Wireshark-bugs: [Wireshark-bugs] [Bug 1029] Tshark -R doesn't support "frame.time	>= Jul 20, 200
      
      
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1029
------- Comment #4 from jeff.morriss@xxxxxxxxxxx  2007-03-18 14:21 GMT -------
I looked a bit into this and it turns out that the problem is that the filter:
frame.time > Jul 20, 2006 1
is, apparently a valid filter (note that if you take the trailing "1" off it is
no longer a valid filter?!?).  It seems to be a valid TEST_OP_EXISTS, though I
can't quite see why.
Hmmm, apparently:
foo.bar > Dec 31, 2002 05
is also a valid filter.  Weird.
Anyway, TEST_OP_EXISTS is basically an "entity":
ogical_test(T) ::= entity(E).
{
        T = stnode_new(STTYPE_TEST, NULL);
        sttype_test_set1(T, TEST_OP_EXISTS, E);
}
which can be:
/* Entities, or things that can be compared/tested/checked */
entity(E) ::= FIELD(F).         { E = F; }
entity(E) ::= STRING(S).        { E = S; }
entity(E) ::= UNPARSED(U).      { E = U; }
entity(E) ::= range(R).         { E = R; }
I *suppose* the problem is that in this case the entity is an UNPARSED string? 
I ran out of time about here.  Oof, I hate parsers...
-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.