1299 case 4: // 2-DH1
1300 isochronous_length = 0;
1301 isochronous_crc = false;
1302 data_length = 56;
1303 data_header = 2;
1304 data_crc = true;
1305 break;
1306
1307 case 8: // 3-DH1
1308 isochronous_length = 0;
1309 isochronous_crc = false;
1310 data_length = 85;
1311 data_header = 2;
1312 data_crc = true;
1313 break;
1314
1315 case 9: // AUX1
1316 isochronous_length = 0;
1317 isochronous_crc = false;
1318 data_length = 30;
1319 data_header = 1;
1320 data_crc = false;
1321 break;
1322
1323 case 10: // 2-DH3
1324 isochronous_length = 0;
1325 isochronous_crc = false;
1326 data_length = 369;
1327 data_header = 2;
1328 data_crc = true;
1329 break;
1330
1331 case 11: // 3-DH3
1332 isochronous_length = 0;
1333 isochronous_crc = false;
1334 data_length = 554;
1335 data_header = 2;
1336 data_crc = true;
1337 break;
1338
1339 case 14: // 2-DH5
1340 isochronous_length = 0;
1341 isochronous_crc = false;
1342 data_length = 681;
1343 data_header = 2;
1344 data_crc = true;
1345 break;
1346
1347 case 15: // 3-DH5
1348 isochronous_length = 0;
1349 isochronous_crc = false;
1350 data_length = 1023;
1351 data_header = 2;
1352 data_crc = true;
1353 break;
1354
1355 default:
1356 break;
1357 }
1358 } else if (payload_and_transport == (TRANSPORT_CPB | PAYLOAD_BR)) {
1359 switch (packet_type) {
1360 case 0: // NULL
1361 isochronous_length = 0;
1362 isochronous_crc = false;
1363 data_length = 0;
1364 data_header = 0;
1365 data_crc = false;
1366 break;
1367
1368 case 3: // DM1
1369 isochronous_length = 0;
1370 isochronous_crc = false;
1371 data_length = 18;
1372 data_header = 1;
1373 data_crc = true;
1374 break;
1375
1376 case 4: // DH1
1377 isochronous_length = 0;
1378 isochronous_crc = false;
1379 data_length = 28;
1380 data_header = 1;
1381 data_crc = true;
1382 break;
1383
1384 case 10: // DM3
1385 isochronous_length = 0;
1386 isochronous_crc = false;
1387 data_length = 123;
1388 data_header = 2;
1389 data_crc = true;
1390 break;
1391
1392 case 11: // DH3
1393 isochronous_length = 0;
1394 isochronous_crc = false;
1395 data_length = 185;
1396 data_header = 2;
1397 data_crc = true;
1398 break;
1399
1400 case 14: // DM5
1401 isochronous_length = 0;
1402 isochronous_crc = false;
1403 data_length = 226;
1404 data_header = 2;
1405 data_crc = true;
1406 break;
1407
1408 case 15: // DH5
1409 isochronous_length = 0;
1410 isochronous_crc = false;
1411 data_length = 341;
1412 data_header = 2;
1413 data_crc = true;
1414 break;
1415
1416 default:
1417 break;
1418 }
1419 } else if (payload_and_transport == (TRANSPORT_CPB | PAYLOAD_EDR_2) || payload_and_transport == (TRANSPORT_ACL | PAYLOAD_EDR_3)) {
1420 switch (packet_type) {
1421 case 0: // NULL
1422 isochronous_length = 0;
1423 isochronous_crc = false;
1424 data_length = 0;
1425 data_header = 0;
1426 data_crc = false;
1427 break;
1428
1429 case 3: // DM1
1430 isochronous_length = 0;
1431 isochronous_crc = false;
1432 data_length = 18;
1433 data_header = 1;
1434 data_crc = true;
1435 break;
1436
1437 case 4: // 2-DH1
1438 isochronous_length = 0;
1439 isochronous_crc = false;
1440 data_length = 56;
1441 data_header = 2;
1442 data_crc = true;
1443 break;
1444
1445 case 8: // 3-DH1
1446 isochronous_length = 0;
1447 isochronous_crc = false;
1448 data_length = 85;
1449 data_header = 2;
1450 data_crc = true;
1451 break;
1452
1453 case 10: // 2-DH3
1454 isochronous_length = 0;
1455 isochronous_crc = false;
1456 data_length = 369;
1457 data_header = 2;
1458 data_crc = true;
1459 break;
1460
1461 case 11: // 3-DH3
1462 isochronous_length = 0;
1463 isochronous_crc = false;
1464 data_length = 554;
1465 data_header = 2;
1466 data_crc = true;
1467 break;
1468
1469 case 14: // 2-DH5
1470 isochronous_length = 0;
1471 isochronous_crc = false;
1472 data_length = 681;
1473 data_header = 2;
1474 data_crc = true;
1475 break;
1476
1477 case 15: // 3-DH5
1478 isochronous_length = 0;
1479 isochronous_crc = false;
1480 data_length = 1023;
1481 data_header = 2;
1482 data_crc = true;
1483 break;
1484
1485 default:
1486 break;
1487 }
1488 } else if ((payload_and_transport >> 4) == TRANSPORT_ANY) {
1489 switch (packet_type) {
1490 case 0: // NULL
1491 case 1: // POLL
1492 isochronous_length = 0;
1493 isochronous_crc = false;
1494 data_length = 0;
1495 data_header = 0;
1496 data_crc = false;
1497 break;
1498
1499 case 2: // FHS
1500 isochronous_length = 0;
1501 isochronous_crc = false;
1502 data_length = 18;
1503 data_header = 0;
1504 data_crc = true;
1505 decrypted = true;
1506 break;
1507
1508 case 3: // DM1
1509 isochronous_length = 0;
1510 isochronous_crc = false;
1511 data_length = 18;
1512 data_header = 1;
1513 data_crc = true;
1514 break;
1515
1516 default:
1517 break;
1518 }
1519 }
1520
1521 if (flags & FLAGS_BR_EDR_DATA_PRESENT) {
1522 if (flags & FLAGS_PACKET_HEADER_AND_BR_EDR_PAYLOAD_DEWHITENED) {
1523 if (decrypted) {
1524 tvbuff_t *next_tvb;
1525
1526 next_tvb = tvb_new_subset_remaining(tvb, offset);
1527 if (packet_type_table && packet_type > PACKET_TYPE_UNKNOWN &&
1528 dissector_try_uint_with_data(packet_type_table, packet_type, next_tvb, pinfo, tree, true, bluetooth_data)) {
1529 offset = tvb_reported_length(tvb);
1530 } else {
1531 if (isochronous_length > 0 &&
1532 (!isochronous_crc || (flags & (FLAGS_CRC_PASS | FLAGS_CRC_CHECKED)) == (FLAGS_CRC_PASS | FLAGS_CRC_CHECKED))) {
1533 int len = tvb_captured_length_remaining(tvb, offset);
1534 if (isochronous_crc)
1535 len -= 2;
1536 if (isochronous_length > len)
1537 isochronous_length = len;
1538 if (isochronous_length > 0) {
1539 //next_tvb = tvb_new_subset_length(tvb, offset, isochronous_length);
1540 proto_item *iso_item = proto_tree_add_item(btbredr_rf_tree, hf_isochronous_data, tvb, offset, isochronous_length, ENC_NA);
1541 if (isochronous_crc) {
1542 proto_item *crc_item = NULL;
1543 crc_item = proto_tree_add_item(btbredr_rf_tree, hf_crc, tvb, offset + isochronous_length, 2, ENC_LITTLE_ENDIAN);
1544 if ((flags & FLAGS_REFERENCE_UPPER_ADDRES_PART_VALID) && !check_crc(uap, tvb, offset, isochronous_length + 2))
1545 expert_add_info(pinfo, crc_item, &ei_incorrect_crc);
1546 offset += 2;
1547 }
1548 offset += isochronous_length;
1549 if (connection_info) {
1550 if (connection_info->esco != isochronous_esco)
1551 expert_add_info(pinfo, iso_item, &ei_esco_incorrect_ltaddr);
1552 if (direction >= 0 && connection_info->esco &&
1553 connection_info->escosize[direction] != isochronous_length)
1554 expert_add_info(pinfo, iso_item, &ei_esco_incorrect_length);
1555 }
1556 }
1557 }
1558 if (data_length > 0 &&
1559 (!data_crc || (flags & (FLAGS_CRC_PASS | FLAGS_CRC_CHECKED)) == (FLAGS_CRC_PASS | FLAGS_CRC_CHECKED))) {
1560 int len = tvb_captured_length_remaining(tvb, offset);
1561 bool error = false;
1562 int llid = -1;
1563 if (data_crc)
1564 len -= 2;
1565 if (data_length > len)
1566 data_length = len;
1567 if (data_header > 0) {
1568 if (len < data_header) {
1569 error = true;
1570 } else if (data_header == 1) {
1571 uint8_t hdr = tvb_get_uint8(tvb, offset);
1572 llid = hdr & 3;
1573 hdr >>= 3;
1574 hdr &= 0x1f;
1575 ++hdr;
1576 if (hdr > len)
1577 error = true;
1578 else
1579 data_length = hdr;
1580 } else if (data_header == 2) {
1581 uint16_t hdr = tvb_get_uint16(tvb, offset, ENC_LITTLE_ENDIAN);
1582 llid = hdr & 3;
1583 hdr >>= 3;
1584 hdr &= 0x3ff;
1585 hdr += 2;
1586 if (hdr > len)
1587 error = true;
1588 else
1589 data_length = hdr;
1590 } else {
1591 error = true;
1592 }
1593 }
1594 if (data_length > 0 && !error) {
1595 bool handled = false;
1596 fragment_head *frag_l2cap_msg = NULL;
1597 if (data_header == 1) {
1598 proto_item *pheader_item = proto_tree_add_item(btbredr_rf_tree, hf_payload_header1, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1599 proto_tree *pheader_tree = proto_item_add_subtree(pheader_item, ett_payload_header);
1600 proto_tree_add_item(pheader_tree, hf_payload_header1_llid, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1601 proto_tree_add_item(pheader_tree, hf_payload_header1_flow, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1602 proto_tree_add_item(pheader_tree, hf_payload_header1_length, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1603 } else if (data_header == 2) {
1604 proto_item *pheader_item = proto_tree_add_item(btbredr_rf_tree, hf_payload_header2, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1605 proto_tree *pheader_tree = proto_item_add_subtree(pheader_item, ett_payload_header);
1606 proto_tree_add_item(pheader_tree, hf_payload_header2_llid, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1607 proto_tree_add_item(pheader_tree, hf_payload_header2_flow, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1608 proto_tree_add_item(pheader_tree, hf_payload_header2_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1609 proto_tree_add_item(pheader_tree, hf_payload_header2_rfu, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1610 }
1611 if (!pinfo->fd->visited) {
1612 frame_info = wmem_new0(wmem_file_scope(), btbredr_frame_info_t);
1613 p_add_proto_data(wmem_file_scope(), pinfo, proto_btbredr_rf, pinfo->curr_layer_num, frame_info);
1614 if (connection_info && direction >= 0) {
1615 frame_info->retransmit = (seqn == connection_info->reassembly[direction].seqn);
1616 frame_info->ack = arqn;
1617 frame_info->l2cap_index = pinfo->num;
1618 connection_info->reassembly[direction].seqn = seqn;
1619 }
1620 } else {
1621 frame_info = (btbredr_frame_info_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_btbredr_rf, pinfo->curr_layer_num);
1622 }
1623 if (packet_type == 2) {
1624 // FHS
1625 next_tvb = tvb_new_subset_length(tvb, offset + data_header, data_length - data_header);
1626 if (next_tvb) {
1627 btbredr_fhs_data_t *fhs_data = wmem_new0(pinfo->pool, btbredr_fhs_data_t);
1628 fhs_data->bluetooth_data = bluetooth_data;
1629 fhs_data->device_info = device_info;
1630 fhs_data->connection_info = connection_info;
1631 call_dissector_with_data(btbredr_fhs_handle, next_tvb, pinfo, tree, fhs_data);
1632 handled = true;
1633 }
1634 }
1635 switch (llid) {
1636 case 0x03: // LMP
1637 if (!btlmp_handle)
1638 break;
1639 next_tvb = tvb_new_subset_length(tvb, offset + data_header, data_length - data_header);
1640 if (!next_tvb)
1641 break;
1642 call_dissector_with_data(btlmp_handle, next_tvb, pinfo, tree, connection_info);
1643 handled = true;
1644 break;
1645
1646 case 0x02: // Start of or complete L2CAP message
1647 if (!btl2cap_handle)
1648 break;
1649 if (frame_info && data_length > data_header) {
1650 unsigned pdu_len = data_length - data_header;
1651 unsigned l2cap_len = tvb_get_letohs(tvb, offset + data_header);
1652 if (l2cap_len + 4 <= pdu_len) {
1653 bthci_acl_data_t *acl_data = wmem_new(pinfo->pool, bthci_acl_data_t);
1654 acl_data->interface_id = interface_id;
1655 acl_data->adapter_id = adapter_id;
1656 acl_data->chandle = 0; /* No connection handle at this layer */
1657 acl_data->remote_bd_addr_oui = 0;
1658 acl_data->remote_bd_addr_id = 0;
1659 acl_data->is_btle = true;
1660 acl_data->is_btle_retransmit = false;
1661 acl_data->adapter_disconnect_in_frame = &bluetooth_max_disconnect_in_frame;
1662 acl_data->disconnect_in_frame = &bluetooth_max_disconnect_in_frame;
1663 next_tvb = tvb_new_subset_length(tvb, offset + data_header, pdu_len);
1664 call_dissector_with_data(btl2cap_handle, next_tvb, pinfo, tree, acl_data);
1665 handled = true;
1666 col_set_str(pinfo->cinfo, COL_INFO, "L2CAP Data");
1667 if (!pinfo->fd->visited && connection_info && direction >= 0) {
1668 connection_info->reassembly[direction].l2cap_index = pinfo->num;
1669 connection_info->reassembly[direction].segment_len_rem = 0;
1670 }
1671 break;
1672 }
1673 pinfo->fragmented = true;
1674 if (!frame_info->retransmit && connection_info && direction >= 0) {
1675 if (!pinfo->fd->visited) {
1676 connection_info->reassembly[direction].l2cap_index = pinfo->num;
1677 connection_info->reassembly[direction].segment_len_rem = l2cap_len + 4 - pdu_len;
1678 frame_info->more_fragments = 1;
1679 }
1680 frag_l2cap_msg = fragment_add_seq_next(&l2cap_msg_reassembly_table,
1681 tvb, offset + data_header,
1682 pinfo,
1683 frame_info->l2cap_index, /* uint32_t ID for fragments belonging together */
1684 NULL, /* data* */
1685 pdu_len, /* Fragment length */
1686 frame_info->more_fragments); /* More fragments */
1687 process_reassembled_data(tvb, offset + data_header, pinfo,
1688 "Reassembled L2CAP",
1689 frag_l2cap_msg,
1690 &l2cap_msg_frag_items,
1691 NULL,
1692 btbredr_rf_tree);
1693 }
1694 proto_tree_add_item(btbredr_rf_tree, hf_l2cap_fragment, tvb, offset + data_header, pdu_len, ENC_NA);
1695 handled = true;
1696 col_set_str(pinfo->cinfo, COL_INFO, "L2CAP Fragment Start");
1697 }
1698 break;
1699
1700 case 0x01: /* Continuation fragment of an L2CAP message, or an Empty PDU */
1701 if (!btl2cap_handle)
1702 break;
1703 if (!frame_info || data_length <= data_header) {
1704 col_set_str(pinfo->cinfo, COL_INFO, "Empty PDU");
1705 break;
1706 }
1707 pinfo->fragmented = true;
1708 if (!frame_info->retransmit && connection_info && direction >= 0) {
1709 unsigned pdu_len = data_length - data_header;
1710 if (!pinfo->fd->visited) {
1711 if (connection_info->reassembly[direction].segment_len_rem > 0) {
1712 if (connection_info->reassembly[direction].segment_len_rem >= pdu_len) {
1713 connection_info->reassembly[direction].segment_len_rem -= pdu_len;
1714 frame_info->l2cap_index = connection_info->reassembly[direction].l2cap_index;
1715 } else {
1716 /*
1717 * Missing fragment for previous L2CAP and fragment start for this.
1718 * Set more_fragments and increase l2cap_index to avoid reassembly.
1719 */
1720 frame_info->more_fragments = 1;
1721 frame_info->missing_start = 1;
1722 connection_info->reassembly[direction].l2cap_index = pinfo->num;
1723 connection_info->reassembly[direction].segment_len_rem = 0;
1724 }
1725 frame_info->more_fragments = (connection_info->reassembly[direction].segment_len_rem > 0);
1726 } else {
1727 /*
1728 * Missing fragment start.
1729 * Set more_fragments and increase l2cap_index to avoid reassembly.
1730 */
1731 frame_info->more_fragments = 1;
1732 frame_info->missing_start = 1;
1733 connection_info->reassembly[direction].l2cap_index = pinfo->num;
1734 connection_info->reassembly[direction].segment_len_rem = 0;
1735 }
1736 }
1737 frag_l2cap_msg = fragment_add_seq_next(&l2cap_msg_reassembly_table,
1738 tvb, offset + data_header,
1739 pinfo,
1740 frame_info->l2cap_index, /* uint32_t ID for fragments belonging together */
1741 NULL, /* data* */
1742 pdu_len, /* Fragment length */
1743 frame_info->more_fragments); /* More fragments */
1744 next_tvb = process_reassembled_data(tvb, offset, pinfo,
1745 "Reassembled L2CAP",
1746 frag_l2cap_msg,
1747 &l2cap_msg_frag_items,
1748 NULL,
1749 btbredr_rf_tree);
1750 }
1751 if (next_tvb) {
1752 bthci_acl_data_t *acl_data = wmem_new(pinfo->pool, bthci_acl_data_t);
1753 acl_data->interface_id = interface_id;
1754 acl_data->adapter_id = adapter_id;
1755 acl_data->chandle = 0; /* No connection handle at this layer */
1756 acl_data->remote_bd_addr_oui = 0;
1757 acl_data->remote_bd_addr_id = 0;
1758 acl_data->is_btle = true;
1759 acl_data->is_btle_retransmit = false;
1760 acl_data->adapter_disconnect_in_frame = &bluetooth_max_disconnect_in_frame;
1761 acl_data->disconnect_in_frame = &bluetooth_max_disconnect_in_frame;
1762 call_dissector_with_data(btl2cap_handle, next_tvb, pinfo, tree, acl_data);
1763 handled = true;
1764 col_set_str(pinfo->cinfo, COL_INFO, "L2CAP Data");
1765 } else {
1766 proto_item *item = proto_tree_add_item(btbredr_rf_tree, hf_l2cap_fragment, tvb, offset + data_header, data_length - data_header, ENC_NA);
1767 if (frame_info->missing_start)
1768 expert_add_info(pinfo, item, &ei_missing_fragment_start);
1769 handled = true;
1770 col_set_str(pinfo->cinfo, COL_INFO, "L2CAP Fragment");
1771 }
1772 break;
1773
1774 default:
1775 break;
1776 }
1777 if (!handled)
1778 proto_tree_add_item(btbredr_rf_tree, hf_asynchronous_data, tvb, offset + data_header, data_length - data_header, ENC_NA);
1779 if (data_crc) {
1780 proto_item *crc_item = NULL;
1781 crc_item = proto_tree_add_item(btbredr_rf_tree, hf_crc, tvb, offset + data_length, 2, ENC_LITTLE_ENDIAN);
1782 if ((flags & FLAGS_REFERENCE_UPPER_ADDRES_PART_VALID) && !check_crc(uap, tvb, offset, data_length + 2))
1783 expert_add_info(pinfo, crc_item, &ei_incorrect_crc);
1784 offset += 2;
1785 }
1786 offset += data_length;
1787 }
1788 }
1789 if (tvb_captured_length_remaining(tvb, offset) > 0)
1790 proto_tree_add_item(btbredr_rf_tree, hf_data, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
1791 }
1792 } else {
1793 proto_tree_add_item(btbredr_rf_tree, hf_encrypted_data, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
1794 offset = tvb_reported_length(tvb);
1795 }
1796 } else {
1797 proto_tree_add_item(btbredr_rf_tree, hf_whitened_data, tvb, offset, tvb_captured_length_remaining(tvb, offset), ENC_NA);
1798 offset = tvb_reported_length(tvb);
1799 }
1800 } else {
1801 if (tvb_captured_length_remaining(tvb, offset) > 0)
1802 proto_tree_add_expert(btbredr_rf_tree, pinfo, &ei_unexpected_data, tvb, offset, tvb_captured_length_remaining(tvb, offset));
1803 offset = tvb_reported_length(tvb);
1804 }
1805
1806 if (!pinfo->fd->visited) {
1807 address *addr;
1808
1809 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_src, sizeof(address));
1810 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_src.data, pinfo->dl_src.len);
1811 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_SRC, addr);
1812
1813 addr = (address *) wmem_memdup(wmem_file_scope(), &pinfo->dl_dst, sizeof(address));
1814 addr->data = wmem_memdup(wmem_file_scope(), pinfo->dl_dst.data, pinfo->dl_dst.len);
1815 p_add_proto_data(wmem_file_scope(), pinfo, proto_bluetooth, BLUETOOTH_DATA_DST, addr);
1816 }
1817
1818 return offset;
1819 }
1820
1821 static int
1822 dissect_btbredr_fhs(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1823 {
1824 proto_item *btbredr_fhs_item;
1825 proto_tree *btbredr_fhs_tree;
1826 int offset = 0;
1827 uint32_t interface_id;
1828 uint32_t adapter_id;
1829 uint64_t parity_lap_eir_sp_sr;
1830 uint32_t lap;
1831 uint8_t uap;
1832 uint16_t nap;
1833 uint32_t ltaddr_clk_pgscan;
1834 uint32_t ltaddr;
1835 device_info_t *device_info = NULL;
1836 connection_info_t *connection_info = NULL;
1837 btbredr_fhs_data_t *fhs_data = (btbredr_fhs_data_t *) data;
1838
1839 btbredr_fhs_item = proto_tree_add_item(tree, proto_btbredr_fhs, tvb, offset, -1, ENC_NA);
1840 btbredr_fhs_tree = proto_item_add_subtree(btbredr_fhs_item, ett_btbredr_fhs);
1841
1842 col_set_str(pinfo->cinfo, COL_PROTOCOL, "BT BR/EDR FHS");
1843
1844 if (fhs_data->bluetooth_data)
1845 interface_id = fhs_data->bluetooth_data->interface_id;
1846 else if (pinfo->rec->presence_flags & WTAP_HAS_INTERFACE_ID)
1847 interface_id = pinfo->rec->rec_header.packet_header.interface_id;
1848 else
1849 interface_id = HCI_INTERFACE_DEFAULT;
1850
1851 if (fhs_data->bluetooth_data)
1852 adapter_id = fhs_data->bluetooth_data->adapter_id;
1853 else
1854 adapter_id = HCI_ADAPTER_DEFAULT;
1855
1856 proto_tree_add_item(btbredr_fhs_tree, hf_fhs_parity, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1857 proto_tree_add_item(btbredr_fhs_tree, hf_fhs_lap, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1858 proto_tree_add_item(btbredr_fhs_tree, hf_fhs_eir, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1859 proto_tree_add_item(btbredr_fhs_tree, hf_fhs_reserved, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1860 proto_tree_add_item(btbredr_fhs_tree, hf_fhs_sr, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1861 proto_tree_add_item(btbredr_fhs_tree, hf_fhs_sp, tvb, offset, 8, ENC_LITTLE_ENDIAN);
1862 parity_lap_eir_sp_sr = tvb_get_uint64(tvb, offset, ENC_LITTLE_ENDIAN);
1863 lap = (parity_lap_eir_sp_sr >> 34) & 0xffffff;
1864 offset += 8;
1865 proto_tree_add_item(btbredr_fhs_tree, hf_fhs_uap, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1866 uap = tvb_get_uint8(tvb, offset);
1867 offset += 1;
1868 proto_tree_add_item(btbredr_fhs_tree, hf_fhs_nap, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1869 nap = tvb_get_uint16(tvb, offset, ENC_LITTLE_ENDIAN);
1870 offset += 2;
1871 proto_tree_add_item(btbredr_fhs_tree, hf_fhs_class, tvb, offset, 3, ENC_LITTLE_ENDIAN);
1872 offset += 3;
1873 proto_tree_add_item(btbredr_fhs_tree, hf_fhs_ltaddr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1874 proto_tree_add_item(btbredr_fhs_tree, hf_fhs_clk, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1875 proto_tree_add_item(btbredr_fhs_tree, hf_fhs_pagescanmode, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1876 ltaddr_clk_pgscan = tvb_get_uint32(tvb, offset, ENC_LITTLE_ENDIAN);
1877 offset += 4;
1878 ltaddr = ltaddr_clk_pgscan & 0x00000007;
1879
1880 {
1881 wmem_tree_key_t key[4];
1882 key[0].length = 1;
1883 key[0].key = &interface_id;
1884 key[1].length = 1;
1885 key[1].key = &adapter_id;
1886 key[2].length = 1;
1887 key[2].key = &lap;
1888 key[3].length = 0;
1889 key[3].key = NULL;
1890
1891 device_info = (device_info_t *) wmem_tree_lookup32_array(device_info_tree, key);
1892 if (!device_info && !pinfo->fd->visited) {
1893 device_info = wmem_new0(wmem_file_scope(), device_info_t);
1894 device_info->interface_id = interface_id;
1895 device_info->adapter_id = adapter_id;
1896 device_info->bd_addr[0] = nap >> 8;
1897 device_info->bd_addr[1] = nap >> 0;
1898 device_info->bd_addr[2] = uap;
1899 device_info->bd_addr[3] = lap >> 16;
1900 device_info->bd_addr[4] = lap >> 8;
1901 device_info->bd_addr[5] = lap;
1902 device_info->dir = pinfo->p2p_dir;
1903 wmem_tree_insert32_array(device_info_tree, key, device_info);
1904 }
1905 }
1906 if (ltaddr) {
1907 connection_info = lookup_connection_info(interface_id, adapter_id, lap, ltaddr, pinfo->num);
1908 if (!pinfo->fd->visited) {
1909 if (connection_info && fhs_data->device_info &&
1910 !memcmp(connection_info->bd_addr[BDADDR_PERIPHERAL], null_bd_addr, 6))
1911 memcpy(connection_info->bd_addr[BDADDR_PERIPHERAL], fhs_data->device_info->bd_addr, 6);
1912 if (!connection_info && device_info) {
1913 wmem_tree_key_t key[6];
1914 key[0].length = 1;
1915 key[0].key = &interface_id;
1916 key[1].length = 1;
1917 key[1].key = &adapter_id;
1918 key[2].length = 1;
1919 key[2].key = &lap;
1920 key[3].length = 1;
1921 key[3].key = &ltaddr;
1922 key[4].length = 1;
1923 key[4].key = &pinfo->num;
1924 key[5].length = 0;
1925 key[5].key = NULL;
1926 connection_info = wmem_new0(wmem_file_scope(), connection_info_t);
1927 connection_info->interface_id = interface_id;
1928 connection_info->adapter_id = adapter_id;
1929 connection_info->lt_addr = ltaddr;
1930 connection_info->timestamp = pinfo->abs_ts;
1931 connection_info->btclock = (ltaddr_clk_pgscan >> 3) & 0x3ffffff;
1932 memcpy(connection_info->bd_addr[BDADDR_CENTRAL], device_info->bd_addr, 6);
1933 if (fhs_data->device_info)
1934 memcpy(connection_info->bd_addr[BDADDR_PERIPHERAL], fhs_data->device_info->bd_addr, 6);
1935 wmem_tree_insert32_array(connection_info_tree, key, connection_info);
1936 }
1937 }
1938 }
1939 if (device_info) {
1940 set_address(&pinfo->dl_src, AT_ETHER, sizeof(device_info->bd_addr), device_info->bd_addr);
1941 set_address(&pinfo->net_src, AT_ETHER, sizeof(device_info->bd_addr), device_info->bd_addr);
1942 copy_address_shallow(&pinfo->src, &pinfo->net_src);
1943 }
1944 if (fhs_data->device_info) {
1945 set_address(&pinfo->dl_dst, AT_ETHER, sizeof(fhs_data->device_info->bd_addr), fhs_data->device_info->bd_addr);
1946 set_address(&pinfo->net_dst, AT_ETHER, sizeof(fhs_data->device_info->bd_addr), fhs_data->device_info->bd_addr);
1947 copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
1948 }
1949 return offset;
1950 }
1951
1952 void
1953 proto_register_btbredr_rf(void)
1954 {
1955 expert_module_t *expert_module;
1956
1957 static hf_register_info hf[] = {
1958 { &hf_rf_channel,
1959 { "RF Channel", "btbredr_rf.rf_channel",
1960 FT_UINT8, BASE_DEC, NULL, 0x00,
1961 NULL, HFILL }
1962 },
1963 { &hf_uncertain_rf_channel,
1964 { "Uncertain RF Channel", "btbredr_rf.uncertain_rf_channel",
1965 FT_UINT8, BASE_DEC, NULL, 0x00,
1966 NULL, HFILL }
1967 },
1968 { &hf_signal_power,
1969 { "Signal Power", "btbredr_rf.signal_power",
1970 FT_INT8, BASE_DEC, NULL, 0x00,
1971 "Signal Power in dBm", HFILL }
1972 },
1973 { &hf_invalid_signal_power,
1974 { "Invalid Signal Power", "btbredr_rf.invalid.signal_power",
1975 FT_INT8, BASE_DEC, NULL, 0x00,
1976 NULL, HFILL }
1977 },
1978 { &hf_noise_power,
1979 { "Noise Power", "btbredr_rf.noise_power",
1980 FT_INT8, BASE_DEC, NULL, 0x00,
1981 "Noise Power in dBm", HFILL }
1982 },
1983 { &hf_invalid_noise_power,
1984 { "Invalid Noise Power", "btbredr_rf.invalid.noise_power",
1985 FT_INT8, BASE_DEC, NULL, 0x00,
1986 NULL, HFILL }
1987 },
1988 { &hf_access_address_offenses,
1989 { "Access Address Offenses", "btbredr_rf.access_address_offenses",
1990 FT_UINT8, BASE_DEC, NULL, 0x00,
1991 NULL, HFILL }
1992 },
1993 { &hf_payload_transport_rate,
1994 { "Payload Transport Rate", "btbredr_rf.payload_transport_rate",
1995 FT_UINT8, BASE_HEX, NULL, 0x00,
1996 NULL, HFILL }
1997 },
1998 { &hf_payload_transport_rate_ignored,
1999 { "Payload Transport Rate: Ignored", "btbredr_rf.payload_transport_rate.ignored",
2000 FT_UINT8, BASE_HEX, NULL, 0x00,
2001 "BT Packet Header is ignored and there is no payload", HFILL }
2002 },
2003 { &hf_payload_transport_rate_transport,
2004 { "Transport", "btbredr_rf.payload_transport_rate.transport",
2005 FT_UINT8, BASE_HEX, VALS(payload_transport_rate_transport_vals), 0xF0,
2006 NULL, HFILL }
2007 },
2008 { &hf_payload_transport_rate_payload,
2009 { "Payload", "btbredr_rf.payload_transport_rate.payload",
2010 FT_UINT8, BASE_HEX, VALS(payload_transport_rate_payload_vals), 0x0F,
2011 NULL, HFILL }
2012 },
2013 { &hf_corrected_header_bits,
2014 { "Corrected Header Bits", "btbredr_rf.corrected_header_bits",
2015 FT_UINT8, BASE_DEC, NULL, 0x00,
2016 NULL, HFILL }
2017 },
2018 { &hf_corrected_payload_bits,
2019 { "Corrected Payload Bits", "btbredr_rf.corrected_payload_bits",
2020 FT_INT16, BASE_DEC, NULL, 0x00,
2021 NULL, HFILL }
2022 },
2023 { &hf_lower_address_part,
2024 { "Lower Address Part", "btbredr_rf.lower_address_part",
2025 FT_UINT32, BASE_HEX, NULL, 0x00,
2026 NULL, HFILL }
2027 },
2028 { &hf_reference_lower_address_part,
2029 { "Reference Lower Address Part", "btbredr_rf.reference_lower_address_part",
2030 FT_UINT24, BASE_HEX, NULL, 0x00,
2031 NULL, HFILL }
2032 },
2033 { &hf_invalid_reference_lower_address_part,
2034 { "Invalid Reference Lower Address Part", "btbredr_rf.invalid.reference_lower_address_part",
2035 FT_UINT24, BASE_HEX, NULL, 0x00,
2036 NULL, HFILL }
2037 },
2038 { &hf_reference_upper_addres_part,
2039 { "Reference Upper Address Part", "btbredr_rf.reference_upper_address_part",
2040 FT_UINT8, BASE_HEX, NULL, 0x00,
2041 NULL, HFILL }
2042 },
2043 { &hf_invalid_reference_upper_addres_part,
2044 { "Invalid Reference Upper Address Part", "btbredr_rf.invalid.reference_upper_address_part",
2045 FT_UINT8, BASE_HEX, NULL, 0x00,
2046 NULL, HFILL }
2047 },
2048 { &hf_whitened_packet_header,
2049 { "Whitened Packet Header", "btbredr_rf.whitened.packet_header",
2050 FT_UINT32, BASE_HEX, NULL, 0x00,
2051 NULL, HFILL }
2052 },
2053 { &hf_invalid_packet_header,
2054 { "Invalid Packet Header", "btbredr_rf.invalid.packet_header",
2055 FT_UINT32, BASE_HEX, NULL, 0x00,
2056 NULL, HFILL }
2057 },
2058 { &hf_packet_header,
2059 { "Packet Header", "btbredr_rf.packet_header",
2060 FT_UINT32, BASE_HEX, NULL, 0x00,
2061 NULL, HFILL }
2062 },
2063 { &hf_packet_header_lt_addr,
2064 { "LT_ADDR", "btbredr_rf.packet_header.lt_addr",
2065 FT_UINT32, BASE_HEX, NULL, 0x00000007,
2066 NULL, HFILL }
2067 },
2068 { &hf_packet_header_type,
2069 { "Type", "btbredr_rf.packet_header.type",
2070 FT_UINT32, BASE_HEX, NULL, 0x00000078,
2071 NULL, HFILL }
2072 },
2073 { &hf_packet_header_type_any,
2074 { "Type", "btbredr_rf.packet_header.type",
2075 FT_UINT32, BASE_HEX, VALS(packet_type_any_vals), 0x00000078,
2076 NULL, HFILL }
2077 },
2078 { &hf_packet_header_type_sco_br,
2079 { "Type", "btbredr_rf.packet_header.type",
2080 FT_UINT32, BASE_HEX, VALS(packet_type_sco_br_vals), 0x00000078,
2081 NULL, HFILL }
2082 },
2083 { &hf_packet_header_type_esco_br,
2084 { "Type", "btbredr_rf.packet_header.type",
2085 FT_UINT32, BASE_HEX, VALS(packet_type_esco_br_vals), 0x00000078,
2086 NULL, HFILL }
2087 },
2088 { &hf_packet_header_type_esco_edr,
2089 { "Type", "btbredr_rf.packet_header.type",
2090 FT_UINT32, BASE_HEX, VALS(packet_type_esco_edr_vals), 0x00000078,
2091 NULL, HFILL }
2092 },
2093 { &hf_packet_header_type_acl_br,
2094 { "Type", "btbredr_rf.packet_header.type",
2095 FT_UINT32, BASE_HEX, VALS(packet_type_acl_br_vals), 0x00000078,
2096 NULL, HFILL }
2097 },
2098 { &hf_packet_header_type_acl_edr,
2099 { "Type", "btbredr_rf.packet_header.type",
2100 FT_UINT32, BASE_HEX, VALS(packet_type_acl_edr_vals), 0x00000078,
2101 NULL, HFILL }
2102 },
2103 { &hf_packet_header_type_cpb_br,
2104 { "Type", "btbredr_rf.packet_header.type",
2105 FT_UINT32, BASE_HEX, VALS(packet_type_cpb_br_vals), 0x00000078,
2106 NULL, HFILL }
2107 },
2108 { &hf_packet_header_type_cpb_edr,
2109 { "Type", "btbredr_rf.packet_header.type",
2110 FT_UINT32, BASE_HEX, VALS(packet_type_cpb_edr_vals), 0x00000078,
2111 NULL, HFILL }
2112 },
2113 { &hf_packet_header_flow_control,
2114 { "Flow Control", "btbredr_rf.packet_header.flow_control",
2115 FT_BOOLEAN, 32, NULL, 0x00000080,
2116 NULL, HFILL }
2117 },
2118 { &hf_packet_header_acknowledge_indication,
2119 { "ARQN", "btbredr_rf.packet_header.arqn",
2120 FT_BOOLEAN, 32, NULL, 0x00000100,
2121 "Acknowledge Indication", HFILL }
2122 },
2123 { &hf_packet_header_sequence_number,
2124 { "SEQN", "btbredr_rf.packet_header.seqn",
2125 FT_BOOLEAN, 32, NULL, 0x00000200,
2126 "Sequence Number", HFILL }
2127 },
2128 { &hf_packet_header_header_error_check,
2129 { "HEC", "btbredr_rf.packet_header.hec",
2130 FT_UINT32, BASE_HEX, NULL, 0x0003FC00,
2131 "Header Error Check", HFILL }
2132 },
2133 { &hf_packet_header_reserved,
2134 { "Reserved", "btbredr_rf.packet_header.reserved",
2135 FT_UINT32, BASE_HEX, NULL, 0xFFFC0000,
2136 NULL, HFILL }
2137 },
2138 { &hf_packet_header_broken_lt_addr,
2139 { "LT_ADDR", "btbredr_rf.packet_header.lt_addr",
2140 FT_UINT32, BASE_HEX, NULL, 0x00038000,
2141 NULL, HFILL }
2142 },
2143 { &hf_packet_header_broken_type,
2144 { "Type", "btbredr_rf.packet_header.type",
2145 FT_UINT32, BASE_HEX, NULL, 0x00007800,
2146 NULL, HFILL }
2147 },
2148 { &hf_packet_header_broken_type_any,
2149 { "Type", "btbredr_rf.packet_header.type",
2150 FT_UINT32, BASE_HEX, VALS(packet_type_any_vals), 0x00007800,
2151 NULL, HFILL }
2152 },
2153 { &hf_packet_header_broken_type_sco_br,
2154 { "Type", "btbredr_rf.packet_header.type",
2155 FT_UINT32, BASE_HEX, VALS(packet_type_sco_br_vals), 0x00007800,
2156 NULL, HFILL }
2157 },
2158 { &hf_packet_header_broken_type_esco_br,
2159 { "Type", "btbredr_rf.packet_header.type",
2160 FT_UINT32, BASE_HEX, VALS(packet_type_esco_br_vals), 0x00007800,
2161 NULL, HFILL }
2162 },
2163 { &hf_packet_header_broken_type_esco_edr,
2164 { "Type", "btbredr_rf.packet_header.type",
2165 FT_UINT32, BASE_HEX, VALS(packet_type_esco_edr_vals), 0x00007800,
2166 NULL, HFILL }
2167 },
2168 { &hf_packet_header_broken_type_acl_br,
2169 { "Type", "btbredr_rf.packet_header.type",
2170 FT_UINT32, BASE_HEX, VALS(packet_type_acl_br_vals), 0x00007800,
2171 NULL, HFILL }
2172 },
2173 { &hf_packet_header_broken_type_acl_edr,
2174 { "Type", "btbredr_rf.packet_header.type",
2175 FT_UINT32, BASE_HEX, VALS(packet_type_acl_edr_vals), 0x00007800,
2176 NULL, HFILL }
2177 },
2178 { &hf_packet_header_broken_type_cpb_br,
2179 { "Type", "btbredr_rf.packet_header.type",
2180 FT_UINT32, BASE_HEX, VALS(packet_type_cpb_br_vals), 0x00007800,
2181 NULL, HFILL }
2182 },
2183 { &hf_packet_header_broken_type_cpb_edr,
2184 { "Type", "btbredr_rf.packet_header.type",
2185 FT_UINT32, BASE_HEX, VALS(packet_type_cpb_edr_vals), 0x00007800,
2186 NULL, HFILL }
2187 },
2188 { &hf_packet_header_broken_flow_control,
2189 { "Flow Control", "btbredr_rf.packet_header.flow_control",
2190 FT_BOOLEAN, 32, NULL, 0x00000400,
2191 NULL, HFILL }
2192 },
2193 { &hf_packet_header_broken_acknowledge_indication,
2194 { "ARQN", "btbredr_rf.packet_header.arqn",
2195 FT_BOOLEAN, 32, NULL, 0x00000200,
2196 "Acknowledge Indication", HFILL }
2197 },
2198 { &hf_packet_header_broken_sequence_number,
2199 { "SEQN", "btbredr_rf.packet_header.seqn",
2200 FT_BOOLEAN, 32, NULL, 0x00000100,
2201 "Sequence Number", HFILL }
2202 },
2203 { &hf_packet_header_broken_header_error_check,
2204 { "HEC", "btbredr_rf.packet_header.hec",
2205 FT_UINT32, BASE_HEX, NULL, 0x000000FF,
2206 "Header Error Check", HFILL }
2207 },
2208 { &hf_whitened_data,
2209 { "Whitened Data", "btbredr_rf.whitened.data",
2210 FT_NONE, BASE_NONE, NULL, 0x00,
2211 NULL, HFILL }
2212 },
2213 { &hf_encrypted_data,
2214 { "Encrypted Data", "btbredr_rf.encrypted.data",
2215 FT_NONE, BASE_NONE, NULL, 0x00,
2216 NULL, HFILL }
2217 },
2218 { &hf_data,
2219 { "Data", "btbredr_rf.data",
2220 FT_NONE, BASE_NONE, NULL, 0x00,
2221 NULL, HFILL }
2222 },
2223 { &hf_isochronous_data,
2224 { "Isochronous Data", "btbredr_rf.isochronous_data",
2225 FT_NONE, BASE_NONE, NULL, 0x00,
2226 NULL, HFILL }
2227 },
2228 { &hf_asynchronous_data,
2229 { "Asynchronous Data", "btbredr_rf.asynchronous_data",
2230 FT_NONE, BASE_NONE, NULL, 0x00,
2231 NULL, HFILL }
2232 },
2233 { &hf_l2cap_fragment,
2234 { "L2CAP Fragment", "btbredr_rf.l2cap_data",
2235 FT_NONE, BASE_NONE, NULL, 0x00,
2236 NULL, HFILL }
2237 },
2238 { &hf_crc,
2239 { "CRC", "btbredr_rf.crc",
2240 FT_UINT16, BASE_HEX, NULL, 0x00,
2241 NULL, HFILL }
2242 },
2243 { &hf_flags,
2244 { "Flags", "btbredr_rf.flags",
2245 FT_UINT16, BASE_HEX, NULL, 0x00,
2246 NULL, HFILL }
2247 },
2248 { &hf_flags_reserved_15_14,
2249 { "Reserved", "btbredr_rf.flags.reserved.15_14",
2250 FT_UINT16, BASE_HEX, NULL, 0xC000,
2251 NULL, HFILL }
2252 },
2253 { &hf_flags_mic_pass,
2254 { "MIC Pass", "btbredr_rf.flags.mic_pass",
2255 FT_BOOLEAN, 16, NULL, 0x2000,
2256 NULL, HFILL }
2257 },
2258 { &hf_flags_mic_checked,
2259 { "MIC Checked", "btbredr_rf.flags.mic_check",
2260 FT_BOOLEAN, 16, NULL, 0x1000,
2261 NULL, HFILL }
2262 },
2263 { &hf_flags_crc_pass,
2264 { "CRC Pass", "btbredr_rf.flags.crc_pass",
2265 FT_BOOLEAN, 16, NULL, 0x0800,
2266 NULL, HFILL }
2267 },
2268 { &hf_flags_crc_checked,
2269 { "CRC Checked", "btbredr_rf.flags.crc_check",
2270 FT_BOOLEAN, 16, NULL, 0x0400,
2271 NULL, HFILL }
2272 },
2273 { &hf_flags_hec_pass,
2274 { "HEC Pass", "btbredr_rf.flags.hec_pass",
2275 FT_BOOLEAN, 16, NULL, 0x0200,
2276 NULL, HFILL }
2277 },
2278 { &hf_flags_hec_checked,
2279 { "HEC Checked", "btbredr_rf.flags.hec_check",
2280 FT_BOOLEAN, 16, NULL, 0x0100,
2281 NULL, HFILL }
2282 },
2283 { &hf_flags_reference_upper_addres_part_valid,
2284 { "Reference Upper Address Part Valid", "btbredr_rf.flags.reference_upper_address_part_valid",
2285 FT_BOOLEAN, 16, NULL, 0x0080,
2286 NULL, HFILL }
2287 },
2288 { &hf_flags_rf_channel_aliasing,
2289 { "RF Channel Aliasing", "btbredr_rf.flags.rf_channel_aliasing",
2290 FT_BOOLEAN, 16, NULL, 0x0040,
2291 NULL, HFILL }
2292 },
2293 { &hf_flags_br_edr_data_present,
2294 { "BR or EDR Data Present", "btbredr_rf.flags.bredr_data_present",
2295 FT_BOOLEAN, 16, NULL, 0x0020,
2296 NULL, HFILL }
2297 },
2298 { &hf_flags_reference_lower_address_part_valid,
2299 { "Reference Lower Address Part Valid", "btbredr_rf.flags.reference_lower_address_part_valid",
2300 FT_BOOLEAN, 16, NULL, 0x0010,
2301 NULL, HFILL }
2302 },
2303 { &hf_flags_bredr_payload_decrypted,
2304 { "BR or EDR Payload Decrypted", "btbredr_rf.flags.bredr_payload_decrypted",
2305 FT_BOOLEAN, 16, NULL, 0x0008,
2306 NULL, HFILL }
2307 },
2308 { &hf_flags_noise_power_valid,
2309 { "Noise Power Valid", "btbredr_rf.flags.noise_power_valid",
2310 FT_BOOLEAN, 16, NULL, 0x0004,
2311 NULL, HFILL }
2312 },
2313 { &hf_flags_signal_power_valid,
2314 { "Signal Power Valid", "btbredr_rf.flags.signal_power_valid",
2315 FT_BOOLEAN, 16, NULL, 0x0002,
2316 NULL, HFILL }
2317 },
2318 { &hf_flags_packet_header_and_br_edr_payload_dewhitened,
2319 { "Packet Header and BR/EDR Payload Dewhitened", "btbredr_rf.flags.pkt_hdr_and_br_edr_payload_dewhitened",
2320 FT_BOOLEAN, 16, NULL, 0x0001,
2321 NULL, HFILL }
2322 },
2323 { &hf_payload_header2,
2324 { "Payload Header", "btbredr_rf.payload_header",
2325 FT_UINT16, BASE_HEX, NULL, 0x00,
2326 NULL, HFILL }
2327 },
2328 { &hf_payload_header2_llid,
2329 { "LLID", "btbredr_rf.payload_header.llid",
2330 FT_UINT16, BASE_HEX, NULL, 0x0003,
2331 NULL, HFILL }
2332 },
2333 { &hf_payload_header2_flow,
2334 { "Flow", "btbredr_rf.payload_header.flow",
2335 FT_UINT16, BASE_HEX, NULL, 0x0004,
2336 NULL, HFILL }
2337 },
2338 { &hf_payload_header2_length,
2339 { "Length", "btbredr_rf.payload_header.length",
2340 FT_UINT16, BASE_HEX, NULL, 0x1ff8,
2341 NULL, HFILL }
2342 },
2343 { &hf_payload_header2_rfu,
2344 { "RFU", "btbredr_rf.payload_header.rfu",
2345 FT_UINT16, BASE_HEX, NULL, 0xe000,
2346 NULL, HFILL }
2347 },
2348 { &hf_payload_header1,
2349 { "Payload Header", "btbredr_rf.payload_header",
2350 FT_UINT8, BASE_HEX, NULL, 0x00,
2351 NULL, HFILL }
2352 },
2353 { &hf_payload_header1_llid,
2354 { "LLID", "btbredr_rf.payload_header.llid",
2355 FT_UINT8, BASE_HEX, NULL, 0x03,
2356 NULL, HFILL }
2357 },
2358 { &hf_payload_header1_flow,
2359 { "Flow", "btbredr_rf.payload_header.flow",
2360 FT_UINT8, BASE_HEX, NULL, 0x04,
2361 NULL, HFILL }
2362 },
2363 { &hf_payload_header1_length,
2364 { "Length", "btbredr_rf.payload_header.length",
2365 FT_UINT8, BASE_HEX, NULL, 0xf8,
2366 NULL, HFILL }
2367 },
2368 { &hf_l2cap_msg_fragments,
2369 { "L2CAP fragments", "btbredr_rf.l2cap.fragments",
2370 FT_NONE, BASE_NONE, NULL, 0x00,
2371 NULL, HFILL }
2372 },
2373 { &hf_l2cap_msg_fragment,
2374 { "L2CAP fragment", "btbredr_rf.l2cap.fragment",
2375 FT_FRAMENUM, BASE_NONE, NULL, 0x00,
2376 NULL, HFILL }
2377 },
2378 { &hf_l2cap_msg_fragment_overlap,
2379 { "L2CAP fragment overlap", "btbredr_rf.l2cap.fragment.overlap",
2380 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2381 NULL, HFILL }
2382 },
2383 { &hf_l2cap_msg_fragment_overlap_conflicts,
2384 { "L2CAP fragment overlapping with conflicting data", "btbredr_rf.l2cap.fragment.overlap.conflicts",
2385 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2386 NULL, HFILL }
2387 },
2388 { &hf_l2cap_msg_fragment_multiple_tails,
2389 { "L2CAP has multiple tail fragments", "btbredr_rf.l2cap.fragment.multiple_tails",
2390 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2391 NULL, HFILL }
2392 },
2393 { &hf_l2cap_msg_fragment_too_long_fragment,
2394 { "L2CAP fragment too long", "btbredr_rf.l2cap.fragment.too_long_fragment",
2395 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2396 NULL, HFILL }
2397 },
2398 { &hf_l2cap_msg_fragment_error,
2399 { "L2CAP defragmentation error", "btbredr_rf.l2cap.fragment.error",
2400 FT_FRAMENUM, BASE_NONE, NULL, 0x00,
2401 NULL, HFILL }
2402 },
2403 { &hf_l2cap_msg_fragment_count,
2404 { "L2CAP fragment count", "btbredr_rf.l2cap.fragment.count",
2405 FT_UINT32, BASE_DEC, NULL, 0x00,
2406 NULL, HFILL }
2407 },
2408 { &hf_l2cap_msg_reassembled_in,
2409 { "Reassembled in", "btbredr_rf.l2cap.reassembled.in",
2410 FT_FRAMENUM, BASE_NONE, NULL, 0x00,
2411 NULL, HFILL }
2412 },
2413 { &hf_l2cap_msg_reassembled_length,
2414 { "Reassembled L2CAP length", "btbredr_rf.l2cap.reassembled.length",
2415 FT_UINT32, BASE_DEC, NULL, 0x00,
2416 NULL, HFILL }
2417 }
2418 };
2419
2420 static hf_register_info hf_fhs[] = {
2421 { &hf_fhs_parity,
2422 { "Parity Bits", "btbredr_fhs.parity",
2423 FT_UINT64, BASE_HEX, NULL, 0x00000003ffffffff,
2424 NULL, HFILL }
2425 },
2426 { &hf_fhs_lap,
2427 { "Lower Address Part", "btbredr_fhs.lap",
2428 FT_UINT64, BASE_HEX, NULL, 0x03fffffc00000000,
2429 NULL, HFILL }
2430 },
2431 { &hf_fhs_eir,
2432 { "Extended Inquiry Response", "btbredr_fhs.eir",
2433 FT_UINT64, BASE_DEC, NULL, 0x0400000000000000,
2434 NULL, HFILL }
2435 },
2436 { &hf_fhs_reserved,
2437 { "Reserved", "btbredr_fhs.reserved",
2438 FT_UINT64, BASE_DEC, NULL, 0x0800000000000000,
2439 NULL, HFILL }
2440 },
2441 { &hf_fhs_sr,
2442 { "Scan Repetition", "btbredr_fhs.sr",
2443 FT_UINT64, BASE_DEC|BASE_VAL64_STRING, VALS64(fhs_scan_repetition_vals), 0x3000000000000000,
2444 NULL, HFILL }
