Allows py/nftables.py to support full mapping to the libnftables API. The changes allow python code to talk in text to the kernel rather than just using json. The Python API can now also use dryruns to test changes. Functions added are: add_include_path(filename) clear_include_paths() cmd_from_file(filename) get_dry_run() set_dry_run(onoff) Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1591 Signed-off-by: Peter Collinson <pc@xxxxxxxxxxxxxx> --- py/nftables.py | 92 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 91 insertions(+), 1 deletion(-) diff --git a/py/nftables.py b/py/nftables.py index 2a0a1e89..bb9d49d4 100644 --- a/py/nftables.py +++ b/py/nftables.py @@ -13,13 +13,21 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# Extended to add +# add_include_path(self, filename) +# clear_include_paths(self) +# cmd_from_file(self, filename) +# get_dry_run(self) +# set_dry_run(self, onoff) +# Peter Collinson March 2022 import json from ctypes import * import sys import os -NFTABLES_VERSION = "0.1" +NFTABLES_VERSION = "0.2" class SchemaValidator: """Libnftables JSON validator using jsonschema""" @@ -116,6 +124,24 @@ class Nftables: self.nft_run_cmd_from_buffer.restype = c_int self.nft_run_cmd_from_buffer.argtypes = [c_void_p, c_char_p] + self.nft_run_cmd_from_filename = lib.nft_run_cmd_from_filename + self.nft_run_cmd_from_filename.restype = c_int + self.nft_run_cmd_from_filename.argtypes = [c_void_p, c_char_p] + + self.nft_ctx_add_include_path = lib.nft_ctx_add_include_path + self.nft_ctx_add_include_path.restype = c_int + self.nft_ctx_add_include_path.argtypes = [c_void_p, c_char_p] + + self.nft_ctx_clear_include_paths = lib.nft_ctx_clear_include_paths + self.nft_ctx_clear_include_paths.argtypes = [c_void_p] + + self.nft_ctx_get_dry_run = lib.nft_ctx_get_dry_run + self.nft_ctx_get_dry_run.restype = c_bool + self.nft_ctx_get_dry_run.argtypes = [c_void_p] + + self.nft_ctx_set_dry_run = lib.nft_ctx_set_dry_run + self.nft_ctx_set_dry_run.argtypes = [c_void_p, c_bool] + self.nft_ctx_free = lib.nft_ctx_free lib.nft_ctx_free.argtypes = [c_void_p] @@ -446,3 +472,67 @@ class Nftables: self.validator.validate(json_root) return True + + def cmd_from_file(self, filename): + """Run a nftables command set from a file + + filename can be a str or a Path + + Returns a tuple (rc, output, error): + rc -- return code as returned by nft_run_cmd_from_buffer() function + output -- a string containing output written to stdout + error -- a string containing output written to stderr + """ + + filename_is_unicode = False + if not isinstance(filename, bytes): + filename_is_unicode = True + # allow filename to be a Path + filename = str(filename) + filename= filename.encode("utf-8") + rc = self.nft_run_cmd_from_filename(self.__ctx, filename) + output = self.nft_ctx_get_output_buffer(self.__ctx) + error = self.nft_ctx_get_error_buffer(self.__ctx) + if filename_is_unicode: + output = output.decode("utf-8") + error = error.decode("utf-8") + return (rc, output, error) + + def add_include_path(self, filename): + """Add a path to the include file list + The default list includes /etc + + Returns True on success + False if memory allocation fails + """ + + if not isinstance(filename, bytes): + # allow filename to be a Path + filename = str(filename) + filename= filename.encode("utf-8") + rc = self.nft_ctx_add_include_path(self.__ctx, filename) + return rc == 0 + + def clear_include_paths(self): + """Clear include path list + + Will also remove /etc + """ + + self.nft_ctx_clear_include_paths(self.__ctx) + + def get_dry_run(self): + """Get dry run state + + Returns True if set, False otherwise + """ + + return self.nft_ctx_get_dry_run(self.__ctx) + + def set_dry_run(self, onoff): + """ Set dry run state + + Called with True/False + """ + + self.nft_ctx_set_dry_run(self.__ctx, onoff) -- 2.30.2
