Basic Encoding Rules (BER) encoded file reading. Not really a packet trace format but still useful for dissecting arbitrary BER/DER ASN.1.
svn path=/trunk/; revision=18110
This commit is contained in:
parent
146d22767c
commit
abefaf32bf
|
@ -2285,6 +2285,20 @@ int dissect_ber_bitstring32(gboolean implicit_tag, packet_info *pinfo, proto_tre
|
|||
return offset;
|
||||
}
|
||||
|
||||
static void
|
||||
dissect_ber(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
||||
{
|
||||
|
||||
if (check_col(pinfo->cinfo, COL_INFO)) {
|
||||
col_clear(pinfo->cinfo, COL_INFO);
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, "%s", "Unknown BER");
|
||||
}
|
||||
|
||||
(void) dissect_unknown_ber(pinfo, tvb, 0, tree);
|
||||
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
proto_register_ber(void)
|
||||
{
|
||||
|
@ -2388,5 +2402,11 @@ proto_register_ber(void)
|
|||
void
|
||||
proto_reg_handoff_ber(void)
|
||||
{
|
||||
dissector_handle_t ber_handle;
|
||||
|
||||
register_ber_oid_name("2.1.1","joint-iso-itu-t(2) asn1(1) basic-encoding(1)");
|
||||
|
||||
ber_handle = create_dissector_handle(dissect_ber, proto_ber);
|
||||
dissector_add("wtap_encap", WTAP_ENCAP_BER, ber_handle);
|
||||
|
||||
}
|
||||
|
|
|
@ -33,6 +33,7 @@ NONGENERATED_C_FILES = \
|
|||
airopeek9.c \
|
||||
ascend.c \
|
||||
atm.c \
|
||||
ber.c \
|
||||
buffer.c \
|
||||
catapult_dct2000.c \
|
||||
cosine.c \
|
||||
|
@ -70,6 +71,7 @@ NONGENERATED_HEADER_FILES = \
|
|||
ascend.h \
|
||||
ascend-int.h \
|
||||
atm.h \
|
||||
ber.h \
|
||||
buffer.h \
|
||||
catapult_dct2000.h \
|
||||
cosine.h \
|
||||
|
|
|
@ -0,0 +1,187 @@
|
|||
/* ber.c
|
||||
*
|
||||
* Basic Encoding Rules (BER) file reading
|
||||
*
|
||||
* $Id$
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include <errno.h>
|
||||
|
||||
#ifdef HAVE_SYS_STAT_H
|
||||
#include <sys/stat.h>
|
||||
#endif
|
||||
|
||||
#include "wtap-int.h"
|
||||
#include "file_wrappers.h"
|
||||
#include "buffer.h"
|
||||
#include "ber.h"
|
||||
|
||||
|
||||
#define BER_CLASS_UNI 0
|
||||
#define BER_CLASS_APP 1
|
||||
#define BER_CLASS_CON 2
|
||||
|
||||
#define BER_UNI_TAG_SEQ 16 /* SEQUENCE, SEQUENCE OF */
|
||||
#define BER_UNI_TAG_SET 17 /* SET, SET OF */
|
||||
|
||||
static gboolean ber_read(wtap *wth, int *err, gchar **err_info, long *data_offset)
|
||||
{
|
||||
guint8 *buf;
|
||||
int packet_size;
|
||||
struct stat statb;
|
||||
|
||||
*err = 0;
|
||||
|
||||
/* there is only ever one packet */
|
||||
if(wth->data_offset)
|
||||
return FALSE;
|
||||
|
||||
*data_offset = wth->data_offset;
|
||||
|
||||
if((packet_size = wtap_file_size(wth, err)) == -1)
|
||||
return FALSE;
|
||||
|
||||
if (packet_size > WTAP_MAX_PACKET_SIZE) {
|
||||
/*
|
||||
* Probably a corrupt capture file; don't blow up trying
|
||||
* to allocate space for an immensely-large packet.
|
||||
*/
|
||||
*err = WTAP_ERR_BAD_RECORD;
|
||||
*err_info = g_strdup_printf("ber: File has %u-byte packet, bigger than maximum of %u",
|
||||
packet_size, WTAP_MAX_PACKET_SIZE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
buffer_assure_space(wth->frame_buffer, packet_size);
|
||||
buf = buffer_start_ptr(wth->frame_buffer);
|
||||
|
||||
wtap_file_read_expected_bytes(buf, packet_size, wth->fh, err);
|
||||
|
||||
wth->data_offset += packet_size;
|
||||
|
||||
wth->phdr.caplen = packet_size;
|
||||
wth->phdr.len = packet_size;
|
||||
|
||||
if (fstat(wth->fd, &statb) == -1) {
|
||||
if (err != NULL)
|
||||
*err = errno;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
wth->phdr.ts.secs = statb.st_mtime;
|
||||
wth->phdr.ts.nsecs = 0;
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static gboolean ber_seek_read(wtap *wth, long seek_off, union wtap_pseudo_header *pseudo_header,
|
||||
guint8 *pd, int length, int *err, gchar **err_info _U_)
|
||||
{
|
||||
int packet_size = length;
|
||||
|
||||
/* there is only one packet */
|
||||
if(seek_off > 0) {
|
||||
*err = 0;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
|
||||
return FALSE;
|
||||
|
||||
wtap_file_read_expected_bytes(pd, packet_size, wth->random_fh, err);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
int ber_open(wtap *wth, int *err, gchar **err_info _U_)
|
||||
{
|
||||
#define BER_BYTES_TO_CHECK 4
|
||||
guint8 bytes[BER_BYTES_TO_CHECK];
|
||||
int bytes_read;
|
||||
guint8 id;
|
||||
gint8 class;
|
||||
gint8 tag;
|
||||
gboolean pc;
|
||||
guint8 oct, nlb = 0;
|
||||
int len = 0, fsize;
|
||||
int offset = 0, i;
|
||||
|
||||
bytes_read = file_read(&bytes, 1, BER_BYTES_TO_CHECK, wth->fh);
|
||||
if (bytes_read != BER_BYTES_TO_CHECK) {
|
||||
*err = file_error(wth->fh);
|
||||
return (*err != 0) ? -1 : 0;
|
||||
}
|
||||
|
||||
id = bytes[offset++];
|
||||
|
||||
class = (id>>6) & 0x03;
|
||||
pc = (id>>5) & 0x01;
|
||||
tag = id & 0x1F;
|
||||
|
||||
/* it must be constructed and either a SET or a SEQUENCE */
|
||||
/* or a CONTEXT less than 32 (arbitrary) */
|
||||
/* XXX: do we also want to allow APPLICATION */
|
||||
if(!(pc &&
|
||||
(((class == BER_CLASS_UNI) && ((tag == BER_UNI_TAG_SET) || (tag == BER_UNI_TAG_SEQ))) ||
|
||||
((class == BER_CLASS_CON) && (tag < 32)))))
|
||||
return 0;
|
||||
|
||||
/* now check the length */
|
||||
oct = bytes[offset++];
|
||||
|
||||
if(!(oct & 0x80))
|
||||
len = oct;
|
||||
else {
|
||||
nlb = oct & 0x7F; /* number of length bytes */
|
||||
|
||||
if((nlb > 0) && (nlb <= (BER_BYTES_TO_CHECK - 2))) {
|
||||
/* not indefinite length and we have read enough bytes to compute the length */
|
||||
i = nlb;
|
||||
while(i--) {
|
||||
oct = bytes[offset++];
|
||||
len = (len<<8) + oct;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(len) { /* if we have a length, check it */
|
||||
len += (2 + nlb); /* add back Tag and Length bytes */
|
||||
fsize = wtap_file_size(wth, err);
|
||||
|
||||
if(len != fsize) {
|
||||
return 0; /* not ASN.1 */
