Your IP : 18.218.119.140


Current Path : /proc/self/root/usr/lib/python3.6/site-packages/nftables/__pycache__/
Upload File :
Current File : //proc/self/root/usr/lib/python3.6/site-packages/nftables/__pycache__/nftables.cpython-36.opt-1.pyc

3

�Mf]8�@sDddlZddlTddlZddlZdZGdd�d�ZGdd�d�ZdS)�N)�*z0.1c@s eZdZdZdd�Zdd�ZdS)�SchemaValidatorz+Libnftables JSON validator using jsonschemac	CsJtjjtjjt�d�}t|d��}tj|�|_WdQRXddl	}||_	dS)Nzschema.json�rr)
�os�path�join�dirname�__file__�open�json�load�schema�
jsonschema)�selfZschema_pathZschema_filer�r�/usr/lib/python3.6/nftables.py�__init__s
zSchemaValidator.__init__cCs|jj||jd�dS)N)�instancer
)r�validater
)rrrrrr"szSchemaValidator.validateN)�__name__�
__module__�__qualname__�__doc__rrrrrrrsrc
@sPeZdZdZdddddddd	�ZdWdXdYdZd[d\d]d^d_d`dadbd�ZdZdcdd�Zdd�Zdd�Z	dd�Z
dd�Zdd �Zd!d"�Z
d#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd/d0�Zd1d2�Zd3d4�Zd5d6�Zd7d8�Zd9d:�Zd;d<�Zd=d>�Zd?d@�ZdAdB�ZdCdD�ZdEdF�ZdGdH�Z dIdJ�Z!dKdL�Z"dMdN�Z#dOdP�Z$dQdR�Z%dSdT�Z&dUdV�Z'dS)d�Nftablesz*A class representing libnftables interface������ �@)�scanner�parser�evalZnetlinkZmnlz	proto-ctxZsegtreer�����	�
�)�
reversedns�service�	stateless�handler�echo�guid�
numeric_proto�numeric_prio�numeric_symbol�numeric_time�terseN�libnftables.so.1.1.0cCs>tj|�}|j|_t|j_tg|j_|j|_t|j_tg|j_|j	|_	ttg|j	_|j
|_
t|j
_tg|j
_|j|_ttg|j_|j|_t|j_tg|j_|j
|_
t|j
_tg|j
_|j|_t|j_tg|j_|j|_t|j_tg|j_|j|_t|j_ttg|j_|j|_tg|j_|jd�|_|j|j�|j|j�dS)alInstantiate a new Nftables class object.

        Accepts a shared object file to open, by default standard search path
        is searched for a file named 'libnftables.so'.

        After loading the library using ctypes module, a new nftables context
        is requested from the library and buffering of output and error streams
        is turned on.
        rN)ZcdllZLoadLibraryZnft_ctx_newZc_void_pZrestypeZc_intZargtypes�nft_ctx_output_get_flagsZc_uint�nft_ctx_output_set_flags�nft_ctx_output_get_debug�nft_ctx_output_set_debugZnft_ctx_buffer_output�nft_ctx_get_output_bufferZc_char_pZnft_ctx_buffer_error�nft_ctx_get_error_buffer�nft_run_cmd_from_buffer�nft_ctx_free�_Nftables__ctx)rZsofile�librrrrCsD









zNftables.__init__cCs|j|j�dS)N)r>r?)rrrr�__del__szNftables.__del__cCs|j|}|j|j�|@S)N)�output_flagsr7r?)r�name�flagrrrZ__get_output_flag�s
zNftables.__get_output_flagcCsD|j|}|j|j�}|r$||B}n
||@}|j|j|�||@S)N)rBr7r?r8)rrC�valrD�flagsZ	new_flagsrrrZ__set_output_flag�s


zNftables.__set_output_flagcCs
|jd�S)z�Get the current state of reverse DNS output.

        Returns a boolean indicating whether reverse DNS lookups are performed
        for IP addresses in output.
        r+)�_Nftables__get_output_flag)rrrr�get_reversedns_output�szNftables.get_reversedns_outputcCs|jd|�S)z�Enable or disable reverse DNS output.

        Accepts a boolean turning reverse DNS lookups in output on or off.

        Returns the previous value.
        r+)�_Nftables__set_output_flag)rrErrr�set_reversedns_output�szNftables.set_reversedns_outputcCs
|jd�S)z�Get the current state of service name output.

        Returns a boolean indicating whether service names are used for port
        numbers in output or not.
        r,)rG)rrrr�get_service_output�szNftables.get_service_outputcCs|jd|�S)z�Enable or disable service name output.

        Accepts a boolean turning service names for port numbers in output on
        or off.

        Returns the previous value.
        r,)rI)rrErrr�set_service_output�szNftables.set_service_outputcCs
|jd�S)z�Get the current state of stateless output.

        Returns a boolean indicating whether stateless output is active or not.
        r-)rG)rrrr�get_stateless_output�szNftables.get_stateless_outputcCs|jd|�S)z�Enable or disable stateless output.

        Accepts a boolean turning stateless output either on or off.

        Returns the previous value.
        r-)rI)rrErrr�set_stateless_output�szNftables.set_stateless_outputcCs
|jd�S)z~Get the current state of handle output.

        Returns a boolean indicating whether handle output is active or not.
        r.)rG)rrrr�get_handle_output�szNftables.get_handle_outputcCs|jd|�S)z�Enable or disable handle output.

        Accepts a boolean turning handle output on or off.

        Returns the previous value.
        r.)rI)rrErrr�set_handle_output�szNftables.set_handle_outputcCs
|jd�S)zzGet the current state of JSON output.

        Returns a boolean indicating whether JSON output is active or not.
        r)rG)rrrr�get_json_output�szNftables.get_json_outputcCs|jd|�S)z�Enable or disable JSON output.

        Accepts a boolean turning JSON output either on or off.

        Returns the previous value.
        r)rI)rrErrr�set_json_output�szNftables.set_json_outputcCs
|jd�S)zzGet the current state of echo output.

        Returns a boolean indicating whether echo output is active or not.
        r/)rG)rrrr�get_echo_output�szNftables.get_echo_outputcCs|jd|�S)z�Enable or disable echo output.

        Accepts a boolean turning echo output on or off.

        Returns the previous value.
        r/)rI)rrErrr�set_echo_output�szNftables.set_echo_outputcCs
|jd�S)z�Get the current state of GID/UID output.

        Returns a boolean indicating whether names for group/user IDs are used
        in output or not.
        r0)rG)rrrr�get_guid_output�szNftables.get_guid_outputcCs|jd|�S)z�Enable or disable GID/UID output.

        Accepts a boolean turning names for group/user IDs on or off.

        Returns the previous value.
        r0)rI)rrErrr�set_guid_output�szNftables.set_guid_outputcCs
|jd�S)ztGet current status of numeric protocol output flag.

        Returns a boolean value indicating the status.
        r1)rG)rrrr�get_numeric_proto_outputsz!Nftables.get_numeric_proto_outputcCs|jd|�S)z�Set numeric protocol output flag.

        Accepts a boolean turning numeric protocol output either on or off.

        Returns the previous value.
        r1)rI)rrErrr�set_numeric_proto_outputsz!Nftables.set_numeric_proto_outputcCs
|jd�S)zzGet current status of numeric chain priority output flag.

        Returns a boolean value indicating the status.
        r2)rG)rrrr�get_numeric_prio_outputsz Nftables.get_numeric_prio_outputcCs|jd|�S)z�Set numeric chain priority output flag.

        Accepts a boolean turning numeric chain priority output either on or
        off.

        Returns the previous value.
        r2)rI)rrErrr�set_numeric_prio_outputsz Nftables.set_numeric_prio_outputcCs
|jd�S)zsGet current status of numeric symbols output flag.

