Wireshark-dev: Re: [Wireshark-dev] USB dissection
Date: Thu, 17 Dec 2009 13:57:52 -0500
On Wed, Dec 16, 2009 at 01:13:01PM -0700, Stephen Fisher wrote:
> 
> On Dec 13, 2009, at 12:15 AM, paul@xxxxxxxxxxxxxx wrote:
> 
> > I'm new to wireshark dissectors and am writing a USB dissector that  
> > is working quite well.
> > However, it's working because it's the only device on the chosen  
> > bus. What I'd like to
> > do is activate my dissector for a given vendor id/product id. At the  
> > moment my dissector
> > is a child of usb.bulk which doesn't contain USB descriptors. Since  
> > there aren't that many
> > examples of USB dissectors, could anyone explain how I do this?
> 
> I don't have much experience with these, but I think a dissector table  
> tied to the vendor / product id would be the right way to go here.   
> You could then have your USB dissector register with the table's  
> values.  The main USB dissector would need to be modified too.

Thanks. So at the moment packet-usb.c registers usb.bulk and usb.control
dissector tables. I would also register usb.vendor and usb.vendor-product
perhaps too, and then instead of calling dissector_add("usb.bulk", 0xffff, h)
I'd now call dissector_add("usb.vendor-product", 0xaaaabbbb, h) where aaaa
is the vendor and bbbb is the product. Does that sound about right?

Paul