Fix the section on Boolean fields to match reality.

Confusing though it might be, a patch-matching expression containing
only the name of a Boolean field matches all packets containing that
field, regardless of whether the field is true or false; you need to
compare the field against 1 to check whether it's true.

Change-Id: I615acc4d71964c8474e6f3655ade8814cbe07b22
Reviewed-on: https://code.wireshark.org/review/34422
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

docbook/wsug_src/WSUG_chapter_work.adoc

@@ -522,14 +522,18 @@ Signed integer::
   decimal, octal, or hexadecimal.
 
 Boolean::
-  A boolean field is present in the protocol decode only if its value is true. For
-  example, `tcp.flags.syn` is present, and thus true, only if the SYN flag is
-  present in a TCP segment header.
+  Can be 1, if true, or 0, if false.
 
-  The filter expression `tcp.flags.syn` will select only those packets for which
-  this flag exists, that is, TCP segments where the segment header contains the
-  SYN flag. Similarly, to find source-routed token ring packets, use a filter
-  expression of `tr.sr`.
+  Because an expression containing a field name, but not comparing it
+  with a value, matches all packets that contain that field, an
+  expression such as `tcp.flags.syn` will match all TCP segments
+  containing the flags field, regardless of whether the SYN flag is set.
+
+  To match only TCP segments in which the SYN flag is set, the
+  expression `tcp.flags.syn == 1` must be used.  Similarly, to find
+  source-routed token ring packets, a filter expression of `tr.sr == 1`
+  must be used; `tr.sr` will match all packets not cut short before the
+  source-routed flag.
 
 Ethernet address::
   6 bytes separated by a colon (:), dot (.) or dash (-) with one or two bytes between separators: