osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

dfilter: Change boolean string representation 

Use "True" or "TRUE" instead of "true" and remove case insensivity.
Same for false. This should serve to differentiate booleans a bit
more from protocol names, which should be using lower-case.
This commit is contained in:
João Valverde 2022-06-25 12:54:16 +01:00
parent 229dad6a75
commit e9e6431d7b
5 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/wireshark-filter.adoc
View File

@ -203,18 +203,21 @@ are equivalent:
frame.len > '\012'
Boolean values are either true or false. In a display filter expression
testing the value of a Boolean field, true is expressed as the word "true"
(without quotes) or any non-zero number. False is expressed as "false" or zero.
For example, a token-ring packet's source route field is Boolean. To find any
source-routed packets, a display filter would be any of the following:
testing the value of a Boolean field, true is expressed as the word "True"
or "TRUE" (without quotes) or any non-zero number. False is expressed as
"False" or "FALSE" or the number zero. For example, a token-ring packet's
source route field is Boolean. To find any source-routed packets, a display
filter would be any of the following:
tr.sr == 1
tr.sr == true
tr.sr == True
tr.sr == TRUE
Non source-routed packets can be found with:
tr.sr == 0
tr.sr == false
tr.sr == False
tr.sr == FALSE
Ethernet addresses and byte arrays are represented by hex
digits. The hex digits may be separated by colons, periods, or hyphens:

1
docbook/release-notes.adoc
View File

@ -139,6 +139,7 @@ They previously shipped with Qt 5.12.2.
** Literal strings can handle embedded null bytes (the value '\0') correctly. This includes regular expression patterns.
For example the double-quoted string "\0 is a null byte" is a legal literal value.
This may be useful to match byte patterns but note that in general protocol fields with a string type still cannot contain embedded null bytes.
** Booleans can be written as True/TRUE or False/FALSE. Previously they could only be written as 1 or 0.
* The `text2pcap` command and the “Import from Hex Dump” feature have been updated and enhanced:
** `text2pcap` supports writing the output file in all the capture file formats that wiretap library supports, using the same `-F` option as `editcap`, `mergecap`, and `tshark`.

6
docbook/wsug_src/WSUG_chapter_work.adoc
View File

@ -589,12 +589,12 @@ Signed integer::
decimal, octal, hexadecimal or binary.
Boolean::
Can be 1 or "true", 0 or "false" (without quotes).
Can be 1 or "True" or "TRUE", 0 or "False" or "FALSE" (without quotes).
+
A Boolean field is present whether its value is true or false. For example,
A Boolean field is present regardless if its value is true or false. For example,
`tcp.flags.syn` is present in all TCP packets containing the flag, whether
the SYN flag is 0 or 1. To only match TCP packets with the SYN flag set, you need
to use `tcp.flags.syn == 1` or `tcp.flags.syn == true`.
to use `tcp.flags.syn == 1` or `tcp.flags.syn == True`.
Ethernet address::
6 bytes separated by a colon (:), dot (.), or dash (-) with one or two bytes between separators:

4
epan/ftypes/ftype-integer.c
View File

@ -1065,11 +1065,11 @@ uint64_modulo(fvalue_t *dst, const fvalue_t *a, const fvalue_t *b, char **err_pt
static gboolean
boolean_from_literal(fvalue_t *fv, const char *s, gboolean allow_partial_value, gchar **err_msg)
{
if (g_ascii_strcasecmp(s, "true") == 0) {
if (strcmp(s, "True") == 0 || strcmp(s, "TRUE") == 0) {
fv->value.uinteger64 = 1;
return TRUE;
}
if (g_ascii_strcasecmp(s, "false") == 0) {
if (strcmp(s, "False") == 0 || strcmp(s, "FALSE") == 0) {
fv->value.uinteger64 = 0;
return TRUE;
}

6
test/suite_dfilter/group_syntax.py
View File

@ -112,9 +112,13 @@ class case_syntax(unittest.TestCase):
checkDFilterCount(dfilter, 1)
def test_bool_2(self, checkDFilterCount):
dfilter = "tcp.flags.push == true"
dfilter = "tcp.flags.push == True"
checkDFilterCount(dfilter, 1)
def test_bool_2(self, checkDFilterCount):
dfilter = "tcp.flags.push == FALSE"
checkDFilterCount(dfilter, 0)
@fixtures.uses_fixtures
class case_equality(unittest.TestCase):
trace_file = "sip.pcapng"