Adding upstream version 4.2.2.upstream/4.2.2

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

5 files changed, 1461 insertions, 0 deletions

diff --git a/epan/dissectors/asn1/dop/CMakeLists.txt b/epan/dissectors/asn1/dop/CMakeLists.txt
new file mode 100644
index 00000000..a7223b3c
--- /dev/null
+++ b/epan/dissectors/asn1/dop/CMakeLists.txt
@@ -0,0 +1,48 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+set( PROTOCOL_NAME dop )
+
+set( PROTO_OPT )
+
+set( EXPORT_FILES
+	${PROTOCOL_NAME}-exp.cnf
+)
+
+set( EXT_ASN_FILE_LIST
+)
+
+set( ASN_FILE_LIST
+	${PROTOCOL_NAME}.asn
+)
+
+set( EXTRA_DIST
+	${ASN_FILE_LIST}
+	packet-${PROTOCOL_NAME}-template.c
+	packet-${PROTOCOL_NAME}-template.h
+	${PROTOCOL_NAME}.cnf
+)
+
+set( SRC_FILES
+	${EXTRA_DIST}
+	${EXT_ASN_FILE_LIST}
+)
+
+set( A2W_FLAGS -b )
+
+set( EXTRA_CNF
+	"${CMAKE_CURRENT_BINARY_DIR}/../dap/dap-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../dsp/dsp-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../crmf/crmf-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509if/x509if-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509sat/x509sat-exp.cnf"
+)
+
+ASN2WRS()
diff --git a/epan/dissectors/asn1/dop/dop.asn b/epan/dissectors/asn1/dop/dop.asn
new file mode 100644
index 00000000..cba83c05
--- /dev/null
+++ b/epan/dissectors/asn1/dop/dop.asn
@@ -0,0 +1,881 @@
+-- Module DSAOperationalAttributeTypes (X.501:02/2001)
+DSAOperationalAttributeTypes {joint-iso-itu-t ds(5) module(1)
+  dsaOperationalAttributeTypes(22) 4} DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+  distributedOperations, id-doa, id-kmr, informationFramework,
+    opBindingManagement, selectedAttributeTypes, upperBounds
+    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+      usefulDefinitions(0) 4}
+  ATTRIBUTE, MATCHING-RULE, Name, Attribute, DistinguishedName,
+  RelativeDistinguishedName, Refinement, SubtreeSpecification, AttributeType, ContextAssertion
+    FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
+      informationFramework(1) 4}
+--  OperationalBindingID
+--    FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1)
+--      opBindingManagement(18) 4}
+  -- from ITU-T Rec. X.518 | ISO/IEC 9594-4
+  AccessPoint, MasterAndShadowAccessPoints
+    FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
+      distributedOperations(3) 4}
+  -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
+  DirectoryString, NameAndOptionalUID,  bitStringMatch
+    FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
+      selectedAttributeTypes(5) 4}
+  PresentationAddress, ProtocolInformation
+    FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
+      selectedAttributeTypes(5) 4}
+  DirectoryBindArgument, DirectoryBindError, SecurityParameters
+    FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
+      directoryAbstractService(2) 5}
+  -- from ITU-T Rec. X.509 | ISO/IEC 9594-8
+  AlgorithmIdentifier
+    FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
+      authenticationFramework(7) 4}
+  AttributeTypeAndValue
+    FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1)
+      basicAccessControl(24) 4}
+  Filter
+    FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
+      directoryAbstractService(2) 4};
+
+-- data types
+DSEType ::= BIT STRING {
+  root(0), -- root DSE
+  glue(1), -- represents knowledge of a name only
+  cp(2), -- context prefix
+  entry(3), -- object entry
+  alias(4), -- alias entry
+  subr(5), -- subordinate reference
+  nssr(6), -- non-specific subordinate reference
+  supr(7), -- superior reference
+  xr(8), -- cross reference
+  admPoint(9), -- administrative point
+  subentry(10), -- subentry
+  shadow(11), -- shadow copy
+  immSupr(13), -- immediate superior reference
+  rhob(14), -- rhob information
+  sa(15), -- subordinate reference to alias entry
+  dsSubentry(16), -- DSA Specific subentry
+  familyMember(17), -- family member
+  ditBridge(18), -- DIT bridge reference
+  writeableCopy(19) -- writeable copy
+}
+
+SupplierOrConsumer ::= SET {
+--  COMPONENTS OF AccessPoint, - - supplier or consumer
+  ae-title             [0]  Name,
+  address              [1]  PresentationAddress,
+  protocolInformation  [2]  SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL,
+  agreementID  [3]  OperationalBindingID
+}
+
+SupplierInformation ::= SET {
+--  COMPONENTS OF SupplierOrConsumer, - - supplier
+  ae-title             [0]  Name,
+  address              [1]  PresentationAddress,
+  protocolInformation  [2]  SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL,
+  agreementID  	       [3]  OperationalBindingID,
+  supplier-is-master   [4]  BOOLEAN DEFAULT TRUE,
+  non-supplying-master [5]  AccessPoint OPTIONAL
+}
+
+ConsumerInformation ::= SupplierOrConsumer -- consumer
+
+SupplierAndConsumers ::= SET {
+--  COMPONENTS OF AccessPoint, - - supplier
+  ae-title             [0]  Name,
+  address              [1]  PresentationAddress,
+  protocolInformation  [2]  SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL,
+  consumers  	       [3]  SET OF AccessPoint
+}
+
+-- attribute types
+--dseType ATTRIBUTE ::= {
+--  WITH SYNTAX             DSEType
+--  EQUALITY MATCHING RULE  bitStringMatch
+--  SINGLE VALUE            TRUE
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   dSAOperation
+--  ID                      id-doa-dseType
+--}
+
+--myAccessPoint ATTRIBUTE ::= {
+--  WITH SYNTAX             AccessPoint
+--  EQUALITY MATCHING RULE  accessPointMatch
+--  SINGLE VALUE            TRUE
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   dSAOperation
+--  ID                      id-doa-myAccessPoint
+--}
+
+--superiorKnowledge ATTRIBUTE ::= {
+--  WITH SYNTAX             AccessPoint
+--  EQUALITY MATCHING RULE  accessPointMatch
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   dSAOperation
+--  ID                      id-doa-superiorKnowledge
+--}
+
+--specificKnowledge ATTRIBUTE ::= {
+--  WITH SYNTAX             MasterAndShadowAccessPoints
+--  EQUALITY MATCHING RULE  masterAndShadowAccessPointsMatch
+--  SINGLE VALUE            TRUE
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   distributedOperation
+--  ID                      id-doa-specificKnowledge
+--}
+
+--nonSpecificKnowledge ATTRIBUTE ::= {
+--  WITH SYNTAX             MasterAndShadowAccessPoints
+--  EQUALITY MATCHING RULE  masterAndShadowAccessPointsMatch
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   distributedOperation
+--  ID                      id-doa-nonSpecificKnowledge
+--}
+
+--supplierKnowledge ATTRIBUTE ::= {
+--  WITH SYNTAX             SupplierInformation
+--  EQUALITY MATCHING RULE  supplierOrConsumerInformationMatch
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   dSAOperation
