《RNDIS-ECM及MBIM报文简述.docx》由会员分享,可在线阅读,更多相关《RNDIS-ECM及MBIM报文简述.docx(8页珍藏版)》请在优知文库上搜索。
1、RNDIS/ECM/MBIM报文简述本文对USBCDC中三种较常见的CommunicationClass报文内容进行了简单的描1.RNDIS相关资料为RemoteNDISSpecification,VL1August9,2002o其报头格式如表1所示。表1Remote-NDIS报头OffwtSizeFieldDescription04MessageTypeSpecifiestheRemoteNDISmessagetype.ThisissettoREMoTE一NDlS-PAeKET一MSG=0x1.44MessageLengthMessagelengthinbytes,includingappe
2、ndedpacketdata,out-of-banddata,per-packet-infodata,andbothInternalandexternalpadding.84DataOffsetSpecifiestheoffsetinbytesfromthestartoftheDataOffsetfieldofthismessagetothestartofthedata.Thisisanintegermultipleof4.124DataLengthSpecifiesthenumberofbytesInthedatacontentofthismessage.164OOBDataOffsetSp
3、ecifiestheoffsetinbytesofthefirstoutofbanddatarecordfromthestartoftheDataOffsetfieldofthismessage.SettoOIfthereisnoout-of-banddata.Otherdsethisisanintegermultipleof4.204OOBDataLengthSpecifiesinbytesthetotallengthoftheoutofbanddata.244NumOOBDataEIementsSpecifiesthenumberofoutofbandrecordsinthismessag
4、e.284PerPacketInfoffsetSpecifiesInbytestheoffsetfromthebeginningoftheDataOffsetfieldintheREMOTE_NDIS_PACKET_MSGdatamessagetothestartofthefirstperpacketinfodatarecord.SettoOifthereisnoper-packetdata.Otherlsethisisanintegermultipleof4.324PerPacketInfoLengthSpecifiesinbytesthetotallengthoftheperpacketi
5、nformationcontainedInthismessage.364VcHandIeReservedforconnection-orienteddevices.SettoO.404ReservedReserved.SettoO.其报文示例如图1所示。红色标记部分为其包头部分,余下为MAC包。图IRNDlS示例报文利用wireshark,分析其MAC包,如图2所示。由此可知,该包为IPv4,UDP0图2MAC包示例2. ECM相关资料为(UniversalSerialBusCommunicationsClassSubclassSpecificationforEthernetControlMo
6、delDevices,Vl.2February9,2007o目前为MacOS采用。用LecroyUSBAnalyzer抓包的结果看,没有报头,仅是MAC包用wireshark分析该包,如图3所示。图3ECM报文格式示例由此可见,该虚拟网卡t为0x00:0x0C:0x29:0xA3:0x9B:0x6Do3. MBIM相关资料为UniversalSerialBusCommunicationsClassSubclassSpecificationforMobileBroadbandInterfaceModel,Vl.0November14,2011o目前为win8采用。其报文结构如图4所示。图4MBl
7、M报文格式HeaderSiguITH16)len(header)Datagrarn0index(11DP)DataRraml11.bytosDatagran2IIDP01P:qt*wXr*2e*tfwhlbjHrTtmMUacturber*fhs*,haadr4bytes:tlKMH*MrtthM*infirstbyt2bytes:OOODCInbttida2bytes:tncrcmcnOngsequencenubrresetANCMr-(seRxbne62bytWngthL224M*o1)4g16.20,MC2byte;brAtonext,P16.oreroifnone2bytA;:offs
8、etfrombyt0ofhdr0RequiredyEnd8ofZgIZeropaddingmaybeirvrtSeemtesofthsNTH16structure,inIrtMe-Cndianformat.6wSequence2NumberSequencenuntJtrTheuamniiwaabiockshaNMiIhtStoZecointhetrstNTBIranSfenedaftereveryfunctionresefevent,andShalGcremenHocvwyNTBsubsequerttzEMmd.ThtMeetdancut-cr-sequenceblockonthereceiv
9、ertsnotspecifiedThespecc3txallowsmerecervertodedeWnetheflocheMaxzeorWMbOutM*Szerespectively,seeTatte6-3in6.2.1.ifwBtod(Leg(=0x00,thebHterminatedSaShoapxMIntnscaseIneUSBtranslefmustsubeStxxterthanOwMbfnMaxSrzeorOwMbOutMax-Size.tfexactlyOwMbinMaxStzeorvMax-PacAeeSrzeforthegivenpe.thennoZLPshallbesent.
10、MegLMgg0x0000mus:beused.thextremecare,becauseOfthepossibATymattehostanddevicemaygetoutofsync,andbecauseoftestissues.*tocLe11oth=0x0000aNowsthesec)ertoreduceUMncybysMngtotendaverylargeNTB.WAMnshorteningwhentheSemefoscoversthatmeresnotgtatojusKytendingalargeNTB10MdPlndeX2NumberOffset.inMueendian.ofthe
11、nrNDPl6frombytezeroOftheNiBnsvaluemustbeamutpieo三OxOOOC其中NDP16具体结构如表3所示。其中Datagram为IP包内容,其结构如图5所示。用Busfound抓包,如图6所示。综上可知,该IP报文为IPv4的IGMP包。因WireShark无法识别该网口,所以无法使用该工具。表3NDPl6结构OffsetFieldSizeValueDescnption0dwSignature4Number(0x304D434E.0314D434)Ssqnatureof.sNDP16TsistrnsmrttdinWe-endform,e,as0x4E.0x43.0x4D.0x30or0x4E,0x43,04D.0x31(xasthecharactersequencesNCM54wLengt2NumberSizeGtthisNDP16tinlittle-endianformatThismustbearrx4HpieatagramLeg
免费区 