bluetooth: Add a BT monitor header for pcap parsing

secdev · Aug 8, 2023 · 2fe5cee · 2fe5cee
1 parent a8d2bb7
commit 2fe5cee
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 4 deletions.
diff --git a/scapy/data.py b/scapy/data.py
@@ -128,6 +128,7 @@
 DLT_NETLINK = 253
 DLT_USB_DARWIN = 266
 DLT_BLUETOOTH_LE_LL = 251
+DLT_BLUETOOTH_LINUX_MONITOR = 254
 DLT_BLUETOOTH_LE_LL_WITH_PHDR = 256
 DLT_VSOCK = 271
 DLT_ETHERNET_MPACKET = 274

diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py
@@ -17,7 +17,11 @@
 from ctypes import sizeof
 
 from scapy.config import conf
-from scapy.data import DLT_BLUETOOTH_HCI_H4, DLT_BLUETOOTH_HCI_H4_WITH_PHDR
+from scapy.data import (
+    DLT_BLUETOOTH_HCI_H4,
+    DLT_BLUETOOTH_HCI_H4_WITH_PHDR,
+    DLT_BLUETOOTH_LINUX_MONITOR
+)
 from scapy.packet import bind_layers, Packet
 from scapy.fields import (
     BitField,
@@ -34,6 +38,7 @@
     NBytesField,
     PacketListField,
     PadField,
+    ShortField,
     SignedByteField,
     StrField,
     StrFixedLenField,
@@ -188,9 +193,6 @@ class HCI_PHDR_Hdr(Packet):
 
 
 class BT_Mon_Hdr(Packet):
-    '''
-    Bluetooth Linux Monitor Transport Header
-    '''
     name = 'Bluetooth Linux Monitor Transport Header'
     fields_desc = [
         LEShortField('opcode', None),
@@ -199,6 +201,15 @@ class BT_Mon_Hdr(Packet):
     ]
 
 
+# https://www.tcpdump.org/linktypes/LINKTYPE_BLUETOOTH_LINUX_MONITOR.html
+class BT_Mon_Pcap_Hdr(BT_Mon_Hdr):
+    name = 'Bluetooth Linux Monitor Transport Pcap Header'
+    fields_desc = [
+        ShortField('adapter_id', None),
+        ShortField('opcode', None)
+    ]
+
+
 class HCI_Hdr(Packet):
     name = "HCI header"
     fields_desc = [ByteEnumField("type", 2, _bluetooth_packet_types)]
@@ -1277,6 +1288,7 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet):
 
 conf.l2types.register(DLT_BLUETOOTH_HCI_H4, HCI_Hdr)
 conf.l2types.register(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, HCI_PHDR_Hdr)
+conf.l2types.register(DLT_BLUETOOTH_LINUX_MONITOR, BT_Mon_Pcap_Hdr)
 
 bind_layers(HCI_Command_Hdr, HCI_Cmd_Create_Connection, opcode=0x0405)
 bind_layers(HCI_Command_Hdr, HCI_Cmd_Disconnect, opcode=0x0406)

diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts
@@ -431,3 +431,11 @@ assert r == b'\rscapy\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
 
 p = SM_Hdr(r)
 assert SM_DHKey_Check in p and p.dhkey_check[:5] == b"scapy"
+
+
+= Bluetooth Monitor Pcap Header
+
+p = BT_Mon_Pcap_Hdr(hex_bytes("00000008"))
+assert BT_Mon_Pcap_Hdr in p
+assert p[BT_Mon_Pcap_Hdr].adapter_id == 0
+assert p[BT_Mon_Pcap_Hdr].opcode == 8