summaryrefslogtreecommitdiffstats
path: root/py/nftables.py
Commit message (Collapse)AuthorAgeFilesLines
* py: load the SONAME-versioned shared objectArturo Borrero Gonzalez2019-12-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Instruct the python module to load the SONAME versioned shared object. Normal end-user systems may only have available libnftables.so.1.0.0 and not libnftables.so which is usually only present in developer systems. In Debian systems, for example: % dpkg -L libnftables1 | grep so.1 /usr/lib/x86_64-linux-gnu/libnftables.so.1.0.0 /usr/lib/x86_64-linux-gnu/libnftables.so.1 % dpkg -L libnftables-dev | grep so /usr/lib/x86_64-linux-gnu/libnftables.so The "1" is not a magic number, is the SONAME of libnftables in the current version, as stated in Make_global.am. Reported-by: Michael Biebl <biebl@debian.org> Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* py: add missing output flags.Jeremy Sowden2019-10-241-0/+35
| | | | | | | | `terse` and `numeric_time` are missing from the `output_flags` dict. Add them and getters and setters for them. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Phil Sutter <phil@nwl.cc>
* py: Implement JSON validation in nftables modulePhil Sutter2019-05-311-0/+29
| | | | | | | | | | | | Using jsonschema it is possible to validate any JSON input to make sure it formally conforms with libnftables JSON API requirements. Implement a simple validator class for use within a new Nftables class method 'json_validate' and ship a minimal schema definition along with the package. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* py: fix missing decode/encode of stringsEric Garver2019-05-121-0/+7
| | | | | | | | | When calling ffi functions, if the string is unicode we need to convert to utf-8. Then convert back for any output we receive. Fixes: 586ad210368b7 ("libnftables: Implement JSON parser") Signed-off-by: Eric Garver <eric@garver.life> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* parser_json: Rewrite echo supportPhil Sutter2019-04-031-0/+3
| | | | | | | | | | | | | | | | | Instead of guessing which object to update with retrieved handle, introduce a list containing struct cmd <-> json_t associations. Upon batch commit, allocated cmd objects are assigned a unique netlink sequence number. Monitor events contain that number as well, so they may be associated to the cmd object which triggered them. Using json_cmd_assoc list the event may in turn be associated to the input's JSON object which should receive the handle value. This also fixes incorrect behaviour if JSON input contained "insert" commands. Fixes: bb32d8db9a125 ("JSON: Add support for echo option") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* py: Adjust Nftables class to output flags changesPhil Sutter2018-10-311-78/+142
| | | | | | | | | | | | | Introduce setter/getter methods for each introduced output flag. Ignore NFT_CTX_OUTPUT_NUMERIC_ALL for now since it's main purpose is for internal use. Adjust the script in tests/py accordingly: Due to the good defaults, only numeric proto output has to be selected - this is not a must, but allows for the test cases to remain unchanged. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* py: trivial: Fix typo in comment stringPhil Sutter2018-08-301-1/+1
| | | | | Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* python: set license and author in nftables.pyEric Leblond2018-06-201-0/+16
| | | | | | | | It will be distributed separately so this worth setting things correctly. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* python: installation of binding via make installEric Leblond2018-06-201-0/+2
| | | | | | | | | setup.py is used to build and install the python binding. Call to setup.py are done in Makefile to proceed to build and installation. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnftables: Simplify nft_run_cmd_from_buffer footprintPhil Sutter2018-06-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | With libnftables documentation being upstream and one confirmed external user (nftlb), time to break the API! First of all, the command buffer passed to nft_run_cmd_from_buffer may (and should) be const. One should consider it a bug if that function ever changed it's content. On the other hand, there is no point in passing the buffer's length as separate argument: NULL bytes are not expected to occur in the input, so it is safe to rely upon strlen(). Also, the actual parsers don't require a buffer length passed to them, either. The only use-case for it is when reallocating the buffer to append a final newline character, there strlen() is perfectly sufficient. Suggested-by: Harald Welte <laforge@gnumonks.org> Cc: Laura Garcia Liebana <nevola@gmail.com> Cc: Eric Leblond <eric@regit.org> Cc: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* py: Add JSON support to nftables ClassPhil Sutter2018-05-111-1/+44
| | | | | Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* py: Add getter/setter for echo output optionPhil Sutter2018-05-111-0/+25
| | | | | Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests/py: Use libnftables instead of calling nft binaryPhil Sutter2018-04-111-0/+224
This adds a simple nftables Python class in py/nftables.py which gives access to libnftables API via ctypes module. nft-test.py is extended to make use of the above class instead of calling nft binary. Since command line formatting had to be touched anyway, this patch also streamlines things a bit by introducing __str__ methods to classes Table and Chain and making extensive use of format strings instead of onerously adding all string parts together. Since the called commands don't see a shell anymore, all shell meta character escaping done in testcases is removed. The visible effects of this change are: * Four new warnings in ip/flowtable.t due to changing objref IDs (will be addressed later in a patch to libnftnl). * Reported command line in warning and error messages changed slightly for obvious reasons. * Reduction of a full test run's runtime by a factor of four. Status diff after running with 'time': < 83 test files, 77 files passed, 1724 unit tests, 0 error, 33 warning < 87.23user 696.13system 15:11.82elapsed 85%CPU (0avgtext+0avgdata 9604maxresident)k < 8inputs+36800outputs (0major+35171235minor)pagefaults 0swaps > 83 test files, 77 files passed, 1724 unit tests, 4 error, 33 warning > 6.80user 30.18system 3:45.86elapsed 16%CPU (0avgtext+0avgdata 14064maxresident)k > 0inputs+35808outputs (0major+2874minor)pagefaults 0swaps Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>