Currently the json output of `nft -j list ruleset` interleaves rules
with chains
As reported in this bug,
https://bugzilla.netfilter.org/show_bug.cgi?id=1580
the json cannot be fed into `nft -j -f <file>` since rules may
reference chains that are created later
Instead create rules after all chains are output
Signed-off-by: ChanderG <mail@xxxxxxxxxxxxxxxxx>
---
src/json.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/json.c b/src/json.c
index 0b7224c2..a525fd1b 100644
--- a/src/json.c
+++ b/src/json.c
@@ -1587,7 +1587,7 @@ json_t *optstrip_stmt_json(const struct stmt
*stmt, struct output_ctx *octx)
static json_t *table_print_json_full(struct netlink_ctx *ctx,
struct table *table)
{
- json_t *root = json_array(), *tmp;
+ json_t *root = json_array(), *rules = json_array(), *tmp;
struct flowtable *flowtable;
struct chain *chain;
struct rule *rule;
@@ -1617,10 +1617,13 @@ static json_t *table_print_json_full(struct
netlink_ctx *ctx,
list_for_each_entry(rule, &chain->rules, list) {
tmp = rule_print_json(&ctx->nft->output, rule);
- json_array_append_new(root, tmp);
+ json_array_append_new(rules, tmp);
}
}
+ json_array_extend(root, rules);
+ json_decref(rules);
+
return root;
}
--
2.27.0
