From: guy Date: Sun, 28 Jan 2001 09:46:42 +0000 (+0000) Subject: Document the "netbeui" filter expression keyword. X-Git-Tag: tcpdump-3.7.1~284 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/8cba55d69251f64ffa9f169d9a1d6ab2904cb96a Document the "netbeui" filter expression keyword. Add a #define LLCSAP_NETBEUI for the NetBEUI LLC SAP, and use that rather than "0xf0" in the LLC dissector. --- diff --git a/llc.h b/llc.h index de185c8e..b812bf1c 100644 --- a/llc.h +++ b/llc.h @@ -18,7 +18,7 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Header: /tcpdump/master/tcpdump/llc.h,v 1.9 2001-01-15 00:33:59 guy Exp $ (LBL) + * @(#) $Header: /tcpdump/master/tcpdump/llc.h,v 1.10 2001-01-28 09:46:42 guy Exp $ (LBL) */ /* @@ -115,9 +115,12 @@ struct llc { #ifndef LLCSAP_SNAP #define LLCSAP_SNAP 0xaa #endif -#ifndef LLCSAP_ISONS -#define LLCSAP_ISONS 0xfe -#endif #ifndef LLCSAP_IPX #define LLCSAP_IPX 0xe0 #endif +#ifndef LLCSAP_NETBEUI +#define LLCSAP_NETBEUI 0xf0 +#endif +#ifndef LLCSAP_ISONS +#define LLCSAP_ISONS 0xfe +#endif diff --git a/print-llc.c b/print-llc.c index 4557c4f0..100ed883 100644 --- a/print-llc.c +++ b/print-llc.c @@ -24,7 +24,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-llc.c,v 1.35 2001-01-15 03:59:13 guy Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-llc.c,v 1.36 2001-01-28 09:46:43 guy Exp $"; #endif #ifdef HAVE_CONFIG_H @@ -123,7 +123,7 @@ llc_print(const u_char *p, u_int length, u_int caplen, return (1); } - if (llc.ssap == 0xf0 && llc.dsap == 0xf0 + if (llc.ssap == LLCSAP_NETBEUI && llc.dsap == LLCSAP_NETBEUI && (!(llc.llcu & LLC_S_FMT) || llc.llcu == LLC_U_FMT)) { /* * we don't actually have a full netbeui parser yet, but the diff --git a/tcpdump.1 b/tcpdump.1 index f51c9fbf..ba3af30b 100644 --- a/tcpdump.1 +++ b/tcpdump.1 @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.98 2001-01-18 04:37:23 guy Exp $ (LBL) +.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.99 2001-01-28 09:46:43 guy Exp $ (LBL) .\" .\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -530,7 +530,7 @@ True if the packet is of ether type \fIprotocol\fR. \fIProtocol\fP can be a number or one of the names \fIip\fP, \fIip6\fP, \fIarp\fP, \fIrarp\fP, \fIatalk\fP, \fIaarp\fP, \fIdecnet\fP, \fIsca\fP, \fIlat\fP, \fImopdl\fP, \fImoprc\fP, -\fIiso\fP, \fIstp\fP, or \fIipx\fP. +\fIiso\fP, \fIstp\fP, \fIipx\fP, or \fInetbeui\fP. Note these identifiers are also keywords and must be escaped via backslash (\\). .IP @@ -540,7 +540,7 @@ protocol identification comes from the 802.2 Logical Link Control (LLC) header, which is usually layered on top of the FDDI or Token Ring header. .IP -When filtering for those protocol identifiers on FDDI or Token Ring, +When filtering for most protocol identifiers on FDDI or Token Ring, \fBtcpdump\fR checks only the protocol ID field of an LLC header in so-called SNAP format with an Organizational Unit Identifier (OUI) of 0x000000, for encapsulated Ethernet; it doesn't check whether the packet @@ -548,21 +548,21 @@ is in SNAP format with an OUI of 0x000000. .IP The exceptions are \fIiso\fP, for which it checks the DSAP (Destination Service Access Point) and SSAP (Source Service Access Point) fields of -the LLC header, \fIstp\fP, where it checks the DSAP of the LLC -header, and \fIatalk\fP, where it checks for a SNAP-format packet with -an OUI of 0x080007 and the Appletalk etype. +the LLC header, \fIstp\fP and \fInetbeui\fP, where it checks the DSAP of +the LLC header, and \fIatalk\fP, where it checks for a SNAP-format +packet with an OUI of 0x080007 and the Appletalk etype. .IP In the case of Ethernet, \fBtcpdump\fR checks the Ethernet type field -for most of those protocols; the exceptions are \fIiso\fP and \fIsap\fP, -for which it checks for an 802.3 frame and then checks the LLC header as -it does for FDDI and Token Ring, \fIatalk\fP, where it checks both for -the Appletalk etype in an Ethernet frame and for a SNAP-format packet as -it does for FDDI and Token Ring, \fIaarp\fP, where it checks for the -Appletalk ARP etype in either an Ethernet frame or an 802.2 SNAP frame -with an OUI of 0x000000, and \fIipx\fP, where it checks for the IPX -etype in an Ethernet frame, the IPX DSAP in the LLC header, the -802.3 with no LLC header encapsulation of IPX, and the IPX etype in -a SNAP frame.] +for most of those protocols; the exceptions are \fIiso\fP, \fIsap\fP, +and \fInetbeui\fP, for which it checks for an 802.3 frame and then +checks the LLC header as it does for FDDI and Token Ring, \fIatalk\fP, +where it checks both for the Appletalk etype in an Ethernet frame and +for a SNAP-format packet as it does for FDDI and Token Ring, \fIaarp\fP, +where it checks for the Appletalk ARP etype in either an Ethernet frame +or an 802.2 SNAP frame with an OUI of 0x000000, and \fIipx\fP, where it +checks for the IPX etype in an Ethernet frame, the IPX DSAP in the LLC +header, the 802.3 with no LLC header encapsulation of IPX, and the IPX +etype in a SNAP frame.] .IP "\fBdecnet src \fIhost\fR" True if the DECNET source address is .IR host , @@ -575,7 +575,7 @@ True if the DECNET destination address is .IP "\fBdecnet host \fIhost\fR" True if either the DECNET source or destination address is .IR host . -.IP "\fBip\fR, \fBip6\fR, \fBarp\fR, \fBrarp\fR, \fBatalk\fR, \fBaarp\fR, \fBdecnet\fR, \fBiso\fR, \fBstp\fR, \fBipx\fR" +.IP "\fBip\fR, \fBip6\fR, \fBarp\fR, \fBrarp\fR, \fBatalk\fR, \fBaarp\fR, \fBdecnet\fR, \fBiso\fR, \fBstp\fR, \fBipx\fR, \fInetbeui\fP" Abbreviations for: .in +.5i .nf