If nft can't translate a compat expression, dump it in a format that can be restored later without losing data, thereby keeping the ruleset intact. Patch 1 is preparation (more or less), patch 2 has the gory details, patch 3 is a minor code refactoring that's almost unrelated and patch 4 further sanitizes behaviour now that there's a reliable fallback in place. Changes since v1: - Use patch 3 to also improve the error printing if extension lookup fails. - New patch 4. Phil Sutter (4): xt: Delay libxtables access until translation xt: Implement dump and restore support xt: Put match/target translation into own functions xt: Detect xlate callback failure configure.ac | 12 +- doc/libnftables-json.adoc | 15 +- doc/statements.txt | 17 ++ include/base64.h | 17 ++ include/json.h | 2 + include/parser.h | 1 + include/statement.h | 9 +- include/xt.h | 4 + src/Makefile.am | 3 +- src/base64.c | 170 ++++++++++++++++++++ src/evaluate.c | 1 + src/json.c | 25 ++- src/netlink_linearize.c | 32 ++++ src/parser_bison.y | 28 ++++ src/parser_json.c | 36 +++++ src/scanner.l | 14 ++ src/statement.c | 1 + src/xt.c | 317 ++++++++++++++++++++++---------------- 18 files changed, 558 insertions(+), 146 deletions(-) create mode 100644 include/base64.h create mode 100644 src/base64.c -- 2.38.0
