again usb sniffing: RFC

[Paolo Abeni <paolo.abeni () email it>]

Hi list,

I finally build-up the code to use the next-to came linux kernel API for
USB sniffing. I performed some simple test with a patched wireshark and
it seams to work nicely, but:

- I'm not able to take advantage of the memory mapped access: the kernel
prepend to each event an header that is quite different form the libpcap
pcap_usb_header. To keep thinks working I need to modify 'in-place' this
header (but this requires write access to the memory mapped area,
currently not available and extremely dangerous) or change the
pcap_usb_header to match the kernel provided one. In the latter scenario
the data link type associated to the generated trace will be
linux-specific. Do you see any other possible solution ?!? (e.g. simply
do not use the memory mapped access). Which way should I follow ?!? (I
think this is somewhat a 'taste-related' choice). 

- there is some intricacy regarding the URB direction: the kernel
provided a flag that specify the URB direction, but there is an
additional modifier: the event type. Completion event are supposed to
'invert' the direction specified by kernel. I hope to make it right, but
some testing should be performed by someone with more knowledge of the
USB protocol than me.

please let me know any feedback,

Paolo

p.s. for the adventurous willing to test all the thing here:

http://marc.theaimsgroup.com/?l=linux-usb-devel&m=116464642522955&w=2

you can find the kernel patch for the new binary API (it apply to linux
2.6.18). 

p.p.s. if someone is interested I have a patch to synchronize wireshark
usb dissector with the attached pcap patch.

Attachment: usb_bin_api.patch
Description:

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.