Re: [Wireshark-dev] Calling a dissector: Type for data parameter
Le 16/06/2021 à 16:36, David Perry a écrit : Sorry to drag up an old topic, but I've been thinking about this: Message: 5 Date: Sat, 29 May 2021 09:32:29 +0200 From: Anders Broman [...] I wasn't around for that discussion so I don't know the reasons, but how does this sound as a refined approach?: * Define a `dissector_data_t` that has a `guint32` identifier field, and a `void *` data field. * Replace the `void *data` parameter to dissectors with a pointer to a `dissector_data_t`. * Either: * Easy way: maintain a static list of identifiers that map to expected data types, or * Have dissector X request an identifier in its registration function for the type of data it expects, and have dissector Y (which will call X) request, in its handoff function, the identifier of the type of data it needs to pass to X. * Dissectors check for the right identifier in their `dissector_data_t` parameter and don't try to use it if it's wrong. Hi, I have that example with the SSL dissector: in almost all cases when we call this dissector from another one, we know exactly what is the next dissector to call on decoded content anyway AFAICT a heuristic is the only way to have things work as expected, or did I missed something ? Best regards. -- David FORT website: https://www.hardening-consulting.com/ ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE
On Wed, Jun 16, 2021 at 2:48 PM Anders Broman via Wireshark-dev wrote: > > > > -Original Message- > From: Wireshark-dev On Behalf Of Isaac > Boukris > Sent: den 16 juni 2021 12:52 > To: wireshark-dev@wireshark.org > Subject: [Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE > > Hello, > > I'd like to add the following asn1 struct to the credssp dissector (following > MR 3020): > TSRemoteGuardPackageCred ::= SEQUENCE { > packageName [0] OCTET STRING, > credBuffer [1] OCTET STRING > } > > It gets displayed like this: > logonCred > packageName: 4b00650072006200650072006f007300 > credBuffer: > 0a00020073041805200093046182046f… > > Now, the package name is a UTF16 LE string (Kerberos), and I wonder if there > is an easy way to make it display it as a string instead of HEX > - thoughts? > > Thanks! > > Hi, > If it's always an UTF16 string you will have to do .cnf magic and add > something like > proto_tree_add_item(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, > ENC_UTF_16|ENC_LITTLE_ENDIAN); Thanks, replacing the DEFAULT_BODY along with setting TYPE_ATTR did the trick. I wonder if it could be better generalized but anyway that would be for another day. Regards ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Calling a dissector: Type for data parameter
Sorry to drag up an old topic, but I've been thinking about this: Message: 5 Date: Sat, 29 May 2021 09:32:29 +0200 From: Anders Broman To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Calling a dissector: Type for data parameter Message-ID: Content-Type: text/plain; charset="utf-8" Hi, Yes the method is fragile. At the time of development I think it was proposed to pass a struct containing a string and the void pointer where the string could be used as a identifier. But that was voted down. Regards Anders I wasn't around for that discussion so I don't know the reasons, but how does this sound as a refined approach?: * Define a `dissector_data_t` that has a `guint32` identifier field, and a `void *` data field. * Replace the `void *data` parameter to dissectors with a pointer to a `dissector_data_t`. * Either: * Easy way: maintain a static list of identifiers that map to expected data types, or * Have dissector X request an identifier in its registration function for the type of data it expects, and have dissector Y (which will call X) request, in its handoff function, the identifier of the type of data it needs to pass to X. * Dissectors check for the right identifier in their `dissector_data_t` parameter and don't try to use it if it's wrong. Thoughts? David ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE
-Original Message- From: Wireshark-dev On Behalf Of Isaac Boukris Sent: den 16 juni 2021 12:52 To: wireshark-dev@wireshark.org Subject: [Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE Hello, I'd like to add the following asn1 struct to the credssp dissector (following MR 3020): TSRemoteGuardPackageCred ::= SEQUENCE { packageName [0] OCTET STRING, credBuffer [1] OCTET STRING } It gets displayed like this: logonCred packageName: 4b00650072006200650072006f007300 credBuffer: 0a00020073041805200093046182046f… Now, the package name is a UTF16 LE string (Kerberos), and I wonder if there is an easy way to make it display it as a string instead of HEX - thoughts? Thanks! Hi, If it's always an UTF16 string you will have to do .cnf magic and add something like proto_tree_add_item(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, ENC_UTF_16|ENC_LITTLE_ENDIAN); Regards Anders ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe smime.p7s Description: S/MIME cryptographic signature ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE
Hello, I'd like to add the following asn1 struct to the credssp dissector (following MR 3020): TSRemoteGuardPackageCred ::= SEQUENCE { packageName [0] OCTET STRING, credBuffer [1] OCTET STRING } It gets displayed like this: logonCred packageName: 4b00650072006200650072006f007300 credBuffer: 0a00020073041805200093046182046f… Now, the package name is a UTF16 LE string (Kerberos), and I wonder if there is an easy way to make it display it as a string instead of HEX - thoughts? Thanks! ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe