On Tue, Feb 06, 2018 at 01:40:34PM +0100, Phil Sutter wrote: > On Tue, Feb 06, 2018 at 02:44:06AM +0000, bugzilla-daemon@xxxxxxxxxxxxx wrote: > > https://bugzilla.netfilter.org/show_bug.cgi?id=1224 > [...] > > --- Comment #1 from Shyam Saini <mayhs11saini@xxxxxxxxx> --- > > Hi Anthony, > > > > > I recently upgraded to nftables v0.8.2 and encountered a regression. > > > > > > "nft export json" no longer works, it returns a success code (0), but > > > doens't print any JSON data. > > > > > > A git bisect determined this was introduced in commit > > > 2fa54d8a49352bda44d3e25d1d7ba3531faf3303, and upon reading that commit, I > > > noticed the introduction of "nft export vm json" which does work as expected. > > > > Technically when we were exporting json by "nft export json" it was giving us > > low level virtual-machine(vm) pseudo code. So we renamed it as "vm json". > > As you have already mentioned that you are able achieve old behaviour by > > "nft export vm json", that is right behaviour. > > > > Further, by this renaming it creates scope for high level json which > > represents abstract syntax tree of nft grammar. This high level json > > can be exported by "nft export json". > > But this feature is yet to come in mainline so we are doing "no operation" we > > user executes "nft export json" and it returns 0. > > This doesn't sound right to me. We break users' scripts and at the same > time make it hard for them to notice. Imagine someone uses it in a cron > job for backup purposes. > > If it is really sensible to rename 'export json' to 'export vm json' > (and I doubt that), there should be at least a grace period in which the > old command returns an error and complains loudly. We can restore 'nft export json'. But fact is that we had no import command so far, many expressions are still missing - specifically new extensions have no cover tests -, so this low-level json support has been and it is still experimental. And then, once your high level json representation is in place, we'll provide a more user friendly - matching bitfield such as IP DSCP and VLAN fields is tricky. So 'nft export json' will display a different json layout at some point. But that probably we can just signal via version field, although I tend to dislike them. Let me know, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
