[PATCH nft v2] json: fix empty statement list output in sets and maps

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nft v2] json: fix empty statement list output in sets and maps
@ 2022-09-04 17:18 Fernando Fernandez Mancera
  2022-09-06  8:12 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Fernando Fernandez Mancera @ 2022-09-04 17:18 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Fernando Fernandez Mancera

JSON output of sets and map should not include the statements list if is
empty. The statement output should be stateless also.

In addition, removes duplicated code.

Fixes: 07958ec53830 ("json: add set statement list support")
Fixes: e66f3187d891 ("json: add table map statement support")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
v2: fix typo in commit message
---
 src/json.c                                    | 64 ++++++++++---------
 .../shell/testcases/json/0001set_statements_0 |  2 +-
 tests/shell/testcases/json/0002table_map_0    |  2 +-
 3 files changed, 35 insertions(+), 33 deletions(-)

diff --git a/src/json.c b/src/json.c
index 1f2889c6..87f87f37 100644
--- a/src/json.c
+++ b/src/json.c
@@ -105,6 +105,25 @@ static json_t *stmt_print_json(const struct stmt *stmt, struct output_ctx *octx)
 	return json_pack("s", buf);
 }
 
+static json_t *set_stmt_list_json(const struct list_head *stmt_list,
+				   struct output_ctx *octx)
+{
+	unsigned int flags = octx->flags;
+	json_t *root, *tmp;
+	struct stmt *i;
+
+	root = json_array();
+	octx->flags |= NFT_CTX_OUTPUT_STATELESS;
+
+	list_for_each_entry(i, stmt_list, list) {
+		tmp = stmt_print_json(i, octx);
+		json_array_append_new(root, tmp);
+	}
+	octx->flags = flags;
+
+	return root;
+}
+
 static json_t *set_print_json(struct output_ctx *octx, const struct set *set)
 {
 	json_t *root, *tmp;
@@ -180,19 +199,10 @@ static json_t *set_print_json(struct output_ctx *octx, const struct set *set)
 		json_object_set_new(root, "elem", array);
 	}
 
-	if (!list_empty(&set->stmt_list)) {
-		json_t *array, *tmp;
-		struct stmt *stmt;
-
-		array = json_array();
-
-		list_for_each_entry(stmt, &set->stmt_list, list) {
-			tmp = stmt_print_json(stmt, octx);
-			json_array_append_new(array, tmp);
-		}
-
-		json_object_set_new(root, "stmt", array);
-	}
+	if (!list_empty(&set->stmt_list))
+		json_object_set_new(root, "stmt",
+				    set_stmt_list_json(&set->stmt_list,
+						       octx));
 
 	return json_pack("{s:o}", type, root);
 }
@@ -1453,29 +1463,21 @@ json_t *counter_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
 			 "bytes", stmt->counter.bytes);
 }
 
-static json_t *set_stmt_list_json(const struct list_head *stmt_list,
-	                           struct output_ctx *octx)
-{
-	json_t *root, *tmp;
-	struct stmt *i;
-
-	root = json_array();
-
-	list_for_each_entry(i, stmt_list, list) {
-		tmp = stmt_print_json(i, octx);
-		json_array_append_new(root, tmp);
-	}
-
-	return root;
-}
-
 json_t *set_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
 {
-	return json_pack("{s:{s:s, s:o, s:o, s:s+}}", "set",
+	json_t *root;
+
+	root = json_pack("{s:s, s:o, s:s+}",
 			 "op", set_stmt_op_names[stmt->set.op],
 			 "elem", expr_print_json(stmt->set.key, octx),
-			 "stmt", set_stmt_list_json(&stmt->set.stmt_list, octx),
 			 "set", "@", stmt->set.set->set->handle.set.name);
+
+	if (!list_empty(&stmt->set.stmt_list))
+		json_object_set_new(root, "stmt",
+				    set_stmt_list_json(&stmt->set.stmt_list,
+						       octx));
+
+	return json_pack("{s:o}", "set", root);
 }
 
 json_t *objref_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
diff --git a/tests/shell/testcases/json/0001set_statements_0 b/tests/shell/testcases/json/0001set_statements_0
index 1c72d35b..388b0bfe 100755
--- a/tests/shell/testcases/json/0001set_statements_0
+++ b/tests/shell/testcases/json/0001set_statements_0
@@ -4,6 +4,6 @@ set -e
 
 $NFT flush ruleset
 
-RULESET='{"nftables": [{"metainfo": {"version": "1.0.5", "release_name": "Lester Gooch #4", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "testt", "handle": 3}}, {"set": {"family": "ip", "name": "ssh_meter", "table": "testt", "type": "ipv4_addr", "handle": 2, "size": 65535}}, {"chain": {"family": "ip", "table": "testt", "name": "testc", "handle": 1, "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"rule": {"family": "ip", "table": "testt", "chain": "testc", "handle": 3, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "new"}}, {"set": {"op": "add", "elem": {"payload": {"protocol": "ip", "field": "saddr"}}, "stmt": [{"limit": {"rate": 10, "burst": 5, "per": "second"}}], "set": "@ssh_meter"}}, {"accept": null}]}}]}'
+RULESET='{"nftables": [{"metainfo": {"version": "1.0.5", "release_name": "Lester Gooch #4", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "testt", "handle": 11}}, {"set": {"family": "ip", "name": "ssh_meter", "table": "testt", "type": "ipv4_addr", "handle": 1, "size": 65535}}, {"chain": {"family": "ip", "table": "testt", "name": "testc", "handle": 2, "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"rule": {"family": "ip", "table": "testt", "chain": "testc", "handle": 3, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "new"}}, {"set": {"op": "add", "elem": {"payload": {"protocol": "ip", "field": "saddr"}}, "set": "@ssh_meter", "stmt": [{"limit": {"rate": 10, "burst": 5, "per": "second"}}]}}, {"accept": null}]}}]}'
 
 $NFT -j -f - <<< $RULESET
diff --git a/tests/shell/testcases/json/0002table_map_0 b/tests/shell/testcases/json/0002table_map_0
index 4b54527b..9619de2d 100755
--- a/tests/shell/testcases/json/0002table_map_0
+++ b/tests/shell/testcases/json/0002table_map_0
@@ -4,6 +4,6 @@ set -e
 
 $NFT flush ruleset
 
-RULESET='{"nftables": [{"metainfo": {"version": "1.0.5", "release_name": "Lester Gooch #4", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 4}}, {"map": {"family": "ip", "name": "m", "table": "t", "type": "ipv4_addr", "handle": 1, "map": "mark", "stmt": [{"counter": {"packets": 0, "bytes": 0}}]}}]}'
+RULESET='{"nftables": [{"metainfo": {"version": "1.0.5", "release_name": "Lester Gooch #4", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 12}}, {"map": {"family": "ip", "name": "m", "table": "t", "type": "ipv4_addr", "handle": 1, "map": "mark", "stmt": [{"counter": null}]}}]}'
 
 $NFT -j -f - <<< $RULESET
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH nft v2] json: fix empty statement list output in sets and maps
  2022-09-04 17:18 [PATCH nft v2] json: fix empty statement list output in sets and maps Fernando Fernandez Mancera
@ 2022-09-06  8:12 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2022-09-06  8:12 UTC (permalink / raw)
  To: Fernando Fernandez Mancera; +Cc: netfilter-devel

On Sun, Sep 04, 2022 at 07:18:26PM +0200, Fernando Fernandez Mancera wrote:
> JSON output of sets and map should not include the statements list if is
> empty. The statement output should be stateless also.
> 
> In addition, removes duplicated code.

Applied, thanks

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-09-06  8:12 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-09-04 17:18 [PATCH nft v2] json: fix empty statement list output in sets and maps Fernando Fernandez Mancera
2022-09-06  8:12 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).