22 files changed, 343 insertions, 135 deletions
diff --git a/asn1/dap/dap-exp.cnf b/asn1/dap/dap-exp.cnf
index aa8d99abe2..60efa31464 100644
--- a/asn1/dap/dap-exp.cnf
+++ b/asn1/dap/dap-exp.cnf
@@ -31,7 +31,6 @@ Referral                 BER_CLASS_ANY/*choice*/ -1/*choice*/
 SecurityError            BER_CLASS_ANY/*choice*/ -1/*choice*/
 ServiceError             BER_CLASS_ANY/*choice*/ -1/*choice*/
 UpdateError              BER_CLASS_ANY/*choice*/ -1/*choice*/
-OperationalBindingID     BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
 #.END
 
 #.TYPE_ATTR
@@ -67,6 +66,5 @@ Referral                 TYPE = FT_UINT32  DISPLAY = BASE_DEC   STRINGS = VALS(d
 SecurityError            TYPE = FT_UINT32  DISPLAY = BASE_DEC   STRINGS = VALS(dap_SecurityError_vals)  BITMASK = 0
 ServiceError             TYPE = FT_UINT32  DISPLAY = BASE_DEC   STRINGS = VALS(dap_ServiceError_vals)  BITMASK = 0
 UpdateError              TYPE = FT_UINT32  DISPLAY = BASE_DEC   STRINGS = VALS(dap_UpdateError_vals)  BITMASK = 0
-OperationalBindingID     TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
 #.END
 
diff --git a/asn1/dap/dap.asn b/asn1/dap/dap.asn
index dd165f9eb3..9edcea388a 100644
--- a/asn1/dap/dap.asn
+++ b/asn1/dap/dap.asn
@@ -45,9 +45,9 @@ IMPORTS
     id-opcode-search
     FROM DirectoryAccessProtocol {joint-iso-itu-t ds(5) module(1) dap(11) 4}
   -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
---  DirectoryString{}
---    FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
---      selectedAttributeTypes(5) 4}
+  DirectoryString
+    FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
+      selectedAttributeTypes(5) 4}
   ub-domainLocalID
     FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4}
   -- from ITU-T Rec. X.509 | ISO/IEC 9594-8
@@ -58,9 +58,9 @@ IMPORTS
     FROM AttributeCertificateDefinitions {joint-iso-itu-t ds(5) module(1)
       attributeCertificateDefinitions(32) 4}
   -- from ITU-T Rec. X.525 | ISO/IEC 9594-9
---  AgreementID
---    FROM DirectoryShadowAbstractService {joint-iso-itu-t ds(5) module(1)
---      directoryShadowAbstractService(15) 4}
+  AgreementID
+    FROM DirectoryShadowAbstractService {joint-iso-itu-t ds(5) module(1)
+      directoryShadowAbstractService(15) 4}
   -- from ITU-T Rec. X.880 | ISO/IEC 13712-1
   Code, ERROR, OPERATION
     FROM Remote-Operations-Information-Objects {joint-iso-itu-t
@@ -1265,24 +1265,6 @@ UpdateProblem ::= INTEGER {
 -- attribute types 
 --id-at-family-information OBJECT IDENTIFIER ::= {id-at 64}
 
-AgreementID ::= OperationalBindingID
-
-OperationalBindingID ::= SEQUENCE {
-  identifier	INTEGER,
-  version 	INTEGER
-}
-
-
--- local definition as one in x509sat is wrong! */
-DirectoryString ::= CHOICE {
-  teletexString    TeletexString,
-  printableString  PrintableString,
-  universalString  UniversalString,
-  bmpString        BMPString,
-  uTF8String       UTF8String
-}
-
-
 END -- DirectoryAbstractService
 
 -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
diff --git a/asn1/dap/dap.cnf b/asn1/dap/dap.cnf
index 1a7fee85bb..a44d0289d5 100644
--- a/asn1/dap/dap.cnf
+++ b/asn1/dap/dap.cnf
@@ -5,6 +5,8 @@ ServiceAdministration	x509if
 AuthenticationFramework	x509af
 AttributeCertificateDefinitions	x509af
 
+SelectedAttributeTypes	x509sat
+
 BasicAccessControl	crmf
 
 Remote-Operations-Generic-ROS-PDUs	ros
@@ -12,11 +14,14 @@ Remote-Operations-Information-Objects	ros
 
 ACSE-1			acse
 DistributedOperations	dsp
+DirectoryShadowAbstractService	disp
 
 #.INCLUDE	../x509if/x509if-exp.cnf
 #.INCLUDE	../x509af/x509af-exp.cnf
+#.INCLUDE	../x509sat/x509sat-exp.cnf
 #.INCLUDE	../pkixcrmf/crmf-exp.cnf
 #.INCLUDE	../dsp/dsp-exp.cnf
+#.INCLUDE	../disp/disp-exp.cnf
 #.INCLUDE	../ros/ros-exp.cnf
 #.INCLUDE	../acse/acse-exp.cnf
 
@@ -26,7 +31,6 @@ Referral
 SecurityParameters
 EntryModification
 ContextSelection
-OperationalBindingID
 DirectoryBindArgument
 DirectoryBindError
 ReadArgument
@@ -161,24 +165,8 @@ ModifyRights/_item/item/value			value-assertion
 	if(check_col(pinfo->cinfo, COL_INFO))	
 		col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", x509if_get_last_dn());
 
-#.FN_PARS INTEGER
-	VAL_PTR	= &value
-
-#.FN_BODY INTEGER
-	guint32	value;
-
-	%(DEFAULT_BODY)s
-
-	if (check_col(pinfo->cinfo, COL_INFO)) {
-		if(hf_index == hf_dap_identifier) {
-			col_append_fstr(pinfo->cinfo, COL_INFO, " id=%%d", value);
-		} else if (hf_index == hf_dap_version) {
-			col_append_fstr(pinfo->cinfo, COL_INFO, ",%%d", value);
-		}
-  	}
-
 #.FN_PARS OCTET_STRING
-	VAL_PTR=&out_tvb
+	VAL_PTR=&out_tvb 
 	
 #.FN_BODY OCTET_STRING
 	tvbuff_t *out_tvb;
@@ -275,3 +263,13 @@ ModifyRights/_item/item/value			value-assertion
 		col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", (dn && *dn) ? dn : "(root)");
 	}
 
+#.FN_BODY T_subordinates_item
+	proto_item *sub_item;
+
+	%(DEFAULT_BODY)s
+
+	if((sub_item = get_ber_last_created_item())) {
+		
+		proto_item_append_text(sub_item," (%%s)", x509if_get_last_dn());
+	}
+
diff --git a/asn1/dap/packet-dap-template.c b/asn1/dap/packet-dap-template.c
index 695e5f0484..9d5a0e24f9 100644
--- a/asn1/dap/packet-dap-template.c
+++ b/asn1/dap/packet-dap-template.c
@@ -327,6 +327,15 @@ void proto_reg_handoff_dap(void) {
   /* remember the tpkt handler for change in preferences */
   tpkt_handle = find_dissector("tpkt");
 
+  /* AttributeValueAssertions */
+  x509if_register_fmt(hf_dap_equality, "=");
+  x509if_register_fmt(hf_dap_greaterOrEqual, ">=");
+  x509if_register_fmt(hf_dap_lessOrEqual, "<=");
+  x509if_register_fmt(hf_dap_approximateMatch, "=~");
+  /* AttributeTypes */
+  x509if_register_fmt(hf_dap_present, "= *");
+
+
 }
 
 
diff --git a/asn1/disp/disp.asn b/asn1/disp/disp.asn
index 05a75c2598..f52e41935a 100644
--- a/asn1/disp/disp.asn
+++ b/asn1/disp/disp.asn
@@ -134,7 +134,7 @@ AttributeSelection ::= SET OF ClassAttributeSelection
 
 ClassAttributeSelection ::= SEQUENCE {
   class            OBJECT IDENTIFIER OPTIONAL,
-  classAttributes  ClassAttributes -- DEFAULT allAttributes:NULL
+  classAttributes  ClassAttributes -- DEFAULT allAttributes:NULL -- OPTIONAL
 }
 
 ClassAttributes ::= CHOICE {
diff --git a/asn1/disp/disp.cnf b/asn1/disp/disp.cnf
index 1114e9dbec..f8fe639e3d 100644
--- a/asn1/disp/disp.cnf
+++ b/asn1/disp/disp.cnf
@@ -8,7 +8,7 @@ ACSE-1			acse
 DirectoryAbstractService	dap
 DistributedOperations		dsp
 DSAOperationalAttributeTypes	dop
-OperationalBindingManagement	dap
+OperationalBindingManagement	dop
 
 #.INCLUDE ../x509if/x509if-exp.cnf
 #.INCLUDE ../x509af/x509af-exp.cnf
@@ -17,6 +17,9 @@ OperationalBindingManagement	dap
 #.INCLUDE ../dop/dop-exp.cnf
 #.INCLUDE ../acse/acse-exp.cnf
 
+#.EXPORTS
+AgreementID
+
 #.TYPE_RENAME
 CoordinateShadowUpdateArgumentData/updateStrategy/standard	StandardUpdate
 
@@ -35,13 +38,6 @@ EstablishParameter	B "dop.establish.roleb.2.5.19.1" 	"shadow-establish-roleb"
 ModificationParameter 	B "dop.modify.rolea.2.5.19.1" 	"shadow-modify-rolea"
 ModificationParameter 	B "dop.modify.roleb.2.5.19.1" 	"shadow-modify-roleb"
 
-# these are useful to Thales DOP 
-ShadowingAgreementInfo	B "dop.agreement.2.5.1.0.2.1" 	"shadow-agreement"
-EstablishParameter	B "dop.establish.rolea.2.5.1.0.2.1" 	"shadow-establish-rolea"
-EstablishParameter	B "dop.establish.roleb.2.5.1.0.2.1" 	"shadow-establish-roleb"
-ModificationParameter 	B "dop.modify.rolea.2.5.1.0.2.1" 	"shadow-modify-rolea"
-ModificationParameter 	B "dop.modify.roleb.2.5.1.0.2.1" 	"shadow-modify-roleb"
-
 #.FN_PARS T_standard
 	VAL_PTR = &update
 
@@ -125,4 +121,3 @@ ModificationParameter 	B "dop.modify.roleb.2.5.1.0.2.1" 	"shadow-modify-roleb"
   if (check_col(pinfo->cinfo, COL_INFO)) {
 	col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(problem, disp_ShadowProblem_vals, "ShadowProblem(%%d)"));
   }
-
diff --git a/asn1/disp/packet-disp-template.c b/asn1/disp/packet-disp-template.c
index 9087fa8181..3870a42ca2 100644
--- a/asn1/disp/packet-disp-template.c
+++ b/asn1/disp/packet-disp-template.c
@@ -263,6 +263,9 @@ void proto_reg_handoff_disp(void) {
 
   tpkt_handle = find_dissector("tpkt");
 
+  /* DNs */
+  x509if_register_fmt(hf_disp_contextPrefix, "cp=");
+
 }
 
 
diff --git a/asn1/disp/packet-disp-template.h b/asn1/disp/packet-disp-template.h
index 7f5d212e5a..bb6f8f3503 100644
--- a/asn1/disp/packet-disp-template.h
+++ b/asn1/disp/packet-disp-template.h
@@ -26,5 +26,6 @@
 #ifndef PACKET_DISP_H
 #define PACKET_DISP_H
 
+#include "packet-disp-exp.h"
 
 #endif  /* PACKET_DISP_H */
diff --git a/asn1/dop/dop-exp.cnf b/asn1/dop/dop-exp.cnf
index 13540a392f..645660e586 100644
--- a/asn1/dop/dop-exp.cnf
+++ b/asn1/dop/dop-exp.cnf
@@ -1,10 +1,12 @@
 #.IMPORT_TAG
 DSEType                  BER_CLASS_UNI BER_UNI_TAG_BITSTRING
 SupplierAndConsumers     BER_CLASS_UNI BER_UNI_TAG_SET
+OperationalBindingID     BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
 #.END
 
 #.TYPE_ATTR
 DSEType                  TYPE = FT_BYTES   DISPLAY = BASE_HEX   STRINGS = NULL  BITMASK = 0
 SupplierAndConsumers     TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+OperationalBindingID     TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
 #.END
 
diff --git a/asn1/dop/dop.cnf b/asn1/dop/dop.cnf
index de6d15fe2e..ad192bde1e 100644
--- a/asn1/dop/dop.cnf
+++ b/asn1/dop/dop.cnf
@@ -14,6 +14,7 @@ AuthenticationFramework		x509af
 #.EXPORTS
 DSEType
 SupplierAndConsumers
+OperationalBindingID
 
 #.TYPE_RENAME
 EstablishOperationalBindingArgumentData/initiator	EstablishArgumentInitiator
@@ -87,66 +88,94 @@ NHOBSubordinateToSuperior		B "dop.modify.roleb.2.5.19.3"  "non-specific-hierarch
 #.FN_PARS	OBJECT_IDENTIFIER
 	FN_VARIANT = _str VAL_PTR = &binding_type
 
+#.FN_BODY	OBJECT_IDENTIFIER
+  const char *name;
+
+  %(DEFAULT_BODY)s
+
+  if(check_col(pinfo->cinfo, COL_INFO)) {
+    name = get_ber_oid_name(binding_type);
+    col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", name ? name : binding_type);
+  }
+
 #.FN_BODY	EstablishSymmetric
 
-  offset = call_dop_oid_callback("dop.establish.symmetric", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.establish.symmetric", tvb, offset, pinfo, tree, "symmetric");
 
 #.FN_BODY	EstablishRoleAInitiates
 
-  offset = call_dop_oid_callback("dop.establish.rolea", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.establish.rolea", tvb, offset, pinfo, tree, "roleA");
 
 #.FN_BODY	EstablishRoleBInitiates
 
-  offset = call_dop_oid_callback("dop.establish.roleb", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.establish.roleb", tvb, offset, pinfo, tree, "roleB");
 
 #.FN_BODY	ModifySymmetric
 
-  offset = call_dop_oid_callback("dop.modify.symmetric", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.modify.symmetric", tvb, offset, pinfo, tree, "symmetric");
 
 #.FN_BODY	ModifyRoleAInitiates
 
-  offset = call_dop_oid_callback("dop.modify.rolea", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.modify.rolea", tvb, offset, pinfo, tree, "roleA");
 
 #.FN_BODY	ModifyRoleBInitiates
 
-  offset = call_dop_oid_callback("dop.modify.roleb", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.modify.roleb", tvb, offset, pinfo, tree, "roleB");
 
 #.FN_BODY	TerminateSymmetric
 
-  offset = call_dop_oid_callback("dop.terminate.symmetric", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.terminate.symmetric", tvb, offset, pinfo, tree, "symmetric");
 
 #.FN_BODY	TerminateRoleAInitiates
 
-  offset = call_dop_oid_callback("dop.terminate.rolea", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.terminate.rolea", tvb, offset, pinfo, tree, "roleA");
 
 #.FN_BODY	TerminateRoleBInitiates
 
-  offset = call_dop_oid_callback("dop.terminate.roleb", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.terminate.roleb", tvb, offset, pinfo, tree, "roleB");
 
 #.FN_BODY	T_agreement
 
-  offset = call_dop_oid_callback("dop.agreement", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.agreement", tvb, offset, pinfo, tree, NULL);
 
 #.FN_BODY	T_symmetric
 
-  offset = call_dop_oid_callback("dop.establish.symmetric", tvb, offset, pinfo, tree); 
+  offset = call_dop_oid_callback("dop.establish.symmetric", tvb, offset, pinfo, tree, "symmetric"); 
 
 #.FN_BODY	T_roleA_replies
 
-  offset = call_dop_oid_callback("dop.establish.rolea", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.establish.rolea", tvb, offset, pinfo, tree, "roleA");
 
 #.FN_BODY	T_roleB_replies
 
-  offset = call_dop_oid_callback("dop.establish.roleb", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.establish.roleb", tvb, offset, pinfo, tree, "roleB");
 
 #.FN_BODY	T_agreementProposal
 
-  offset = call_dop_oid_callback("dop.agreement", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.agreement", tvb, offset, pinfo, tree, NULL);
 
 #.FN_BODY	ResultNewAgreement
 
-  offset = call_dop_oid_callback("dop.agreement", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.agreement", tvb, offset, pinfo, tree, NULL);
 
 #.FN_BODY	ArgumentNewAgreement
 
-  offset = call_dop_oid_callback("dop.agreement", tvb, offset, pinfo, tree);
+  offset = call_dop_oid_callback("dop.agreement", tvb, offset, pinfo, tree, NULL);
+
+
+#.FN_PARS INTEGER
+	VAL_PTR	= &value
+
+#.FN_BODY INTEGER
+	guint32	value;
+
+	%(DEFAULT_BODY)s
+
+	if (check_col(pinfo->cinfo, COL_INFO)) {
+		if(hf_index == hf_dop_identifier) {
+			col_append_fstr(pinfo->cinfo, COL_INFO, " id=%%d", value);
+		} else if (hf_index == hf_dop_version) {
+			col_append_fstr(pinfo->cinfo, COL_INFO, ",%%d", value);
+		}
+  	}
+
diff --git a/asn1/dop/packet-dop-template.c b/asn1/dop/packet-dop-template.c
index 395d62bafa..da0c9f6572 100644
--- a/asn1/dop/packet-dop-template.c
+++ b/asn1/dop/packet-dop-template.c
@@ -63,7 +63,7 @@ int proto_dop = -1;
 static struct SESSION_DATA_STRUCTURE* session = NULL;
 static const char *binding_type = NULL; /* binding_type */
 
-static int call_dop_oid_callback(char *base_oid, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree);
+static int call_dop_oid_callback(char *base_oid, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *col_info);
 
 #include "packet-dop-hf.c"
 
@@ -74,18 +74,16 @@ static gint ett_dop = -1;
 #include "packet-dop-fn.c"
 
 static int
-call_dop_oid_callback(char *base_oid, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree)
+call_dop_oid_callback(char *base_oid, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, char *col_info)
 {
-  const char *name = NULL;
   char binding_param[BER_MAX_OID_STR_LEN];
 
-  sprintf(binding_param, "%s.%s", base_oid, binding_type ? binding_type : "");	
+  g_snprintf(binding_param, BER_MAX_OID_STR_LEN, "%s.%s", base_oid, binding_type ? binding_type : "");	
 
-  name = get_ber_oid_name(binding_param);
-  proto_item_append_text(tree, " (%s)", name ? name : binding_param); 
+  if (col_info && (check_col(pinfo->cinfo, COL_INFO))) 
+    col_append_fstr(pinfo->cinfo, COL_INFO, " %s", col_info);
 
   return call_ber_oid_callback(binding_param, tvb, offset, pinfo, tree);
-
 }
 
 
@@ -230,9 +228,6 @@ void proto_register_dop(void) {
   /* Register protocol */
   proto_dop = proto_register_protocol(PNAME, PSNAME, PFNAME);
 
-  /* initially disable the protocol */
-  proto_set_decoding(proto_dop, FALSE);
-
   register_dissector("dop", dissect_dop, proto_dop);
 
   /* Register fields and subtrees */
@@ -272,6 +267,12 @@ void proto_reg_handoff_dop(void) {
     register_ros_oid_dissector_handle("2.5.9.4", handle, 0, "id-as-directory-operational-binding-management", FALSE); 
   }
 
+  /* BINDING TYPES */
+
+  register_ber_oid_name("2.5.19.1", "shadow-agreement");
+  register_ber_oid_name("2.5.19.2", "hierarchical-agreement");
+  register_ber_oid_name("2.5.19.3", "non-specific-hierarchical-agreement");
+
   /* remember the tpkt handler for change in preferences */
   tpkt_handle = find_dissector("tpkt");
 
diff --git a/asn1/dsp/dsp.asn b/asn1/dsp/dsp.asn
index 5bc30f58ea..3f72c1514c 100644
--- a/asn1/dsp/dsp.asn
+++ b/asn1/dsp/dsp.asn
@@ -424,8 +424,6 @@ ReferenceType ::= ENUMERATED {
   supplier(5), master(6), immediateSuperior(7), self(8)}
 
 AccessPoint ::= SET {
--- The following line, whilst wrong, helps with Thales DOP dissection
---  ae-title             [0] IMPLICIT NULL,
   ae-title             [0]  Name,
   address              [1]  PresentationAddress,
   protocolInformation  [2]  SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL
diff --git a/asn1/ros/packet-ros-template.c b/asn1/ros/packet-ros-template.c
index 4ec41b33b0..b0c97dcb2f 100644
--- a/asn1/ros/packet-ros-template.c
+++ b/asn1/ros/packet-ros-template.c
@@ -174,12 +174,14 @@ void proto_register_ros(void) {
 
   ros_oid_dissector_table = register_dissector_table("ros.oid", "ROS OID Dissectors", FT_STRING, BASE_NONE);
   oid_table=g_hash_table_new(g_str_hash, g_str_equal);
+
+  ros_handle = find_dissector("ros");
+
 }
 
 
 /*--- proto_reg_handoff_ros --- */
 void proto_reg_handoff_ros(void) {
 
-  ros_handle = find_dissector("ros");
 
 }
diff --git a/asn1/rtse/packet-rtse-template.c b/asn1/rtse/packet-rtse-template.c
index 27c2b9f6cb..cbe514952c 100644
--- a/asn1/rtse/packet-rtse-template.c
+++ b/asn1/rtse/packet-rtse-template.c
@@ -198,12 +198,14 @@ void proto_register_rtse(void) {
   rtse_oid_dissector_table = register_dissector_table("rtse.oid", "RTSE OID Dissectors", FT_STRING, BASE_NONE);
   oid_table=g_hash_table_new(g_str_hash, g_str_equal);
 
+  rtse_handle = find_dissector("rtse");
+  ros_handle = find_dissector("ros");
+
 }
 
