Re: Speed specific Link-Layer Header Types for USB 2.0

[Tomasz Moń via tcpdump-workers <tcpdump-workers () lists tcpdump org>]

> --- Begin Message ---
>
>
> From: Tomasz Moń <desowin () gmail com>
>
> Date: Tue, 10 May 2022 21:31:04 +0200
>
> On Tue, 2022-05-10 at 07:28 +0200, Tomasz Moń wrote:
> > On Mon, May 9, 2022 at 10:17 PM Guy Harris <gharris () sonic net> wrote:
> > > On May 9, 2022, at 12:31 PM, Tomasz Moń <desowin () gmail com> wrote:
> > > > It is important that the analysis engine know whether the packets
> > > > were
> > > > full or low-speed as there are slightly different rules. There is
> > > > not
> > > > so clear distinction between layers as USB does not really use
> > > > ISO/OSI
> > > > model.
> > > >
> > > > So I think it definitely makes sense to have separate link types
> > > > for
> > > > full-speed and low-speed.
> > >
> > > It makes sense to indicate whether packets are full-speed or low-
> > > speed; nobody is arguing otherwise.
> > >
> > > The question is whether the right way to do that is to have
> > > separate link types, so that you can't have a mix of full-speed and
> > > low-speed packets in a single pcap capture or on a single interface
> > > in a pcapng capture, or to have a single link-layer type with a
> > > per-packet full-speed/low-speed indicator.
> >
> > I think the separate link types are the way to go.
> >
> > The full to low speed transition is not technically a packet, but
> > rather a "Preamble". While the transceivers, e.g. the one used in
> > OpenVizsla, have special mode to send that preamble together with
> > low-speed packet, they do not have a mode to capture low-speed
> > transactions. The handling logic has to be bundled in specialized hub
> > chip (and only there, the non-hub full speed devices will happily
> > discard what they see as garbage).
>
> It should be noted that when (and if) low-speed traffic is received on
> full-speed device differential pair (D+/D-), it is never intended for
> the full-speed device and the full-speed device never acts upon it
> (full-speed hub simply forwards low-speed traffic, non-hub devices
> simply ignore it).
>
> When user does full-speed only capture using hardware sniffer, the user
> intends to see full-speed packets. If the resulting capture includes
> PRE token, it is clear that there was some low-speed traffic. And it is
> clear that the low-speed traffic was not in any way related to any
> full-speed function.
>
> When low-speed capture is performed, it has to be performed at the leaf
> (in graph-theory sense) connection. Full-speed traffic never make it to
> the low-speed cables, so the capture will contain only low-speed
> packets.
>
> --- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers