On Tue, Nov 21, 2023 at 02:22:54PM +0100, Thomas Haller wrote:
> The "handle" in JSON output is not stable. Sanitize/normalize to zero.
>
> Adjust the sanitize code, and regenerate the .json-nft files.
Applied, thanks.
I had to adjust a json dump, this diff is not so difficult:
--- testcases/sets/dumps/0062set_connlimit_0.json-nft 2023-11-22 10:34:55.767232540 +0100
+++ /tmp/nft-test.20231122-103617.664.6hTWZt/test-testcases-sets-0062set_connlimit_0.1/ruleset-after.json 2023-11-22 10:36:19.338350215 +0100
@@ -1 +1 @@
-{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"set": {"family": "ip", "name": "est-connlimit", "table": "x", "type": "ipv4_addr", "handle": 0, "size": 65535, "flags": ["dynamic"], "elem": [{"elem": {"val": "84.245.120.167", "ct count": {"val": 20, "inv": true}}}]}}, {"set": {"family": "ip", "name": "new-connlimit", "table": "x", "type": "ipv4_addr", "handle": 0, "size": 65535, "flags": ["dynamic"], "elem": [{"elem": {"val": "84.245.120.167", "ct count": {"val": 20, "inv": true}}}], "stmt": [{"ct count": {"val": 20, "inv": true}}]}}]}
+{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 0}}, {"set": {"family": "ip", "name": "est-connlimit", "table": "x", "type": "ipv4_addr", "handle": 0, "size": 65535, "flags": ["dynamic"]}}, {"set": {"family": "ip", "name": "new-connlimit", "table": "x", "type": "ipv4_addr", "handle": 0, "size": 65535, "flags": ["dynamic"], "stmt": [{"ct count": {"val": 20, "inv": true}}]}}]}
I had to adjust a different much larger dump though, and it feels a
bit like searching the needle in the stack in the diff (if a bug ever
shows up in this path). Usability improvement via python script
similar to what tests/py does would be really great to have.
Thanks.
