Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] USB Link Layer dissector integration

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Darien Spencer" <cusneud@xxxxxxxx>
Date: Wed, 3 Oct 2018 19:51:53 +0200
Hi Maciej,
 
I think I understand your problem since I noticed something similiar with the USB dissector. Correct me if it's a different issue.
I was working on the AT dissector (runs over USB URB) and I noticed that sometimes the traffic is split over several frames.
When I looked further I realised the USB dissector doesn't (and maybe can't?) reassemble those packets in it's current state.
So the result was different parts of the AT packets where handled to the AT dissetor as a complete AT payload, which is incorrect.
 
I'm not that familiar with the protocols used for USB transfer and the USB URB dissector but as much as I understand the
protocol seems to work in a 'stream-oriented' way, kind of like TCP.
 
If that's the case, the kind of reassembly mechanism used in the TCP dissector might fit for USB as well.
 
Anyone else in the group knows enough about the USB dissector to confirm?
 
-- Darien
 
 
Sent: Tuesday, October 02, 2018 at 10:48 PM
From: "Maciej Purski" <mppmaciek@xxxxxxxxx>
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] USB Link Layer dissector integration

Hi all,

I have already asked this question on Q&A and was advised to put it here.

I am working with a USB Link Layer traffic dump in pcap format. I have managed to implement a dissector for it. My dissector recognizes different USB packets and tokens. My goal is to pass the data to higher layer dissectors. I am going to reassemble the data packets in order to dissect full USB transfers. That's not problem for me. The problem is, how to integrate it with the current USB implementation in Wireshark in order to call existing dissecctors for USB application layer protocols like MTP or ADB.

As far as I understand it, they rely on the current implementation of USB protocol dissector. For now I can see two possibilities, but any of them does not seem completely right.

1) I could call the existing USB dissector from my USB Link Layer dissector, but that would require a lot of changes in the packet-usb.c. I would have to implement the whole transfers reassembly in packet-usb.c

2) I could write a new dissector that somehow "mocks" the USB dissector and behaves in the same way from the point of view of application layer dissectors. I guess that in this case I'd have ti implement a second dissector for the same protocol. I am also not sure if this is right.

Thanks in advance for all responses. I am new to Wireshark development. For now, I am implementing this just for my own usage, but I am planning to send it to Open Source in the future.

Best regards,

Maciej

___________________________________________________________________________ Sent via: Wireshark-dev mailing list Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube