src: bail out when exporting ruleset with unsupported output

Display error message and propagate error to shell when running command
with unsupported output:

 # nft export ruleset json
 Error: this output type is not supported
 export ruleset json
 ^^^^^^^^^^^^^^^^^^^^
 # echo $?
 1

When displaying the output in json using the low-level VM
representation, it shows:

 # nft export ruleset vm json
 ... low-level VM json output
 # echo $?
 0

While at it, do the same with obsoleted XML output.

Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=1224
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/nftables.h b/include/nftables.h
index 3bfa33e5cb336751663fda080d42247dd1058735..5e637e10acd30000244c99fe5e9e2e18da968277 100644 (file)
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -127,4 +127,6 @@ int nft_print(struct output_ctx *octx, const char *fmt, ...)
 int nft_gmp_print(struct output_ctx *octx, const char *fmt, ...)
        __attribute__((format(printf, 2, 0)));
 
+#define __NFT_OUTPUT_NOTSUPP   UINT_MAX
+
 #endif /* NFTABLES_NFTABLES_H */

diff --git a/src/evaluate.c b/src/evaluate.c
index 8107df838a9093b6d3c3dbcbcfb8c4c8c01fd839..e5ad1044fbb7dd54f7a8c768988cdd034509adde 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3423,10 +3423,21 @@ static int cmd_evaluate_monitor(struct eval_ctx *ctx, struct cmd *cmd)
 
 static int cmd_evaluate_export(struct eval_ctx *ctx, struct cmd *cmd)
 {
+       if (cmd->markup->format == __NFT_OUTPUT_NOTSUPP)
+               return cmd_error(ctx, "this output type is not supported");
+
        return cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
                            ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
 }
 
+static int cmd_evaluate_import(struct eval_ctx *ctx, struct cmd *cmd)
+{
+       if (cmd->markup->format == __NFT_OUTPUT_NOTSUPP)
+               return cmd_error(ctx, "this output type not supported");
+
+       return 0;
+}
+
 static const char * const cmd_op_name[] = {
        [CMD_INVALID]   = "invalid",
        [CMD_ADD]       = "add",
@@ -3486,7 +3497,7 @@ int cmd_evaluate(struct eval_ctx *ctx, struct cmd *cmd)
        case CMD_MONITOR:
                return cmd_evaluate_monitor(ctx, cmd);
        case CMD_IMPORT:
-               return 0;
+               return cmd_evaluate_import(ctx, cmd);
        default:
                BUG("invalid command operation %u\n", cmd->op);
        };

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 578bfdc10429a22f86c3f31ef83e71284fcb780d..563411155bf40313e9bad01da0f85965fe853be3 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1198,7 +1198,6 @@ import_cmd                        :       RULESET         markup_format
                                struct markup *markup = markup_alloc($1);
                                $$ = cmd_alloc(CMD_IMPORT, CMD_OBJ_MARKUP, &h, &@$, markup);
                        }
-                       |       JSON            { $$ = NULL; }
                        ;
 
 export_cmd             :       RULESET         markup_format
@@ -1213,7 +1212,6 @@ export_cmd                :       RULESET         markup_format
                                struct markup *markup = markup_alloc($1);
                                $$ = cmd_alloc(CMD_EXPORT, CMD_OBJ_MARKUP, &h, &@$, markup);
                        }
-                       |       JSON            { $$ = NULL; }
                        ;
 
 monitor_cmd            :       monitor_event   monitor_object  monitor_format
@@ -1241,10 +1239,10 @@ monitor_object          :       /* empty */     { $$ = CMD_MONITOR_OBJ_ANY; }
 
 monitor_format         :       /* empty */     { $$ = NFTNL_OUTPUT_DEFAULT; }
                        |       markup_format
-                       |       JSON            { $$ = NFTNL_OUTPUT_JSON; }
                        ;
 
-markup_format          :       XML             { $$ = NFTNL_OUTPUT_XML; }
+markup_format          :       XML             { $$ = __NFT_OUTPUT_NOTSUPP; }
+                       |       JSON            { $$ = __NFT_OUTPUT_NOTSUPP; }
                        |       VM JSON         { $$ = NFTNL_OUTPUT_JSON; }
                        ;