Struct Filter 

pub struct Filter {

    pub negate: bool,
    pub rules: Vec<FilterRule>,
    pub protocols: Vec<u8>,
    pub src_ips: Vec<IpNet>,
    pub dst_ips: Vec<IpNet>,
    pub ips: Vec<IpNet>,
    pub src_ports: Vec<PortRange>,
    pub dst_ports: Vec<PortRange>,
    pub ports: Vec<PortRange>,
    pub flow_ids: FxHashSet<u64>,
    pub from_ns: Option<u64>,
    pub to_ns: Option<u64>,
    pub tcp_flags: Option<TcpFlagsFilter>,
    pub min_len: Option<u32>,
    pub max_len: Option<u32>,
    pub unidirectional: bool,
}

Compiled structured packet filter.

Flat-body composition (within the base filter)

• Multiple values within the same category are OR-ed.
• Values across different categories are AND-ed.
• An empty category places no constraint.

Global negation

When negate is true the entire result of the flat-body evaluation (and the rule chain, if any) is inverted. Use --not on the CLI.

Rule chain

rules is an ordered list of FilterRules evaluated left-to-right after the base body. Each rule carries an Op that controls how it combines with the accumulated result:

• Op::And — acc = acc AND rule.matches(pkt) (default)
• Op::Or — acc = acc OR rule.matches(pkt)
• Op::Not — acc = acc AND NOT rule.matches(pkt)

An empty rules list (the default) has no effect.

Fields

negate: bool

When true, the entire filter result is inverted.

rules: Vec<FilterRule>

Additional rules chained after the base body.

protocols: Vec<u8>

IP protocol numbers to match. Empty = any protocol.

src_ips: Vec<IpNet>

Source IP/CIDR rules (OR-ed within this set).

dst_ips: Vec<IpNet>

Destination IP/CIDR rules (OR-ed).

ips: Vec<IpNet>

Either-endpoint IP/CIDR rules: matches if src or dst is in range.

src_ports: Vec<PortRange>

Source port ranges (OR-ed). Only applied to TCP/UDP.

dst_ports: Vec<PortRange>

Destination port ranges (OR-ed). Only applied to TCP/UDP.

ports: Vec<PortRange>

Either-endpoint port ranges: matches if src port or dst port is in range.

flow_ids: FxHashSet<u64>

Flow IDs (pre-computed) to retain. Empty = any flow.

from_ns: Option<u64>

Inclusive lower timestamp bound (nanoseconds). None = no lower bound.

to_ns: Option<u64>

Inclusive upper timestamp bound (nanoseconds). None = no upper bound.

tcp_flags: Option<TcpFlagsFilter>

TCP control-flags filter.

min_len: Option<u32>

Minimum captured length in bytes. None = no minimum.

max_len: Option<u32>

Maximum captured length in bytes. None = no maximum.

unidirectional: bool

When true, flow IDs are computed unidirectionally.

Implementations

impl Filter

pub fn is_empty(&self) -> bool

Return true if the filter places no constraints (matches every packet).

A filter with negate = true or a non-empty rules list is never empty.

pub fn matches(&self, meta: &PacketMeta) -> bool

Evaluate the filter against meta.

1. Evaluate the base flat body.
2. Apply negate to that result.
3. Fold over rules using each rule’s Op.

Returns true if the packet passes.

Trait Implementations

impl Clone for Filter

fn clone(&self) -> Filter

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Filter

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Filter

fn default() -> Filter

Returns the “default value” for a type.