On Oct 22, 2021, at 6:06 PM, Aidan MacDonald via Wireshark-dev <wireshark-dev@wireshark.org> wrote:
> Second, the hooks provided by the generic USB dissector seemingly aren't a > good fit. Basically, it seems to use only the interface class to decide what > sub-dissector to call, but UASP uses the mass storage class like the existing > Bulk-Only transport dissector. So that dissector is essentially sitting in > the way and preventing me from hooking in UASP. (Or at least I think so. > Currently I'm just commenting it out the conflicting hooks during testing.) > > I need to look at the interface protocol to determine if the traffic is UASP > or not. I think the simplest way to do this is adding a shim dissector for > mass storage class which invokes either the BOT or UASP dissector depending > on the interface protocol (if known). Does that sound like a good approach? That seems to make sense. The current mass storage class dissector just registers in the "usb.bulk" and "usb.control" dissector tables based on the interface class. *However*, there's also a *heuristic* dissector registered in the "usb.bulk" heuristic dissector table, and *that* looks for what appears to be a signature of Bulk-Only Transport packets. If so, then the *heuristic* dissector should directly call the Bulk-Only Transport dissector. I don't know whether there's a heuristic that can recognize UASP traffic; if so, you'll have to write a separate heuristic dissector for that. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
