Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 5370] Add support for USB isochronous

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 5 Nov 2010 23:09:21 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5370

--- Comment #7 from Márton Németh <nm127@xxxxxxxxxxx> 2010-11-05 23:09:15 PDT ---
(In reply to comment #6)
>  - what happens if the capture file which contains caputred USB packets on
> little-endian computer is transfered to a big-endian computer and opened there
> in Wireshark?
> 
> Most of the Linux pseudo-header is byte-swapped by the Wiretap code, so that
> most of the fields in the Linux pseudo-header are in the byte order appropriate
> for the host reading the file.
> 
> The fields in the data[8] portion of the pseudo-header are *NOT* modified in
> any fashion, so any multi-byte quantities put there by host code, rather than
> being copied from the (little-endian, I think) USB setup information, will be
> in the byte order of the host that *wrote* the file.

I had a closer look: the struct linux_usb_phdr can be found in
http://anonsvn.wireshark.org/viewvc/trunk/wiretap/pcap-common.c?view=markup and
the byte swapping happens in pcap_process_linux_usb_pseudoheader() in the same
file. The function pcap_process_linux_usb_pseudoheader() has a gboolean
byte_swapped parameter which is used to decide whether swapping is necessary or
not.

> The same is true of the isochronous descriptors - they are *NOT* examined, and
> *NOT* byte-swapped, by the Wiretap code.

As far as I understand there are two cases to handle when reading isochronous
descriptors:
 - when the capture happens or was saved on an architecture with same
endianness as the currently running one then the values are in host-endian
format.
 - when the capture file was transfered from a computer with different
endianness then the dissector needs to byte swap the values which are not
handled by the Wiretap code.

How is it possible to distinguish between these two cases in a dissector? Is
there already a tvb_get*() function which can distinguish between the two cases
and return the values in the host byte order?

(The function tvb_get_ntohl() suggested in comment #4 does a
Network-to-host-order conversion but I think here something else is needed.)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube