Apart from allowing to filter by these families, add missing switch() cases in chain and rule callbacks.
Signed-off-by: Phil Sutter <[email protected]> --- iptables/xtables-monitor.8.in | 12 +++++++++--- iptables/xtables-monitor.c | 23 +++++++++++++++++++++-- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/iptables/xtables-monitor.8.in b/iptables/xtables-monitor.8.in index 19eb729c51240..6bde54fa4a359 100644 --- a/iptables/xtables-monitor.8.in +++ b/iptables/xtables-monitor.8.in @@ -2,7 +2,7 @@ .SH NAME xtables-monitor \(em show changes to rule set and trace-events .SH SYNOPSIS -\fBxtables\-monitor\fP [\fB\-t\fP] [\fB\-e\fP] [\fB\-4\fP|\fB\-6\fP] +\fBxtables\-monitor\fP [\fB\-t\fP] [\fB\-e\fP] [\fB\-0\fP|\fB-1\fP|\fB\-4\fP|\fB\-6\fP] .PP \ .SH DESCRIPTION @@ -24,11 +24,17 @@ the name of the program that caused the rule update. Watch for trace events generated by packets that have been tagged using the TRACE target. .TP +\fB\-0\fP, \fB--arp\fP +Restrict output to ARP (i.e., events caused by arptables-nft). +.TP +\fB\-1\fP, \fB--bridge\fP +Restrict output to bridge (i.e., events caused by ebtables-nft). +.TP \fB\-4\fP, \fB--ipv4\fP -Restrict output to IPv4. +Restrict output to IPv4 (i.e., events caused by iptables-nft). .TP \fB\-6\fP, \fB--ipv6\fP -Restrict output to IPv6. +Restrict output to IPv6 (i.e., events caused by ip6tables-nft). .SH EXAMPLE OUTPUT .TP .B xtables-monitor \-\-trace diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c index 02e8e446b1c8c..9be8ce9de6b5f 100644 --- a/iptables/xtables-monitor.c +++ b/iptables/xtables-monitor.c @@ -101,6 +101,9 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data) case NFPROTO_ARP: printf("-0 "); break; + case NFPROTO_BRIDGE: + printf("-1 "); + break; default: goto err_free; } @@ -139,6 +142,12 @@ static int chain_cb(const struct nlmsghdr *nlh, void *data) printf(" EVENT: "); switch (family) { + case NFPROTO_ARP: + family = 0; + break; + case NFPROTO_BRIDGE: + family = 1; + break; case NFPROTO_IPV4: family = 4; break; @@ -565,6 +574,8 @@ static const struct option options[] = { {.name = "counters", .has_arg = false, .val = 'c'}, {.name = "trace", .has_arg = false, .val = 't'}, {.name = "event", .has_arg = false, .val = 'e'}, + {.name = "arp", .has_arg = false, .val = '0'}, + {.name = "bridge", .has_arg = false, .val = '1'}, {.name = "ipv4", .has_arg = false, .val = '4'}, {.name = "ipv6", .has_arg = false, .val = '6'}, {.name = "version", .has_arg = false, .val = 'V'}, @@ -580,6 +591,8 @@ static void print_usage(void) " --trace -t trace ruleset traversal of packets tagged via -j TRACE rule\n" " --event -e show events that modify the ruleset\n" "Optional arguments:\n" + " --arp -0 only monitor ARP\n" + " --bridge -1 only monitor bridge\n" " --ipv4 -4 only monitor IPv4\n" " --ipv6 -6 only monitor IPv6\n" " --counters -c show counters in rules\n" @@ -591,7 +604,7 @@ static void print_usage(void) static void set_nfproto(struct cb_arg *arg, uint32_t val) { if (arg->nfproto != NFPROTO_UNSPEC && arg->nfproto != val) { - fprintf(stderr, "Only one of '-4' or '-6' may be specified at once.\n\n"); + fprintf(stderr, "Only one of '-0', '-1', '-4' or '-6' may be specified at once.\n\n"); print_usage(); exit(PARAMETER_PROBLEM); } @@ -621,8 +634,14 @@ int xtables_monitor_main(int argc, char *argv[]) #endif opterr = 0; - while ((c = getopt_long(argc, argv, "ceht46V", options, NULL)) != -1) { + while ((c = getopt_long(argc, argv, "ceht0146V", options, NULL)) != -1) { switch (c) { + case '0': + set_nfproto(&cb_arg, NFPROTO_ARP); + break; + case '1': + set_nfproto(&cb_arg, NFPROTO_BRIDGE); + break; case 'c': counters = true; break; -- 2.22.0
