Current File : /home/mmdealscpanel/yummmdeals.com/nftables.tar
__init__.py000064400000000030150515251050006645 0ustar00from .nftables import *
nftables.py000064400000034135150515251050006721 0ustar00#!/usr/bin/python
# Copyright(C) 2018 Phil Sutter <phil@nwl.cc>

# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

import json
from ctypes import *
import sys
import os

NFTABLES_VERSION = "0.1"

class SchemaValidator:
    """Libnftables JSON validator using jsonschema"""

    def __init__(self):
        schema_path = os.path.join(os.path.dirname(__file__), "schema.json")
        with open(schema_path, 'r') as schema_file:
            self.schema = json.load(schema_file)
        import jsonschema
        self.jsonschema = jsonschema

    def validate(self, json):
        self.jsonschema.validate(instance=json, schema=self.schema)

class Nftables:
    """A class representing libnftables interface"""

    debug_flags = {
        "scanner":   0x1,
        "parser":    0x2,
        "eval":      0x4,
        "netlink":   0x8,
        "mnl":       0x10,
        "proto-ctx": 0x20,
        "segtree":   0x40,
    }

    output_flags = {
        "reversedns":     (1 << 0),
        "service":        (1 << 1),
        "stateless":      (1 << 2),
        "handle":         (1 << 3),
        "json":           (1 << 4),
        "echo":           (1 << 5),
        "guid":           (1 << 6),
        "numeric_proto":  (1 << 7),
        "numeric_prio":   (1 << 8),
        "numeric_symbol": (1 << 9),
        "numeric_time":   (1 << 10),
        "terse":          (1 << 11),
    }

    validator = None

    def __init__(self, sofile="libnftables.so.1.1.0"):
        """Instantiate a new Nftables class object.

        Accepts a shared object file to open, by default standard search path
        is searched for a file named 'libnftables.so'.

        After loading the library using ctypes module, a new nftables context
        is requested from the library and buffering of output and error streams
        is turned on.
        """
        lib = cdll.LoadLibrary(sofile)

        ### API function definitions

        self.nft_ctx_new = lib.nft_ctx_new
        self.nft_ctx_new.restype = c_void_p
        self.nft_ctx_new.argtypes = [c_int]

        self.nft_ctx_output_get_flags = lib.nft_ctx_output_get_flags
        self.nft_ctx_output_get_flags.restype = c_uint
        self.nft_ctx_output_get_flags.argtypes = [c_void_p]

        self.nft_ctx_output_set_flags = lib.nft_ctx_output_set_flags
        self.nft_ctx_output_set_flags.argtypes = [c_void_p, c_uint]

        self.nft_ctx_output_get_debug = lib.nft_ctx_output_get_debug
        self.nft_ctx_output_get_debug.restype = c_int
        self.nft_ctx_output_get_debug.argtypes = [c_void_p]

        self.nft_ctx_output_set_debug = lib.nft_ctx_output_set_debug
        self.nft_ctx_output_set_debug.argtypes = [c_void_p, c_int]

        self.nft_ctx_buffer_output = lib.nft_ctx_buffer_output
        self.nft_ctx_buffer_output.restype = c_int
        self.nft_ctx_buffer_output.argtypes = [c_void_p]

        self.nft_ctx_get_output_buffer = lib.nft_ctx_get_output_buffer
        self.nft_ctx_get_output_buffer.restype = c_char_p
        self.nft_ctx_get_output_buffer.argtypes = [c_void_p]

        self.nft_ctx_buffer_error = lib.nft_ctx_buffer_error
        self.nft_ctx_buffer_error.restype = c_int
        self.nft_ctx_buffer_error.argtypes = [c_void_p]

        self.nft_ctx_get_error_buffer = lib.nft_ctx_get_error_buffer
        self.nft_ctx_get_error_buffer.restype = c_char_p
        self.nft_ctx_get_error_buffer.argtypes = [c_void_p]

        self.nft_run_cmd_from_buffer = lib.nft_run_cmd_from_buffer
        self.nft_run_cmd_from_buffer.restype = c_int
        self.nft_run_cmd_from_buffer.argtypes = [c_void_p, c_char_p]

        self.nft_ctx_free = lib.nft_ctx_free
        lib.nft_ctx_free.argtypes = [c_void_p]

        # initialize libnftables context
        self.__ctx = self.nft_ctx_new(0)
        self.nft_ctx_buffer_output(self.__ctx)
        self.nft_ctx_buffer_error(self.__ctx)

    def __del__(self):
        self.nft_ctx_free(self.__ctx)

    def __get_output_flag(self, name):
        flag = self.output_flags[name]
        return self.nft_ctx_output_get_flags(self.__ctx) & flag

    def __set_output_flag(self, name, val):
        flag = self.output_flags[name]
        flags = self.nft_ctx_output_get_flags(self.__ctx)
        if val:
            new_flags = flags | flag
        else:
            new_flags = flags & ~flag
        self.nft_ctx_output_set_flags(self.__ctx, new_flags)
        return flags & flag

    def get_reversedns_output(self):
        """Get the current state of reverse DNS output.

        Returns a boolean indicating whether reverse DNS lookups are performed
        for IP addresses in output.
        """
        return self.__get_output_flag("reversedns")

    def set_reversedns_output(self, val):
        """Enable or disable reverse DNS output.

        Accepts a boolean turning reverse DNS lookups in output on or off.

        Returns the previous value.
        """
        return self.__set_output_flag("reversedns", val)

    def get_service_output(self):
        """Get the current state of service name output.

        Returns a boolean indicating whether service names are used for port
        numbers in output or not.
        """
        return self.__get_output_flag("service")

    def set_service_output(self, val):
        """Enable or disable service name output.

        Accepts a boolean turning service names for port numbers in output on
        or off.

        Returns the previous value.
        """
        return self.__set_output_flag("service", val)

    def get_stateless_output(self):
        """Get the current state of stateless output.

        Returns a boolean indicating whether stateless output is active or not.
        """
        return self.__get_output_flag("stateless")

    def set_stateless_output(self, val):
        """Enable or disable stateless output.

        Accepts a boolean turning stateless output either on or off.

        Returns the previous value.
        """
        return self.__set_output_flag("stateless", val)

    def get_handle_output(self):
        """Get the current state of handle output.

        Returns a boolean indicating whether handle output is active or not.
        """
        return self.__get_output_flag("handle")

    def set_handle_output(self, val):
        """Enable or disable handle output.

        Accepts a boolean turning handle output on or off.

        Returns the previous value.
        """
        return self.__set_output_flag("handle", val)

    def get_json_output(self):
        """Get the current state of JSON output.

        Returns a boolean indicating whether JSON output is active or not.
        """
        return self.__get_output_flag("json")

    def set_json_output(self, val):
        """Enable or disable JSON output.

        Accepts a boolean turning JSON output either on or off.

        Returns the previous value.
        """
        return self.__set_output_flag("json", val)

    def get_echo_output(self):
        """Get the current state of echo output.

        Returns a boolean indicating whether echo output is active or not.
        """
        return self.__get_output_flag("echo")

    def set_echo_output(self, val):
        """Enable or disable echo output.

        Accepts a boolean turning echo output on or off.

        Returns the previous value.
        """
        return self.__set_output_flag("echo", val)

    def get_guid_output(self):
        """Get the current state of GID/UID output.

        Returns a boolean indicating whether names for group/user IDs are used
        in output or not.
        """
        return self.__get_output_flag("guid")

    def set_guid_output(self, val):
        """Enable or disable GID/UID output.

        Accepts a boolean turning names for group/user IDs on or off.

        Returns the previous value.
        """
        return self.__set_output_flag("guid", val)

    def get_numeric_proto_output(self):
        """Get current status of numeric protocol output flag.

        Returns a boolean value indicating the status.
        """
        return self.__get_output_flag("numeric_proto")

    def set_numeric_proto_output(self, val):
        """Set numeric protocol output flag.

        Accepts a boolean turning numeric protocol output either on or off.

        Returns the previous value.
        """
        return self.__set_output_flag("numeric_proto", val)

    def get_numeric_prio_output(self):
        """Get current status of numeric chain priority output flag.

        Returns a boolean value indicating the status.
        """
        return self.__get_output_flag("numeric_prio")

    def set_numeric_prio_output(self, val):
        """Set numeric chain priority output flag.

        Accepts a boolean turning numeric chain priority output either on or
        off.

        Returns the previous value.
        """
        return self.__set_output_flag("numeric_prio", val)

    def get_numeric_symbol_output(self):
        """Get current status of numeric symbols output flag.

        Returns a boolean value indicating the status.
        """
        return self.__get_output_flag("numeric_symbol")

    def set_numeric_symbol_output(self, val):
        """Set numeric symbols output flag.

        Accepts a boolean turning numeric representation of symbolic constants
        in output either on or off.

        Returns the previous value.
        """
        return self.__set_output_flag("numeric_symbol", val)

    def get_numeric_time_output(self):
        """Get current status of numeric times output flag.

        Returns a boolean value indicating the status.
        """
        return self.__get_output_flag("numeric_time")

    def set_numeric_time_output(self, val):
        """Set numeric times output flag.

        Accepts a boolean turning numeric representation of time values
        in output either on or off.

        Returns the previous value.
        """
        return self.__set_output_flag("numeric_time", val)

    def get_terse_output(self):
        """Get the current state of terse output.

        Returns a boolean indicating whether terse output is active or not.
        """
        return self.__get_output_flag("terse")

    def set_terse_output(self, val):
        """Enable or disable terse output.

        Accepts a boolean turning terse output either on or off.

        Returns the previous value.
        """
        return self.__set_output_flag("terse", val)

    def get_debug(self):
        """Get currently active debug flags.

        Returns a set of flag names. See set_debug() for details.
        """
        val = self.nft_ctx_output_get_debug(self.__ctx)

        names = []
        for n,v in self.debug_flags.items():
            if val & v:
                names.append(n)
                val &= ~v
        if val:
            names.append(val)

        return names

    def set_debug(self, values):
        """Set debug output flags.

        Accepts either a single flag or a set of flags. Each flag might be
        given either as string or integer value as shown in the following
        table:

        Name      | Value (hex)
        -----------------------
        scanner   | 0x1
        parser    | 0x2
        eval      | 0x4
        netlink   | 0x8
        mnl       | 0x10
        proto-ctx | 0x20
        segtree   | 0x40

        Returns a set of previously active debug flags, as returned by
        get_debug() method.
        """
        old = self.get_debug()

        if type(values) in [str, int]:
            values = [values]

        val = 0
        for v in values:
            if type(v) is str:
                v = self.debug_flags[v]
            val |= v

        self.nft_ctx_output_set_debug(self.__ctx, val)

        return old

    def cmd(self, cmdline):
        """Run a simple nftables command via libnftables.

        Accepts a string containing an nftables command just like what one
        would enter into an interactive nftables (nft -i) session.

        Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() fuction
        output -- a string containing output written to stdout
        error  -- a string containing output written to stderr
        """
        cmdline_is_unicode = False
        if not isinstance(cmdline, bytes):
            cmdline_is_unicode = True
            cmdline = cmdline.encode("utf-8")
        rc = self.nft_run_cmd_from_buffer(self.__ctx, cmdline)
        output = self.nft_ctx_get_output_buffer(self.__ctx)
        error = self.nft_ctx_get_error_buffer(self.__ctx)
        if cmdline_is_unicode:
            output = output.decode("utf-8")
            error = error.decode("utf-8")

        return (rc, output, error)

    def json_cmd(self, json_root):
        """Run an nftables command in JSON syntax via libnftables.

        Accepts a hash object as input.

        Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() function
        output -- a hash object containing library standard output
        error  -- a string containing output written to stderr
        """
        json_out_old = self.set_json_output(True)
        rc, output, error = self.cmd(json.dumps(json_root))
        if not json_out_old:
            self.set_json_output(json_out_old)
        if len(output):
            output = json.loads(output)
        return (rc, output, error)

    def json_validate(self, json_root):
        """Validate JSON object against libnftables schema.

        Accepts a hash object as input.

        Returns True if JSON is valid, raises an exception otherwise.
        """
        if not self.validator:
            self.validator = SchemaValidator()

        self.validator.validate(json_root)
        return True
__pycache__/nftables.cpython-36.pyc000064400000032430150515251050013201 0ustar003

1�g]8�@sDddlZddlTddlZddlZdZGdd�d�ZGdd�d�ZdS)�N)�*z0.1c@s eZdZdZdd�Zdd�ZdS)�SchemaValidatorz+Libnftables JSON validator using jsonschemac	CsJtjjtjjt�d�}t|d��}tj|�|_WdQRXddl	}||_	dS)Nzschema.json�rr)
�os�path�join�dirname�__file__�open�json�load�schema�
jsonschema)�selfZschema_pathZschema_filer�r�/usr/lib/python3.6/nftables.py�__init__s
zSchemaValidator.__init__cCs|jj||jd�dS)N)�instancer
)r�validater
)rrrrrr"szSchemaValidator.validateN)�__name__�
__module__�__qualname__�__doc__rrrrrrrsrc
@sPeZdZdZdddddddd	�ZdWdXdYdZd[d\d]d^d_d`dadbd�ZdZdcdd�Zdd�Zdd�Z	dd�Z
dd�Zdd �Zd!d"�Z
d#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd/d0�Zd1d2�Zd3d4�Zd5d6�Zd7d8�Zd9d:�Zd;d<�Zd=d>�Zd?d@�ZdAdB�ZdCdD�ZdEdF�ZdGdH�Z dIdJ�Z!dKdL�Z"dMdN�Z#dOdP�Z$dQdR�Z%dSdT�Z&dUdV�Z'dS)d�Nftablesz*A class representing libnftables interface������ �@)�scanner�parser�evalZnetlinkZmnlz	proto-ctxZsegtreer�����	�
�)�
reversedns�service�	stateless�handler�echo�guid�
numeric_proto�numeric_prio�numeric_symbol�numeric_time�terseN�libnftables.so.1.1.0cCs>tj|�}|j|_t|j_tg|j_|j|_t|j_tg|j_|j	|_	ttg|j	_|j
|_
t|j
_tg|j
_|j|_ttg|j_|j|_t|j_tg|j_|j
|_
t|j
_tg|j
_|j|_t|j_tg|j_|j|_t|j_tg|j_|j|_t|j_ttg|j_|j|_tg|j_|jd�|_|j|j�|j|j�dS)alInstantiate a new Nftables class object.

        Accepts a shared object file to open, by default standard search path
        is searched for a file named 'libnftables.so'.

        After loading the library using ctypes module, a new nftables context
        is requested from the library and buffering of output and error streams
        is turned on.
        rN)ZcdllZLoadLibraryZnft_ctx_newZc_void_pZrestypeZc_intZargtypes�nft_ctx_output_get_flagsZc_uint�nft_ctx_output_set_flags�nft_ctx_output_get_debug�nft_ctx_output_set_debugZnft_ctx_buffer_output�nft_ctx_get_output_bufferZc_char_pZnft_ctx_buffer_error�nft_ctx_get_error_buffer�nft_run_cmd_from_buffer�nft_ctx_free�_Nftables__ctx)rZsofile�librrrrCsD









zNftables.__init__cCs|j|j�dS)N)r>r?)rrrr�__del__szNftables.__del__cCs|j|}|j|j�|@S)N)�output_flagsr7r?)r�name�flagrrrZ__get_output_flag�s
zNftables.__get_output_flagcCsD|j|}|j|j�}|r$||B}n
||@}|j|j|�||@S)N)rBr7r?r8)rrC�valrD�flagsZ	new_flagsrrrZ__set_output_flag�s


zNftables.__set_output_flagcCs
|jd�S)z�Get the current state of reverse DNS output.

        Returns a boolean indicating whether reverse DNS lookups are performed
        for IP addresses in output.
        r+)�_Nftables__get_output_flag)rrrr�get_reversedns_output�szNftables.get_reversedns_outputcCs|jd|�S)z�Enable or disable reverse DNS output.

        Accepts a boolean turning reverse DNS lookups in output on or off.

        Returns the previous value.
        r+)�_Nftables__set_output_flag)rrErrr�set_reversedns_output�szNftables.set_reversedns_outputcCs
|jd�S)z�Get the current state of service name output.

        Returns a boolean indicating whether service names are used for port
        numbers in output or not.
        r,)rG)rrrr�get_service_output�szNftables.get_service_outputcCs|jd|�S)z�Enable or disable service name output.

        Accepts a boolean turning service names for port numbers in output on
        or off.

        Returns the previous value.
        r,)rI)rrErrr�set_service_output�szNftables.set_service_outputcCs
|jd�S)z�Get the current state of stateless output.

        Returns a boolean indicating whether stateless output is active or not.
        r-)rG)rrrr�get_stateless_output�szNftables.get_stateless_outputcCs|jd|�S)z�Enable or disable stateless output.

        Accepts a boolean turning stateless output either on or off.

        Returns the previous value.
        r-)rI)rrErrr�set_stateless_output�szNftables.set_stateless_outputcCs
|jd�S)z~Get the current state of handle output.

        Returns a boolean indicating whether handle output is active or not.
        r.)rG)rrrr�get_handle_output�szNftables.get_handle_outputcCs|jd|�S)z�Enable or disable handle output.

        Accepts a boolean turning handle output on or off.

        Returns the previous value.
        r.)rI)rrErrr�set_handle_output�szNftables.set_handle_outputcCs
|jd�S)zzGet the current state of JSON output.

        Returns a boolean indicating whether JSON output is active or not.
        r)rG)rrrr�get_json_output�szNftables.get_json_outputcCs|jd|�S)z�Enable or disable JSON output.

        Accepts a boolean turning JSON output either on or off.

        Returns the previous value.
        r)rI)rrErrr�set_json_output�szNftables.set_json_outputcCs
|jd�S)zzGet the current state of echo output.

