Re: [nft PATCH 0/7] A bunch of JSON printer/parser fixes

[Phil Sutter <phil@nwl.cc>]

On Wed, Apr 24, 2024 at 10:08:00PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Apr 24, 2024 at 10:06:14PM +0200, Pablo Neira Ayuso wrote:
> > Hi Phil,
> > 
> > On Sat, Mar 09, 2024 at 12:35:20PM +0100, Phil Sutter wrote:
> > > Fix the following flaws in JSON input/output code:
> > > 
> > > * Patch 3:
> > >   Wrong ordering of 'nft -j list ruleset' preventing a following restore
> > >   of the dump. Code assumed dumping objects before chains was fine in
> > >   all cases, when actually verdict maps may reference chains already.
> > >   Dump like nft_cmd_expand() does when expanding nested syntax for
> > >   kernel submission (chains first, objects second, finally rules).
> > > 
> > > * Patch 5:
> > >   Maps may contain concatenated "targets". Both printer and parser were
> > >   entirely ignorant of that fact.
> > > 
> > > * Patch 6:
> > >   Synproxy objects were "mostly" supported, some hooks missing to
> > >   cover for named ones.
> > > 
> > > Patch 4 applies the new ordering to all stored json-nft dumps. Patch 7
> > > adds new dumps which are now parseable given the fixes above.
> > > 
> > > Patches 1 and 2 are fallout fixes to initially make the whole shell
> > > testsuite pass on my testing system.
> > > 
> > > Bugs still present after this series:
> > > 
> > > * Nested chains remain entirely unsupported
> > > * Maps specifying interval "targets" (i.e., set->data->flags contains
> > >   EXPR_F_INTERVAL bit) will be printed like regular ones and the parser
> > >   then rejects them.
> > 
> > I am seeing memleaks when running tests after this series, please see
> > attachment for reference.
> 
> It could actually be related to:
> 
> 0ac39384fd9e json: Accept more than two operands in binary expressions
> 
> I did not bisect yet.

Good catch! I missed the fact that json_array_extend() does not decref
the emptied array. The fix is simple, will submit after the testsuite
has passed.

Thanks, Phil