2445 },
2446 { &hf_fhs_sp,
2447 { "SP", "btbredr_fhs.sp",
2448 FT_UINT64, BASE_DEC, NULL, 0xc000000000000000,
2449 "shall be set to 10", HFILL }
2450 },
2451 { &hf_fhs_uap,
2452 { "Upper Address Part", "btbredr_fhs.uap",
2453 FT_UINT8, BASE_HEX, NULL, 0x00,
2454 NULL, HFILL }
2455 },
2456 { &hf_fhs_nap,
2457 { "Non-Significant Address Part", "btbredr_fhs.nap",
2458 FT_UINT16, BASE_HEX, NULL, 0x00,
2459 NULL, HFILL }
2460 },
2461 { &hf_fhs_class,
2462 { "Class of Device", "btbredr_fhs.class",
2463 FT_UINT24, BASE_HEX, NULL, 0x00,
2464 NULL, HFILL }
2465 },
2466 { &hf_fhs_ltaddr,
2467 { "LT_ADDR", "btbredr_fhs.ltaddr",
2468 FT_UINT32, BASE_DEC, NULL, 0x00000007,
2469 NULL, HFILL }
2470 },
2471 { &hf_fhs_clk,
2472 { "CLK", "btbredr_fhs.clk",
2473 FT_UINT32, BASE_HEX, NULL, 0x1ffffff8,
2474 NULL, HFILL }
2475 },
2476 { &hf_fhs_pagescanmode,
2477 { "Page Scan Mode", "btbredr_fhs.pagescanmode",
2478 FT_UINT32, BASE_DEC, VALS(fhs_page_scan_mode_vals), 0xe0000000,
2479 NULL, HFILL }
2480 }
2481 };
2482
2483 static int *ett[] = {
2484 &ett_btbredr_rf,
2485 &ett_flags,
2486 &ett_payload_transport_rate,
2487 &ett_packet_header,
2488 &ett_bluetooth_header,
2489 &ett_payload_header,
2490 &ett_l2cap_msg_fragment,
2491 &ett_l2cap_msg_fragments,
2492 &ett_btbredr_fhs
2493 };
2494
2495 static ei_register_info ei[] = {
2496 { &ei_unexpected_data, { "btbredr_rf.unexpected_data", PI_PROTOCOL, PI_WARN, "Unexpected data, BR or EDR Data Present flag is set to False", EXPFILL }},
2497 { &ei_reserved_not_zero, { "btbredr_rf.reserved_not_zero", PI_PROTOCOL, PI_WARN, "Reserved values are not zeros", EXPFILL }},
2498 { &ei_incorrect_packet_header_or_hec, { "btbredr_rf.incorrect_packet_header_or_hec", PI_PROTOCOL, PI_WARN, "Incorrect Packet Header or HEC", EXPFILL }},
2499 { &ei_packet_header_with_hec_not_checked, { "btbredr_rf.packet_header_with_hec_not_checked", PI_PROTOCOL, PI_NOTE, "Packet Header with HEC is not checked", EXPFILL }},
2500 { &ei_broken_packet_header_format, { "btbredr_rf.broken_packet_header_format", PI_PROTOCOL, PI_WARN, "Broken Packet Header Format", EXPFILL }},
2501 { &ei_incorrect_crc, { "btbredr_rf.incorrect_crc", PI_PROTOCOL, PI_WARN, "Incorrect CRC", EXPFILL }},
2502 { &ei_missing_fragment_start, { "btbredr_rf.missing_fragment_start", PI_SEQUENCE, PI_WARN, "Missing Fragment Start", EXPFILL }},
2503 { &ei_esco_incorrect_ltaddr, { "btbredr_rf.esco_incorrect_ltaddr", PI_PROTOCOL, PI_WARN, "Incorrect (e)SCO LT_ADDR", EXPFILL }},
2504 { &ei_esco_incorrect_length, { "btbredr_rf.esco_incorrect_length", PI_PROTOCOL, PI_WARN, "Incorrect eSCO Packet Length", EXPFILL }}
2505 };
2506
2507 connection_info_tree = wmem_tree_new_autoreset(wmem_epan_scope(), wmem_file_scope());
2508 device_info_tree = wmem_tree_new_autoreset(wmem_epan_scope(), wmem_file_scope());
2509
2510 proto_btbredr_rf = proto_register_protocol("Bluetooth Pseudoheader for BR/EDR", "BT BR/EDR RF", "btbredr_rf");
2511 proto_register_field_array(proto_btbredr_rf, hf, array_length(hf));
2512 proto_register_subtree_array(ett, array_length(ett));
2513 btbredr_rf_handle = register_dissector("btbredr_rf", dissect_btbredr_rf, proto_btbredr_rf);
2514
2515 proto_btbredr_fhs = proto_register_protocol("Bluetooth BR/EDR FHS", "BT BR/EDR FHS", "btbredr_fhs");
2516 proto_register_field_array(proto_btbredr_fhs, hf_fhs, array_length(hf_fhs));
2517 btbredr_fhs_handle = register_dissector("btbredr_fhs", dissect_btbredr_fhs, proto_btbredr_fhs);
2518
2519 packet_type_sco_br_table = register_dissector_table("btbredr_rf.packet_type.sco.br", "BT Packet Type for SCO BR", proto_btbredr_rf, FT_UINT8, BASE_HEX);
2520 packet_type_esco_br_table = register_dissector_table("btbredr_rf.packet_type.esco.br", "BT Packet Type for eSCO BR", proto_btbredr_rf, FT_UINT8, BASE_HEX);
2521 packet_type_esco_edr_table = register_dissector_table("btbredr_rf.packet_type.esco.edr", "BT Packet Type for eSCO EDR", proto_btbredr_rf, FT_UINT8, BASE_HEX);
2522 packet_type_acl_br_table = register_dissector_table("btbredr_rf.packet_type.acl.br", "BT Packet Type for ACL BR", proto_btbredr_rf, FT_UINT8, BASE_HEX);
2523 packet_type_acl_edr_table = register_dissector_table("btbredr_rf.packet_type.acl.edr", "BT Packet Type for ACL EDR", proto_btbredr_rf, FT_UINT8, BASE_HEX);
2524 packet_type_cpb_br_table = register_dissector_table("btbredr_rf.packet_type.cpb.br", "BT Packet Type for CPB BR", proto_btbredr_rf, FT_UINT8, BASE_HEX);
2525 packet_type_cpb_edr_table = register_dissector_table("btbredr_rf.packet_type.cpb.edr", "BT Packet Type for CPB EDR", proto_btbredr_rf, FT_UINT8, BASE_HEX);
2526
2527 expert_module = expert_register_protocol(proto_btbredr_rf);
2528 expert_register_field_array(expert_module, ei, array_length(ei));
2529 }
2530
2531 void
2532 proto_reg_handoff_btbredr_rf(void)
2533 {
2534 btlmp_handle = find_dissector_add_dependency("btlmp", proto_btbredr_rf);
2535 btl2cap_handle = find_dissector_add_dependency("btl2cap", proto_btbredr_rf);
2536 dissector_add_uint("bluetooth.encap", WTAP_ENCAP_BLUETOOTH_BREDR_BB, btbredr_rf_handle);
2537 }
2538
2539 /*
2540 * Editor modelines - https://www.wireshark.org/tools/modelines.html
2541 *
2542 * Local variables:
2543 * c-basic-offset: 4
2544 * tab-width: 8
2545 * indent-tabs-mode: nil
2546 * End:
2547 *
2548 * vi: set shiftwidth=4 tabstop=8 expandtab:
2549 * :indentSize=4:tabSize=8:noTabs=true:
2550 */
Metzes wireshark repo