LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-27-2015, 10:16 AM   #1
OncleMax
LQ Newbie
 
Registered: Jul 2015
Posts: 3

Rep: Reputation: Disabled
How to filter USB packet with USB core


Hello !!


I'm trying to filter usb transfer from/to a device to/from the host.

My first goal is to print URB transfer from kernel. But i don't know where i need to modify kernel source to do that.

There is hcd.c, usb.c or urb.c lib which looks like good (in particular hcd) with function as "usb_hcd_submit_urb()". But i'm not sure from where to begin.

I want to print this urb at the lower layer is possible to do.

Could you help me ?
Thank you very much !!
 
Old 07-28-2015, 04:29 PM   #2
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,905

Rep: Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161
I can only provide general advice here as I don't have direct experience with attempting this. As a start you might want to investigate using the usbmon module and wireshark

Some useful references:
http://dan3lmi.blogspot.co.nz/2012/1...different.html
https://wiki.wireshark.org/CaptureSetup/USB

Good luck.
 
Old 07-29-2015, 02:03 AM   #3
OncleMax
LQ Newbie
 
Registered: Jul 2015
Posts: 3

Original Poster
Rep: Reputation: Disabled
Hi !

Thank you for you answer !

But i've already look at usbmon, and usbmon capture usb traffic between usbcore and user spacer.

I've read that USB transfer were handle in usbcore thanks to the UHCD (USB Host Controller Driver) and/or by USB Host Driver.

Cf this picture : http://img.my.csdn.net/uploads/20120...745829QFit.gif

But i've understand what i want, it's to patch this source file .c of the kernel to have result as usbmon, or more informations ^^


Thank you very much for your help !
 
Old 07-29-2015, 03:32 AM   #4
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,905

Rep: Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161
Quote:
But i've understand what i want, it's to patch this source file .c of the kernel to have result as usbmon, or more informations ^^
That's well past my ability, and it's not a trivial task I can imagine!

You mentioned in your opening post
Quote:
I'm trying to filter usb transfer from/to a device to/from the host.
What kind of device(s) are you interested in here? That might influence the method of attack.

I guess you're already very familiar with USB drivers and Linux stack, but I thought I'd share these links anyway...
http://www.linux-usb.org/
https://www.mattcutts.com/blog/linux...e-driver-info/
http://matthias.vallentin.net/blog/2...wn-usb-device/
 
Old 07-29-2015, 04:32 AM   #5
OncleMax
LQ Newbie
 
Registered: Jul 2015
Posts: 3

Original Poster
Rep: Reputation: Disabled
Question

Hello


Tahnk you !

Yes i've already visited this but it's a level too higher layer. I need to go to the lower layer is possible.

To begin, i'm wanted to filter HID USB (mice, keyboard, ...). I don't know if it's possible to intercept usb packet. Look at : Image

If I refer to it, I could filter usb packet on USB Host Controller Driver, so i need to modify ehci-???.c on the source drivers/usb/host. But I don't know where ?

Maybe i make wrong way, and I don't understand, or maybe it's not possible (Don't say yes x) ).

I do it for a project, because i'm in intership.

Thanks for all !
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
A packet filter using libipq which uses ether type field to capture the packet can26_manish Programming 2 10-16-2007 05:35 AM
Endpoint security - USB file filter kh_ibrahim Linux - Hardware 2 05-03-2007 07:11 AM
Packet Filter to redirect a packet to a user level process akawale Linux - Networking 3 09-01-2006 12:06 PM
USB 2.0 ports detected as USB 1.1 on Fedora Core 3 vbvamsi Linux - Hardware 1 10-09-2005 06:26 PM
HP Deskjet (USB) & CUPS & Slackware 9.1: Unable to open USB device "usb:/dev/usb/lp0&qu arnostienen Slackware 2 01-29-2004 03:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration