Ethereal-dev: Re: [Ethereal-dev] ASN.1 dissector.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Matthijs Melchior <mmelchior@xxxxxxxxx>
Date: Sat, 11 Oct 2003 16:41:10 +0200
Hi,

Ronnie Sahlberg wrote:

Sounds cool  (I havent tested it yet)

I have some questions,
Will the plugin create and add new hf_fields to ethereal when it reads such
a spec file? So that all the fields it dissects
will have a proper filter name and blurb etc?  (so that all the fields CAN
be filtered?)

Yes, it registers all fields and most types with the filter engine.  It is
a problem to register intermediate types (types that have only other types
as their value).  Yes, it has the same text for the 3 entries name, abbrev
and blurb. That is the best I could do, since the ASN.1 compiler only provides
me with a name and a type....

Would it be possible with this plugin to also generate etherealized
dissectors for the SNMP objects
described in the MIBS? (which do not have filterable fields :-( )

Well, snmp has not been my interrest while developing this, but I think
this boils down to the fact that semantic knowledge is not present in the
dissector [such as the fact that snmp v1 is represented by integer 0]...

I have just been looking at rfc1213-mib2.asn1 and it looks like snacc
understands about OBJECT-TYPE, DESCRIPTION etc, but does not put it
in the generated code or type-table....

Further developement may go in the direction to add this, although the
asn1 compiler may have to be expanded.... or a separate mechanism may
be needed to provide this.

The hand crafted dissectors have no problem with such kind of knowledge.

Could the plugin be used to decode any/all the other objects in other
protocols that are encoded as ASN.1 BER as well
(kerberos etc) so that all those protocols also get filterable fields?
Yes, my intention was to decode a BER datastream and annotate that with
type- and name-text from the defining asn1 specification.
All data vaules that were used during developement are entered in the
filter engine...., an OID is problematic and Obj Descriptors, reals,
external types and non-text strings are not entered in the filter engine.



----- Original Message ----- From: "Matthijs Melchior"
Sent: Saturday, October 11, 2003 8:43 AM
Subject: [Ethereal-dev] ASN.1 dissector.


Hi,
   I have new plugin for ethereal. A patch to ethereal-0.9.15
is rather big and therefore not attached. Available on my web page:

 http://www.xs4all.nl/~mmelchio/asn1/

This patch will add a plugin to ethereal to decode BER encoded
ASN.1 messages. It expects the type-table output from 'snacc',
an ASN.1 compiler, as its input for message definition. Than
it will nicely dissect a stream of udp or tcp messages of that
type.

See the Readme.ethereal.asn1 file to get going.


This plugin is of prototype quality, and I know of several problems.
However it fulfills my purpose nicely now and I offer this for
inclusion in ethereal so more people can use it.

Thanks.

--
Regards, ---------------------------------------------------------------- -o)
Matthijs Melchior                                       Maarssen  /\\
mmelchior@xxxxxxxxx          +31 346 570616          Netherlands _\_v
---------------------------------------------------------------- ----