summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Collinson <pc@hillside.co.uk>2022-09-12 12:52:23 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2022-09-16 09:37:31 +0200
commit448bd104d3530ed2870921a35ebf54589cdb274c (patch)
tree6adc1555caa4e753bbaffc19555a2cc137b04414
parent05fcf8013def5274e0a66d16b44f34d39b31d594 (diff)
py: extend python API to support libnftables API
Allows py/nftables.py to support full mapping to the libnftables API. The changes allow python code to talk in text to the kernel rather than just using json. The Python API can now also use dry run to test changes. Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1591 Signed-off-by: Peter Collinson <pc@hillside.co.uk> Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--py/nftables.py82
1 files changed, 82 insertions, 0 deletions
diff --git a/py/nftables.py b/py/nftables.py
index 2a0a1e89..99ba082f 100644
--- a/py/nftables.py
+++ b/py/nftables.py
@@ -116,6 +116,24 @@ class Nftables:
self.nft_run_cmd_from_buffer.restype = c_int
self.nft_run_cmd_from_buffer.argtypes = [c_void_p, c_char_p]
+ self.nft_run_cmd_from_filename = lib.nft_run_cmd_from_filename
+ self.nft_run_cmd_from_filename.restype = c_int
+ self.nft_run_cmd_from_filename.argtypes = [c_void_p, c_char_p]
+
+ self.nft_ctx_add_include_path = lib.nft_ctx_add_include_path
+ self.nft_ctx_add_include_path.restype = c_int
+ self.nft_ctx_add_include_path.argtypes = [c_void_p, c_char_p]
+
+ self.nft_ctx_clear_include_paths = lib.nft_ctx_clear_include_paths
+ self.nft_ctx_clear_include_paths.argtypes = [c_void_p]
+
+ self.nft_ctx_get_dry_run = lib.nft_ctx_get_dry_run
+ self.nft_ctx_get_dry_run.restype = c_bool
+ self.nft_ctx_get_dry_run.argtypes = [c_void_p]
+
+ self.nft_ctx_set_dry_run = lib.nft_ctx_set_dry_run
+ self.nft_ctx_set_dry_run.argtypes = [c_void_p, c_bool]
+
self.nft_ctx_free = lib.nft_ctx_free
lib.nft_ctx_free.argtypes = [c_void_p]
@@ -446,3 +464,67 @@ class Nftables:
self.validator.validate(json_root)
return True
+
+ def cmd_from_file(self, filename):
+ """Run a nftables command set from a file
+
+ filename can be a str or a Path
+
+ Returns a tuple (rc, output, error):
+ rc -- return code as returned by nft_run_cmd_from_buffer() function
+ output -- a string containing output written to stdout
+ error -- a string containing output written to stderr
+ """
+
+ filename_is_unicode = False
+ if not isinstance(filename, bytes):
+ filename_is_unicode = True
+ # allow filename to be a Path
+ filename = str(filename)
+ filename= filename.encode("utf-8")
+ rc = self.nft_run_cmd_from_filename(self.__ctx, filename)
+ output = self.nft_ctx_get_output_buffer(self.__ctx)
+ error = self.nft_ctx_get_error_buffer(self.__ctx)
+ if filename_is_unicode:
+ output = output.decode("utf-8")
+ error = error.decode("utf-8")
+ return (rc, output, error)
+
+ def add_include_path(self, filename):
+ """Add a path to the include file list
+ The default list includes /etc
+
+ Returns True on success
+ False if memory allocation fails
+ """
+
+ if not isinstance(filename, bytes):
+ # allow filename to be a Path
+ filename = str(filename)
+ filename= filename.encode("utf-8")
+ rc = self.nft_ctx_add_include_path(self.__ctx, filename)
+ return rc == 0
+
+ def clear_include_paths(self):
+ """Clear include path list
+
+ Will also remove /etc
+ """
+
+ self.nft_ctx_clear_include_paths(self.__ctx)
+
+ def get_dry_run(self):
+ """Get dry run state
+
+ Returns True if set, False otherwise
+ """
+
+ return self.nft_ctx_get_dry_run(self.__ctx)
+
+ def set_dry_run(self, onoff):
+ """ Set dry run state
+
+ Called with True/False
+ """
+
+ self.nft_ctx_set_dry_run(self.__ctx, onoff)