[iptables PATCH 4/5] xtables-monitor: Support ARP and bridge families

[Phil Sutter <phil@nwl.cc>]

Apart from allowing to filter by these families, add missing switch()
cases in chain and rule callbacks.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/xtables-monitor.8.in | 12 +++++++++---
 iptables/xtables-monitor.c    | 23 +++++++++++++++++++++--
 2 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/iptables/xtables-monitor.8.in b/iptables/xtables-monitor.8.in
index 19eb729c51240..6bde54fa4a359 100644
--- a/iptables/xtables-monitor.8.in
+++ b/iptables/xtables-monitor.8.in
@@ -2,7 +2,7 @@
 .SH NAME
 xtables-monitor \(em show changes to rule set and trace-events
 .SH SYNOPSIS
-\fBxtables\-monitor\fP [\fB\-t\fP] [\fB\-e\fP] [\fB\-4\fP|\fB\-6\fP]
+\fBxtables\-monitor\fP [\fB\-t\fP] [\fB\-e\fP] [\fB\-0\fP|\fB-1\fP|\fB\-4\fP|\fB\-6\fP]
 .PP
 \
 .SH DESCRIPTION
@@ -24,11 +24,17 @@ the name of the program that caused the rule update.
 Watch for trace events generated by packets that have been tagged
 using the TRACE target.
 .TP
+\fB\-0\fP, \fB--arp\fP
+Restrict output to ARP (i.e., events caused by arptables-nft).
+.TP
+\fB\-1\fP, \fB--bridge\fP
+Restrict output to bridge (i.e., events caused by ebtables-nft).
+.TP
 \fB\-4\fP, \fB--ipv4\fP
-Restrict output to IPv4.
+Restrict output to IPv4 (i.e., events caused by iptables-nft).
 .TP
 \fB\-6\fP, \fB--ipv6\fP
-Restrict output to IPv6.
+Restrict output to IPv6 (i.e., events caused by ip6tables-nft).
 .SH EXAMPLE OUTPUT
 .TP
 .B xtables-monitor \-\-trace
diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
index 02e8e446b1c8c..9be8ce9de6b5f 100644
--- a/iptables/xtables-monitor.c
+++ b/iptables/xtables-monitor.c
@@ -101,6 +101,9 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data)
 	case NFPROTO_ARP:
 		printf("-0 ");
 		break;
+	case NFPROTO_BRIDGE:
+		printf("-1 ");
+		break;
 	default:
 		goto err_free;
 	}
@@ -139,6 +142,12 @@ static int chain_cb(const struct nlmsghdr *nlh, void *data)
 
 	printf(" EVENT: ");
 	switch (family) {
+	case NFPROTO_ARP:
+		family = 0;
+		break;
+	case NFPROTO_BRIDGE:
+		family = 1;
+		break;
 	case NFPROTO_IPV4:
 		family = 4;
 		break;
@@ -565,6 +574,8 @@ static const struct option options[] = {
 	{.name = "counters", .has_arg = false, .val = 'c'},
 	{.name = "trace", .has_arg = false, .val = 't'},
 	{.name = "event", .has_arg = false, .val = 'e'},
+	{.name = "arp", .has_arg = false, .val = '0'},
+	{.name = "bridge", .has_arg = false, .val = '1'},
 	{.name = "ipv4", .has_arg = false, .val = '4'},
 	{.name = "ipv6", .has_arg = false, .val = '6'},
 	{.name = "version", .has_arg = false, .val = 'V'},
@@ -580,6 +591,8 @@ static void print_usage(void)
 	       "        --trace    -t    trace ruleset traversal of packets tagged via -j TRACE rule\n"
 	       "        --event    -e    show events that modify the ruleset\n"
 	       "Optional arguments:\n"
+	       "        --arp      -0    only monitor ARP\n"
+	       "        --bridge   -1    only monitor bridge\n"
 	       "        --ipv4     -4    only monitor IPv4\n"
 	       "        --ipv6     -6    only monitor IPv6\n"
 	       "	--counters -c    show counters in rules\n"
@@ -591,7 +604,7 @@ static void print_usage(void)
 static void set_nfproto(struct cb_arg *arg, uint32_t val)
 {
 	if (arg->nfproto != NFPROTO_UNSPEC && arg->nfproto != val) {
-		fprintf(stderr, "Only one of '-4' or '-6' may be specified at once.\n\n");
+		fprintf(stderr, "Only one of '-0', '-1', '-4' or '-6' may be specified at once.\n\n");
 		print_usage();
 		exit(PARAMETER_PROBLEM);
 	}
@@ -621,8 +634,14 @@ int xtables_monitor_main(int argc, char *argv[])
 #endif
 
 	opterr = 0;
-	while ((c = getopt_long(argc, argv, "ceht46V", options, NULL)) != -1) {
+	while ((c = getopt_long(argc, argv, "ceht0146V", options, NULL)) != -1) {
 		switch (c) {
+		case '0':
+			set_nfproto(&cb_arg, NFPROTO_ARP);
+			break;
+		case '1':
+			set_nfproto(&cb_arg, NFPROTO_BRIDGE);
+			break;
 	        case 'c':
 			counters = true;
 			break;
-- 
2.22.0