From ea72be86078d1b8bac48c79b831e0caca4255870 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Thu, 8 Aug 2013 04:29:08 +0000 Subject: Speak of the "-d encap:" value as a linktype, rather than a DLT; if a name is specified, it currently must be a DLT_ name rather than a LINKTYPE_ name, as we use libpcap to do the mapping and it currently has no API to map LINKTYPE_ names to values, but if a number is specified, it could either be a LINKTYPE_ name or a DLT_ name if the two are different, and we want to encourage the use of LINKTYPE_ values. Note that in comments. svn path=/trunk/; revision=51204 --- doc/rawshark.pod | 5 +++-- rawshark.c | 19 +++++++++++++++---- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/doc/rawshark.pod b/doc/rawshark.pod index 0514d41efb..3cdc0ac962 100644 --- a/doc/rawshark.pod +++ b/doc/rawshark.pod @@ -6,7 +6,7 @@ rawshark - Dump and analyze raw pcap data =head1 SYNOPSIS B -S<[ B<-d> Eencap:dltE|Eproto:protonameE ]> +S<[ B<-d> Eencap:linktypeE|Eproto:protonameE ]> S<[ B<-F> Efield to displayE ]> S<[ B<-h> ]> S<[ B<-l> ]> @@ -111,7 +111,8 @@ A complete list of DLTs can be found at L. B:I Packet data should be dissected using the -libpcap/WinPcap DLT I, e.g. B for raw IEEE 802.11. +libpcap/WinPcap LINKTYPE_ I, e.g. B for raw IEEE +802.11 or B for raw IP. B:I Packet data should be passed to the specified Wireshark protocol dissector, e.g. B for HTTP data. diff --git a/rawshark.c b/rawshark.c index 0c46c29b44..4c5eb39a78 100644 --- a/rawshark.c +++ b/rawshark.c @@ -204,7 +204,7 @@ print_usage(gboolean print_ver) fprintf(output, "\n"); fprintf(output, "Processing:\n"); - fprintf(output, " -d |\n"); + fprintf(output, " -d |\n"); fprintf(output, " packet encapsulation or protocol\n"); fprintf(output, " -F field to display\n"); fprintf(output, " -n disable all name resolution (def: all enabled)\n"); @@ -356,9 +356,10 @@ raw_pipe_open(const char *pipe_name) } /** - * Parse a link-type argument of the form "encap:" or - * "proto:". "Pcap dlt" must be a name conforming to - * pcap_datalink_name_to_val() or an integer. "Proto name" must be + * Parse a link-type argument of the form "encap:" or + * "proto:". "Pcap linktype" must be a name conforming to + * pcap_datalink_name_to_val() or an integer; the integer should be + * a LINKTYPE_ value supported by Wiretap. "Proto name" must be * a protocol name, e.g. "http". */ static gboolean @@ -385,6 +386,16 @@ set_link_type(const char *lt_arg) { } dlt_val = (int)val; } + /* + * In those cases where a given link-layer header type + * has different LINKTYPE_ and DLT_ values, linktype_name_to_val() + * will return the OS's DLT_ value for that link-layer header + * type, not its OS-independent LINKTYPE_ value. + * + * On a given OS, wtap_pcap_encap_to_wtap_encap() should + * be able to map either LINKTYPE_ values or DLT_ values + * for the OS to the appropriate Wiretap encapsulation. + */ encap = wtap_pcap_encap_to_wtap_encap(dlt_val); if (encap == WTAP_ENCAP_UNKNOWN) { return FALSE; -- cgit v1.2.3