Docs: Add some content about different equality operators

Add information about the different kind of comparisons with multiple fields to the wireshark-filter man page. Add some minimal information to the user guide. It would be nice to have a section dedicated to this with some examples.
2021-12-31 01:05:56 +00:00 · 2021-12-31 01:05:56 +00:00 · 019bb06268
parent e724a4baf6
commit 019bb06268
2 changed files with 24 additions and 15 deletions
--- a/doc/wireshark-filter.adoc
+++ b/doc/wireshark-filter.adoc
@ -67,10 +67,17 @@ abbreviations or through C-like symbols:

 The ordering depends on the value type in the usual way (e.g., lexicographic
 for strings and arithmetic for integers.)  A field may appear more than once
-in a given frame.  In general, if any appearance of a field has a value that
-satisfies its operator, then the expression evaluates to true.  The one
-exception is the "!=" operator, which asserts that _all_ appearances of a field
-are not equal to a value, making it the logical negation of the "==" operator.footnote:[This differs from previous, deprecated behavior.  To obtain the old behavior, which was true if any appearance was not equal, use the "any_ne", "~=" operator.]
+in a given frame.  In that case equality can be strict (all fields must match
+the condition) or not (any field must match the condition). The inequality is
+the logical negation of equality. The following table contains all equality
+operators, their aliases and meaning:
+
+    eq, any_eq, ==    Any field must be equal
+    ne, all_ne, !=    All fields must be not equal
+        all_eq, ===   All fields must be equal
+        any_ne, !==   Any fields must be not equal
+
+The operator !== (any_ne) can also be written as ~=.

 === Search and match operators

--- a/docbook/wsug_src/WSUG_chapter_work.adoc
+++ b/docbook/wsug_src/WSUG_chapter_work.adoc
@ -516,18 +516,20 @@ English and C-like operators are interchangeable and can be mixed within a filte
 [[DispCompOps]]

 .Display Filter comparison operators
-[options="header",cols="1,1,1,4"]
+[options="header",cols="1,1,1,3,3"]
 |===
-|English|C-like|Description|Example
-|eq |== |Equal| `ip.src==10.0.0.5`
-|ne |!= |Not equal| `ip.src!=10.0.0.5`
-|gt |>  |Greater than| `frame.len > 10`
-|lt |<  |Less than| `frame.len < 128`
-|ge |>= |Greater than or equal to| `frame.len ge 0x100`
-|le |\<= |Less than or equal to| `frame.len \<= 0x20`
-|contains||Protocol, field or slice contains a value| `sip.To contains "a1762"`
-|matches|~|Protocol or text field matches a Perl-compatible regular expression| `http.host matches "acme\\.(org\|com\|net)"`
-|bitwise_and|&|Bitwise AND is non-zero| `tcp.flags & 0x02`
+| English      | Alias    | C-like | Description                      | Example
+| eq           | any_eq   | ==     | Equal (any if more than one)     | `ip.src == 10.0.0.5`
+| ne           | all_ne   | !=     | Not equal (all if more than one) | `ip.src != 10.0.0.5`
+|              | all_eq   | ===    | Equal (all if more than one)     | `ip.src === 10.0.0.5`
+|              | any_ne   | !==    | Not equal (any if more than one) | `ip.src !== 10.0.0.5`
+| gt           |          | >      | Greater than                     | `frame.len > 10`
+| lt           |          | <      | Less than                        | `frame.len < 128`
+| ge           |          | >=     | Greater than or equal to         | `frame.len ge 0x100`
+| le           |          | \<=    | Less than or equal to            | `frame.len \<= 0x20`
+| contains     |          |        | Protocol, field or slice contains a value | `sip.To contains "a1762"`
+| matches      |          | ~      | Protocol or text field matches a Perl-compatible regular expression| `http.host matches "acme\\.(org\|com\|net)"`
+| bitwise_and  |          | &      | Bitwise AND is non-zero          | `tcp.flags & 0x02`
 |===

 All protocol fields have a type. <<ChWorkFieldTypes>> provides a list