Wireshark-dev: Re: [Wireshark-dev] Compilation error in asn.1 file
From: "Anders Broman" <[email protected]>
Date: Fri, 4 Jan 2008 11:18:04 +0100
Hi,
Here's an example Trace from
 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2154 the first frame
starting from the (ANSI)TCAP layer


ANSI Transaction Capabilities Application Part
    11.. .... = Class: PRIVATE (3)
    ..1. .... = P/C: Constructed Encoding
    ...0 0010 = Tag: 2
    Length: 144
    queryWithPerm
        11.. .... = Class: PRIVATE (3)
        ..0. .... = P/C: Primitive Encoding
        ...0 0111 = Tag: 7
        Length: 4
        identifier: 5A003021
        11.. .... = Class: PRIVATE (3)
        ..1. .... = P/C: Constructed Encoding
        ...0 1000 = Tag: 8
        Length: 135
        componentPortion: 1 item
            11.. .... = Class: PRIVATE (3)
            ..1. .... = P/C: Constructed Encoding
            ...0 1001 = Tag: 9
            Length: 132
            Item: invokeLast (9)
                invokeLast
                    11.. .... = Class: PRIVATE (3)
                    ..0. .... = P/C: Primitive Encoding
                    ...0 1111 = Tag: 15
                    Length: 1
                    componentIDs: 00
                    11.. .... = Class: PRIVATE (3)
                    ..0. .... = P/C: Primitive Encoding
                    ...1 0001 = Tag: 17
                    Length: 2
                    operationCode: private (17)
                        private: 2351 Origination Request
                    parameter:
F27B81071050034E40E50084090100210A39999689608904...
ANSI Mobile Application Part
    11.. .... = Class: PRIVATE (3)
    ..1. .... = P/C: Constructed Encoding
    ...1 0010 = Tag: 18
    Length: 123
    originationRequest
        10.. .... = Class: CONTEXT (2)
        ..0. .... = P/C: Primitive Encoding
        ...0 0001 = Tag: 1
        Length: 7
        billingID: 1050034E40E500
            MarketID: 4176
            Switch Number (SWNO): 3
            ID Number: 5128421
            Segment Counter: 0

0010                       e2 81 90 c7 04 5a 00 30 21   ............Z.0!
0020  e8 81 87 e9 81 84 cf 01 00 d1 02 09 2f f2 7b 81   ............/.{.
0030  07 10 50 03 4e 40 e5 00 84 09 01 00 21 0a 39 99   [email protected]!.9.
0040  96 89 60 89 04 36 0f e7 74 95 03 10 50 03 9f 62   ..`..6..t...P..b
0050  04 00 00 00 00 9f 7b 02 04 51 9f 20 05 01 19 2e   ......{..Q. ....
0060  02 08 bf 82 18 0c 9f 82 19 01 03 9f 82 15 03 ff   ................
0070  fb 1f 9f 21 02 a2 02 88 05 87 77 71 48 22 9f 5d   ...!......wqH".]
0080  09 06 30 21 0a 87 67 04 36 75 82 02 02 a2 9f 50   ..0!..g.6u.....P
0090  09 02 30 21 0a 87 67 04 36 75 9f 81 13 01 00 9f   ..0!..g.6u......
00a0  82 17 01 24 d0 04 21 10 50 03                     ...$..!.P.

As you can see the
                    operationCode: private (17)
                        private: 2351 Origination Request
                    parameter:
F27B81071050034E40E50084090100210A39999689608904...

OperationCode is part of TCAP and the message on top of TCAP is the
Parameter. The ANSI TCAP dissector has to somehow hand the Parameter
And the opcode to a subdissector.
In this TCAP message the only thing "identifying" the upper layer is
The SCCP address and possibly the private opcode.
 If you look at Wireshark/asn/ansi-tcap/TCAPPackage.asn there
Can be a dialogue portion which will identify the receiver of the data.
So how you are going to find the sub dissector in your case depends on how
The TCAP part will look.
The content of the parameter would be your xxArg or xxRes pointed to by the
Opcode.
Hope this helps.
Note that as the ANSI TCAP dissector currently only has one sub dissector (
ansi map) the code to find the subdissector is simplified.
Regards
Anders


-----Ursprungligt meddelande-----
Från: [email protected]
[mailto:[email protected]] För
[email protected]
Skickat: den 4 januari 2008 04:40
Till: [email protected]
Ämne: Re: [Wireshark-dev] Compilation error in asn.1 file

Hi Anders,

I am sorry , I don't have any trace of the protocol. It s still in the
development phase. That is the reason we are facing so many issues.

We have gone through inap , gsmmap and ansi_map code and implemented in the
following manner:

static void
dissect_xxx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree){

        int offset = 0;
        static guint32 opcode=0;
        proto_item *item=NULL;
        proto_tree *tree=NULL;

        if(tree){
                item = proto_tree_add_item(tree, proto_xxx, tvb, 0, -1,
FALSE);
                tree = proto_item_add_subtree(item, ett_xxx);
        }
        if (check_col(pinfo->cinfo, COL_PROTOCOL))
                col_set_str(pinfo->cinfo, COL_PROTOCOL, "XXX");
        if (check_col(pinfo->cinfo, COL_INFO))
                col_clear(pinfo->cinfo, COL_INFO);

static int
dissect_xxx_Opcode(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset,
packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
 offset = dissect_ber_integer(FALSE, pinfo, tree, tvb, offset, hf_index,
&opcode);

  if (check_col(pinfo->cinfo, COL_INFO)){
    col_add_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode,
inap_opr_code_strings, "Unknown XXX (%u)"));
  }

}
        switch(opcode){

        case 0 :
                offset = dissect_xxx_Arg();
                offset = dissect_xxx_Res();
        break;

I suppose dissect_ber_integer() function will give the value of the opcode.
Could you please confirm the above implementation?


