On 27 August 2014 16:06, Alex Chapman <ajchapman88@xxxxxxxxxxxxx> wrote: > Hi, > > I am working on getting the nftables ruleset into a human readable JSON format and would like to understand how the output of the built in JSON export functionality should be interpreted. Does it require a deep level of understanding of the application? Are there some reference points that could be followed? And by that I mean how the output would relate to an IP address or port number for example. > > The other option would be to do this through text manipulation on the standard nft list output but it makes sense to try and use the built in export functionality if possible. > The JSON is a representation of the low-level 'pseudocode' of nftables objects. By objects I mean tables, chains, sets, set_elems, rules, expressions. For example, the statement 'tcp dport 22' is translated by nft to several expressions: payload, cmp: [ payload load 1b @ network header + 9 => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00001600 ] To translate this low level code back to a higher level statement, you need to perform the same operations that nft does internally. Same applies to the XML format, both generated by libnftnl. -- Arturo Borrero González -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
