On Wed, Jul 10, 2024 at 04:01:19PM +0200, Phil Sutter wrote:
> On Wed, Jul 10, 2024 at 03:53:52PM +0200, Phil Sutter wrote:
> > Hi Pablo,
> >
> > On Tue, Jul 09, 2024 at 04:59:52PM +0200, Pablo Neira Ayuso wrote:
> > > Since 5c2b2b0a2ba7 ("src: error reporting with -f and read from stdin")
> > > stdin is stored in a buffer, update json support to use it instead of
> > > reading from /dev/stdin.
> > >
> > > Some systems do not provide /dev/stdin symlink to /proc/self/fd/0
> > > according to reporter (that mentions Yocto Linux as example).
> > >
> > > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> > > ---
> > > src/parser_json.c | 7 +++++++
> > > 1 file changed, 7 insertions(+)
> > >
> > > diff --git a/src/parser_json.c b/src/parser_json.c
> > > index ee4657ee8044..4912d3608b2b 100644
> > > --- a/src/parser_json.c
> > > +++ b/src/parser_json.c
> > > @@ -4357,6 +4357,13 @@ int nft_parse_json_filename(struct nft_ctx *nft, const char *filename,
> > > json_error_t err;
> > > int ret;
> > >
> > > + if (nft->stdin_buf) {
> > > + json_indesc.type = INDESC_STDIN;
> > > + json_indesc.name = "/dev/stdin";
> > > +
> > > + return nft_parse_json_buffer(nft, nft->stdin_buf, msgs, cmds);
> > > + }
> >
> > Is this sufficient? In nft_run_cmd_from_filename(), nft->stdin_buf is
> > populated conditionally:
> >
> > | if (!strcmp(filename, "/dev/stdin") &&
> > | !nft_output_json(&nft->output))
> > | nft->stdin_buf = stdin_to_buffer();
> >
> > Later (in the wrapped __nft_run_cmd_from_filename()), we try JSON parsing
> > conditionally:
> >
> > | if (nft_output_json(&nft->output) || nft_input_json(&nft->input))
> > | rc = nft_parse_json_filename(nft, filename, &msgs, &cmds);
> >
> > Things got complicated by commit 2034d8c60ed91 ("src: add input flag
> > NFT_CTX_INPUT_JSON to enable JSON parsing") and my request to remain
> > compatible, i.e. '-j' flag which enables JSON output shall continue to
> > make JSON the assumed input format.
> >
> > So long story short, I guess in order to cover all cases, we have to
> > enable nft->stdin_buf population also if nft_input_json(...) returns
> > true, i.e. cover for library users requesting JSON input (but standard
> > output). WDYT?
>
> On second review, I think the right change is to make
> nft_run_cmd_from_filename() *always* populate nft->stdin_buf if
> 'filename' is '/dev/stdin', i.e. drop the !nft_output_json(...) clause.
>
> Sorry for the confusion.
I can squash this incremental fix to 1/2 send post a v2.
Thanks.
diff --git a/src/libnftables.c b/src/libnftables.c
index af4734c05004..89317f9f6049 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -807,8 +807,7 @@ int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename)
if (!strcmp(filename, "-"))
filename = "/dev/stdin";
- if (!strcmp(filename, "/dev/stdin") &&
- !nft_output_json(&nft->output))
+ if (!strcmp(filename, "/dev/stdin"))
nft->stdin_buf = stdin_to_buffer();
if (!nft->stdin_buf &&
