From abefaf32bf4fdadb723cbf5583db0981a1d409a6 Mon Sep 17 00:00:00 2001 From: Graeme Lunt Date: Mon, 8 May 2006 19:56:36 +0000 Subject: [PATCH] Basic Encoding Rules (BER) encoded file reading. Not really a packet trace format but still useful for dissecting arbitrary BER/DER ASN.1. svn path=/trunk/; revision=18110 --- epan/dissectors/packet-ber.c | 20 ++++ wiretap/Makefile.common | 2 + wiretap/ber.c | 187 +++++++++++++++++++++++++++++++++++ wiretap/ber.h | 28 ++++++ wiretap/file_access.c | 8 +- wiretap/wtap.c | 3 + wiretap/wtap.h | 7 +- 7 files changed, 251 insertions(+), 4 deletions(-) create mode 100644 wiretap/ber.c create mode 100644 wiretap/ber.h diff --git a/epan/dissectors/packet-ber.c b/epan/dissectors/packet-ber.c index 3155ed89cb..4ed6577bcc 100644 --- a/epan/dissectors/packet-ber.c +++ b/epan/dissectors/packet-ber.c @@ -2285,6 +2285,20 @@ int dissect_ber_bitstring32(gboolean implicit_tag, packet_info *pinfo, proto_tre return offset; } +static void +dissect_ber(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_clear(pinfo->cinfo, COL_INFO); + col_append_fstr(pinfo->cinfo, COL_INFO, "%s", "Unknown BER"); + } + + (void) dissect_unknown_ber(pinfo, tvb, 0, tree); + +} + + void proto_register_ber(void) { @@ -2388,5 +2402,11 @@ proto_register_ber(void) void proto_reg_handoff_ber(void) { + dissector_handle_t ber_handle; + register_ber_oid_name("2.1.1","joint-iso-itu-t(2) asn1(1) basic-encoding(1)"); + + ber_handle = create_dissector_handle(dissect_ber, proto_ber); + dissector_add("wtap_encap", WTAP_ENCAP_BER, ber_handle); + } diff --git a/wiretap/Makefile.common b/wiretap/Makefile.common index fa6f5c2680..2d27b9d2b8 100644 --- a/wiretap/Makefile.common +++ b/wiretap/Makefile.common @@ -33,6 +33,7 @@ NONGENERATED_C_FILES = \ airopeek9.c \ ascend.c \ atm.c \ + ber.c \ buffer.c \ catapult_dct2000.c \ cosine.c \ @@ -70,6 +71,7 @@ NONGENERATED_HEADER_FILES = \ ascend.h \ ascend-int.h \ atm.h \ + ber.h \ buffer.h \ catapult_dct2000.h \ cosine.h \ diff --git a/wiretap/ber.c b/wiretap/ber.c new file mode 100644 index 0000000000..4bcb6687aa --- /dev/null +++ b/wiretap/ber.c @@ -0,0 +1,187 @@ +/* ber.c + * + * Basic Encoding Rules (BER) file reading + * + * $Id$ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#ifdef HAVE_SYS_STAT_H +#include +#endif + +#include "wtap-int.h" +#include "file_wrappers.h" +#include "buffer.h" +#include "ber.h" + + +#define BER_CLASS_UNI 0 +#define BER_CLASS_APP 1 +#define BER_CLASS_CON 2 + +#define BER_UNI_TAG_SEQ 16 /* SEQUENCE, SEQUENCE OF */ +#define BER_UNI_TAG_SET 17 /* SET, SET OF */ + +static gboolean ber_read(wtap *wth, int *err, gchar **err_info, long *data_offset) +{ + guint8 *buf; + int packet_size; + struct stat statb; + + *err = 0; + + /* there is only ever one packet */ + if(wth->data_offset) + return FALSE; + + *data_offset = wth->data_offset; + + if((packet_size = wtap_file_size(wth, err)) == -1) + return FALSE; + + if (packet_size > WTAP_MAX_PACKET_SIZE) { + /* + * Probably a corrupt capture file; don't blow up trying + * to allocate space for an immensely-large packet. + */ + *err = WTAP_ERR_BAD_RECORD; + *err_info = g_strdup_printf("ber: File has %u-byte packet, bigger than maximum of %u", + packet_size, WTAP_MAX_PACKET_SIZE); + return FALSE; + } + + buffer_assure_space(wth->frame_buffer, packet_size); + buf = buffer_start_ptr(wth->frame_buffer); + + wtap_file_read_expected_bytes(buf, packet_size, wth->fh, err); + + wth->data_offset += packet_size; + + wth->phdr.caplen = packet_size; + wth->phdr.len = packet_size; + + if (fstat(wth->fd, &statb) == -1) { + if (err != NULL) + *err = errno; + return FALSE; + } + + wth->phdr.ts.secs = statb.st_mtime; + wth->phdr.ts.nsecs = 0; + + return TRUE; +} + +static gboolean ber_seek_read(wtap *wth, long seek_off, union wtap_pseudo_header *pseudo_header, + guint8 *pd, int length, int *err, gchar **err_info _U_) +{ + int packet_size = length; + + /* there is only one packet */ + if(seek_off > 0) { + *err = 0; + return FALSE; + } + + if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) + return FALSE; + + wtap_file_read_expected_bytes(pd, packet_size, wth->random_fh, err); + + return TRUE; +} + +int ber_open(wtap *wth, int *err, gchar **err_info _U_) +{ +#define BER_BYTES_TO_CHECK 4 + guint8 bytes[BER_BYTES_TO_CHECK]; + int bytes_read; + guint8 id; + gint8 class; + gint8 tag; + gboolean pc; + guint8 oct, nlb = 0; + int len = 0, fsize; + int offset = 0, i; + + bytes_read = file_read(&bytes, 1, BER_BYTES_TO_CHECK, wth->fh); + if (bytes_read != BER_BYTES_TO_CHECK) { + *err = file_error(wth->fh); + return (*err != 0) ? -1 : 0; + } + + id = bytes[offset++]; + + class = (id>>6) & 0x03; + pc = (id>>5) & 0x01; + tag = id & 0x1F; + + /* it must be constructed and either a SET or a SEQUENCE */ + /* or a CONTEXT less than 32 (arbitrary) */ + /* XXX: do we also want to allow APPLICATION */ + if(!(pc && + (((class == BER_CLASS_UNI) && ((tag == BER_UNI_TAG_SET) || (tag == BER_UNI_TAG_SEQ))) || + ((class == BER_CLASS_CON) && (tag < 32))))) + return 0; + + /* now check the length */ + oct = bytes[offset++]; + + if(!(oct & 0x80)) + len = oct; + else { + nlb = oct & 0x7F; /* number of length bytes */ + + if((nlb > 0) && (nlb <= (BER_BYTES_TO_CHECK - 2))) { + /* not indefinite length and we have read enough bytes to compute the length */ + i = nlb; + while(i--) { + oct = bytes[offset++]; + len = (len<<8) + oct; + } + } + } + + if(len) { /* if we have a length, check it */ + len += (2 + nlb); /* add back Tag and Length bytes */ + fsize = wtap_file_size(wth, err); + + if(len != fsize) { + return 0; /* not ASN.1 */ + } + } + + /* seek back to the start of the file */ + if (file_seek(wth->fh, 0, SEEK_SET, err) == -1) + return -1; + + wth->file_type = WTAP_FILE_BER; + wth->file_encap = WTAP_ENCAP_BER; + wth->snapshot_length = 0; + + wth->subtype_read = ber_read; + wth->subtype_seek_read = ber_seek_read; + wth->tsprecision = WTAP_FILE_TSPREC_SEC; + + return 1; +} diff --git a/wiretap/ber.h b/wiretap/ber.h new file mode 100644 index 0000000000..3863ad4105 --- /dev/null +++ b/wiretap/ber.h @@ -0,0 +1,28 @@ +/* ber.h + * + * Basic Encoding Rules (BER) file reading + * + * $Id$ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ + +#ifndef __BER_H__ +#define __BER_H__ + +int ber_open(wtap *wth, int *err, gchar **err_info); + +#endif diff --git a/wiretap/file_access.c b/wiretap/file_access.c index a972d64568..c6341c0e84 100644 --- a/wiretap/file_access.c +++ b/wiretap/file_access.c @@ -70,6 +70,7 @@ #include "hcidump.h" #include "network_instruments.h" #include "k12.h" +#include "ber.h" #include "catapult_dct2000.h" /* The open_file_* routines should return: @@ -109,7 +110,7 @@ static int (*const open_routines[])(wtap *, int *, char **) = { dbs_etherwatch_open, k12_open, catapult_dct2000_open, - + ber_open, /* Files that don't have magic bytes at a fixed location, * but that instead require a heuristic of some sort to * identify them. This includes the ASCII trace files that @@ -514,6 +515,11 @@ static const struct file_type_info { /* WTAP_FILE_CATAPULT_DCT2000 */ { "Catapult DCT2000 trace (.out format)", "dct2000", FALSE, catapult_dct2000_dump_can_write_encap, catapult_dct2000_dump_open }, + + /* WTAP_FILE_BER */ + { "ASN.1 Basic Encoding Rules", "ber", FALSE, + NULL, NULL }, + }; /* Name that should be somewhat descriptive. */ diff --git a/wiretap/wtap.c b/wiretap/wtap.c index ef998f0f0f..9827264768 100644 --- a/wiretap/wtap.c +++ b/wiretap/wtap.c @@ -357,6 +357,9 @@ static const struct encap_type_info { /* WTAP_ENCAP_CATAPULT_DCT2000 */ { "Catapult DCT2000", "dct2000" }, + + /* WTAP_ENCAP_BER */ + { "ASN.1 Basic Encoding Rules", "ber" }, }; /* Name that should be somewhat descriptive. */ diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 5ebf160c26..292bf73258 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -180,9 +180,10 @@ #define WTAP_ENCAP_JUNIPER_GGSN 87 #define WTAP_ENCAP_LINUX_LAPD 88 #define WTAP_ENCAP_CATAPULT_DCT2000 89 +#define WTAP_ENCAP_BER 90 /* last WTAP_ENCAP_ value + 1 */ -#define WTAP_NUM_ENCAP_TYPES 90 +#define WTAP_NUM_ENCAP_TYPES 91 /* File types that can be read by wiretap. We support writing some many of these file types, too, so we @@ -232,9 +233,9 @@ #define WTAP_FILE_ISERIES 42 #define WTAP_FILE_ISERIES_UNICODE 43 #define WTAP_FILE_CATAPULT_DCT2000 44 +#define WTAP_FILE_BER 45 -/* last WTAP_FILE_ value + 1 */ -#define WTAP_NUM_FILE_TYPES 45 +#define WTAP_NUM_FILE_TYPES 46 /* timestamp precision (currently only these values are supported) */ #define WTAP_FILE_TSPREC_SEC 0