 
 /*--- proto_reg_handoff_rtse --- */
 void proto_reg_handoff_rtse(void) {
 
-  rtse_handle = find_dissector("rtse");
-  ros_handle = find_dissector("ros");
+
 }
diff --git a/asn1/x411/Makefile b/asn1/x411/Makefile
index 69bae85136..98a612167a 100644
--- a/asn1/x411/Makefile
+++ b/asn1/x411/Makefile
@@ -10,7 +10,7 @@ $(DISSECTOR_FILES): ../../tools/asn2eth.py x411.asn packet-x411-template.c packe
 	python ../../tools/asn2eth.py -X -b -e -p x411 -c x411.cnf -s packet-x411-template  x411.asn
 
 clean:
-	rm -f parsetab.py $(DISSECTOR_FILES)
+	rm -f parsetab.py $(DISSECTOR_FILES) *~
 
 copy_files: generate_dissector
 	cp $(DISSECTOR_FILES) ../../epan/dissectors
diff --git a/asn1/x509if/packet-x509if-template.c b/asn1/x509if/packet-x509if-template.c
index 16bf152eba..d184bfb10e 100644
--- a/asn1/x509if/packet-x509if-template.c
+++ b/asn1/x509if/packet-x509if-template.c
@@ -67,6 +67,12 @@ static gboolean doing_dn = TRUE;
 static char *last_dn = NULL;
 static char *last_rdn = NULL;
 
+static int ava_hf_index;
+#define MAX_FMT_VALS   32
+static value_string fmt_vals[MAX_FMT_VALS];
+#define MAX_AVA_STR_LEN   64
+static char *last_ava = NULL;
+
 #include "packet-x509if-fn.c"
 
 const char * x509if_get_last_dn(void)
@@ -74,6 +80,32 @@ const char * x509if_get_last_dn(void)
   return last_dn;
 }
 
+gboolean x509if_register_fmt(int hf_index, const gchar *fmt)
+{
+  static int idx = 0;
+
+  if(idx < (MAX_FMT_VALS - 1)) {
+
+    fmt_vals[idx].value = hf_index;
+    fmt_vals[idx].strptr = fmt;
+
+    idx++;
+
+    fmt_vals[idx].value = 0;
+    fmt_vals[idx].strptr = NULL;
+
+    return TRUE;
+
+  } else 
+    return FALSE; /* couldn't register it */
+
+}
+
+const char * x509if_get_last_ava(void)
+{
+  return last_ava;
+}
+
 /*--- proto_register_x509if ----------------------------------------------*/
 void proto_register_x509if(void) {
 
@@ -101,6 +133,10 @@ void proto_register_x509if(void) {
   proto_register_field_array(proto_x509if, hf, array_length(hf));
   proto_register_subtree_array(ett, array_length(ett));
 
+  /* initialise array */
+  fmt_vals[0].value = 0;
+  fmt_vals[0].strptr = NULL;
+
 }
 
 
diff --git a/asn1/x509if/packet-x509if-template.h b/asn1/x509if/packet-x509if-template.h
index 1be265ab24..6936986057 100644
--- a/asn1/x509if/packet-x509if-template.h
+++ b/asn1/x509if/packet-x509if-template.h
@@ -30,5 +30,8 @@
 
 extern const char * x509if_get_last_dn(void);
 
+extern gboolean x509if_register_fmt(int hf_index, const gchar *fmt);
+extern const char * x509if_get_last_ava(void);
+
 #endif  /* PACKET_X509IF_H */
 
diff --git a/asn1/x509if/x509if.cnf b/asn1/x509if/x509if.cnf
index 1a24ae1c21..23cff72f4b 100644
--- a/asn1/x509if/x509if.cnf
+++ b/asn1/x509if/x509if.cnf
@@ -89,6 +89,16 @@ RequestAttribute/defaultValues/_item/values/_item	ra_values_item
 RequestAttribute/selectedValues				ra_selectedValues
 RequestAttribute/selectedValues/_item			ra_selectedValues_item
 
+#.REGISTER
+DistinguishedName	B	"2.5.4.1"	"id-at-aliasedEntryName"
+DistinguishedName	B	"2.5.4.31"	"id-at-member"
+DistinguishedName	B	"2.5.4.32"	"id-at-owner"
+DistinguishedName	B	"2.5.4.33"	"id-at-roleOccupant"
+DistinguishedName	B	"2.5.4.34"	"id-at-seeAlso"
+DistinguishedName	B	"2.5.4.49"	"id-at-distinguishedName"
+
+
+
 #.FN_PARS ContextId
   FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &object_identifier_id
 
@@ -99,6 +109,7 @@ RequestAttribute/selectedValues/_item			ra_selectedValues_item
   FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &object_identifier_id
 
 #.FN_BODY AttributeId
+  const char *fmt; 
   const char *name;
 
   %(DEFAULT_BODY)s
@@ -115,18 +126,33 @@ RequestAttribute/selectedValues/_item			ra_selectedValues_item
      /* append it to the tree */
      proto_item_append_text(tree, " (%%s=", name);
     }
+
+    if((fmt = val_to_str(hf_index, fmt_vals, "")) && *fmt) {
+      /* we have a format */
+      last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0';
+
+      g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s", name, fmt);
+
+      proto_item_append_text(tree, " %%s", last_ava);
+
+    }
   }
 
 #.FN_BODY AttributeValue
   int old_offset = offset;
   tvbuff_t	*out_tvb;
-  char *value = NULL;
- 
+  char  	*value = NULL;
+  const char 	*fmt; 
+  const char	*name = NULL;
+
   offset=call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
 
   /* try and dissect as a string */
   dissect_ber_octet_string(FALSE, pinfo, NULL, tvb, old_offset, hf_x509if_any_string, &out_tvb);
   
+  /* should also try and dissect as an OID and integer */
+  /* of course, if I can look up the syntax .... */
+
   if(out_tvb) {
     /* it was a string - format it */
     value = tvb_format_text(out_tvb, 0, tvb_length(out_tvb));
@@ -138,6 +164,16 @@ RequestAttribute/selectedValues/_item			ra_selectedValues_item
       proto_item_append_text(tree, "%%s)", value);
     }
 
+    if((fmt = val_to_str(ava_hf_index, fmt_vals, "")) && *fmt) {
+      /* we have a format */
+
+    if(!(name = get_ber_oid_name(object_identifier_id)))
+      name = object_identifier_id;
+    g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s %%s", name, fmt, value);
+
+    proto_item_append_text(tree, " %%s", last_ava);
+
+    }
   }
 
 #.FN_BODY SelectedValues
@@ -193,6 +229,7 @@ RequestAttribute/selectedValues/_item			ra_selectedValues_item
   rdn_one_value = TRUE;
 
 #.FN_BODY RDNSequence
+  const char *fmt; 
 
   dn_one_rdn = FALSE; /* reset */
   last_dn = ep_alloc(MAX_RDN_STR_LEN); *last_dn = '\0';
@@ -203,6 +240,12 @@ RequestAttribute/selectedValues/_item			ra_selectedValues_item
   /* we've finished - append the dn */
   proto_item_append_text(top_of_dn, " (%%s)", last_dn);
 
+ /* see if we should append this to the col info */
+  if(check_col(pinfo->cinfo, COL_INFO) &&
+     (fmt = val_to_str(hf_index, fmt_vals, "")) && *fmt) {
+      /* we have a format */
+	col_append_fstr(pinfo->cinfo, COL_INFO, " %%s%%s", fmt, last_dn);
+    }
 
 #.FN_BODY RDNSequence/_item
 
@@ -215,6 +258,15 @@ RequestAttribute/selectedValues/_item			ra_selectedValues_item
 
   dn_one_rdn = TRUE;
 
+#.FN_BODY AttributeValueAssertion
+
+	ava_hf_index = hf_index;
+	last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0';
+
+	%(DEFAULT_BODY)s
+
+	ava_hf_index=-1;
+
 #.END
 
 
diff --git a/asn1/x509sat/Makefile b/asn1/x509sat/Makefile
index 7d18fcc873..71177d4368 100644
--- a/asn1/x509sat/Makefile
+++ b/asn1/x509sat/Makefile
@@ -8,6 +8,7 @@ generate_dissector: $(DISSECTOR_FILES)
 
 $(DISSECTOR_FILES): ../../tools/asn2eth.py SelectedAttributeTypes.asn packet-x509sat-template.c packet-x509sat-template.h x509sat.cnf ../x509if/x509if-exp.cnf
 	python ../../tools/asn2eth.py -X -b -e -p x509sat -c x509sat.cnf -s packet-x509sat-template SelectedAttributeTypes.asn
+	sed -e "s/\([\"\.]\)Syntax/\1/g" -i.orig packet-x509sat.c
 
 clean:
 	rm -f parsetab.py $(DISSECTOR_FILES)
diff --git a/asn1/x509sat/SelectedAttributeTypes.asn b/asn1/x509sat/SelectedAttributeTypes.asn
index e4f3fc6474..31f8eedc0e 100644
--- a/asn1/x509sat/SelectedAttributeTypes.asn
+++ b/asn1/x509sat/SelectedAttributeTypes.asn
@@ -39,14 +39,15 @@ IMPORTS
 -- Directory string type 
 --This one is much better declared as this,  it is prettier at least
 --the octet string dissector can handle all of them
-DirectoryString ::= PrintableString
---DirectoryString ::= CHOICE {
---  teletexString    TeletexString,
---  printableString  PrintableString,
---  universalString  UniversalString,
---  bmpString        BMPString,
---  uTF8String       UTF8String
---}
+--DirectoryString ::= PrintableString
+
+DirectoryString ::= CHOICE {
+  teletexString    TeletexString,
+  printableString  PrintableString,
+  universalString  UniversalString,
+  bmpString        BMPString,
+  uTF8String       UTF8String
+}
 
 
 -- Attribute types 
@@ -1451,6 +1452,37 @@ id-at-pseudonym OBJECT IDENTIFIER ::= {id-at 65}
 -- 
 -- id-cat-selectedContexts OBJECT IDENTIFIER ::= {id-cat 4}
 
+--
+-- We add these in to give the low-level ASN.1 syntaxes
+-- PrintableString and ObjectIdentifier are the most useful
+-- Note the "Syntax" will be removed during the "make" - it is 
+-- present to stop asn2eth complaining about reserved words
+--
+
+ObjectIdentifier ::= OBJECT IDENTIFIER
+OctetString ::= OCTET STRING
+BitString ::= BIT STRING
+Integer ::= INTEGER
+Boolean ::= BOOLEAN
+
+-- these are reserved words, so we need to prefix them
+SyntaxGeneralizedTime ::= GeneralizedTime
+SyntaxUTCTime ::= UTCTime
+SyntaxNumericString ::= NumericString
+SyntaxPrintableString ::= PrintableString
+SyntaxIA5String ::= IA5String
+SyntaxBMPString ::= BMPString
+SyntaxUniversalString ::= UniversalString
+SyntaxUTF8String ::= UTF8String
+SyntaxTeletexString ::= TeletexString
+SyntaxT61String ::= T61String
+SyntaxVideotexString ::= VideotexString
+SyntaxGraphicString ::= GraphicString
+SyntaxISO646String ::= ISO646String
+SyntaxVisibleString ::= VisibleString
+SyntaxGeneralString ::= GeneralString
+
+
 END -- SelectedAttributeTypes
 
