* Re: [Bug 1224] nft export json fails with successful return code [not found] ` <bug-1224-1689-5HSmtdM7gJ@https.bugzilla.netfilter.org/> @ 2018-02-06 12:40 ` Phil Sutter 2018-02-06 12:49 ` Pablo Neira Ayuso 0 siblings, 1 reply; 3+ messages in thread From: Phil Sutter @ 2018-02-06 12:40 UTC (permalink / raw) To: mayhs11saini; +Cc: netfilter-devel, Pablo Neira Ayuso On Tue, Feb 06, 2018 at 02:44:06AM +0000, bugzilla-daemon@netfilter.org wrote: > https://bugzilla.netfilter.org/show_bug.cgi?id=1224 [...] > --- Comment #1 from Shyam Saini <mayhs11saini@gmail.com> --- > Hi Anthony, > > > I recently upgraded to nftables v0.8.2 and encountered a regression. > > > > "nft export json" no longer works, it returns a success code (0), but > > doens't print any JSON data. > > > > A git bisect determined this was introduced in commit > > 2fa54d8a49352bda44d3e25d1d7ba3531faf3303, and upon reading that commit, I > > noticed the introduction of "nft export vm json" which does work as expected. > > Technically when we were exporting json by "nft export json" it was giving us > low level virtual-machine(vm) pseudo code. So we renamed it as "vm json". > As you have already mentioned that you are able achieve old behaviour by > "nft export vm json", that is right behaviour. > > Further, by this renaming it creates scope for high level json which > represents abstract syntax tree of nft grammar. This high level json > can be exported by "nft export json". > But this feature is yet to come in mainline so we are doing "no operation" we > user executes "nft export json" and it returns 0. This doesn't sound right to me. We break users' scripts and at the same time make it hard for them to notice. Imagine someone uses it in a cron job for backup purposes. If it is really sensible to rename 'export json' to 'export vm json' (and I doubt that), there should be at least a grace period in which the old command returns an error and complains loudly. Cheers, Phil ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Bug 1224] nft export json fails with successful return code 2018-02-06 12:40 ` [Bug 1224] nft export json fails with successful return code Phil Sutter @ 2018-02-06 12:49 ` Pablo Neira Ayuso 2018-02-06 14:13 ` Phil Sutter 0 siblings, 1 reply; 3+ messages in thread From: Pablo Neira Ayuso @ 2018-02-06 12:49 UTC (permalink / raw) To: Phil Sutter, mayhs11saini, netfilter-devel On Tue, Feb 06, 2018 at 01:40:34PM +0100, Phil Sutter wrote: > On Tue, Feb 06, 2018 at 02:44:06AM +0000, bugzilla-daemon@netfilter.org wrote: > > https://bugzilla.netfilter.org/show_bug.cgi?id=1224 > [...] > > --- Comment #1 from Shyam Saini <mayhs11saini@gmail.com> --- > > Hi Anthony, > > > > > I recently upgraded to nftables v0.8.2 and encountered a regression. > > > > > > "nft export json" no longer works, it returns a success code (0), but > > > doens't print any JSON data. > > > > > > A git bisect determined this was introduced in commit > > > 2fa54d8a49352bda44d3e25d1d7ba3531faf3303, and upon reading that commit, I > > > noticed the introduction of "nft export vm json" which does work as expected. > > > > Technically when we were exporting json by "nft export json" it was giving us > > low level virtual-machine(vm) pseudo code. So we renamed it as "vm json". > > As you have already mentioned that you are able achieve old behaviour by > > "nft export vm json", that is right behaviour. > > > > Further, by this renaming it creates scope for high level json which > > represents abstract syntax tree of nft grammar. This high level json > > can be exported by "nft export json". > > But this feature is yet to come in mainline so we are doing "no operation" we > > user executes "nft export json" and it returns 0. > > This doesn't sound right to me. We break users' scripts and at the same > time make it hard for them to notice. Imagine someone uses it in a cron > job for backup purposes. > > If it is really sensible to rename 'export json' to 'export vm json' > (and I doubt that), there should be at least a grace period in which the > old command returns an error and complains loudly. We can restore 'nft export json'. But fact is that we had no import command so far, many expressions are still missing - specifically new extensions have no cover tests -, so this low-level json support has been and it is still experimental. And then, once your high level json representation is in place, we'll provide a more user friendly - matching bitfield such as IP DSCP and VLAN fields is tricky. So 'nft export json' will display a different json layout at some point. But that probably we can just signal via version field, although I tend to dislike them. Let me know, thanks! ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Bug 1224] nft export json fails with successful return code 2018-02-06 12:49 ` Pablo Neira Ayuso @ 2018-02-06 14:13 ` Phil Sutter 0 siblings, 0 replies; 3+ messages in thread From: Phil Sutter @ 2018-02-06 14:13 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: mayhs11saini, netfilter-devel Hi Pablo, On Tue, Feb 06, 2018 at 01:49:57PM +0100, Pablo Neira Ayuso wrote: > On Tue, Feb 06, 2018 at 01:40:34PM +0100, Phil Sutter wrote: > > On Tue, Feb 06, 2018 at 02:44:06AM +0000, bugzilla-daemon@netfilter.org wrote: > > > https://bugzilla.netfilter.org/show_bug.cgi?id=1224 > > [...] > > > --- Comment #1 from Shyam Saini <mayhs11saini@gmail.com> --- > > > Hi Anthony, > > > > > > > I recently upgraded to nftables v0.8.2 and encountered a regression. > > > > > > > > "nft export json" no longer works, it returns a success code (0), but > > > > doens't print any JSON data. > > > > > > > > A git bisect determined this was introduced in commit > > > > 2fa54d8a49352bda44d3e25d1d7ba3531faf3303, and upon reading that commit, I > > > > noticed the introduction of "nft export vm json" which does work as expected. > > > > > > Technically when we were exporting json by "nft export json" it was giving us > > > low level virtual-machine(vm) pseudo code. So we renamed it as "vm json". > > > As you have already mentioned that you are able achieve old behaviour by > > > "nft export vm json", that is right behaviour. > > > > > > Further, by this renaming it creates scope for high level json which > > > represents abstract syntax tree of nft grammar. This high level json > > > can be exported by "nft export json". > > > But this feature is yet to come in mainline so we are doing "no operation" we > > > user executes "nft export json" and it returns 0. > > > > This doesn't sound right to me. We break users' scripts and at the same > > time make it hard for them to notice. Imagine someone uses it in a cron > > job for backup purposes. > > > > If it is really sensible to rename 'export json' to 'export vm json' > > (and I doubt that), there should be at least a grace period in which the > > old command returns an error and complains loudly. > > We can restore 'nft export json'. > > But fact is that we had no import command so far, many expressions are > still missing - specifically new extensions have no cover tests -, so > this low-level json support has been and it is still experimental. > > And then, once your high level json representation is in place, we'll > provide a more user friendly - matching bitfield such as IP DSCP and > VLAN fields is tricky. So 'nft export json' will display a different > json layout at some point. But that probably we can just signal via > version field, although I tend to dislike them. Thanks for the quick reply! >From my point of view, that high-level JSON format won't exactly fit into what one would expect from import/export functionality since it will allow to specify commands like 'add' and 'remove', so I rather see it as an alternative format to feed into 'nft -f'. Of course, listing the ruleset in JSON format would yield something similar to 'nft export json', so it might still replace that. Cheers, Phil ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-02-06 14:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <bug-1224-1689@https.bugzilla.netfilter.org/>
[not found] ` <bug-1224-1689-5HSmtdM7gJ@https.bugzilla.netfilter.org/>
2018-02-06 12:40 ` [Bug 1224] nft export json fails with successful return code Phil Sutter
2018-02-06 12:49 ` Pablo Neira Ayuso
2018-02-06 14:13 ` Phil Sutter
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).