Jeff Morriss wrote:
I'm not ASN.1 expert either, but it appears that the existing
"asn1_tag_decode()" only works for the "high tag number" format
(multi-octet) tag IDs. In particular, it assumes that bit 8 will be set
on low-tag-number identifiers (but this isn't necessarily the case).
Oops, no, that's not the problem...
The problem is that the TCAP dissector is using 'asn1_tag_decode()'
instead of 'asn1_id_decode()' (which does the work for dealing with low
and high tag number formats).
However, the TCAP dissector wants the tag to include the Class,
Constructor, and Tag bits all combined together...
So there are 3 options:
1) Rewrite a bunch of the TCAP dissector to look at tag IDs as a triplet
(class, constructor, tag number)
- this probably has negative filtering consequences: users will
probably want to filter on "tcap.msgtype == 0x62" instead of just the
tag number
2) Make 'asn1_tag_decode_m()' a wrapper around 'asn1_id_decode()' that
then squishes the class, constructor, and tag number back together
3) Change the comment for (and maybe the name of) 'asn1_tag_decode_m()'
to indicate why that function is used instead of 'asn1_id_decode()'
Or, here's the (obvious, some would say) option #4: Add the new routine
from (3) to "asn1.c" for others to use if they want. (I couldn't think
of a better name for this routine than 'asn1_id_decode1()'.)
Attachment:
packet-tcap-asn1.patch.gz
Description: GNU Zip compressed data
Attachment:
asn1.c.patch.gz
Description: GNU Zip compressed data