/*

 * Copyright (c) 2006 Paolo Abeni (Italy)

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 * 1. Redistributions of source code must retain the above copyright

 * notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 * notice, this list of conditions and the following disclaimer in the

 * documentation and/or other materials provided with the distribution.

 * 3. The name of the author may not be used to endorse or promote

 * products derived from this software without specific prior written

 * permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 *

 * USB sniffing API implementation for Linux platform

 * By Paolo Abeni <paolo.abeni@email.it>

 * Modifications: Kris Katterjohn <katterjohn@gmail.com>

 *

 */

#ifdef HAVE_CONFIG_H

#include <config.h>

#endif

#include "pcap-int.h"

#include "pcap-usb-linux.h"

#include "pcap/usb.h"

#ifdef NEED_STRERROR_H

#include "strerror.h"

#endif

#include <ctype.h>

#include <errno.h>

#include <stdlib.h>

#include <unistd.h>

#include <fcntl.h>

#include <limits.h>

#include <string.h>

#include <dirent.h>

#include <byteswap.h>

#include <netinet/in.h>

#include <sys/ioctl.h>

#include <sys/mman.h>

#include <sys/utsname.h>

#ifdef HAVE_LINUX_USBDEVICE_FS_H

/*

 * We might need <linux/compiler.h> to define __user for

 * <linux/usbdevice_fs.h>.

 */

#ifdef HAVE_LINUX_COMPILER_H

#include <linux/compiler.h>

#endif /* HAVE_LINUX_COMPILER_H */

#include <linux/usbdevice_fs.h>

#endif /* HAVE_LINUX_USBDEVICE_FS_H */

#define USB_IFACE "usbmon"

#define USB_TEXT_DIR_OLD "/sys/kernel/debug/usbmon"

#define USB_TEXT_DIR "/sys/kernel/debug/usb/usbmon"

#define SYS_USB_BUS_DIR "/sys/bus/usb/devices"

#define PROC_USB_BUS_DIR "/proc/bus/usb"

#define USB_LINE_LEN 4096

#if __BYTE_ORDER == __LITTLE_ENDIAN

#define htols(s) s

#define htoll(l) l

#define htol64(ll) ll

#else

#define htols(s) bswap_16(s)

#define htoll(l) bswap_32(l)

#define htol64(ll) bswap_64(ll)

#endif

struct mon_bin_stats {

  uint32_t queued;

  uint32_t dropped;

};

struct mon_bin_get {

  pcap_usb_header *hdr;

  void *data;

  size_t data_len;   /* Length of data (can be zero) */

};

struct mon_bin_mfetch {

  int32_t *offvec;   /* Vector of events fetched */

  int32_t nfetch;    /* Number of events to fetch (out: fetched) */

  int32_t nflush;    /* Number of events to flush */

};

#define MON_IOC_MAGIC 0x92

#define MON_IOCQ_URB_LEN _IO(MON_IOC_MAGIC, 1)

#define MON_IOCX_URB  _IOWR(MON_IOC_MAGIC, 2, struct mon_bin_hdr)

#define MON_IOCG_STATS _IOR(MON_IOC_MAGIC, 3, struct mon_bin_stats)

#define MON_IOCT_RING_SIZE _IO(MON_IOC_MAGIC, 4)

#define MON_IOCQ_RING_SIZE _IO(MON_IOC_MAGIC, 5)

#define MON_IOCX_GET   _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get)

#define MON_IOCX_MFETCH _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch)

#define MON_IOCH_MFLUSH _IO(MON_IOC_MAGIC, 8)

#define MON_BIN_SETUP   0x1 /* setup hdr is present*/

#define MON_BIN_SETUP_ZERO  0x2 /* setup buffer is not available */

#define MON_BIN_DATA_ZERO   0x4 /* data buffer is not available */

#define MON_BIN_ERROR   0x8

/*

 * Private data for capturing on Linux USB.