 -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
diff --git a/asn1/x509sat/x509sat-exp.cnf b/asn1/x509sat/x509sat-exp.cnf
index 6f411f0608..36a3c3e260 100644
--- a/asn1/x509sat/x509sat-exp.cnf
+++ b/asn1/x509sat/x509sat-exp.cnf
@@ -1,5 +1,5 @@
 #.IMPORT_TAG
-DirectoryString          BER_CLASS_UNI BER_UNI_TAG_PrintableString
+DirectoryString          BER_CLASS_ANY/*choice*/ -1/*choice*/
 UniqueIdentifier         BER_CLASS_UNI BER_UNI_TAG_BITSTRING
 CountryName              BER_CLASS_UNI BER_UNI_TAG_PrintableString
 Criteria                 BER_CLASS_ANY/*choice*/ -1/*choice*/
@@ -32,7 +32,7 @@ LocaleContextSyntax      BER_CLASS_ANY/*choice*/ -1/*choice*/
 #.END
 
 #.TYPE_ATTR
-DirectoryString          TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+DirectoryString          TYPE = FT_UINT32  DISPLAY = BASE_DEC   STRINGS = VALS(x509sat_DirectoryString_vals)  BITMASK = 0
 UniqueIdentifier         TYPE = FT_BYTES   DISPLAY = BASE_HEX   STRINGS = NULL  BITMASK = 0
 CountryName              TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
 Criteria                 TYPE = FT_UINT32  DISPLAY = BASE_DEC   STRINGS = VALS(x509sat_Criteria_vals)  BITMASK = 0
diff --git a/asn1/x509sat/x509sat.cnf b/asn1/x509sat/x509sat.cnf
index c112117295..46344a2fc9 100644
--- a/asn1/x509sat/x509sat.cnf
+++ b/asn1/x509sat/x509sat.cnf
@@ -61,41 +61,108 @@ TelexNumber
 UniqueIdentifier
 X121Address
 
+ObjectIdentifier
+OctetString
+BitString
+Integer
+Boolean
+SyntaxGeneralizedTime
+SyntaxUTCTime
+SyntaxNumericString
+SyntaxPrintableString
+SyntaxIA5String
+SyntaxBMPString
+SyntaxUniversalString
+SyntaxUTF8String
+SyntaxTeletexString
+SyntaxT61String
+SyntaxVideotexString
+SyntaxGraphicString
+SyntaxISO646String
+SyntaxVisibleString
+SyntaxGeneralString
+
 #.REGISTER
-CountryName     B "2.5.4.6"    "id-at-countryName"
-DirectoryString B "2.5.4.2"    "id-at-knowledgeInformation"
-DirectoryString B "2.5.4.10"   "id-at-organizationName"
-DirectoryString B "2.5.4.7.1"  "id-at-collectiveLocalityName"
-DirectoryString B "2.5.4.3"    "id-at-commonName"
-DirectoryString B "2.5.4.4"    "id-at-surname"
-DirectoryString B "2.5.4.42"   "id-at-givenName"
-DirectoryString B "2.5.4.43"   "id-at-initials"
-DirectoryString B "2.5.4.44"   "id-at-generationQualifier"
-DirectoryString B "2.5.4.51"   "id-at-houseIdentifier"
-DirectoryString B "2.5.4.54"   "id-at-dmdName"
-DirectoryString B "2.5.4.65"   "id-at-pseudonym"
-DirectoryString B "2.5.4.41"   "id-at-name"
-DirectoryString B "2.5.4.8.1"  "id-at-collectiveStateOrProvinceName"
-DirectoryString B "2.5.4.8"    "id-at-stateOrProvinceName"
-DirectoryString B "2.5.4.9"    "id-at-streetAddress"
-DirectoryString B "2.5.4.9.1"  "id-at-collectiveStreetAddress"
-DirectoryString B "2.5.4.10.1" "id-at-collectiveOrganizationName"
-DirectoryString B "2.5.4.7"    "id-at-localityName"
-DirectoryString B "2.5.4.11"   "id-at-organizationalUnitName"
-DirectoryString B "2.5.4.11.1" "id-at-collectiveOrganizationalUnitName"
-DirectoryString B "2.5.4.12"   "id-at-title"
-DirectoryString B "2.5.4.13"   "id-at-description"
-DirectoryString B "2.5.4.15"   "id-at-businessCategory"
-DirectoryString B "2.5.4.17"   "id-at-postalCode"
-DirectoryString B "2.5.4.17.1" "id-at-collectivePostalCode"
-DirectoryString B "2.5.4.18"   "id-at-postOfficeBox"
-DirectoryString B "2.5.4.18.1" "id-at-collectivePostOfficeBox"
-DirectoryString B "2.5.4.19"   "id-at-physicalDeliveryOfficeName"
-DirectoryString B "2.5.4.19.1" "id-at-collectivePhysicalDeliveryOfficeName"
-TelephoneNumber B "2.5.4.20"   "id-at-telephoneNumber"
-TelephoneNumber B "2.5.4.20.1" "id-at-collectiveTelephoneNumber"
-TelexNumber     B "2.5.4.21"   "id-at-telexNumber"
-TelexNumber     B "2.5.4.21.1" "id-at-collectiveTelexNumber"
+ObjectIdentifier        B "2.5.4.0"   "id-at-objectClass"
+#  - see x509if.cnf for "id-at-aliasedEntryName"
+DirectoryString         B "2.5.4.2"    "id-at-knowledgeInformation"
+DirectoryString         B "2.5.4.3"    "id-at-commonName"
+DirectoryString         B "2.5.4.4"    "id-at-surname"
+SyntaxPrintableString	B "2.5.4.5"    "id-at-serialNumber"
+CountryName             B "2.5.4.6"    "id-at-countryName"
+DirectoryString         B "2.5.4.7"    "id-at-localityName"
+DirectoryString         B "2.5.4.7.1"  "id-at-collectiveLocalityName"
+DirectoryString         B "2.5.4.8"    "id-at-stateOrProvinceName"
+DirectoryString         B "2.5.4.8.1"  "id-at-collectiveStateOrProvinceName"
+DirectoryString         B "2.5.4.9"    "id-at-streetAddress"
+DirectoryString         B "2.5.4.9.1"  "id-at-collectiveStreetAddress"
+DirectoryString         B "2.5.4.10.1" "id-at-collectiveOrganizationName"
+DirectoryString         B "2.5.4.10"   "id-at-organizationName"
+DirectoryString         B "2.5.4.11"   "id-at-organizationalUnitName"
+DirectoryString         B "2.5.4.11.1" "id-at-collectiveOrganizationalUnitName"
+DirectoryString         B "2.5.4.12"   "id-at-title"
+DirectoryString         B "2.5.4.13"   "id-at-description"
+EnhancedGuide	        B "2.5.4.14"   "id-at-searchGuide"
+DirectoryString         B "2.5.4.15"   "id-at-businessCategory"
+PostalAddress           B "2.5.4.16"   "id-at-postalAddress"
+DirectoryString         B "2.5.4.17"   "id-at-postalCode"
+DirectoryString         B "2.5.4.17.1" "id-at-collectivePostalCode"
+DirectoryString         B "2.5.4.18"   "id-at-postOfficeBox"
+DirectoryString         B "2.5.4.18.1" "id-at-collectivePostOfficeBox"
+DirectoryString         B "2.5.4.19"   "id-at-physicalDeliveryOfficeName"
+DirectoryString         B "2.5.4.19.1" "id-at-collectivePhysicalDeliveryOfficeName"
+TelephoneNumber         B "2.5.4.20"   "id-at-telephoneNumber"
+TelephoneNumber         B "2.5.4.20.1" "id-at-collectiveTelephoneNumber"
+TelexNumber             B "2.5.4.21"   "id-at-telexNumber"
+TelexNumber             B "2.5.4.21.1" "id-at-collectiveTelexNumber"
+# "id-at-teletexTerminalIdentifier" - what syntax?
+FacsimileTelephoneNumber B "2.5.4.23" "id-at-facsimileTelephoneNumber"
+FacsimileTelephoneNumber B "2.5.4.23.1" "id-at-collectiveFacsimileTelephoneNumber"
+X121Address             B "2.5.4.24"   "id-at-x121Address"
+InternationalISDNNumber B "2.5.4.25" "id-at-internationalISDNNumber"
+InternationalISDNNumber B "2.5.4.25.1" "id-at-collectiveInternationalISDNNumber"
+PostalAddress           B "2.5.4.26" "id-at-registeredAddress"
+DestinationIndicator    B "2.5.4.27" "id-at-destinationIndicator"
+PreferredDeliveryMethod B "2.5.4.28" "id-at-preferredDeliveryMethod"
+PresentationAddress     B "2.5.4.29" "id-at-presentationAddress"
+ObjectIdentifier        B "2.5.4.30" "id-at-supportedApplicationContext"
+# "id-at-member" - see x509if.cnf
+# "id-at-owner" - see x509if.cnf
+# "id-at-roleOccupant" - see x509if.cnf
+# "id-at-seeAlso" - see x509if.cnf
+OctetString        B "2.5.4.35" "id-at-userPassword"
+# "id-at-userCertificate" - see x509af.cnf
+# "id-at-cACertificate" - see x509af.cnf
+# "id-at-authorityRevocationList" - see x509af.cnf
+# "id-at-certificateRevocationList" - see x509af.cnf
+# "id-at-crossCertificatePair" - see x509af.cnf
+DirectoryString         B "2.5.4.41"   "id-at-name"
+DirectoryString         B "2.5.4.42"   "id-at-givenName"
+DirectoryString         B "2.5.4.43"   "id-at-initials"
+DirectoryString         B "2.5.4.44"   "id-at-generationQualifier"
+UniqueIdentifier        B "2.5.4.45"  "id-at-uniqueIdedntifier"
+SyntaxPrintableString    B "2.5.4.46"	"id-at-dnQualifier"
+EnhancedGuide           B "2.5.4.47"	"id-at-enhancedSearchGuide"
+ProtocolInformation     B "2.5.4.48" "id-at-protocolInformation"
+# 49 "id-at-distinguishedName" - see x509if.cnf
+NameAndOptionalUID      B "2.5.4.50" "id-at-uniqueMember"
+DirectoryString         B "2.5.4.51"   "id-at-houseIdentifier"
+ObjectIdentifier        B "2.5.4.52"	"id-at-supportedAlgorithms"
+# 53 "id-at-deltaRevocationList" - what syntax?
+DirectoryString         B "2.5.4.54"   "id-at-dmdName"
+# 55 "id-at-clearance" - what syntax (or rather where?)
+# 56 "id-at-defaultDirQop" - what syntax?
+# 56 "id-at-attributeIntegrityInfo" - what syntax?
+# 58 "id-at-attributeCertificate" - see x509af.cnf
+# 59 "id-at-attributeCertificateRevocationLIst" - see x509af.cnf
+# 60 "id-at-confKeyInfo" - what syntax?
+# 61 ?
+# 62 ?
+# 63 ?
+# 64 "id-at-familyInformation" - what syntax?
+DirectoryString        B "2.5.4.65"   "id-at-pseudonym"
+ObjectIdentifier       B "2.5.4.66" "id-at-communuicationsService"
+ObjectIdentifier       B "2.5.4.67" "id-at-communuicationsNetwork"
 
 #.NO_EMIT
 
@@ -111,9 +178,6 @@ XDayOf/third				third_dayof
 XDayOf/fourth				fourth_dayof
 XDayOf/fifth				fifth_dayof
 
-#.FN_BODY DirectoryString
-	offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index, NULL);
-
 #.END