+--  ID                      id-doa-supplierKnowledge
+--}
+
+--consumerKnowledge ATTRIBUTE ::= {
+--  WITH SYNTAX             ConsumerInformation
+--  EQUALITY MATCHING RULE  supplierOrConsumerInformationMatch
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   dSAOperation
+--  ID                      id-doa-consumerKnowledge
+--}
+
+--secondaryShadows ATTRIBUTE ::= {
+--  WITH SYNTAX             SupplierAndConsumers
+--  EQUALITY MATCHING RULE  supplierAndConsumersMatch
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   dSAOperation
+--  ID                      id-doa-secondaryShadows
+--}
+
+-- matching rules
+--accessPointMatch MATCHING-RULE ::= {
+--  SYNTAX  Name
+--  ID      id-kmr-accessPointMatch
+--}
+
+--masterAndShadowAccessPointsMatch MATCHING-RULE ::= {
+--  SYNTAX  SET OF Name
+--  ID      id-kmr-masterShadowMatch
+--}
+
+--supplierOrConsumerInformationMatch MATCHING-RULE ::= {
+--  SYNTAX
+--    SET {ae-title              [0]  Name,
+--         agreement-identifier  [2]  INTEGER}
+--  ID      id-kmr-supplierConsumerMatch
+--}
+
+--supplierAndConsumersMatch MATCHING-RULE ::= {
+--  SYNTAX  Name
+--  ID      id-kmr-supplierConsumersMatch
+--}
+
+-- object identifier assignments
+-- dsa operational attributes
+--id-doa-dseType OBJECT IDENTIFIER ::=
+--  {id-doa 0}
+
+--id-doa-myAccessPoint OBJECT IDENTIFIER ::= {id-doa 1}
+
+--id-doa-superiorKnowledge OBJECT IDENTIFIER ::= {id-doa 2}
+
+--id-doa-specificKnowledge OBJECT IDENTIFIER ::= {id-doa 3}
+
+--id-doa-nonSpecificKnowledge OBJECT IDENTIFIER ::= {id-doa 4}
+
+--id-doa-supplierKnowledge OBJECT IDENTIFIER ::= {id-doa 5}
+
+--id-doa-consumerKnowledge OBJECT IDENTIFIER ::= {id-doa 6}
+
+--id-doa-secondaryShadows OBJECT IDENTIFIER ::= {id-doa 7}
+
+-- knowledge matching rules
+--id-kmr-accessPointMatch OBJECT IDENTIFIER ::=
+--  {id-kmr 0}
+
+--id-kmr-masterShadowMatch OBJECT IDENTIFIER ::= {id-kmr 1}
+
+--id-kmr-supplierConsumerMatch OBJECT IDENTIFIER ::= {id-kmr 2}
+
+--id-kmr-supplierConsumersMatch OBJECT IDENTIFIER ::= {id-kmr 3}
+
+--END DSAOperationalAttributeTypes
+
+-- we include this here to reduce the number of dissectors
+-- Module OperationalBindingManagement (X.501:08/2005)
+--OperationalBindingManagement {joint-iso-itu-t ds(5) module(1)
+--  opBindingManagement(18) 5} DEFINITIONS ::=
+--BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+--IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+--  directoryAbstractService, directoryShadowAbstractService,
+--    distributedOperations, directoryOSIProtocols, enhancedSecurity,
+--    hierarchicalOperationalBindings, commonProtocolSpecification
+--    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+--      usefulDefinitions(0) 5}
+--  OPTIONALLY-PROTECTED-SEQ
+--    FROM EnhancedSecurity {joint-iso-itu-t ds(5) modules(1)
+--      enhancedSecurity(28) 5}
+--  hierarchicalOperationalBinding, nonSpecificHierarchicalOperationalBinding
+--    FROM HierarchicalOperationalBindings hierarchicalOperationalBindings
+  -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
+--  CommonResultsSeq, directoryBind, directoryUnbind, securityError,
+--    SecurityParameters
+--    FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
+--      directoryAbstractService(2) 5}
+  -- from ITU-T Rec. X.518 | ISO/IEC 9594-4
+--  AccessPoint
+--    FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
+--      distributedOperations(3) 5}
+  -- from ITU-T Rec. X.519 | ISO/IEC 9594-5
+--  id-err-operationalBindingError, id-op-establishOperationalBinding,
+--    id-op-modifyOperationalBinding, id-op-terminateOperationalBinding,
+--    OPERATION, ERROR
+--    FROM CommonProtocolSpecification commonProtocolSpecification
+--  APPLICATION-CONTEXT
+--    FROM DirectoryOSIProtocols directoryOSIProtocols
+  -- from ITU-T Rec. X.525 | ISO/IEC 9594-9
+--  shadowOperationalBinding
+--    FROM DirectoryShadowAbstractService directoryShadowAbstractService;
+
+-- bind and unbind
+dSAOperationalBindingManagementBind OPERATION ::=
+  directoryBind
+
+DSAOperationalManagementBindArgument ::= DirectoryBindArgument
+DSAOperationalManagementBindResult ::= DirectoryBindArgument
+DSAOperationalManagementBindError ::= DirectoryBindError
+
+dSAOperationalBindingManagementUnbind OPERATION ::= directoryUnbind
+
+-- operations, arguments and results
+--establishOperationalBinding OPERATION ::= {
+--  ARGUMENT  EstablishOperationalBindingArgument
+--  RESULT    EstablishOperationalBindingResult
+--  ERRORS    {operationalBindingError | securityError}
+--  CODE      id-op-establishOperationalBinding
+--}
+
+EstablishOperationalBindingArgumentData ::=
+--  OPTIONALLY-PROTECTED-SEQ
+--    {-- SEQUENCE {bindingType         [0]  --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER,
+               bindingID           [1]  OperationalBindingID OPTIONAL,
+               accessPoint         [2]  AccessPoint,
+               -- symmetric, Role A initiates, or Role B initiates
+               initiator
+                 CHOICE {symmetric
+                           [3] -- OPERATIONAL-BINDING.&both.&EstablishParam
+                               -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleA-initiates
+                           [4]  -- OPERATIONAL-BINDING.&roleA.&EstablishParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleB-initiates
+                           [5] -- OPERATIONAL-BINDING.&roleB.&EstablishParam
+                               -- ({OpBindingSet}{@bindingType}) -- ANY }  OPTIONAL,
+               agreement
+                 [6]  -- OPERATIONAL-BINDING.&Agreement
+                      -- ({OpBindingSet}{@bindingType}) -- ANY,
+               valid               [7]  Validity DEFAULT {},
+               securityParameters  [8]  SecurityParameters OPTIONAL} --}
+
+-- expand OPTIONALLY-PROTECTED macro
+EstablishOperationalBindingArgument ::= CHOICE {
+  unsignedEstablishOperationalBindingArgument EstablishOperationalBindingArgumentData,
+  signedEstablishOperationalBindingArgument SEQUENCE {
+    establishOperationalBindingArgument	EstablishOperationalBindingArgumentData,
+    algorithmIdentifier			AlgorithmIdentifier,
+    encrypted				BIT STRING
+    }
+}
+
+OperationalBindingID ::= SEQUENCE {identifier  INTEGER,
+                                   version     INTEGER
+}
+
+Validity ::= SEQUENCE {
+  validFrom   [0]  CHOICE {now   [0]  NULL,
+                           time  [1]  Time } DEFAULT now:NULL,
+  validUntil
+    [1]  CHOICE {explicitTermination  [0]  NULL,
+                 time                 [1]  Time
+  } DEFAULT explicitTermination:NULL
+}
+
+Time ::= CHOICE {utcTime          UTCTime,
+                 generalizedTime  GeneralizedTime
+}
+
+EstablishOperationalBindingResult ::=
+--  OPTIONALLY-PROTECTED-SEQ
