On Wed, Apr 24, 2024 at 10:08:00PM +0200, Pablo Neira Ayuso wrote: > On Wed, Apr 24, 2024 at 10:06:14PM +0200, Pablo Neira Ayuso wrote: > > Hi Phil, > > > > On Sat, Mar 09, 2024 at 12:35:20PM +0100, Phil Sutter wrote: > > > Fix the following flaws in JSON input/output code: > > > > > > * Patch 3: > > > Wrong ordering of 'nft -j list ruleset' preventing a following restore > > > of the dump. Code assumed dumping objects before chains was fine in > > > all cases, when actually verdict maps may reference chains already. > > > Dump like nft_cmd_expand() does when expanding nested syntax for > > > kernel submission (chains first, objects second, finally rules). > > > > > > * Patch 5: > > > Maps may contain concatenated "targets". Both printer and parser were > > > entirely ignorant of that fact. > > > > > > * Patch 6: > > > Synproxy objects were "mostly" supported, some hooks missing to > > > cover for named ones. > > > > > > Patch 4 applies the new ordering to all stored json-nft dumps. Patch 7 > > > adds new dumps which are now parseable given the fixes above. > > > > > > Patches 1 and 2 are fallout fixes to initially make the whole shell > > > testsuite pass on my testing system. > > > > > > Bugs still present after this series: > > > > > > * Nested chains remain entirely unsupported > > > * Maps specifying interval "targets" (i.e., set->data->flags contains > > > EXPR_F_INTERVAL bit) will be printed like regular ones and the parser > > > then rejects them. > > > > I am seeing memleaks when running tests after this series, please see > > attachment for reference. > > It could actually be related to: > > 0ac39384fd9e json: Accept more than two operands in binary expressions > > I did not bisect yet. Good catch! I missed the fact that json_array_extend() does not decref the emptied array. The fix is simple, will submit after the testsuite has passed. Thanks, Phil
