Add support for EMM filters similar to DVBAPI filters (match + mask).

ChangeLog

@@ -8,6 +8,7 @@ now : current
    working if the output address was not multicast.
  * Add support for Griffin CAS and for DGCrypt CAS.
  * Add support for setting multicast source address /SSM/ (--input-source).
+ * Add support for EMM filters similar to DVBAPI filters (match + mask).
 
 2012-09-10 : Version 9.0
  * Add --no-output-on-error (-u) option. By using this option output can be

FILTERING

@@ -67,13 +67,47 @@ Currently defined command settings are:
  * name=X        - Sets the filter name (used when displaying filters).
                    The name can not be longer than 32 symbols.
 
+ * match=X1 X4 X5
+ * mask=M1 M4 M5
+                 - Match bytes are series of hex numbers separated by
+                   space " " or dot ".". When the bytes are processed 0x
+                   prefix is removed from them. The maximum match bytes
+                   is 16.
+
+                   The match bytes are compared to the incoming packet
+                   by first applying the mask (binary AND operation) set
+                   in mask= setting. The default mask is 0xFF.
+
+                   The match bytes are compared to first, forth and so
+                   on bytes in the incoming EMM packet. Second and third
+                   incoming bytes in the EMM are not checked (they specify
+                   the section length).
+
+                   Here is an example EMM and match+mask that would match:
+
+                      Pos:  1  2  3  4  5  6  7  8  9 10 11 12 13
+                           -- -- -- -- -- -- -- -- -- -- -- -- --
+                      EMM: 82 70 b4 aa bb cc d0 00 01 xx xx xx xx
+                    Match: 82       aa bb cc dd
+                     Mask: ff       ff ff ff f0
+
+                   Such filter is configured like that:
+                     --emm-filter "accept/name=Test_Filter,match=82 aa bb cc dd,mask=ff ff ff ff f0"
+
  * offset=X      - Sets the offset at which data bytes would be checked
                    against EMM. The default offset is 0.
 
+                   This setting is ignored when match+mask are set.
+
  * data=XX YY ZZ - Data bytes are series of hex numbers separated by
                    space " " or dot ".". When data bytes are processed 0x
                    prefix is removed from them. The maximum data bytes is 16.
 
+                   This setting is ignored when match+mask is set.
+
+                   Using offset+data you can check any bytes in the
+                   incoming EMM packet.
+
 Filter processing
 =================
 Filters are processed one by one until "accept" or "reject" filter matches.
@@ -83,32 +117,33 @@ by "accept_all" or "reject_all" is returned.
 Example filters
 ===============
 
+    Accept Bulcrypt EMMs that are for particular card (or card group). The card
+    hex serial number is "aa bb cc dd".
+
+       tsdecrypt ... \
+         --emm \
+         --emm-filter reject_all \
+         --emm-filter "accept/name=Bulcrypt_EMMs,match=82 aa bb cc dd,mask=ff ff ff ff f0" \
+         --emm-filter "accept/name=Bulcrypt_EMMs,match=84 aa bb cc dd,mask=ff ff ff ff f0" \
+         --emm-filter "accept/name=Bulcrypt_EMMs,match=85 aa bb cc dd,mask=ff ff ff ff f0"
+
   Bulcrypt white list example:
     Accept all EMMs except those starting with 8a 70 b4, 8b 70 b4, 8c or 8d.
 
        tsdecrypt ... \
+         --emm \
          --emm-filter accept_all \
          --emm-filter "reject/name=Bulcrypt_unknown_EMMs,offset=0,data=8a 70 b4" \
          --emm-filter "reject/name=Bulcrypt_unknown_EMMs,offset=0,data=8b 70 b4" \
          --emm-filter "reject/name=Some EMM,data=0x8c" \
-         --emm-filter reject/data=0x8d \
+         --emm-filter "reject/data=0x8d"
 
   Bulcrypt black list example:
     Reject all EMMs that don't start with 82, 84 or 85.
 
-      tsdecrypt ... \
-        --emm-filter reject_all \
-        --emm-filter accept/name=Bulcrypt_EMMs,offset=0,data=82 \
-        --emm-filter accept/name=Bulcrypt_EMMs,data=84 \
-        --emm-filter accept/name=Bulcrypt_EMMs,data=85 \
-
-  Example combination that builds white/black list.
-    Accept EMMs that start with 8a and 8b also accept EMMs which have
-    70 b4 at offset 1, and reject everything else.
-
-      tsdecrypt ... \
-        --emm-filter accept_all \
-        --emm-filter reject/name=Bulcrypt_unknown_EMMs,data=8a \
-        --emm-filter reject/name=Bulcrypt_unknown_EMMs,data=8b \
-        --emm-filter reject_all \
-        --emm-filter "accept/name=Bulcrypt_EMMs_with_correct_size,offset=1,data=70 b4" \
+       tsdecrypt ... \
+         --emm \
+         --emm-filter reject_all \
+         --emm-filter accept/name=Bulcrypt_EMMs,offset=0,data=82 \
+         --emm-filter accept/name=Bulcrypt_EMMs,data=84 \
+         --emm-filter accept/name=Bulcrypt_EMMs,data=85 \

data.h

@@ -201,11 +201,18 @@ enum filter_action {
 	FILTER_REJECT     = 4,
 };
 
+enum filter_type {
+	FILTER_TYPE_DATA = 0,				// Compare data at offset X
+	FILTER_TYPE_MASK = 1,				// Compare data + mask
+};
+
 struct filter {
-	enum filter_action action;			// If set to 1, the filter is negative else the filter is positive
-	uint8_t		offset;					// Offset into EMM
-	uint8_t		data_len;				// Filter length
-	uint8_t		data[MAX_FILTER_LEN];	// Filter bytes
+	enum filter_action action;
+	enum filter_type type;
+	uint8_t		offset;					// Offset into EMM, if offset == 255 then mask exists, ignore the offset
+	uint8_t		filter_len;				// Filter length
+	uint8_t		data[MAX_FILTER_LEN];	// Data | Matched bytes
+	uint8_t		mask[MAX_FILTER_LEN];	// Mask bytes
 	char		name[MAX_FILTER_NAME];	// Filter name (default: NO_NAME)
 };
 

filter.c

@@ -18,32 +18,92 @@
 #include "data.h"
 #include "filter.h"
 
+struct filter_actions_map {
+	const char			*token;
+	bool				last;
+	enum filter_action	type;
+};
+
+static struct filter_actions_map action_tokens[] = {
+	{ "accept_all", true,  FILTER_ACCEPT_ALL },
+	{ "acceptall",  true,  FILTER_ACCEPT_ALL },
+	{ "reject_all", true,  FILTER_REJECT_ALL },
+	{ "rejectall",  true,  FILTER_REJECT_ALL },
+	{ "accept",     false, FILTER_ACCEPT     },
+	{ "reject",     false, FILTER_REJECT     },
+	{ NULL,         true,  FILTER_NO_MATCH   },
+};
+
+enum filter_token { T_UNKNOWN, T_NAME, T_OFFSET, T_DATA, T_MATCH, T_MASK };
+
+struct filter_data_map {
+	const char			*token;
+	enum filter_token	type;
+};
+
+static struct filter_data_map data_tokens[] = {
+	{ "name",    T_NAME    },
+	{ "ofs",     T_OFFSET  },
+	{ "offset",  T_OFFSET  },
+	{ "data",    T_DATA    },
+	{ "match",   T_MATCH   },
+	{ "mask",    T_MASK    },
+	{ NULL,      T_UNKNOWN },
+};
+
+int parse_hex(char *data, uint8_t *output, uint8_t *output_len, uint8_t output_size) {
+	int i, len = strlen(data), consumed = 0;
+	uint8_t local_output_len = 0;
+	if (!output_len)
+		output_len = &local_output_len;
+	for (i = 0; i < len; i++) { // Parse data (01 02 03 04 ...)
+		char ch = toupper(data[i]);
+		// Skip 0x prefixes
+		if (i + 1 < len && ch == '0' && toupper(data[i + 1]) == 'X')
+			continue;
+		if (!isxdigit(ch))
+			continue;
+		ch -= ch > 64 ? 55 : 48; // hex2dec
+		if (consumed % 2 == 0) {
+			output[*output_len] = 0; // Reset
+			output[*output_len] += ch << 4;
+		} else {
+			output[*output_len] += ch;
+			(*output_len)++;
+			if (*output_len + 1 >= output_size) {
+				fprintf(stderr, "WARN : Too much filter data (max %d bytes), ignoring last bytes: %s\n",
+					output_size, data + i + 2);
+				break;
+			}
+		}
+		consumed++;
+	}
+	return *output_len;
+}
+
 int filter_parse(char *filter_def, struct filter *filter) {
-	int i, j, k, ret = 0;
+	int j, k, ret = 0;
 	char *str1, *saveptr1;
 	char *f = strdup(filter_def);
 	memset(filter, 0, sizeof(struct filter));
+	memset(filter->mask, 0xff, sizeof(filter->mask));
 	snprintf(filter->name, sizeof(filter->name), "NONAME");
 	for (j = 1, str1 = f; ; j++, str1 = NULL) {
 		char *token = strtok_r(str1, "/", &saveptr1);
 		if (token == NULL)
 			break;
 		if (j == 1) { // First token, the command
-			if (strstr(token, "accept_all") == token || strstr(token, "acceptall") == token) {
-				filter->action = FILTER_ACCEPT_ALL;
-				ret = 1;
-				goto OUT; // Other tokens are not needed
-			} else if (strstr(token, "reject_all") == token || strstr(token, "rejectall") == token) {
-				filter->action = FILTER_REJECT_ALL;
-				ret = 1;
-				goto OUT; // Other tokens are not needed
-			} else if (strstr(token, "accept") == token) {
-				filter->action = FILTER_ACCEPT;
-				continue; // Continue looking for other tokes
-			} else if (strstr(token, "reject") == token) {
-				filter->action = FILTER_REJECT;
-				continue; // Continue looking for other tokes
-			} else {
+			struct filter_actions_map *m;
+			for (m = action_tokens; m->token; m++) {
+				if (strstr(token, m->token) == token) {
+					filter->action = m->type;
+					ret = 1;
+					if (m->last)
+						goto OUT; // Other tokens are not needed
+					break;
+				}
+			}
+			if (filter->action == FILTER_NO_MATCH) {
 				fprintf(stderr, "ERROR: Unknown filter command: %s\n", token);
 				ret = 0;
 				goto OUT; // Other tokens are not needed
@@ -55,37 +115,36 @@ int filter_parse(char *filter_def, struct filter *filter) {
 				char *token2 = strtok_r(str2, ",", &saveptr2);
 				if (token2 == NULL)
 					break;
-				char *eq = strrchr(token2, '=');
-				if (eq) {
-					if (strstr(token2, "ofs") == token2 || strstr(token2, "offset") == token2) {
-						filter->offset = strtoul(eq + 1, NULL, 0);
-					} else if (strstr(token2, "name") == token2) {
-						snprintf(filter->name, sizeof(filter->name), "%s", eq + 1);
-					} else if (strstr(token2, "data") == token2) {
-						char *data = eq + 1;
-						int len = strlen(data), consumed = 0;
-						for (i = 0; i < len; i++) { // Parse data (01 02 03 04 ...)
-							char ch = toupper(data[i]);
-							// Skip 0x prefixes
-							if (i + 1 < len && ch == '0' && toupper(data[i + 1]) == 'X')
-								continue;
-							if (!isxdigit(ch))
-								continue;
-							ch -= ch > 64 ? 55 : 48; // hex2dec
-							if (consumed % 2 == 0) {
-								filter->data[filter->data_len  ] += ch << 4;
-							} else {
-								filter->data[filter->data_len++] += ch;
-								if (filter->data_len + 1 >= MAX_FILTER_LEN) {
-									fprintf(stderr, "WARN : Too much filter data (max %d bytes), ignoring last bytes: %s\n",
-										MAX_FILTER_LEN, data + i + 2);
-									break;
-								}
-							}
-							consumed++;
+				char *tokdata = strrchr(token2, '=');
+				if (tokdata) {
+					tokdata++; // Skip =
+					struct filter_data_map *m;
+					enum filter_token data_type = T_UNKNOWN;
+					for (m = data_tokens; m->token; m++) {
+						if (strstr(token2, m->token) == token2) {
+							data_type = m->type;
+							break;
 						}
-						ret = filter->data_len;
-					} else {
+					}
+					switch (data_type) {
+					case T_NAME:
+						snprintf(filter->name, sizeof(filter->name), "%s", tokdata);
+						break;
+					case T_OFFSET:
+						filter->offset = strtoul(tokdata, NULL, 0);
+						break;
+					case T_DATA:
+						ret = parse_hex(tokdata, filter->data, &filter->filter_len, MAX_FILTER_LEN);
+						break;
+					case T_MATCH:
+						filter->type = FILTER_TYPE_MASK;
+						ret = parse_hex(tokdata, filter->data, &filter->filter_len, MAX_FILTER_LEN);
+						break;
+					case T_MASK:
+						filter->type = FILTER_TYPE_MASK;
+						ret = parse_hex(tokdata, filter->mask, NULL, MAX_FILTER_LEN);
+						break;
+					default:
 						fprintf(stderr, "WARN : Unknown filter setting: %s\n", token2);
 					}
 				}
@@ -108,9 +167,17 @@ void filter_dump(struct filter *filter, char *buffer, unsigned int buf_len) {
 	if (filter->action == FILTER_ACCEPT || filter->action == FILTER_REJECT)
 		pos += snprintf(buffer + pos, buf_len - pos, " Name: %-20s", filter->name);
 	if (filter->action == FILTER_ACCEPT || filter->action == FILTER_REJECT) {
-		char tmp[MAX_FILTER_LEN * 6];
-		ts_hex_dump_buf(tmp, sizeof(tmp), filter->data, filter->data_len, 0);
-		pos += snprintf(buffer + pos, buf_len - pos, " Offset: %2d Data: %s", filter->offset, tmp);
+		char tmp_data[MAX_FILTER_LEN * 6], tmp_mask[MAX_FILTER_LEN * 6];
+		ts_hex_dump_buf(tmp_data, sizeof(tmp_data), filter->data, filter->filter_len, 0);
+		switch (filter->type) {
+		case FILTER_TYPE_DATA:
+			pos += snprintf(buffer + pos, buf_len - pos, " Offset: %2d Data: %s", filter->offset, tmp_data);
+			break;
+		case FILTER_TYPE_MASK:
+			ts_hex_dump_buf(tmp_mask, sizeof(tmp_mask), filter->mask, filter->filter_len, 0);
+			pos += snprintf(buffer + pos, buf_len - pos, " Match: %s Mask: %s", tmp_data, tmp_mask);
+			break;
+		} // switch (filter->type)
 	}
 }
 
@@ -118,10 +185,33 @@ static enum filter_action filter_match(uint8_t *data, unsigned int data_len, str
 	if (filter->action == FILTER_ACCEPT_ALL || filter->action == FILTER_REJECT_ALL)
 		return filter->action;
 	if (filter->action == FILTER_ACCEPT || filter->action == FILTER_REJECT) {
-		if (filter->data_len + filter->offset > data_len)
-			return FILTER_NO_MATCH;
-		if (memcmp(data + filter->offset, filter->data, filter->data_len) == 0)
-			return filter->action;
+		switch (filter->type) {
+		case FILTER_TYPE_DATA: {
+			if (filter->filter_len + filter->offset > data_len)
+				return FILTER_NO_MATCH;
+			if (memcmp(data + filter->offset, filter->data, filter->filter_len) == 0)
+				return filter->action;
+			break;
+		}
+		case FILTER_TYPE_MASK: {
+			if ((unsigned int)filter->filter_len + 3 > data_len)
+				return FILTER_NO_MATCH;
+			int matched = 0;
+			// Check data[0] against filter->data[0]
+			if ((data[0] & filter->mask[0]) == (filter->data[0] & filter->mask[0])) {
+				matched++;
+				int i;
+				for (i = 1; i < filter->filter_len; i++) {
+					// Check data[3...] against filter->data[1...]
+					if ((data[i + 2] & filter->mask[i]) == (filter->data[i] & filter->mask[i]))
+						matched++;
+				}
+			}
+			if (matched == filter->filter_len)
+				return filter->action;
+			break;
+		}
+		} // switch (filter->type)
 	}
 	return FILTER_NO_MATCH;
 }