+--    {-- SEQUENCE {bindingType  [0] --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER,
+               bindingID    [1]  OperationalBindingID OPTIONAL,
+               accessPoint  [2]  AccessPoint,
+               -- symmetric, Role A replies , or Role B replies
+               initiator
+                 CHOICE {symmetric
+                           [3]  -- OPERATIONAL-BINDING.&both.&EstablishParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleA-replies
+                           [4]  -- OPERATIONAL-BINDING.&roleA.&EstablishParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleB-replies
+                           [5]  -- OPERATIONAL-BINDING.&roleB.&EstablishParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
+--               COMPONENTS OF CommonResultsSeq}}
+       	       securityParameters  [30]  SecurityParameters OPTIONAL,
+	       performer           [29]  DistinguishedName OPTIONAL,
+	       aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
+	       notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL}
+
+
+--modifyOperationalBinding OPERATION ::= {
+--  ARGUMENT  ModifyOperationalBindingArgument
+--  RESULT    ModifyOperationalBindingResult
+--  ERRORS    {operationalBindingError | securityError}
+--  CODE      id-op-modifyOperationalBinding
+--}
+
+ModifyOperationalBindingArgumentData ::=
+--  OPTIONALLY-PROTECTED-SEQ
+--    {--SEQUENCE {bindingType         [0]  --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER,
+               bindingID           [1]  OperationalBindingID,
+               accessPoint         [2]  AccessPoint OPTIONAL,
+               -- symmetric, Role A initiates, or Role B initiates
+               initiator
+                 CHOICE {symmetric
+                           [3]  -- OPERATIONAL-BINDING.&both.&ModifyParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleA-initiates
+                           [4]  -- OPERATIONAL-BINDING.&roleA.&ModifyParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleB-initiates
+                           [5]  -- OPERATIONAL-BINDING.&roleB.&ModifyParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
+               newBindingID        [6]  OperationalBindingID,
+               newAgreement
+                 [7]  -- OPERATIONAL-BINDING.&Agreement
+                      --  ({OpBindingSet}{@bindingType}) -- ANY OPTIONAL,
+               valid               [8]  Validity OPTIONAL,
+               securityParameters  [9]  SecurityParameters OPTIONAL} -- }
+
+
+ModifyOperationalBindingArgument ::= CHOICE {
+  unsignedModifyOperationalBindingArgument ModifyOperationalBindingArgumentData,
+  signedModifyOperationalBindingArgument SEQUENCE {
+    modifyOperationalBindingArgument	ModifyOperationalBindingArgumentData,
+    algorithmIdentifier			AlgorithmIdentifier,
+    encrypted				BIT STRING
+    }
+}
+
+ModifyOperationalBindingResult ::= CHOICE {
+  null       [0]  NULL,
+  protected  [1]  SEQUENCE {
+    modifyOperationalBindingResultData	ModifyOperationalBindingResultData,
+    algorithmIdentifier			AlgorithmIdentifier,
+    encrypted				BIT STRING
+  }
+}
+
+ModifyOperationalBindingResultData ::= SEQUENCE {
+  newBindingID  OperationalBindingID,
+  bindingType
+    -- OPERATIONAL-BINDING.&id
+    -- ({OpBindingSet}) -- OBJECT IDENTIFIER,
+  newAgreement
+    -- OPERATIONAL-BINDING.&Agreement
+    -- ({OpBindingSet}{@.bindingType}) -- ANY,
+  valid         Validity OPTIONAL,
+  --COMPONENTS OF CommonResultsSeq
+  securityParameters  [30]  SecurityParameters OPTIONAL,
+  performer           [29]  DistinguishedName OPTIONAL,
+  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
+  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
+  --          }}
+}
+
+--terminateOperationalBinding OPERATION ::= {
+--  ARGUMENT  TerminateOperationalBindingArgument
+--  RESULT    TerminateOperationalBindingResult
+--  ERRORS    {operationalBindingError | securityError}
+--  CODE      id-op-terminateOperationalBinding
+--}
+
+TerminateOperationalBindingArgumentData ::=
+--  OPTIONALLY-PROTECTED-SEQ
+--    {-- SEQUENCE {bindingType         [0]  --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER,
+               bindingID           [1] OperationalBindingID,
+               -- symmetric, Role A initiates, or Role B initiates
+               initiator
+                 CHOICE {symmetric
+                           [2]  -- OPERATIONAL-BINDING.&both.&TerminateParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleA-initiates
+                           [3]  -- OPERATIONAL-BINDING.&roleA.&TerminateParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleB-initiates
+                           [4]  -- OPERATIONAL-BINDING.&roleB.&TerminateParam
+                                --  ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
+               terminateAt         [5]  Time OPTIONAL,
+               securityParameters  [6]  SecurityParameters OPTIONAL} --}
+
+
+TerminateOperationalBindingArgument ::= CHOICE {
+  unsignedTerminateOperationalBindingArgument TerminateOperationalBindingArgumentData,
+  signedTerminateOperationalBindingArgument SEQUENCE {
+    terminateOperationalBindingArgument	TerminateOperationalBindingArgumentData,
+    algorithmIdentifier			AlgorithmIdentifier,
+    encrypted				BIT STRING
+    }
+}
+
+TerminateOperationalBindingResult ::= CHOICE {
+  null       [0]  NULL,
+  protected  [1]  SEQUENCE {
+    terminateOperationalBindingResultData	TerminateOperationalBindingResultData,
+    algorithmIdentifier				AlgorithmIdentifier,
+    encrypted					BIT STRING
+  }
+}
+
+TerminateOperationalBindingResultData ::= SEQUENCE {
+  bindingID    OperationalBindingID,
+  bindingType
+    -- OPERATIONAL-BINDING.&id
+    -- ({OpBindingSet}) -- OBJECT IDENTIFIER,
+  terminateAt  GeneralizedTime OPTIONAL,
+  --COMPONENTS OF CommonResultsSeq
+  securityParameters  [30]  SecurityParameters OPTIONAL,
+  performer           [29]  DistinguishedName OPTIONAL,
+  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
+  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
+--           }}
+}
+
+-- errors and parameters
+--operationalBindingError ERROR ::= {
+--  PARAMETER OPTIONALLY-PROTECTED-SEQ  {OpBindingErrorParam}
+--  CODE                                id-err-operationalBindingError
+--}
+
+OpBindingErrorParam ::= SEQUENCE {
+  problem
+    [0]  ENUMERATED {invalidID(0), duplicateID(1), unsupportedBindingType(2),
+                     notAllowedForRole(3), parametersMissing(4),
+                     roleAssignment(5), invalidStartTime(6), invalidEndTime(7),
+                     invalidAgreement(8), currentlyNotDecidable(9),
+                     modificationNotAllowed(10)},
+  bindingType        [1]  --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER OPTIONAL,
+  agreementProposal
+    [2]  -- OPERATIONAL-BINDING.&Agreement({OpBindingSet}{@bindingType})-- ANY OPTIONAL,
+  retryAt            [3]  Time OPTIONAL,
+--  COMPONENTS OF CommonResultsSeq
+  securityParameters  [30]  SecurityParameters OPTIONAL,
+  performer           [29]  DistinguishedName OPTIONAL,
+  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
+  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
+
+}
+
+-- information object classes
+--OPERATIONAL-BINDING ::= CLASS {
+--  &Agreement    ,
+--  &Cooperation  OP-BINDING-COOP,
+--  &both         OP-BIND-ROLE OPTIONAL,
+--  &roleA        OP-BIND-ROLE OPTIONAL,
+--  &roleB        OP-BIND-ROLE OPTIONAL,
+--  &id           OBJECT IDENTIFIER UNIQUE
+--}
+--WITH SYNTAX {
+--  AGREEMENT &Agreement
+--  APPLICATION CONTEXTS &Cooperation
+--  [SYMMETRIC &both]
+--  [ASYMMETRIC
+--   [ROLE-A &roleA]
+--   [ROLE-B &roleB]]
+--  ID &id
+--}
+
+--OP-BINDING-COOP ::= CLASS {
+--  &applContext  APPLICATION-CONTEXT,
+--  &Operations   OPERATION OPTIONAL
+--}WITH SYNTAX {&applContext
+--              [APPLIES TO &Operations]
+--}
+
+--OP-BIND-ROLE ::= CLASS {
+--  &establish       BOOLEAN DEFAULT FALSE,
+--  &EstablishParam  OPTIONAL,
+--  &modify          BOOLEAN DEFAULT FALSE,
+--  &ModifyParam     OPTIONAL,
+--  &terminate       BOOLEAN DEFAULT FALSE,
+--  &TerminateParam  OPTIONAL
+--}
+--WITH SYNTAX {
+--  [ESTABLISHMENT-INITIATOR &establish]
+--  [ESTABLISHMENT-PARAMETER &EstablishParam]
+--  [MODIFICATION-INITIATOR &modify]
+--  [MODIFICATION-PARAMETER &ModifyParam]
+--  [TERMINATION-INITIATOR &terminate]
+--  [TERMINATION-PARAMETER &TerminateParam]
+--}
+
+--OpBindingSet OPERATIONAL-BINDING ::=
+--  {shadowOperationalBinding | hierarchicalOperationalBinding |
+--   nonSpecificHierarchicalOperationalBinding}
+
+--END - - OperationalBindingManagement
+
+-- Module HierarchicalOperationalBindings (X.518:08/2005)
+--HierarchicalOperationalBindings {joint-iso-itu-t ds(5) module(1)
+--  hierarchicalOperationalBindings(20) 5} DEFINITIONS ::=
+--BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+--IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+--  directoryOperationalBindingTypes, directoryOSIProtocols,
+--    distributedOperations, informationFramework, opBindingManagement
+--    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+--      usefulDefinitions(0) 5}
+--  Attribute, DistinguishedName, RelativeDistinguishedName
+--    FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
+--      informationFramework(1) 5}
+--  OPERATIONAL-BINDING
+--    FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1)
+--      opBindingManagement(18) 5}
+  -- from ITU-T Rec. X.518 | ISO/IEC 9594-4
+--  MasterAndShadowAccessPoints
+--    FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
+--      distributedOperations(3) 5}
+  -- from ITU-T Rec. X.519 | ISO/IEC 9594-5
+--  directorySystemAC
+--    FROM DirectoryOSIProtocols {joint-iso-itu-t ds(5) module(1)
+--      directoryOSIProtocols(37) 5}
+--  id-op-binding-hierarchical, id-op-binding-non-specific-hierarchical
+--    FROM DirectoryOperationalBindingTypes {joint-iso-itu-t ds(5) module(1)
+--      directoryOperationalBindingTypes(25) 5};
+
+-- types
+HierarchicalAgreement ::= SEQUENCE {
+  rdn                [0]  RelativeDistinguishedName,
+  immediateSuperior  [1]  DistinguishedName
+}
+
+SuperiorToSubordinate ::= SEQUENCE {
+  contextPrefixInfo      [0]  DITcontext,
+  entryInfo              [1]  SET --SIZE (1..MAX)-- OF Attribute OPTIONAL,
+  immediateSuperiorInfo  [2]  SET --SIZE (1..MAX)-- OF Attribute OPTIONAL
+}
+
+DITcontext ::= SEQUENCE OF Vertex
+
+Vertex ::= SEQUENCE {
+  rdn           [0]  RelativeDistinguishedName,
+  admPointInfo  [1]  SET --SIZE (1..MAX)-- OF Attribute OPTIONAL,
+  subentries    [2]  SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL,
+  accessPoints  [3]  MasterAndShadowAccessPoints OPTIONAL
+}
+
+SubentryInfo ::= SEQUENCE {
+  rdn   [0]  RelativeDistinguishedName,
+  info  [1]  SET OF Attribute
+}
+
+SubordinateToSuperior ::= SEQUENCE {
+  accessPoints  [0]  MasterAndShadowAccessPoints OPTIONAL,
+  alias         [1]  BOOLEAN DEFAULT FALSE,
+  entryInfo     [2]  SET --SIZE (1..MAX)-- OF Attribute OPTIONAL,
+  subentries    [3]  SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL
+}
+
+SuperiorToSubordinateModification ::=
+--  SuperiorToSubordinate(WITH COMPONENTS {
+--                          ...,
+--                          entryInfo  ABSENT
+--                        })
+  SEQUENCE {
+  contextPrefixInfo      [0]  DITcontext,
+  immediateSuperiorInfo  [2]  SET --SIZE (1..MAX)-- OF Attribute OPTIONAL
+}
+
+NonSpecificHierarchicalAgreement ::= SEQUENCE {
+  immediateSuperior  [1]  DistinguishedName
+}
+
+NHOBSuperiorToSubordinate ::=
+--  SuperiorToSubordinate(WITH COMPONENTS {
+--                          ...,
+--                          entryInfo  ABSENT
+--                        })
+  SEQUENCE {
+  contextPrefixInfo      [0]  DITcontext,
+  immediateSuperiorInfo  [2]  SET --SIZE (1..MAX)-- OF Attribute OPTIONAL
+}
+
+NHOBSubordinateToSuperior ::= SEQUENCE {
+  accessPoints  [0]  MasterAndShadowAccessPoints OPTIONAL,
+  subentries    [3]  SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL
+}
+
+-- operational binding information objects
+--hierarchicalOperationalBinding OPERATIONAL-BINDING ::= {
+--  AGREEMENT             HierarchicalAgreement
+--  APPLICATION CONTEXTS  {{directorySystemAC}}
+--  ASYMMETRIC ROLE-A - - superior DSA - -
+--    {ESTABLISHMENT-INITIATOR  TRUE
+--     ESTABLISHMENT-PARAMETER  SuperiorToSubordinate
+--     MODIFICATION-INITIATOR   TRUE
+--     MODIFICATION-PARAMETER   SuperiorToSubordinateModification
+--     TERMINATION-INITIATOR    TRUE}
+--  ROLE-B - - subordinate DSA - -
+--    {ESTABLISHMENT-INITIATOR  TRUE
+--     ESTABLISHMENT-PARAMETER  SubordinateToSuperior
+--     MODIFICATION-INITIATOR   TRUE
+--     MODIFICATION-PARAMETER   SubordinateToSuperior
+--     TERMINATION-INITIATOR    TRUE}
+--  ID                    id-op-binding-hierarchical
+--}
+
+--nonSpecificHierarchicalOperationalBinding OPERATIONAL-BINDING ::= {
+--  AGREEMENT             NonSpecificHierarchicalAgreement
+--  APPLICATION CONTEXTS  {{directorySystemAC}}
+--  ASYMMETRIC ROLE-A - - superior DSA - -
+--    {ESTABLISHMENT-PARAMETER  NHOBSuperiorToSubordinate
+--     MODIFICATION-INITIATOR   TRUE
+--     MODIFICATION-PARAMETER   NHOBSuperiorToSubordinate
+--     TERMINATION-INITIATOR    TRUE}
+--  ROLE-B - - subordinate DSA - -
+--    {ESTABLISHMENT-INITIATOR  TRUE
+--     ESTABLISHMENT-PARAMETER  NHOBSubordinateToSuperior
+--     MODIFICATION-INITIATOR   TRUE
+--     MODIFICATION-PARAMETER   NHOBSubordinateToSuperior
+--     TERMINATION-INITIATOR    TRUE}
+--  ID                    id-op-binding-non-specific-hierarchical
+--}
+
+--END - - HierarchicalOperationalBindings
+
+-- Module BasicAccessControl (X.501:02/2001)
+--BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 4}
+--DEFINITIONS ::=
+--BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+--IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+--  directoryAbstractService, id-aca, id-acScheme, informationFramework,
+--    selectedAttributeTypes, upperBounds
+--    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+--      usefulDefinitions(0) 4}
+--  ATTRIBUTE, AttributeType, ContextAssertion, DistinguishedName, MATCHING-RULE,
+--    objectIdentifierMatch, Refinement, SubtreeSpecification,
+--    SupportedAttributes
+--    FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
+--      informationFramework(1) 4}
+  -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
+--  Filter
+--    FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
+--      directoryAbstractService(2) 4}
+  -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
+--  DirectoryString{}, directoryStringFirstComponentMatch, NameAndOptionalUID,
+--    UniqueIdentifier
+--    FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
+--      selectedAttributeTypes(5) 4}
+--  ub-tag
+--    FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4};
+
+-- types
+ACIItem ::= SEQUENCE {
+  identificationTag   DirectoryString --{ub-tag}--,
+  precedence           Precedence,
+  authenticationLevel  AuthenticationLevel,
+  itemOrUserFirst
+    CHOICE {itemFirst
+              [0]  SEQUENCE {protectedItems   ProtectedItems,
+                             itemPermissions  SET OF ItemPermission},
+            userFirst
+              [1]  SEQUENCE {userClasses      UserClasses,
+                             userPermissions  SET OF UserPermission}}
+}
+
+Precedence ::= INTEGER --(0..255)--
+
+ProtectedItems ::= SEQUENCE {
+  entry                           [0]  NULL OPTIONAL,
+  allUserAttributeTypes           [1]  NULL OPTIONAL,
+  attributeType
+    [2]  SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL,
+  allAttributeValues
+    [3]  SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL,
+  allUserAttributeTypesAndValues  [4]  NULL OPTIONAL,
+  attributeValue
+    [5]  SET --SIZE (1..MAX)-- OF AttributeTypeAndValue OPTIONAL,
+  selfValue
+    [6]  SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL,
+  rangeOfValues                   [7]  Filter OPTIONAL,
+  maxValueCount
+    [8]  SET --SIZE (1..MAX)-- OF MaxValueCount OPTIONAL,
+  maxImmSub                       [9]  INTEGER OPTIONAL,
+  restrictedBy
+    [10]  SET --SIZE (1..MAX)-- OF RestrictedValue OPTIONAL,
+  contexts
+    [11]  SET --SIZE (1..MAX)-- OF ContextAssertion OPTIONAL,
+  classes                         [12]  Refinement OPTIONAL
+}
+
+MaxValueCount ::= SEQUENCE {type      AttributeType,
+                            maxCount  INTEGER
+}
+
+RestrictedValue ::= SEQUENCE {type      AttributeType,
+                              valuesIn  AttributeType
+}
+
+UserClasses ::= SEQUENCE {
+  allUsers   [0]  NULL OPTIONAL,
+  thisEntry  [1]  NULL OPTIONAL,
+  name       [2]  SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL,
+  userGroup  [3]  SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL,
+  -- dn component shall be the name of an
+  -- entry of GroupOfUniqueNames
+  subtree    [4]  SET --SIZE (1..MAX)-- OF SubtreeSpecification OPTIONAL
+}
+
+ItemPermission ::= SEQUENCE {
+  precedence        Precedence OPTIONAL,
+  -- defaults to precedence in ACIItem
+  userClasses       UserClasses,
+  grantsAndDenials  GrantsAndDenials
+}
+
+UserPermission ::= SEQUENCE {
+  precedence        Precedence OPTIONAL,
+  -- defaults to precedence in ACIItem
+  protectedItems    ProtectedItems,
+  grantsAndDenials  GrantsAndDenials
+}
+
+AuthenticationLevel ::= CHOICE {
+  basicLevels
+    SEQUENCE {level           ENUMERATED {none(0), simple(1), strong(2)},
+              localQualifier  INTEGER OPTIONAL,
+              signed          BOOLEAN DEFAULT FALSE},
+  other        EXTERNAL
+}
+
+GrantsAndDenials ::= BIT STRING {
+  -- permissions that may be used in conjunction
+  -- with any component of ProtectedItems
+  grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3),
+  grantRead(4), denyRead(5), grantRemove(6),
+  denyRemove(7),
+  -- permissions that may be used only in conjunction
+  -- with the entry component
+  grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11),
+  grantImport(12), denyImport(13), grantModify(14), denyModify(15),
+  grantRename(16), denyRename(17), grantReturnDN(18),
+  denyReturnDN(19),
+  -- permissions that may be used in conjunction
+  -- with any component, except entry, of ProtectedItems
+  grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23),
+  grantInvoke(24), denyInvoke(25)}
+
+--AttributeTypeAndValue ::= SEQUENCE {
+--  type   ATTRIBUTE.&id({SupportedAttributes}),
+--  value  ATTRIBUTE.&Type({SupportedAttributes}{@type})
+--}
+
+-- attributes
+--accessControlScheme ATTRIBUTE ::= {
+--  WITH SYNTAX             OBJECT IDENTIFIER
+--  EQUALITY MATCHING RULE  objectIdentifierMatch
+--  SINGLE VALUE            TRUE
+--  USAGE                   directoryOperation
+--  ID                      id-aca-accessControlScheme
+--}
+
+--prescriptiveACI ATTRIBUTE ::= {
+--  WITH SYNTAX             ACIItem
+--  EQUALITY MATCHING RULE  directoryStringFirstComponentMatch
+--  USAGE                   directoryOperation
+--  ID                      id-aca-prescriptiveACI
+--}
+
+--entryACI ATTRIBUTE ::= {
+--  WITH SYNTAX             ACIItem
+--  EQUALITY MATCHING RULE  directoryStringFirstComponentMatch
+--  USAGE                   directoryOperation
+--  ID                      id-aca-entryACI
+--}
+
+--subentryACI ATTRIBUTE ::= {
+--  WITH SYNTAX             ACIItem
+--  EQUALITY MATCHING RULE  directoryStringFirstComponentMatch
+--  USAGE                   directoryOperation
+--  ID                      id-aca-subentryACI
+--}
+
+-- object identifier assignments
+-- attributes
+--id-aca-accessControlScheme OBJECT IDENTIFIER ::=
+--  {id-aca 1}
+
+--id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4}
+
+--id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5}
+
+--id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6}
+
+-- access control schemes -
+--basicAccessControlScheme OBJECT IDENTIFIER ::=
+--  {id-acScheme 1}
+
+--simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2}
+
+--rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3}
+
+--rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4}
+
+--rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5}
+
+END -- BasicAccessControl
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+
+