 */

struct pcap_usb_linux {

  u_char *mmapbuf;  /* memory-mapped region pointer */

  size_t mmapbuflen;  /* size of region */

  int bus_index;

  u_int packets_read;

};

/* forward declaration */

static int usb_activate(pcap_t *);

static int usb_stats_linux(pcap_t *, struct pcap_stat *);

static int usb_stats_linux_bin(pcap_t *, struct pcap_stat *);

static int usb_read_linux(pcap_t *, int , pcap_handler , u_char *);

static int usb_read_linux_bin(pcap_t *, int , pcap_handler , u_char *);

static int usb_read_linux_mmap(pcap_t *, int , pcap_handler , u_char *);

static int usb_inject_linux(pcap_t *, const void *, size_t);

static int usb_setdirection_linux(pcap_t *, pcap_direction_t);

static void usb_cleanup_linux_mmap(pcap_t *);

static int

have_binary_usbmon(void)

{

  struct utsname utsname;

  char *version_component, *endp;

  int major, minor, subminor;

  if (uname(&utsname) == 0) {

    /*

     * 2.6.21 is the first release with the binary-mode

     * USB monitoring.

     */

    version_component = utsname.release;

    major = strtol(version_component, &endp, 10);

    if (endp != version_component && *endp == '.') {

      /*

       * OK, that was a valid major version.

       * Is it 3 or greater?  If so, we have binary

       * mode support.

       */

      if (major >= 3)

        return 1;

      /*

       * Is it 1 or less?  If so, we don't have binary

       * mode support.  (In fact, we don't have any

       * USB monitoring....)

       */

      if (major <= 1)

        return 0;

    }

    /*

     * OK, this is a 2.x kernel.

     * What's the minor version?

     */

    version_component = endp + 1;

    minor = strtol(version_component, &endp, 10);

    if (endp != version_component &&

        (*endp == '.' || *endp == '\0')) {

      /*

       * OK, that was a valid minor version.

       * Is is 2.6 or later?  (There shouldn't be a

       * "later", as 2.6.x went to 3.x, but we'll

       * check anyway.)

       */

      if (minor < 6) {

        /*

         * No, so no binary support (did 2.4 have

         * any USB monitoring at all?)

         */

        return 0;

      }

      /*

       * OK, this is a 2.6.x kernel.

       * What's the subminor version?

       */

      version_component = endp + 1;

      subminor = strtol(version_component, &endp, 10);

      if (endp != version_component &&

          (*endp == '.' || *endp == '\0')) {

        /*

         * OK, that was a valid subminor version.

         * Is it 21 or greater?

         */

        if (subminor >= 21) {

          /*

           * Yes - we have binary mode

           * support.

           */

          return 1;

        }

      }

    }

  }

  /*

   * Either uname() failed, in which case we just say "no binary

   * mode support", or we don't have binary mode support.

   */

  return 0;

}

/* facility to add an USB device to the device list*/

static int

usb_dev_add(pcap_if_list_t *devlistp, int n, char *err_str)

{

  char dev_name[10];

  char dev_descr[30];

  pcap_snprintf(dev_name, 10, USB_IFACE"%d", n);

  /*

   * XXX - is there any notion of "up" and "running"?

   */

  if (n == 0) {

    /*

     * As this refers to all buses, there's no notion of

     * "connected" vs. "disconnected", as that's a property

     * that would apply to a particular USB interface.

     */

    if (add_dev(devlistp, dev_name,

        PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE,

        "Raw USB traffic, all USB buses", err_str) == NULL)

      return -1;

  } else {

    /*

     * XXX - is there a way to determine whether anything's

     * plugged into this bus interface or not, and set

     * PCAP_IF_CONNECTION_STATUS_CONNECTED or

     * PCAP_IF_CONNECTION_STATUS_DISCONNECTED?

     */

    pcap_snprintf(dev_descr, 30, "Raw USB traffic, bus number %d", n);

    if (add_dev(devlistp, dev_name, 0, dev_descr, err_str) == NULL)

      return -1;

  }

  return 0;

}

int

usb_findalldevs(pcap_if_list_t *devlistp, char *err_str)

{

  char usb_mon_dir[PATH_MAX];

  char *usb_mon_prefix;

  size_t usb_mon_prefix_len;

  struct dirent* data;

  int ret = 0;

  DIR* dir;

  int n;

  char* name;

  size_t len;

  if (have_binary_usbmon()) {

    /*

     * We have binary-mode support.

     * What do the device names look like?

     * Split LINUX_USB_MON_DEV into a directory that we'll

     * scan and a file name prefix that we'll check for.

     */

    pcap_strlcpy(usb_mon_dir, LINUX_USB_MON_DEV, sizeof usb_mon_dir);

    usb_mon_prefix = strrchr(usb_mon_dir, '/');

    if (usb_mon_prefix == NULL) {

      /*

       * This "shouldn't happen".  Just give up if it

       * does.

       */

      return 0;

    }

    *usb_mon_prefix++ = '\0';

    usb_mon_prefix_len = strlen(usb_mon_prefix);

    /*

     * Open the directory and scan it.

     */

    dir = opendir(usb_mon_dir);

    if (dir != NULL) {

      while ((ret == 0) && ((data = readdir(dir)) != 0)) {

        name = data->d_name;

        /*

         * Is this a usbmon device?

         */

        if (strncmp(name, usb_mon_prefix, usb_mon_prefix_len) != 0)

          continue; /* no */

        /*

         * What's the device number?

         */

        if (sscanf(&name[usb_mon_prefix_len], "%d", &n) == 0)

          continue; /* failed */

        ret = usb_dev_add(devlistp, n, err_str);

      }

      closedir(dir);

    }

    return 0;

  } else {

    /*

     * We have only text mode support.

     * We don't look for the text devices because we can't

     * look for them without root privileges, and we don't

     * want to require root privileges to enumerate devices

     * (we want to let the user to try a device and get

     * an error, rather than seeing no devices and asking

     * "why am I not seeing devices" and forcing a long

     * process of poking to figure out whether it's "no

     * privileges" or "your kernel is too old" or "the

     * usbmon module isn't loaded" or...).

     *

     * Instead, we look to see what buses we have.

     * If the kernel is so old that it doesn't have

     * binary-mode support, it's also so old that

     * it doesn't have a "scan all buses" device.

     *

     * First, try scanning sysfs USB bus directory.

     */

    dir = opendir(SYS_USB_BUS_DIR);

    if (dir != NULL) {

      while ((ret == 0) && ((data = readdir(dir)) != 0)) {

        name = data->d_name;

        if (strncmp(name, "usb", 3) != 0)

          continue;

        if (sscanf(&name[3], "%d", &n) == 0)

          continue;

        ret = usb_dev_add(devlistp, n, err_str);

      }

      closedir(dir);

      return 0;

    }

    /* That didn't work; try scanning procfs USB bus directory. */

    dir = opendir(PROC_USB_BUS_DIR);

    if (dir != NULL) {

      while ((ret == 0) && ((data = readdir(dir)) != 0)) {

        name = data->d_name;

        len = strlen(name);

        /* if this file name does not end with a number it's not of our interest */

        if ((len < 1) || !isdigit(name[--len]))

          continue;

        while (isdigit(name[--len]));

        if (sscanf(&name[len+1], "%d", &n) != 1)

          continue;

        ret = usb_dev_add(devlistp, n, err_str);

      }

      closedir(dir);

      return ret;

    }

    /* neither of them worked */

    return 0;

  }

}

/*

 * Matches what's in mon_bin.c in the Linux kernel.

 */

#define MIN_RING_SIZE (8*1024)

#define MAX_RING_SIZE (1200*1024)

static int

usb_set_ring_size(pcap_t* handle, int header_size)

{

  /*

   * A packet from binary usbmon has:

   *

   *  1) a fixed-length header, of size header_size;

   *  2) descriptors, for isochronous transfers;

   *  3) the payload.

   *

   * The kernel buffer has a size, defaulting to 300KB, with a

   * minimum of 8KB and a maximum of 1200KB.  The size is set with

   * the MON_IOCT_RING_SIZE ioctl; the size passed in is rounded up

   * to a page size.

   *

   * No more than {buffer size}/5 bytes worth of payload is saved.

   * Therefore, if we subtract the fixed-length size from the

   * snapshot length, we have the biggest payload we want (we

   * don't worry about the descriptors - if we have descriptors,

   * we'll just discard the last bit of the payload to get it

   * to fit).  We multiply that result by 5 and set the buffer

   * size to that value.

