[Openvas-discuss] ID/OID scheme for OpenVAS NASL scripts?
jan-oliver.wagner at intevation.de
Thu Jan 3 12:00:42 CET 2008
I am trying to find out about the OID for OpenVAS and how to
or whether to apply it for NASL scripts.
This is urgent as we are close to go into production mode
for NASL scripts. So please add your thoughts.
Apparently there has been registered
timb at openvas.org
for enterprise OIDs (18.104.22.168.4.1).
(BTW: Tim: shouldn't you fix up the email address or does it still work?)
Found at http://www.iana.org/assignments/enterprise-numbers
Does this mean, the full OID is 22.214.171.124.4.1.25623?
Using OIDs for NASL scripts:
Could be based on families, e.g.
126.96.36.199.4.1.25623.1 = iso.org.dod.internet.private.enterprise.OpenVAS.DSA
188.8.131.52.4.1.25623.1.1157 = iso.org.dod.internet.private.enterprise.OpenVAS.DSA.1157
184.108.40.206.4.1.25623.0 = iso.org.dod.internet.private.enterprise.OpenVAS.libraries
220.127.116.11.4.1.25623.0.1 = iso.org.dod.internet.private.enterprise.OpenVAS.libraries.package-tests
(note: I do not know whether 0 is allowed as number and which characters for the name (e.g. "-"))
Please let me know wether I am all wrong with my guesses.
If not, is the above example to way to go?
This would mean in practice to have something like:
which apparently will cause trouble (integer vs string),
as you can see in openvas-libraries/libopenvas/plugutils.c:
void plug_set_id(desc, id)
struct arglist * desc;
arg_add_value(desc, "ID", ARG_INT, sizeof(int), (void*)id);
So we would have to go through all the code and do changes
accordingly. It is doable (I will do) if we think it is worth it.
Alternatively it is possible to introduce
and add corresponding processing though all of the code.
Also doable, maybe less overall efford than to change int to str for ID.
Open question is what to do with the old ID, just try to have no conflicts
among the various contributores via some simple rules? Leave empty?
Postpone the whole OID stuff for OpenVAS 1.2 series and use a simple, flat
integer no-conflicts scheme for the time being? (and disregard broken URLs for
Other OID naming schemes than family based?
Thoughts highly appreciated!
Dr. Jan-Oliver Wagner Intevation GmbH, Osnabrück
Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Openvas-discuss