On 1/22/07, Paolo Abeni <paolo.abeni@xxxxxxxx> wrote:
I'm currently working to update the wireshark dissector to use this new
interface. The update will require some changes to the wiretap library,
to be consistent with libpcap.
Understood. After discussing this with Ulf, and looking at my code
that converts usbsnoop logs, I don't think the byte order preference
is necessary anymore. I will just do the conversion before writing the
text2pcap input.
When you do update the dissector, would you please add some
documentation for the URB format? It wasn't until after I got very
deep into the code that I realized what format the dissector expected
the URBs to be in, or that USB capture was even supported by libpcap
(apparently, none of my Linux boxes have the usbmon and debugfs
modules compiled in the standard kernel packages, so the
pseudo-interface doesn't show up in the list).
Also, I haven't recompiled the trunk since Saturday, but there seems
to be a mismatch between the endianness of the device address in the
Source and Destination columns, and the Device field in the protocol
details pane. I am doing most of my testing on a big-endian machine,
and the Device field looks correct with regard to the capture files
posted on the Wiki. The Source and Destination columns often show
"16777216.0". I will try to track this down later this week, but I am
really not familiar with that part of the code yet.
--
- Charles Lepple