dfilter: Make logical AND higher precedence than logical OR

In most, if not all, programming languages logical AND has
higher precedence than logical OR. Apply the principle of
least surprise and do the same for Wireshark display
filters.

Before: ip and tcp or udp => ip and (tcp or udp)

    Filter: ip and tcp or udp

    Instructions:
    00000 CHECK_EXISTS	ip
    00001 IF_FALSE_GOTO	5
    00002 CHECK_EXISTS	tcp
    00003 IF_TRUE_GOTO	5
    00004 CHECK_EXISTS	udp
    00005 RETURN

After: ip and tcp or udp => (ip and tcp) or udp

    Filter: ip and tcp or udp

    Instructions:
    00000 CHECK_EXISTS	ip
    00001 IF_FALSE_GOTO	4
    00002 CHECK_EXISTS	tcp
    00003 IF_TRUE_GOTO	5
    00004 CHECK_EXISTS	udp
    00005 RETURN

1 files changed, 13 insertions, 6 deletions

diff --git a/doc/wireshark-filter.adoc b/doc/wireshark-filter.adoc
index 3c9a841bd0..048a822529 100644
--- a/doc/wireshark-filter.adoc
+++ b/doc/wireshark-filter.adoc
@@ -429,14 +429,21 @@ syntactical elements in the filter language.
 
 Tests can be combined using logical expressions.
 These too are expressible in C-like syntax or with English-like
-abbreviations:
+abbreviations. The following table lists the logical operators from
+highest to lowest precedence:
 
-    and, &&   Logical AND
-    or,  ||   Logical OR
-    not, !    Logical NOT
+    not, !    Logical NOT   (right-associative)
+    and, &&   Logical AND   (left-associative)
+    or,  ||   Logical OR    (left-associative)
 
-Expressions can be grouped by parentheses as well.  The following are
-all valid display filter expressions:
+The evaluation is always performed left to right. Expressions can be grouped
+by parentheses as well. The expression "A and B or not C or D and not E or F"
+is read:
+
+    (A and B) or (not C) or (D and (not E)) or F
+
+It's usually better to be explicit about grouping using parenthesis.
+The following are all valid display filter expressions:
 
     tcp.port == 80 and ip.src == 192.168.2.1
     not llc