json: Work around segfault when encountering xt stmt

When trying to convert an xt stmt into JSON, print() callback was
called. Though the code in src/xt.c does not respect output_fp,
therefore buffer wasn't filled as expected making libjansson to puke:

| # nft -j list ruleset
| warning: stmt ops xt have no json callback
| nft: json.c:169: stmt_print_json: Assertion `__out' failed.
| Aborted (core dumped)

Avoid this by detecting xt stmt ops and returning a stub.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc
index ea5fbe818302f4cb709023d8cc0fab3e6d172d0c..414702c7b88a42fbe2e2b7a6ee35695cb549dd9b 100644 (file)
--- a/doc/libnftables-json.adoc
+++ b/doc/libnftables-json.adoc
@@ -998,6 +998,13 @@ Assign connection tracking timeout policy.
 *ct timeout*::
        CT timeout reference.
 
+=== XT
+[verse]
+*{ "xt": null }*
+
+This represents an xt statement from xtables compat interface. Sadly, at this
+point it is not possible to provide any further information about its content.
+
 == EXPRESSIONS
 Expressions are the building blocks of (most) statements. In their most basic
 form, they are just immediate values represented as JSON string, integer or

diff --git a/src/json.c b/src/json.c
index 431d38afc24bac598be39d633ef90abf58c46cde..f08a3b643c40215ad4127256d1f34012bc1df93a 100644 (file)
--- a/src/json.c
+++ b/src/json.c
@@ -166,6 +166,12 @@ static json_t *stmt_print_json(const struct stmt *stmt, struct output_ctx *octx)
        char buf[1024];
        FILE *fp;
 
+       /* XXX: Can't be supported at this point:
+        * xt_stmt_xlate() ignores output_fp.
+        */
+       if (stmt->ops->type == STMT_XT)
+               return json_pack("{s:n}", "xt");
+
        if (stmt->ops->json)
                return stmt->ops->json(stmt, octx);