authorPhil Sutter <>2018-10-24 21:14:37 +0200
committerPablo Neira Ayuso <>2018-10-24 21:20:43 +0200
commitb849b0dfd9f3aecff5617bc60d5852ef36c3d494 (patch)
parent4e9c475680aff492c34845a958638c1a43906e07 (diff)
json: Work around segfault when encountering xt stmt
When trying to convert an xt stmt into JSON, print() callback was called. Though the code in src/xt.c does not respect output_fp, therefore buffer wasn't filled as expected making libjansson to puke: | # nft -j list ruleset | warning: stmt ops xt have no json callback | nft: json.c:169: stmt_print_json: Assertion `__out' failed. | Aborted (core dumped) Avoid this by detecting xt stmt ops and returning a stub. Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc
--- a/doc/libnftables-json.adoc
+++ b/doc/libnftables-json.adoc
@@ -998,6 +998,13 @@ Assign connection tracking timeout policy.
*ct timeout*::
CT timeout reference.
+=== XT
+*{ "xt": null }*
+This represents an xt statement from xtables compat interface. Sadly, at this
+point it is not possible to provide any further information about its content.
Expressions are the building blocks of (most) statements. In their most basic
form, they are just immediate values represented as JSON string, integer or
diff --git a/src/json.c b/src/json.c
--- a/src/json.c
+++ b/src/json.c
@@ -166,6 +166,12 @@ static json_t *stmt_print_json(const struct stmt *stmt, struct output_ctx *octx)
char buf[1024];
FILE *fp;
+ /* XXX: Can't be supported at this point:
+ * xt_stmt_xlate() ignores output_fp.
+ */
+ if (stmt->ops->type == STMT_XT)
+ return json_pack("{s:n}", "xt");
if (stmt->ops->json)
return stmt->ops->json(stmt, octx);