Re: USB Attached SCSI dissector

[Guy Harris <gharris () sonic net>]

On Oct 22, 2021, at 6:06 PM, Aidan MacDonald via Wireshark-dev <wireshark-dev () wireshark org> wrote:

> Second, the hooks provided by the generic USB dissector seemingly aren't a good fit. Basically, it seems to use only 
> the interface class to decide what sub-dissector to call, but UASP uses the mass storage class like the existing 
> Bulk-Only transport dissector. So that dissector is essentially sitting in the way and preventing me from hooking in 
> UASP. (Or at least I think so. Currently I'm just commenting it out the conflicting hooks during testing.)
>
> I need to look at the interface protocol to determine if the traffic is UASP or not. I think the simplest way to do 
> this is adding a shim dissector for mass storage class which invokes either the BOT or UASP dissector depending on 
> the interface protocol (if known). Does that sound like a good approach?

That seems to make sense.  The current mass storage class dissector just registers in the "usb.bulk" and "usb.control" 
dissector tables based on the interface class.

*However*, there's also a *heuristic* dissector registered in the "usb.bulk" heuristic dissector table, and *that* 
looks for what appears to be a signature of Bulk-Only Transport packets.  If so, then the *heuristic* dissector should 
directly call the Bulk-Only Transport dissector.  I don't know whether there's a heuristic that can recognize UASP 
traffic; if so, you'll have to write a separate heuristic dissector for that.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe