aboutsummaryrefslogtreecommitdiff
path: root/wireshark/melon.lua
diff options
context:
space:
mode:
Diffstat (limited to 'wireshark/melon.lua')
-rw-r--r--wireshark/melon.lua49
1 files changed, 49 insertions, 0 deletions
diff --git a/wireshark/melon.lua b/wireshark/melon.lua
new file mode 100644
index 0000000..a431781
--- /dev/null
+++ b/wireshark/melon.lua
@@ -0,0 +1,49 @@
+local p = Proto("melon", "MelonDS packet header")
+local dt = DissectorTable.new("melon")
+
+p.fields.magic = ProtoField.uint32("melon.magic", "Magic", base.HEX)
+p.fields.src = ProtoField.int32("melon.src", "Instance ID", base.DEC)
+p.fields.type = ProtoField.new("Type", "melon.type", ftypes.UINT32)
+p.fields.type_enum = ProtoField.uint16("melon.type.enum", "Numeric message type enum", base.DEC, {
+ [0] = "Regular",
+ [1] = "CMD",
+ [2] = "Reply",
+ [3] = "ACK",
+})
+p.fields.type_aid = ProtoField.uint16("melon.type.aid", "Message type \"aid\" value")
+p.fields.length = ProtoField.uint32("melon.len", "Remaining message length", base.DEC)
+p.fields.timestamp = ProtoField.uint64("melon.timestamp", "Timestamp", base.DEC)
+
+local p_type_enum_field = Field.new("melon.type.enum")
+
+function p.dissector(buffer, pinfo, tree)
+ local header_size = 0x18
+
+ -- check magic ("NIFI")
+ if buffer(0x00, 4):uint() ~= 0x4e494649 then return end
+
+ local subtree = tree:add(p, buffer(0, header_size), string.format("%s: %d bytes", p.description, header_size))
+ subtree:add(p.fields.magic, buffer(0x00, 4))
+
+ local instance = buffer(0x04, 4):le_uint()
+ subtree:add_le(p.fields.src, buffer(0x04, 4))
+
+ local type_tree = subtree:add_le(p.fields.type, buffer(0x08, 4))
+ type_tree:add_le(p.fields.type_enum, buffer(0x08, 2))
+ type_tree:add_le(p.fields.type_aid, buffer(0x0a, 2))
+
+ subtree:add_le(p.fields.length, buffer(0x0c, 4))
+ subtree:add_le(p.fields.timestamp, buffer(0x10, 8))
+
+ -- pretty wireshark shit
+ pinfo.cols.protocol = p.name
+ pinfo.cols.src = string.format("instance %d", instance)
+ pinfo.cols.info = p_type_enum_field().display
+
+ -- melonds packets always contain NIFI packets, I use 0 as the pattern
+ -- because this function doesn't seem to like nil
+ dt:try(0, buffer(header_size):tvb(), pinfo, tree)
+
+ return header_size
+end
+