src: Reject 'export vm json' command

Since libnftnl recently dropped JSON output support, this form of JSON
export is not available anymore. Point at 'nft -j list ruleset' command
for a replacement in error message.

Since 'export' command is not useable anymore, remove it from
documentation. Instead point out that 'list ruleset' command serves well
for dumping and later restoring.

To not cause pointless inconvenience for users wishing to store their
ruleset in JSON format, make JSON parser fallback to CMD_ADD if no
recognized command property was found. This allows to feed the output of
'nft -j list ruleset' into 'nft -f' without any modification.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 5 insertions, 2 deletions

diff --git a/src/evaluate.c b/src/evaluate.c
index 329fd42d..bd25d9ab 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3803,6 +3803,9 @@ static int cmd_evaluate_export(struct eval_ctx *ctx, struct cmd *cmd)
 	if (cmd->markup->format == __NFT_OUTPUT_NOTSUPP)
 		return cmd_error(ctx, &cmd->location,
 				 "this output type is not supported");
+	else if (cmd->markup->format == NFTNL_OUTPUT_JSON)
+		return cmd_error(ctx, &cmd->location,
+				 "JSON export is no longer supported, use 'nft -j list ruleset' instead");
 
 	return cache_update(ctx->nft, cmd->op, ctx->msgs);
 }
diff --git a/src/parser_json.c b/src/parser_json.c
index 412f5cf2..6268ad5b 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -3301,8 +3301,8 @@ static struct cmd *json_parse_cmd(struct json_ctx *ctx, json_t *root)
 
 		return parse_cb_table[i].cb(ctx, tmp, parse_cb_table[i].op);
 	}
-	json_error(ctx, "Unknown command object.");
-	return NULL;
+	/* to accept 'list ruleset' output 1:1, try add command */
+	return json_parse_cmd_add(ctx, root, CMD_ADD);
 }
 
 static int json_verify_metainfo(struct json_ctx *ctx, json_t *root)