Support for X.519 (section 9) Internet Directly Mapped Protocol (IDMP).

IDMP provides a mapping of request-response service elements directly onto the Internet TCP/IP protocol, bypassing the ACSE, Presentation, Session and Transport layers of the OSI model. It also supports the use of TLS services.

The DAP dissector has been updated to use the IDMP protocol.



svn path=/trunk/; revision=33177

8 files changed, 856 insertions, 0 deletions

diff --git a/asn1/idmp/CommonProtocolSpecification.asn b/asn1/idmp/CommonProtocolSpecification.asn
new file mode 100644
index 0000000000..40da9f2cb7
--- /dev/null
+++ b/asn1/idmp/CommonProtocolSpecification.asn
@@ -0,0 +1,120 @@
+-- $Id$
+-- http://www.itu.int/ITU-T/formal-language/itu-t/x/x519/2005/CommonProtocolSpecification.asn
+-- Module CommonProtocolSpecification (X.519:08/2005)
+CommonProtocolSpecification {joint-iso-itu-t ds(5) module(1)
+  commonProtocolSpecification(35) 5} DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All 
+-- The types and values defined in this module are exported for use in the
+-- other ASN.1 modules contained within the Directory Specifications, and for
+-- the use of other applications which will use them to access Directory
+-- services. Other applications may use them for their own purposes, but this
+-- will not constrain extensions and modifications needed to maintain or
+-- improve the Directory service.
+IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+  opBindingManagement
+    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+      usefulDefinitions(0) 5}
+  establishOperationalBinding, modifyOperationalBinding,
+    terminateOperationalBinding
+    FROM OperationalBindingManagement opBindingManagement;
+
+OPERATION ::= CLASS {
+  &ArgumentType   OPTIONAL,
+  &ResultType     OPTIONAL,
+  &Errors         ERROR OPTIONAL,
+  &operationCode  Code UNIQUE OPTIONAL
+}
+WITH SYNTAX {
+  [ARGUMENT &ArgumentType]
+  [RESULT &ResultType]
+  [ERRORS &Errors]
+  [CODE &operationCode]
+}
+
+ERROR ::= CLASS {&ParameterType  ,
+                 &errorCode      Code UNIQUE OPTIONAL
+}WITH SYNTAX {PARAMETER &ParameterType
+              [CODE &errorCode]
+}
+
+Code ::= CHOICE {local   INTEGER,
+                 global  OBJECT IDENTIFIER
+}
+
+InvokeId ::= CHOICE {present  INTEGER,
+                     absent   NULL
+}
+
+--  operation codes for DAP and DSP
+id-opcode-read Code ::= local:1
+
+id-opcode-compare Code ::= local:2
+
+id-opcode-abandon Code ::= local:3
+
+id-opcode-list Code ::= local:4
+
+id-opcode-search Code ::= local:5
+
+id-opcode-addEntry Code ::= local:6
+
+id-opcode-removeEntry Code ::= local:7
+
+id-opcode-modifyEntry Code ::= local:8
+
+id-opcode-modifyDN Code ::= local:9
+
+--  operation codes for DISP
+id-opcode-requestShadowUpdate Code ::= local:1
+
+id-opcode-updateShadow Code ::= local:2
+
+id-opcode-coordinateShadowUpdate Code ::= local:3
+
+--  operation codes for DOP
+id-op-establishOperationalBinding Code ::= local:100
+
+id-op-modifyOperationalBinding Code ::= local:102
+
+id-op-terminateOperationalBinding Code ::= local:101
+
+-- error codes for DAP and DSP
+id-errcode-attributeError Code ::= local:1
+
+id-errcode-nameError Code ::= local:2
+
+id-errcode-serviceError Code ::= local:3
+
+id-errcode-referral Code ::= local:4
+
+id-errcode-abandoned Code ::= local:5
+
+id-errcode-securityError Code ::= local:6
+
+id-errcode-abandonFailed Code ::= local:7
+
+id-errcode-updateError Code ::= local:8
+
+id-errcode-dsaReferral Code ::= local:9
+
+-- error code for DISP
+id-errcode-shadowError Code ::= local:1
+
+-- error code for DOP
+id-err-operationalBindingError Code ::= local:100
+
+DOP-Invokable OPERATION ::=
+  {establishOperationalBinding | modifyOperationalBinding |
+   terminateOperationalBinding}
+
+DOP-Returnable OPERATION ::=
+  {establishOperationalBinding | modifyOperationalBinding |
+   terminateOperationalBinding}
+
+END -- CommonProtocolSpecification
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+
diff --git a/asn1/idmp/IDMProtocolSpecification.asn b/asn1/idmp/IDMProtocolSpecification.asn
new file mode 100644
index 0000000000..41955d251e
--- /dev/null
+++ b/asn1/idmp/IDMProtocolSpecification.asn
@@ -0,0 +1,125 @@
+-- $Id$
+-- http://www.itu.int/ITU-T/formal-language/itu-t/x/x519/2005/IDMProtocolSpecification.asn
+-- Module IDMProtocolSpecification (X.519:08/2005)
+IDMProtocolSpecification {joint-iso-itu-t ds(5) module(1)
+  iDMProtocolSpecification(30) 5} DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All 
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained 
+-- within the Directory Specifications, and for the use of other applications which will use them to access Directory
+-- services. Other applications may use them for their own purposes, but this will not constrain extensions
+-- and modifications needed to maintain or improve the Directory service.
+IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+  certificateExtensions, commonProtocolSpecification, directoryAbstractService,
+    directoryIDMProtocols, enhancedSecurity
+    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+      usefulDefinitions(0) 5}
+  -- from ITU-T Rec. X.509 | ISO/IEC 9594-8
+  GeneralName
+    FROM CertificateExtensions certificateExtensions
+  -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
+  SecurityProblem, ServiceProblem, Versions
+    FROM DirectoryAbstractService directoryAbstractService
+  -- from ITU-T Rec. X.519 | ISO/IEC 9594-5
+  InvokeId, OPERATION
+    FROM CommonProtocolSpecification commonProtocolSpecification;
+
+-- IDM-protocol information object class 
+IDM-PROTOCOL ::= CLASS {
+  &bind-operation  OPERATION,
+  &Operations      OPERATION,
+  &id              OBJECT IDENTIFIER UNIQUE
+}WITH SYNTAX {BIND-OPERATION &bind-operation
+              OPERATIONS &Operations
+              ID &id
+}
+
+-- IDM protocol 
+IDM-PDU{IDM-PROTOCOL:protocol} ::= CHOICE {
+  bind         [0]  IdmBind{{protocol}},
+  bindResult   [1]  IdmBindResult{{protocol}},
+  bindError    [2]  IdmBindError{{protocol}},
+  request      [3]  Request{{protocol.&Operations}},
+  result       [4]  IdmResult{{protocol.&Operations}},
+  error        [5]  Error{{protocol.&Operations}},
+  reject       [6]  IdmReject,
+  unbind       [7]  Unbind,
+  abort        [8]  Abort,
+  startTLS     [9]  StartTLS,
+  tLSResponse  [10]  TLSResponse
+}
+
+IdmBind{IDM-PROTOCOL:Protocols} ::= SEQUENCE {
+  protocolID      IDM-PROTOCOL.&id({Protocols}),
+  callingAETitle  [0]  GeneralName OPTIONAL,
+  calledAETitle   [1]  GeneralName OPTIONAL,
+  argument
+    [2]  IDM-PROTOCOL.&bind-operation.&ArgumentType({Protocols}{@protocolID})
+}
+
+IdmBindResult{IDM-PROTOCOL:Protocols} ::= SEQUENCE {
+  protocolID         IDM-PROTOCOL.&id({Protocols}),
+  respondingAETitle  [0]  GeneralName OPTIONAL,
+  result
+    [1]  IDM-PROTOCOL.&bind-operation.&ResultType({Protocols}{@protocolID})
+}
+
+IdmBindError{IDM-PROTOCOL:Protocols} ::= SEQUENCE {
+  protocolID         IDM-PROTOCOL.&id({Protocols}),
+  errcode
+    IDM-PROTOCOL.&bind-operation.&Errors.&errorCode({Protocols}{@protocolID}),
+  respondingAETitle  [0]  GeneralName OPTIONAL,
+  aETitleError
+    ENUMERATED {callingAETitleNotAccepted(0), calledAETitleNotRecognized(1)}
+      OPTIONAL,
+  error
+    [1]  IDM-PROTOCOL.&bind-operation.&Errors.&ParameterType
+           ({Protocols}{@protocolID, @errcode})
+}
+
+Unbind ::= NULL
+
+Request{OPERATION:Operations} ::= SEQUENCE {
+  invokeID  INTEGER,
+  opcode    OPERATION.&operationCode({Operations}),
+  argument  OPERATION.&ArgumentType({Operations}{@opcode})
+}
+
+IdmResult{OPERATION:Operations} ::= SEQUENCE {
+  invokeID  InvokeId,
+  opcode    OPERATION.&operationCode({Operations}),
+  result    OPERATION.&ResultType({Operations}{@opcode})
+}
+
+Error{OPERATION:Operations} ::= SEQUENCE {
+  invokeID  INTEGER,
+  errcode   OPERATION.&Errors.&errorCode({Operations}),
+  error     OPERATION.&Errors.&ParameterType({Operations}{@errcode})
+}
+
+IdmReject ::= SEQUENCE {
+  invokeID  INTEGER,
+  reason
+    ENUMERATED {mistypedPDU(0), duplicateInvokeIDRequest(1),
+                unsupportedOperationRequest(2), unknownOperationRequest(3),
+                mistypedArgumentRequest(4), resourceLimitationRequest(5),
+                unknownInvokeIDResult(6), mistypedResultRequest(7),
+                unknownInvokeIDError(8), unknownError(9),
+                mistypedParameterError(10)}
+}
+
+Abort ::= ENUMERATED {
+  mistypedPDU(0), unboundRequest(1), invalidPDU(2), resourceLimitation(3),
+  connectionFailed(4), invalidProtocol(5), reasonNotSpecified(6)}
+
+StartTLS ::= NULL
+
+TLSResponse ::= ENUMERATED {
+  success(0), operationsError(1), protocolError(2), unavailable(3)}
+
+END -- IDMProtocolSpecification
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+
diff --git a/asn1/idmp/Makefile.am b/asn1/idmp/Makefile.am
new file mode 100644
index 0000000000..462af31e88
--- /dev/null
+++ b/asn1/idmp/Makefile.am
@@ -0,0 +1,26 @@
+# $Id$
+#
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+
+include ../Makefile.preinc
+include Makefile.common
+include ../Makefile.inc
+
diff --git a/asn1/idmp/Makefile.common b/asn1/idmp/Makefile.common
new file mode 100644
index 0000000000..a390c4b9a5
--- /dev/null
+++ b/asn1/idmp/Makefile.common
@@ -0,0 +1,54 @@
+# $Id$
+#
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+
+PROTOCOL_NAME=idmp
+
+DISSECTOR_FILES=packet-$(PROTOCOL_NAME).c \
+	packet-$(PROTOCOL_NAME).h
+
+NEED_PACKET_PROTO_H = 1
+
+EXPORT_FILES = \
+	$(PROTOCOL_NAME)-exp.cnf
+
+EXT_ASN_FILE_LIST =
+
+ASN_FILE_LIST = \
+	IDMProtocolSpecification.asn \
+	CommonProtocolSpecification.asn
+
+# The packet-$(PROTOCOL_NAME)-template.h and $(PROTOCOL_NAME).asn
+# files do not exist for all protocols: Please add/remove as required.
+EXTRA_DIST = \
+	Makefile.nmake \
+	$(ASN_FILE_LIST) \
+	packet-$(PROTOCOL_NAME)-template.c \
+	packet-$(PROTOCOL_NAME)-template.h \
+	$(PROTOCOL_NAME).cnf
+
+SRC_FILES = \
+	$(EXTRA_DIST) \
+	$(EXT_ASN_FILE_LIST)
+
+A2W_FLAGS= -b -e -L
+
+EXTRA_CNF= 
diff --git a/asn1/idmp/Makefile.nmake b/asn1/idmp/Makefile.nmake
new file mode 100644
index 0000000000..5a32997c60
--- /dev/null
+++ b/asn1/idmp/Makefile.nmake
@@ -0,0 +1,29 @@
+## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
+#
+# $Id$
+#
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+
+include ../../config.nmake
+include ../Makefile.preinc.nmake
+include Makefile.common
+include ../Makefile.inc.nmake
+
diff --git a/asn1/idmp/idmp.cnf b/asn1/idmp/idmp.cnf
new file mode 100644
index 0000000000..0b74ec29ac
--- /dev/null
+++ b/asn1/idmp/idmp.cnf
@@ -0,0 +1,78 @@
+#
+# $Id$
+#
+
+#.IMPORT ../x509ce/x509ce-exp.cnf
+
+
+#.CLASS OPERATION 
+&ArgumentType          
+&argumentTypeOptional  BooleanType
+&ResultType            
+&resultTypeOptional    BooleanType
+&Errors                _FixedTypeValueSetFieldSpec
+&errorsOptional	 	BooleanType
+&operationCode         TypeReference Code
+#.END
+
+#.TF_RENAME
+IdmBind/argument	bind_argument
+IdmBindError/errcode	bind_errcode
+IdmBindError/error	bind_error
+IdmBindResult/result	bind_result
+
+#.FIELD_RENAME
+IDM-PDU/error		idm_error
+IDM-PDU/result		idm_result
+
+IdmResult/invokeID	idm_invokeID
+
+#.FN_BODY	IdmBind/argument
+
+	return call_idmp_oid_callback(tvb, offset, actx->pinfo, (ROS_OP_BIND | ROS_OP_ARGUMENT), top_tree);
+
+#.END
+
+#.FN_PARS	OBJECT_IDENTIFIER	FN_VARIANT = _str VAL_PTR = &protocolID
+
+
+#.FN_BODY	IdmBindResult/result
+
+	return call_idmp_oid_callback(tvb, offset, actx->pinfo, (ROS_OP_BIND | ROS_OP_RESULT), top_tree);
+
+#.END
+
+#.FN_BODY	IdmBindError/errcode
+
+#.END
+
+#.FN_BODY	IdmBindError/error
+
+	return call_idmp_oid_callback(tvb, offset, actx->pinfo, (ROS_OP_BIND| ROS_OP_ERROR), top_tree);
+
+#.END
+
+#.FN_PARS Code/local VAL_PTR = &opcode
+
+#.FN_BODY	Request/argument
+
+	return call_idmp_oid_callback(tvb, offset, actx->pinfo, (ROS_OP_INVOKE | ROS_OP_ARGUMENT | opcode), top_tree);
+
+#.END
+
+#.FN_BODY	IdmResult/result
+
+	return call_idmp_oid_callback(tvb, offset, actx->pinfo, (ROS_OP_INVOKE | ROS_OP_RESULT | opcode), top_tree);
+
+
+#.END
+
+#.FN_BODY	Error/errcode
+
+#.END
+
+#.FN_BODY	Error/error
+
+#.END
+
+
diff --git a/asn1/idmp/packet-idmp-template.c b/asn1/idmp/packet-idmp-template.c
new file mode 100644
index 0000000000..a8b7ede925
--- /dev/null
+++ b/asn1/idmp/packet-idmp-template.c
@@ -0,0 +1,392 @@
+/* packet-idmp.c
+ * Routines for X.519 Internet Directly Mapped Procotol (IDMP) packet dissection
+ * Graeme Lunt 2020
+ *
+ * $Id$
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <glib.h>
+#include <epan/packet.h>
+#include <epan/prefs.h>
+#include <epan/reassemble.h>
+#include <epan/conversation.h>
+#include <epan/oids.h>
+#include <epan/asn1.h>
+#include <epan/ipproto.h>
+
+#include <epan/dissectors/packet-tcp.h>
+
+#include "packet-ber.h"
+#include "packet-ros.h"
+#include "packet-x509ce.h"
+
+#include <epan/strutil.h>
+
+#define PNAME  "X.519 Internet Directly Mapped Protocol"
+#define PSNAME "IDMP"
+#define PFNAME "idmp"
+
+static gboolean idmp_desegment = TRUE;
+static guint global_idmp_tcp_port = 1102; /* made up for now */
+static gboolean idmp_reassemble = TRUE;
+static guint tcp_port = 0;
+static dissector_handle_t idmp_handle = NULL;
+
+static proto_tree *top_tree = NULL;
+static struct SESSION_DATA_STRUCTURE* session = NULL;
+static char *protocolID = NULL;
+static char *saved_protocolID = NULL;
+static guint32 opcode = -1;
+
+void prefs_register_idmp(void); /* forward declaration for use in preferences registration */
+
+/* Initialize the protocol and registered fields */
+int proto_idmp = -1;
+
+static int hf_idmp_version = -1;
+static int hf_idmp_final = -1;
+static int hf_idmp_length = -1;
+static int hf_idmp_PDU = -1;
+
+static GHashTable *idmp_segment_table = NULL;
+static GHashTable *idmp_reassembled_table = NULL;
+ 
+static int hf_idmp_fragments = -1;
+static int hf_idmp_fragment = -1;
+static int hf_idmp_fragment_overlap = -1;
+static int hf_idmp_fragment_overlap_conflicts = -1;
+static int hf_idmp_fragment_multiple_tails = -1;
+static int hf_idmp_fragment_too_long_fragment = -1;
+static int hf_idmp_fragment_error = -1;
+static int hf_idmp_reassembled_in = -1;
+static int hf_idmp_reassembled_length = -1;
+
+static gint ett_idmp_fragment = -1;
+static gint ett_idmp_fragments = -1;
+
+static const fragment_items idmp_frag_items = {
+	/* Fragment subtrees */
+	&ett_idmp_fragment,
+	&ett_idmp_fragments,
+	/* Fragment fields */
+	&hf_idmp_fragments,
+	&hf_idmp_fragment,
+	&hf_idmp_fragment_overlap,
+	&hf_idmp_fragment_overlap_conflicts,
+	&hf_idmp_fragment_multiple_tails,
+	&hf_idmp_fragment_too_long_fragment,
+	&hf_idmp_fragment_error,
+	/* Reassembled in field */
+	&hf_idmp_reassembled_in,
+	/* Reassembled length field */
+	&hf_idmp_reassembled_length,
+	/* Tag */
+	"IDMP fragments"
+};
+
+
+static call_idmp_oid_callback(tvbuff_t *tvb, int offset, packet_info *pinfo, int op, proto_tree *tree)	
+{
+	struct SESSION_DATA_STRUCTURE *session;
+	
+	if((session = (struct SESSION_DATA_STRUCTURE*)pinfo->private_data) != NULL) {
+
+		if((!saved_protocolID) && (op == (ROS_OP_BIND | ROS_OP_RESULT))) {
+			/* save for subsequent operations - should be into session data */
+			saved_protocolID = se_strdup(protocolID);
+		}
+
+		/* mimic ROS! */
+		session->ros_op = op;
+		offset = call_ros_oid_callback(saved_protocolID ? saved_protocolID : protocolID, tvb, offset, pinfo, top_tree);
+	}
+
+	return offset;
+
+}
+
+#include "packet-idmp-hf.c"
+
+/* Initialize the subtree pointers */
+static gint ett_idmp = -1;
+#include "packet-idmp-ett.c"
+
+#include "packet-idmp-fn.c"
+
+void
+register_idmp_protocol_info(const char *oid, const ros_info_t *rinfo, int proto _U_, const char *name)
+{
+	/* just register with ROS for now */
+	register_ros_protocol_info(oid, rinfo, proto, name, FALSE);
+}
+
+
+static gint dissect_idmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
+{
+	int offset = 0;
+
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	asn1_ctx_t asn1_ctx;
+	void *save_private_data;
+	struct SESSION_DATA_STRUCTURE session;
+	gboolean	idmp_final;
+	guint32		idmp_length;
+	fragment_data *fd_head;
+	conversation_t *conv;
+	guint32		dst_ref;
+
+	asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+
+    conv = find_conversation (pinfo->fd->num, &pinfo->src, &pinfo->dst,
+                                pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
+    if (conv) {
+       /* Found a conversation, also use index for the generated dst_ref */
+       dst_ref = conv->index;
+    }
+
+	/* save parent_tree so subdissectors can create new top nodes */
+	top_tree=parent_tree;
+
+	if(parent_tree){
+		item = proto_tree_add_item(parent_tree, proto_idmp, tvb, 0, -1, FALSE);
+		tree = proto_item_add_subtree(item, ett_idmp);
+	}
+
+	col_set_str(pinfo->cinfo, COL_PROTOCOL, "IDMP");
+
+	/* now check the segment fields */
+
+	proto_tree_add_item(tree, hf_idmp_version, tvb, offset, 1, FALSE); offset++;
+	proto_tree_add_item(tree, hf_idmp_final, tvb, offset, 1, FALSE); 
+	idmp_final = tvb_get_guint8(tvb, offset); offset++;
+	proto_tree_add_item(tree, hf_idmp_length, tvb, offset, 4, FALSE); 
+	idmp_length = tvb_get_ntohl(tvb, offset); offset += 4;
+
+	if(idmp_reassemble) {
+
+		pinfo->fragmented = !idmp_final;
+
+		if (check_col(pinfo->cinfo, COL_INFO))
+			col_append_fstr(pinfo->cinfo, COL_INFO, " [%sIDMP fragment, %u byte%s]", 
+				idmp_final ? "Final " : "" ,
+				idmp_length, plurality(idmp_length, "", "s"));
+
+		fd_head = fragment_add_seq_next(tvb, offset, pinfo, dst_ref,
+			idmp_segment_table, idmp_reassembled_table,
+			idmp_length, !idmp_final);
+
+		if(fd_head && fd_head->next) {
+			proto_tree_add_text(tree, tvb, offset, (idmp_length) ? -1 : 0,
+			  "IDMP segment data (%u byte%s)", idmp_length,
+			  plurality(idmp_length, "", "s"));	
+
+			if (idmp_final) {
+			/* This is the last segment */
+				tvb = process_reassembled_data (tvb, offset, pinfo,
+		       		"Reassembled IDMP", fd_head, &idmp_frag_items, NULL, tree);
+				offset = 0;
+			} else if (pinfo->fd->num != fd_head->reassembled_in) {
+				/* Add a "Reassembled in" link if not reassembled in this frame */
+				proto_tree_add_uint (tree, hf_idmp_reassembled_in,
+		       		tvb, 0, 0, fd_head->reassembled_in);
+			}
+		}
+	
+	} else { 
+		if(!idmp_final) {
+
+			if (check_col(pinfo->cinfo, COL_INFO))
+				col_append_fstr(pinfo->cinfo, COL_INFO, " [IDMP fragment, %u byte%s, IDMP reassembly not enabled]", 
+					idmp_length, plurality(idmp_length, "", "s"));
+
+			proto_tree_add_text(tree, tvb, offset, (idmp_length) ? -1 : 0,
+				"IDMP segment data (%u byte%s) (IDMP reassembly not enabled)", idmp_length,
+				plurality(idmp_length, "", "s"));		
+		}
+	}
+	/* not reassembling - just dissect */
+	if(idmp_final) {
+		save_private_data = pinfo->private_data;
+		pinfo->private_data = &session;
+
+		offset = dissect_idmp_IDM_PDU(FALSE, tvb, offset, &asn1_ctx, tree, hf_idmp_PDU);
+
+		pinfo->private_data = save_private_data;
+	} else {
+		offset = tvb_length(tvb);
+	}
+
+	return offset;
+}
+
+static guint get_idmp_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
+{
+	guint32 len;
+
+	len = tvb_get_ntohl(tvb, offset + 2);
+
+	return len + 6;
+}
+
+static void dissect_idmp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
+{
+
+	tcp_dissect_pdus(tvb, pinfo, parent_tree, idmp_desegment, 0, get_idmp_pdu_len, dissect_idmp);
+
+}
+
+static void idmp_reassemble_init (void)
+{
+	fragment_table_init (&idmp_segment_table);
+	reassembled_table_init (&idmp_reassembled_table);
+
+	saved_protocolID = NULL;
+}
+
+/*--- proto_register_idmp -------------------------------------------*/
+void proto_register_idmp(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] =
+  {
+	{ &hf_idmp_version,
+      { "version", "idmp.version",
+        FT_INT8, BASE_DEC, NULL, 0,
+        "idmp.INTEGER", HFILL }},
+	{ &hf_idmp_final,
+      { "final", "idmp.final",
+        FT_BOOLEAN, 8, NULL, 0,
+        "idmp.BOOLEAN", HFILL }},
+	{ &hf_idmp_length,
+      { "length", "idmp.length",
+        FT_INT32, BASE_DEC, NULL, 0,
+        "idmp.INTEGER", HFILL }},
+	{ &hf_idmp_PDU,
+      { "IDM-PDU", "idmp.pdu",
+        FT_UINT32, BASE_DEC, VALS(idmp_IDM_PDU_vals), 0,
+        "idmp.PDU", HFILL }},
+    /* Fragment entries */
+    { &hf_idmp_fragments,
+      { "IDMP fragments", "idmp.fragments", FT_NONE, BASE_NONE,
+	NULL, 0x00, "Message fragments", HFILL } },
+    { &hf_idmp_fragment,
+      { "IDMP fragment", "idmp.fragment", FT_FRAMENUM, BASE_NONE,
+	NULL, 0x00, "Message fragment", HFILL } },
+    { &hf_idmp_fragment_overlap,
+      { "IDMP fragment overlap", "idmp.fragment.overlap", FT_BOOLEAN,
+	BASE_NONE, NULL, 0x00, "Message fragment overlap", HFILL } },
+    { &hf_idmp_fragment_overlap_conflicts,
+      { "IDMP fragment overlapping with conflicting data",
+	"idmp.fragment.overlap.conflicts", FT_BOOLEAN, BASE_NONE, NULL,
+	0x00, "Message fragment overlapping with conflicting data", HFILL } },
+    { &hf_idmp_fragment_multiple_tails,
+      { "IDMP has multiple tail fragments",
+	"idmp.fragment.multiple_tails", FT_BOOLEAN, BASE_NONE,
+	NULL, 0x00, "Message has multiple tail fragments", HFILL } },
+    { &hf_idmp_fragment_too_long_fragment,
+      { "IDMP fragment too long", "idmp.fragment.too_long_fragment",
+	FT_BOOLEAN, BASE_NONE, NULL, 0x00, "Message fragment too long",
+	HFILL } },
+    { &hf_idmp_fragment_error,
+      { "IDMP defragmentation error", "idmp.fragment.error", FT_FRAMENUM,
+	BASE_NONE, NULL, 0x00, "Message defragmentation error", HFILL } },
+    { &hf_idmp_reassembled_in,
+      { "Reassembled IDMP in frame", "idmp.reassembled.in", FT_FRAMENUM, BASE_NONE,
+	NULL, 0x00, "This IDMP packet is reassembled in this frame", HFILL } },
+    { &hf_idmp_reassembled_length,
+      { "Reassembled IDMP length", "idmp.reassembled.length", FT_UINT32, BASE_DEC,
+	NULL, 0x00, "The total length of the reassembled payload", HFILL } },
+
+#include "packet-idmp-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+    &ett_idmp,
+	&ett_idmp_fragment,
+    &ett_idmp_fragments,
+#include "packet-idmp-ettarr.c"
+  };
+  module_t *idmp_module;
+
+  /* Register protocol */
+  proto_idmp = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_idmp, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+  register_dissector("idmp", dissect_idmp_tcp, proto_idmp);
+
+  register_init_routine (&idmp_reassemble_init);
+
+  /* Register our configuration options for IDMP, particularly our port */
+
+  idmp_module = prefs_register_protocol_subtree("OSI/X.500", proto_idmp, prefs_register_idmp);
+
+  prefs_register_bool_preference(idmp_module, "desegment_idmp_messages",
+    "Reassemble IDMP messages spanning multiple TCP segments",
+    "Whether the IDMP dissector should reassemble messages spanning multiple TCP segments."
+    " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
+    &idmp_desegment);
+
+    prefs_register_bool_preference(idmp_module, "reassemble",
+				 "Reassemble segmented IDMP datagrams",
+				 "Whether segmented IDMP datagrams should be reassembled."
+				 " To use this option, you must also enable"
+				 " \"Allow subdissectors to reassemble TCP streams\""
+				 " in the TCP protocol settings.", &idmp_reassemble);
+  
+  prefs_register_uint_preference(idmp_module, "tcp.port", "IDMP TCP Port",
+				 "Set the port for Internet Directly Mapped Protocol requests/responses",
+				 10, &global_idmp_tcp_port);
+
+}
+
+
+/*--- proto_reg_handoff_idm --- */
+void proto_reg_handoff_idm(void) {
+
+ /* remember the idm handler for change in preferences */
+  idmp_handle = find_dissector(PFNAME);
+
+}
+
+
+void prefs_register_idmp(void) {
+
+  /* de-register the old port */
+  /* port 102 is registered by TPKT - don't undo this! */
+  if(idmp_handle)
+    dissector_delete("tcp.port", tcp_port, idmp_handle);
+
+  /* Set our port number for future use */
+  tcp_port = global_idmp_tcp_port;
+
+  if((tcp_port > 0) && idmp_handle)
+    dissector_add("tcp.port", global_idmp_tcp_port, idmp_handle);
+
+}
diff --git a/asn1/idmp/packet-idmp-template.h b/asn1/idmp/packet-idmp-template.h
new file mode 100644
index 0000000000..7798ed23d3
--- /dev/null
+++ b/asn1/idmp/packet-idmp-template.h
@@ -0,0 +1,32 @@
+/* packet-idmp.h
+ * Routines for X.519 Internet Directly Mapped Protocol (IDMP) packet dissection
+ * Graeme Lunt 2010
+ *
+ * $Id$
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef PACKET_IDM_H
+#define PACKET_IDM_H
+
+void
+register_idmp_protocol_info(const char *oid, const ros_info_t *rinfo, int proto _U_, const char *name);
+
+#endif  /* PACKET_IDM_H */