Bluetooth: refactor Bluetooth Monitor packets (#4091)

antoniovazquezblanco · gpotter2 · web-flow · commit eae1567b158a · 2024-02-06T00:25:11.000+01:00
* Add many Bluetooth Monitor packets

* Restore HCI_MON in bluetooth.py

---------

Co-authored-by: gpotter2 &lt;10530980+gpotter2@users.noreply.github.com&gt;
diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py
@@ -46,6 +46,7 @@
     StrField,
     StrFixedLenField,
     StrLenField,
+    StrNullField,
     UUIDField,
     XByteField,
     XLE3BytesField,
@@ -196,24 +197,6 @@ class HCI_PHDR_Hdr(Packet):
 }
 
 
-class BT_Mon_Hdr(Packet):
-    name = 'Bluetooth Linux Monitor Transport Header'
-    fields_desc = [
-        LEShortField('opcode', None),
-        LEShortField('adapter_id', None),
-        LEShortField('len', None)
-    ]
-
-
-# https://www.tcpdump.org/linktypes/LINKTYPE_BLUETOOTH_LINUX_MONITOR.html
-class BT_Mon_Pcap_Hdr(BT_Mon_Hdr):
-    name = 'Bluetooth Linux Monitor Transport Pcap Header'
-    fields_desc = [
-        ShortField('adapter_id', None),
-        ShortField('opcode', None)
-    ]
-
-
 class HCI_Hdr(Packet):
     name = "HCI header"
     fields_desc = [ByteEnumField("type", 2, _bluetooth_packet_types)]
@@ -1889,7 +1872,6 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet):
 
 conf.l2types.register(DLT_BLUETOOTH_HCI_H4, HCI_Hdr)
 conf.l2types.register(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, HCI_PHDR_Hdr)
-conf.l2types.register(DLT_BLUETOOTH_LINUX_MONITOR, BT_Mon_Pcap_Hdr)
 
 
 # 7.1 LINK CONTROL COMMANDS, the OGF is defined as 0x01
@@ -2084,6 +2066,97 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet):
 bind_layers(SM_Hdr, SM_DHKey_Check, sm_command=0x0d)
 
 
+###############
+# HCI Monitor #
+###############
+
+
+# https://elixir.bootlin.com/linux/v6.4.2/source/include/net/bluetooth/hci_mon.h#L27
+class HCI_Mon_Hdr(Packet):
+    name = 'Bluetooth Linux Monitor Transport Header'
+    fields_desc = [
+        LEShortEnumField('opcode', None, {
+            0: "New index",
+            1: "Delete index",
+            2: "Command pkt",
+            3: "Event pkt",
+            4: "ACL TX pkt",
+            5: "ACL RX pkt",
+            6: "SCO TX pkt",
+            7: "SCO RX pkt",
+            8: "Open index",
+            9: "Close index",
+            10: "Index info",
+            11: "Vendor diag",
+            12: "System note",
+            13: "User logging",
+            14: "Ctrl open",
+            15: "Ctrl close",
+            16: "Ctrl command",
+            17: "Ctrl event",
+            18: "ISO TX pkt",
+            19: "ISO RX pkt",
+        }),
+        LEShortField('adapter_id', None),
+        LEShortField('len', None)
+    ]
+
+
+# https://www.tcpdump.org/linktypes/LINKTYPE_BLUETOOTH_LINUX_MONITOR.html
+class HCI_Mon_Pcap_Hdr(HCI_Mon_Hdr):
+    name = 'Bluetooth Linux Monitor Transport Pcap Header'
+    fields_desc = [
+        ShortField('adapter_id', None),
+        ShortField('opcode', None)
+    ]
+
+
+class HCI_Mon_New_Index(Packet):
+    name = 'Bluetooth Linux Monitor Transport New Index Packet'
+    fields_desc = [
+        ByteEnumField('bus', 0, {
+            0x00: "BR/EDR",
+            0x01: "AMP"
+        }),
+        ByteEnumField('type', 0, {
+            0x00: "Virtual",
+            0x01: "USB",
+            0x02: "PC Card",
+            0x03: "UART",
+            0x04: "RS232",
+            0x05: "PCI",
+            0x06: "SDIO"
+        }),
+        LEMACField('addr', None),
+        StrFixedLenField('devname', None, 8)
+    ]
+
+
+class HCI_Mon_Index_Info(Packet):
+    name = 'Bluetooth Linux Monitor Transport Index Info Packet'
+    fields_desc = [
+        LEMACField('addr', None),
+        XLEShortField('manufacturer', None)
+    ]
+
+
+class HCI_Mon_System_Note(Packet):
+    name = 'Bluetooth Linux Monitor Transport System Note Packet'
+    fields_desc = [
+        StrNullField('note', None)
+    ]
+
+
+# https://elixir.bootlin.com/linux/v6.4.2/source/include/net/bluetooth/hci_mon.h#L34
+bind_layers(HCI_Mon_Hdr, HCI_Mon_New_Index, opcode=0)
+bind_layers(HCI_Mon_Hdr, HCI_Command_Hdr, opcode=2)
+bind_layers(HCI_Mon_Hdr, HCI_Event_Hdr, opcode=3)
+bind_layers(HCI_Mon_Hdr, HCI_Mon_Index_Info, opcode=10)
+bind_layers(HCI_Mon_Hdr, HCI_Mon_System_Note, opcode=12)
+
+conf.l2types.register(DLT_BLUETOOTH_LINUX_MONITOR, HCI_Mon_Pcap_Hdr)
+
+
 ###########
 # Helpers #
 ###########
@@ -2302,7 +2375,7 @@ def recv(self, x=MTU):
 
 
 class BluetoothMonitorSocket(_BluetoothLibcSocket):
-    desc = "read/write over a Bluetooth monitor channel"
+    desc = "Read/write over a Bluetooth monitor channel"
 
     def __init__(self):
         sa = sockaddr_hci()
@@ -2316,7 +2389,7 @@ def __init__(self):
             sock_address=sa)
 
     def recv(self, x=MTU):
-        return BT_Mon_Hdr(self.ins.recv(x))
+        return HCI_Mon_Hdr(self.ins.recv(x))
 
 
 conf.BTsocket = BluetoothRFCommSocket
diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts
@@ -529,9 +529,39 @@ p = SM_Hdr(r)
 assert SM_DHKey_Check in p and p.dhkey_check[:5] == b"scapy"
 
 
-= Bluetooth Monitor Pcap Header
++ HCIMon tests
 
-p = BT_Mon_Pcap_Hdr(hex_bytes("00000008"))
-assert BT_Mon_Pcap_Hdr in p
-assert p[BT_Mon_Pcap_Hdr].adapter_id == 0
-assert p[BT_Mon_Pcap_Hdr].opcode == 8
+= HCI_Mon - Bluetooth Monitor Pcap Header
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("00000008"))
+assert HCI_Mon_Pcap_Hdr in p
+assert p[HCI_Mon_Pcap_Hdr].adapter_id == 0
+assert p[HCI_Mon_Pcap_Hdr].opcode == 8
+
+= HCI_Mon - Bluetooth Monitor HCI_Mon_New_Index
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("0000000000030000109a81206863693000000000"))
+assert HCI_Mon_New_Index in p
+assert p[HCI_Mon_New_Index].bus == 0
+assert p[HCI_Mon_New_Index].type == 3
+assert p[HCI_Mon_New_Index].addr == '20:81:9a:10:00:00'
+assert p[HCI_Mon_New_Index].devname.decode('utf-8').rstrip('\x00') == 'hci0'
+
+= HCI_Mon - Bluetooth Monitor HCI_Mon_Delete_Index
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("00000001"))
+assert HCI_Mon_Pcap_Hdr in p
+assert p[HCI_Mon_Pcap_Hdr].opcode == 1
+
+= HCI_Mon - Bluetooth Monitor HCI_Mon_Index_Info
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("0000000a0000109a81203101"))
+assert HCI_Mon_Index_Info in p
+assert p[HCI_Mon_Index_Info].addr == '20:81:9a:10:00:00'
+assert p[HCI_Mon_Index_Info].manufacturer == 0x131
+
+= HCI_Mon - Bluetooth Monitor HCI_Mon_System_Note
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("ffff000c426c7565746f6f74682073756273797374656d2076657273696f6e20322e323200"))
+assert HCI_Mon_System_Note in p
+assert p[HCI_Mon_System_Note].note == b'Bluetooth subsystem version 2.22'
