#define _GNU_SOURCE

#include <string.h>

#include <expression.h>

#include <list.h>

#include <netlink.h>

#include <rule.h>

#include <rt.h>

#include <netdb.h>

#include <netinet/icmp6.h>

#include <netinet/in.h>

#include <netinet/ip.h>

#include <netinet/ip_icmp.h>

#include <linux/netfilter.h>

#include <linux/netfilter/nf_log.h>

#include <linux/netfilter/nf_nat.h>

#include <linux/netfilter/nf_tables.h>

#include <linux/netfilter/nf_synproxy.h>

#include <linux/xfrm.h>

#include <pwd.h>

#include <grp.h>

#include <jansson.h>

#include <syslog.h>

#ifdef DEBUG

#define __json_pack json_pack

#define json_pack(...) ({ \

	json_t *__out = __json_pack(__VA_ARGS__); \

	assert(__out); \

	__out; \

})

#endif

static json_t *expr_print_json(const struct expr *expr, struct output_ctx *octx)

{

	const struct expr_ops *ops;

	char buf[1024];

	FILE *fp;

	ops = expr_ops(expr);

	if (ops->json)

		return ops->json(expr, octx);

	printf("warning: expr ops %s have no json callback\n", expr_name(expr));

	fp = octx->output_fp;

	octx->output_fp = fmemopen(buf, 1024, "w");

	ops->print(expr, octx);

	fclose(octx->output_fp);

	octx->output_fp = fp;

	return json_pack("s", buf);

}

static json_t *set_dtype_json(const struct expr *key)

{

	char *namedup = xstrdup(key->dtype->name), *tok;

	json_t *root = NULL;

	tok = strtok(namedup, " .");

	while (tok) {

		json_t *jtok = json_string(xstrdup(tok));

		if (!root)

			root = jtok;

		else if (json_is_string(root))

			root = json_pack("[o, o]", root, jtok);

		else

			json_array_append_new(root, jtok);

		tok = strtok(NULL, " .");

	}

	xfree(namedup);

	return root;

}

static json_t *set_print_json(struct output_ctx *octx, const struct set *set)

{

	json_t *root, *tmp;

	const char *type, *datatype_ext = NULL;

	if (set_is_datamap(set->flags)) {

		type = "map";

		datatype_ext = set->datatype->name;

	} else if (set_is_objmap(set->flags)) {

		type = "map";

		datatype_ext = obj_type_name(set->objtype);

	} else if (set_is_meter(set->flags)) {

		type = "meter";

	} else {

		type = "set";

	}

	root = json_pack("{s:s, s:s, s:s, s:o, s:I}",

			"family", family2str(set->handle.family),

			"name", set->handle.set.name,

			"table", set->handle.table.name,

			"type", set_dtype_json(set->key),

			"handle", set->handle.handle.id);

	if (datatype_ext)

		json_object_set_new(root, "map", json_string(datatype_ext));

	if (!(set->flags & (NFT_SET_CONSTANT))) {

		if (set->policy != NFT_SET_POL_PERFORMANCE) {

			tmp = json_pack("s", set_policy2str(set->policy));

			json_object_set_new(root, "policy", tmp);

		}

		if (set->desc.size) {

			tmp = json_pack("i", set->desc.size);

			json_object_set_new(root, "size", tmp);

		}

	}

	tmp = json_array();

	if (set->flags & NFT_SET_CONSTANT)

		json_array_append_new(tmp, json_pack("s", "constant"));

	if (set->flags & NFT_SET_INTERVAL)

		json_array_append_new(tmp, json_pack("s", "interval"));

	if (set->flags & NFT_SET_TIMEOUT)

		json_array_append_new(tmp, json_pack("s", "timeout"));

	if (json_array_size(tmp) > 0) {

		json_object_set_new(root, "flags", tmp);

	} else {

		if (json_array_size(tmp))

			json_object_set(root, "flags", json_array_get(tmp, 0));

		json_decref(tmp);

	}

	if (set->timeout) {

		tmp = json_integer(set->timeout / 1000);

		json_object_set_new(root, "timeout", tmp);

	}

	if (set->gc_int) {

		tmp = json_pack("i", set->gc_int / 1000);

		json_object_set_new(root, "gc-interval", tmp);

	}

	if (set->init && set->init->size > 0) {

		json_t *array = json_array();

		const struct expr *i;

		list_for_each_entry(i, &set->init->expressions, list)

			json_array_append_new(array, expr_print_json(i, octx));

		json_object_set_new(root, "elem", array);

	}

	return json_pack("{s:o}", type, root);

}

/* XXX: Merge with set_print_json()? */

static json_t *element_print_json(struct output_ctx *octx,

				  const struct set *set)

{

	json_t *root = expr_print_json(set->init, octx);

	return json_pack("{s: {s:s, s:s, s:s, s:o}}", "element",

			 "family", family2str(set->handle.family),

			 "table", set->handle.table.name,

			 "name", set->handle.set.name,

			 "elem", root);

}

static json_t *stmt_print_json(const struct stmt *stmt, struct output_ctx *octx)

{

	char buf[1024];

	FILE *fp;

	/* XXX: Can't be supported at this point:

	 * xt_stmt_xlate() ignores output_fp.

	 */

	if (stmt->ops->type == STMT_XT)

		return json_pack("{s:n}", "xt");

	if (stmt->ops->json)

		return stmt->ops->json(stmt, octx);

	printf("warning: stmt ops %s have no json callback\n",

	       stmt->ops->name);

	fp = octx->output_fp;

	octx->output_fp = fmemopen(buf, 1024, "w");

	stmt->ops->print(stmt, octx);

	fclose(octx->output_fp);

	octx->output_fp = fp;

	return json_pack("s", buf);

}

static json_t *rule_print_json(struct output_ctx *octx,

			       const struct rule *rule)

{

	const struct stmt *stmt;

	json_t *root, *tmp;

	root = json_pack("{s:s, s:s, s:s, s:I}",

			 "family", family2str(rule->handle.family),

			 "table", rule->handle.table.name,

			 "chain", rule->handle.chain.name,

			 "handle", rule->handle.handle.id);

	if (rule->comment)

		json_object_set_new(root, "comment",

				    json_string(rule->comment));

	tmp = json_array();

	list_for_each_entry(stmt, &rule->stmts, list)

		json_array_append_new(tmp, stmt_print_json(stmt, octx));

	if (json_array_size(tmp))

		json_object_set_new(root, "expr", tmp);

	else {

		fprintf(stderr, "rule without statements?!\n");

		json_decref(tmp);

	}

	return json_pack("{s:o}", "rule", root);

}

static json_t *chain_print_json(const struct chain *chain)

{

	int priority, policy, n = 0;

	struct expr *dev, *expr;

	json_t *root, *tmp;

	root = json_pack("{s:s, s:s, s:s, s:I}",

			 "family", family2str(chain->handle.family),

			 "table", chain->handle.table.name,

			 "name", chain->handle.chain.name,

			 "handle", chain->handle.handle.id);

	if (chain->flags & CHAIN_F_BASECHAIN) {

		mpz_export_data(&priority, chain->priority.expr->value,

				BYTEORDER_HOST_ENDIAN, sizeof(int));

		mpz_export_data(&policy, chain->policy->value,

				BYTEORDER_HOST_ENDIAN, sizeof(int));

		tmp = json_pack("{s:s, s:s, s:i, s:s}",

				"type", chain->type,

				"hook", hooknum2str(chain->handle.family,

						    chain->hooknum),

				"prio", priority,

				"policy", chain_policy2str(policy));

		if (chain->dev_expr) {

			list_for_each_entry(expr, &chain->dev_expr->expressions, list) {

				dev = expr;

				n++;

			}

		}

		if (n == 1) {

			json_object_set_new(tmp, "dev",

					    json_string(dev->identifier));

		}

		json_object_update(root, tmp);

		json_decref(tmp);

	}

	return json_pack("{s:o}", "chain", root);

}

static json_t *proto_name_json(uint8_t proto)

{

	const struct protoent *p = getprotobynumber(proto);

	if (p)

		return json_string(p->p_name);

	return json_integer(proto);

}

static json_t *timeout_policy_json(uint8_t l4, const uint32_t *timeout)

{

	json_t *root = NULL;

	unsigned int i;

	for (i = 0; i < timeout_protocol[l4].array_size; i++) {

		if (timeout[i] == timeout_protocol[l4].dflt_timeout[i])

			continue;

		if (!root)

			root = json_object();

		json_object_set_new(root, timeout_protocol[l4].state_to_name[i],

				    json_integer(timeout[i]));

	}

	return root ? : json_null();

}

static json_t *obj_print_json(const struct obj *obj)

{

	const char *rate_unit = NULL, *burst_unit = NULL;

	const char *type = obj_type_name(obj->type);

	json_t *root, *tmp, *flags;

	uint64_t rate, burst;

	root = json_pack("{s:s, s:s, s:s, s:I}",

			"family", family2str(obj->handle.family),

			"name", obj->handle.obj.name,

			"table", obj->handle.table.name,

			"handle", obj->handle.handle.id);

	switch (obj->type) {

	case NFT_OBJECT_COUNTER:

		tmp = json_pack("{s:I, s:I}",

				"packets", obj->counter.packets,

				"bytes", obj->counter.bytes);

		json_object_update(root, tmp);

		json_decref(tmp);

		break;

	case NFT_OBJECT_QUOTA:

		tmp = json_pack("{s:I, s:I, s:b}",

				"bytes", obj->quota.bytes,

				"used", obj->quota.used,

				"inv", obj->quota.flags & NFT_QUOTA_F_INV);

		json_object_update(root, tmp);

		json_decref(tmp);

		break;

	case NFT_OBJECT_SECMARK:

		tmp = json_pack("{s:s}",

				"context", obj->secmark.ctx);

		json_object_update(root, tmp);

		json_decref(tmp);

		break;

	case NFT_OBJECT_CT_HELPER:

		tmp = json_pack("{s:s, s:o, s:s}",

				"type", obj->ct_helper.name, "protocol",

				proto_name_json(obj->ct_helper.l4proto),

				"l3proto", family2str(obj->ct_helper.l3proto));

		json_object_update(root, tmp);

		json_decref(tmp);

		break;

	case NFT_OBJECT_CT_TIMEOUT:

		tmp = timeout_policy_json(obj->ct_timeout.l4proto,

					  obj->ct_timeout.timeout);

		tmp = json_pack("{s:o, s:s, s:o}",

				"protocol",

				proto_name_json(obj->ct_timeout.l4proto),

				"l3proto", family2str(obj->ct_timeout.l3proto),

				"policy", tmp);

		json_object_update(root, tmp);

		json_decref(tmp);

		break;

	case NFT_OBJECT_CT_EXPECT:

		tmp = json_pack("{s:o, s:I, s:I, s:I, s:s}",

				"protocol",

				proto_name_json(obj->ct_expect.l4proto),

				"dport", obj->ct_expect.dport,

				"timeout", obj->ct_expect.timeout,

				"size", obj->ct_expect.size,

				"l3proto", family2str(obj->ct_expect.l3proto));

		json_object_update(root, tmp);

		json_decref(tmp);

		break;

	case NFT_OBJECT_LIMIT:

		rate = obj->limit.rate;

		burst = obj->limit.burst;

		if (obj->limit.type == NFT_LIMIT_PKT_BYTES) {

			rate_unit = get_rate(obj->limit.rate, &rate;;

			burst_unit = get_rate(obj->limit.burst, &burst);

		}

		tmp = json_pack("{s:I, s:s}",

				"rate", rate,

				"per", get_unit(obj->limit.unit));

		if (obj->limit.flags & NFT_LIMIT_F_INV)

			json_object_set_new(tmp, "inv", json_true());

		if (rate_unit)

			json_object_set_new(tmp, "rate_unit",

					    json_string(rate_unit));

		if (burst) {

			json_object_set_new(tmp, "burst", json_integer(burst));

			if (burst_unit)

				json_object_set_new(tmp, "burst_unit",

						    json_string(burst_unit));

		}

		json_object_update(root, tmp);

		json_decref(tmp);

		break;

	case NFT_OBJECT_SYNPROXY:

		flags = json_array();

		tmp = json_pack("{s:i, s:i}",

				"mss", obj->synproxy.mss,

				"wscale", obj->synproxy.wscale);

		if (obj->synproxy.flags & NF_SYNPROXY_OPT_TIMESTAMP)

			json_array_append_new(flags, json_string("timestamp"));

		if (obj->synproxy.flags & NF_SYNPROXY_OPT_SACK_PERM)

			json_array_append_new(flags, json_string("sack-perm"));

		if (json_array_size(flags) > 0)

			json_object_set_new(tmp, "flags", flags);

		else

			json_decref(flags);

		json_object_update(root, tmp);

		json_decref(tmp);

		break;

	}

	return json_pack("{s:o}", type, root);

}

static json_t *flowtable_print_json(const struct flowtable *ftable)

{

	json_t *root, *devs = NULL;

	int i, priority;

	mpz_export_data(&priority, ftable->priority.expr->value,

			BYTEORDER_HOST_ENDIAN, sizeof(int));

	root = json_pack("{s:s, s:s, s:s, s:I, s:s, s:i}",

			"family", family2str(ftable->handle.family),

			"name", ftable->handle.flowtable.name,

			"table", ftable->handle.table.name,

			"handle", ftable->handle.handle.id,

			"hook", hooknum2str(NFPROTO_NETDEV, ftable->hooknum),

			"prio", priority);

	for (i = 0; i < ftable->dev_array_len; i++) {

		const char *dev = ftable->dev_array[i];

		if (!devs)

			devs = json_string(dev);

		else if (json_is_string(devs))

			devs = json_pack("[o, s]", devs, dev);

		else

			json_array_append_new(devs, json_string(dev));

	}

	if (devs)

		json_object_set_new(root, "dev", devs);

	return json_pack("{s:o}", "flowtable", root);

}

static json_t *table_flags_json(const struct table *table)

{

	uint32_t flags = table->flags;

	json_t *root = json_array(), *tmp;

	int i = 0;

	while (flags) {

		if (flags & 0x1) {

			tmp = json_string(table_flags_name[i]);

			json_array_append_new(root, tmp);

		}

		flags >>= 1;

		i++;

	}

	switch (json_array_size(root)) {

	case 0:

		json_decref(root);

		return NULL;

	case 1:

		json_unpack(root, "[o]", &tmp);

		json_decref(root);

		root = tmp;

		break;

	}

	return root;

}

static json_t *table_print_json(const struct table *table)

{

	json_t *root, *tmp;

	root = json_pack("{s:s, s:s, s:I}",

			 "family", family2str(table->handle.family),

			 "name", table->handle.table.name,

			 "handle", table->handle.handle.id);

	tmp = table_flags_json(table);

	if (tmp)

		json_object_set_new(root, "flags", tmp);

	return json_pack("{s:o}", "table", root);

}

json_t *binop_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	return json_pack("{s:[o, o]}", expr_op_symbols[expr->op],

			 expr_print_json(expr->left, octx),

			 expr_print_json(expr->right, octx));

}

json_t *relational_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	return json_pack("{s:{s:s, s:o, s:o}}", "match",

			 "op", expr_op_symbols[expr->op] ? : "in",

			 "left", expr_print_json(expr->left, octx),

			 "right", expr_print_json(expr->right, octx));

}

json_t *range_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	unsigned int flags = octx->flags;

	json_t *root;

	octx->flags &= ~NFT_CTX_OUTPUT_SERVICE;

	octx->flags |= NFT_CTX_OUTPUT_NUMERIC_PROTO;

	root = json_pack("{s:[o, o]}", "range",

			 expr_print_json(expr->left, octx),

			 expr_print_json(expr->right, octx));

	octx->flags = flags;

	return root;

}

json_t *meta_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	return json_pack("{s:{s:s}}", "meta",

			 "key", meta_templates[expr->meta.key].token);

}

json_t *payload_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	json_t *root;

	if (payload_is_known(expr))

		root = json_pack("{s:s, s:s}",

				 "protocol", expr->payload.desc->name,

				 "field", expr->payload.tmpl->token);

	else

		root = json_pack("{s:s, s:i, s:i}",

				 "base", proto_base_tokens[expr->payload.base],

				 "offset", expr->payload.offset,

				 "len", expr->len);

	return json_pack("{s:o}", "payload", root);

}

json_t *ct_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	const char *dirstr = ct_dir2str(expr->ct.direction);

	enum nft_ct_keys key = expr->ct.key;

	json_t *root;

	root = json_pack("{s:s}", "key", ct_templates[key].token);

	if (expr->ct.direction < 0)

		goto out;

	if (dirstr)

		json_object_set_new(root, "dir", json_string(dirstr));

out:

	return json_pack("{s:o}", "ct", root);

}

json_t *concat_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	json_t *array = json_array();

	const struct expr *i;

	list_for_each_entry(i, &expr->expressions, list)

		json_array_append_new(array, expr_print_json(i, octx));

	return json_pack("{s:o}", "concat", array);

}

json_t *set_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	json_t *array = json_array();

	const struct expr *i;

	list_for_each_entry(i, &expr->expressions, list)

		json_array_append_new(array, expr_print_json(i, octx));

	return json_pack("{s:o}", "set", array);

}

json_t *set_ref_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	if (set_is_anonymous(expr->set->flags)) {

		return expr_print_json(expr->set->init, octx);

	} else {

		return json_pack("s+", "@", expr->set->handle.set.name);

	}

}

json_t *set_elem_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	json_t *root = expr_print_json(expr->key, octx);

	json_t *tmp;

	if (!root)

		return NULL;

	/* these element attributes require formal set elem syntax */

	if (expr->timeout || expr->expiration || expr->comment) {

		root = json_pack("{s:o}", "val", root);

		if (expr->timeout) {

			tmp = json_integer(expr->timeout / 1000);

			json_object_set_new(root, "timeout", tmp);

		}

		if (expr->expiration) {

			tmp = json_integer(expr->expiration / 1000);

			json_object_set_new(root, "expires", tmp);

		}

		if (expr->comment) {

			tmp = json_string(expr->comment);

			json_object_set_new(root, "comment", tmp);

		}

		return json_pack("{s:o}", "elem", root);

	}

	return root;

}

json_t *prefix_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	json_t *root = expr_print_json(expr->prefix, octx);

	return json_pack("{s:{s:o, s:i}}", "prefix",

			 "addr", root,

			 "len", expr->prefix_len);

}

json_t *list_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	json_t *array = json_array();

	const struct expr *i;

	list_for_each_entry(i, &expr->expressions, list)

		json_array_append_new(array, expr_print_json(i, octx));

	//return json_pack("{s:s, s:o}", "type", "list", "val", array);

	return array;

}

json_t *unary_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	return expr_print_json(expr->arg, octx);

}

json_t *mapping_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	return json_pack("[o, o]",

			 expr_print_json(expr->left, octx),

			 expr_print_json(expr->right, octx));

}

json_t *map_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	const char *type = "map";

	if (expr->mappings->etype == EXPR_SET_REF &&

	    expr->mappings->set->datatype->type == TYPE_VERDICT)

		type = "vmap";

	return json_pack("{s:{s:o, s:o}}", type,

			 "key", expr_print_json(expr->map, octx),

			 "data", expr_print_json(expr->mappings, octx));

}

json_t *exthdr_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	const char *desc = expr->exthdr.desc ?

			   expr->exthdr.desc->name :

			   "unknown-exthdr";

	const char *field = expr->exthdr.tmpl->token;

	json_t *root;

	bool is_exists = expr->exthdr.flags & NFT_EXTHDR_F_PRESENT;

	if (expr->exthdr.op == NFT_EXTHDR_OP_TCPOPT) {

		unsigned int offset = expr->exthdr.offset / 64;

		if (offset) {

			const char *offstrs[] = { "0", "1", "2", "3" };

			const char *offstr = "";

			if (offset < 4)

				offstr = offstrs[offset];

			root = json_pack("{s:s+}", "name", desc, offstr);

		} else {

			root = json_pack("{s:s}", "name", desc);

		}

		if (!is_exists)

			json_object_set_new(root, "field", json_string(field));

		return json_pack("{s:o}", "tcp option", root);

	}

	if (expr->exthdr.op == NFT_EXTHDR_OP_IPV4) {

		root = json_pack("{s:s}", "name", desc);

		if (!is_exists)

			json_object_set_new(root, "field", json_string(field));

		return json_pack("{s:o}", "ip option", root);

	}

	root = json_pack("{s:s}",

			 "name", desc);

	if (!is_exists)

		json_object_set_new(root, "field", json_string(field));

	return json_pack("{s:o}", "exthdr", root);

}

json_t *verdict_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	const struct {

		int verdict;

		const char *name;

		bool chain;

	} verdict_tbl[] = {

		{ NFT_CONTINUE, "continue", false },

		{ NFT_BREAK, "break", false },

		{ NFT_JUMP, "jump", true },

		{ NFT_GOTO, "goto", true },

		{ NFT_RETURN, "return", false },

		{ NF_ACCEPT, "accept", false },

		{ NF_DROP, "drop", false },

		{ NF_QUEUE, "queue", false },

	};

	const char *name = NULL;

	json_t *chain = NULL;

	unsigned int i;

	for (i = 0; i < array_size(verdict_tbl); i++) {

		if (expr->verdict == verdict_tbl[i].verdict) {

			name = verdict_tbl[i].name;

			if (verdict_tbl[i].chain && expr->chain)

				chain = expr_print_json(expr->chain, octx);

			break;

		}

	}

	if (!name) {

		BUG("Unknown verdict %d.", expr->verdict);

		return NULL;

	}

	if (chain)

		return json_pack("{s:{s:o}}", name, "target", chain);

	else

		return json_pack("{s:n}", name);

}

json_t *rt_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	const char *key = rt_templates[expr->rt.key].token;

	json_t *root = json_pack("{s:s}", "key", key);

	const char *family = NULL;

	switch (expr->rt.key) {

	case NFT_RT_NEXTHOP4:

		family = "ip";

		break;

	case NFT_RT_NEXTHOP6:

		family = "ip6";

		break;

	default:

		break;

	}

	if (family)

		json_object_set_new(root, "family", json_string(family));

	return json_pack("{s:o}", "rt", root);

}

json_t *numgen_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	const char *mode;

	switch (expr->numgen.type) {

	case NFT_NG_INCREMENTAL:

		mode = "inc";

		break;

	case NFT_NG_RANDOM:

		mode = "random";

		break;

	default:

		mode = "unknown";

		break;

	}

	return json_pack("{s:{s:s, s:i, s:i}}", "numgen",

			 "mode", mode,

			 "mod", expr->numgen.mod,

			 "offset", expr->numgen.offset);

}

json_t *hash_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	const char *type;

	json_t *root, *jexpr = NULL;

	switch (expr->hash.type) {

	case NFT_HASH_SYM:

		type = "symhash";

		break;

	case NFT_HASH_JENKINS:

	default:

		type = "jhash";

		jexpr = expr_print_json(expr->hash.expr, octx);

		break;

	}

	root = json_pack("{s:i}", "mod", expr->hash.mod);

	if (expr->hash.seed_set)

		json_object_set_new(root, "seed",

				    json_integer(expr->hash.seed));

	if (expr->hash.offset)

		json_object_set_new(root, "offset",

				json_integer(expr->hash.offset));

	if (jexpr)

		json_object_set_new(root, "expr", jexpr);

	return json_pack("{s:o}", type, root);

}

json_t *fib_expr_json(const struct expr *expr, struct output_ctx *octx)

{

	const char *fib_flags[] = { "saddr", "daddr", "mark", "iif", "oif" };

	unsigned int flags = expr->fib.flags & ~NFTA_FIB_F_PRESENT;

	json_t *root;

	root = json_pack("{s:s}", "result", fib_result_str(expr->fib.result));

	if (flags) {

		json_t *tmp = json_array();

		unsigned int i;

		for (i = 0; i < array_size(fib_flags); i++) {

			if (flags & (1 << i)) {

				json_array_append_new(tmp, json_string(fib_flags[i]));

				flags &= ~(1 << i);

			}

		}

		if (flags)

			json_array_append_new(tmp, json_integer(flags));

		json_object_set_new(root, "flags", tmp);

	}

	return json_pack("{s:o}", "fib", root);

}

static json_t *symbolic_constant_json(const struct symbol_table *tbl,

				      const struct expr *expr,

				      struct output_ctx *octx)

{

	unsigned int len = div_round_up(expr->len, BITS_PER_BYTE);

	const struct symbolic_constant *s;

	uint64_t val = 0;

	/* Export the data in the correct byteorder for comparison */

	assert(expr->len / BITS_PER_BYTE <= sizeof(val));

	mpz_export_data(constant_data_ptr(val, expr->len), expr->value,

			expr->byteorder, len);

	for (s = tbl->symbols; s->identifier != NULL; s++) {

		if (val == s->value)

			break;

	}

	if (!s->identifier)

		return expr_basetype(expr)->json(expr, octx);

	if (nft_output_numeric_symbol(octx))

		return json_integer(val);

	else

		return json_string(s->identifier);

}

static json_t *datatype_json(const struct expr *expr, struct output_ctx *octx)

{

	const struct datatype *dtype = expr->dtype;

	do {

		if (dtype->json)

			return dtype->json(expr, octx);

		if (dtype->sym_tbl)

			return symbolic_constant_json(dtype->sym_tbl,

						      expr, octx);

		if (dtype->print) {

			char buf[1024];

			FILE *ofp = octx->output_fp;

			octx->output_fp = fmemopen(buf, 1024, "w");

			dtype->print(expr, octx);