Dissector reorganization

tools/dissectors/1-hfudt.lua → tools/dissectors/0001-hfudt.lua

@@ -185,18 +185,7 @@ function p_hfudt.dissector(buf, pinfo, tree)
       buf = newbuf:tvb("Unobfuscated")
     end
 
-    -- read the type
-    local packet_type = buf(payload_offset, 1):le_uint()
-    local ptype = subtree:add_le(f_type, buf(payload_offset, 1))
-    local packet_type_text = packet_types[packet_type]
-
-    if packet_type_text  ~= nil then
-      pinfo.cols.info:append(" [" .. packet_type_text .. "]")
-    end
-    -- read the version
-    subtree:add_le(f_version, buf(payload_offset + 1, 1))
-
-    local i = payload_offset + 2
+    local i = payload_offset 
 
 
 

tools/dissectors/2-hf-nlpacket.lua → tools/dissectors/0002-hf-nlpacket.lua

@@ -168,6 +168,20 @@ local nonverified_packet_types = {
     ["NodeMuteRequest"] = true,
 }
 
+-- Mapping of packet type to decoder
+local dissectors = {
+  ["DomainList"] = "hf-domain",
+  ["DomainConnectRequest"] = "hf-domain",
+  ["DomainListRequest"] = "hf-domain",
+  ["AvatarData"] = "hf-avatar",
+  ["BulkAvatarData"] = "hf-avatar",
+  ["BulkAvatarTraits"] = "hf-avatar",
+  ["EntityEdit"] = "hf-entity",
+  ["MicrophoneAudioNoEcho"] = "hf-audio",
+  ["MicrophoneAudioWithEcho"] = "hf-audio",
+  ["SilentAudioFrame"] = "hf-audio"
+}
+
 
 p_nlpacket = Proto("hf-nlpacket", "HF NLPacket")
 
@@ -176,72 +190,75 @@ local f_version = ProtoField.uint8("hf-nlpacket.version"     , "Version"  , base
 local f_sender_id = ProtoField.uint16("hf-nlpacket.sender_id", "Sender ID", base.DEC)
 local f_hmac_hash = ProtoField.bytes("hf-nlpacket.hmac_hash" , "HMAC Hash")
 
+-- We don't know what this is at all.
+local ef_unknown_type = ProtoExpert.new("nf-nlpacket.unknown_type.expert", "Packet type unrecognized. Wireshark decoder too old?", expert.group.UNDECODED, expert.severity.ERROR)
+
+-- We know what it is, but there's no decoder for it.
+local ef_no_decoder = ProtoExpert.new("hf-nlpacket.no_decoder.expert", "Decoder for this packet hasn't been implemented yet", expert.group.UNDECODED, expert.severity.ERROR)
+
 p_nlpacket.fields = {
-    f_type, f_version, f_sender_id, f_hmac_hash
+  f_type, f_version, f_sender_id, f_hmac_hash
 }
 
+p_nlpacket.experts = { 
+  ef_unknown_type, ef_no_decoder 
+}
 
+function p_nlpacket.dissector(buf, pinfo, tree)
+  pinfo.cols.protocol = p_nlpacket.name
 
-local packet_type_extractor = Field.new('hfudt.type')
+  local pos = 0
 
-function p_hf_nlpacket.dissector(buf, pinfo, tree)
-    pinfo.cols.protocol = p_nlpacket.name
+  -- Packet must at least have type and version
+  if buf:len() < 2 then return end
 
-    local pos = 0
 
-    local packet_type = buf(0, 1):le_uint()
-    local packet_type_text = packet_types[packet_type]
+  subtree = tree:add(p_nlpacket, buf(0))
 
 
-    subtree.add(f_type, buf(pos,1)); pos = pos + 1
-    subtree.add(f_version, buf(pos,1)); pos = pos + 1
+  local packet_type = buf(0, 1):le_uint()
+  local packet_type_text = packet_types[packet_type]
 
+
 
-    if unsourced_packet_types[packet_type_text] == nil then
-        subtree:add_le(f_sender_id, buf(pos,2))
-        pos = pos + 2
-    end
+  subtree:add(f_type, buf(pos,1)); pos = pos + 1
+  subtree:add(f_version, buf(pos,1)); pos = pos + 1
 
-    if nonverified_packet_types[packet_type_text] then --== nil and unsourced_packet_types[packet_type_text] == nil then
-        -- read HMAC MD5 hash
-        subtree:add(f_hmac_hash, buf(pos, 16))
-        pos = pos + 16
-    end
 
-    ---------------------------------------------------------------------------
-    -- Payload dissection
-    ---------------------------------------------------------------------------
+  if unsourced_packet_types[packet_type_text] == nil then
+    subtree:add_le(f_sender_id, buf(pos,2))
+    pos = pos + 2
+  end
 
-    local payload_to_dissect = nil
+  if nonverified_packet_types[packet_type_text] == nil then --== nil and unsourced_packet_types[packet_type_text] == nil then
+      -- read HMAC MD5 hash
+      subtree:add(f_hmac_hash, buf(pos, 16))
+      pos = pos + 16
+  end
 
-    if payload_to_dissect ~= nil then
-        -- Domain packets
-        if packet_type_text == "DomainList" or
-           packet_type_text == "DomainConnectRequest" or
-           packet_type_text == "DomainListRequest"
-        then
-          Dissector.get("hf-domain"):call(payload_to_dissect, pinfo, tree)
-        end
-
-        -- AvatarData or BulkAvatarDataPacket
-        if packet_type_text == "AvatarData" or
-           packet_type_text == "BulkAvatarData" or
-           packet_type_text == "BulkAvatarTraits" then
-          Dissector.get("hf-avatar"):call(payload_to_dissect, pinfo, tree)
-        end
-
-        if packet_type_text == "EntityEdit" then
-          Dissector.get("hf-entity"):call(payload_to_dissect, pinfo, tree)
-        end
-
-        if packet_types[packet_type] == "MicrophoneAudioNoEcho" or
-           packet_types[packet_type] == "MicrophoneAudioWithEcho" or
-           packet_types[packet_type] == "SilentAudioFrame" then
-          Dissector.get("hf-audio"):call(payload_to_dissect, pinfo, tree)
-        end
-      end
-
-    end
+  ---------------------------------------------------------------------------
+  -- Payload dissection
+  ---------------------------------------------------------------------------
+
+  if packet_type_text == nil then
+    -- We don't even know what this packet type is. Please contribute!
+    tree:add_proto_expert_info(ef_no_decoder)
+    print("Packet type " .. packet_type .. " is not known")
+    return
+  end
+
+  pinfo.cols.info:append(" [" .. packet_type_text .. "]")
+
+  local payload_to_dissect = buf(pos):tvb()
+
+  dissector = dissectors[packet_type_text]
+
+  if dissector ~= nil then
+    Dissector.get(dissector):call(payload_to_dissect, pinfo, tree)
+  else
+    -- We don't know how to decode this. Please contribute!
+    tree:add_proto_expert_info(ef_no_decoder)
+  end
 
 end
 

tools/dissectors/2-hf-audio.lua

@@ -15,7 +15,7 @@ p_hf_audio.fields = {
   f_audio_is_stereo, f_audio_num_silent_samples
 }
 
-local packet_type_extractor = Field.new('nlpacket.type')
+local packet_type_extractor = Field.new('hf-nlpacket.type')
 
 function p_hf_audio.dissector(buf, pinfo, tree)
   pinfo.cols.protocol = p_hf_audio.name

tools/dissectors/3-hf-avatar.lua

@@ -90,7 +90,7 @@ p_hf_avatar.fields = {
   f_avatar_trait_instance_id
 }
 
-local packet_type_extractor = Field.new('hfudt.type')
+local packet_type_extractor = Field.new('hf-nlpacket.type')
 
 INSTANCED_TYPES = {
   [1] = true

tools/dissectors/5-hf-domain.lua

@@ -93,8 +93,8 @@ local f_username_id = ProtoField.string("hf_domain.username", "Username")
 local f_username_signature_length_id = ProtoField.uint32("hf_domain.username_signature_len", "Username Signature Length")
 local f_username_signature_id = ProtoField.string("hf_domain.username_signature", "Username Signature")
 
-local packet_type_extractor = Field.new('hfudt.type')
-local packet_version_extractor = Field.new('hfudt.version')
+local packet_type_extractor = Field.new('hf-nlpacket.type')
+local packet_version_extractor = Field.new('hf-nlpacket.version')
 
 local ef_version_unsupported = ProtoExpert.new("hfudt.version_unsupported.expert", "Protocol version unsupported by decoder", expert.group.UNDECODED, expert.severity.ERROR)
 local ef_zlib_unsupported = ProtoExpert.new("hfudt.zlib_unsupported.expert", "zlib decompression not supported by this Wireshark version, 4.3.0 or later required.", expert.group.UNDECODED, expert.severity.WARN)
@@ -216,7 +216,7 @@ function p_hf_domain.dissector(buf, pinfo, tree)
 
         len = buf(i, 4):uint()
         domain_subtree:add(f_username_signature_length_id, buf(i, 4)); i = i + 4
-        domain_subtree:add(f_username_signature_id, buf(i,len), buf(i, len):ustring()); i = i + len
+        domain_subtree:add(f_username_signature_id, buf(i,len)); i = i + len
       end
     else
       tree:add_proto_expert_info(ef_version_unsupported)