If nft can't translate a compat expression, dump it in a format that can be restored later without losing data, thereby keeping the ruleset intact. Patch 1 is preparation (more or less), patch 2 has the gory details and patch 3 is a minor code refactoring that's almost unrelated. Phil Sutter (3): xt: Delay libxtables access until translation xt: Implement dump and restore support xt: Put match/target translation into own functions configure.ac | 12 +- doc/libnftables-json.adoc | 15 +- doc/statements.txt | 17 +++ include/base64.h | 17 +++ include/json.h | 2 + include/parser.h | 1 + include/statement.h | 9 +- include/xt.h | 4 + src/Makefile.am | 3 +- src/base64.c | 170 +++++++++++++++++++++ src/evaluate.c | 1 + src/json.c | 25 ++- src/netlink_linearize.c | 32 ++++ src/parser_bison.y | 28 ++++ src/parser_json.c | 36 +++++ src/scanner.l | 14 ++ src/statement.c | 1 + src/xt.c | 313 ++++++++++++++++++++++---------------- 18 files changed, 554 insertions(+), 146 deletions(-) create mode 100644 include/base64.h create mode 100644 src/base64.c -- 2.38.0
