From bab4ac11a0e5700f267405273b03436423bc5205 Mon Sep 17 00:00:00 2001 From: Loek Le Blansch Date: Fri, 23 Aug 2024 15:59:51 +0200 Subject: more WIP --- wireshark/melon.lua | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 wireshark/melon.lua (limited to 'wireshark/melon.lua') diff --git a/wireshark/melon.lua b/wireshark/melon.lua new file mode 100644 index 0000000..a431781 --- /dev/null +++ b/wireshark/melon.lua @@ -0,0 +1,49 @@ +local p = Proto("melon", "MelonDS packet header") +local dt = DissectorTable.new("melon") + +p.fields.magic = ProtoField.uint32("melon.magic", "Magic", base.HEX) +p.fields.src = ProtoField.int32("melon.src", "Instance ID", base.DEC) +p.fields.type = ProtoField.new("Type", "melon.type", ftypes.UINT32) +p.fields.type_enum = ProtoField.uint16("melon.type.enum", "Numeric message type enum", base.DEC, { + [0] = "Regular", + [1] = "CMD", + [2] = "Reply", + [3] = "ACK", +}) +p.fields.type_aid = ProtoField.uint16("melon.type.aid", "Message type \"aid\" value") +p.fields.length = ProtoField.uint32("melon.len", "Remaining message length", base.DEC) +p.fields.timestamp = ProtoField.uint64("melon.timestamp", "Timestamp", base.DEC) + +local p_type_enum_field = Field.new("melon.type.enum") + +function p.dissector(buffer, pinfo, tree) + local header_size = 0x18 + + -- check magic ("NIFI") + if buffer(0x00, 4):uint() ~= 0x4e494649 then return end + + local subtree = tree:add(p, buffer(0, header_size), string.format("%s: %d bytes", p.description, header_size)) + subtree:add(p.fields.magic, buffer(0x00, 4)) + + local instance = buffer(0x04, 4):le_uint() + subtree:add_le(p.fields.src, buffer(0x04, 4)) + + local type_tree = subtree:add_le(p.fields.type, buffer(0x08, 4)) + type_tree:add_le(p.fields.type_enum, buffer(0x08, 2)) + type_tree:add_le(p.fields.type_aid, buffer(0x0a, 2)) + + subtree:add_le(p.fields.length, buffer(0x0c, 4)) + subtree:add_le(p.fields.timestamp, buffer(0x10, 8)) + + -- pretty wireshark shit + pinfo.cols.protocol = p.name + pinfo.cols.src = string.format("instance %d", instance) + pinfo.cols.info = p_type_enum_field().display + + -- melonds packets always contain NIFI packets, I use 0 as the pattern + -- because this function doesn't seem to like nil + dt:try(0, buffer(header_size):tvb(), pinfo, tree) + + return header_size +end + -- cgit v1.2.3