netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Phil Sutter <phil@nwl.cc>, netfilter-devel@vger.kernel.org
Subject: Re: [iptables PATCH 4/5] xtables-monitor: Support ARP and bridge families
Date: Thu, 1 Aug 2019 14:33:17 +0200	[thread overview]
Message-ID: <20190801123317.kagud7lrdvchg2de@salvia> (raw)
In-Reply-To: <20190801123040.rljiffbbux3bajls@salvia>

On Thu, Aug 01, 2019 at 02:30:40PM +0200, Pablo Neira Ayuso wrote:
> On Thu, Aug 01, 2019 at 02:00:48PM +0200, Phil Sutter wrote:
> > On Thu, Aug 01, 2019 at 01:20:50PM +0200, Pablo Neira Ayuso wrote:
> > > On Wed, Jul 31, 2019 at 06:39:14PM +0200, Phil Sutter wrote:
> > >  @@ -565,6 +574,8 @@ static const struct option options[] = {
> > > >  	{.name = "counters", .has_arg = false, .val = 'c'},
> > > >  	{.name = "trace", .has_arg = false, .val = 't'},
> > > >  	{.name = "event", .has_arg = false, .val = 'e'},
> > > > +	{.name = "arp", .has_arg = false, .val = '0'},
> > > > +	{.name = "bridge", .has_arg = false, .val = '1'},
> > > 
> > > Probably?
> > > 
> > > -A for arp.
> > > -B for bridge.
> > > 
> > > so users don't have to remember? -4 and -6 are intuitive, I'd like
> > > these are sort of intuitive too in its compact definition.
> > > 
> > > Apart from that, patchset looks good to me.
> > 
> > I had something like that (-a and -b should still be free), but then
> > discovered that for rules there was '-0' prefix in use when printing arp
> > family rules. Should I change these prefixes also or leave them as -0
> > and -1? I guess most importantly they must not clash with real
> > parameters.
> 
> You can just leave them as is if this is the way this is exposed in
> rules. Not sure what the logic behing -0 and -1 is, this is not
> mapping to NFPROTO_* definitions, so it looks like something it's been
> pulled out of someone's hat :-)
> 
> I think users will end up using --arp and --bridge for this. I myself
> will not remember this -0 and -1 thing.

Probably exposing:

iptables-monitor
ip6tables-monitor
arptables-monitor
ebtables-monitor

although this will not solve the problem that we are discussing here,
I think having those around would be nice.

The xtables-monitor variant still will need to sort out the -0 and -1
thing that we're discussing here.

> Feel free to explore any possibility, probably leaving the existing -0
> and -1 in place if you're afraid of breaking anything, add aliases and
> only document the more intuitive one. If you think this is worth
> exploring, of course.

  reply	other threads:[~2019-08-01 12:33 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-31 16:39 [iptables PATCH 0/5] xtables-monitor enhancements Phil Sutter
2019-07-31 16:39 ` [iptables PATCH 1/5] doc: Clean generated *-restore-translate man pages Phil Sutter
2019-07-31 16:39 ` [iptables PATCH 2/5] doc: Fix xtables-monitor man page Phil Sutter
2019-07-31 16:39 ` [iptables PATCH 3/5] xtables-monitor: Improve error messages Phil Sutter
2019-07-31 16:39 ` [iptables PATCH 4/5] xtables-monitor: Support ARP and bridge families Phil Sutter
2019-08-01 11:20   ` Pablo Neira Ayuso
2019-08-01 12:00     ` Phil Sutter
2019-08-01 12:30       ` Pablo Neira Ayuso
2019-08-01 12:33         ` Pablo Neira Ayuso [this message]
2019-08-01 12:41         ` Phil Sutter
2019-08-01 12:47           ` Pablo Neira Ayuso
2019-08-01 12:58             ` Phil Sutter
2019-08-01 13:03               ` Pablo Neira Ayuso
2019-08-01 14:20                 ` Phil Sutter
2019-07-31 16:39 ` [iptables PATCH 5/5] xtables-monitor: Add family-specific aliases Phil Sutter
2019-07-31 17:45   ` Phil Sutter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190801123317.kagud7lrdvchg2de@salvia \
    --to=pablo@netfilter.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=phil@nwl.cc \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).