ADDRESS_FILTER

ADDRESS_FILTER is boolean expression with operations and, or and not, which can be abbreviated in C style f.e. as &, &&.

Predicates check socket addresses, both local and remote. There are the following kinds of predicates:

• dst ADDRESS_PATTERN - matches remote address and port
• src ADDRESS_PATTERN - matches local address and port
• dport RELOP PORT - compares remote port to a number
• sport RELOP PORT - compares local port to a number
• autobound - checks that socket is bound to an ephemeral port

RELOP is some of $<$=, $>$=, == etc. To make this more convinient for use in unix shell, alphabetic FORTRAN-like notations le, gt etc. are accepted as well.

The format and semantics of ADDRESS_PATTERN depends on address family.

• inet - ADDRESS_PATTERN consists of IP prefix, optionally followed by colon and port. If prefix or port part is absent or replaced with *, this means wildcard match.
• inet6 - The same as inet, only prefix refers to an IPv6 address. Unlike inet colon becomes ambiguous, so that ss allows to use scheme, like used in URLs, where address is suppounded with [ ... ].
• unix - ADDRESS_PATTERN is shell-style wildcard.
• packet - format looks like inet, only interface index stays instead of port and link layer protocol id instead of address.
• netlink - format looks like inet, only socket pid stays instead of port and netlink channel instead of address.

PORT is syntactically ADDRESS_PATTERN with wildcard address part. Certainly, it is undefined for UNIX sockets.