Add new API to expose the input flags in the Python API.
Note that the chosen approach differs from the existing
nft_ctx_output_get_flags() and nft_ctx_output_get_debug()
API, which themselves are inconsistent approaches.
The new API directly exposes the underlying C API, that is, the numeric
flags.
Signed-off-by: Thomas Haller <thaller@xxxxxxxxxx>
---
py/nftables.py | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 54 insertions(+)
diff --git a/py/nftables.py b/py/nftables.py
index 68fcd7dd103c..e2417b7598c0 100644
--- a/py/nftables.py
+++ b/py/nftables.py
@@ -21,6 +21,29 @@ import os
NFTABLES_VERSION = "0.1"
+"""Prevent blocking DNS lookups for IP addresses.
+
+By default, nftables will try to resolve IP addresses with blocking getaddrinfo() API.
+By setting this flag, only literal IP addresses are supported in input.
+
+This numeric flag can be passed to Nftables.input_get_flags() and is returned
+by Nftables.input_set_flags().
+"""
+NFT_CTX_INPUT_NO_DNS = 1
+
+"""Attempt to parse input in JSON format.
+
+By default, input will be parsed using the nftables format. By setting
+this flag, the parsing will first attempt to read the input in the
+JSON format as documented in libnftables-json manual. This flag is
+implied by NFT_CTX_OUTPUT_JSON flag (Nftables.set_json_output()).
+
+This numeric flag can be passed to Nftables.input_get_flags() and is returned
+by Nftables.input_set_flags().
+"""
+NFT_CTX_INPUT_JSON = 2
+
+
class SchemaValidator:
"""Libnftables JSON validator using jsonschema"""
@@ -82,6 +105,13 @@ class Nftables:
self.nft_ctx_new.restype = c_void_p
self.nft_ctx_new.argtypes = [c_int]
+ self.nft_ctx_input_get_flags = lib.nft_ctx_input_get_flags
+ self.nft_ctx_input_get_flags.restype = c_uint
+ self.nft_ctx_input_get_flags.argtypes = [c_void_p]
+
+ self.nft_ctx_input_set_flags = lib.nft_ctx_input_set_flags
+ self.nft_ctx_input_set_flags.argtypes = [c_void_p, c_uint]
+
self.nft_ctx_output_get_flags = lib.nft_ctx_output_get_flags
self.nft_ctx_output_get_flags.restype = c_uint
self.nft_ctx_output_get_flags.argtypes = [c_void_p]
@@ -152,6 +182,30 @@ class Nftables:
def __del__(self):
self.nft_ctx_free(self.__ctx)
+ def input_get_flags(self):
+ """Query input flags for the nft context.
+
+ See input_get_flags() for supported flags.
+
+ Returns the currently set input flags as number.
+ """
+ return self.nft_ctx_input_get_flags(self.__ctx)
+
+ def input_set_flags(self, flags):
+ """Set input flags for the nft context as number.
+
+ By default, a new context objects has flags set to zero.
+
+ The following flags are currently supported.
+ NFT_CTX_INPUT_NO_DNS (0x1) disables blocking address lookup.
+ NFT_CTX_INPUT_JSON (0x2) enables JSON mode for input.
+
+ Unknown flags are silently accepted.
+
+ Returns nothing.
+ """
+ self.nft_ctx_input_set_flags(self.__ctx, flags)
+
def __get_output_flag(self, name):
flag = self.output_flags[name]
return (self.nft_ctx_output_get_flags(self.__ctx) & flag) != 0
--
2.41.0
