[PATCH] Add documentation of fiter syntax to ss manpage

[PATCH] Add documentation of fiter syntax to ss manpage

[Thayne]

Since the documentation currently referenced in the manpage no longer
exists.
---
 man/man8/ss.8 | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 74 insertions(+), 1 deletion(-)

diff --git a/man/man8/ss.8 b/man/man8/ss.8
index 3b2559ff..f9e629f6 100644
--- a/man/man8/ss.8
+++ b/man/man8/ss.8
@@ -401,7 +401,7 @@ Read filter information from FILE.  Each line of
FILE is interpreted
 like single command line option. If FILE is - stdin is used.
 .TP
 .B FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
-Please take a look at the official documentation for details regarding filters.
+See below an explanation of STATE-FILTER and EXPRESSION.

 .SH STATE-FILTER

@@ -437,6 +437,79 @@ states except for
 - opposite to
 .B bucket

+.SH EXPRESSION
+
+The following simple expressions are supported:
+
+.TP
+.RB { \ src \ | \ dst \ } \ = \
\fR[\fIFAMILY\fB:\fR][\fIADDRESS\fR][\fB:\fIPORT\fR]
+Matches if the source or destination matches the host condition.
+Providing FAMILY is equivalent to passing the family with the -f option.
+ADDRESS and PORT are the family specific address (or hostname) and port (or
+service name) to match against. At least one of ADDRESS and PORT should be
+provided. Additionally, "*" may be used as a wildcard for either ADDRESS or
+PORT. Note that for some families, PORT is meaningless.
+
+For inet and inet6 addresses, if the address is numeric (not a hostname) a
+bitmask can be provided in CIDR notation (ex. 127.0.0.0/16) to match a range of
+addresses. If the address is provided as a hostname, all addresses returned by
+DNS for that hostname will match. The inet or inet6 address may be enclosed in
+"[" and "]".
+.TP
+.RB { \ sport \ | \ dport \ } "\fI OP \fR[\fIFAMILY\fB:\fR][\fB:\fR]\fIPORT"
+Matches if the source or destination port matches the comparison with the
+supplied port.  FAMILY and PORT are the same as above.  OP can  be any of "=",
+"!=", "<", ">", "<=", or ">=".
+.TP
+.BR dev \ { \ = \ | \ != \ }  \fI\ DEV
+Matches if it is on the specified device (or not). The device can be specified
+either by name or by index.
+.TP
+.BR fwmark \ { \ = \ | \ != \ } \ \fIMARK-MASK
+Matches if the firewall mark matches the supplied mask (or not). The
mask should
+be specified as an integer value optionally followed by a "/" and an integer
+mask. The integer may be hex-encoded if it begins with "0x" or "0X".
+.TP
+.BR cgroup \ { \ = \ | \ != \ } \ \fICGROUP
+Matches if it is part of the cgroup (or not).
+.B CGROUP
+should be the path for the desired cgroup.
+.TP
+.B autobound
+Matches if the local port is automatically bound (randomly assigned).
+
+.PP
+Each operator has equivalent aliases as follows:
+.IP
+"=" can be replaced with "==" or "eq"
+.IP
+"!=" can be replaced with "ne" or "neq"
+.IP
+">" can be replaced with "gt"
+.IP
+"<" can be replaced with "lt"
+.IP
+">=" can be replaced with "ge" or "geq"
+.IP
+"<=" can be replaced with "le" or "leq"
+
+Subexpressions can be combined into more complex expressions in the following
+ways:
+.TP
+.BI not \ EXPRESSION
+Negate the EXPRESSION. "!" can be used in place of of "not".
+.TP
+\fI EXPRESSION EXPRESSION \fR| \fIEXPRESSION \fBand \fIEXPRESSION
+Match only if both expressions match. "&" or "&&" can be used in
place of "and".
+.TP
+.IB EXPRESSION \ or \ EXPRESSION
+Match if either expression matches. "|" or "||" can be used in place of "or".
+.TP
+.BI ( \ EXPRESSION \ )
+Group EXPRESSION to change precedence of the above operators. The default
+precedence is "not", "and", "or".
+
+
 .SH USAGE EXAMPLES
 .TP
 .B ss -t -a
-- 
2.28.0