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+
diff --git a/epan/dissectors/asn1/dop/dop.cnf b/epan/dissectors/asn1/dop/dop.cnf
new file mode 100644
index 00000000..2a16b355
--- /dev/null
+++ b/epan/dissectors/asn1/dop/dop.cnf
@@ -0,0 +1,207 @@
+#.IMPORT ../x509sat/x509sat-exp.cnf
+#.IMPORT ../x509if/x509if-exp.cnf
+#.IMPORT ../x509af/x509af-exp.cnf
+#.IMPORT ../dsp/dsp-exp.cnf
+#.IMPORT ../dap/dap-exp.cnf
+#.IMPORT ../crmf/crmf-exp.cnf
+
+#.MODULE_IMPORT
+BasicAccessControl		crmf
+
+#.EXPORTS
+DSEType
+SupplierAndConsumers
+OperationalBindingID
+
+#.NO_EMIT ONLY_VALS
+EstablishOperationalBindingArgument
+ModifyOperationalBindingArgument
+ModifyOperationalBindingResult
+TerminateOperationalBindingArgument
+TerminateOperationalBindingResult
+
+#.TYPE_RENAME
+EstablishOperationalBindingArgumentData/initiator	EstablishArgumentInitiator
+ModifyOperationalBindingArgumentData/initiator		ModifyArgumentInitiator
+TerminateOperationalBindingArgumentData/initiator	TerminateArgumentInitiator
+
+ModifyOperationalBindingArgumentData/newAgreement	ArgumentNewAgreement
+ModifyOperationalBindingResultData/newAgreement		ResultNewAgreement
+
+ModifyOperationalBindingResult/protected		ProtectedModifyResult
+TerminateOperationalBindingResult/protected		ProtectedTerminateResult
+
+EstablishOperationalBindingArgumentData/initiator/roleA-initiates	EstablishRoleAInitiates
+ModifyOperationalBindingArgumentData/initiator/roleA-initiates		ModifyRoleAInitiates
+TerminateOperationalBindingArgumentData/initiator/roleA-initiates	TerminateRoleAInitiates
+
+EstablishOperationalBindingArgumentData/initiator/roleB-initiates	EstablishRoleBInitiates
+ModifyOperationalBindingArgumentData/initiator/roleB-initiates		ModifyRoleBInitiates
+TerminateOperationalBindingArgumentData/initiator/roleB-initiates	TerminateRoleBInitiates
+
+EstablishOperationalBindingArgumentData/initiator/symmetric		EstablishSymmetric
+ModifyOperationalBindingArgumentData/initiator/symmetric		ModifySymmetric
+TerminateOperationalBindingArgumentData/initiator/symmetric		TerminateSymmetric
+
+
+#.FIELD_RENAME
+EstablishOperationalBindingArgumentData/initiator	establishInitiator
+ModifyOperationalBindingArgumentData/initiator		modifyInitiator
+TerminateOperationalBindingArgumentData/initiator	terminateInitiator
+
+ModifyOperationalBindingArgumentData/newAgreement	argumentNewAgreement
+ModifyOperationalBindingResultData/newAgreement		resultNewAgreement
+
+ModifyOperationalBindingResult/protected		protectedModifyResult
+TerminateOperationalBindingResult/protected		protectedTerminateResult
+
+EstablishOperationalBindingArgumentData/initiator/roleA-initiates	establishRoleAInitiates
+ModifyOperationalBindingArgumentData/initiator/roleA-initiates		modifyRoleAInitiates
+TerminateOperationalBindingArgumentData/initiator/roleA-initiates	terminateRoleAInitiates
+
+EstablishOperationalBindingArgumentData/initiator/roleB-initiates	establishRoleBInitiates
+ModifyOperationalBindingArgumentData/initiator/roleB-initiates		modifyRoleBInitiates
+TerminateOperationalBindingArgumentData/initiator/roleB-initiates	terminateRoleBInitiates
+
+EstablishOperationalBindingArgumentData/initiator/symmetric		establishSymmetric
+ModifyOperationalBindingArgumentData/initiator/symmetric		modifySymmetric
+TerminateOperationalBindingArgumentData/initiator/symmetric		terminateSymmetric
+
+TerminateOperationalBindingArgumentData/terminateAt			terminateAtTime
+TerminateOperationalBindingResultData/terminateAt			terminateAtGeneralizedTime
+
+#.FIELD_ATTR
+TerminateOperationalBindingArgumentData/terminateAt		ABBREV=terminateAtTime
+TerminateOperationalBindingResultData/terminateAt		ABBREV=terminateAtGeneralizedTime
+
+
+
+#.REGISTER
+DSEType					B "2.5.12.0" "id-doa-dseType"
+SupplierInformation		B "2.5.12.5" "id-doa-supplierKnowledge"
+ConsumerInformation		B "2.5.12.6" "id-doa-consumerKnowledge"
+SupplierAndConsumers		B "2.5.12.7" "id-doa-secondaryShadows"
+
+HierarchicalAgreement				S dop.oid	"agreement.2.5.19.2"
+SuperiorToSubordinate				S dop.oid	"establish.rolea.2.5.19.2"
+SuperiorToSubordinateModification	S dop.oid	"modify.rolea.2.5.19.2"
+SubordinateToSuperior				S dop.oid	"establish.roleb.2.5.19.2"
+SubordinateToSuperior				S dop.oid	"modify.roleb.2.5.19.2"
+
+NonSpecificHierarchicalAgreement	S dop.oid	"agreement.2.5.19.3"
+NHOBSuperiorToSubordinate			S dop.oid	"establish.rolea.2.5.19.3"
+NHOBSuperiorToSubordinate			S dop.oid	"modify.rolea.2.5.19.3"
+NHOBSubordinateToSuperior			S dop.oid	"establish.roleb.2.5.19.3"
+NHOBSubordinateToSuperior			S dop.oid	"modify.roleb.2.5.19.3"
+
+ACIItem		B	"2.5.24.4" "id-aca-prescriptiveACI"
+ACIItem		B	"2.5.24.5" "id-aca-entryACI"
+ACIItem		B	"2.5.24.6" "id-aca-subentryACI"
+
+#.VIRTUAL_ASSGN
+BindingType EstablishOperationalBindingArgumentData/bindingType
+#.SET_TYPE
+EstablishOperationalBindingArgumentData/bindingType  BindingType
+EstablishOperationalBindingResult/bindingType  BindingType
+ModifyOperationalBindingArgumentData/bindingType  BindingType
+ModifyOperationalBindingResultData/bindingType  BindingType
+TerminateOperationalBindingArgumentData/bindingType  BindingType
+TerminateOperationalBindingResultData/bindingType  BindingType
+OpBindingErrorParam/bindingType  BindingType
+#.END
+
+#.FN_PARS	BindingType  FN_VARIANT = _str VAL_PTR = &binding_type
+#.FN_FTR	BindingType
+  append_oid(actx->pinfo, binding_type);
+#.END
+
+#.FN_BODY	EstablishOperationalBindingArgumentData/initiator/symmetric
+
+  offset = call_dop_oid_callback("establish.symmetric", tvb, offset, actx->pinfo, tree, "symmetric", actx->private_data);
+
+#.FN_BODY	EstablishOperationalBindingArgumentData/initiator/roleA-initiates
+
+  offset = call_dop_oid_callback("establish.rolea", tvb, offset, actx->pinfo, tree, "roleA", actx->private_data);
+
+#.FN_BODY	EstablishOperationalBindingArgumentData/initiator/roleB-initiates
+
+  offset = call_dop_oid_callback("establish.roleb", tvb, offset, actx->pinfo, tree, "roleB", actx->private_data);
+
+#.FN_BODY	ModifyOperationalBindingArgumentData/initiator/symmetric
+
+  offset = call_dop_oid_callback("modify.symmetric", tvb, offset, actx->pinfo, tree, "symmetric", actx->private_data);
+
+#.FN_BODY	ModifyOperationalBindingArgumentData/initiator/roleA-initiates
+
+  offset = call_dop_oid_callback("modify.rolea", tvb, offset, actx->pinfo, tree, "roleA", actx->private_data);
+
+#.FN_BODY	ModifyOperationalBindingArgumentData/initiator/roleB-initiates
+
+  offset = call_dop_oid_callback("modify.roleb", tvb, offset, actx->pinfo, tree, "roleB", actx->private_data);
+
+#.FN_BODY	TerminateOperationalBindingArgumentData/initiator/symmetric
+
+  offset = call_dop_oid_callback("terminate.symmetric", tvb, offset, actx->pinfo, tree, "symmetric", actx->private_data);
+
+#.FN_BODY	TerminateOperationalBindingArgumentData/initiator/roleA-initiates
+
+  offset = call_dop_oid_callback("terminate.rolea", tvb, offset, actx->pinfo, tree, "roleA", actx->private_data);
+
+#.FN_BODY	TerminateOperationalBindingArgumentData/initiator/roleB-initiates
+
+  offset = call_dop_oid_callback("terminate.roleb", tvb, offset, actx->pinfo, tree, "roleB", actx->private_data);
+
+#.FN_BODY	EstablishOperationalBindingArgumentData/agreement
+
+  offset = call_dop_oid_callback("agreement", tvb, offset, actx->pinfo, tree, NULL, actx->private_data);
+
+#.FN_BODY	EstablishOperationalBindingResult/initiator/symmetric
+
+  offset = call_dop_oid_callback("establish.symmetric", tvb, offset, actx->pinfo, tree, "symmetric", actx->private_data);
+
+#.FN_BODY	EstablishOperationalBindingResult/initiator/roleA-replies
+
+  offset = call_dop_oid_callback("establish.rolea", tvb, offset, actx->pinfo, tree, "roleA", actx->private_data);
+
+#.FN_BODY	EstablishOperationalBindingResult/initiator/roleB-replies
+
+  offset = call_dop_oid_callback("establish.roleb", tvb, offset, actx->pinfo, tree, "roleB", actx->private_data);
+
+#.FN_BODY	OpBindingErrorParam/agreementProposal
+
+  offset = call_dop_oid_callback("agreement", tvb, offset, actx->pinfo, tree, NULL, actx->private_data);
+
+#.FN_BODY	ModifyOperationalBindingResultData/newAgreement
+
+  offset = call_dop_oid_callback("agreement", tvb, offset, actx->pinfo, tree, NULL, actx->private_data);
+
+#.FN_BODY	ModifyOperationalBindingArgumentData/newAgreement
+
+  offset = call_dop_oid_callback("agreement", tvb, offset, actx->pinfo, tree, NULL, actx->private_data);
+
+
+#.FN_BODY OperationalBindingID/identifier  VAL_PTR	= &value
+	guint32	value;
+
+	%(DEFAULT_BODY)s
+
+	col_append_fstr(actx->pinfo->cinfo, COL_INFO, " id=%%d", value);
+
+
+
+#.FN_BODY OperationalBindingID/version	VAL_PTR	= &value
+	guint32	value;
+
+	%(DEFAULT_BODY)s
+
+	col_append_fstr(actx->pinfo->cinfo, COL_INFO, ",%%d", value);
+
+#.FN_PARS Precedence VAL_PTR = &precedence
+
+#.FN_BODY Precedence
+  guint32 precedence = 0;
+
+  %(DEFAULT_BODY)s
+
+  proto_item_append_text(tree, " precedence=%%d", precedence);
+
diff --git a/epan/dissectors/asn1/dop/packet-dop-template.c b/epan/dissectors/asn1/dop/packet-dop-template.c
new file mode 100644
index 00000000..56de6bca
--- /dev/null
+++ b/epan/dissectors/asn1/dop/packet-dop-template.c
@@ -0,0 +1,308 @@
+/* packet-dop.c
+ * Routines for X.501 (DSA Operational Attributes)  packet dissection
+ * Graeme Lunt 2005
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include <epan/prefs.h>
+#include <epan/oids.h>
+#include <epan/asn1.h>
+#include <epan/expert.h>
+
+#include "packet-ber.h"
+#include "packet-acse.h"
+#include "packet-ros.h"
+
+#include "packet-x509sat.h"
+#include "packet-x509af.h"
+#include "packet-x509if.h"
+#include "packet-dap.h"
+#include "packet-dsp.h"
+#include "packet-crmf.h"
+
+
+#include "packet-dop.h"
+
+#define PNAME  "X.501 Directory Operational Binding Management Protocol"
+#define PSNAME "DOP"
+#define PFNAME "dop"
+
+void proto_register_dop(void);
+void proto_reg_handoff_dop(void);
+
+/* Initialize the protocol and registered fields */
+static int proto_dop = -1;
+
+static const char *binding_type = NULL; /* binding_type */
+
+static int call_dop_oid_callback(const char *base_string, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, const char *col_info, void* data);
+
+#include "packet-dop-hf.c"
+
+/* Initialize the subtree pointers */
+static gint ett_dop = -1;
+static gint ett_dop_unknown = -1;
+#include "packet-dop-ett.c"
+
+static expert_field ei_dop_unknown_binding_parameter = EI_INIT;
+static expert_field ei_dop_unsupported_opcode = EI_INIT;
+static expert_field ei_dop_unsupported_errcode = EI_INIT;
+static expert_field ei_dop_unsupported_pdu = EI_INIT;
+static expert_field ei_dop_zero_pdu = EI_INIT;
+
+static dissector_handle_t dop_handle = NULL;
+
+/* Dissector table */
+static dissector_table_t dop_dissector_table;
+
+static void append_oid(packet_info *pinfo, const char *oid)
+{
+  	const char *name = NULL;
+
+    name = oid_resolved_from_string(pinfo->pool, oid);
+    col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name ? name : oid);
+}
+
+#include "packet-dop-fn.c"
+
+static int
+call_dop_oid_callback(const char *base_string, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, const char *col_info, void* data)
+{
+  char* binding_param;
+
+  binding_param = wmem_strdup_printf(pinfo->pool, "%s.%s", base_string, binding_type ? binding_type : "");
+
+  col_append_fstr(pinfo->cinfo, COL_INFO, " %s", col_info);
+
+  if (dissector_try_string(dop_dissector_table, binding_param, tvb, pinfo, tree, data)) {
+     offset = tvb_reported_length (tvb);
+  } else {
+     proto_item *item;
+     proto_tree *next_tree;
+
+     next_tree = proto_tree_add_subtree_format(tree, tvb, 0, -1, ett_dop_unknown, &item,
+         "Dissector for parameter %s OID:%s not implemented. Contact Wireshark developers if you want this supported", base_string, binding_type ? binding_type : "<empty>");
+
+     offset = dissect_unknown_ber(pinfo, tvb, offset, next_tree);
+     expert_add_info(pinfo, item, &ei_dop_unknown_binding_parameter);
+   }
+
+   return offset;
+}
+
+
+/*
+* Dissect DOP PDUs inside a ROS PDUs
+*/
+static int
+dissect_dop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
+{
+	int offset = 0;
+	int old_offset;
+	proto_item *item;
+	proto_tree *tree;
+	struct SESSION_DATA_STRUCTURE* session;
+	int (*dop_dissector)(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) = NULL;
+	const char *dop_op_name;
+	asn1_ctx_t asn1_ctx;
+
+	/* do we have operation information from the ROS dissector? */
+	if (data == NULL)
+		return 0;
+	session = (struct SESSION_DATA_STRUCTURE*)data;
+
+	asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+
+	item = proto_tree_add_item(parent_tree, proto_dop, tvb, 0, -1, ENC_NA);
+	tree = proto_item_add_subtree(item, ett_dop);
+
+	col_set_str(pinfo->cinfo, COL_PROTOCOL, "DOP");
+  	col_clear(pinfo->cinfo, COL_INFO);
+
+	asn1_ctx.private_data = session;
+
+	switch(session->ros_op & ROS_OP_MASK) {
+	case (ROS_OP_BIND | ROS_OP_ARGUMENT):	/*  BindInvoke */
+	  dop_dissector = dissect_dop_DSAOperationalManagementBindArgument;
+	  dop_op_name = "DSA-Operational-Bind-Argument";
+	  break;
+	case (ROS_OP_BIND | ROS_OP_RESULT):	/*  BindResult */
+	  dop_dissector = dissect_dop_DSAOperationalManagementBindResult;
+	  dop_op_name = "DSA-Operational-Bind-Result";
+	  break;
+	case (ROS_OP_BIND | ROS_OP_ERROR):	/*  BindError */
+	  dop_dissector = dissect_dop_DSAOperationalManagementBindError;
+	  dop_op_name = "DSA-Operational-Management-Bind-Error";
+	  break;
+	case (ROS_OP_INVOKE | ROS_OP_ARGUMENT):	/*  Invoke Argument */
+	  switch(session->ros_op & ROS_OP_OPCODE_MASK) {
+	  case 100: /* establish */
+	    dop_dissector = dissect_dop_EstablishOperationalBindingArgument;
+	    dop_op_name = "Establish-Operational-Binding-Argument";
+	    break;
+	  case 101: /* terminate */
+	    dop_dissector = dissect_dop_TerminateOperationalBindingArgument;
+	    dop_op_name = "Terminate-Operational-Binding-Argument";
+	    break;
+	  case 102: /* modify */
+	    dop_dissector = dissect_dop_ModifyOperationalBindingArgument;
+	    dop_op_name = "Modify-Operational-Binding-Argument";
+	    break;
+	  default:
+	    proto_tree_add_expert_format(tree, pinfo, &ei_dop_unsupported_opcode, tvb, offset, -1,
+	        "Unsupported DOP Argument opcode (%d)", session->ros_op & ROS_OP_OPCODE_MASK);
+	    break;
+	  }
+	  break;
+	case (ROS_OP_INVOKE | ROS_OP_RESULT):	/*  Return Result */
+	  switch(session->ros_op & ROS_OP_OPCODE_MASK) {
+	  case 100: /* establish */
+	    dop_dissector = dissect_dop_EstablishOperationalBindingResult;
+	    dop_op_name = "Establish-Operational-Binding-Result";
+	    break;
+	  case 101: /* terminate */
+	    dop_dissector = dissect_dop_TerminateOperationalBindingResult;
+	    dop_op_name = "Terminate-Operational-Binding-Result";
+	    break;
+	  case 102: /* modify */
+	    dop_dissector = dissect_dop_ModifyOperationalBindingResult;
+	    dop_op_name = "Modify-Operational-Binding-Result";
+	    break;
+	  default:
+	    proto_tree_add_expert_format(tree, pinfo, &ei_dop_unsupported_opcode, tvb, offset, -1,
+	            "Unsupported DOP Result opcode (%d)", session->ros_op & ROS_OP_OPCODE_MASK);
+	    break;
+	  }
+	  break;
+	case (ROS_OP_INVOKE | ROS_OP_ERROR):	/*  Return Error */
+	  switch(session->ros_op & ROS_OP_OPCODE_MASK) {
+	  case 100: /* operational-binding */
+	    dop_dissector = dissect_dop_OpBindingErrorParam;
+	    dop_op_name = "Operational-Binding-Error";
+	    break;
+	  default:
+	    proto_tree_add_expert_format(tree, pinfo, &ei_dop_unsupported_errcode, tvb, offset, -1,
+	        "Unsupported DOP Error opcode (%d)", session->ros_op & ROS_OP_OPCODE_MASK);
+	    break;
+	  }
+	  break;
+	default:
+	  proto_tree_add_expert(tree, pinfo, &ei_dop_unsupported_pdu, tvb, offset, -1);
+	  return tvb_captured_length(tvb);
+	}
+
+	if(dop_dissector) {
+      col_set_str(pinfo->cinfo, COL_INFO, dop_op_name);
+
+	  while (tvb_reported_length_remaining(tvb, offset) > 0){
+	    old_offset=offset;
+	    offset=(*dop_dissector)(FALSE, tvb, offset, &asn1_ctx, tree, -1);
+	    if(offset == old_offset){
+	      proto_tree_add_expert(tree, pinfo, &ei_dop_zero_pdu, tvb, offset, -1);
+	      break;
+	    }
+	  }
+	}
+
+	return tvb_captured_length(tvb);
+}
+
+
+
+/*--- proto_register_dop -------------------------------------------*/
+void proto_register_dop(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] =
+  {
+#include "packet-dop-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+    &ett_dop,
+    &ett_dop_unknown,
+#include "packet-dop-ettarr.c"
+  };
+
+  static ei_register_info ei[] = {
+     { &ei_dop_unknown_binding_parameter, { "dop.unknown_binding_parameter", PI_UNDECODED, PI_WARN, "Unknown binding-parameter", EXPFILL }},
+     { &ei_dop_unsupported_opcode, { "dop.unsupported_opcode", PI_UNDECODED, PI_WARN, "Unsupported DOP opcode", EXPFILL }},
+     { &ei_dop_unsupported_errcode, { "dop.unsupported_errcode", PI_UNDECODED, PI_WARN, "Unsupported DOP errcode", EXPFILL }},
+     { &ei_dop_unsupported_pdu, { "dop.unsupported_pdu", PI_UNDECODED, PI_WARN, "Unsupported DOP PDU", EXPFILL }},
+     { &ei_dop_zero_pdu, { "dop.zero_pdu", PI_PROTOCOL, PI_ERROR, "Internal error, zero-byte DOP PDU", EXPFILL }},
+  };
+
+  expert_module_t* expert_dop;
+  module_t *dop_module;
+
+  /* Register protocol */
+  proto_dop = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  dop_handle = register_dissector("dop", dissect_dop, proto_dop);
+
+  dop_dissector_table = register_dissector_table("dop.oid", "DOP OID", proto_dop, FT_STRING, STRING_CASE_SENSITIVE);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_dop, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+  expert_dop = expert_register_protocol(proto_dop);
+  expert_register_field_array(expert_dop, ei, array_length(ei));
+
+  /* Register our configuration options for DOP, particularly our port */
+
+  dop_module = prefs_register_protocol_subtree("OSI/X.500", proto_dop, NULL);
+
+  prefs_register_obsolete_preference(dop_module, "tcp.port");
+
+  prefs_register_static_text_preference(dop_module, "tcp_port_info",
+            "The TCP ports used by the DOP protocol should be added to the TPKT preference \"TPKT TCP ports\", or by selecting \"TPKT\" as the \"Transport\" protocol in the \"Decode As\" dialog.",
+            "DOP TCP Port preference moved information");
+
+}
+
+
+/*--- proto_reg_handoff_dop --- */
+void proto_reg_handoff_dop(void) {
+
+#include "packet-dop-dis-tab.c"
+  /* APPLICATION CONTEXT */
+
+  oid_add_from_string("id-ac-directory-operational-binding-management","2.5.3.3");
+
+  /* ABSTRACT SYNTAXES */
+
+  /* Register DOP with ROS (with no use of RTSE) */
+  register_ros_oid_dissector_handle("2.5.9.4", dop_handle, 0, "id-as-directory-operational-binding-management", FALSE);
+
+  /* BINDING TYPES */
+
+  oid_add_from_string("shadow-agreement","2.5.19.1");
+  oid_add_from_string("hierarchical-agreement","2.5.19.2");
+  oid_add_from_string("non-specific-hierarchical-agreement","2.5.19.3");
+
+  /* ACCESS CONTROL SCHEMES */
+  oid_add_from_string("basic-ACS","2.5.28.1");
+  oid_add_from_string("simplified-ACS","2.5.28.2");
+  oid_add_from_string("ruleBased-ACS","2.5.28.3");
+  oid_add_from_string("ruleAndBasic-ACS","2.5.28.4");
+  oid_add_from_string("ruleAndSimple-ACS","2.5.28.5");
+
+  /* ADMINISTRATIVE ROLES */
+  oid_add_from_string("id-ar-autonomousArea","2.5.23.1");
+  oid_add_from_string("id-ar-accessControlSpecificArea","2.5.23.2");
+  oid_add_from_string("id-ar-accessControlInnerArea","2.5.23.3");
+  oid_add_from_string("id-ar-subschemaAdminSpecificArea","2.5.23.4");
+  oid_add_from_string("id-ar-collectiveAttributeSpecificArea","2.5.23.5");
+  oid_add_from_string("id-ar-collectiveAttributeInnerArea","2.5.23.6");
+  oid_add_from_string("id-ar-contextDefaultSpecificArea","2.5.23.7");
+  oid_add_from_string("id-ar-serviceSpecificArea","2.5.23.8");
+}
diff --git a/epan/dissectors/asn1/dop/packet-dop-template.h b/epan/dissectors/asn1/dop/packet-dop-template.h
new file mode 100644
index 00000000..73f8fcfc
--- /dev/null
+++ b/epan/dissectors/asn1/dop/packet-dop-template.h
@@ -0,0 +1,17 @@
+/* packet-x501.h
+ * Routines for X.501 (DSA Operational Attributes) packet dissection
+ * Graeme Lunt 2005
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef PACKET_X501_H
+#define PACKET_X501_H
+
+#include "packet-dop-exp.h"
+
+#endif  /* PACKET_X501_H */