Wireshark-dev: Re: [Wireshark-dev] Use of EXTERNALt
From: "Kukosa, Tomas" <[email protected]>
Date: Wed, 7 Nov 2007 11:00:03 +0100
my idea when I introduced external structure into asn1_ctx_t and when I implemented dissect_per_external_type() was followng:
- dissect_per/ber_external_type() dissects internal structure of EXTERNAL type and fills in all actx->external structure
- dissect_per/ber_external_type() does not make any decision how to dissec embedded data (they can be decoded in BER, PER or any other non ASN.1 encoding)
- dissect_per/ber_external_type() calls calback function and dissectors decides what to to based on actx->external structure and its local context and any other conditions
The callback for ACSE should be something like this:
static int externat_cb(..) {
   char *oid = NULL;
   if (actx->external.indirect_ref_present) {
    oid = find_oid_by_pres_ctx_id(actx->pinfo, actx->external.indirect_reference);
   } else if (actx->external.direct_ref_present) {
    oid = actx->external.direct_reference;
  if (oid)
    call_ber_oid_callback(oid, tvb, offset, actx->pinfo, top_tree ? top_tree : tree);


Od: [email protected] za uživatele Stig Bjorlykke
Odesláno: st 7.11.2007 0:27
Komu: Developer support list for Wireshark
Předmět: Re: [Wireshark-dev] Use of EXTERNALt

On 6. nov.. 2007, at 22.57, Anders Broman wrote:

> I have gotten rid of the use of EXTERNALt in a lot of dissectors 
> (check your traces)

The EXTERNAL handling in packet-ber.c does not decode octet-aligned 
encoding according to the direct-reference, like acse did (from r22308).

The attached patch will dump a correct TNEF in a X.420 
FileTransferData (like before), but I don't have time to dig deeper 
into this to determine if this is an appropriate solution.  Maybe the 
X.420 dissector should decode the actx->external.octet_aligned data 
for each bodypart and put them in a top tree node?

Graeme: what do you think?

Stig Bjorlykke