diff options
| author | Guy Harris <guy@alum.mit.edu> | 2013-08-08 04:29:08 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2013-08-08 04:29:08 +0000 |
| commit | ea72be86078d1b8bac48c79b831e0caca4255870 (patch) | |
| tree | e2955d763ae99e86e0e48aec28e0be461c1dc421 | |
| parent | 3734d4e2b374b5376d7f00a2f9b6fa1b65fd5c9a (diff) | |
Speak of the "-d encap:" value as a linktype, rather than a DLT; if a
name is specified, it currently must be a DLT_ name rather than a
LINKTYPE_ name, as we use libpcap to do the mapping and it currently has
no API to map LINKTYPE_ names to values, but if a number is specified,
it could either be a LINKTYPE_ name or a DLT_ name if the two are
different, and we want to encourage the use of LINKTYPE_ values.
Note that in comments.
svn path=/trunk/; revision=51204
| -rw-r--r-- | doc/rawshark.pod | 5 | ||||
| -rw-r--r-- | rawshark.c | 19 |
2 files changed, 18 insertions, 6 deletions
diff --git a/doc/rawshark.pod b/doc/rawshark.pod index 0514d41efb..3cdc0ac962 100644 --- a/doc/rawshark.pod +++ b/doc/rawshark.pod @@ -6,7 +6,7 @@ rawshark - Dump and analyze raw pcap data =head1 SYNOPSIS B<rawshark> -S<[ B<-d> E<lt>encap:dltE<gt>|E<lt>proto:protonameE<gt> ]> +S<[ B<-d> E<lt>encap:linktypeE<gt>|E<lt>proto:protonameE<gt> ]> S<[ B<-F> E<lt>field to displayE<gt> ]> S<[ B<-h> ]> S<[ B<-l> ]> @@ -111,7 +111,8 @@ A complete list of DLTs can be found at L<http://www.tcpdump.org/linktypes.html>. B<encap>:I<number> Packet data should be dissected using the -libpcap/WinPcap DLT I<number>, e.g. B<encap:105> for raw IEEE 802.11. +libpcap/WinPcap LINKTYPE_ I<number>, e.g. B<encap:105> for raw IEEE +802.11 or B<encap:101> for raw IP. B<proto>:I<protocol> Packet data should be passed to the specified Wireshark protocol dissector, e.g. B<proto:http> for HTTP data. diff --git a/rawshark.c b/rawshark.c index 0c46c29b44..4c5eb39a78 100644 --- a/rawshark.c +++ b/rawshark.c @@ -204,7 +204,7 @@ print_usage(gboolean print_ver) fprintf(output, "\n"); fprintf(output, "Processing:\n"); - fprintf(output, " -d <encap:dlt>|<proto:protoname>\n"); + fprintf(output, " -d <encap:linktype>|<proto:protoname>\n"); fprintf(output, " packet encapsulation or protocol\n"); fprintf(output, " -F <field> field to display\n"); fprintf(output, " -n disable all name resolution (def: all enabled)\n"); @@ -356,9 +356,10 @@ raw_pipe_open(const char *pipe_name) } /** - * Parse a link-type argument of the form "encap:<pcap dlt>" or - * "proto:<proto name>". "Pcap dlt" must be a name conforming to - * pcap_datalink_name_to_val() or an integer. "Proto name" must be + * Parse a link-type argument of the form "encap:<pcap linktype>" or + * "proto:<proto name>". "Pcap linktype" must be a name conforming to + * pcap_datalink_name_to_val() or an integer; the integer should be + * a LINKTYPE_ value supported by Wiretap. "Proto name" must be * a protocol name, e.g. "http". */ static gboolean @@ -385,6 +386,16 @@ set_link_type(const char *lt_arg) { } dlt_val = (int)val; } + /* + * In those cases where a given link-layer header type + * has different LINKTYPE_ and DLT_ values, linktype_name_to_val() + * will return the OS's DLT_ value for that link-layer header + * type, not its OS-independent LINKTYPE_ value. + * + * On a given OS, wtap_pcap_encap_to_wtap_encap() should + * be able to map either LINKTYPE_ values or DLT_ values + * for the OS to the appropriate Wiretap encapsulation. + */ encap = wtap_pcap_encap_to_wtap_encap(dlt_val); if (encap == WTAP_ENCAP_UNKNOWN) { return FALSE; |