PORTS Forum
Ports and Interfaces => USB => Topic started by: knothing10 on August 01, 2011, 10:29:53 am
-
Hi, I am developing a filter driver to add signatures to USB transfers in order to provide security. I modify TOKEN packets which a modified USB device understands. When my signing code is not run I see 17 TOKEN packets sent for a 1024 byte file. When the signing is enabled I see 34+ TOKEN packets. Does anyone know why there are more than double the TOKEN packets sent? I thought it might have to do with the requests timing out but I check all of the return status codes for the IRP's and USB and they are all fine. Any thoughts or ideas would be welcome, thanks!
~Jamey
-
What do the data and handshake packets contain?
A hardware analyzer will show what is happening on the bus.
Jan
-
I'm not sure what you mean by the handshake packets. The data is regular file data (I'm using text files for testing). These are Bulk transfers. Other than the additional data I'm adding to the TOKEN's, the transfers shouldn't be changing. Unfortunately I don't have access to a hardware analyzer. Thanks for the reply!
-
Each bulk transaction has a token, data, and status (I mistakenly said handshake) packet. Without knowing what is in each transaction, it's hard to speculate on the reason for the additional transactions.
Jan
-
I can't honestly say I know what is contained in each data phase transfer. I do know that I only see one DATA phase that matches the size of the file being transfered, all other DATA transfers are either 512 or 4096.
I guess to go in another direction, do you happen to know of any timeouts that may be enforced that cause a retransmission of a packet? (This is on a Windows Vista machine btw). I suspect the lower level bus driver is retransmitting but I don't know how to verify this other than the return codes from the IRP and USB.
-
The data phase can transfer at most the endpoint's wMaxPacketSize. If the endpoint NAKs or doesn't respond, the host will retry.
How are you changing the token packet?
I think you will find it difficult to make low-level changes like this with no easy way to view the result.
Jan
-
I'm adding data to the end of the Token packet. I know it breaks the conformance of the spec but I was trying to change the original packets as little as possible. The verification step on the USB device takes time (around 5 secs), I imagine there is a way to stall the pipe but I don't know if it would be long enough to allow for the verification to finish.
I could easily dump the data from each packet but I'm not sure that would help me if the lower level drivers are taking other actions.
-
The filter driver I created is a lower device filter. If any of the lower drivers (bus drivers) are causing retransmits I find it odd that I'm able to see this in my driver which is higher up. I can't seem to find any function or use documentation on the lower level drivers (in windows), such as usbhub, usbport, or usbuhci. Does anyone know about these or where to find anything? Thanks.
-
You can read the uhci spec. I have a link here:
http://www.lvr.com/usb.htm
but I don't think it will help.
If you can't obtain a hardware analyzer, use whatever firmware debugging tools you have to find out what the device is seeing.
Jan