bluetooth: Add a BT monitor header for pcap parsing

scapy/data.py

@@ -128,6 +128,7 @@
 DLT_NETLINK = 253
 DLT_USB_DARWIN = 266
 DLT_BLUETOOTH_LE_LL = 251
+DLT_BLUETOOTH_LINUX_MONITOR = 254
 DLT_BLUETOOTH_LE_LL_WITH_PHDR = 256
 DLT_VSOCK = 271
 DLT_ETHERNET_MPACKET = 274

scapy/layers/bluetooth.py

@@ -17,7 +17,7 @@
 from ctypes import sizeof
 
 from scapy.config import conf
-from scapy.data import DLT_BLUETOOTH_HCI_H4, DLT_BLUETOOTH_HCI_H4_WITH_PHDR
+from scapy.data import DLT_BLUETOOTH_HCI_H4, DLT_BLUETOOTH_HCI_H4_WITH_PHDR, DLT_BLUETOOTH_LINUX_MONITOR
 from scapy.packet import bind_layers, Packet
 from scapy.fields import (
     BitField,
@@ -34,6 +34,7 @@
     NBytesField,
     PacketListField,
     PadField,
+    ShortField,
     SignedByteField,
     StrField,
     StrFixedLenField,
@@ -187,10 +188,16 @@ class HCI_PHDR_Hdr(Packet):
 }
 
 
+# https://www.tcpdump.org/linktypes/LINKTYPE_BLUETOOTH_LINUX_MONITOR.html
+class BT_Mon_Pcap_Hdr(Packet):
+    name = 'Bluetooth Linux Monitor Transport Pcap Header'
+    fields_desc = [
+        ShortField('adapter_id', None),
+        ShortField('opcode', None)
+    ]
+
+
 class BT_Mon_Hdr(Packet):
-    '''
-    Bluetooth Linux Monitor Transport Header
-    '''
     name = 'Bluetooth Linux Monitor Transport Header'
     fields_desc = [
         LEShortField('opcode', None),
@@ -1268,6 +1275,8 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet):
                    XLEShortField("ediv", 0), ]
 
 
+conf.l2types.register(DLT_BLUETOOTH_LINUX_MONITOR, BT_Mon_Pcap_Hdr)
+
 bind_layers(HCI_PHDR_Hdr, HCI_Hdr)
 
 bind_layers(HCI_Hdr, HCI_Command_Hdr, type=1)

test/scapy/layers/bluetooth.uts

@@ -431,3 +431,11 @@ assert r == b'\rscapy\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
 
 p = SM_Hdr(r)
 assert SM_DHKey_Check in p and p.dhkey_check[:5] == b"scapy"
+
+
+= Bluetooth Monitor Pcap Header
+
+p = BT_Mon_Pcap_Hdr(hex_bytes("00000008"))
+assert BT_Mon_Pcap_Hdr in p
+assert p[BT_Mon_Pcap_Hdr].adapter_id == 0
+assert p[BT_Mon_Pcap_Hdr].opcode == 8