aboutsummaryrefslogtreecommitdiff
path: root/wireshark/pictochat.lua
diff options
context:
space:
mode:
Diffstat (limited to 'wireshark/pictochat.lua')
-rw-r--r--wireshark/pictochat.lua63
1 files changed, 19 insertions, 44 deletions
diff --git a/wireshark/pictochat.lua b/wireshark/pictochat.lua
index ba16ee0..79345f6 100644
--- a/wireshark/pictochat.lua
+++ b/wireshark/pictochat.lua
@@ -12,10 +12,6 @@ p.fields.msg_type = ProtoField.uint8("pictochat.msg_type", "Message type", base.
[86] = "Message body", -- contains tile data for drawing
[184] = "???", -- user leave??
})
-p.fields.length = ProtoField.uint16("pictochat.length", "Length")
-p.fields.host = ProtoField.ether("pictochat.host", "Room host")
-p.fields.src = ProtoField.ether("pictochat.src", "Source")
-p.fields.dst = ProtoField.ether("pictochat.dst", "Destination")
p.fields.payload_len = ProtoField.uint16("pictochat.payload_len", "Payload length")
p.fields.data_len = ProtoField.uint8("pictochat.data_len", "Data length")
p.fields.data_end = ProtoField.bool("pictochat.data_end", "Data end")
@@ -49,45 +45,26 @@ p.fields.user_bday_month = ProtoField.uint8("pictochat.user.bday_month", "Month"
p.fields.user_bday_day = ProtoField.uint8("pictochat.user.bday_day", "Day")
p.fields.msg_start_len = ProtoField.uint8("pictochat.msg.start_len", "Total length")
-local pc_src_field = Field.new("pictochat.src")
-local pc_dst_field = Field.new("pictochat.dst")
-local data_remaining = 0
-
local state = {}
-function p.init()
- -- register pictochat as a subdissector for nifi
- local dt = DissectorTable.get("nifi")
- dt:add(0xfffd, p) -- CMD messages
- -- dt:add(0x7dcb, p) -- ACK messages
-end
-
function p.dissector(buffer, pinfo, tree)
local subtree = tree:add(p, buffer(), string.format("%s: %d bytes", p.description, buffer():len()))
- subtree:add_le(p.fields.unknown, buffer(0x00, 2))
- subtree:add_le(p.fields.unknown, buffer(0x02, 2))
- subtree:add_le(p.fields.dst, buffer(0x04, 6))
- subtree:add_le(p.fields.src, buffer(0x0a, 6))
- subtree:add_le(p.fields.host, buffer(0x10, 6))
- subtree:add_le(p.fields.sequence, buffer(0x16, 2))
- subtree:add_le(p.fields.unknown, buffer(0x18, 2))
- subtree:add_le(p.fields.unknown, buffer(0x1a, 2))
- subtree:add_le(p.fields.msg_type, buffer(0x1c, 1))
- local msg_type = buffer(0x1c, 1):le_uint()
- subtree:add_le(p.fields.unknown, buffer(0x1d, 1))
- subtree:add_le(p.fields.unknown, buffer(0x1e, 2))
- buffer = buffer(0x20)
+
+ subtree:add_le(p.fields.unknown, buffer(0x00, 2))
+ subtree:add_le(p.fields.unknown, buffer(0x02, 2))
+ subtree:add_le(p.fields.msg_type, buffer(0x04, 1))
+ local msg_type = buffer(0x04, 1):le_uint()
+ subtree:add_le(p.fields.unknown, buffer(0x05, 1))
+ subtree:add_le(p.fields.unknown, buffer(0x06, 2))
+ buffer = buffer(0x08)
-- pretty wireshark shit
pinfo.cols.protocol = p.name
- pinfo.cols.src = tostring(pc_src_field())
- pinfo.cols.dst = tostring(pc_dst_field())
subtree:add_le(p.fields.payload_len, buffer(0x00, 2))
local payload_length = buffer(0x00, 2):le_uint()
buffer = buffer(0x02)
local payload = subtree:add(buffer(0x00, payload_length), "Payload: " .. payload_length .. " bytes")
- local buffer_next = buffer(payload_length)
if
msg_type == 48 -- user join
@@ -105,10 +82,10 @@ function p.dissector(buffer, pinfo, tree)
msg_type == 10 -- msg start
then
payload:add_le(p.fields.msg_start_len, buffer(0x04, 2))
- data_remaining = buffer(0x04, 2):le_uint()
- local segment = buffer(0):bytes()
- local buf = ByteArray.tvb(segment, "Complete message???")
+ state.data_remaining = buffer(0x04, 2):le_uint()
+ state.buf = ByteArray.new()
+ state.want_next = 0
end
if
@@ -119,32 +96,30 @@ function p.dissector(buffer, pinfo, tree)
payload:add_le(p.fields.data_len, buffer(0x02, 1))
local data_length = buffer(0x02, 1):le_uint()
- if data_remaining > 0 then
- data_remaining = data_remaining - data_length
- pinfo.cols.info = string.format("Message body [remaining 0x%04x (%d) bytes]", data_remaining, data_remaining)
- end
-
payload:add_le(p.fields.data_end, buffer(0x03, 1))
-- This appears to be some kind of offset for indicating where to store the
-- current frame's data in a larger buffer. Messages sent in multiple parts
-- increment this value by 160 for each new original (p.fields.original ==
-- True) message.
payload:add_le(p.fields.data_offset, buffer(0x04, 2))
+ local data_offset = buffer(0x04, 2):le_uint()
payload:add_le(p.fields.unknown, buffer(0x06, 2)) -- usually 0
buffer = buffer(0x08)
-- This appears to be the actual message data (the drawing) sent as an
-- array of 8x8 tiles.
payload:add(p.fields.data, buffer(0, data_length))
+ if state.want_next == data_offset then
+ state.want_next = data_offset + data_length
+ state.data_remaining = state.data_remaining - data_length
+ state.buf:append(buffer(0, data_length):bytes())
+ pinfo.cols.info = "Message body"
+ ByteArray.tvb(state.buf, "Complete message")
+ end
buffer = buffer(data_length)
payload:add_le(p.fields.data_sequence, buffer(0x00, 2))
payload:add_le(p.fields.unknown, buffer(0x02, 2)) -- copy
- subtree:add_le(p.fields.unknown, buffer(0x04, 2))
- buffer = buffer(0x06)
end
-
- buffer = buffer_next -- after payload
- subtree:add_le(p.fields.magic_trailer, buffer(0x02, 2)) -- const 0xb8b6
end