On Thu, Jul 20, 2023 at 04:27:03PM +0200, Thomas Haller wrote: > Add new API to expose the input flags in the Python API. > > Note that the chosen approach differs from the existing > nft_ctx_output_get_flags() and nft_ctx_output_get_debug() > API, which themselves are inconsistent approaches. > > The new API directly exposes the underlying C API, that is, the numeric > flags. Insisting on forcing users to set input flags differently than output flags is a bit odd, but once complaints come in we can still follow-up I guess. [...] > diff --git a/py/nftables.py b/py/nftables.py > index 68fcd7dd103c..e2417b7598c0 100644 > --- a/py/nftables.py > +++ b/py/nftables.py [...] > @@ -152,6 +182,30 @@ class Nftables: > def __del__(self): > self.nft_ctx_free(self.__ctx) > > + def input_get_flags(self): > + """Query input flags for the nft context. > + > + See input_get_flags() for supported flags. > + > + Returns the currently set input flags as number. > + """ > + return self.nft_ctx_input_get_flags(self.__ctx) > + > + def input_set_flags(self, flags): > + """Set input flags for the nft context as number. > + > + By default, a new context objects has flags set to zero. > + > + The following flags are currently supported. > + NFT_CTX_INPUT_NO_DNS (0x1) disables blocking address lookup. > + NFT_CTX_INPUT_JSON (0x2) enables JSON mode for input. > + > + Unknown flags are silently accepted. > + > + Returns nothing. > + """ > + self.nft_ctx_input_set_flags(self.__ctx, flags) Please make this return the old flags. It makes temporary flag setting much easier, see this snippet from tests/py/nft-test.py for instance: | # Check for matching ruleset listing | numeric_proto_old = nftables.set_numeric_proto_output(True) | stateless_old = nftables.set_stateless_output(True) | list_cmd = 'list table %s' % table | rc, pre_output, err = nftables.cmd(list_cmd) | nftables.set_numeric_proto_output(numeric_proto_old) | nftables.set_stateless_output(stateless_old) Thanks, Phil
