meta filter: allow to match on multiple fields at once

retis-org / retis

Tracing packets in the Linux networking stack & friends

87 stars 13 forks source link

meta filter: allow to match on multiple fields at once #316

Open vlrpl opened 9 months ago

vlrpl commented 9 months ago

The goal here is to have "&&" or "and" support only.

-m "sk_buff.dev.name == 'eth0' && sk_buff.mark == 0xf00"

vlrpl commented 1 month ago

this probably pairs better with something proposed by @atenart and may end up becoming a new feature request. If the above results to be ok, we might want to consider having a more complex dsl (maybe with both and/or and parentheses) using something like pest + a simple AST + ...