2 * Helpers for ASN.1/BER dissection
3 * Ronnie Sahlberg (C) 2004
5 * $Id: packet-ber.c,v 1.6 2004/03/26 00:21:53 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 * ITU-T Recommendation X.690 (07/2002),
28 * Information technology ASN.1 encoding rules:
29 * Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)
43 #include <epan/packet.h>
45 #include <epan/strutil.h>
47 #include "packet-ber.h"
50 static gint proto_ber = -1;
51 static gint hf_ber_id_class = -1;
52 static gint hf_ber_id_pc = -1;
53 static gint hf_ber_id_uni_tag = -1;
54 static gint hf_ber_id_tag = -1;
55 static gint hf_ber_length = -1;
56 static gint hf_ber_bitstring_padding = -1;
58 static gint ett_ber_octet_string = -1;
60 static gboolean show_internal_ber_fields = FALSE;
62 proto_item *ber_last_created_item=NULL;
65 static const value_string ber_class_codes[] = {
66 { BER_CLASS_UNI, "Universal" },
67 { BER_CLASS_APP, "Application" },
68 { BER_CLASS_CON, "Context Specific" },
69 { BER_CLASS_PRI, "Private" },
73 static const true_false_string ber_pc_codes = {
74 "Constructed Encoding",
78 static const value_string ber_uni_tag_codes[] = {
79 { BER_UNI_TAG_EOC , "'end-of-content'" },
80 { BER_UNI_TAG_BOOLEAN , "BOOLEAN" },
81 { BER_UNI_TAG_INTEGER , "INTEGER" },
82 { BER_UNI_TAG_BITSTRING , "BIT STRING" },
83 { BER_UNI_TAG_OCTETSTRING , "OCTET STRING" },
84 { BER_UNI_TAG_NULL , "NULL" },
85 { BER_UNI_TAG_OID , "OBJECT IDENTIFIER" },
86 { BER_UNI_TAG_ObjectDescriptor, "ObjectDescriptor" },
87 { BER_UNI_TAG_REAL , "REAL" },
88 { BER_UNI_TAG_ENUMERATED , "ENUMERATED" },
89 { BER_UNI_TAG_EMBEDDED_PDV , "EMBEDDED PDV" },
90 { BER_UNI_TAG_UTF8String , "UTF8String" },
91 { BER_UNI_TAG_RELATIVE_OID , "RELATIVE-OID" },
92 { BER_UNI_TAG_SEQUENCE , "SEQUENCE, SEQUENCE OF" },
93 { BER_UNI_TAG_SET , "SET, SET OF" },
94 { BER_UNI_TAG_NumericString , "NumericString" },
95 { BER_UNI_TAG_PrintableString , "PrintableString" },
96 { BER_UNI_TAG_TeletextString , "TeletextString, T61String" },
97 { BER_UNI_TAG_VideotexString , "VideotexString" },
98 { BER_UNI_TAG_IA5String , "IA5String" },
99 { BER_UNI_TAG_UCTTime , "UCTTime" },
100 { BER_UNI_TAG_GeneralizedTime , "GeneralizedTime" },
101 { BER_UNI_TAG_GraphicString , "GraphicString" },
102 { BER_UNI_TAG_VisibleString , "VisibleString, ISO64String" },
103 { BER_UNI_TAG_GeneralString , "GeneralString" },
104 { BER_UNI_TAG_UniversalString , "UniversalString" },
105 { BER_UNI_TAG_CHARACTERSTRING , "CHARACTER STRING" },
106 { BER_UNI_TAG_BMPString , "BMPString" },
111 proto_item *get_ber_last_created_item(void) {
112 return ber_last_created_item;
115 static int dissect_ber_sq_of(gboolean implicit_tag, guint32 type, packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset, ber_sequence *seq, gint hf_id, gint ett_id);
117 /* 8.1 General rules for encoding */
119 /* 8.1.2 Identifier octets */
120 int get_ber_identifier(tvbuff_t *tvb, int offset, guint8 *class, gboolean *pc, guint32 *tag) {
126 id = tvb_get_guint8(tvb, offset);
130 tmp_class = (id>>6) & 0x03;
131 tmp_pc = (id>>5) & 0x01;
134 if (tmp_tag == 0x1F) {
136 while (tvb_length_remaining(tvb, offset) > 0) {
137 t = tvb_get_guint8(tvb, offset);
155 int dissect_ber_identifier(packet_info *pinfo _U_, proto_tree *tree, tvbuff_t *tvb, int offset, guint8 *class, gboolean *pc, guint32 *tag)
157 int old_offset = offset;
162 offset = get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag);
164 if(show_internal_ber_fields){
165 proto_tree_add_uint(tree, hf_ber_id_class, tvb, old_offset, 1, tmp_class<<6);
166 proto_tree_add_boolean(tree, hf_ber_id_pc, tvb, old_offset, 1, (tmp_pc)?0x20:0x00);
167 if(tmp_class==BER_CLASS_UNI){
168 proto_tree_add_uint(tree, hf_ber_id_uni_tag, tvb, old_offset, offset - old_offset, tmp_tag);
170 proto_tree_add_uint(tree, hf_ber_id_tag, tvb, old_offset, offset - old_offset, tmp_tag);
184 /* this function gets the length octets of the BER TLV.
185 * We only handle (TAGs and) LENGTHs that fit inside 32 bit integers.
187 /* 8.1.3 Length octets */
189 get_ber_length(tvbuff_t *tvb, int offset, guint32 *length, gboolean *ind) {
197 oct = tvb_get_guint8(tvb, offset);
208 oct = tvb_get_guint8(tvb, offset);
210 tmp_length = (tmp_length<<8) + oct;
220 *length = tmp_length;
227 /* this function dissects the length octets of the BER TLV.
228 * We only handle (TAGs and) LENGTHs that fit inside 32 bit integers.
231 dissect_ber_length(packet_info *pinfo _U_, proto_tree *tree, tvbuff_t *tvb, int offset, guint32 *length, gboolean *ind)
233 int old_offset = offset;
237 offset = get_ber_length(tvb, offset, &tmp_length, &tmp_ind);
239 if(show_internal_ber_fields){
240 proto_tree_add_uint(tree, hf_ber_length, tvb, old_offset, offset - old_offset, tmp_length);
243 *length = tmp_length;
249 /* 8.7 Encoding of an octetstring value */
251 dissect_ber_octet_string(gboolean implicit_tag, packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, tvbuff_t **out_tvb) {
259 /* read header and len for the octet string */
260 offset=dissect_ber_identifier(pinfo, tree, tvb, offset, &class, &pc, &tag);
261 offset=dissect_ber_length(pinfo, tree, tvb, offset, &len, &ind);
262 end_offset=offset+len;
264 /* sanity check: we only handle Constructed Universal Sequences */
266 if( (class!=BER_CLASS_UNI)
267 ||(tag!=BER_UNI_TAG_OCTETSTRING) ){
268 proto_tree_add_text(tree, tvb, offset-2, 2, "BER Error: OctetString expected but Class:%d PC:%d Tag:%d was unexpected", class, pc, tag);
273 ber_last_created_item = NULL;
280 it = proto_tree_add_item(tree, hf_id, tvb, offset, len, FALSE);
281 ber_last_created_item = it;
284 *out_tvb = tvb_new_subset(tvb, offset, len, len);
290 int dissect_ber_octet_string_wcb(gboolean implicit_tag, packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, ber_callback func)
294 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_id, (func)?&out_tvb:NULL);
295 if (func && (tvb_length(out_tvb)>0)) {
297 tree = proto_item_add_subtree(ber_last_created_item, ett_ber_octet_string);
298 func(pinfo, tree, out_tvb, 0);
305 dissect_ber_integer(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, guint32 *value)
314 offset=dissect_ber_identifier(pinfo, tree, tvb, offset, &class, &pc, &tag);
315 offset=dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL);
317 /* if(class!=BER_CLASS_UNI)*/
321 /* extend sign bit */
322 val = (gint8)tvb_get_guint8(tvb, offset);
326 val=(val<<8)|tvb_get_guint8(tvb, offset);
330 ber_last_created_item=NULL;
333 ber_last_created_item=proto_tree_add_item(tree, hf_id, tvb, offset-len, len, FALSE);
347 dissect_ber_boolean(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id)
354 header_field_info *hfi;
356 offset=dissect_ber_identifier(pinfo, tree, tvb, offset, &class, &pc, &tag);
357 offset=dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL);
359 /* if(class!=BER_CLASS_UNI)*/
361 val=tvb_get_guint8(tvb, offset);
364 ber_last_created_item=NULL;
367 hfi = proto_registrar_get_nth(hf_id);
368 if (hfi->type == FT_BOOLEAN)
369 ber_last_created_item=proto_tree_add_boolean(tree, hf_id, tvb, offset-1, 1, val);
371 ber_last_created_item=proto_tree_add_uint(tree, hf_id, tvb, offset-1, 1, val?1:0);
381 /* this function dissects a BER sequence
383 int dissect_ber_sequence(gboolean implicit_tag, packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset, ber_sequence *seq, gint hf_id, gint ett_id) {
388 proto_tree *tree = parent_tree;
389 proto_item *item = NULL;
392 /* first we must read the sequence header */
