On Nov 10, 2010, at 7:21 AM, Pete Zaitcev wrote:
> On Tue, 9 Nov 2010 13:23:28 -0800
> Guy Harris <guy@xxxxxxxxxxxx> wrote:
>> On Nov 9, 2010, at 12:05 PM, Németh Márton wrote:
>>
>>> OK, that's clear, the byte order of the API structure fields are in "host endian"
>>> order. The API structures are already saved by Wireshark into file for quite some
>>> time.
>>
>> ...and tcpdump. Support for capturing on USB on Linux has been in
>> libpcap since at least libpcap 1.0.
>
> I imagined that Nemeth wanted to implement an alternative to that.
I hadn't heard him propose that.
It might be a good idea...
> Surely he knows how libpcap works. In that case a new, host-independent
> format may be introduced.
...and, if done, it would be ideal if it were also designed to be platform-dependent, so that it didn't have Linux implementation details leaking through; that could let it be used if other platforms offer a way to watch USB operations.
Are the formats of the USB header and the isochronous descriptors guaranteed never to change? If not, a new format should definitely be introduced, as, for example, with the mmapped buffer, we just pass to the capture callback a pointer to the item in that buffer. However, given that the capture callback is just passed a single pointer to the packet data, access to the mmapped buffer would have to be done by constructing the new header in a mallocated buffer *AND* all the packet data will have to be copied to that buffer, so a lot more data copying will be done.
