官方文件（Debian 軟體包 iproute-doc）在哪裡？

的手冊頁ss說：

FILTER := [ state TCP-STATE ] [ EXPRESSION ]

有關過濾器的詳細資訊，請查看官方文件（Debian 軟體包 iproute-doc）。

這意味著什麼？我在 下找不到任何東西/usr/share/doc/iproute2-doc/。

$ ls /usr/share/doc/iproute2-doc/ss.html
ls: cannot access '/usr/share/doc/iproute2-doc/ss.html': No such file or directory

$ ls /usr/share/doc/iproute2-doc/
actions  changelog.Debian.gz  copyright  examples  README  README.decnet  README.devel  README.distribution.gz  README.iproute2+tc  README.lnstat

文件是否也在網上某個地方供瀏覽？

謝謝。

該文件在 Debian 9 軟體包中可用，但在以後的版本中被刪除，因為它已經過時了。手冊頁現在應該是完整的文件。（但關於過濾器的細節並沒有太多可說的。）

      FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
             Please take a look at the official documentation for details regarding filters.

STATE-FILTER
      STATE-FILTER allows to construct arbitrary set of states to match. Its syntax is sequence of keywords state and  exclude  fol‐
      lowed by identifier of state.

      Available identifiers are:

             All  standard TCP states: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-
             ack, listening and closing.

             all - for all the states

             connected - all the states except for listening and closed

             synchronized - all the connected states except for syn-sent

             bucket - states, which are maintained as minisockets, i.e.  time-wait and syn-recv

             big - opposite to bucket
...

  ss -o state established '( dport = :ssh or sport = :ssh )'
         Display all established ssh connections.

  ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24
         List all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7/24 and look at their timers.

所以

ss [options] [ FILTER ]

可以擴展為

ss [options] [ state STATE-FILTER ] [ EXPRESSION ]

選項在哪裡

[-hVHnraloempiKsZNb460tudwxS] [-f FAMILY] [-A QUERY] [-D FILE] [-D FILE]

狀態過濾器是其中之一

established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listening, closing, all, connected, synchronized, bucket, big

我們可以從範例中推斷出EXPRESSION 是ip-rule SELECTOR的列表。

SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ] [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ] [ uidrange NUMBER-NUMBER ] [ ipproto PROTOCOL ] [ sport [ NUMBER | NUMBER-NUMBER ] ] [ dport [ NUMBER | NUMBER-NUMBER ] ] [ tun_id TUN_ID ]

引用自：https://unix.stackexchange.com/questions/499190