Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [REPOST][PATCH] update USB dissector

From: "Charles Lepple" <clepple@xxxxxxxxx>
Date: Sun, 18 Mar 2007 11:21:30 -0400
On 1/30/07, Guy Harris <guy@xxxxxxxxxxxx> wrote:
I also fixed some other issues that I saw when reading the capture - for
example, some fields from the USB packet were being read in big-endian
format rather than little-endian format, and control packets were being
interpreted as standard requests even if the type wasn't "Standard".

hmm, I am seeing that same problem with the current trunk and Paolo's
new DLT_LINUX_USB-based sample captures.

Here's an example. Get_Descriptor is control request 0x06, and the
descriptor type and value are stored in wValue (high and low byte,
respectively). In USB (little-endian) format, that puts the descriptor
type in the second byte.

The attached patch swaps the order in which these bytes are read.
Here's the effect on running 'tshark -V' on Paolo's
usb_memory_stick.pcap on the Wiki:

--- tshark-mem-stick-orig.txt   2007-03-18 10:56:02.000000000 -0400
+++ tshark-mem-stick-patched.txt        2007-03-18 11:00:27.000000000 -0400
[...]
@@ -783,8 +783,8 @@
            .00. .... = Type: Standard (0x00)
            ...0 0000 = Recipient: Device (0x00)
        bRequest: GET DESCRIPTOR (0x06)
-        bDescriptorType: Unknown (0x00)
-        Descriptor Index: 0x01
+        Descriptor Index: 0x00
+        bDescriptorType: DEVICE (0x01)
        Language Id: no language specified (0x0000)
        wLength: 18
[Packet size limited during capture: USB truncated]
@@ -835,8 +835,8 @@
            .00. .... = Type: Standard (0x00)
            ...0 0000 = Recipient: Device (0x00)
        bRequest: GET DESCRIPTOR (0x06)
-        bDescriptorType: Unknown (0x00)
-        Descriptor Index: 0x02
+        Descriptor Index: 0x00
+        bDescriptorType: CONFIGURATION (0x02)
        Language Id: no language specified (0x0000)
        wLength: 9
[Packet size limited during capture: USB truncated]

I see this on both Linux/x86 and OS X/powerpc with the current trunk
(last changed rev of epan/dissectors/packet-usb.c: 20632).

It might be interesting to make it handle the old format as well.

If anyone tackles this, it would probably be best to convert the old
format into the standard USB byte ordering when reading it in.

--
- Charles Lepple

Attachment: usb-setup-order.diff
Description: Binary data