-- @brief WaveFormStream analyzer for wireshark
-- @author Epagris
-- @date 2022.04.29.

-- 1. Create parser objects
local NAME = "WFS"  --Custom protocol name
local MsgProto = Proto(NAME, "WaveFormStream over UDP")

-- MsgProto Resolution fields for defining protocols
local fields = MsgProto.fields
fields.timestamp_s = ProtoField.uint32(NAME .. "TIMESTAMP_S", "timestamp_s", base.DEC)
fields.timestamp_ns = ProtoField.uint32(NAME .. "TIMESTAMP_NS", "timestamp_ns", base.DEC)
fields.sample_cnt = ProtoField.uint32(NAME .. "SAMPLE_CNT", "sample_cnt", base.DEC)
fields.sample_size = ProtoField.uin16_t(NAME .. "SAMPLE_SIZE", "sample_size", base.DEC)
fields.channel_count = ProtoField.uin16_t(NAME .. "CHANNEL_COUNT", "channel_count", base.DEC)
fields.addr = ProtoField.ipv4(NAME .. "ADDR", "addr", base.DEC)

local data_dis = Dissector.get("data")

-- 2. Parser function dissect packet
--[[
    //Next, define the main function of the foo parser, which is called by wireshark
    //The first parameter is the tvb type, which represents the data that needs to be parsed by this parser
    //The second parameter is the Pinfo type, which is the information on the protocol parsing tree, including the display on the UI.
    //The third parameter is the TreeItem type, which represents the upper parse tree.
--]]

function MsgProto.dissector (tvb, pinfo, tree)

    --Create a subtree from the root tree to print parsed message data
    local subtree = tree:add(MsgProto, tvb())
    subtree:append_text(", msg_no: " .. tvb(0, 1):uint())
    -- The protocol name displayed on the protocol line in the packet details
    pinfo.cols.protocol = MsgProto.name

    tvb_length = tvb:len()
    -- dissect field one by one, and add to protocol tree
    --Include a header in the message and continue to create tree parsing
    local msg_head_tree = subtree:add(MsgProto, tvb(0,2), "MSG_HEADER") --"MSG_HEADER"The parameter replaces the protocol name display
    msg_head_tree:add(fields.msg_no, tvb(0, 1))--Represents a byte starting from 0
    msg_head_tree:add(fields.msg_version, tvb(1, 1))

    subtree:add(fields.msg_len, tvb(2,1))

    subtree:add(fields.length, tvb_length) --Display data slice length information without fetching data from slice memory
    subtree:add(fields.data_length, tvb_length-8)

    -- Bit Domain Continues to Create Tree Resolution
    local msg_bitx_tree = subtree:add( fields.msg_bitx, tvb(3,1) )       -- bitfield
    msg_bitx_tree:add(fields.msg_bit1,tvb(3,1))
    msg_bitx_tree:add(fields.msg_bit2,tvb(3,1))
    msg_bitx_tree:add(fields.msg_bit3,tvb(3,1))
    msg_bitx_tree:add(fields.msg_bit4,tvb(3,1))

    subtree:add_le(fields.local_id,tvb(4,4))
    subtree:add_le(fields.remote_id,tvb(8,4))

    data_dis:call(tvb(12):tvb(), pinfo, tree) --It is noteworthy to parse the data in the data stream after the message structure. call The parameter name must be tvb，？？？，I hope the big man will give me some advice.

end

-- 3 Register the parser to wireshark Analytical table register this dissector
local udp_port_table = DissectorTable.get("tcp.port")

--Adding parsed TCP Port, Identify Protocol Based on Port Number
for i,port in ipairs{8001,8002} do
    udp_port_table:add(port,MsgProto)
end