You're right, it does indeed work in master. I've seen the issue on
Debian with libnftnl-1.0.7 and assumed it carried over to the latest
version by glancing over the code without actually trying it.
Sorry about that.
On Fri, Aug 2, 2019 at 2:35 AM Florian Westphal <fw@xxxxxxxxx> wrote:
>
> Ivan Babrou <ivan@xxxxxxxxxxxxxx> wrote:
> > Currently it's impossible to export notrack expr as json,
> > as it lacks snprintf member and triggers segmentation fault.
>
> Hmm, works for me:
>
> table ip raw {
> chain prerouting {
> type filter hook prerouting priority -300; policy accept;
> udp dport 53 notrack
> }
>
> gets exported as:
>
> nft -j list ruleset
> {"nftables": [{"metainfo": {"version": "0.9.1", "release_name": "Headless Horseman", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "raw", "handle": 1}}, {"chain": {"family": "ip", "table": "raw", "name": "prerouting", "handle": 1, "type": "filter", "hook": "prerouting", "prio": -300, "policy": "accept"}}, {"rule": {"family": "ip", "table": "raw", "chain": "prerouting", "handle": 3, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "udp", "field": "dport"}}, "right": 53}}, {"notrack": null}]}}]}
