Fix wireshark dissector, update with new packet types.

Probably still incomplete, but getting closer.

tools/dissectors/1-hfudt.lua

@@ -1,4 +1,5 @@
 print("Loading hfudt")
+bit32 = require("bit32")
 
 -- create the HFUDT protocol
 p_hfudt = Proto("hfudt", "HFUDT Protocol")
@@ -154,19 +155,55 @@ local packet_types = {
   [99] = "EntityQueryInitialResultsComplete",
   [100] = "BulkAvatarTraits",
   [101] = "AudioSoloRequest",
-  [102] = "BulkAvatarTraitsAck"
+  [102] = "BulkAvatarTraitsAck",
+  [103] = "StopInjector",
+  [104] = "AvatarZonePresence",
+  [105] = "WebRTCSignaling"
 }
 
+-- PacketHeaders.h, getNonSourcedPackets()
 local unsourced_packet_types = {
-  ["DomainList"] = true,
+  ["DomainConnectRequestPending"] = true,
+  ["CreateAssignment"] = true,
+  ["RequestAssignment"] = true,
+  ["DomainServerRequireDTLS"] = true,
   ["DomainConnectRequest"] = true,
-  ["ICEPing"] = true,
-  ["ICEPingReply"] = true,
+  ["DomainList"] = true,
+  ["DomainConnectionDenied"] = true,
+  ["DomainServerPathQuery"] = true,
+  ["DomainServerPathResponse"] = true,
+  ["DomainServerAddedNode"] = true,
   ["DomainServerConnectionToken"] = true,
   ["DomainSettingsRequest"] = true,
-  ["ICEServerHeartbeatACK"] = true
+  ["OctreeDataFileRequest"] = true,
+  ["OctreeDataFileReply"] = true,
+  ["OctreeDataPersist"] = true,
+  ["DomainContentReplacementFromUrl"] = true,
+  ["DomainSettings"] = true,
+  ["ICEServerPeerInformation"] = true,
+  ["ICEServerQuery"] = true,
+  ["ICEServerHeartbeat"] = true,
+  ["ICEServerHeartbeatACK"] = true,
+  ["ICEPing"] = true,
+  ["ICEPingReply"] = true,
+  ["ICEServerHeartbeatDenied"] = true,
+  ["AssignmentClientStatus"] = true,
+  ["StopNode"] = true,
+  ["DomainServerRemovedNode"] = true,
+  ["UsernameFromIDReply"] = true,
+  ["OctreeFileReplacement"] = true,
+  ["ReplicatedMicrophoneAudioNoEcho"] = true,
+  ["ReplicatedMicrophoneAudioWithEcho"] = true,
+  ["ReplicatedInjectAudio"] = true,
+  ["ReplicatedSilentAudioFrame"] = true,
+  ["ReplicatedAvatarIdentity"] = true,
+  ["ReplicatedKillAvatar"] = true,
+  ["ReplicatedBulkAvatarData"] = true,
+  ["AvatarZonePresence"] = true,
+  ["WebRTCSignaling"] = true
 }
 
+-- PacketHeaders.h, getNonVerifiedPackets()
 local nonverified_packet_types = {
     ["NodeJsonStats"] = true,
     ["EntityQuery"] = true,
@@ -257,7 +294,7 @@ function p_hfudt.dissector(buf, pinfo, tree)
     -- read the obfuscation level
     local obfuscation_bits = bit32.band(0x03, bit32.rshift(first_word, 27))
     subtree:add(f_obfuscation_level, obfuscation_bits)
-    
+
     -- read the sequence number
     subtree:add(f_sequence_number, bit32.band(first_word, SEQUENCE_NUMBER_MASK))
 
@@ -431,12 +468,12 @@ function deobfuscate(message_bit, buf, level)
   else
     return
   end
-  
+
   local start = 4
   if message_bit == 1 then
     local start = 12
   end
-  
+
   local p = 0
   for i = start, buf:len() - 1 do
     out:set_index(i, bit.bxor(buf(i, 1):le_uint(), key:get_index(7 - (p % 8))) )

tools/dissectors/2-hf-audio.lua

@@ -1,5 +1,5 @@
 print("Loading hf-audio")
-
+bit32 = require("bit32")
 -- create the audio protocol
 p_hf_audio = Proto("hf-audio", "HF Audio Protocol")
 

tools/dissectors/3-hf-avatar.lua

@@ -1,4 +1,5 @@
 print("Loading hf-avatar")
+bit32 = require("bit32")
 
 -- create the avatar protocol
 p_hf_avatar = Proto("hf-avatar", "HF Avatar Protocol")

tools/dissectors/4-hf-entity.lua

@@ -1,4 +1,5 @@
 print("Loading hf-entity")
+bit32 = require("bit32")
 
 -- create the entity protocol
 p_hf_entity = Proto("hf-entity", "HF Entity Protocol")

tools/dissectors/5-hf-domain.lua

@@ -1,4 +1,6 @@
 -- create the domain protocol
+print("Loading hf-domain")
+bit32 = require("bit32")
 p_hf_domain = Proto("hf-domain", "HF Domain Protocol")
 
 -- domain packet fields

tools/dissectors/README.md

@@ -1,14 +1,50 @@
-High Fidelity Wireshark Plugins
----------------------------------
+# High Fidelity Wireshark Plugins
 
-Install wireshark 2.4.6 or higher.
 
-Copy these lua files into c:\Users\username\AppData\Roaming\Wireshark\Plugins
+## Installation
 
-After a capture any detected High Fidelity Packets should be easily identifiable by one of the following protocols
 
-* HF-AUDIO - Streaming audio packets
-* HF-AVATAR - Streaming avatar mixer packets
-* HF-ENTITY - Entity server traffic
-* HF-DOMAIN - Domain server traffic
-* HFUDT - All other UDP traffic
+* Install wireshark 2.4.6 or higher.
+* Copy these lua files into `c:\Users\username\AppData\Roaming\Wireshark\Plugins` on Windows, or `$HOME/.local/lib/wireshark/plugins` on Linux.
+
+## Lua version
+
+This is a Lua plugin, which requires the bit32 module to be installed. You can find the Lua version wireshark uses in the About dialog, eg:
+
+    Version 4.2.5 (Git commit 798e06a0f7be).
+
+    Compiled (64-bit) using GCC 14.1.1 20240507 (Red Hat 14.1.1-1), with GLib
+    2.80.2, with Qt 6.7.0, with libpcap, with POSIX capabilities (Linux), with libnl
+    3, with zlib 1.3.0.zlib-ng, with PCRE2, with Lua 5.1.5, with GnuTLS 3.8.5 and
+
+This indicates Lua 5.1 is used (see on the last line)
+
+
+## Requirements
+
+On Fedora 40:
+
+* wireshark-devel
+* lua5.1-bit32
+
+
+## Usage
+
+After a capture any detected Overte Packets should be easily identifiable by one of the following protocols
+
+* `HF-AUDIO` - Streaming audio packets
+* `HF-AVATAR` - Streaming avatar mixer packets
+* `HF-ENTITY` - Entity server traffic
+* `HF-DOMAIN` - Domain server traffic
+* `HFUDT` - All other UDP traffic
+
+
+
+
+## Troubleshooting
+
+### attempt to index global 'bit32' (a nil value)
+
+`[Expert Info (Error/Undecoded): Lua Error: /home/dale/.local/lib/wireshark/plugins/1-hfudt.lua:207: attempt to index global 'bit32' (a nil value)]`
+
+See the installation requirements, you need to install the bit32 Lua module for the right Lua version.