Hi,
On Thu, Aug 01, 2019 at 02:30:40PM +0200, Pablo Neira Ayuso wrote:
> On Thu, Aug 01, 2019 at 02:00:48PM +0200, Phil Sutter wrote:
> > On Thu, Aug 01, 2019 at 01:20:50PM +0200, Pablo Neira Ayuso wrote:
> > > On Wed, Jul 31, 2019 at 06:39:14PM +0200, Phil Sutter wrote:
> > > @@ -565,6 +574,8 @@ static const struct option options[] = {
> > > > {.name = "counters", .has_arg = false, .val = 'c'},
> > > > {.name = "trace", .has_arg = false, .val = 't'},
> > > > {.name = "event", .has_arg = false, .val = 'e'},
> > > > + {.name = "arp", .has_arg = false, .val = '0'},
> > > > + {.name = "bridge", .has_arg = false, .val = '1'},
> > >
> > > Probably?
> > >
> > > -A for arp.
> > > -B for bridge.
> > >
> > > so users don't have to remember? -4 and -6 are intuitive, I'd like
> > > these are sort of intuitive too in its compact definition.
> > >
> > > Apart from that, patchset looks good to me.
> >
> > I had something like that (-a and -b should still be free), but then
> > discovered that for rules there was '-0' prefix in use when printing arp
> > family rules. Should I change these prefixes also or leave them as -0
> > and -1? I guess most importantly they must not clash with real
> > parameters.
>
> You can just leave them as is if this is the way this is exposed in
> rules. Not sure what the logic behing -0 and -1 is, this is not
> mapping to NFPROTO_* definitions, so it looks like something it's been
> pulled out of someone's hat :-)
Well, the '-1' certainly was! :D
In ss tool, '-0' is used to select packet sockets. Maybe that's where it
came from.
> I think users will end up using --arp and --bridge for this. I myself
> will not remember this -0 and -1 thing.
That's correct. So I guess changing cmdline flags to -a/-b makes sense
either way.
> Feel free to explore any possibility, probably leaving the existing -0
> and -1 in place if you're afraid of breaking anything, add aliases and
> only document the more intuitive one. If you think this is worth
> exploring, of course.
I would omit the prefix from output if a family was selected. For
unfiltered xtables-monitor output, I would change the prefix to
something more readable, e.g.:
'ip: ',
'ip6: ',
'arp: ',
'eb: '
What do you think?
Thanks for the input,
Phil
