From 8f33d9c9a7c95f17c480782fee3b5e405d41a79c Mon Sep 17 00:00:00 2001
From: lonkaars <loek@pipeframe.xyz>
Date: Mon, 29 Apr 2024 18:40:03 +0200
Subject: WIP wireshark dissector

---
 wireshark/nifi-dissect.lua | 32 ++++++++++++++++++++++++++++++++
 wireshark/wireshark        |  5 +++++
 2 files changed, 37 insertions(+)
 create mode 100644 wireshark/nifi-dissect.lua
 create mode 100755 wireshark/wireshark

(limited to 'wireshark')

diff --git a/wireshark/nifi-dissect.lua b/wireshark/nifi-dissect.lua
new file mode 100644
index 0000000..98520e5
--- /dev/null
+++ b/wireshark/nifi-dissect.lua
@@ -0,0 +1,32 @@
+proto = Proto("NIFI", "Nintendo DS ni-fi")
+
+MAGIC = ProtoField.uint32("nifi.magic", "Magic", base.HEX)
+SENDERID = ProtoField.int32("nifi.senderid", "SenderID", base.DEC)
+TYPE = ProtoField.uint32("nifi.type", "Type", base.DEC)
+LENGTH = ProtoField.uint32("nifi.length", "Length", base.DEC)
+TIMESTAMP = ProtoField.uint64("nifi.timestamp", "Timestamp", base.DEC)
+
+proto.fields = {
+	MAGIC,
+	SENDERID,
+	TYPE,
+	LENGTH,
+	TIMESTAMP,
+}
+
+function proto.dissector(buffer, pinfo, tree)
+	-- check magic ("NIFI")
+	if buffer(0, 4):uint() ~= 0x4e494649 then return end
+
+	pinfo.cols.protocol = proto.name
+
+	local subtree = tree:add(proto, buffer(), "Ni-Fi data")
+
+	subtree:add(MAGIC, buffer(0, 4))
+	subtree:add_le(SENDERID, buffer(4, 4))
+	pinfo.cols.src = tostring(buffer(4, 4):le_int())
+	subtree:add_le(TYPE, buffer(8, 4))
+	subtree:add_le(LENGTH, buffer(12, 4))
+	subtree:add_le(TIMESTAMP, buffer(16, 8))
+end
+
diff --git a/wireshark/wireshark b/wireshark/wireshark
new file mode 100755
index 0000000..b871ea3
--- /dev/null
+++ b/wireshark/wireshark
@@ -0,0 +1,5 @@
+#!/bin/sh
+# simple wrapper to load nifi-dissect script as DLT_USER0 dissecter
+here="$(dirname "$0")"
+exec wireshark -X "lua_script:$here/nifi-dissect.lua" -o 'uat:user_dlts:"User 0 (DLT=147)","nifi","","","",""' "$@"
+
-- 
cgit v1.2.3