On Wed, Jul 20, 2022 at 06:07:34PM +0200, Jan Engelhardt wrote:
>
> On Wednesday 2022-07-20 15:06, Erik Skultety wrote:
>
> >The fact that the 'opt' table field reports spaces instead of '--' for
> >IPv6 as it would have been the case with IPv4 has a bit of an
> >unfortunate side effect that it completely confuses the 'jc' JSON
> >formatter tool (which has an iptables formatter module).
> >Consider:
> > # ip6tables -L test
> > Chain test (0 references)
> > target prot opt source destination
> > ACCEPT all a:b:c:: anywhere MAC01:02:03:04:05:06
> >
> >Then:
> > # ip6tables -L test | jc --iptables
> > [{"chain":"test",
> > "rules":[
> > {"target":"ACCEPT",
> > "prot":"all",
> > "opt":"a:b:c::",
> > "source":"anywhere",
> > "destination":"MAC01:02:03:04:05:06"
> > }]
> > }]
> >
> >which as you can see is wrong simply because whitespaces are considered
> >as a column delimiter.
>
> Even if you beautify the opt column with a dash, you still have
> problems elsewhere. "MAC01" for example is not the destination
> at all.
That's incorrect - this is what it would look like after this patch:
[{"chain":"test",
"rules":[
{"target":"ACCEPT",
"prot":"all",
"opt": ,
"source": "a:b:c::",
"destination":"anywhere",
"options":"MAC01:02:03:04:05:06"
}]
}]
which actually makes more sense.
I may have not been completely clear about it. With the column "beautifying" we
could keep the current shape of tests, i.e. not trying to use 'jc' to get a JSON
output and instead it would give me time to try address the nature of the checks
in the test suite with nft's native JSON formatter instead which is IMO a more
future-proof design of these old tests.
>
> If you or jc is to parse anything, it must only be done with the
> iptables -S output form.
>
Well, that would be a problem because 'jc' iptables plugin doesn't understand
the -S output (isn't -S considered deprecated or I'm just halucinating?).
Erik
