Re: usbmon: size of different fields?

[Guy Harris <guy () alum mit edu>]

On Nov 10, 2010, at 7:21 AM, Pete Zaitcev wrote:

> On Tue, 9 Nov 2010 13:23:28 -0800
> Guy Harris <guy () alum mit edu> wrote:
> > On Nov 9, 2010, at 12:05 PM, Németh Márton wrote:
> >
> > > OK, that's clear, the byte order of the API structure fields are in "host endian"
> > > order. The API structures are already saved by Wireshark into file for quite some
> > > time.
> >
> > ...and tcpdump.  Support for capturing on USB on Linux has been in
> > libpcap since at least libpcap 1.0.
>
> I imagined that Nemeth wanted to implement an alternative to that.

I hadn't heard him propose that.

It might be a good idea...

> Surely he knows how libpcap works. In that case a new, host-independent
> format may be introduced.

...and, if done, it would be ideal if it were also designed to be platform-dependent, so that it didn't have Linux 
implementation details leaking through; that could let it be used if other platforms offer a way to watch USB 
operations.

Are the formats of the USB header and the isochronous descriptors guaranteed never to change?  If not, a new format 
should definitely be introduced, as, for example, with the mmapped buffer, we just pass to the capture callback a 
pointer to the item in that buffer.  However, given that the capture callback is just passed a single pointer to the 
packet data, access to the mmapped buffer would have to be done by constructing the new header in a mallocated buffer 
*AND* all the packet data will have to be copied to that buffer, so a lot more data copying will be done.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe