Basic Encoding Rules (BER) encoded file reading. Not really a packet trace format but still useful for dissecting arbitrary BER/DER ASN.1.

svn path=/trunk/; revision=18110

7 files changed, 251 insertions, 4 deletions

diff --git a/epan/dissectors/packet-ber.c b/epan/dissectors/packet-ber.c
index 3155ed89cb..4ed6577bcc 100644
--- a/epan/dissectors/packet-ber.c
+++ b/epan/dissectors/packet-ber.c
@@ -2285,6 +2285,20 @@ int dissect_ber_bitstring32(gboolean implicit_tag, packet_info *pinfo, proto_tre
 	return offset;
 }
 
+static void
+dissect_ber(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+
+  if (check_col(pinfo->cinfo, COL_INFO)) {
+    col_clear(pinfo->cinfo, COL_INFO);
+    col_append_fstr(pinfo->cinfo, COL_INFO, "%s", "Unknown BER");
+  }
+
+  (void) dissect_unknown_ber(pinfo, tvb, 0, tree);
+
+}
+
+
 void
 proto_register_ber(void)
 {
@@ -2388,5 +2402,11 @@ proto_register_ber(void)
 void
 proto_reg_handoff_ber(void)
 {
+        dissector_handle_t ber_handle;
+
 	register_ber_oid_name("2.1.1","joint-iso-itu-t(2) asn1(1) basic-encoding(1)");
+
+	ber_handle = create_dissector_handle(dissect_ber, proto_ber);
+	dissector_add("wtap_encap", WTAP_ENCAP_BER, ber_handle);
+
 }
diff --git a/wiretap/Makefile.common b/wiretap/Makefile.common
index fa6f5c2680..2d27b9d2b8 100644
--- a/wiretap/Makefile.common
+++ b/wiretap/Makefile.common
@@ -33,6 +33,7 @@ NONGENERATED_C_FILES = \
 	airopeek9.c		\
 	ascend.c		\
 	atm.c			\
+	ber.c			\
 	buffer.c		\
 	catapult_dct2000.c	\
 	cosine.c		\
@@ -70,6 +71,7 @@ NONGENERATED_HEADER_FILES = \
 	ascend.h		\
 	ascend-int.h		\
 	atm.h			\
+	ber.h			\
 	buffer.h		\
 	catapult_dct2000.h	\
 	cosine.h		\
diff --git a/wiretap/ber.c b/wiretap/ber.c
new file mode 100644
index 0000000000..4bcb6687aa
--- /dev/null
+++ b/wiretap/ber.c
@@ -0,0 +1,187 @@
+/* ber.c
+ *
+ * Basic Encoding Rules (BER) file reading
+ *
+ * $Id$
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <errno.h>
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#include "wtap-int.h"
+#include "file_wrappers.h"
+#include "buffer.h"
+#include "ber.h"
+
+
+#define BER_CLASS_UNI	0
+#define BER_CLASS_APP	1
+#define BER_CLASS_CON	2
+
+#define BER_UNI_TAG_SEQ	16	/* SEQUENCE, SEQUENCE OF */
+#define BER_UNI_TAG_SET	17	/* SET, SET OF */
+
+static gboolean ber_read(wtap *wth, int *err, gchar **err_info, long *data_offset)
+{
+  guint8 *buf;
+  int packet_size;
+  struct stat statb;
+
+  *err = 0;
+
+  /* there is only ever one packet */
+  if(wth->data_offset)
+    return FALSE;
+
+  *data_offset = wth->data_offset;
+
+  if((packet_size = wtap_file_size(wth, err)) == -1)
+    return FALSE;
+
+  if (packet_size > WTAP_MAX_PACKET_SIZE) {
+    /*
+     * Probably a corrupt capture file; don't blow up trying
+     * to allocate space for an immensely-large packet.
+     */
+    *err = WTAP_ERR_BAD_RECORD;
+    *err_info = g_strdup_printf("ber: File has %u-byte packet, bigger than maximum of %u",
+				packet_size, WTAP_MAX_PACKET_SIZE);
+    return FALSE;
+  }
+
+  buffer_assure_space(wth->frame_buffer, packet_size);
+  buf = buffer_start_ptr(wth->frame_buffer);
+
+  wtap_file_read_expected_bytes(buf, packet_size, wth->fh, err);
+
+  wth->data_offset += packet_size;
+
+  wth->phdr.caplen = packet_size;
+  wth->phdr.len = packet_size;
+
+  if (fstat(wth->fd, &statb) == -1) {
+    if (err != NULL)
+      *err = errno;
+    return FALSE;
+  }
+
+  wth->phdr.ts.secs = statb.st_mtime;
+  wth->phdr.ts.nsecs = 0;
+
+  return TRUE;
+}
+
+static gboolean ber_seek_read(wtap *wth, long seek_off, union wtap_pseudo_header *pseudo_header, 
+			      guint8 *pd, int length, int *err, gchar **err_info _U_)
+{
+  int packet_size = length;
+
+  /* there is only one packet */
+  if(seek_off > 0) {
+    *err = 0;
+    return FALSE;
+  }
+	
+  if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
+    return FALSE;
+
+  wtap_file_read_expected_bytes(pd, packet_size, wth->random_fh, err);
+
+  return TRUE;
+}
+
+int ber_open(wtap *wth, int *err, gchar **err_info _U_)
+{
+#define BER_BYTES_TO_CHECK 4
+  guint8 bytes[BER_BYTES_TO_CHECK];
+  int bytes_read;
+  guint8 id;
+  gint8 class;
+  gint8 tag;
+  gboolean pc;
+  guint8 oct, nlb = 0;
+  int len = 0, fsize;
+  int offset = 0, i;
+
+  bytes_read = file_read(&bytes, 1, BER_BYTES_TO_CHECK, wth->fh);
+  if (bytes_read != BER_BYTES_TO_CHECK) {
+    *err = file_error(wth->fh);
+    return (*err != 0) ? -1 : 0;
+  }
+
+  id = bytes[offset++];
+
+  class = (id>>6) & 0x03;
+  pc = (id>>5) & 0x01;
+  tag = id & 0x1F;
+	
+  /* it must be constructed and either a SET or a SEQUENCE */
+  /* or a CONTEXT less than 32 (arbitrary) */
+  /* XXX: do we also want to allow APPLICATION */
+  if(!(pc && 
+       (((class == BER_CLASS_UNI) && ((tag == BER_UNI_TAG_SET) || (tag == BER_UNI_TAG_SEQ))) ||
+	((class == BER_CLASS_CON) && (tag < 32)))))
+    return 0;
+
+  /* now check the length */
+  oct = bytes[offset++];
+
+  if(!(oct & 0x80))
+    len = oct;
+  else {
+    nlb = oct & 0x7F; /* number of length bytes */
+
+    if((nlb > 0) && (nlb <= (BER_BYTES_TO_CHECK - 2))) {
+      /* not indefinite length and we have read enough bytes to compute the length */
+      i = nlb;
+      while(i--) {
+	oct = bytes[offset++];
+	len = (len<<8) + oct;
+      }
+    }
+  }
+
+  if(len) { /* if we have a length, check it */
+    len += (2 + nlb); /* add back Tag and Length bytes */
+    fsize = wtap_file_size(wth, err);
+
+    if(len != fsize) {
+      return 0; /* not ASN.1 */
+    }
+  }
+
+  /* seek back to the start of the file  */
+  if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
+    return -1;
+
+  wth->file_type = WTAP_FILE_BER;
+  wth->file_encap = WTAP_ENCAP_BER;
+  wth->snapshot_length = 0;
+
+  wth->subtype_read = ber_read;
+  wth->subtype_seek_read = ber_seek_read; 
+  wth->tsprecision = WTAP_FILE_TSPREC_SEC;
+
+  return 1;
+}
diff --git a/wiretap/ber.h b/wiretap/ber.h
new file mode 100644
index 0000000000..3863ad4105
--- /dev/null
+++ b/wiretap/ber.h
@@ -0,0 +1,28 @@
+/* ber.h
+ *
+ * Basic Encoding Rules (BER) file reading
+ *
+ * $Id$
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ *
+ */
+
+#ifndef __BER_H__
+#define __BER_H__
+
+int ber_open(wtap *wth, int *err, gchar **err_info);
+
+#endif
diff --git a/wiretap/file_access.c b/wiretap/file_access.c
index a972d64568..c6341c0e84 100644
--- a/wiretap/file_access.c
+++ b/wiretap/file_access.c
@@ -70,6 +70,7 @@
 #include "hcidump.h"
 #include "network_instruments.h"
 #include "k12.h"
+#include "ber.h"
 #include "catapult_dct2000.h"
 
