From 032a1808c1abb70004703f57c2d1625a099beca3 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Fri, 15 Mar 2019 12:59:19 +0100
Subject: [PATCH] src: bail out when exporting ruleset with unsupported output

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1646336
Upstream Status: nftables commit a340aa6ca6cd0
Conflicts:
* Dropped changes to import command which doesn't exist in RHEL7.
* Changes to parser_bison.y applied manually. Major conflicts due to
  missing commit 2fa54d8a49352 ("src: Add import command for low level
  json").
* Adjusted to missing commit 2fa54d8a49352 ("src: Add import command for
  low level json").

commit a340aa6ca6cd08ae173fbb95cd3e65807264df07
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date:   Thu Feb 15 17:22:16 2018 +0100

    src: bail out when exporting ruleset with unsupported output

    Display error message and propagate error to shell when running command
    with unsupported output:

     # nft export ruleset json
     Error: this output type is not supported
     export ruleset json
     ^^^^^^^^^^^^^^^^^^^^
     # echo $?
     1

    When displaying the output in json using the low-level VM
    representation, it shows:

     # nft export ruleset vm json
     ... low-level VM json output
     # echo $?
     0

    While at it, do the same with obsoleted XML output.

    Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=1224
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/nftables.h | 2 ++
 src/evaluate.c     | 3 +++
 src/parser_bison.y | 4 ++--
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/include/nftables.h b/include/nftables.h
index 01d72a8..0abbcaf 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -154,4 +154,6 @@ int nft_print(struct output_ctx *octx, const char *fmt, ...)
 int nft_gmp_print(struct output_ctx *octx, const char *fmt, ...)
 	__attribute__((format(printf, 2, 0)));
 
+#define __NFT_OUTPUT_NOTSUPP	UINT_MAX
+
 #endif /* NFTABLES_NFTABLES_H */
diff --git a/src/evaluate.c b/src/evaluate.c
index ab1347f..c8a98f1 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3426,6 +3426,9 @@ static int cmd_evaluate_monitor(struct eval_ctx *ctx, struct cmd *cmd)
 
 static int cmd_evaluate_export(struct eval_ctx *ctx, struct cmd *cmd)
 {
+	if (cmd->export->format == __NFT_OUTPUT_NOTSUPP)
+		return cmd_error(ctx, "this output type is not supported");
+
 	return cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
 			    ctx->debug_mask & DEBUG_NETLINK, ctx->octx);
 }
diff --git a/src/parser_bison.y b/src/parser_bison.y
index f9878ba..e87669e 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1204,8 +1204,8 @@ monitor_format		:	/* empty */	{ $$ = NFTNL_OUTPUT_DEFAULT; }
 			|	export_format
 			;
 
-export_format		: 	XML 		{ $$ = NFTNL_OUTPUT_XML; }
-			|	JSON		{ $$ = NFTNL_OUTPUT_JSON; }
+export_format		: 	XML 		{ $$ = __NFT_OUTPUT_NOTSUPP; }
+			|	JSON		{ $$ = __NFT_OUTPUT_NOTSUPP; }
 			;
 
 describe_cmd		:	primary_expr
-- 
1.8.3.1