        Returns a boolean indicating whether echo output is active or not.
        r/)rG)rrrr�get_echo_output�szNftables.get_echo_outputcCs|jd|�S)z�Enable or disable echo output.

        Accepts a boolean turning echo output on or off.

        Returns the previous value.
        r/)rI)rrErrr�set_echo_output�szNftables.set_echo_outputcCs
|jd�S)z�Get the current state of GID/UID output.

        Returns a boolean indicating whether names for group/user IDs are used
        in output or not.
        r0)rG)rrrr�get_guid_output�szNftables.get_guid_outputcCs|jd|�S)z�Enable or disable GID/UID output.

        Accepts a boolean turning names for group/user IDs on or off.

        Returns the previous value.
        r0)rI)rrErrr�set_guid_output�szNftables.set_guid_outputcCs
|jd�S)ztGet current status of numeric protocol output flag.

        Returns a boolean value indicating the status.
        r1)rG)rrrr�get_numeric_proto_outputsz!Nftables.get_numeric_proto_outputcCs|jd|�S)z�Set numeric protocol output flag.

        Accepts a boolean turning numeric protocol output either on or off.

        Returns the previous value.
        r1)rI)rrErrr�set_numeric_proto_outputsz!Nftables.set_numeric_proto_outputcCs
|jd�S)zzGet current status of numeric chain priority output flag.

        Returns a boolean value indicating the status.
        r2)rG)rrrr�get_numeric_prio_outputsz Nftables.get_numeric_prio_outputcCs|jd|�S)z�Set numeric chain priority output flag.

        Accepts a boolean turning numeric chain priority output either on or
        off.

        Returns the previous value.
        r2)rI)rrErrr�set_numeric_prio_outputsz Nftables.set_numeric_prio_outputcCs
|jd�S)zsGet current status of numeric symbols output flag.

        Returns a boolean value indicating the status.
        r3)rG)rrrr�get_numeric_symbol_output%sz"Nftables.get_numeric_symbol_outputcCs|jd|�S)z�Set numeric symbols output flag.

        Accepts a boolean turning numeric representation of symbolic constants
        in output either on or off.

        Returns the previous value.
        r3)rI)rrErrr�set_numeric_symbol_output,sz"Nftables.set_numeric_symbol_outputcCs
|jd�S)zqGet current status of numeric times output flag.

        Returns a boolean value indicating the status.
        r4)rG)rrrr�get_numeric_time_output6sz Nftables.get_numeric_time_outputcCs|jd|�S)z�Set numeric times output flag.

        Accepts a boolean turning numeric representation of time values
        in output either on or off.

        Returns the previous value.
        r4)rI)rrErrr�set_numeric_time_output=sz Nftables.set_numeric_time_outputcCs
|jd�S)z|Get the current state of terse output.

        Returns a boolean indicating whether terse output is active or not.
        r5)rG)rrrr�get_terse_outputGszNftables.get_terse_outputcCs|jd|�S)z�Enable or disable terse output.

        Accepts a boolean turning terse output either on or off.

        Returns the previous value.
        r5)rI)rrErrr�set_terse_outputNszNftables.set_terse_outputcCsV|j|j�}g}x2|jj�D]$\}}||@r|j|�||M}qW|rR|j|�|S)zmGet currently active debug flags.

        Returns a set of flag names. See set_debug() for details.
        )r9r?�debug_flags�items�append)rrE�names�n�vrrr�	get_debugWs

zNftables.get_debugcCs`|j�}t|�ttgkr|g}d}x*|D]"}t|�tkrB|j|}||O}q(W|j|j|�|S)aSet debug output flags.

        Accepts either a single flag or a set of flags. Each flag might be
        given either as string or integer value as shown in the following
        table:

        Name      | Value (hex)
        -----------------------
        scanner   | 0x1
        parser    | 0x2
        eval      | 0x4
        netlink   | 0x8
        mnl       | 0x10
        proto-ctx | 0x20
        segtree   | 0x40

        Returns a set of previously active debug flags, as returned by
        get_debug() method.
        r)rg�type�str�intrar:r?)r�values�oldrErfrrr�	set_debughs

zNftables.set_debugcCsdd}t|t�sd}|jd�}|j|j|�}|j|j�}|j|j�}|rZ|jd�}|jd�}|||fS)a�Run a simple nftables command via libnftables.

        Accepts a string containing an nftables command just like what one
        would enter into an interactive nftables (nft -i) session.

        Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() fuction
        output -- a string containing output written to stdout
        error  -- a string containing output written to stderr
        FTzutf-8)�
isinstance�bytes�encoder=r?r;r<�decode)rZcmdlineZcmdline_is_unicode�rc�output�errorrrr�cmd�s



zNftables.cmdcCsJ|jd�}|jtj|��\}}}|s.|j|�t|�r@tj|�}|||fS)aiRun an nftables command in JSON syntax via libnftables.

        Accepts a hash object as input.

        Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() function
        output -- a hash object containing library standard output
        error  -- a string containing output written to stderr
        T)rRrur�dumps�len�loads)r�	json_rootZjson_out_oldrrrsrtrrr�json_cmd�s



zNftables.json_cmdcCs|jst�|_|jj|�dS)z�Validate JSON object against libnftables schema.

        Accepts a hash object as input.

        Returns True if JSON is valid, raises an exception otherwise.
        T)�	validatorrr)rryrrr�
json_validate�szNftables.json_validaterrrrrrr ��iii)r6)(rrrrrarBr{rrArGrIrHrJrKrLrMrNrOrPrQrRrSrTrUrVrWrXrYrZr[r\r]r^r_r`rgrmrurzr|rrrrr%sl
<
	
						


	#r)rZctypes�sysrZNFTABLES_VERSIONrrrrrr�<module>s
__pycache__/nftables.cpython-36.opt-1.pyc000064400000032430150515251050014140 0ustar003

1�g]8�@sDddlZddlTddlZddlZdZGdd�d�ZGdd�d�ZdS)�N)�*z0.1c@s eZdZdZdd�Zdd�ZdS)�SchemaValidatorz+Libnftables JSON validator using jsonschemac	CsJtjjtjjt�d�}t|d��}tj|�|_WdQRXddl	}||_	dS)Nzschema.json�rr)
�os�path�join�dirname�__file__�open�json�load�schema�
jsonschema)�selfZschema_pathZschema_filer�r�/usr/lib/python3.6/nftables.py�__init__s
zSchemaValidator.__init__cCs|jj||jd�dS)N)�instancer
)r�validater
)rrrrrr"szSchemaValidator.validateN)�__name__�
__module__�__qualname__�__doc__rrrrrrrsrc
@sPeZdZdZdddddddd	�ZdWdXdYdZd[d\d]d^d_d`dadbd�ZdZdcdd�Zdd�Zdd�Z	dd�Z
dd�Zdd �Zd!d"�Z
d#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd/d0�Zd1d2�Zd3d4�Zd5d6�Zd7d8�Zd9d:�Zd;d<�Zd=d>�Zd?d@�ZdAdB�ZdCdD�ZdEdF�ZdGdH�Z dIdJ�Z!dKdL�Z"dMdN�Z#dOdP�Z$dQdR�Z%dSdT�Z&dUdV�Z'dS)d�Nftablesz*A class representing libnftables interface������ �@)�scanner�parser�evalZnetlinkZmnlz	proto-ctxZsegtreer�����	�
�)�
reversedns�service�	stateless�handler�echo�guid�
numeric_proto�numeric_prio�numeric_symbol�numeric_time�terseN�libnftables.so.1.1.0cCs>tj|�}|j|_t|j_tg|j_|j|_t|j_tg|j_|j	|_	ttg|j	_|j
|_
t|j
_tg|j
_|j|_ttg|j_|j|_t|j_tg|j_|j
|_
t|j
_tg|j
_|j|_t|j_tg|j_|j|_t|j_tg|j_|j|_t|j_ttg|j_|j|_tg|j_|jd�|_|j|j�|j|j�dS)alInstantiate a new Nftables class object.

        Accepts a shared object file to open, by default standard search path
        is searched for a file named 'libnftables.so'.

        After loading the library using ctypes module, a new nftables context
        is requested from the library and buffering of output and error streams
        is turned on.
        rN)ZcdllZLoadLibraryZnft_ctx_newZc_void_pZrestypeZc_intZargtypes�nft_ctx_output_get_flagsZc_uint�nft_ctx_output_set_flags�nft_ctx_output_get_debug�nft_ctx_output_set_debugZnft_ctx_buffer_output�nft_ctx_get_output_bufferZc_char_pZnft_ctx_buffer_error�nft_ctx_get_error_buffer�nft_run_cmd_from_buffer�nft_ctx_free�_Nftables__ctx)rZsofile�librrrrCsD









zNftables.__init__cCs|j|j�dS)N)r>r?)rrrr�__del__szNftables.__del__cCs|j|}|j|j�|@S)N)�output_flagsr7r?)r�name�flagrrrZ__get_output_flag�s
zNftables.__get_output_flagcCsD|j|}|j|j�}|r$||B}n
||@}|j|j|�||@S)N)rBr7r?r8)rrC�valrD�flagsZ	new_flagsrrrZ__set_output_flag�s


zNftables.__set_output_flagcCs
|jd�S)z�Get the current state of reverse DNS output.

        Returns a boolean indicating whether reverse DNS lookups are performed
        for IP addresses in output.
        r+)�_Nftables__get_output_flag)rrrr�get_reversedns_output�szNftables.get_reversedns_outputcCs|jd|�S)z�Enable or disable reverse DNS output.

        Accepts a boolean turning reverse DNS lookups in output on or off.

        Returns the previous value.
        r+)�_Nftables__set_output_flag)rrErrr�set_reversedns_output�szNftables.set_reversedns_outputcCs
|jd�S)z�Get the current state of service name output.

        Returns a boolean indicating whether service names are used for port
        numbers in output or not.
        r,)rG)rrrr�get_service_output�szNftables.get_service_outputcCs|jd|�S)z�Enable or disable service name output.

        Accepts a boolean turning service names for port numbers in output on
        or off.

        Returns the previous value.
        r,)rI)rrErrr�set_service_output�szNftables.set_service_outputcCs
|jd�S)z�Get the current state of stateless output.

        Returns a boolean indicating whether stateless output is active or not.
        r-)rG)rrrr�get_stateless_output�szNftables.get_stateless_outputcCs|jd|�S)z�Enable or disable stateless output.

        Accepts a boolean turning stateless output either on or off.

        Returns the previous value.
        r-)rI)rrErrr�set_stateless_output�szNftables.set_stateless_outputcCs
|jd�S)z~Get the current state of handle output.

        Returns a boolean indicating whether handle output is active or not.
        r.)rG)rrrr�get_handle_output�szNftables.get_handle_outputcCs|jd|�S)z�Enable or disable handle output.

        Accepts a boolean turning handle output on or off.

        Returns the previous value.
        r.)rI)rrErrr�set_handle_output�szNftables.set_handle_outputcCs
|jd�S)zzGet the current state of JSON output.

        Returns a boolean indicating whether JSON output is active or not.
        r)rG)rrrr�get_json_output�szNftables.get_json_outputcCs|jd|�S)z�Enable or disable JSON output.

        Accepts a boolean turning JSON output either on or off.

        Returns the previous value.
        r)rI)rrErrr�set_json_output�szNftables.set_json_outputcCs
|jd�S)zzGet the current state of echo output.

        Returns a boolean indicating whether echo output is active or not.
        r/)rG)rrrr�get_echo_output�szNftables.get_echo_outputcCs|jd|�S)z�Enable or disable echo output.

        Accepts a boolean turning echo output on or off.

        Returns the previous value.
        r/)rI)rrErrr�set_echo_output�szNftables.set_echo_outputcCs
|jd�S)z�Get the current state of GID/UID output.

        Returns a boolean indicating whether names for group/user IDs are used
        in output or not.
        r0)rG)rrrr�get_guid_output�szNftables.get_guid_outputcCs|jd|�S)z�Enable or disable GID/UID output.

        Accepts a boolean turning names for group/user IDs on or off.

        Returns the previous value.
        r0)rI)rrErrr�set_guid_output�szNftables.set_guid_outputcCs
|jd�S)ztGet current status of numeric protocol output flag.

        Returns a boolean value indicating the status.
        r1)rG)rrrr�get_numeric_proto_outputsz!Nftables.get_numeric_proto_outputcCs|jd|�S)z�Set numeric protocol output flag.

        Accepts a boolean turning numeric protocol output either on or off.

        Returns the previous value.
        r1)rI)rrErrr�set_numeric_proto_outputsz!Nftables.set_numeric_proto_outputcCs
|jd�S)zzGet current status of numeric chain priority output flag.

        Returns a boolean value indicating the status.
        r2)rG)rrrr�get_numeric_prio_outputsz Nftables.get_numeric_prio_outputcCs|jd|�S)z�Set numeric chain priority output flag.

        Accepts a boolean turning numeric chain priority output either on or
        off.

        Returns the previous value.
        r2)rI)rrErrr�set_numeric_prio_outputsz Nftables.set_numeric_prio_outputcCs
|jd�S)zsGet current status of numeric symbols output flag.

        Returns a boolean value indicating the status.
        r3)rG)rrrr�get_numeric_symbol_output%sz"Nftables.get_numeric_symbol_outputcCs|jd|�S)z�Set numeric symbols output flag.

        Accepts a boolean turning numeric representation of symbolic constants
        in output either on or off.

        Returns the previous value.
        r3)rI)rrErrr�set_numeric_symbol_output,sz"Nftables.set_numeric_symbol_outputcCs
|jd�S)zqGet current status of numeric times output flag.

        Returns a boolean value indicating the status.
        r4)rG)rrrr�get_numeric_time_output6sz Nftables.get_numeric_time_outputcCs|jd|�S)z�Set numeric times output flag.

        Accepts a boolean turning numeric representation of time values
        in output either on or off.

        Returns the previous value.
        r4)rI)rrErrr�set_numeric_time_output=sz Nftables.set_numeric_time_outputcCs
|jd�S)z|Get the current state of terse output.

        Returns a boolean indicating whether terse output is active or not.
        r5)rG)rrrr�get_terse_outputGszNftables.get_terse_outputcCs|jd|�S)z�Enable or disable terse output.

        Accepts a boolean turning terse output either on or off.

        Returns the previous value.
        r5)rI)rrErrr�set_terse_outputNszNftables.set_terse_outputcCsV|j|j�}g}x2|jj�D]$\}}||@r|j|�||M}qW|rR|j|�|S)zmGet currently active debug flags.

        Returns a set of flag names. See set_debug() for details.
        )r9r?�debug_flags�items�append)rrE�names�n�vrrr�	get_debugWs

zNftables.get_debugcCs`|j�}t|�ttgkr|g}d}x*|D]"}t|�tkrB|j|}||O}q(W|j|j|�|S)aSet debug output flags.

        Accepts either a single flag or a set of flags. Each flag might be
        given either as string or integer value as shown in the following
        table:

        Name      | Value (hex)
        -----------------------
        scanner   | 0x1
        parser    | 0x2
        eval      | 0x4
        netlink   | 0x8
        mnl       | 0x10
        proto-ctx | 0x20
        segtree   | 0x40

        Returns a set of previously active debug flags, as returned by
        get_debug() method.
        r)rg�type�str�intrar:r?)r�values�oldrErfrrr�	set_debughs

zNftables.set_debugcCsdd}t|t�sd}|jd�}|j|j|�}|j|j�}|j|j�}|rZ|jd�}|jd�}|||fS)a�Run a simple nftables command via libnftables.

        Accepts a string containing an nftables command just like what one
        would enter into an interactive nftables (nft -i) session.

        Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() fuction
        output -- a string containing output written to stdout
        error  -- a string containing output written to stderr
        FTzutf-8)�
isinstance�bytes�encoder=r?r;r<�decode)rZcmdlineZcmdline_is_unicode�rc�output�errorrrr�cmd�s



zNftables.cmdcCsJ|jd�}|jtj|��\}}}|s.|j|�t|�r@tj|�}|||fS)aiRun an nftables command in JSON syntax via libnftables.

        Accepts a hash object as input.

        Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() function
        output -- a hash object containing library standard output
        error  -- a string containing output written to stderr
        T)rRrur�dumps�len�loads)r�	json_rootZjson_out_oldrrrsrtrrr�json_cmd�s



zNftables.json_cmdcCs|jst�|_|jj|�dS)z�Validate JSON object against libnftables schema.

        Accepts a hash object as input.

        Returns True if JSON is valid, raises an exception otherwise.
        T)�	validatorrr)rryrrr�
json_validate�szNftables.json_validaterrrrrrr ��iii)r6)(rrrrrarBr{rrArGrIrHrJrKrLrMrNrOrPrQrRrSrTrUrVrWrXrYrZr[r\r]r^r_r`rgrmrurzr|rrrrr%sl
<
	
						


	#r)rZctypes�sysrZNFTABLES_VERSIONrrrrrr�<module>s
__pycache__/__init__.cpython-36.pyc000064400000000212150515251050013133 0ustar003

�]�b�@sddlTdS)�)�*N)Znftables�rr�/usr/lib/python3.6/__init__.py�<module>s__pycache__/__init__.cpython-36.opt-1.pyc000064400000000212150515251050014072 0ustar003

�]�b�@sddlTdS)�)�*N)Znftables�rr�/usr/lib/python3.6/__init__.py�<module>sschema.json000064400000000417150515251050006700 0ustar00{
	"$schema": "http://json-schema.org/schema#",
	"description": "libnftables JSON API schema",

	"type": "object",
        "properties": {
		"nftables": {
			"type": "array",
			"minitems": 0,
			"items": {
				"type": "object"
			}
		}
	},
	"required": [ "nftables" ]
}