 /* The open_file_* routines should return:
@@ -109,7 +110,7 @@ static int (*const open_routines[])(wtap *, int *, char **) = {
 	dbs_etherwatch_open,
 	k12_open,
 	catapult_dct2000_open,
-	
+	ber_open,
 	/* Files that don't have magic bytes at a fixed location,
 	 * but that instead require a heuristic of some sort to
 	 * identify them.  This includes the ASCII trace files that
@@ -514,6 +515,11 @@ static const struct file_type_info {
 	/* WTAP_FILE_CATAPULT_DCT2000 */
 	{ "Catapult DCT2000 trace (.out format)", "dct2000", FALSE,
 	  catapult_dct2000_dump_can_write_encap, catapult_dct2000_dump_open },
+
+	/* WTAP_FILE_BER */
+	{ "ASN.1 Basic Encoding Rules", "ber", FALSE,
+		NULL, NULL },
+
 };
 
 /* Name that should be somewhat descriptive. */
diff --git a/wiretap/wtap.c b/wiretap/wtap.c
index ef998f0f0f..9827264768 100644
--- a/wiretap/wtap.c
+++ b/wiretap/wtap.c
@@ -357,6 +357,9 @@ static const struct encap_type_info {
 
 	/* WTAP_ENCAP_CATAPULT_DCT2000 */
 	{ "Catapult DCT2000", "dct2000" },
+
+	/* WTAP_ENCAP_BER */
+	{ "ASN.1 Basic Encoding Rules", "ber" },
 };
 
 /* Name that should be somewhat descriptive. */
diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index 5ebf160c26..292bf73258 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -180,9 +180,10 @@
 #define WTAP_ENCAP_JUNIPER_GGSN                 87
 #define WTAP_ENCAP_LINUX_LAPD			88
 #define WTAP_ENCAP_CATAPULT_DCT2000             89
+#define WTAP_ENCAP_BER                          90
 
 /* last WTAP_ENCAP_ value + 1 */
-#define WTAP_NUM_ENCAP_TYPES			90
+#define WTAP_NUM_ENCAP_TYPES			91
 
 /* File types that can be read by wiretap.
    We support writing some many of these file types, too, so we
@@ -232,9 +233,9 @@
 #define WTAP_FILE_ISERIES			42
 #define WTAP_FILE_ISERIES_UNICODE		43
 #define WTAP_FILE_CATAPULT_DCT2000		44
+#define WTAP_FILE_BER                           45
 
-/* last WTAP_FILE_ value + 1 */
-#define WTAP_NUM_FILE_TYPES			45
+#define WTAP_NUM_FILE_TYPES			46
 
 /* timestamp precision (currently only these values are supported) */
 #define WTAP_FILE_TSPREC_SEC		0