Add a Wireshark plugin to help dissect UTCP packets.

This assumes UTCP is being transported in plaintext over UDP port 9999.

diff --git a/wireshark/utcp.lua b/wireshark/utcp.lua
new file mode 100644 (file)
index 0000000..3dce698
--- /dev/null
+++ b/wireshark/utcp.lua
@@ -0,0 +1,62 @@
+-- UTCP dissector
+
+utcp_protocol = Proto("UTCP", "User-space Transport Control Protocol")
+utcp_protocol.fields = {}
+
+src = ProtoField.uint16("utcp.src", "src", base.DEC)
+dst = ProtoField.uint16("utcp.dst", "dst", base.DEC)
+seq = ProtoField.uint32("utcp.seq", "seq", base.DEC)
+ack = ProtoField.uint32("utcp.ack", "ack", base.DEC)
+wnd = ProtoField.uint32("utcp.wnd", "wnd", base.DEC)
+ctl = ProtoField.uint16("utcp.ctl", "ctl", base.HEX)
+aux = ProtoField.uint16("utcp.aux", "aux", base.HEX)
+aux_init = ProtoField.uint32("utcp.aux_init", "aux_init", base.HEX)
+
+utcp_protocol.fields = {src, dst, seq, ack, wnd, ctl, aux, aux_init}
+
+ctltext = {"SYN", "ACK", "SYN ACK", "FIN", "SYN FIN", "ACK FIN", "SYN ACK FIN", "RST", "SYN RST", "ACK RST", "SYN ACK RST", "FIN RST", "SYN FIN RST", "ACK FIN RST", "SYN ACK FIN RST"}
+
+function ctl_to_text(ctl)
+  text = ctltext[ctl]
+  if text == nil then return "" end
+  return " (" .. text .. ")"
+end
+
+function utcp_protocol.dissector(buffer, pinfo, tree)
+  length = buffer:len()
+  if length == 0 then return end
+
+  pinfo.cols.protocol = utcp_protocol.name
+
+  local subtree = tree:add(utcp_protocol, buffer(), "UTCP Protocol Data")
+  local ctl_text = ctl_to_text(buffer(16, 2):le_int())
+  local aux_field = buffer(18, 2):le_int()
+  local aux_len = 4 * ((aux_field - aux_field % 256) / 256) % 16
+  local aux_type = aux_field % 256
+  local aux_text = ""
+  if aux_field ~= 0 then
+      aux_text = " (type " .. aux_type .. " length " .. aux_len .. ")"
+  end
+
+  subtree:add_le(src, buffer(0, 2))
+  subtree:add_le(dst, buffer(2, 2))
+  subtree:add_le(seq, buffer(4, 4))
+  subtree:add_le(ack, buffer(8, 4))
+  subtree:add_le(wnd, buffer(12, 4))
+  subtree:add_le(ctl, buffer(16, 2)):append_text(ctl_text)
+  subtree:add_le(aux, buffer(18, 2)):append_text(aux_text)
+
+  if aux_field == 257 then
+      local flags = buffer(23, 1):le_int()
+      local flags_text = ""
+      if flags == 0 then flags_text = " (UDP)"
+      elseif flags == 3 then flags_text = " (TCP)"
+      end
+      subtree:add_le(aux_init, buffer(20, 4)):append_text(flags_text)
+  end
+end
+
+-- Assume we run the test program on port 9999
+
+local udp_port = DissectorTable.get("udp.port")
+udp_port:add(9999, utcp_protocol)