1 files changed, 40 insertions, 0 deletions

diff --git a/wireshark/nifi.lua b/wireshark/nifi.lua
new file mode 100644
index 0000000..d81ff31
--- /dev/null
+++ b/wireshark/nifi.lua
@@ -0,0 +1,40 @@
+-- NOTE: my system is little-endian, so the .pcap files and this decoder expect
+-- little endian
+
+local nifi = Proto("nifi", "Nintendo DS ni-fi")
+nifi.fields.magic = ProtoField.uint32("nifi.magic", "Magic", base.HEX)
+nifi.fields.senderid = ProtoField.int32("nifi.senderid", "SenderID", base.DEC)
+nifi.fields.type = ProtoField.new("Type", "nifi.type", ftypes.UINT32)
+nifi.fields.type_enum = ProtoField.uint16("nifi.type.enum", "Numeric message type enum", base.DEC, {
+	[0] = "Regular",
+	[1] = "CMD",
+	[2] = "Reply",
+	[3] = "ACK",
+})
+nifi.fields.type_aid = ProtoField.uint16("nifi.type.aid", "Message type \"aid\" value")
+nifi.fields.length = ProtoField.uint32("nifi.length", "Length", base.DEC)
+nifi.fields.timestamp = ProtoField.uint64("nifi.timestamp", "Timestamp", base.DEC)
+
+local nifi_senderid_field = Field.new("nifi.senderid")
+local nifi_type_enum_field = Field.new("nifi.type.enum")
+
+function nifi.dissector(buffer, pinfo, tree)
+	-- check magic ("NIFI")
+	if buffer(0, 4):uint() ~= 0x4e494649 then return end
+	local nifi_tree = tree:add(nifi, buffer(), "Ni-Fi data")
+	nifi_tree:add(nifi.fields.magic, buffer(0, 4))
+
+	nifi_tree:add_le(nifi.fields.senderid, buffer(4, 4))
+
+	local nifi_type_tree = nifi_tree:add_le(nifi.fields.type, buffer(8, 4))
+		nifi_type_tree:add_le(nifi.fields.type_enum, buffer(8, 2))
+		nifi_type_tree:add_le(nifi.fields.type_aid, buffer(10, 2))
+
+	nifi_tree:add_le(nifi.fields.length, buffer(12, 4))
+	nifi_tree:add_le(nifi.fields.timestamp, buffer(16, 8))
+
+	pinfo.cols.protocol = nifi.name
+	pinfo.cols.src = nifi_senderid_field().display
+	pinfo.cols.info = "type:" .. nifi_type_enum_field().display
+end
+