On 4/8/20 16:20, Phil Sutter wrote:
Yes, 'nft -j monitor' output has always been like this. Given that
monitor potentially runs for a while and picks up multiple distinct
ruleset changes, I wonder how it *should* behave.
If it's not wrapped by the top-level nftables root then this is
unparseable.
> We could change monitor code to add the wrapping "nftables" object to
every line printed:
--- a/src/json.c
+++ b/src/json.c
@@ -1857,7 +1857,8 @@ int do_command_list_json(struct netlink_ctx *ctx, struct cmd *cmd)
static void monitor_print_json(struct netlink_mon_handler *monh,
const char *cmd, json_t *obj)
{
- obj = json_pack("{s:o}", cmd, obj);
+ obj = json_pack("{s:[o, {s:o}]}", "nftables",
+ generate_json_metainfo(), cmd, obj);
json_dumpf(obj, monh->ctx->nft->output.output_fp, 0);
json_decref(obj);
}
Cheers, Phil
This would work on a line by line basis.
After giving another read to COMMAND OBJECTS section of
libnftables-json(5) the only thing that comes to mind is that a line by
line basis of JSON command objects would not take advantage of batching.
If I'm not mistaken, each list of cmds is encapsulated inside the
{nftables : ...} json object and it is then tried to be sent to netlink
to be batched.
In addition, the output as a whole could not be parseable , only a
single "nftables" object is expected when nft input is json.
My previous comments assume whole output of echo is expected to be
admissible as input in nft for reproducibility, but I don't know if that
is the case.
Regards.
