Created
April 13, 2020 21:06
-
-
Save J0J0/89da1c447f439c0cc6d459314ce6d5f1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- A simple whireshark dissector for GfxTablet's UDP packages, see | |
| -- https://github.com/rfc2822/GfxTablet and | |
| -- https://github.com/rfc2822/GfxTablet/blob/master/doc/protocol.txt | |
| gfxtablet_proto = Proto("gfxtab", "GfxTablet protocol") | |
| function gfxtablet_proto.dissector(buf, pinfo, tree) | |
| pinfo.cols.protocol = "GFXTAB" | |
| local t = tree:add(gfxtablet_proto, buf(), "GfxTablet Protocol Data") | |
| --local b_id = buf(0,9) -- "GfxTablet" | |
| --t:add(b_id, b_id:string()) | |
| local b_protover = buf(9,2) | |
| local protover = b_protover:uint() | |
| t:add(b_protover, "protocol version: " .. protover) | |
| -- this dissector is for protocol version 2 only | |
| if protover ~= 2 then | |
| return | |
| end | |
| local b_evtype = buf(11,1) | |
| local b_x = buf(12,2) | |
| local b_y = buf(14,2) | |
| local b_pressure = buf(16,2) | |
| local evtype = b_evtype:uint() | |
| t:add(b_evtype, "event type: " .. evtype ) | |
| t:add(b_x, "x: " .. b_x:uint() ) | |
| t:add(b_y, "y: " .. b_y:uint() ) | |
| t:add(b_pressure, "pressure: " .. b_pressure:uint()) | |
| if evtype == 1 then -- 1 == button event (0 == motion event) | |
| local b_button = buf(18,1) | |
| local b_button_status = buf(19,1) | |
| t:add(b_button , "button id: " .. b_button:int() ) | |
| t:add(b_button_status, "button status: " .. b_button_status:uint()) | |
| end | |
| end | |
| udp_table = DissectorTable.get("udp.port") | |
| udp_table:add(40118, gfxtablet_proto) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment