[PATCH nft] src: bail out when exporting ruleset with unsupported output

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: mayhs11saini@gmail.com, phil@nwl.cc, anthonyryan1@gmail.com
Subject: [PATCH nft] src: bail out when exporting ruleset with unsupported output
Date: Thu, 15 Feb 2018 17:29:25 +0100	[thread overview]
Message-ID: <20180215162925.27574-1-pablo@netfilter.org> (raw)

Display error message and propagate error to shell when running command
with unsupported output:

 # nft export ruleset json
 Error: this output type is not supported
 export ruleset json
 ^^^^^^^^^^^^^^^^^^^^
 # echo $?
 1

 # nft export ruleset vm json
 ... low-level VM json output
 # echo $?
 0

Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=1224
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/nftables.h |  2 ++
 src/evaluate.c     | 13 ++++++++++++-
 src/parser_bison.y |  6 ++----
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/include/nftables.h b/include/nftables.h
index 3bfa33e5cb33..5e637e10acd3 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -127,4 +127,6 @@ int nft_print(struct output_ctx *octx, const char *fmt, ...)
 int nft_gmp_print(struct output_ctx *octx, const char *fmt, ...)
 	__attribute__((format(printf, 2, 0)));
 
+#define __NFT_OUTPUT_NOTSUPP	UINT_MAX
+
 #endif /* NFTABLES_NFTABLES_H */
diff --git a/src/evaluate.c b/src/evaluate.c
index 8107df838a90..e5ad1044fbb7 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3423,10 +3423,21 @@ static int cmd_evaluate_monitor(struct eval_ctx *ctx, struct cmd *cmd)
 
 static int cmd_evaluate_export(struct eval_ctx *ctx, struct cmd *cmd)
 {
+	if (cmd->markup->format == __NFT_OUTPUT_NOTSUPP)
+		return cmd_error(ctx, "this output type is not supported");
+
 	return cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
 			    ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
 }
 
+static int cmd_evaluate_import(struct eval_ctx *ctx, struct cmd *cmd)
+{
+	if (cmd->markup->format == __NFT_OUTPUT_NOTSUPP)
+		return cmd_error(ctx, "this output type not supported");
+
+	return 0;
+}
+
 static const char * const cmd_op_name[] = {
 	[CMD_INVALID]	= "invalid",
 	[CMD_ADD]	= "add",
@@ -3486,7 +3497,7 @@ int cmd_evaluate(struct eval_ctx *ctx, struct cmd *cmd)
 	case CMD_MONITOR:
 		return cmd_evaluate_monitor(ctx, cmd);
 	case CMD_IMPORT:
-		return 0;
+		return cmd_evaluate_import(ctx, cmd);
 	default:
 		BUG("invalid command operation %u\n", cmd->op);
 	};
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 578bfdc10429..563411155bf4 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1198,7 +1198,6 @@ import_cmd			:       RULESET         markup_format
 				struct markup *markup = markup_alloc($1);
 				$$ = cmd_alloc(CMD_IMPORT, CMD_OBJ_MARKUP, &h, &@$, markup);
 			}
-			|	JSON		{ $$ = NULL; }
 			;
 
 export_cmd		:	RULESET		markup_format
@@ -1213,7 +1212,6 @@ export_cmd		:	RULESET		markup_format
 				struct markup *markup = markup_alloc($1);
 				$$ = cmd_alloc(CMD_EXPORT, CMD_OBJ_MARKUP, &h, &@$, markup);
 			}
-			|	JSON		{ $$ = NULL; }
 			;
 
 monitor_cmd		:	monitor_event	monitor_object	monitor_format
@@ -1241,10 +1239,10 @@ monitor_object		:	/* empty */	{ $$ = CMD_MONITOR_OBJ_ANY; }
 
 monitor_format		:	/* empty */	{ $$ = NFTNL_OUTPUT_DEFAULT; }
 			|	markup_format
-			|	JSON		{ $$ = NFTNL_OUTPUT_JSON; }
 			;
 
-markup_format		: 	XML 		{ $$ = NFTNL_OUTPUT_XML; }
+markup_format		: 	XML 		{ $$ = __NFT_OUTPUT_NOTSUPP; }
+			|	JSON		{ $$ = __NFT_OUTPUT_NOTSUPP; }
 			|	VM JSON		{ $$ = NFTNL_OUTPUT_JSON; }
 			;
 
-- 
2.11.0

                 reply	other threads:[~2018-02-15 16:29 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3bfa33e5cb3 dfblob:5e637e10acd dfblob:8107df838a9
dfblob:e5ad1044fbb dfblob:578bfdc1042 dfblob:563411155bf )
 OR (
bs:"[PATCH nft] src: bail out when exporting ruleset with unsupported output" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180215162925.27574-1-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=anthonyryan1@gmail.com \
    --cc=mayhs11saini@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=phil@nwl.cc \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).