Add many Bluetooth Monitor packets

scapy/layers/bluetooth.py

@@ -45,6 +45,7 @@
     StrField,
     StrFixedLenField,
     StrLenField,
+    StrNullField,
     UUIDField,
     XByteField,
     XLE3BytesField,
@@ -195,7 +196,7 @@ class HCI_PHDR_Hdr(Packet):
 }
 
 
-class BT_Mon_Hdr(Packet):
+class HCI_Mon_Hdr(Packet):
     name = 'Bluetooth Linux Monitor Transport Header'
     fields_desc = [
         LEShortField('opcode', None),
@@ -205,14 +206,62 @@ class BT_Mon_Hdr(Packet):
 
 
 # https://www.tcpdump.org/linktypes/LINKTYPE_BLUETOOTH_LINUX_MONITOR.html
-class BT_Mon_Pcap_Hdr(BT_Mon_Hdr):
+class HCI_Mon_Pcap_Hdr(HCI_Mon_Hdr):
     name = 'Bluetooth Linux Monitor Transport Pcap Header'
     fields_desc = [
         ShortField('adapter_id', None),
         ShortField('opcode', None)
     ]
 
 
+class HCI_Mon_New_Index(Packet):
+    name = 'Bluetooth Linux Monitor Transport New Index Packet'
+    fields_desc = [
+        ByteEnumField('bus', 0, {
+            0x00: "BR/EDR",
+            0x01: "AMP"
+        }),
+        ByteEnumField('type', 0, {
+            0x00: "Virtual",
+            0x01: "USB",
+            0x02: "PC Card",
+            0x03: "UART",
+            0x04: "RS232",
+            0x05: "PCI",
+            0x06: "SDIO"
+        }),
+        LEMACField('addr', None),
+        StrFixedLenField('devname', None, 8)
+    ]
+
+
+class HCI_Mon_Delete_Index(Packet):
+    name = 'Bluetooth Linux Monitor Transport Delete Index Packet'
+
+
+class HCI_Mon_Open_Index(Packet):
+    name = 'Bluetooth Linux Monitor Transport Open Index Packet'
+
+
+class HCI_Mon_Close_Index(Packet):
+    name = 'Bluetooth Linux Monitor Transport Close Index Packet'
+
+
+class HCI_Mon_Index_Info(Packet):
+    name = 'Bluetooth Linux Monitor Transport Index Info Packet'
+    fields_desc = [
+        LEMACField('addr', None),
+        XLEShortField('manufacturer', None)
+    ]
+
+
+class HCI_Mon_System_Note(Packet):
+    name = 'Bluetooth Linux Monitor Transport System Note Packet'
+    fields_desc = [
+        StrNullField('note', None)
+    ]
+
+
 class HCI_Hdr(Packet):
     name = "HCI header"
     fields_desc = [ByteEnumField("type", 2, _bluetooth_packet_types)]
@@ -1681,6 +1730,16 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet):
                    XLEShortField("ediv", 0), ]
 
 
+# https://elixir.bootlin.com/linux/v6.4.2/source/include/net/bluetooth/hci_mon.h#L34
+bind_layers(HCI_Mon_Hdr, HCI_Mon_New_Index, opcode=0)
+bind_layers(HCI_Mon_Hdr, HCI_Mon_Delete_Index, opcode=1)
+bind_layers(HCI_Mon_Hdr, HCI_Command_Hdr, opcode=2)
+bind_layers(HCI_Mon_Hdr, HCI_Event_Hdr, opcode=3)
+bind_layers(HCI_Mon_Hdr, HCI_Mon_Open_Index, opcode=8)
+bind_layers(HCI_Mon_Hdr, HCI_Mon_Close_Index, opcode=9)
+bind_layers(HCI_Mon_Hdr, HCI_Mon_Index_Info, opcode=10)
+bind_layers(HCI_Mon_Hdr, HCI_Mon_System_Note, opcode=12)
+
 bind_layers(HCI_PHDR_Hdr, HCI_Hdr)
 
 bind_layers(HCI_Hdr, HCI_Command_Hdr, type=1)
@@ -1690,7 +1749,7 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet):
 
 conf.l2types.register(DLT_BLUETOOTH_HCI_H4, HCI_Hdr)
 conf.l2types.register(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, HCI_PHDR_Hdr)
-conf.l2types.register(DLT_BLUETOOTH_LINUX_MONITOR, BT_Mon_Pcap_Hdr)
+conf.l2types.register(DLT_BLUETOOTH_LINUX_MONITOR, HCI_Mon_Pcap_Hdr)
 
 
 # 7.1 LINK CONTROL COMMANDS, the OGF is defined as 0x01
@@ -2101,7 +2160,7 @@ def __init__(self):
             sock_address=sa)
 
     def recv(self, x=MTU):
-        return BT_Mon_Hdr(self.ins.recv(x))
+        return HCI_Mon_Hdr(self.ins.recv(x))
 
 
 conf.BTsocket = BluetoothRFCommSocket

test/scapy/layers/bluetooth.uts

@@ -528,10 +528,68 @@ assert r == b'\rscapy\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
 p = SM_Hdr(r)
 assert SM_DHKey_Check in p and p.dhkey_check[:5] == b"scapy"
 
+= Monitor layers
+
+# a huge packet with all classes in it!
+pkt = HCI_Mon_Hdr()/HCI_Mon_New_Index()/HCI_Mon_Delete_Index()/HCI_Mon_Open_Index()/HCI_Mon_Close_Index()/HCI_Mon_Index_Info()/HCI_Mon_System_Note()
+assert HCI_Mon_Hdr in pkt.layers()
+assert HCI_Mon_New_Index in pkt.layers()
+assert HCI_Mon_Delete_Index in pkt.layers()
+assert HCI_Mon_Open_Index in pkt.layers()
+assert HCI_Mon_Close_Index in pkt.layers()
+assert HCI_Mon_Index_Info in pkt.layers()
+assert HCI_Mon_System_Note in pkt.layers()
 
 = Bluetooth Monitor Pcap Header
 
-p = BT_Mon_Pcap_Hdr(hex_bytes("00000008"))
-assert BT_Mon_Pcap_Hdr in p
-assert p[BT_Mon_Pcap_Hdr].adapter_id == 0
-assert p[BT_Mon_Pcap_Hdr].opcode == 8
+p = HCI_Mon_Pcap_Hdr(hex_bytes("00000008"))
+assert HCI_Mon_Pcap_Hdr in p
+assert p[HCI_Mon_Pcap_Hdr].adapter_id == 0
+assert p[HCI_Mon_Pcap_Hdr].opcode == 8
+
+= Bluetooth Monitor HCI_Mon_New_Index
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("0000000000030000109a81206863693000000000"))
+assert HCI_Mon_New_Index in p
+assert p[HCI_Mon_New_Index].bus == 0
+assert p[HCI_Mon_New_Index].type == 3
+assert p[HCI_Mon_New_Index].addr == '20:81:9a:10:00:00'
+assert p[HCI_Mon_New_Index].devname.decode('utf-8').rstrip('\x00') == 'hci0'
+
+= Bluetooth Monitor HCI_Mon_Delete_Index
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("00000001"))
+assert HCI_Mon_Delete_Index in p
+
+= Bluetooth Monitor HCI_Command_Hdr
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("0000000205040d618a903b37d818cc0200000001"))
+assert HCI_Command_Hdr in p
+
+= Bluetooth Monitor HCI_Event_Hdr
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("000000030f0400010504"))
+assert HCI_Event_Hdr in p
+
+= Bluetooth Monitor HCI_Mon_Open_Index
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("00000008"))
+assert HCI_Mon_Open_Index in p
+
+= Bluetooth Monitor HCI_Mon_Close_Index
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("00000009"))
+assert HCI_Mon_Close_Index in p
+
+= Bluetooth Monitor HCI_Mon_Index_Info
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("0000000a0000109a81203101"))
+assert HCI_Mon_Index_Info in p
+assert p[HCI_Mon_Index_Info].addr == '20:81:9a:10:00:00'
+assert p[HCI_Mon_Index_Info].manufacturer == 0x131
+
+= Bluetooth Monitor HCI_Mon_System_Note
+
+p = HCI_Mon_Pcap_Hdr(hex_bytes("ffff000c426c7565746f6f74682073756273797374656d2076657273696f6e20322e323200"))
+assert HCI_Mon_System_Note in p
+assert p[HCI_Mon_System_Note].note == b'Bluetooth subsystem version 2.22'