393 offset = dissect_ber_identifier(pinfo, tree, tvb, offset, &class, &pc, &tag);
394 offset = dissect_ber_length(pinfo, tree, tvb, offset, &len, &ind);
395 end_offset = offset + len;
397 /* sanity check: we only handle Constructed Universal Sequences */
399 ||(!implicit_tag&&((class!=BER_CLASS_UNI)
400 ||(tag!=BER_UNI_TAG_SEQUENCE)))) {
401 proto_tree_add_text(tree, tvb, offset-2, 2, "BER Error: Sequence expected but Class:%d PC:%d Tag:%d was unexpected", class, pc, tag);
408 item = proto_tree_add_item(parent_tree, hf_id, tvb, offset, len, FALSE);
409 tree = proto_item_add_subtree(item, ett_id);
413 /* loop over all entries until we reach the end of the sequence */
414 while (offset < end_offset){
419 int hoffset, eoffset;
422 /* read header and len for next field */
423 offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);
424 offset = get_ber_length(tvb, offset, &len, NULL);
425 eoffset = offset + len;
427 ber_sequence_try_again:
428 /* have we run out of known entries in the sequence ?*/
430 /* it was not, move to the enxt one and try again */
431 proto_tree_add_text(tree, tvb, offset, len, "BER Error: This field lies beyond the end of the known sequence definition.");
436 /* verify that this one is the one we want */
437 if( (seq->class!=class)
439 /* it was not, move to the enxt one and try again */
440 if(seq->flags&BER_FLAGS_OPTIONAL){
441 /* well this one was optional so just skip to the next one and try again. */
443 goto ber_sequence_try_again;
445 if (!(seq->flags & BER_FLAGS_NOTCHKTAG)) {
446 proto_tree_add_text(tree, tvb, offset, len, "BER Error: Wrong field");
453 if (!(seq->flags & BER_FLAGS_NOOWNTAG) && !(seq->flags & BER_FLAGS_IMPLTAG)) {
454 /* dissect header and len for field */
455 hoffset = dissect_ber_identifier(pinfo, tree, tvb, hoffset, NULL, NULL, NULL);
456 hoffset = dissect_ber_length(pinfo, tree, tvb, hoffset, NULL, NULL);
459 /* call the dissector for this field */
460 seq->func(pinfo, tree, tvb, hoffset);
466 /* if we didnt end up at exactly offset, then we ate too many bytes */
467 if (offset != end_offset) {
468 proto_tree_add_text(tree, tvb, offset-2, 2, "BER Error: Sequence ate %d too many bytes", offset-end_offset);
476 /* this function dissects a BER choice
479 dissect_ber_choice(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset, const ber_choice *choice, gint hf_id, gint ett_id)
485 const ber_choice *ch;
486 proto_tree *tree=parent_tree;
487 proto_item *item=NULL;
489 int hoffset = offset;
491 /* read header and len for choice field */
492 offset=get_ber_identifier(tvb, offset, &class, &pc, &tag);
493 offset=get_ber_length(tvb, offset, &len, NULL);
494 end_offset=offset+len;
496 /* loop over all entries until we find the right choice or
497 run out of entries */
500 if( (ch->class==class)
502 if (!(ch->flags & BER_FLAGS_NOOWNTAG) && !(ch->flags & BER_FLAGS_IMPLTAG)) {
503 /* dissect header and len for field */
504 hoffset = dissect_ber_identifier(pinfo, tree, tvb, hoffset, NULL, NULL, NULL);
505 hoffset = dissect_ber_length(pinfo, tree, tvb, hoffset, NULL, NULL);
510 item = proto_tree_add_uint(parent_tree, hf_id, tvb, hoffset, end_offset - hoffset, ch->value);
511 tree = proto_item_add_subtree(item, ett_id);
514 offset=ch->func(pinfo, tree, tvb, hoffset);
520 /* oops no more entries and we still havent found
523 proto_tree_add_text(tree, tvb, offset, len, "BER Error: This choice field was not found.");
529 /* this function dissects a BER GeneralString
532 dissect_ber_GeneralString(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, char *name_string, int name_len)
550 /* first we must read the GeneralString header */
551 offset=dissect_ber_identifier(pinfo, tree, tvb, offset, &class, &pc, &tag);
552 offset=dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL);
553 end_offset=offset+len;
555 /* sanity check: we only handle Universal GeneralString*/
556 if( (class!=BER_CLASS_UNI)
557 ||(tag!=BER_UNI_TAG_GENSTR) ){
558 proto_tree_add_text(tree, tvb, offset-2, 2, "BER Error: GeneralString expected but Class:%d PC:%d Tag:%d was unexpected", class, pc, tag);
562 if(len>=(max_len-1)){
566 tvb_memcpy(tvb, str, offset, len);
570 proto_tree_add_string(tree, hf_id, tvb, offset, len, str);
577 dissect_ber_restricted_string(gboolean implicit_tag, guint32 type, packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, tvbuff_t **out_tvb) {
583 int hoffset = offset;
585 offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);
586 offset = get_ber_length(tvb, offset, &len, NULL);
587 eoffset = offset + len;
591 if( (class!=BER_CLASS_UNI)
593 proto_tree_add_text(tree, tvb, offset-2, 2, "BER Error: String with tag=%d expected but Class:%d PC:%d Tag:%d was unexpected", type, class, pc, tag);
599 return dissect_ber_octet_string(TRUE, pinfo, tree, tvb, hoffset, hf_id, out_tvb);
603 dissect_ber_GeneralString(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, char *name_string, guint name_len)
607 offset = dissect_ber_restricted_string(FALSE, BER_UNI_TAG_GeneralString, pinfo, tree, tvb, offset, hf_id, (name_string)?&out_tvb:NULL);
610 if (tvb_length(out_tvb) >= name_len) {
611 tvb_memcpy(out_tvb, name_string, 0, name_len-1);
612 name_string[name_len-1] = '\0';
614 tvb_memcpy(out_tvb, name_string, 0, -1);
615 name_string[tvb_length(out_tvb)] = '\0';
622 /* 8.19 Encoding of an object identifier value */
623 int dissect_ber_object_identifier(gboolean implicit_tag, packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, char *value_string) {
633 offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);
634 offset = dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL);
635 eoffset = offset + len;
638 value_string[0] = '\0';
643 if( (class!=BER_CLASS_UNI)
644 ||(tag != BER_UNI_TAG_OID) ){
645 proto_tree_add_text(tree, tvb, offset-2, 2, "BER Error: Object Identifier expected but Class:%d PC:%d Tag:%d was unexpected", class, pc, tag);
651 for (i=0,strp=str; i<len; i++){
652 byte = tvb_get_guint8(tvb, offset);
656 proto_tree_add_text(tree, tvb, offset, eoffset - offset, "BER Error: too long Object Identifier");
662 strp += sprintf(strp, "%d.%d", byte/40, byte%40);
666 value = (value << 7) | (byte & 0x7F);
671 strp += sprintf(strp, ".%d", value);
677 proto_tree_add_string(tree, hf_id, tvb, offset - len, len, str);
681 strcpy(value_string, str);
687 static int dissect_ber_sq_of(gboolean implicit_tag, guint32 type, packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset, ber_sequence *seq, gint hf_id, gint ett_id) {
692 proto_tree *tree = parent_tree;
693 proto_item *item = NULL;
694 int cnt, hoffset, end_offset;
695 header_field_info *hfi;
697 /* first we must read the sequence header */
698 offset = dissect_ber_identifier(pinfo, tree, tvb, offset, &class, &pc, &tag);
699 offset = dissect_ber_length(pinfo, tree, tvb, offset, &len, &ind);
700 end_offset = offset + len;
702 /* sanity check: we only handle Constructed Universal Sequences */
704 ||(!implicit_tag&&((class!=BER_CLASS_UNI)
706 proto_tree_add_text(tree, tvb, offset-2, 2, "BER Error: %s Of expected but Class:%d PC:%d Tag:%d was unexpected",
707 (type==BER_UNI_TAG_SEQUENCE)?"Set":"Sequence", class, pc, tag);
711 /* count number of items */
714 while (offset < end_offset){
716 /* read header and len for next field */
717 offset = get_ber_identifier(tvb, offset, NULL, NULL, NULL);
718 offset = get_ber_length(tvb, offset, &len, NULL);
726 hfi = proto_registrar_get_nth(hf_id);
728 if (hfi->type == FT_NONE)
729 item = proto_tree_add_item(parent_tree, hf_id, tvb, offset, len, FALSE);
731 item = proto_tree_add_uint(parent_tree, hf_id, tvb, offset, len, cnt);
732 proto_item_append_text(item, (cnt==1)?" item":" items");
734 tree = proto_item_add_subtree(item, ett_id);
738 /* loop over all entries until we reach the end of the sequence */
739 while (offset < end_offset){
748 /* read header and len for next field */
749 offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);
750 offset = get_ber_length(tvb, offset, &len, NULL);
751 eoffset = offset + len;
753 /* verify that this one is the one we want */
754 if ((seq->class!=class)
756 if (!(seq->flags & BER_FLAGS_NOTCHKTAG)) {
757 proto_tree_add_text(tree, tvb, offset, len, "BER Error: Wrong field");
763 if (!(seq->flags & BER_FLAGS_NOOWNTAG) && !(seq->flags & BER_FLAGS_IMPLTAG)) {
764 /* dissect header and len for field */
765 hoffset = dissect_ber_identifier(pinfo, tree, tvb, hoffset, NULL, NULL, NULL);
766 hoffset = dissect_ber_length(pinfo, tree, tvb, hoffset, NULL, NULL);
769 /* call the dissector for this field */
770 seq->func(pinfo, tree, tvb, hoffset);
775 /* if we didnt end up at exactly offset, then we ate too many bytes */
776 if (offset != end_offset) {
777 proto_tree_add_text(tree, tvb, offset-2, 2, "BER Error: %s Of ate %d too many bytes",
778 (type==BER_UNI_TAG_SEQUENCE)?"Set":"Sequence", offset-end_offset);
784 int dissect_ber_sequence_of(gboolean implicit_tag, packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset, ber_sequence *seq, gint hf_id, gint ett_id) {
785 return dissect_ber_sq_of(implicit_tag, BER_UNI_TAG_SEQUENCE, pinfo, parent_tree, tvb, offset, seq, hf_id, ett_id);
788 int dissect_ber_set_of(gboolean implicit_tag, packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset, ber_sequence *seq, gint hf_id, gint ett_id) {
789 return dissect_ber_sq_of(implicit_tag, BER_UNI_TAG_SET, pinfo, parent_tree, tvb, offset, seq, hf_id, ett_id);
793 dissect_ber_generalized_time(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id)
796 const guint8 *tmpstr;
803 offset=dissect_ber_identifier(pinfo, tree, tvb, offset, &class, &pc, &tag);
804 offset=dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL);
805 end_offset=offset+len;
807 /* sanity check. we only handle universal/generalized time */
808 if( (class!=BER_CLASS_UNI)
809 ||(tag!=BER_UNI_TAG_GeneralizedTime)){
810 proto_tree_add_text(tree, tvb, offset-2, 2, "BER Error: GeneralizedTime expected but Class:%d PC:%d Tag:%d was unexpected", class, pc, tag);
812 end_offset=offset+len;
815 tmpstr=tvb_get_ptr(tvb, offset, len);
816 snprintf(str, 31, "%.4s-%.2s-%.2s %.2s:%.2s:%.2s (%.1s)",
817 tmpstr, tmpstr+4, tmpstr+6, tmpstr+8,
818 tmpstr+10, tmpstr+12, tmpstr+14);
819 str[31]=0; /* just in case ... */
822 proto_tree_add_string(tree, hf_id, tvb, offset, len, str);
829 /* 8.6 Encoding of a bitstring value */
830 int dissect_ber_bitstring(gboolean implicit_tag, packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn_namedbit *named_bits, gint hf_id, gint ett_id, tvbuff_t **out_tvb)
836 guint8 pad, b0, b1, val;
838 proto_item *item = NULL;
839 proto_tree *tree = NULL;
842 /* read header and len for the octet string */
843 offset = dissect_ber_identifier(pinfo, parent_tree, tvb, offset, &class, &pc, &tag);
844 offset = dissect_ber_length(pinfo, parent_tree, tvb, offset, &len, &ind);
845 end_offset = offset + len;
847 /* sanity check: we only handle Universal BitSrings */
849 if( (class!=BER_CLASS_UNI)
850 ||(tag!=BER_UNI_TAG_BITSTRING) ){
851 proto_tree_add_text(parent_tree, tvb, offset-2, 2, "BER Error: BitString expected but Class:%d PC:%d Tag:%d was unexpected", class, pc, tag);
856 ber_last_created_item = NULL;
864 pad = tvb_get_guint8(tvb, offset);
865 proto_tree_add_item(parent_tree, hf_ber_bitstring_padding, tvb, offset, 1, FALSE);
869 item = proto_tree_add_item(parent_tree, hf_id, tvb, offset, len, FALSE);
870 ber_last_created_item = item;
872 tree = proto_item_add_subtree(item, ett_id);
876 *out_tvb = tvb_new_subset(tvb, offset, len, 8*len-pad);
883 if (nb->bit < (8*len-pad)) {
884 val = tvb_get_guint8(tvb, offset + nb->bit/8);
885 val &= 0x80 >> (nb->bit%8);
886 b0 = (nb->gb0 == -1) ? nb->bit/8 : nb->gb0/8;
887 b1 = (nb->gb1 == -1) ? nb->bit/8 : nb->gb1/8;
888 proto_tree_add_item(tree, *(nb->p_id), tvb, offset + b0, b1 - b0 + 1, FALSE);
889 } else { /* 8.6.2.4 */
891 proto_tree_add_boolean(tree, *(nb->p_id), tvb, offset + len, 0, 0x00);
894 if (item && nb->tstr)
895 proto_item_append_text(item, " %s", nb->tstr);
897 if (item && nb->fstr)
898 proto_item_append_text(item, " %s", nb->fstr);
907 int dissect_ber_bitstring32(gboolean implicit_tag, packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset, int **bit_fields, gint hf_id, gint ett_id, tvbuff_t **out_tvb)
913 header_field_info *hfi;
915 offset = dissect_ber_bitstring(implicit_tag, pinfo, parent_tree, tvb, offset, NULL, hf_id, ett_id, &tmp_tvb);
917 tree = proto_item_get_subtree(ber_last_created_item);
918 if (bit_fields && tree) {
919 val = tvb_get_ntohl(tmp_tvb, 0);
922 proto_tree_add_item(tree, **bf, tmp_tvb, 0, 4, FALSE);
923 hfi = proto_registrar_get_nth(**bf);
924 if (val & hfi->bitmask)
925 proto_item_append_text(ber_last_created_item, " %s", hfi->name);
937 proto_register_ber(void)
939 static hf_register_info hf[] = {
940 { &hf_ber_id_class, {
941 "Class", "ber.id.class", FT_UINT8, BASE_DEC,
942 VALS(ber_class_codes), 0xc0, "Class of BER TLV Identifier", HFILL }},
943 { &hf_ber_bitstring_padding, {
944 "Padding", "ber.bitstring.padding", FT_UINT8, BASE_DEC,
945 NULL, 0x0, "Number of unsused bits in the last octet of the bitstring", HFILL }},
947 "P/C", "ber.id.pc", FT_BOOLEAN, 8,
948 TFS(&ber_pc_codes), 0x20, "Primitive or Constructed BER encoding", HFILL }},
949 { &hf_ber_id_uni_tag, {
950 "Tag", "ber.id.uni_tag", FT_UINT8, BASE_DEC,
951 VALS(ber_uni_tag_codes), 0x1f, "Universal tag type", HFILL }},
953 "Tag", "ber.id.tag", FT_UINT32, BASE_DEC,
954 NULL, 0, "Tag value for non-Universal classes", HFILL }},
956 "Length", "ber.length", FT_UINT32, BASE_DEC,
957 NULL, 0, "Length of contents", HFILL }},
961 static gint *ett[] = {
962 &ett_ber_octet_string,
964 module_t *ber_module;
966 proto_ber = proto_register_protocol("Basic Encoding Rules (ASN.1 X.690)", "BER", "ber");
967 proto_register_field_array(proto_ber, hf, array_length(hf));
968 proto_register_subtree_array(ett, array_length(ett));
970 proto_set_cant_toggle(proto_ber);
972 /* Register preferences */
973 ber_module = prefs_register_protocol(proto_ber, NULL);
974 prefs_register_bool_preference(ber_module, "show_internals",
975 "Show internal BER encapsulation tokens",
976 "Whether the dissector should also display internal"
977 " ASN.1 BER details such as Identifier and Length fields", &show_internal_ber_fields);
981 proto_reg_handoff_ber(void)
git.samba.org / obnox / wireshark / wip.git / blob