Ethereal-dev: SV: [Ethereal-dev] Re: ASN.1 File Dissection

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Fri, 25 Nov 2005 21:56:16 +0100
Hi,
First of all I haven't looked at the code yet (lack of time) and was hoping
some one else would comment. 
> > The patch also includes a BER preference to allow the user to 
> > specify a file that contains OID information for OIDs that Ethereal 
> > hasn't already encoded.
I have been thinking about changing the "OID string to Name" translation to
use the SNMP code as it can do "partial" name translations. There has also
been discussions about making a new FT, FT_OID where this would fit nicely
IMHO if that is done one could always make a fake MIB to define OID
translations or we should keep one for the translations we are already
doing.

> > There are a number of circumstances when it useful to dissect an ASN.1
BER
> > encoded file.
> > For example, a X.509 certificate, a PKCS#12 file or a lump of X.400
content
Isn't this what the ASN.1 plugin does with the aid of some tool?

> > * dissect_unknown_ber() has been significantly upgraded to handle
arbitary
> > ASN.1
Please submit as a separate patch.

> > * a heuristic based on the OIDs found in the ASN.1 has been added to see
if
> > a better
> >  dissection can be made. For example, if id-signedData is found, the
ASN.1
> > can be
> >  dissected as CMS.
> >
> > * the above heuristic can be turned off through a preference if it is
making
> > the wrong
> >  decision.

No opinion at this time ;)

Best regards
Anders

-----Ursprungligt meddelande-----
Från: ethereal-dev-bounces@xxxxxxxxxxxx
[mailto:ethereal-dev-bounces@xxxxxxxxxxxx] För Graeme Lunt
Skickat: den 21 november 2005 08:43
Till: ethereal-dev@xxxxxxxxxxxx
Ämne: [Ethereal-dev] Re: ASN.1 File Dissection

Hi,

Can anyone give me a status on this patch?

Graeme

On 11/11/05, Graeme Lunt <graeme.lunt@xxxxxxxxx> wrote:
> Hi,
>
> Is this proposed patch still under review, or has it been missed or
rejected?
>
> If the latter, any feedback?
>
> Thanks,
>
> Graeme
>
> > There are a number of circumstances when it useful to dissect an ASN.1
BER
> > encoded file.
> > For example, a X.509 certificate, a PKCS#12 file or a lump of X.400
content
> > from an MTA queue.
> >
> > So attached is patch for an ASN.1 BER capture file format.
> >
> > Briefly,
> >
> > * a file is determined to ASN.1 if
> >        i) the first Tag is constructed and either a SET, SEQUENCE or
> > CONTEXT [<32]
> >        ii) the associated Length matches the length of the file
> >        (This algorithm may need to be tweaked.)
> >
> > * there is obviously only one "frame" which reflects the content of the
file
> >
> >  - the arrival time of the frame reflects the time on the file.
> >
> > * dissect_unknown_ber() has been significantly upgraded to handle
arbitary
> > ASN.1
> >
> > * a heuristic based on the OIDs found in the ASN.1 has been added to see
if
> > a better
> >  dissection can be made. For example, if id-signedData is found, the
ASN.1
> > can be
> >  dissected as CMS.
> >
> > * the above heuristic can be turned off through a preference if it is
making
> > the wrong
> >  decision.
> >
> > The patch also includes a BER preference to allow the user to specify a
file
> > that
> > contains OID information for OIDs that Ethereal hasn't already encoded.
> >
> > This is my first venture outside of dissectors, so let me know if I
haven't
> > covered all the
> > bases for a new capture file format.
> >
> > Graeme
> >
> >
> >
>

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev