tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sniffing from USB bus: current shortcoming

From: Paolo Abeni <paolo.abeni () email it>
Date: Wed, 29 Nov 2006 09:38:37 +0100
Hello,

On 2006-11-28 20:02:24 GMT Guy Harris wrote:

i.e., you're replacing
      bpf_u_int32 urb_type;
with
      u_char transfer_type;
      u_char event_type;
      u_short bus_id;
[... don't work...]


Thanks for precising it. If binary compatibility will be break in any
way, I'd better move to little endian encoding...


Note: the pcap_usb_setup header is currently build up from the pcap code
(in network byte order), but, with the new binary interface, will be
provided from the kernel (in little endian byte encoding).



Will that be the case even on big-endian machines?


Yes, AFAIK. The pcap_usb_setup header is composed by bytes actually sent
on the USB bus and thus it's encoding format is not arch-dependent.

One more point. The kernel provides for a couple of events for each URB
transfer (submit/complete or submit/error). I don't know if the
completion/error event is guarantied to be posted just after the
corresponding submit. 

In order to let the calling application associate the completion/error
event to the corresponding submit event an unique id is provided by the
kernel identifying the URB associated to each event. 
I suppose I must add it to the usb header, right ? (it's a 64 bit
unsigned integer).      

So at the end the header should looks like this:

typedef struct _usb_header {
  u_char transfer_type;
  u_char event_type;
  u_short bus_id;
  bpf_u_int32 device_address;
  bpf_u_int32 endpoint_number;
  bpf_u_int32 flags;
  bpf_u_int32 id_hi;
  bpf_u_int32 id_low;
} pcap_usb_header;

The device_address, endpoint_number and flags could be encoded on
shorter field: the usb standard give 8 bits for device_address and
endpoint_number, while we will use only to bits of flags. Should I use
instead something like:

typedef struct _usb_header {
  u_char transfer_type;
  u_char event_type;
  u_short bus_id;
  u_char device_address;
  u_char endpoint_number;
  u_char flags;
  u_char pad;
  bpf_u_int32 id_hi;
  bpf_u_int32 id_low;
} pcap_usb_header;

thanks again for your attention and time.

Paolo

p.s. currently I'm not receiving any messages from the mailing list, can
you please cc my address in your response? thanks

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: