This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

ASN1 plugin dissector

Hi,

A general Question. I do have ASN1 files which contains encoding rules. Hw the packet will be sent.

From this is it possible for me to create plugin dissector in wireshark?

Thanks!

Raj

asn1

asked 08 Sep '14, 19:46

umar
26●22●24●27
accept rate: 0%

Sorry I don’t understand the question, encoding rules ad in per or ber? There is a parameter to asn2wrs to tell it to create an ber or per based dissector.

(08 Sep '14, 23:09) Anders ♦

Hi Anders Thanks for your time :)

Mine is BER based i have 3-4 asn files. Could you help me on this? how to build the dissector. i want to add as a plugin.

(09 Sep '14, 02:52) umar

Hi Anders, I have 4-5 asn1 files which i need to convert to protocol dissector. Is there any way to add these asn1 files to create the dissector. I need faster response so i prefer to go for plugin. please help. (i have gone through http://wiki.wireshark.org/ASN1_plugin

and created a folder copied my asn 1 file to this and i am getting error while compiling dissect_TOYASN1_MESSAGE_PDU(tvb, pinfo, toyasn1_tree); not declared... ) in my ASN code i do not have such Message PDU .. please suggest.

(09 Sep '14, 04:21) umar

Disclaimer I have not looked at the "toy" tar file at all.

Did you just untar the file and replace the toy asn1 file with yours? You need to edit the template and .cnf to fit your protocol.

If you are making a dissector for a publically avilable protocol and intend to submit your work to Wireshark I'd suggest you set things upp to work trough gerrit so we can look at the code and give you more specific advice.

(09 Sep '14, 06:36) Anders ♦

Hi anders,

Yes i did untar the file and replace the toy asn1 file with mine. Yes i did edit the template and .cnf to fit my protocol.

This protocol is not for public . So if you can give me some guidance will be helpful. This protocol basically 3G based telecom domain protocol.

(09 Sep '14, 07:47) umar

3gpp specified? Which specification

(09 Sep '14, 09:52) Anders ♦

Hi anders this is running on top of udp. Quite similar to gsm specs.

(09 Sep '14, 10:16) umar

If you check the various makefiles, you will see that they will run asn2wrs tool for you so as to generate the C code out of the ASN.1 description. And then of course you must edit the packet-toyasn1-template.c file and replace the call to dissect_TOYASN1_MESSAGE_PDU() by whatever function you defined as a PDU in the .cnf file. This .cnf file contains the magic allowing asn2wrs tool to know what is the top PDU for your protocol and which dissect_XXX_PDU functions should be generated.

(09 Sep '14, 11:18) Pascal Quantin

Hi Pascal Quantin, Thanks for your reply. I have the structure like this

Msg Header 1 sub tree Subtree subtree ... CRC

Msg Header 2 sub tree Subtree subtree ... CRC

some will have many number of Headers upto 15 headers.

I have 4-5 different asn.1 files. How do i merge all this and define which one will be the first one start with.

(09 Sep '14, 21:30) umar

Again I'm not sure what you are asking but regarding the asn1 files yoy add them to the makefile.common, look at s1ap as an example

ASN_FILE_LIST = \ S1AP-CommonDataTypes.asn \ S1AP-Constants.asn \ S1AP-Containers.asn \ S1AP-IEs.asn \ S1AP-PDU-Contents.asn \ S1AP-PDU-Descriptions.asn \ S1AP-SonTransfer-IEs.asn

In the case asn1 file2 imports stuff from asn1 file1 I think you may have to have asn1 file1 first in the list but running asn2wrs would probably tell you if something is wrong.

How you set up the "entry" to the asn1 generated code depends on how the asn1 is written. Try to find something similar to what you have in the code base and look how that's done.

(10 Sep '14, 01:09) Anders ♦

I don't know if i really understand you question. But you have to put your .asn files in your Makefile.common. Replace the ASN_FILE_LIST = $(PLUGIN_NAME).asn with ASN_FILE_LIST = YourFirstASN.asn YourSecondASN.asn YourThirdASN.asn and so on.

(10 Sep '14, 01:27) Venturina

Hi Anders and ventrurina, I have asn1 file.

What is packet-myasn-template file? each protocol is different (s1ap , ulp toyasn1 etc..). What should i have what are the things i should write ??

what are the files i should have and what are the files i should edit.?

i have to dissect data like this

[-]payload header1 [-] subtree data ...

[-]payload header2 [-] subtree data ... Hw can i achieve this ?

(11 Sep '14, 03:29) umar

I have to design a dissector based on this ASN.1 . I have refered different ASN1 folder files . each templete.c and cfg and plugin files are different . Hw do i start with. please Help. Thanks

(11 Sep '14, 04:05) umar

Have you tried to follow the step by step instruction here http://wiki.wireshark.org/Asn2wrs ?

The first step is to get your asn1 code to generate, don't worry to much about the template file to start with. Have you succeded with this step?

(11 Sep '14, 04:52) Anders ♦

Hi Anders and Venturina, Thanks for your guidance,

I can able to generate the file packet-toyasn1.c packet-toyasn2.c packet-toyasn3.c all my asn1 code converted now. i have also defined mmy UDP port in the templete file. but i get an error. undefined TOYASN1-MESSAGE .. My cfg file as below

           # toyasn1.cnf
           # TOYASN1 conformation file
       # $Id$

       #  .MODULE_IMPORT

       #.EXPORTS

       #.PDU
            TOYASN1-MESSAGE

        #.NO_EMIT

       #.TYPE_RENAME

       #.FIELD_RENAME

       #.END</code></pre><p>what can i do. I have to have a base tree and below all these dissection should happen. please suggest and give some idea.</p><p>apart from this can you also suggest me on this (i have almost completed a plugin dissector manually i have come through step by step and completed 90%, only left with one of the layer for which i have generated c file now in packet-toyasn1.c, is it possible or anyway i can use this file in my plug in dissector ? because auto generated code looks very different)</p></div><div id="comment-36427-info" class="comment-info"><span class="comment-age">(17 Sep '14, 20:09)</span> <span class="comment-user userinfo">umar</span></div></div></div><div id="comment-tools-36092" class="comment-tools"><span class="comments-showing"> showing 5 of 15 </span> <a href="#" class="show-all-comments-link">show 10 more comments</a></div><div class="clear"></div><div id="comment-36092-form-container" class="comment-form-container"></div><div class="clear"></div></div></td></tr></tbody></table>



    
    
      
        
        
        
        
      
      
        
        
        
        Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.