|
||||
}
|
||||
}
|
||||
|
||||
/* seek back to the start of the file */
|
||||
if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
|
||||
return -1;
|
||||
|
||||
wth->file_type = WTAP_FILE_BER;
|
||||
wth->file_encap = WTAP_ENCAP_BER;
|
||||
wth->snapshot_length = 0;
|
||||
|
||||
wth->subtype_read = ber_read;
|
||||
wth->subtype_seek_read = ber_seek_read;
|
||||
wth->tsprecision = WTAP_FILE_TSPREC_SEC;
|
||||
|
||||
return 1;
|
||||
}
|
|
@ -0,0 +1,28 @@
|
|||
/* ber.h
|
||||
*
|
||||
* Basic Encoding Rules (BER) file reading
|
||||
*
|
||||
* $Id$
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef __BER_H__
|
||||
#define __BER_H__
|
||||
|
||||
int ber_open(wtap *wth, int *err, gchar **err_info);
|
||||
|
||||
#endif
|
|
@ -70,6 +70,7 @@
|
|||
#include "hcidump.h"
|
||||
#include "network_instruments.h"
|
||||
#include "k12.h"
|
||||
#include "ber.h"
|
||||
#include "catapult_dct2000.h"
|
||||
|
||||
/* The open_file_* routines should return:
|
||||
|
@ -109,7 +110,7 @@ static int (*const open_routines[])(wtap *, int *, char **) = {
|
|||
dbs_etherwatch_open,
|
||||
k12_open,
|
||||
catapult_dct2000_open,
|
||||
|
||||
ber_open,
|
||||
/* Files that don't have magic bytes at a fixed location,
|
||||
* but that instead require a heuristic of some sort to
|
||||
* identify them. This includes the ASCII trace files that
|
||||
|
@ -514,6 +515,11 @@ static const struct file_type_info {
|
|||
/* WTAP_FILE_CATAPULT_DCT2000 */
|
||||
{ "Catapult DCT2000 trace (.out format)", "dct2000", FALSE,
|
||||
catapult_dct2000_dump_can_write_encap, catapult_dct2000_dump_open },
|
||||
|
||||
/* WTAP_FILE_BER */
|
||||
{ "ASN.1 Basic Encoding Rules", "ber", FALSE,
|
||||
NULL, NULL },
|
||||
|
||||
};
|
||||
|
||||
/* Name that should be somewhat descriptive. */
|
||||
|
|
|
@ -357,6 +357,9 @@ static const struct encap_type_info {
|
|||
|
||||
/* WTAP_ENCAP_CATAPULT_DCT2000 */
|
||||
{ "Catapult DCT2000", "dct2000" },
|
||||
|
||||
/* WTAP_ENCAP_BER */
|
||||
{ "ASN.1 Basic Encoding Rules", "ber" },
|
||||
};
|
||||
|
||||
/* Name that should be somewhat descriptive. */
|
||||
|
|
|
@ -180,9 +180,10 @@
|
|||
#define WTAP_ENCAP_JUNIPER_GGSN 87
|
||||
#define WTAP_ENCAP_LINUX_LAPD 88
|
||||
#define WTAP_ENCAP_CATAPULT_DCT2000 89
|
||||
#define WTAP_ENCAP_BER 90
|
||||
|
||||
/* last WTAP_ENCAP_ value + 1 */
|
||||
#define WTAP_NUM_ENCAP_TYPES 90
|
||||
#define WTAP_NUM_ENCAP_TYPES 91
|
||||
|
||||
/* File types that can be read by wiretap.
|
||||
We support writing some many of these file types, too, so we
|
||||
|
@ -232,9 +233,9 @@
|
|||
#define WTAP_FILE_ISERIES 42
|
||||
#define WTAP_FILE_ISERIES_UNICODE 43
|
||||
#define WTAP_FILE_CATAPULT_DCT2000 44
|
||||
#define WTAP_FILE_BER 45
|
||||
|
||||
/* last WTAP_FILE_ value + 1 */
|
||||
#define WTAP_NUM_FILE_TYPES 45
|
||||
#define WTAP_NUM_FILE_TYPES 46
|
||||
|
||||
/* timestamp precision (currently only these values are supported) */
|
||||
#define WTAP_FILE_TSPREC_SEC 0
|
||||
|
|
Loading…
Reference in New Issue