On 1/23/07, Paolo Abeni <paolo.abeni@xxxxxxxx> wrote:
The linux header is enforced in host byte order by the wiretap/libpcap
code: when a capture saved on by a host with different endianess is
loaded and the data link is of the capture is DLT_USB_LINUX, the linux
header fields are swapped.
One problem is that the proto_tree_add_* calls set the little_endian
flag to true regardless of the endianness of the host.
For instance, if I create a .pcap file with "text2pcap -l 189 ..." on
a big-endian machine, then the .pcap file seems not to have the
byte-swapped flag set. That code seems to handle the case where an x86
machine captures and a PowerPC displays (for instance).
Maybe I'm misinterpreting how this should work, though. It will
probably be clearer once I get a chance to see real sample pcap files.
If this patch is merged, must I update the wiki to reflect current
status?
Another thing here - it might be good to mention on the Wiki the
versions of Wireshark that support the old raw USB encapsulation, and
the new format that your patch adds/replaces.
--
- Charles Lepple
