JSON: Review verdict statement and expression

Change jump and goto verdicts to become extensible by dedicating an
object for the target parameter.

While being at it, drop break and queue verdict expressions since they
don't seem to exist, no idea where I got those from in the first place.
For queue, there is a dedicated expression at least.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc
index 058573dfc5c7df39ecc9a93081cd49be7457eb5e..74e7d0271b8c84aba63647222f4972a13dd97dd9 100644 (file)
--- a/doc/libnftables-json.adoc
+++ b/doc/libnftables-json.adoc
@@ -548,13 +548,13 @@ single statement.
 *{ "drop": null }*
 *{ "continue": null }*
 *{ "return": null }*
-*{ "jump":* 'STRING' *}*
-*{ "goto":* 'STRING' *}*
+*{ "jump": { "target": * 'STRING' *}}*
+*{ "goto": { "target": * 'STRING' *}}*
 
 A verdict either terminates packet traversal through the current chain or
 delegates to a different one.
 
-*jump* and *goto* statements expect a target chain name as value.
+*jump* and *goto* statements expect a target chain name.
 
 === MATCH
 [verse]
@@ -1177,18 +1177,16 @@ side.
 
 === VERDICT
 [verse]
-*{ "continue": null }*
-*{ "break": null }*
-*{ "jump":* 'STRING' *}*
-*{ "goto":* 'STRING' *}*
-*{ "return": null }*
 *{ "accept": null }*
 *{ "drop": null }*
-*{ "queue": null }*
+*{ "continue": null }*
+*{ "return": null }*
+*{ "jump": { "target":* 'STRING' *}}*
+*{ "goto": { "target":* 'STRING' *}}*
 
 Same as *verdict* statement, but for use in verdict maps.
 
-Only *jump* and *goto* verdicts expect a string denoting the target chain name.
+*jump* and *goto* verdicts expect a target chain name.
 
 === ELEM
 [verse]

diff --git a/src/json.c b/src/json.c
index 0c708c7dce2d4cf9d889950d1c9cc392a0156e0c..30ee81cf7cdff6e9e151f8504032ab465bb468b9 100644 (file)
--- a/src/json.c
+++ b/src/json.c
@@ -642,7 +642,10 @@ json_t *verdict_expr_json(const struct expr *expr, struct output_ctx *octx)
                BUG("Unknown verdict %d.", expr->verdict);
                return NULL;
        }
-       return json_pack("{s:o}", name, chain ? json_string(chain) : json_null());
+       if (chain)
+               return json_pack("{s:{s:s}}", name, "target", chain);
+       else
+               return json_pack("{s:n}", name);
 }
 
 json_t *rt_expr_json(const struct expr *expr, struct output_ctx *octx)

diff --git a/src/parser_json.c b/src/parser_json.c
index 883904327b762e8746a3f564e4923d5745e71847..dd21d428adad197b98a8d1c3093795c73d54c617 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -1031,27 +1031,25 @@ static struct expr *json_parse_verdict_expr(struct json_ctx *ctx,
                bool chain;
        } verdict_tbl[] = {
                { NFT_CONTINUE, "continue", false },
-               { NFT_BREAK, "break", false },
                { NFT_JUMP, "jump", true },
                { NFT_GOTO, "goto", true },
                { NFT_RETURN, "return", false },
                { NF_ACCEPT, "accept", false },
                { NF_DROP, "drop", false },
-               { NF_QUEUE, "queue", false },
        };
        const char *chain = NULL;
        unsigned int i;
 
-       json_unpack(root, "s", &chain);
+       json_unpack(root, "{s:s}", "target", &chain);
 
        for (i = 0; i < array_size(verdict_tbl); i++) {
                if (strcmp(type, verdict_tbl[i].name))
                        continue;
 
-               if (verdict_tbl[i].chain && !chain) {
-                       json_error(ctx, "Verdict %s needs chain argument.", type);
+               if (verdict_tbl[i].chain &&
+                   json_unpack_err(ctx, root, "{s:s}", "target", &chain))
                        return NULL;
-               }
+
                return verdict_expr_alloc(int_loc,
                                          verdict_tbl[i].verdict, chain);
        }

diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index 1b7e04c9d0b606b6980d225e9fd037c7202d059f..3b89ec3514bde0bb1c232e0f03a14fd2dd0bcf4e 100755 (executable)
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -278,7 +278,9 @@ def chain_create(chain, table, filename):
         print_error(reason, filename, chain.lineno)
         return -1
 
-    cmd = "add chain %s %s { %s; }" % (table, chain, chain.config)
+    cmd = "add chain %s %s" % (table, chain)
+    if chain.config:
+        cmd += " { %s; }" % chain.config
 
     ret = execute_cmd(cmd, filename, chain.lineno)
     if ret != 0: