netfilter buglog - Nov 2018 - [Bug 1297] New: Replacement for nft export vm json?

https://bugzilla.netfilter.org/show_bug.cgi?id=1297

            Bug ID: 1297
           Summary: Replacement for nft export vm json?
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: anthonyryan1 at gmail.com

It seems in 1.1.2, support for exporting json was removed.

The commit messages reference better support in libnftables but nft 0.9.0
isn't
taking advantage of that because `nft export vm json` is outputting broken json
with a success code.

I'd like to know what the current recommended approach for getting a
future-proof representation of the current firewall state is? I've got a
python
application that needs to be able to read the current firewall state, modify
it, read counters and I can expect some stability in the format even as new
features are added.

I'd also like to throw a big of a suggestion for semantic versioning here,
generally it's not nice to remove functionality in a bugfix release.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181115/96d4c75d/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1297

Anthony Ryan <anthonyryan1 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |anthonyryan1 at gmail.com
           Severity|enhancement                 |normal

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181115/e082e12b/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1297

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Hi!

The previous json layout for libnftnl has been unmaintained for quite a bit of
time.

The new json format is rather similar in layout, but it is well-documented, it
integrates with high-level libnftables library and it is solving a number of
well-known problems. Please, have a look at documentation:

     man libnftables-json

This is available through nftables, you can fetch a clone from:
git://git.netfilter.org/nftables

We also now offer a python binding for libnftables, have a look at nftables/py.

I think it should be relatively little work to adapt you python application to
take the json format from libnftables. Actually, it's going to me much
better
since you will not have to figure out how to match on the ip dscp field some
day - which is not trivial in libnftnl.

Regarding library version, I agree we should have probably bumped version
1.2.0, we can do so in the next release.

Thanks!

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181115/6336aed2/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1297

Anthony Ryan <anthonyryan1 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WONTFIX
             Status|ASSIGNED                    |RESOLVED

--- Comment #2 from Anthony Ryan <anthonyryan1 at gmail.com> ---
Just a minor follow up observation:

The official release tarballs seems to remove the python bindings, so even
though it's in git, it's not available to distros unless they also use
the git
release.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190108/b5930c58/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1297

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |phil at nwl.cc

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190109/60520aa1/attachment.html>