diff options
author | Loek Le Blansch <loek@pipeframe.xyz> | 2024-08-28 16:06:20 +0200 |
---|---|---|
committer | Loek Le Blansch <loek@pipeframe.xyz> | 2024-08-28 16:06:20 +0200 |
commit | cef0cbd29a903e023ad5730b98beceb40baa6bf0 (patch) | |
tree | 98248df29ef53756c3d0dab1ca48dcd7b35e5fba /wireshark/rxhdr.lua | |
parent | bab4ac11a0e5700f267405273b03436423bc5205 (diff) |
more WIP
Diffstat (limited to 'wireshark/rxhdr.lua')
-rw-r--r-- | wireshark/rxhdr.lua | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/wireshark/rxhdr.lua b/wireshark/rxhdr.lua new file mode 100644 index 0000000..3924603 --- /dev/null +++ b/wireshark/rxhdr.lua @@ -0,0 +1,50 @@ +require "util" + +local p = Proto("rxhdr", "Hardware RX header") + +-- based off <https://www.problemkaputt.de/gbatek.htm#dswifihardwareheaders> + +p.fields.unknown = ProtoField.bytes("rxhdr.unknown", "Unknown") + +p.fields.flags = ProtoField.new("Flags", "rxhdr.flags", ftypes.BYTES) +p.fields.flag_type = ProtoField.uint16("rxhdr.flags.type", "Frame type", base.DEC, nil, bits(0, 4)) +p.fields.flag_more = ProtoField.bool("rxhdr.flags.more", "More fragments", base.DEC, nil, bits(8)) + +p.fields.new = ProtoField.bool("rxhdr.new", "New frame") +p.fields.magic = ProtoField.bytes("rxhdr.magic", "Magic") +p.fields.channel = ProtoField.uint8("rxhdr.channel", "802.11 channel") + +p.fields.rate = ProtoField.uint16("rxhdr.rate", "Transfer rate", base.HEX, { + [0x0a] = "1 Mbit/s", + [0x14] = "2 Mbit/s", +}) +p.fields.length = ProtoField.uint16("rxhdr.len", "Remaining message length") + +local ieee_dissector = Dissector.get("ieee") + +function p.dissector(buffer, pinfo, tree) + local header_size = 12 + -- check buffer size + if buffer:len() < header_size then return 0 end + + local subtree = tree:add(p, buffer(0, header_size), string.format("%s: %d bytes", p.description, header_size)) + + local flags_tree = subtree:add(p.fields.flags, buffer(0x00, 2)) + flags_tree:add_le(p.fields.flag_type, buffer(0x00, 2)) + flags_tree:add_le(p.fields.flag_more, buffer(0x00, 2)) + + subtree:add(p.fields.unknown, buffer(0x02, 2)) + subtree:add(p.fields.unknown, buffer(0x04, 2)) + + subtree:add_le(p.fields.rate, buffer(0x06, 2)) + subtree:add_le(p.fields.length, buffer(0x08, 2)) + local length = buffer(0x08, 2):le_uint() + + -- pretty wireshark shit + pinfo.cols.protocol = p.name + + ieee_dissector:call(buffer(header_size, length):tvb(), pinfo, tree) + + return header_size +end + |