Re: [BUG] pcap-usb-linux.c

[Guy Harris <guy () alum mit edu>]

On Nov 27, 2008, at 3:49 AM, Jean-Louis wrote:

> this means request a new DLT_ value like i.e. DLT_USB_LINUX_MMAPPED,

Yes.  I've added DLT_USB_LINUX_MMAP.

> add
> a new struct in libpcap/pcap/usb.h similar to pcap_usb_header with  
> last
> field for padding i.e.
>
> typedef struct _usb_header_mmapped {
>  ...
>  ...
>  u_int8_t padding[16];
> } pcap_usb_header_mmapped;

That could be done, but, instead, I just added a #define  
MMAPPED_USB_HEADER_SIZE which is the size of the padded header.

> change pcap-usb-linux.c for use new DLT_USB_LINUX_MMAPPED and new
> pcap_usb_header_mmapped for mmapped access, while text access and bin
> access use "standard" DLT_USB_LINUX and pcap_usb_header
>
> find -name "*.[ch]" | xargs grep "_USB_LINUX"
> find -name "*.[ch]" | xargs grep "pcap_usb_header"
>
> changing file accordingly:
>
> gencode.c
> pcap.c
> savefile.c
> pcap-usb-linux.c
> pcap/usb.h
> pcap/bpf.h
>
> it's correct?

Yes.  I've checked in changes to those files to support  
DLT_USB_LINUX_MMAP, along with some fixes from Jon Smirl - and checked  
in Wireshark changes to fix the handling of Linux USB captures in  
general, and to add support for DLT_USB_LINUX_MMAP.

The libpcap 1.0.1 release hasn't been done yet, so those fixes might  
get into 1.0.1 when it's released.  The Wireshark changes are  
currently only in the main development branch, but I've added them to  
the list of changes to be put into the 1.0.6 release.

I captured some traffic, using both the memory-mapped interface and  
non-memory-mapped binary interface, on Fedora 9; the top-of-main- 
branch Wireshark appears to be dissecting them correctly.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.