dfilter: Add max()/min() tests and documentation

author: João Valverde <j@v6e.pt> 2022-04-13 14:07:01 +0100
committer: A Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> 2022-04-14 13:07:41 +0000
commit: cef02cc3a0fdfd7ed7ac35fcae42a158ef618a31 (patch)
tree: 9520dcd9eb2bec34c60170c04aaf241cda4b06ce /doc
parent: 827d143e6e6e75fe8e438ba7493df7e02aa5503b (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/wireshark-filter.adoc b/doc/wireshark-filter.adoc
index 302477032a..e46dcbbe13 100644
--- a/doc/wireshark-filter.adoc
+++ b/doc/wireshark-filter.adoc
@@ -128,6 +128,8 @@ The filter language has the following functions:
     len(field)          - returns the byte length of a string or bytes field
     count(field)        - returns the number of field occurrences in a frame
     string(field)       - converts a non-string field to string
+    max(f1,...,fn)      - return the maximum value
+    min(f1,...,fn)      - return the minimum value
 
 upper() and lower() are useful for performing case-insensitive string
 comparisons. For example:
@@ -144,6 +146,9 @@ byte fields. For example:
 
 gives you all the odd packets.
 
+max() and min() take any number of arguments and returns one value, respectively
+the largest/smallest. The arguments must all have the same type.
+
 === Protocol field types
 
 Each protocol field is typed. The types are:
author	João Valverde <j@v6e.pt>	2022-04-13 14:07:01 +0100
committer	A Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org>	2022-04-14 13:07:41 +0000
commit	cef02cc3a0fdfd7ed7ac35fcae42a158ef618a31 (patch)
tree	9520dcd9eb2bec34c60170c04aaf241cda4b06ce /doc
parent	827d143e6e6e75fe8e438ba7493df7e02aa5503b (diff)