diff --git a/doc/wireshark-filter.adoc b/doc/wireshark-filter.adoc index be4142e259..f0bc56981b 100644 --- a/doc/wireshark-filter.adoc +++ b/doc/wireshark-filter.adoc @@ -67,10 +67,17 @@ abbreviations or through C-like symbols: The ordering depends on the value type in the usual way (e.g., lexicographic for strings and arithmetic for integers.) A field may appear more than once -in a given frame. In general, if any appearance of a field has a value that -satisfies its operator, then the expression evaluates to true. The one -exception is the "!=" operator, which asserts that _all_ appearances of a field -are not equal to a value, making it the logical negation of the "==" operator.footnote:[This differs from previous, deprecated behavior. To obtain the old behavior, which was true if any appearance was not equal, use the "any_ne", "~=" operator.] +in a given frame. In that case equality can be strict (all fields must match +the condition) or not (any field must match the condition). The inequality is +the logical negation of equality. The following table contains all equality +operators, their aliases and meaning: + + eq, any_eq, == Any field must be equal + ne, all_ne, != All fields must be not equal + all_eq, === All fields must be equal + any_ne, !== Any fields must be not equal + +The operator !== (any_ne) can also be written as ~=. === Search and match operators diff --git a/docbook/wsug_src/WSUG_chapter_work.adoc b/docbook/wsug_src/WSUG_chapter_work.adoc index 317beb9a56..19684ffb1e 100644 --- a/docbook/wsug_src/WSUG_chapter_work.adoc +++ b/docbook/wsug_src/WSUG_chapter_work.adoc @@ -516,18 +516,20 @@ English and C-like operators are interchangeable and can be mixed within a filte [[DispCompOps]] .Display Filter comparison operators -[options="header",cols="1,1,1,4"] +[options="header",cols="1,1,1,3,3"] |=== -|English|C-like|Description|Example -|eq |== |Equal| `ip.src==10.0.0.5` -|ne |!= |Not equal| `ip.src!=10.0.0.5` -|gt |> |Greater than| `frame.len > 10` -|lt |< |Less than| `frame.len < 128` -|ge |>= |Greater than or equal to| `frame.len ge 0x100` -|le |\<= |Less than or equal to| `frame.len \<= 0x20` -|contains||Protocol, field or slice contains a value| `sip.To contains "a1762"` -|matches|~|Protocol or text field matches a Perl-compatible regular expression| `http.host matches "acme\\.(org\|com\|net)"` -|bitwise_and|&|Bitwise AND is non-zero| `tcp.flags & 0x02` +| English | Alias | C-like | Description | Example +| eq | any_eq | == | Equal (any if more than one) | `ip.src == 10.0.0.5` +| ne | all_ne | != | Not equal (all if more than one) | `ip.src != 10.0.0.5` +| | all_eq | === | Equal (all if more than one) | `ip.src === 10.0.0.5` +| | any_ne | !== | Not equal (any if more than one) | `ip.src !== 10.0.0.5` +| gt | | > | Greater than | `frame.len > 10` +| lt | | < | Less than | `frame.len < 128` +| ge | | >= | Greater than or equal to | `frame.len ge 0x100` +| le | | \<= | Less than or equal to | `frame.len \<= 0x20` +| contains | | | Protocol, field or slice contains a value | `sip.To contains "a1762"` +| matches | | ~ | Protocol or text field matches a Perl-compatible regular expression| `http.host matches "acme\\.(org\|com\|net)"` +| bitwise_and | | & | Bitwise AND is non-zero | `tcp.flags & 0x02` |=== All protocol fields have a type. <> provides a list