json: update json output ordering to place rules after chains

Currently the json output of `nft -j list ruleset` interleaves rules
with chains.

As reported in this bug:

 https://bugzilla.netfilter.org/show_bug.cgi?id=1580

the json cannot be fed into `nft -j -f <file>` since rules may
reference chains that are created later

Instead create rules after all chains are output.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1580
Signed-off-by: ChanderG <mail@chandergovind.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/json.c b/src/json.c
index 0b7224c28736dd344bd54be475194a872b0acb85..a525fd1bde20b7f95d5384b6f97a29577cd5a5ba 100644 (file)
--- a/src/json.c
+++ b/src/json.c
@@ -1587,7 +1587,7 @@ json_t *optstrip_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
 static json_t *table_print_json_full(struct netlink_ctx *ctx,
                                     struct table *table)
 {
-       json_t *root = json_array(), *tmp;
+       json_t *root = json_array(), *rules = json_array(), *tmp;
        struct flowtable *flowtable;
        struct chain *chain;
        struct rule *rule;
@@ -1617,10 +1617,13 @@ static json_t *table_print_json_full(struct netlink_ctx *ctx,
 
                list_for_each_entry(rule, &chain->rules, list) {
                        tmp = rule_print_json(&ctx->nft->output, rule);
-                       json_array_append_new(root, tmp);
+                       json_array_append_new(rules, tmp);
                }
        }
 
+       json_array_extend(root, rules);
+       json_decref(rules);
+
        return root;
 }