diff --git a/doc/wireshark-filter.adoc b/doc/wireshark-filter.adoc index 2777f78ad4..67fdf36c9c 100644 --- a/doc/wireshark-filter.adoc +++ b/doc/wireshark-filter.adoc @@ -203,18 +203,21 @@ are equivalent: frame.len > '\012' Boolean values are either true or false. In a display filter expression -testing the value of a Boolean field, true is expressed as the word "true" -(without quotes) or any non-zero number. False is expressed as "false" or zero. -For example, a token-ring packet's source route field is Boolean. To find any -source-routed packets, a display filter would be any of the following: +testing the value of a Boolean field, true is expressed as the word "True" +or "TRUE" (without quotes) or any non-zero number. False is expressed as +"False" or "FALSE" or the number zero. For example, a token-ring packet's +source route field is Boolean. To find any source-routed packets, a display +filter would be any of the following: tr.sr == 1 - tr.sr == true + tr.sr == True + tr.sr == TRUE Non source-routed packets can be found with: tr.sr == 0 - tr.sr == false + tr.sr == False + tr.sr == FALSE Ethernet addresses and byte arrays are represented by hex digits. The hex digits may be separated by colons, periods, or hyphens: diff --git a/docbook/release-notes.adoc b/docbook/release-notes.adoc index 23891ed0dd..9e0cfcd33a 100644 --- a/docbook/release-notes.adoc +++ b/docbook/release-notes.adoc @@ -139,6 +139,7 @@ They previously shipped with Qt 5.12.2. ** Literal strings can handle embedded null bytes (the value '\0') correctly. This includes regular expression patterns. For example the double-quoted string "\0 is a null byte" is a legal literal value. This may be useful to match byte patterns but note that in general protocol fields with a string type still cannot contain embedded null bytes. +** Booleans can be written as True/TRUE or False/FALSE. Previously they could only be written as 1 or 0. * The `text2pcap` command and the “Import from Hex Dump” feature have been updated and enhanced: ** `text2pcap` supports writing the output file in all the capture file formats that wiretap library supports, using the same `-F` option as `editcap`, `mergecap`, and `tshark`. diff --git a/docbook/wsug_src/WSUG_chapter_work.adoc b/docbook/wsug_src/WSUG_chapter_work.adoc index 3e3b0ba91d..7fe8378965 100644 --- a/docbook/wsug_src/WSUG_chapter_work.adoc +++ b/docbook/wsug_src/WSUG_chapter_work.adoc @@ -589,12 +589,12 @@ Signed integer:: decimal, octal, hexadecimal or binary. Boolean:: - Can be 1 or "true", 0 or "false" (without quotes). + Can be 1 or "True" or "TRUE", 0 or "False" or "FALSE" (without quotes). + -A Boolean field is present whether its value is true or false. For example, +A Boolean field is present regardless if its value is true or false. For example, `tcp.flags.syn` is present in all TCP packets containing the flag, whether the SYN flag is 0 or 1. To only match TCP packets with the SYN flag set, you need -to use `tcp.flags.syn == 1` or `tcp.flags.syn == true`. +to use `tcp.flags.syn == 1` or `tcp.flags.syn == True`. Ethernet address:: 6 bytes separated by a colon (:), dot (.), or dash (-) with one or two bytes between separators: diff --git a/epan/ftypes/ftype-integer.c b/epan/ftypes/ftype-integer.c index 440b67c604..3c856a8b18 100644 --- a/epan/ftypes/ftype-integer.c +++ b/epan/ftypes/ftype-integer.c @@ -1065,11 +1065,11 @@ uint64_modulo(fvalue_t *dst, const fvalue_t *a, const fvalue_t *b, char **err_pt static gboolean boolean_from_literal(fvalue_t *fv, const char *s, gboolean allow_partial_value, gchar **err_msg) { - if (g_ascii_strcasecmp(s, "true") == 0) { + if (strcmp(s, "True") == 0 || strcmp(s, "TRUE") == 0) { fv->value.uinteger64 = 1; return TRUE; } - if (g_ascii_strcasecmp(s, "false") == 0) { + if (strcmp(s, "False") == 0 || strcmp(s, "FALSE") == 0) { fv->value.uinteger64 = 0; return TRUE; } diff --git a/test/suite_dfilter/group_syntax.py b/test/suite_dfilter/group_syntax.py index 1d8d23ce8d..8327ba1d0c 100644 --- a/test/suite_dfilter/group_syntax.py +++ b/test/suite_dfilter/group_syntax.py @@ -112,9 +112,13 @@ class case_syntax(unittest.TestCase): checkDFilterCount(dfilter, 1) def test_bool_2(self, checkDFilterCount): - dfilter = "tcp.flags.push == true" + dfilter = "tcp.flags.push == True" checkDFilterCount(dfilter, 1) + def test_bool_2(self, checkDFilterCount): + dfilter = "tcp.flags.push == FALSE" + checkDFilterCount(dfilter, 0) + @fixtures.uses_fixtures class case_equality(unittest.TestCase): trace_file = "sip.pcapng"