BR,
Tarani 

> -----Original Message-----
> From: [email protected] [mailto:wireshark-dev-
> [email protected]] On Behalf Of Anders Broman
> Sent: Thursday, January 03, 2008 4:35 PM
> To: 'Developer support list for Wireshark'
> Subject: Re: [Wireshark-dev] Compilation error in asn.1 file
> 
> Hi,
> - Have you got a trace with your protocol?
> - Is it ANSI TCAP?
> If you look at the trace with Wireshark the trace is decoded to the ANSI
> TCAP layer including operation code - right?
> If so you need some code in the ANSI TCAP dissector to call your dissector
> How that should be done depends on the content of the ANSI TCAP layer...
> Could you post a sample packet of the establishment phase?
> Regards
> Anders
> 
> -----Ursprungligt meddelande-----
> Från: [email protected]
> [mailto:[email protected]] För
> [email protected]
> Skickat: den 3 januari 2008 11:51
> Till: [email protected]
> Ämne: Re: [Wireshark-dev] Compilation error in asn.1 file
> 
> 
> Hi Anders,
> 
> I was able to compile my asn successfully. There are three different
> opcodes
> mentioned for three different operations. Each operation contains an
> argument / parameter part and a result. As you have rightly said, I have
> to
> call my Argument methods ( dissect_xxxArg) and result methods(
> dissect_xxxRes) in the template.c file. Now I am facing some problems
> here:
> 
> 1. Switch(opcode){
> 	Case xxx:
> 	Dissect_xxxArg();
> 	Break;
> Here, how am I supposed to capture the value of the opcode. In normal
> dissection, we simply use the function tvb_get_guint8(tvb, offset).
> I have looked at ansi_map code , but the implementation seems a bit
> complicated.
> 
> 2. I have referred ITU Q.773 for OPERATION class.I am not sure what
> modules
> I should include for my asn i.e before DEFINITIONS. This is the link I ve
> looked into.
> http://www.itu.int/ITU-T/asn1/database/itu-t/q/q773/1997/index.html
> 
> BR,
> Tarani
> 
> > -----Original Message-----
> > From: [email protected] [mailto:wireshark-dev-
> > [email protected]] On Behalf Of Anders Broman
> > Sent: Wednesday, December 26, 2007 4:46 PM
> > To: 'Developer support list for Wireshark'
> > Subject: Re: [Wireshark-dev] Compilation error in asn.1 file
> >
> > Hi,
> > Ok I think I remember now you are dealing with ANSI TCAP stuff - right?
> > And you are hand writing the asn1 file?
> >
> > I don't think asn2wrs can handle "ANSI OPERATIONS" in theory you should
> > IMPORT OPERATIONS like:
> >
> > IMPORTS
> > 	OPERATION
> > FROM TCAP-Remote-Operations-Information-Objects {iso(1)memberbody(2)
> > usa(840) t1-114(10013)
> > 	modules(0) informationObjects(1) version4(4) }
> >
> > And that asn1 file should be compiled with your asn1 file or you could
> > Declare the OPERATION class in our .cnf file.
> >
> > However if you just define the parameters in the asn1 file like:
> >
> > xxxRequest ::= SEQUENCE {
> >
> > aaa (2) AAA,
> >
> > bbb (3) BBB }
> >
> > xxxResult ::=
> >
> > (see ANSI MAP)
> >
> > Then in your template file you'll have to make the connection from
> > operation
> > code to xxxRequest.
> > Switch(code){
> >  Case xxx:
> > 	Dissect_xxxRequest();
> > 	Break;
> > }
> > A bit more complicated to get it called from ANSI TCAP but that depends
> on
> > How the ANSI TCAP bit looks in your case...
> >
> > Regards
> > Anders
> >
> > -----Ursprungligt meddelande-----
> > Från: [email protected]
> > [mailto:[email protected]] För
> > [email protected]
> > Skickat: den 26 december 2007 11:20
> > Till: [email protected]
> > Ämne: Re: [Wireshark-dev] Compilation error in asn.1 file
> >
> >
> > Hi ,
> >
> > Let me explain you in detail. I have a protocol defined in asn.1 format
> ,
> > whose operations and parameters look like the ones mentioned below:
> >
> > Operation Code=1
> >
> > Class=1
> >
> > ASN.1 Formal Description
> >
> > xxxRequest ::= OPERATION
> >
> > PARAMETER SEQUENCE {
> >
> > aaa (2) AAA,
> >
> > bbb (3) BBB }
> >
> > RESULT
> >
> > reqresult (4) ReqResult
> >
> > Parameters :
> >
> > xxx ::= ENUMERATED {
> >
> > xxxNotActive (0),
> >
> > xxxActive (1) }
> >
> > I have copied these exactly to generate my .asn file . I am still having
> > hiccups in generating the .cnf file. But the code is not getting
> compiled
> > and it is giving error at each line of the .asn file.
> >
> > BR.
> > Tarani
> >
> >
> > > -----Original Message-----
> > > From: [email protected] [mailto:wireshark-dev-
> > > [email protected]] On Behalf Of Anders Broman
> > > Sent: Tuesday, December 25, 2007 5:20 PM
> > > To: 'Developer support list for Wireshark'
> > > Subject: Re: [Wireshark-dev] Compilation error in asn.1 file
> > >
> > > Hi,
> > > OPERATION is not a predefined asn1 type, in GSM MAP operation is from:
> > >
> > > :
> > > IMPORTS
> > > 	OPERATION
> > > FROM Remote-Operations-Information-Objects {
> > > joint-iso-itu-t remote-operations(4)
> > >   informationObjects(5) version1(0)}
> > > :
> > >
> > > And is used as:
> > > sendRoutingInfo  OPERATION ::= {				--Timer m
> > > -- The timer is set to the upper limit of the range if the GMSC
> supports
> > > pre-paging.
> > > 	ARGUMENT
> > > 		SendRoutingInfoArg
> > > 	RESULT
> > > 		SendRoutingInfoRes
> > > 	ERRORS {
> > > 		systemFailure |
> > > :
> > > I'm not sure what you are trying to achieve...
> > > Regards
> > > Anders
> > >
> > > ________________________________________
> > > Från: [email protected]
> > > [mailto:[email protected]] För
> > > [email protected]
> > > Skickat: den 24 december 2007 11:46
> > > Till: [email protected]
> > > Ämne: Re: [Wireshark-dev] Compilation error in asn.1 file
> > >
> > > Hi ,
> > >
> > > There has to be a PDU added before DEFINITIONS in the .asn file. I
> don't
> > > have it but used it from existing asn files, though it is different
> for
> > > each
> > > file.
> > >
> > > After that I am getting the following error:
> > >
> > > __main__.ParseError: LexToken(ASSIGNMENT,'::=',1,468)
> > >
> > > I think it is giving a problem at the following assingnment :
> > >
> > > XXX ::= OPERATION
> > >
> > > Here , I want to know whether the keyword OPERATION is in the standard
> > > asn.1
> > > notation , or some changes are required here?
> > >
> > > //Tarani
> > >
> > > ________________________________________
> > > From: [email protected]
> > > [mailto:[email protected]] On Behalf Of Anders
> Broman
> > > Sent: Monday, December 24, 2007 3:52 PM
> > > To: 'Developer support list for Wireshark'
> > > Subject: Re: [Wireshark-dev] Compilation error in asn.1 file
> > >
> > > Hi,
> > > >tsrp.cnf:65: UserWarning: Duplicated FN_PARS for Command. Previous
> one
> > is
> > > at tsrp.cnf:57
> > >
> > > Is a problem in the .cnf file
> > >
> > > >__main__.ParseError: LexToken(DEFINITIONS,'DEFINITIONS',1,199)
> > > Is a problem in the .asn file Line 199?
> > > Regards
> > > Anders
> > >
> > > ________________________________________
> > > Från: [email protected]
> > > [mailto:[email protected]] För
> > > [email protected]
> > > Skickat: den 24 december 2007 06:38
> > > Till: [email protected]
> > > Ämne: [Wireshark-dev] Compilation error in asn.1 file
> > >
> > > Hi ,
> > >
> > > I have written .asn and  .cnf files for my dissector. I have created a
> > > nominal template.c and template .h files as I suppose the asn2wrs
> > compiler
> > > would generate the functions and declarations. I also suppose I should
> > add
> > > the variable declarations and function definitions after the
> > compilation.
> > >
> > > I am getting the following error while compiling :
> > >
> > > python ../../tools/asn2wrs.py -b -e -p tsrp -c tsrp.cnf -s
> > > packet-tsrp-template tsrp.asn
> > > ASN.1 to Wireshark dissector compiler
> > > tsrp.cnf:65: UserWarning: Duplicated FN_PARS for Command. Previous one
> > is
> > > at
> > > tsrp.cnf:57
> > >   #.FN_BODY  Command Result VAL_PTR = &parameter_tvb
> > > Traceback (most recent call last):
> > >   File "../../tools/asn2wrs.py", line 4875, in ?
> > >     eth_main()
> > >   File "../../tools/asn2wrs.py", line 4831, in eth_main
> > >     ast.extend(yacc.parse(f.read(), lexer=lexer, debug=pd))
> > >   File "/home/eth/plugin_dev/wireshark_tsrp/wireshark/tools/yacc.py",
> > line
> > > 334, in parse
> > >     tok = self.errorfunc(errtoken)
> > >   File "../../tools/asn2wrs.py", line 4705, in p_error
> > >     raise ParseError(str(t))
> > > __main__.ParseError: LexToken(DEFINITIONS,'DEFINITIONS',1,199)
> > > make: *** [packet-tsrp.c] Error 1
> > >
> > > I am not sure the error is pertaining to .asn, .cnf or the template
> > > files.Can somebody please help.
> > >
> > > BR,
> > > Tarani
> > >
> > > _______________________________________________
> > > Wireshark-dev mailing list
> > > [email protected]
> > > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> >
> > The information contained in this electronic message and any attachments
> > to
> > this message are intended for the exclusive use of the addressee(s) and
> > may
> > contain proprietary, confidential or privileged information. If you are
> > not
> > the intended recipient, you should not disseminate, distribute or copy
> > this
> > e-mail. Please notify the sender immediately and destroy all copies of
> > this
> > message and any attachments.
> >
> > WARNING: Computer viruses can be transmitted via email. The recipient
> > should
> > check this email and any attachments for the presence of viruses. The
> > company accepts no liability for any damage caused by any virus
> > transmitted
> > by this email.
> >
> > www.wipro.com
> > _______________________________________________
> > Wireshark-dev mailing list
> > [email protected]
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> > _______________________________________________
> > Wireshark-dev mailing list
> > [email protected]
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> 
> The information contained in this electronic message and any attachments
> to
> this message are intended for the exclusive use of the addressee(s) and
> may
> contain proprietary, confidential or privileged information. If you are
> not
> the intended recipient, you should not disseminate, distribute or copy
> this
> e-mail. Please notify the sender immediately and destroy all copies of
> this
> message and any attachments.
> 
> WARNING: Computer viruses can be transmitted via email. The recipient
> should
> check this email and any attachments for the presence of viruses. The
> company accepts no liability for any damage caused by any virus
> transmitted
> by this email.
> 
> www.wipro.com
> 
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
> 
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev

The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain proprietary, confidential or privileged information. If you are not
the intended recipient, you should not disseminate, distribute or copy this
e-mail. Please notify the sender immediately and destroy all copies of this
message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The
company accepts no liability for any damage caused by any virus transmitted
by this email.

www.wipro.com

_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev