Re: [Wireshark-dev] Calling a dissector: Type for data parameter
Le 16/06/2021 à 16:36, David Perry a écrit : Sorry to drag up an old topic, but I've been thinking about this: Message: 5 Date: Sat, 29 May 2021 09:32:29 +0200 From: Anders Broman [...] I wasn't around for that discussion so I don't know the reasons, but how does this sound as a refined approach?: * Define a `dissector_data_t` that has a `guint32` identifier field, and a `void *` data field. * Replace the `void *data` parameter to dissectors with a pointer to a `dissector_data_t`. * Either: * Easy way: maintain a static list of identifiers that map to expected data types, or * Have dissector X request an identifier in its registration function for the type of data it expects, and have dissector Y (which will call X) request, in its handoff function, the identifier of the type of data it needs to pass to X. * Dissectors check for the right identifier in their `dissector_data_t` parameter and don't try to use it if it's wrong. Hi, I have that example with the SSL dissector: in almost all cases when we call this dissector from another one, we know exactly what is the next dissector to call on decoded content anyway AFAICT a heuristic is the only way to have things work as expected, or did I missed something ? Best regards. -- David FORT website: https://www.hardening-consulting.com/ ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE
On Wed, Jun 16, 2021 at 2:48 PM Anders Broman via Wireshark-dev
wrote:
>
>
>
> -Original Message-
> From: Wireshark-dev On Behalf Of Isaac
> Boukris
> Sent: den 16 juni 2021 12:52
> To: wireshark-dev@wireshark.org
> Subject: [Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE
>
> Hello,
>
> I'd like to add the following asn1 struct to the credssp dissector (following
> MR 3020):
> TSRemoteGuardPackageCred ::= SEQUENCE {
> packageName [0] OCTET STRING,
> credBuffer [1] OCTET STRING
> }
>
> It gets displayed like this:
> logonCred
> packageName: 4b00650072006200650072006f007300
> credBuffer:
> 0a00020073041805200093046182046f…
>
> Now, the package name is a UTF16 LE string (Kerberos), and I wonder if there
> is an easy way to make it display it as a string instead of HEX
> - thoughts?
>
> Thanks!
>
> Hi,
> If it's always an UTF16 string you will have to do .cnf magic and add
> something like
> proto_tree_add_item(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len,
> ENC_UTF_16|ENC_LITTLE_ENDIAN);
Thanks, replacing the DEFAULT_BODY along with setting TYPE_ATTR did
the trick. I wonder if it could be better generalized but anyway that
would be for another day.
Regards
___
Sent via:Wireshark-dev mailing list
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Calling a dissector: Type for data parameter
Sorry to drag up an old topic, but I've been thinking about this: Message: 5 Date: Sat, 29 May 2021 09:32:29 +0200 From: Anders Broman To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Calling a dissector: Type for data parameter Message-ID: Content-Type: text/plain; charset="utf-8" Hi, Yes the method is fragile. At the time of development I think it was proposed to pass a struct containing a string and the void pointer where the string could be used as a identifier. But that was voted down. Regards Anders I wasn't around for that discussion so I don't know the reasons, but how does this sound as a refined approach?: * Define a `dissector_data_t` that has a `guint32` identifier field, and a `void *` data field. * Replace the `void *data` parameter to dissectors with a pointer to a `dissector_data_t`. * Either: * Easy way: maintain a static list of identifiers that map to expected data types, or * Have dissector X request an identifier in its registration function for the type of data it expects, and have dissector Y (which will call X) request, in its handoff function, the identifier of the type of data it needs to pass to X. * Dissectors check for the right identifier in their `dissector_data_t` parameter and don't try to use it if it's wrong. Thoughts? David ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE
-Original Message-
From: Wireshark-dev On Behalf Of Isaac
Boukris
Sent: den 16 juni 2021 12:52
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE
Hello,
I'd like to add the following asn1 struct to the credssp dissector (following
MR 3020):
TSRemoteGuardPackageCred ::= SEQUENCE {
packageName [0] OCTET STRING,
credBuffer [1] OCTET STRING
}
It gets displayed like this:
logonCred
packageName: 4b00650072006200650072006f007300
credBuffer:
0a00020073041805200093046182046f…
Now, the package name is a UTF16 LE string (Kerberos), and I wonder if there is
an easy way to make it display it as a string instead of HEX
- thoughts?
Thanks!
Hi,
If it's always an UTF16 string you will have to do .cnf magic and add something
like
proto_tree_add_item(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len,
ENC_UTF_16|ENC_LITTLE_ENDIAN);
Regards
Anders
___
Sent via:Wireshark-dev mailing list
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
smime.p7s
Description: S/MIME cryptographic signature
___
Sent via:Wireshark-dev mailing list
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE
Hello,
I'd like to add the following asn1 struct to the credssp dissector
(following MR 3020):
TSRemoteGuardPackageCred ::= SEQUENCE {
packageName [0] OCTET STRING,
credBuffer [1] OCTET STRING
}
It gets displayed like this:
logonCred
packageName: 4b00650072006200650072006f007300
credBuffer:
0a00020073041805200093046182046f…
Now, the package name is a UTF16 LE string (Kerberos), and I wonder if
there is an easy way to make it display it as a string instead of HEX
- thoughts?
Thanks!
___
Sent via:Wireshark-dev mailing list
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
