I'm not ASN.1 expert either, but it appears that the existing
"asn1_tag_decode()" only works for the "high tag number" format
(multi-octet) tag IDs. In particular, it assumes that bit 8 will be set
on low-tag-number identifiers (but this isn't necessarily the case).
Oops, no, that's not the problem...
The problem is that the TCAP dissector is using 'asn1_tag_decode()'
instead of 'asn1_id_decode()' (which does the work for dealing with low
and high tag number formats).
However, the TCAP dissector wants the tag to include the Class,
Constructor, and Tag bits all combined together...
So there are 3 options:
1) Rewrite a bunch of the TCAP dissector to look at tag IDs as a triplet
(class, constructor, tag number)
- this probably has negative filtering consequences: users will
probably want to filter on "tcap.msgtype == 0x62" instead of just the
tag number
2) Make 'asn1_tag_decode_m()' a wrapper around 'asn1_id_decode()' that
then squishes the class, constructor, and tag number back together
3) Change the comment for (and maybe the name of) 'asn1_tag_decode_m()'
to indicate why that function is used instead of 'asn1_id_decode()'
The attached patch does #3.
Michael Lum wrote:
That was in the original file from Samuel Qu so I don't know why
he thought it was necessary to override it.
I believe the difference is this part:
ret = asn1_octet_decode (asn1, &ch);
if (ret != ASN1_ERR_NOERROR)
return ret;
if ((ch & 0x1f) != 0x1f)
{
*tag = ch;
return ASN1_ERR_NOERROR;
}
else
{
*tag = ch >> 5;
}
I don't know enough about ASN1 to recognize the significance of 0x1f.
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
Sent: Thursday, September 11, 2003 1:16 AM
To: Michael Lum
Cc: Jeff Morriss; Ethereal Development List
Subject: Re: [Ethereal-dev] ITU/ANSI TCAP dissector
On Wed, Sep 10, 2003 at 09:32:40AM -0700, Michael Lum wrote:
Here's mine as well.
The file compiled perfectly clean on SPARC with gcc.
It still got some warnings - Jeff Morris' patches fixed them; the
functions
dissect_ansi_tcap_reject
dissect_ansi_tcap_re
dissect_ansi_tcap_rr
dissect_ansi_tcap_invoke
dissect_tcap_invoke
dissect_tcap_rr
dissect_tcap_reject
need to return "void", not "int".
Also, what is the significance of "asn1_tag_decode_m()"? The comment
says
/* to make the source file easy to be contributed , override this function
*/
/* so there is no need to modify asn1.c(with a bug) any more */
Does that mean that "asn1_tag_decode()" in asn1.c is buggy? If so, then
it should be fixed, not overridden.
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
Attachment:
tcap-asn1.patch.gz
Description: GNU Zip compressed data