        Returns a boolean value indicating the status.
        r3)rG)rrrr�get_numeric_symbol_output%sz"Nftables.get_numeric_symbol_outputcCs|jd|�S)z�Set numeric symbols output flag.

        Accepts a boolean turning numeric representation of symbolic constants
        in output either on or off.

        Returns the previous value.
        r3)rI)rrErrr�set_numeric_symbol_output,sz"Nftables.set_numeric_symbol_outputcCs
|jd�S)zqGet current status of numeric times output flag.

        Returns a boolean value indicating the status.
        r4)rG)rrrr�get_numeric_time_output6sz Nftables.get_numeric_time_outputcCs|jd|�S)z�Set numeric times output flag.

        Accepts a boolean turning numeric representation of time values
        in output either on or off.

        Returns the previous value.
        r4)rI)rrErrr�set_numeric_time_output=sz Nftables.set_numeric_time_outputcCs
|jd�S)z|Get the current state of terse output.

        Returns a boolean indicating whether terse output is active or not.
        r5)rG)rrrr�get_terse_outputGszNftables.get_terse_outputcCs|jd|�S)z�Enable or disable terse output.

        Accepts a boolean turning terse output either on or off.

        Returns the previous value.
        r5)rI)rrErrr�set_terse_outputNszNftables.set_terse_outputcCsV|j|j�}g}x2|jj�D]$\}}||@r|j|�||M}qW|rR|j|�|S)zmGet currently active debug flags.

        Returns a set of flag names. See set_debug() for details.
        )r9r?�debug_flags�items�append)rrE�names�n�vrrr�	get_debugWs

zNftables.get_debugcCs`|j�}t|�ttgkr|g}d}x*|D]"}t|�tkrB|j|}||O}q(W|j|j|�|S)aSet debug output flags.

        Accepts either a single flag or a set of flags. Each flag might be
        given either as string or integer value as shown in the following
        table:

        Name      | Value (hex)
        -----------------------
        scanner   | 0x1
        parser    | 0x2
        eval      | 0x4
        netlink   | 0x8
        mnl       | 0x10
        proto-ctx | 0x20
        segtree   | 0x40

        Returns a set of previously active debug flags, as returned by
        get_debug() method.
        r)rg�type�str�intrar:r?)r�values�oldrErfrrr�	set_debughs

zNftables.set_debugcCsdd}t|t�sd}|jd�}|j|j|�}|j|j�}|j|j�}|rZ|jd�}|jd�}|||fS)a�Run a simple nftables command via libnftables.

        Accepts a string containing an nftables command just like what one
        would enter into an interactive nftables (nft -i) session.

        Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() fuction
        output -- a string containing output written to stdout
        error  -- a string containing output written to stderr
        FTzutf-8)�
isinstance�bytes�encoder=r?r;r<�decode)rZcmdlineZcmdline_is_unicode�rc�output�errorrrr�cmd�s



zNftables.cmdcCsJ|jd�}|jtj|��\}}}|s.|j|�t|�r@tj|�}|||fS)aiRun an nftables command in JSON syntax via libnftables.

        Accepts a hash object as input.

        Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() function
        output -- a hash object containing library standard output
        error  -- a string containing output written to stderr
        T)rRrur�dumps�len�loads)r�	json_rootZjson_out_oldrrrsrtrrr�json_cmd�s



zNftables.json_cmdcCs|jst�|_|jj|�dS)z�Validate JSON object against libnftables schema.

        Accepts a hash object as input.

        Returns True if JSON is valid, raises an exception otherwise.
        T)�	validatorrr)rryrrr�
json_validate�szNftables.json_validaterrrrrrr ��iii)r6)(rrrrrarBr{rrArGrIrHrJrKrLrMrNrOrPrQrRrSrTrUrVrWrXrYrZr[r\r]r^r_r`rgrmrurzr|rrrrr%sl
<
	
						


	#r)rZctypes�sysrZNFTABLES_VERSIONrrrrrr�<module>s

?>