[nft,1/2] parser_json: use stdin buffer if available

Message ID	20240709145953.135124-1-pablo@netfilter.org
State	Changes Requested
Headers	show Return-Path: <netfilter-devel+bounces-2952-incoming=patchwork.ozlabs.org@vger.kernel.org> From: Pablo Neira Ayuso <pablo@netfilter.org> To: netfilter-devel@vger.kernel.org Cc: jami.maenpaa@wapice.com Subject: [PATCH nft 1/2] parser_json: use stdin buffer if available Date: Tue, 9 Jul 2024 16:59:52 +0200 Message-Id: <20240709145953.135124-1-pablo@netfilter.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[nft,1/2] parser_json: use stdin buffer if available \| expand [nft,1/2] parser_json: use stdin buffer if available [nft,2/2] libnftables: skip useable checks for /dev/stdin

Message ID

20240709145953.135124-1-pablo@netfilter.org

State

Changes Requested

Headers

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: jami.maenpaa@wapice.com
Subject: [PATCH nft 1/2] parser_json: use stdin buffer if available
Date: Tue,  9 Jul 2024 16:59:52 +0200
Message-Id: <20240709145953.135124-1-pablo@netfilter.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[nft,1/2] parser_json: use stdin buffer if available | expand

Commit Message

Pablo Neira Ayuso July 9, 2024, 2:59 p.m. UTC

Since 5c2b2b0a2ba7 ("src: error reporting with -f and read from stdin")
stdin is stored in a buffer, update json support to use it instead of
reading from /dev/stdin.

Some systems do not provide /dev/stdin symlink to /proc/self/fd/0
according to reporter (that mentions Yocto Linux as example).

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_json.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Phil Sutter July 10, 2024, 1:53 p.m. UTC | #1

Hi Pablo,

On Tue, Jul 09, 2024 at 04:59:52PM +0200, Pablo Neira Ayuso wrote:
> Since 5c2b2b0a2ba7 ("src: error reporting with -f and read from stdin")
> stdin is stored in a buffer, update json support to use it instead of
> reading from /dev/stdin.
> 
> Some systems do not provide /dev/stdin symlink to /proc/self/fd/0
> according to reporter (that mentions Yocto Linux as example).
> 
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
>  src/parser_json.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/src/parser_json.c b/src/parser_json.c
> index ee4657ee8044..4912d3608b2b 100644
> --- a/src/parser_json.c
> +++ b/src/parser_json.c
> @@ -4357,6 +4357,13 @@ int nft_parse_json_filename(struct nft_ctx *nft, const char *filename,
>  	json_error_t err;
>  	int ret;
>  
> +	if (nft->stdin_buf) {
> +		json_indesc.type = INDESC_STDIN;
> +		json_indesc.name = "/dev/stdin";
> +
> +		return nft_parse_json_buffer(nft, nft->stdin_buf, msgs, cmds);
> +	}

Is this sufficient? In nft_run_cmd_from_filename(), nft->stdin_buf is
populated conditionally:

| if (!strcmp(filename, "/dev/stdin") &&
|     !nft_output_json(&nft->output))
|         nft->stdin_buf = stdin_to_buffer();

Later (in the wrapped __nft_run_cmd_from_filename()), we try JSON parsing
conditionally:

| if (nft_output_json(&nft->output) || nft_input_json(&nft->input))
|         rc = nft_parse_json_filename(nft, filename, &msgs, &cmds);

Things got complicated by commit 2034d8c60ed91 ("src: add input flag
NFT_CTX_INPUT_JSON to enable JSON parsing") and my request to remain
compatible, i.e. '-j' flag which enables JSON output shall continue to
make JSON the assumed input format.

So long story short, I guess in order to cover all cases, we have to
enable nft->stdin_buf population also if nft_input_json(...) returns
true, i.e. cover for library users requesting JSON input (but standard
output). WDYT?

Cheers, Phil

Phil Sutter July 10, 2024, 2:01 p.m. UTC | #2

On Wed, Jul 10, 2024 at 03:53:52PM +0200, Phil Sutter wrote:
> Hi Pablo,
> 
> On Tue, Jul 09, 2024 at 04:59:52PM +0200, Pablo Neira Ayuso wrote:
> > Since 5c2b2b0a2ba7 ("src: error reporting with -f and read from stdin")
> > stdin is stored in a buffer, update json support to use it instead of
> > reading from /dev/stdin.
> > 
> > Some systems do not provide /dev/stdin symlink to /proc/self/fd/0
> > according to reporter (that mentions Yocto Linux as example).
> > 
> > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> > ---
> >  src/parser_json.c | 7 +++++++
> >  1 file changed, 7 insertions(+)
> > 
> > diff --git a/src/parser_json.c b/src/parser_json.c
> > index ee4657ee8044..4912d3608b2b 100644
> > --- a/src/parser_json.c
> > +++ b/src/parser_json.c
> > @@ -4357,6 +4357,13 @@ int nft_parse_json_filename(struct nft_ctx *nft, const char *filename,
> >  	json_error_t err;
> >  	int ret;
> >  
> > +	if (nft->stdin_buf) {
> > +		json_indesc.type = INDESC_STDIN;
> > +		json_indesc.name = "/dev/stdin";
> > +
> > +		return nft_parse_json_buffer(nft, nft->stdin_buf, msgs, cmds);
> > +	}
> 
> Is this sufficient? In nft_run_cmd_from_filename(), nft->stdin_buf is
> populated conditionally:
> 
> | if (!strcmp(filename, "/dev/stdin") &&
> |     !nft_output_json(&nft->output))
> |         nft->stdin_buf = stdin_to_buffer();
> 
> Later (in the wrapped __nft_run_cmd_from_filename()), we try JSON parsing
> conditionally:
> 
> | if (nft_output_json(&nft->output) || nft_input_json(&nft->input))
> |         rc = nft_parse_json_filename(nft, filename, &msgs, &cmds);
> 
> Things got complicated by commit 2034d8c60ed91 ("src: add input flag
> NFT_CTX_INPUT_JSON to enable JSON parsing") and my request to remain
> compatible, i.e. '-j' flag which enables JSON output shall continue to
> make JSON the assumed input format.
> 
> So long story short, I guess in order to cover all cases, we have to
> enable nft->stdin_buf population also if nft_input_json(...) returns
> true, i.e. cover for library users requesting JSON input (but standard
> output). WDYT?

On second review, I think the right change is to make
nft_run_cmd_from_filename() *always* populate nft->stdin_buf if
'filename' is '/dev/stdin', i.e. drop the !nft_output_json(...) clause.

Sorry for the confusion.

Cheers, Phil

Pablo Neira Ayuso July 10, 2024, 2:04 p.m. UTC | #3

On Wed, Jul 10, 2024 at 04:01:19PM +0200, Phil Sutter wrote:
> On Wed, Jul 10, 2024 at 03:53:52PM +0200, Phil Sutter wrote:
> > Hi Pablo,
> > 
> > On Tue, Jul 09, 2024 at 04:59:52PM +0200, Pablo Neira Ayuso wrote:
> > > Since 5c2b2b0a2ba7 ("src: error reporting with -f and read from stdin")
> > > stdin is stored in a buffer, update json support to use it instead of
> > > reading from /dev/stdin.
> > > 
> > > Some systems do not provide /dev/stdin symlink to /proc/self/fd/0
> > > according to reporter (that mentions Yocto Linux as example).
> > > 
> > > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> > > ---
> > >  src/parser_json.c | 7 +++++++
> > >  1 file changed, 7 insertions(+)
> > > 
> > > diff --git a/src/parser_json.c b/src/parser_json.c
> > > index ee4657ee8044..4912d3608b2b 100644
> > > --- a/src/parser_json.c
> > > +++ b/src/parser_json.c
> > > @@ -4357,6 +4357,13 @@ int nft_parse_json_filename(struct nft_ctx *nft, const char *filename,
> > >  	json_error_t err;
> > >  	int ret;
> > >  
> > > +	if (nft->stdin_buf) {
> > > +		json_indesc.type = INDESC_STDIN;
> > > +		json_indesc.name = "/dev/stdin";
> > > +
> > > +		return nft_parse_json_buffer(nft, nft->stdin_buf, msgs, cmds);
> > > +	}
> > 
> > Is this sufficient? In nft_run_cmd_from_filename(), nft->stdin_buf is
> > populated conditionally:
> > 
> > | if (!strcmp(filename, "/dev/stdin") &&
> > |     !nft_output_json(&nft->output))
> > |         nft->stdin_buf = stdin_to_buffer();
> > 
> > Later (in the wrapped __nft_run_cmd_from_filename()), we try JSON parsing
> > conditionally:
> > 
> > | if (nft_output_json(&nft->output) || nft_input_json(&nft->input))
> > |         rc = nft_parse_json_filename(nft, filename, &msgs, &cmds);
> > 
> > Things got complicated by commit 2034d8c60ed91 ("src: add input flag
> > NFT_CTX_INPUT_JSON to enable JSON parsing") and my request to remain
> > compatible, i.e. '-j' flag which enables JSON output shall continue to
> > make JSON the assumed input format.
> > 
> > So long story short, I guess in order to cover all cases, we have to
> > enable nft->stdin_buf population also if nft_input_json(...) returns
> > true, i.e. cover for library users requesting JSON input (but standard
> > output). WDYT?
> 
> On second review, I think the right change is to make
> nft_run_cmd_from_filename() *always* populate nft->stdin_buf if
> 'filename' is '/dev/stdin', i.e. drop the !nft_output_json(...) clause.
> 
> Sorry for the confusion.

I can squash this incremental fix to 1/2 send post a v2.

Thanks.

Phil Sutter July 10, 2024, 3:15 p.m. UTC | #4

On Wed, Jul 10, 2024 at 04:04:25PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Jul 10, 2024 at 04:01:19PM +0200, Phil Sutter wrote:
> > On Wed, Jul 10, 2024 at 03:53:52PM +0200, Phil Sutter wrote:
> > > Hi Pablo,
> > > 
> > > On Tue, Jul 09, 2024 at 04:59:52PM +0200, Pablo Neira Ayuso wrote:
> > > > Since 5c2b2b0a2ba7 ("src: error reporting with -f and read from stdin")
> > > > stdin is stored in a buffer, update json support to use it instead of
> > > > reading from /dev/stdin.
> > > > 
> > > > Some systems do not provide /dev/stdin symlink to /proc/self/fd/0
> > > > according to reporter (that mentions Yocto Linux as example).
> > > > 
> > > > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> > > > ---
> > > >  src/parser_json.c | 7 +++++++
> > > >  1 file changed, 7 insertions(+)
> > > > 
> > > > diff --git a/src/parser_json.c b/src/parser_json.c
> > > > index ee4657ee8044..4912d3608b2b 100644
> > > > --- a/src/parser_json.c
> > > > +++ b/src/parser_json.c
> > > > @@ -4357,6 +4357,13 @@ int nft_parse_json_filename(struct nft_ctx *nft, const char *filename,
> > > >  	json_error_t err;
> > > >  	int ret;
> > > >  
> > > > +	if (nft->stdin_buf) {
> > > > +		json_indesc.type = INDESC_STDIN;
> > > > +		json_indesc.name = "/dev/stdin";
> > > > +
> > > > +		return nft_parse_json_buffer(nft, nft->stdin_buf, msgs, cmds);
> > > > +	}
> > > 
> > > Is this sufficient? In nft_run_cmd_from_filename(), nft->stdin_buf is
> > > populated conditionally:
> > > 
> > > | if (!strcmp(filename, "/dev/stdin") &&
> > > |     !nft_output_json(&nft->output))
> > > |         nft->stdin_buf = stdin_to_buffer();
> > > 
> > > Later (in the wrapped __nft_run_cmd_from_filename()), we try JSON parsing
> > > conditionally:
> > > 
> > > | if (nft_output_json(&nft->output) || nft_input_json(&nft->input))
> > > |         rc = nft_parse_json_filename(nft, filename, &msgs, &cmds);
> > > 
> > > Things got complicated by commit 2034d8c60ed91 ("src: add input flag
> > > NFT_CTX_INPUT_JSON to enable JSON parsing") and my request to remain
> > > compatible, i.e. '-j' flag which enables JSON output shall continue to
> > > make JSON the assumed input format.
> > > 
> > > So long story short, I guess in order to cover all cases, we have to
> > > enable nft->stdin_buf population also if nft_input_json(...) returns
> > > true, i.e. cover for library users requesting JSON input (but standard
> > > output). WDYT?
> > 
> > On second review, I think the right change is to make
> > nft_run_cmd_from_filename() *always* populate nft->stdin_buf if
> > 'filename' is '/dev/stdin', i.e. drop the !nft_output_json(...) clause.
> > 
> > Sorry for the confusion.
> 
> I can squash this incremental fix to 1/2 send post a v2.

Acked-by: Phil Sutter <phil@nwl.cc>

Thanks, Phil

diff --git a/src/parser_json.c b/src/parser_json.c
index ee4657ee8044..4912d3608b2b 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -4357,6 +4357,13 @@  int nft_parse_json_filename(struct nft_ctx *nft, const char *filename,
 	json_error_t err;
 	int ret;
 
+	if (nft->stdin_buf) {
+		json_indesc.type = INDESC_STDIN;
+		json_indesc.name = "/dev/stdin";
+
+		return nft_parse_json_buffer(nft, nft->stdin_buf, msgs, cmds);
+	}
+
 	json_indesc.type = INDESC_FILE;
 	json_indesc.name = filename;

[nft,1/2] parser_json: use stdin buffer if available

Commit Message

Comments

Patch