Github user justinleet commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/541#discussion_r113459957
--- Diff: metron-platform/metron-pcap-backend/README.md ---
@@ -127,3 +130,23 @@ usage: Query filter options
-q,--query <arg> Query string to use as a filter
-st,--start_time <arg> (required) Packet start time range.
```
+
+The Query filter's `--query` argument specifies the Stellar expression to
+execute on each packet. To interact with the packet, a few variables are
exposed:
+* `packet` : The packet data (a `byte[]`)
+* `ip_src_addr` : The source address for the packet (a `String`)
+* `ip_src_port` : The source port for the packet (an `Integer`)
+* `ip_dst_addr` : The destination address for the packet (a `String`)
+* `ip_dst_port` : The destination port for the packet (an `Integer`)
+
+#### Binary Regex
+
+Filtering can be done both by the packet header as well as via a binary
regular expression
+which can be run on the packet payload itself. This filter can be
specified via:
+* The `-pf` or `--packet_filter` options for the fixed query filter
+* The `BYTEARRAY_MATCH(pattern, data)` Stellar function.
--- End diff --
Looks like this is supposed to be BYTEARRAY_MATCHER
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
