From cef0cbd29a903e023ad5730b98beceb40baa6bf0 Mon Sep 17 00:00:00 2001 From: Loek Le Blansch Date: Wed, 28 Aug 2024 16:06:20 +0200 Subject: more WIP --- wireshark/rxhdr.lua | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 wireshark/rxhdr.lua (limited to 'wireshark/rxhdr.lua') diff --git a/wireshark/rxhdr.lua b/wireshark/rxhdr.lua new file mode 100644 index 0000000..3924603 --- /dev/null +++ b/wireshark/rxhdr.lua @@ -0,0 +1,50 @@ +require "util" + +local p = Proto("rxhdr", "Hardware RX header") + +-- based off + +p.fields.unknown = ProtoField.bytes("rxhdr.unknown", "Unknown") + +p.fields.flags = ProtoField.new("Flags", "rxhdr.flags", ftypes.BYTES) +p.fields.flag_type = ProtoField.uint16("rxhdr.flags.type", "Frame type", base.DEC, nil, bits(0, 4)) +p.fields.flag_more = ProtoField.bool("rxhdr.flags.more", "More fragments", base.DEC, nil, bits(8)) + +p.fields.new = ProtoField.bool("rxhdr.new", "New frame") +p.fields.magic = ProtoField.bytes("rxhdr.magic", "Magic") +p.fields.channel = ProtoField.uint8("rxhdr.channel", "802.11 channel") + +p.fields.rate = ProtoField.uint16("rxhdr.rate", "Transfer rate", base.HEX, { + [0x0a] = "1 Mbit/s", + [0x14] = "2 Mbit/s", +}) +p.fields.length = ProtoField.uint16("rxhdr.len", "Remaining message length") + +local ieee_dissector = Dissector.get("ieee") + +function p.dissector(buffer, pinfo, tree) + local header_size = 12 + -- check buffer size + if buffer:len() < header_size then return 0 end + + local subtree = tree:add(p, buffer(0, header_size), string.format("%s: %d bytes", p.description, header_size)) + + local flags_tree = subtree:add(p.fields.flags, buffer(0x00, 2)) + flags_tree:add_le(p.fields.flag_type, buffer(0x00, 2)) + flags_tree:add_le(p.fields.flag_more, buffer(0x00, 2)) + + subtree:add(p.fields.unknown, buffer(0x02, 2)) + subtree:add(p.fields.unknown, buffer(0x04, 2)) + + subtree:add_le(p.fields.rate, buffer(0x06, 2)) + subtree:add_le(p.fields.length, buffer(0x08, 2)) + local length = buffer(0x08, 2):le_uint() + + -- pretty wireshark shit + pinfo.cols.protocol = p.name + + ieee_dissector:call(buffer(header_size, length):tvb(), pinfo, tree) + + return header_size +end + -- cgit v1.2.3