rohieb/eventdistr.lua

## eventdistr.lua
-- Wireshark dissector for the EVENTDISTR protocol
-- The specification is at https://stratum0.org/wiki/EVENTDISTR
--
-- Copyright (C) 2013 Roland Hieber <rohieb@rohieb.name>
--
-- This program is free software; you can redistribute it and/or modify it
-- under the terms of the GNU General Public License, version 3, as published
-- by the Free Software Foundation.
--
-- This program is distributed in the hope that it will be useful, but WITHOUT
-- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
-- more details.
--
-- You should have received a copy of the GNU General Public License along with
-- this program; if not, see <http://www.gnu.org/licenses/>.
--

--
-- event-specific dissector functions
--
eventdistr_pkfuncs = {}
eventdistr_pkfuncs.__RISINGFALLING__ = function(buf,tree)
	if buf:string() == "RISING" then
		tree:add(buf, "Rising flank")
	elseif buf:string() == "FALLING" then
		tree:add(buf, "Falling flank")
	else
		tree = tree:add(buf, "Could not decode flank change!")
		tree:set_expert_flags(PI_MALFORMED, PI_ERROR)
	end
end
eventdistr_pkfuncs.DingDong = eventdistr_pkfuncs.__RISINGFALLING__
eventdistr_pkfuncs.DoorUnten = eventdistr_pkfuncs.__RISINGFALLING__
eventdistr_pkfuncs.VirtualMsg = function(buf,tree)
	tree:add(buf, "Message: "..buf:string())
end
eventdistr_pkfuncs.NowPlaying = function(buf,tree)
	local error_handler = function(tree, msg)
		tree = tree:add(msg)
		tree:set_expert_flags(PI_MALFORMED, PI_ERROR)
	end

	-- area
	areas = { A = "Frickelraum", B = "Lounge", K = "Kitchen", ["0"] = "Bath" }
	n = string.find(buf:string(), "\0")
	if n == nil then
		error_handler(tree, "Could not decode area!")
		return
	end
	s = buf(0,n-1):string()
	if areas[s] == nil then
		error_handler(tree, "Could not decode area!")
		return
	end
	tree:add(buf(0,#s+1), "Area: " .. areas[s])
	buf = buf(#s+1, buf:len()-#s-1)

	-- was stopped?
	if buf:string() == "\0\0" then
		tree:add(buf, "Playback was stopped")
		return
	end

	-- interpret
	n = string.find(buf:string(), "\0")
	if n == nil then
		error_handler(tree, "Could not decode interpret!")
		return
	end
	s = buf(0,n-1):string()
	tree:add(buf(0,#s+1), "Interpret: " .. s)
	buf = buf(#s+1, buf:len()-#s-1)

	-- title
	n = string.find(buf:string(), "\0")
	if n == nil then
		error_handler(tree, "Could not decode title!")
		return
	end
	s = buf(0,n-1):string()
	tree:add(buf(0,#s+1), "Title: " .. s)
	--buf = buf(#s+1, buf:len()-#s-1)
end

--
-- OK, now for the real fun.
--

-- declare our protocol
eventdistr_proto = Proto("eventdistr","Event Distribution Protocol")

-- create a function to dissect it
function eventdistr_proto.dissector(buf, pinfo, tree)
	pinfo.cols.protocol = "EVENTDISTR"
	local subtree = tree:add(eventdistr_proto, buf(),
		"Event Distribution Protocol")
	subtree:add(buf(0,10), "Magic String")
	subtree:add(buf(10,2), "Protocol version: " .. buf(10,2):string())
	subtree:add(buf(12,1), "Separator")

	-- only name and value are needed now
	buf = buf(13, buf:len()-13)

	-- find = separator, if any
	local sep = string.find(buf:string(), "=")
	local has_value = true
	if sep == nil then
		sep = buf:len() + 1
		has_value = false
	end

	-- get event name and call event-specific functions
	event_name = buf(0,sep-1):string()
	subtree = subtree:add(buf, event_name .. " Event")
	if has_value then
		valuebuf = buf(sep,buf:len()-sep)
		if eventdistr_pkfuncs[event_name] then
			eventdistr_pkfuncs[event_name](valuebuf, subtree)
		end
	end
end

-- register our protocol to handle udp port 31337
-- FIXME: make this heuristic-based
udp_table = DissectorTable.get("udp.port")
udp_table:add(31337, eventdistr_proto)
	-- Wireshark dissector for the EVENTDISTR protocol
	-- The specification is at https://stratum0.org/wiki/EVENTDISTR
	--
	-- Copyright (C) 2013 Roland Hieber <rohieb@rohieb.name>
	--
	-- This program is free software; you can redistribute it and/or modify it
	-- under the terms of the GNU General Public License, version 3, as published
	-- by the Free Software Foundation.
	--
	-- This program is distributed in the hope that it will be useful, but WITHOUT
	-- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	-- FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
	-- more details.
	--
	-- You should have received a copy of the GNU General Public License along with
	-- this program; if not, see <http://www.gnu.org/licenses/>.
	--

	--
	-- event-specific dissector functions
	--
	eventdistr_pkfuncs = {}
	eventdistr_pkfuncs.__RISINGFALLING__ = function(buf,tree)
	if buf:string() == "RISING" then
	tree:add(buf, "Rising flank")
	elseif buf:string() == "FALLING" then
	tree:add(buf, "Falling flank")
	else
	tree = tree:add(buf, "Could not decode flank change!")
	tree:set_expert_flags(PI_MALFORMED, PI_ERROR)
	end
	end
	eventdistr_pkfuncs.DingDong = eventdistr_pkfuncs.__RISINGFALLING__
	eventdistr_pkfuncs.DoorUnten = eventdistr_pkfuncs.__RISINGFALLING__
	eventdistr_pkfuncs.VirtualMsg = function(buf,tree)
	tree:add(buf, "Message: "..buf:string())
	end
	eventdistr_pkfuncs.NowPlaying = function(buf,tree)
	local error_handler = function(tree, msg)
	tree = tree:add(msg)
	tree:set_expert_flags(PI_MALFORMED, PI_ERROR)
	end

	-- area
	areas = { A = "Frickelraum", B = "Lounge", K = "Kitchen", ["0"] = "Bath" }
	n = string.find(buf:string(), "\0")
	if n == nil then
	error_handler(tree, "Could not decode area!")
	return
	end
	s = buf(0,n-1):string()
	if areas[s] == nil then
	error_handler(tree, "Could not decode area!")
	return
	end
	tree:add(buf(0,#s+1), "Area: " .. areas[s])
	buf = buf(#s+1, buf:len()-#s-1)

	-- was stopped?
	if buf:string() == "\0\0" then
	tree:add(buf, "Playback was stopped")
	return
	end

	-- interpret
	n = string.find(buf:string(), "\0")
	if n == nil then
	error_handler(tree, "Could not decode interpret!")
	return
	end
	s = buf(0,n-1):string()
	tree:add(buf(0,#s+1), "Interpret: " .. s)
	buf = buf(#s+1, buf:len()-#s-1)

	-- title
	n = string.find(buf:string(), "\0")
	if n == nil then
	error_handler(tree, "Could not decode title!")
	return
	end
	s = buf(0,n-1):string()
	tree:add(buf(0,#s+1), "Title: " .. s)
	--buf = buf(#s+1, buf:len()-#s-1)
	end

	--
	-- OK, now for the real fun.
	--

	-- declare our protocol
	eventdistr_proto = Proto("eventdistr","Event Distribution Protocol")

	-- create a function to dissect it
	function eventdistr_proto.dissector(buf, pinfo, tree)
	pinfo.cols.protocol = "EVENTDISTR"
	local subtree = tree:add(eventdistr_proto, buf(),
	"Event Distribution Protocol")
	subtree:add(buf(0,10), "Magic String")
	subtree:add(buf(10,2), "Protocol version: " .. buf(10,2):string())
	subtree:add(buf(12,1), "Separator")

	-- only name and value are needed now
	buf = buf(13, buf:len()-13)

	-- find = separator, if any
	local sep = string.find(buf:string(), "=")
	local has_value = true
	if sep == nil then
	sep = buf:len() + 1
	has_value = false
	end

	-- get event name and call event-specific functions
	event_name = buf(0,sep-1):string()
	subtree = subtree:add(buf, event_name .. " Event")
	if has_value then
	valuebuf = buf(sep,buf:len()-sep)
	if eventdistr_pkfuncs[event_name] then
	eventdistr_pkfuncs[event_name](valuebuf, subtree)
	end
	end
	end

	-- register our protocol to handle udp port 31337
	-- FIXME: make this heuristic-based
	udp_table = DissectorTable.get("udp.port")
	udp_table:add(31337, eventdistr_proto)