Wireshark-bugs: [Wireshark-bugs] [Bug 11860] Display filter operator != not working as exepected
Comment # 17
on bug 11860
from Guy Harris
(In reply to João Valverde from comment #16)
> It's a really nice idea and very promising but then '!>' is logically
> different to '<='. Not a showstopper IMO.
Yes, that's the whole *point* - it's *supposed* to be different, just as, with
"<>" being the inverse of "=", "!=" is logically different from "<>". People
seem to want, in addition to the current relational operators that test whether
the relation is true for *at least one* instance of the field, relational
operators that test whether the relation is true for *all* instances of the
field; "!>" would test whether "{value-of-field} > {value}" is false, and thus
whether "{value-of=field} <= {value}" is true, for *all* instances of {field},
whereas "<=" tests whether "{value-of-field} <= {value}" for *at least one*
instance of {field}, just as "!=" would test whether "{value-of-field" =
{value}" is false, and thus whether "{value-of-field} {is-not-equal-to} {value}
is true, for *all* instances of {field}, whereas "<>" would test whether
"{value-of-field} {is-not-equal-to} {value} for *at least one* instance of
{field}.
(The fact that a field name doesn't necessarily represent a single value, it
represents the set of values of *all* instances of the named field within the
packet, is the problem here; people think "ip.ttl != 73" means "*the* IP
time-to-live is not equal to 73", as opposed to "the IP time-to-live in *one
of* the IPv4 headers in this packet is not equal to 73". If you have some form
of tunneling or encapsulation so that the packet has multiple IPv4 headers,
there's *no such thing* as *the* IP time-to-live.)
You are receiving this mail because:
- You are watching all bug changes.
