On Thu, Oct 27, 2011 at 9:12 PM, Stephen Fisher
<steve@xxxxxxxxxxxxxxxxxx> wrote:
> Is there a problem with accepting -1 in that filter?
It's not a problem, but it's a bug in the logic because the filter
does not do what it's supposed to.
> If so, should the
> filter be checked against possible values of the value, i.e. tcp.len is
> a FT_UINT32 so only accept unsigned 32-bit values and mark the
> background as red / bad filter if not?
The previously attached patch does check for signed/unsigned issues,
and will mark the filter as bad/red.
I think it would be nice to check all values if they are valid for the
given field.
--
Stig Bjørlykke