Wireshark · Wireshark-dev: Re: [Wireshark-dev] Problems with asn2wrs -X option for LDAP

["Kukosa, Tomas" <tomas.kukosa@xxxxxxxxxxx>]

Hi,

 

I do not thing so

(but I am not 100% sure as I have got lost myself during changes in BER dissector; especially changes in implicit tag parameter meaning).

 

The BER_FLAGS_IMPLTAG is used in SEQUENCE/SET [OF] only when it has own tag and it is implicit.

E.g.

T1 ::= SET OF [1] IMPLICIT Tx

or

T2 ::= SET OF [2] Tx  -- in IMPLICIT tagging mode

 

 

Note 1) to relation between tagged types and SEQUENCE/SET [OF] and CHOICE handling:

 

The SEQUENCE/SET [OF] and CHOICE helpers handle the 1st level of tagged type.

 

If the field item is not tagged than structure item contains just values of its tag and the flag BER_FLAGS_NOOWNTAG.

The value of the tag is used just for item identification.

E.g. { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, ...

 

If the filed item is tagged then structure item contains this tag (the 1st one if more tags are chained) and the BER_FLAGS_NOOWNTAG is NOT set.

The BER_FLAGS_IMPLTAG is used if this tag is implicit.

This item is handled like tagged type.

E.g. { BER_CLASS_CON, 2, 0, ...

or { BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, ...

 

 

Note 2) to meaning of implicit_tag parameter in ber helper and type functions:

 

My original idea (and implementation) when I introduced it was following:

The implicit_tag= TRUE means that tag is implicit and has been already checked.

The own tag of type is overwritten and tag value should not be checked.

But TAG and LENGTH parts are STILL PRESENT in tvb and offset points to tag.

I.e. function still can acces the tag and especially length fields.

 

Later it was changed (I do not remember by whom and the reason) to following meaning:

The implicit_tag= TRUE means that TAG and LENGTH pars HAVE BEEN CUT and tvb contains just value part.

The function does not have tag and length parts available and should only value part handle

 

 

Tomas

---

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Tuesday, May 29, 2007 9:20 PM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Problems with asn2wrs -X option for LDAP

Hi,

Without the –X option this code snippet looks like:

 

 

static int dissect_vals_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) {

  return dissect_ldap_AttributeValue(FALSE, tvb, offset, actx, tree, hf_ldap_vals_item);

}

 

 

static const ber_old_sequence_t SET_OF_AttributeValue_set_of[1] = {

  { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_vals_item },

};

 

static int

dissect_ldap_SET_OF_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {

  offset = dissect_ber_old_set_of(implicit_tag, actx, tree, tvb, offset,

                                     SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue);

 

  return offset;

}

 

Withe the –X option:

static const ber_sequence_t SET_OF_AttributeValue_set_of[1] = {

  { &hf_ldap_vals_item      , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValue },

};

 

static int

dissect_ldap_SET_OF_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {

  offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,

                                 SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue);

 

  return offset;

}

 

Shouldn’t BER_FLAGS_IMPLTAG have been added to:

  { &hf_ldap_vals_item      , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValue },

 

Regards

Anders