aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuy Harris <guy@alum.mit.edu>2019-09-01 13:16:36 -0700
committerGuy Harris <guy@alum.mit.edu>2019-09-01 21:09:55 +0000
commit9ae6abdec99d725d18633df66380067136a822b3 (patch)
treee122f08ed4f9fe83c98eeef3996fa98b107d80e2
parenta53ec79ebc1beb75caeb1b231a6ebd021a26c2f9 (diff)
Fix the section on Boolean fields to match reality.
Confusing though it might be, a patch-matching expression containing only the name of a Boolean field matches all packets containing that field, regardless of whether the field is true or false; you need to compare the field against 1 to check whether it's true. Change-Id: I615acc4d71964c8474e6f3655ade8814cbe07b22 Reviewed-on: https://code.wireshark.org/review/34422 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
-rw-r--r--docbook/wsug_src/WSUG_chapter_work.adoc20
1 files changed, 12 insertions, 8 deletions
diff --git a/docbook/wsug_src/WSUG_chapter_work.adoc b/docbook/wsug_src/WSUG_chapter_work.adoc
index e817888605..4cdca675e5 100644
--- a/docbook/wsug_src/WSUG_chapter_work.adoc
+++ b/docbook/wsug_src/WSUG_chapter_work.adoc
@@ -522,14 +522,18 @@ Signed integer::
decimal, octal, or hexadecimal.
Boolean::
- A boolean field is present in the protocol decode only if its value is true. For
- example, `tcp.flags.syn` is present, and thus true, only if the SYN flag is
- present in a TCP segment header.
-
- The filter expression `tcp.flags.syn` will select only those packets for which
- this flag exists, that is, TCP segments where the segment header contains the
- SYN flag. Similarly, to find source-routed token ring packets, use a filter
- expression of `tr.sr`.
+ Can be 1, if true, or 0, if false.
+
+ Because an expression containing a field name, but not comparing it
+ with a value, matches all packets that contain that field, an
+ expression such as `tcp.flags.syn` will match all TCP segments
+ containing the flags field, regardless of whether the SYN flag is set.
+
+ To match only TCP segments in which the SYN flag is set, the
+ expression `tcp.flags.syn == 1` must be used. Similarly, to find
+ source-routed token ring packets, a filter expression of `tr.sr == 1`
+ must be used; `tr.sr` will match all packets not cut short before the
+ source-routed flag.
Ethernet address::
6 bytes separated by a colon (:), dot (.) or dash (-) with one or two bytes between separators: