json: Order output like nft_cmd_expand()

commit 38f04196ebef64a6672c55c27a6afe9af811c8f7 upstream.

Print empty chain add commands early in list so following verdict maps
and rules referring to them won't cause spurious errors when loading the
resulting ruleset dump.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/src/json.c b/src/json.c
index 727700b85075ffee57480941424ca1cbcf5b9951..67ef95b655137ba23d6926807f346fe4a8f24b2c 100644 (file)
--- a/src/json.c
+++ b/src/json.c
@@ -1674,6 +1674,11 @@ static json_t *table_print_json_full(struct netlink_ctx *ctx,
        tmp = table_print_json(table);
        json_array_append_new(root, tmp);
 
+       /* both maps and rules may refer to chains, list them first */
+       list_for_each_entry(chain, &table->chain_cache.list, cache.list) {
+               tmp = chain_print_json(chain);
+               json_array_append_new(root, tmp);
+       }
        list_for_each_entry(obj, &table->obj_cache.list, cache.list) {
                tmp = obj_print_json(obj);
                json_array_append_new(root, tmp);
@@ -1689,9 +1694,6 @@ static json_t *table_print_json_full(struct netlink_ctx *ctx,
                json_array_append_new(root, tmp);
        }
        list_for_each_entry(chain, &table->chain_cache.list, cache.list) {
-               tmp = chain_print_json(chain);
-               json_array_append_new(root, tmp);
-
                list_for_each_entry(rule, &chain->rules, list) {
                        tmp = rule_print_json(&ctx->nft->output, rule);
                        json_array_append_new(rules, tmp);