Re: Link-Layer Header Type request for USBPcap

[Tomasz Moń <desowin () gmail com>]

On Mon, Mar 25, 2013 at 11:08 AM, Guy Harris <guy () alum mit edu> wrote:
> > #pragma pack(1)
> > typedef struct
> > {
> >     USHORT       headerLen; /* This header length */
> >     UINT64       irpId;     /* I/O Request packet ID */
>
> So headerLen is at an offset of 0, and irpId is at an offset of 2, right?

Exactly.

> >       o irpId is merely a pointer to IRP casted to the UINT64
> I.e., it's an 64-bit cookie whose bits have no particular significance, given that, within a file, there's nothing 
> for it to point to.

Yes. It is provided so it could be used to pair the requests with
responses in analysis software.

> >       o transfer determines the transfer type and thus the header type. See below for details.
> >       o dataLength specifies the total length of transfer data to follow directly after the header.
> > Transfer-specific headers
>
> Presumably the "transfer-specific header" follows the USBPCAP_BUFFER_PACKET_HEADER in the packet data, with the 
> transfer data following the transfer-specific header.

Actually, all transfer-specific headers inherit the base packet header.

But yes, first there is the USBPCAP_BUFFER_PACKET_HEADER, then (if
any) the transfer-specific header members not contained in
USBPCAP_BUFFER_PACKET_HEADER, and then the transfer data.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers