lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Sun, 11 Oct 2020 02:34:30 -0600
From:   Thayne <>
Subject: [PATCH] Add documentation of fiter syntax to ss manpage

Since the documentation currently referenced in the manpage no longer
 man/man8/ss.8 | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 74 insertions(+), 1 deletion(-)

diff --git a/man/man8/ss.8 b/man/man8/ss.8
index 3b2559ff..f9e629f6 100644
--- a/man/man8/ss.8
+++ b/man/man8/ss.8
@@ -401,7 +401,7 @@ Read filter information from FILE.  Each line of
FILE is interpreted
 like single command line option. If FILE is - stdin is used.
-Please take a look at the official documentation for details regarding filters.
+See below an explanation of STATE-FILTER and EXPRESSION.


@@ -437,6 +437,79 @@ states except for
 - opposite to
 .B bucket

+The following simple expressions are supported:
+.RB { \ src \ | \ dst \ } \ = \
+Matches if the source or destination matches the host condition.
+Providing FAMILY is equivalent to passing the family with the -f option.
+ADDRESS and PORT are the family specific address (or hostname) and port (or
+service name) to match against. At least one of ADDRESS and PORT should be
+provided. Additionally, "*" may be used as a wildcard for either ADDRESS or
+PORT. Note that for some families, PORT is meaningless.
+For inet and inet6 addresses, if the address is numeric (not a hostname) a
+bitmask can be provided in CIDR notation (ex. to match a range of
+addresses. If the address is provided as a hostname, all addresses returned by
+DNS for that hostname will match. The inet or inet6 address may be enclosed in
+"[" and "]".
+.RB { \ sport \ | \ dport \ } "\fI OP \fR[\fIFAMILY\fB:\fR][\fB:\fR]\fIPORT"
+Matches if the source or destination port matches the comparison with the
+supplied port.  FAMILY and PORT are the same as above.  OP can  be any of "=",
+"!=", "<", ">", "<=", or ">=".
+.BR dev \ { \ = \ | \ != \ }  \fI\ DEV
+Matches if it is on the specified device (or not). The device can be specified
+either by name or by index.
+.BR fwmark \ { \ = \ | \ != \ } \ \fIMARK-MASK
+Matches if the firewall mark matches the supplied mask (or not). The
mask should
+be specified as an integer value optionally followed by a "/" and an integer
+mask. The integer may be hex-encoded if it begins with "0x" or "0X".
+.BR cgroup \ { \ = \ | \ != \ } \ \fICGROUP
+Matches if it is part of the cgroup (or not).
+should be the path for the desired cgroup.
+.B autobound
+Matches if the local port is automatically bound (randomly assigned).
+Each operator has equivalent aliases as follows:
+"=" can be replaced with "==" or "eq"
+"!=" can be replaced with "ne" or "neq"
+">" can be replaced with "gt"
+"<" can be replaced with "lt"
+">=" can be replaced with "ge" or "geq"
+"<=" can be replaced with "le" or "leq"
+Subexpressions can be combined into more complex expressions in the following
+Negate the EXPRESSION. "!" can be used in place of of "not".
+Match only if both expressions match. "&" or "&&" can be used in
place of "and".
+Match if either expression matches. "|" or "||" can be used in place of "or".
+Group EXPRESSION to change precedence of the above operators. The default
+precedence is "not", "and", "or".
 .B ss -t -a

Powered by blists - more mailing lists