Wireshark-bugs: [Wireshark-bugs] [Bug 11868] New: USB dissector fails to dissect isochronous pay

Date: Wed, 09 Dec 2015 18:58:42 +0000
Bug ID 11868
Summary USB dissector fails to dissect isochronous payload in OUT URBs in captures taken on Linux
Product Wireshark
Version 2.0.0
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 14129 [details]
capture from linux with status field of the very first packet in the very first
frame  manually set to 0

Build Information:
Version 2.0.0 (v2.0.0-0-g9a73b82 from master-2.0)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale C, with
WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without
AirPcap.
       Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz (with SSE4.2), with 8141MB of
physical memory.


Built using Microsoft Visual C++ 12.0 build 31101
--
The USB dissector improperly handles isochronous out transfers depending on
operating system on which the capture has been taken.

 - For files captured on Windows (Encapsulation type: USB packets with USBPcap
header (153)), the status field of the isochronous data descriptor is called
"usb.win32.iso_status", and when dissecting contents of a "sent" URB containing
isochronous OUT data, the dissector marks it as irrelevant and really ignores
it (the Windows drivers fill the status field with 0 when sending, but even
changing the value manually doesn't prevent the dissector from dissecting the
usb.iso.data into the packet tree, and tshark from dumping them if required).

 - For files captured on Linux (Encapsulation type: USB packets with Linux
header and padding (115)), the status field is called "usb.iso.iso_status", and
the dissector only dissects the usb.iso.data into packet tree if the status
field is 0. This is correct for the case of "received" URBs from IN direction,
but wrong for the case of "sent" URBs for OUT direction, as the result of the
operation is not known until the URB is "received" after the operation. To get
the data dissected, it is necessary to set the status field to 0 manually,
because Linux drivers (maybe on purpose, like identification of mishandled
URBs) fills the status field with -18 (-EXDEV) value.


You are receiving this mail because:
  • You are watching all bug changes.