aboutsummaryrefslogtreecommitdiff
path: root/wireshark/rxhdr.lua
diff options
context:
space:
mode:
authorLoek Le Blansch <loek@pipeframe.xyz>2024-08-28 16:06:20 +0200
committerLoek Le Blansch <loek@pipeframe.xyz>2024-08-28 16:06:20 +0200
commitcef0cbd29a903e023ad5730b98beceb40baa6bf0 (patch)
tree98248df29ef53756c3d0dab1ca48dcd7b35e5fba /wireshark/rxhdr.lua
parentbab4ac11a0e5700f267405273b03436423bc5205 (diff)
more WIP
Diffstat (limited to 'wireshark/rxhdr.lua')
-rw-r--r--wireshark/rxhdr.lua50
1 files changed, 50 insertions, 0 deletions
diff --git a/wireshark/rxhdr.lua b/wireshark/rxhdr.lua
new file mode 100644
index 0000000..3924603
--- /dev/null
+++ b/wireshark/rxhdr.lua
@@ -0,0 +1,50 @@
+require "util"
+
+local p = Proto("rxhdr", "Hardware RX header")
+
+-- based off <https://www.problemkaputt.de/gbatek.htm#dswifihardwareheaders>
+
+p.fields.unknown = ProtoField.bytes("rxhdr.unknown", "Unknown")
+
+p.fields.flags = ProtoField.new("Flags", "rxhdr.flags", ftypes.BYTES)
+p.fields.flag_type = ProtoField.uint16("rxhdr.flags.type", "Frame type", base.DEC, nil, bits(0, 4))
+p.fields.flag_more = ProtoField.bool("rxhdr.flags.more", "More fragments", base.DEC, nil, bits(8))
+
+p.fields.new = ProtoField.bool("rxhdr.new", "New frame")
+p.fields.magic = ProtoField.bytes("rxhdr.magic", "Magic")
+p.fields.channel = ProtoField.uint8("rxhdr.channel", "802.11 channel")
+
+p.fields.rate = ProtoField.uint16("rxhdr.rate", "Transfer rate", base.HEX, {
+ [0x0a] = "1 Mbit/s",
+ [0x14] = "2 Mbit/s",
+})
+p.fields.length = ProtoField.uint16("rxhdr.len", "Remaining message length")
+
+local ieee_dissector = Dissector.get("ieee")
+
+function p.dissector(buffer, pinfo, tree)
+ local header_size = 12
+ -- check buffer size
+ if buffer:len() < header_size then return 0 end
+
+ local subtree = tree:add(p, buffer(0, header_size), string.format("%s: %d bytes", p.description, header_size))
+
+ local flags_tree = subtree:add(p.fields.flags, buffer(0x00, 2))
+ flags_tree:add_le(p.fields.flag_type, buffer(0x00, 2))
+ flags_tree:add_le(p.fields.flag_more, buffer(0x00, 2))
+
+ subtree:add(p.fields.unknown, buffer(0x02, 2))
+ subtree:add(p.fields.unknown, buffer(0x04, 2))
+
+ subtree:add_le(p.fields.rate, buffer(0x06, 2))
+ subtree:add_le(p.fields.length, buffer(0x08, 2))
+ local length = buffer(0x08, 2):le_uint()
+
+ -- pretty wireshark shit
+ pinfo.cols.protocol = p.name
+
+ ieee_dissector:call(buffer(header_size, length):tvb(), pinfo, tree)
+
+ return header_size
+end
+