Print linktype value default match

Moreover, c`apture length is unsigned, thus use %u.
(fxlb)

diff --git a/magic/Magdir/sniffer b/magic/Magdir/sniffer
index 8cee245e029b80cf58b2fd50351e6f13d887524d..c9e2b4419e1a2b4f6b290eb00c74c23bdbd33997 100644 (file)
--- a/magic/Magdir/sniffer
+++ b/magic/Magdir/sniffer
@@ -1,6 +1,6 @@
 
 #------------------------------------------------------------------------------
-# $File: sniffer,v 1.21 2019/02/09 17:52:18 christos Exp $
+# $File: sniffer,v 1.22 2019/03/03 02:35:32 christos Exp $
 # sniffer:  file(1) magic for packet capture files
 #
 # From: guy@alum.mit.edu (Guy Harris)
@@ -85,6 +85,8 @@
 0      name            pcap-be
 >4     beshort         x               - version %d
 >6     beshort         x               \b.%d
+# clear that continuation level match
+>20    clear           x
 >20    belong          0               (No link-layer encapsulation
 >20    belong          1               (Ethernet
 >20    belong          2               (3Mb Ethernet
@@ -186,7 +188,9 @@
 >20    belong          245             (NFC LLCP
 >20    belong          247             (Infiniband
 >20    belong          248             (SCTP
->16    belong          x               \b, capture length %d)
+# print default match
+>>20   belong          x               (linktype#%u
+>16    belong          x               \b, capture length %u)
 
 # packets time stamps in seconds and microseconds.
 0      ubelong         0xa1b2c3d4      pcap capture file, microseconds ts (big-endian)