Put the display-filter elements into it's own manpage (ethereal-filter.4)

svn path=/trunk/; revision=8576
2003-10-01 14:59:41 +00:00 · 2003-10-01 14:59:41 +00:00 · ee6cc56f58
parent 28eb53f033
commit ee6cc56f58
5 changed files with 85 additions and 41 deletions
--- a/doc/.cvsignore
+++ b/doc/.cvsignore
@ -1,7 +1,7 @@
 Makefile.in
 Makefile
 dfilter2pod
-ethereal.pod
-tethereal.pod
+ethereal-filter.pod
 *.1
+*.4
 *.html
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -1,7 +1,7 @@
 # Makefile.am
 # Automake file for Ethereal documentation
 #
-# $Id: Makefile.am,v 1.17 2003/02/27 00:09:53 guy Exp $
+# $Id: Makefile.am,v 1.18 2003/10/01 14:59:40 jmayer Exp $
 #
 # Ethereal - Network traffic analyzer
 # By Gerald Combs <gerald@ethereal.com>
@ -30,17 +30,20 @@
 	--release=$(VERSION)			 \
 	 ethereal.pod > ../ethereal.1

-ethereal.pod: ethereal.pod.template  ../ethereal
-	../ethereal -G fields | $(PERL) $(srcdir)/dfilter2pod.pl $(srcdir)/ethereal.pod.template > ethereal.pod
-
 ../tethereal.1: tethereal.pod ../config.h
 	$(POD2MAN)                     \
 	--center="The Ethereal Network Analyzer" \
 	--release=$(VERSION)			 \
 	tethereal.pod > ../tethereal.1

-tethereal.pod: tethereal.pod.template  ../tethereal
-	../tethereal -G fields | $(PERL) $(srcdir)/dfilter2pod.pl $(srcdir)/tethereal.pod.template > tethereal.pod
+../ethereal-filter.4: ethereal-filter.pod ../config.h
+	$(POD2MAN)                     \
+	--center="The Ethereal Network Analyzer" \
+	--release=$(VERSION)			 \
+	ethereal-filter.pod > ../ethereal-filter.4
+
+ethereal-filter.pod: ethereal-filter.pod.template  ../tethereal
+	../tethereal -G fields | $(PERL) ../dfilter2pod.pl ../ethereal-filter.pod.template > ethereal-filter.pod

 ../editcap.1: editcap.pod ../config.h
 	$(POD2MAN)                      \
@ -66,9 +69,11 @@ tethereal.pod: tethereal.pod.template  ../tethereal
 	--release=$(VERSION)			 \
 	$(srcdir)/text2pcap.pod > ../text2pcap.1

-CLEANFILES =	\
-	ethereal.pod	\
-	tethereal.pod	\
+CLEANFILES =		\
+	ethereal-filter.pod \
+	../ethereal-filter.4 \
+	../ethereal.1	\
+	../tethereal.1	\
 	../ethereal.1	\
 	../editcap.1	\
 	../mergecap.1	\
--- a/doc/ethereal-filter.pod.template
+++ b/doc/ethereal-filter.pod.template
@ -0,0 +1,43 @@
+=head1 NAME
+
+ethereal-filter - Filter packets from a set of captured packets
+
+=head1 SYNOPSYS
+
+B<ethereal> [other options]
+S<[ B<-R> "filter expression" ]>
+
+B<tethereal> [other options]
+S<[ B<-R> "filter expression" ]>
+
+=head1 DESCRIPTION
+
+ethereal(1) and tethereal(1) can filter on many protocols and protocol
+fields. The following section lists all of them. The abbreviation of the
+protocol or field is given. This abbreviation is what you use in the
+read filter.  The type of the field is also given. For detailed
+information on how to apply these filters, see the ethereal(1) or
+tethereal(1) manpage.
+
+=head1 READ FILTER PROTOCOL FIELDS
+
+=insert_dfilter_table
+
+=head1 NOTES
+
+The B<ethereal-filters> manpage is part of the B<Ethereal> distribution.
+The latest version of B<Ethereal> can be found at
+B<http://www.ethereal.com>.
+
+This manpage does not describe the capture filter syntax, which is
+different. See the tcpdump(8) manpage for a description of capture
+filters.
+
+=head1 SEE ALSO
+
+I<ethereal(1)>, I<tethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
+
+head1 AUTHORS
+
+See the list of authors in the B<Ethereal> man page for a list of authors of
+that code.
--- a/doc/ethereal.pod.template
+++ b/doc/ethereal.pod.template
@ -1424,16 +1424,16 @@ protocols built into Ethereal are.

 See manual page of tcpdump(8).

-=head1 DISPLAY FILTER SYNTAX
+=head1 READ FILTER SYNTAX

-Display filters help you remove the noise from a packet trace and let
-you see only the packets that interest you.  If a packet meets the
-requirements expressed in your display filter, then it is displayed in
-the list of packets.  Display filters let you compare the fields within
-a protocol against a specific value, compare fields against fields, and
-to check the existence of specified fields or protocols.
+Read filters help you remove the noise from a packet trace and let you
+see only the packets that interest you.  If a packet meets the
+requirements expressed in your read filter, then it is printed.  Read
+filters let you compare the fields within a protocol against a specific
+value, compare fields against fields, and to check the existence of
+specified fields or protocols.

-The simplest display filter allows you to check for the existence of a
+The simplest read filter allows you to check for the existence of a
 protocol or field.  If you want to see all packets which contain the IPX
 protocol, the filter would be "ipx".  (Without the quotation marks) To
 see all packets that contain a Token-Ring RIF field, use "tr.rif".
@ -1468,17 +1468,17 @@ Furthermore, each protocol field is typed. The types are:
    Double-precision floating point number

 An integer may be expressed in decimal, octal, or hexadecimal notation. 
-The following three display filters are equivalent:
+The following three read filters are equivalent:

    frame.pkt_len > 10
    frame.pkt_len > 012
    frame.pkt_len > 0xa

-Boolean values are either true or false.  In a display filter expression
+Boolean values are either true or false.  In a read filter expression
 testing the value of a Boolean field, "true" is expressed as 1 or any
 other non-zero value, and "false" is expressed as zero.  For example, a
 token-ring packet's source route field is boolean.  To find any
-source-routed packets, a display filter would be:
+source-routed packets, a read filter would be:

    tr.sr == 1

@ -1506,7 +1506,7 @@ by using the hostname:
 IPv4 addresses can be compared with the same logical relations as numbers:
 eq, ne, gt, ge, lt, and le.  The IPv4 address is stored in host order,
 so you do not have to worry about how the endianness of an IPv4 address
-when using it in a display filter.
+when using it in a read filter.

 Classless InterDomain Routing (CIDR) notation can be used to test if an
 IPv4 address is in a certain subnet.  For example, this display filter
@ -1606,7 +1606,7 @@ abbreviations:
    not, !    Logical NOT

 Expressions can be grouped by parentheses as well.  The following are
-all valid display filter expression:
+all valid read filter expression:

    tcp.port == 80 and ip.src == 192.168.2.1
    not llc
@ -1624,7 +1624,7 @@ two expressions are not equivalent:

 The first filter says "show me IP packets where an ip.addr exists that
 does not equal 192.168.4.1".  That is, as long as one ip.addr in the
-packet does not equal 192.168.44.1, the packet passes the display
+packet does not equal 192.168.44.1, the packet passes the read
 filter.  The second filter "don't show me any packets that have at least
 one ip.addr field equal to 192.168.4.1".  If one ip.addr is 192.168.4.1,
 the packet does not pass.  If B<neither> ip.addr fields is 192.168.4.1,
@ -1637,7 +1637,7 @@ not equal 192.168.4.1".

 Be careful with multiply-recurring fields; they can be confusing.

-Care must also be taken when using the display filter to remove noise
+Care must also be taken when using the read filter to remove noise
 from the packet trace. If you want to e.g. filter out all IP multicast
 packets to address 224.1.2.3, then using:

@ -1645,7 +1645,7 @@ packets to address 224.1.2.3, then using:

 may be too restrictive. Filtering with "ip.dst" selects only those
 B<IP> packets that satisfy the rule. Any other packets, including all
-non-IP packets, will not be displayed. For displaying also the non-IP
+non-IP packets, will not be printed. For printing also the non-IP
 packets, you can use one of the following two expressions:

    not ip or ip.dst ne 224.1.2.3
@ -1656,12 +1656,10 @@ lets "ip.dst ne 224.1.2.3" to filter out the unwanted IP packets. The
 second filter has already been explained above where filtering with
 multiply occuring fields was discussed.

-The following is a table of protocol and protocol fields that are
-filterable in B<Ethereal>.  The abbreviation of the protocol or field is
-given.  This abbreviation is what you use in the display filter.  The
-type of the field is also given.
-
-=insert_dfilter_table
+For a complete table of protocol and protocol fields that are filterable
+in B<Ethereal> see ethereal-filter(4). The abbreviation of the protocol
+or field is given.  This abbreviation is what you use in the read filter.
+The type of the field is also given.

 =head1 FILES

@ -1779,7 +1777,7 @@ respectively.

 =head1 SEE ALSO

-I<tethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
+I<ethereal-filter(4)> I<tethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>

 =head1 NOTES

--- a/doc/tethereal.pod.template
+++ b/doc/tethereal.pod.template
@ -819,12 +819,10 @@ lets "ip.dst ne 224.1.2.3" to filter out the unwanted IP packets. The
 second filter has already been explained above where filtering with
 multiply occuring fields was discussed.

-The following is a table of protocol and protocol fields that are
-filterable in B<Tethereal>.  The abbreviation of the protocol or field is
-given.  This abbreviation is what you use in the read filter.  The
-type of the field is also given.
-
-=insert_dfilter_table
+For a complete table of protocol and protocol fields that are filterable
+in B<Tethereal> see ethereal-filter(4). The abbreviation of the protocol
+or field is given.  This abbreviation is what you use in the read filter.
+The type of the field is also given.

 =head1 FILES

@ -921,7 +919,7 @@ For example, these four lines are valid lines of an ipxnets file.

 =head1 SEE ALSO

-I<ethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>
+I<ethereal-filter(4)> I<ethereal(1)>, I<editcap(1)>, I<tcpdump(8)>, I<pcap(3)>

 =head1 NOTES