hello, After a bit more testing I found some issues with current usb sniffing code:
- the snaplen parameter is just ignored. - the raw data received from usb port is partially corrupted. The attached patch should fix both. Moreover current kernel code limit the total amount of data captured for each raw USB block to about 30 bytes. There is now way to change this without patching the kernel :-( ciao, Paolo
Index: pcap-usb-linux.c =================================================================== RCS file: /tcpdump/master/libpcap/pcap-usb-linux.c,v retrieving revision 1.2 diff -r1.2 pcap-usb-linux.c 184c184 < return c < 'A' ? c- '0': ((c<'a') ? c- 'A': c-'a'); --- > return c < 'A' ? c- '0': ((c<'a') ? c - 'A' + 10: c-'a'+10); 334,335c334,336 < /* urb tag is not present if urb length is 0 */ < pkth.len += pkth.caplen; --- > /* urb tag is not present if urb length is 0, so we can stop here > * text parsing */ > pkth.len += pkth.caplen; 339c340 < /* check for data presence */ --- > /* check for data presence; data is present if and only if urb tag is '=' */ 350,352c351,356 < /* read all urb data; if urb length is less then our string we get only < * a partial information */ < while ((string[0] != 0) && (string[1] != 0)) --- > /* read all urb data; if urb length is greater then the usbmon internal > * buffer length used by the kernel to spool the URB, we get only > * a partial information. > * At least until linux 2.6.17 there is no way to set usbmon intenal buffer > * length and default value is 130. */ > while ((string[0] != 0) && (string[1] != 0) && (pkth.caplen < handle->snaplen))
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
