On Sat, Mar 09, 2024 at 12:35:20PM +0100, Phil Sutter wrote: > Fix the following flaws in JSON input/output code: > > * Patch 3: > Wrong ordering of 'nft -j list ruleset' preventing a following restore > of the dump. Code assumed dumping objects before chains was fine in > all cases, when actually verdict maps may reference chains already. > Dump like nft_cmd_expand() does when expanding nested syntax for > kernel submission (chains first, objects second, finally rules). > > * Patch 5: > Maps may contain concatenated "targets". Both printer and parser were > entirely ignorant of that fact. > > * Patch 6: > Synproxy objects were "mostly" supported, some hooks missing to > cover for named ones. > > Patch 4 applies the new ordering to all stored json-nft dumps. Patch 7 > adds new dumps which are now parseable given the fixes above. > > Patches 1 and 2 are fallout fixes to initially make the whole shell > testsuite pass on my testing system. > > Bugs still present after this series: > > * Nested chains remain entirely unsupported > * Maps specifying interval "targets" (i.e., set->data->flags contains > EXPR_F_INTERVAL bit) will be printed like regular ones and the parser > then rejects them. > > Phil Sutter (7): > tests: shell: maps/named_ct_objects: Fix for recent kernel > tests: shell: packetpath/flowtables: Avoid spurious EPERM > json: Order output like nft_cmd_expand() > tests: shell: Regenerate all json-nft dumps > json: Support maps with concatenated data > parser: json: Support for synproxy objects > tests: shell: Add missing json-nft dumps Series applied after dropping patch 1 and rebasing onto current HEAD.