   */

  int ring_size;

  if (handle->snapshot < header_size)

    handle->snapshot = header_size;

  /* The maximum snapshot size is small enough that this won't overflow */

  ring_size = (handle->snapshot - header_size) * 5;

  /*

   * Will this get an error?

   * (There's no wqy to query the minimum or maximum, so we just

   * copy the value from the kernel source.  We don't round it

   * up to a multiple of the page size.)

   */

  if (ring_size > MAX_RING_SIZE) {

    /*

     * Yes.  Lower the ring size to the maximum, and set the

     * snapshot length to the value that would give us a

     * maximum-size ring.

     */

    ring_size = MAX_RING_SIZE;

    handle->snapshot = header_size + (MAX_RING_SIZE/5);

  } else if (ring_size < MIN_RING_SIZE) {

    /*

     * Yes.  Raise the ring size to the minimum, but leave

     * the snapshot length unchanged, so we show the

     * callback no more data than specified by the

     * snapshot length.

     */

    ring_size = MIN_RING_SIZE;

  }

  if (ioctl(handle->fd, MON_IOCT_RING_SIZE, ring_size) == -1) {

    pcap_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,

        errno, "Can't set ring size from fd %d", handle->fd);

    return -1;

  }

  return ring_size;

}

static

int usb_mmap(pcap_t* handle)

{

  struct pcap_usb_linux *handlep = handle->priv;

  int len;

  /*

   * Attempt to set the ring size as appropriate for the snapshot

   * length, reducing the snapshot length if that'd make the ring

   * bigger than the kernel supports.

   */

  len = usb_set_ring_size(handle, (int)sizeof(pcap_usb_header_mmapped));

  if (len == -1) {

    /* Failed.  Fall back on non-memory-mapped access. */

    return 0;

  }

  handlep->mmapbuflen = len;

  handlep->mmapbuf = mmap(0, handlep->mmapbuflen, PROT_READ,

      MAP_SHARED, handle->fd, 0);

  if (handlep->mmapbuf == MAP_FAILED) {

    /*

     * Failed.  We don't treat that as a fatal error, we

     * just try to fall back on non-memory-mapped access.

     */

    return 0;

  }

  return 1;

}

#ifdef HAVE_LINUX_USBDEVICE_FS_H

#define CTRL_TIMEOUT    (5*1000)        /* milliseconds */

#define USB_DIR_IN    0x80

#define USB_TYPE_STANDARD 0x00

#define USB_RECIP_DEVICE  0x00

#define USB_REQ_GET_DESCRIPTOR  6

#define USB_DT_DEVICE   1

/* probe the descriptors of the devices attached to the bus */

/* the descriptors will end up in the captured packet stream */

/* and be decoded by external apps like wireshark */

/* without these identifying probes packet data can't be fully decoded */

static void

probe_devices(int bus)

{

  struct usbdevfs_ctrltransfer ctrl;

  struct dirent* data;

  int ret = 0;

  char buf[sizeof("/dev/bus/usb/000/") + NAME_MAX];

  DIR* dir;

  /* scan usb bus directories for device nodes */

  pcap_snprintf(buf, sizeof(buf), "/dev/bus/usb/%03d", bus);

  dir = opendir(buf);

  if (!dir)

    return;

  while ((ret >= 0) && ((data = readdir(dir)) != 0)) {

    int fd;

    char* name = data->d_name;

    if (name[0] == '.')

      continue;

    pcap_snprintf(buf, sizeof(buf), "/dev/bus/usb/%03d/%s", bus, data->d_name);

    fd = open(buf, O_RDWR);

    if (fd == -1)

      continue;

    /*

     * Sigh.  Different kernels have different member names

     * for this structure.

     */

#ifdef HAVE_STRUCT_USBDEVFS_CTRLTRANSFER_BREQUESTTYPE

    ctrl.bRequestType = USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE;

    ctrl.bRequest = USB_REQ_GET_DESCRIPTOR;

    ctrl.wValue = USB_DT_DEVICE << 8;

    ctrl.wIndex = 0;

    ctrl.wLength = sizeof(buf);

#else

    ctrl.requesttype = USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE;

    ctrl.request = USB_REQ_GET_DESCRIPTOR;

    ctrl.value = USB_DT_DEVICE << 8;

    ctrl.index = 0;

    ctrl.length = sizeof(buf);

#endif

    ctrl.data = buf;

    ctrl.timeout = CTRL_TIMEOUT;

    ret = ioctl(fd, USBDEVFS_CONTROL, &ctrl);

    close(fd);

  }

  closedir(dir);

}

#endif /* HAVE_LINUX_USBDEVICE_FS_H */

pcap_t *

usb_create(const char *device, char *ebuf, int *is_ours)

{

  const char *cp;

  char *cpend;

  long devnum;

  pcap_t *p;

  /* Does this look like a USB monitoring device? */

  cp = strrchr(device, '/');

  if (cp == NULL)

    cp = device;

  /* Does it begin with USB_IFACE? */

  if (strncmp(cp, USB_IFACE, sizeof USB_IFACE - 1) != 0) {

    /* Nope, doesn't begin with USB_IFACE */

    *is_ours = 0;

    return NULL;

  }

  /* Yes - is USB_IFACE followed by a number? */

  cp += sizeof USB_IFACE - 1;

  devnum = strtol(cp, &cpend, 10);

  if (cpend == cp || *cpend != '\0') {

    /* Not followed by a number. */

    *is_ours = 0;

    return NULL;

  }

  if (devnum < 0) {

    /* Followed by a non-valid number. */

    *is_ours = 0;

    return NULL;

  }

  /* OK, it's probably ours. */

  *is_ours = 1;

  p = pcap_create_common(ebuf, sizeof (struct pcap_usb_linux));

  if (p == NULL)

    return (NULL);

  p->activate_op = usb_activate;

  return (p);

}

static int

usb_activate(pcap_t* handle)

{

  struct pcap_usb_linux *handlep = handle->priv;

  char    full_path[USB_LINE_LEN];

  int   ret;

  /*

   * Turn a negative snapshot value (invalid), a snapshot value of

   * 0 (unspecified), or a value bigger than the normal maximum

   * value, into the maximum allowed value.

   *

   * If some application really *needs* a bigger snapshot

   * length, we should just increase MAXIMUM_SNAPLEN.

   */

  if (handle->snapshot <= 0 || handle->snapshot > MAXIMUM_SNAPLEN)

    handle->snapshot = MAXIMUM_SNAPLEN;

  /* Initialize some components of the pcap structure. */

  handle->bufsize = handle->snapshot;

  handle->offset = 0;

  handle->linktype = DLT_USB_LINUX;

  handle->inject_op = usb_inject_linux;

  handle->setfilter_op = install_bpf_program; /* no kernel filtering */

  handle->setdirection_op = usb_setdirection_linux;

  handle->set_datalink_op = NULL; /* can't change data link type */

  handle->getnonblock_op = pcap_getnonblock_fd;

  handle->setnonblock_op = pcap_setnonblock_fd;

  /*get usb bus index from device name */

  if (sscanf(handle->opt.device, USB_IFACE"%d", &handlep->bus_index) != 1)

  {

    pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,

      "Can't get USB bus index from %s", handle->opt.device);

    return PCAP_ERROR;

  }

  if (have_binary_usbmon())

  {

    /*

     * We have binary-mode support.

     * Try to open the binary interface.

     */

    pcap_snprintf(full_path, USB_LINE_LEN, LINUX_USB_MON_DEV"%d", handlep->bus_index);

    handle->fd = open(full_path, O_RDONLY, 0);

    if (handle->fd < 0)

    {

      /*

       * The attempt failed; why?

       */

      switch (errno) {

      case ENOENT:

        /*

         * The device doesn't exist.

         * That could either mean that there's

         * no support for monitoring USB buses

         * (which probably means "the usbmon

         * module isn't loaded") or that there

         * is but that *particular* device

         * doesn't exist (no "scan all buses"

         * device if the bus index is 0, no

         * such bus if the bus index isn't 0).

         */

        return PCAP_ERROR_NO_SUCH_DEVICE;

      case EACCES:

        /*

         * We didn't have permission to open it.

         */

        return PCAP_ERROR_PERM_DENIED;

      default:

        /*

         * Something went wrong.

         */

        pcap_fmt_errmsg_for_errno(handle->errbuf,

            PCAP_ERRBUF_SIZE, errno,

            "Can't open USB bus file %s", full_path);

        return PCAP_ERROR;

      }

    }

    if (handle->opt.rfmon)

    {

      /*

       * Monitor mode doesn't apply to USB devices.

       */

      close(handle->fd);

      return PCAP_ERROR_RFMON_NOTSUP;

    }

    /* try to use fast mmap access */

    if (usb_mmap(handle))

    {

      /* We succeeded. */

      handle->linktype = DLT_USB_LINUX_MMAPPED;

      handle->stats_op = usb_stats_linux_bin;

      handle->read_op = usb_read_linux_mmap;

      handle->cleanup_op = usb_cleanup_linux_mmap;

#ifdef HAVE_LINUX_USBDEVICE_FS_H

      probe_devices(handlep->bus_index);

#endif

      /*

       * "handle->fd" is a real file, so

       * "select()" and "poll()" work on it.

       */

      handle->selectable_fd = handle->fd;

      return 0;

    }

    /*

     * We failed; try plain binary interface access.

     *

     * Attempt to set the ring size as appropriate for

     * the snapshot length, reducing the snapshot length

     * if that'd make the ring bigger than the kernel

     * supports.

     */

    if (usb_set_ring_size(handle, (int)sizeof(pcap_usb_header)) == -1) {

      /* Failed. */

      close(handle->fd);

      return PCAP_ERROR;

    }

    handle->stats_op = usb_stats_linux_bin;

    handle->read_op = usb_read_linux_bin;

#ifdef HAVE_LINUX_USBDEVICE_FS_H

    probe_devices(handlep->bus_index);

#endif

  }

  else {

    /*

     * We don't have binary mode support.

     * Try opening the text-mode device.

     */

    pcap_snprintf(full_path, USB_LINE_LEN, USB_TEXT_DIR"/%dt", handlep->bus_index);

    handle->fd = open(full_path, O_RDONLY, 0);

    if (handle->fd < 0)

    {

      if (errno == ENOENT)

      {

        /*

         * Not found at the new location; try

         * the old location.

         */

        pcap_snprintf(full_path, USB_LINE_LEN, USB_TEXT_DIR_OLD"/%dt", handlep->bus_index);

        handle->fd = open(full_path, O_RDONLY, 0);

      }

      if (handle->fd < 0) {

        if (errno == ENOENT)

        {

          /*

           * The problem is that the file

           * doesn't exist.  Report that as

           * "no such device".  (That could

           * mean "no such USB bus" or

           * "monitoring not supported".)

           */

          ret = PCAP_ERROR_NO_SUCH_DEVICE;

        }

        else if (errno == EACCES)

        {

          /*

           * The problem is that we don't

           * have sufficient permission to

           * open the file.  Report that.

           */

          ret = PCAP_ERROR_PERM_DENIED;

        }

        else

        {

          /*

           * Some other error.

           */

          ret = PCAP_ERROR;

        }

        pcap_fmt_errmsg_for_errno(handle->errbuf,

            PCAP_ERRBUF_SIZE, errno,

            "Can't open USB bus file %s",

            full_path);

        return ret;

      }

    }

    if (handle->opt.rfmon)

    {

      /*

       * Monitor mode doesn't apply to USB devices.

       */

      close(handle->fd);

      return PCAP_ERROR_RFMON_NOTSUP;

    }

    handle->stats_op = usb_stats_linux;

    handle->read_op = usb_read_linux;

  }

  /*

   * "handle->fd" is a real file, so "select()" and "poll()"

   * work on it.

   */

  handle->selectable_fd = handle->fd;

  /* for plain binary access and text access we need to allocate the read

   * buffer */

  handle->buffer = malloc(handle->bufsize);

  if (!handle->buffer) {

    pcap_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,

        errno, "malloc");

    close(handle->fd);

    return PCAP_ERROR;

  }

  return 0;

}

static inline int

ascii_to_int(char c)

{

  return c < 'A' ? c- '0': ((c<'a') ? c - 'A' + 10: c-'a'+10);

}

/*

 * see <linux-kernel-source>/Documentation/usb/usbmon.txt and

 * <linux-kernel-source>/drivers/usb/mon/mon_text.c for urb string

 * format description

 */

static int

usb_read_linux(pcap_t *handle, int max_packets _U_, pcap_handler callback, u_char *user)

{

  /* see:

  * /usr/src/linux/Documentation/usb/usbmon.txt

  * for message format

  */

  struct pcap_usb_linux *handlep = handle->priv;

  unsigned timestamp;

  int tag, cnt, ep_num, dev_addr, dummy, ret, urb_len, data_len;

  char etype, pipeid1, pipeid2, status[16], urb_tag, line[USB_LINE_LEN];

  char *string = line;

  u_char * rawdata = handle->buffer;

  struct pcap_pkthdr pkth;

  pcap_usb_header* uhdr = (pcap_usb_header*)handle->buffer;

  u_char urb_transfer=0;

  int incoming=0;

  /* ignore interrupt system call errors */

  do {

    ret = read(handle->fd, line, USB_LINE_LEN - 1);

    if (handle->break_loop)

    {

      handle->break_loop = 0;

      return -2;

    }

  } while ((ret == -1) && (errno == EINTR));

  if (ret < 0)

  {

    if (errno == EAGAIN)

      return 0; /* no data there */

    pcap_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,

        errno, "Can't read from fd %d", handle->fd);

    return -1;

  }

  /* read urb header; %n argument may increment return value, but it's

  * not mandatory, so does not count on it*/

  string[ret] = 0;

  ret = sscanf(string, "%x %d %c %c%c:%d:%d %s%n", &tag, &timestamp, &etype,

    &pipeid1, &pipeid2, &dev_addr, &ep_num, status,

    &cnt);

  if (ret < 8)

  {

    pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,

        "Can't parse USB bus message '%s', too few tokens (expected 8 got %d)",

        string, ret);

    return -1;

  }

  uhdr->id = tag;

  uhdr->device_address = dev_addr;

  uhdr->bus_id = handlep->bus_index;

  uhdr->status = 0;

  string += cnt;

  /* don't use usbmon provided timestamp, since it have low precision*/

  if (gettimeofday(&pkth.ts, NULL) < 0)

  {

    pcap_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,

        errno, "Can't get timestamp for message '%s'", string);

    return -1;

  }

  uhdr->ts_sec = pkth.ts.tv_sec;

  uhdr->ts_usec = pkth.ts.tv_usec;

  /* parse endpoint information */

  if (pipeid1 == 'C')

    urb_transfer = URB_CONTROL;

  else if (pipeid1 == 'Z')

    urb_transfer = URB_ISOCHRONOUS;

  else if (pipeid1 == 'I')

    urb_transfer = URB_INTERRUPT;

  else if (pipeid1 == 'B')

    urb_transfer = URB_BULK;

  if (pipeid2 == 'i') {

    ep_num |= URB_TRANSFER_IN;

    incoming = 1;

  }

  if (etype == 'C')

    incoming = !incoming;

  /* direction check*/

  if (incoming)

  {

    if (handle->direction == PCAP_D_OUT)

      return 0;

  }

  else

    if (handle->direction == PCAP_D_IN)

      return 0;

  uhdr->event_type = etype;

  uhdr->transfer_type = urb_transfer;

  uhdr->endpoint_number = ep_num;

  pkth.caplen = sizeof(pcap_usb_header);

  rawdata += sizeof(pcap_usb_header);

  /* check if this is a setup packet */

  ret = sscanf(status, "%d", &dummy);

  if (ret != 1)

  {

    /* this a setup packet, setup data can be filled with underscore if

    * usbmon has not been able to read them, so we must parse this fields as

    * strings */

    pcap_usb_setup* shdr;

    char str1[3], str2[3], str3[5], str4[5], str5[5];

    ret = sscanf(string, "%s %s %s %s %s%n", str1, str2, str3, str4,

    str5, &cnt);

    if (ret < 5)

    {

      pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,

        "Can't parse USB bus message '%s', too few tokens (expected 5 got %d)",

        string, ret);

      return -1;

    }

    string += cnt;

    /* try to convert to corresponding integer */

    shdr = &uhdr->setup;