HEX
Server: LiteSpeed
System: Linux php-prod-1.spaceapp.ru 5.15.0-157-generic #167-Ubuntu SMP Wed Sep 17 21:35:53 UTC 2025 x86_64
User: xnsbb3110 (1041)
PHP: 8.1.33
Disabled: NONE
Upload Files
File: //lib/python3/dist-packages/nftables/__pycache__/nftables.cpython-310.pyc
o

z�bY8�@sDddlZddlTddlZddlZdZGdd�d�ZGdd�d�ZdS)�N)�*z0.1c@s eZdZdZdd�Zdd�ZdS)�SchemaValidatorz+Libnftables JSON validator using jsonschemacCs^tj�tj�t�d�}t|d��}t�|�|_Wd�n1s!wYddl	}||_	dS)Nzschema.json�rr)
�os�path�join�dirname�__file__�open�json�load�schema�
jsonschema)�self�schema_path�schema_filer�r�3/usr/lib/python3/dist-packages/nftables/nftables.py�__init__s�
zSchemaValidator.__init__cCs|jj||jd�dS)N)�instancer
)r�validater
)rrrrrr"szSchemaValidator.validateN)�__name__�
__module__�__qualname__�__doc__rrrrrrrsrc
@sPeZdZdZdddddddd	�Zdddddddd
ddd
dd�ZdZdTdd�Zdd�Zdd�Z	dd�Z
dd�Zdd�Zdd�Z
d d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Zd0d1�Zd2d3�Zd4d5�Zd6d7�Zd8d9�Zd:d;�Zd<d=�Zd>d?�Zd@dA�ZdBdC�ZdDdE�Z dFdG�Z!dHdI�Z"dJdK�Z#dLdM�Z$dNdO�Z%dPdQ�Z&dRdS�Z'dS)U�Nftablesz*A class representing libnftables interface������ �@)�scanner�parser�eval�netlink�mnlz	proto-ctx�segtree��iii)�
reversedns�service�	stateless�handler�echo�guid�
numeric_proto�numeric_prio�numeric_symbol�numeric_time�terseN�libnftables.so.1cCs>t�|�}|j|_t|j_tg|j_|j|_t|j_tg|j_|j	|_	ttg|j	_|j
|_
t|j
_tg|j
_|j|_ttg|j_|j|_t|j_tg|j_|j
|_
t|j
_tg|j
_|j|_t|j_tg|j_|j|_t|j_tg|j_|j|_t|j_ttg|j_|j|_tg|j_|�d�|_|�|j�|�|j�dS)alInstantiate a new Nftables class object.

        Accepts a shared object file to open, by default standard search path
        is searched for a file named 'libnftables.so'.

        After loading the library using ctypes module, a new nftables context
        is requested from the library and buffering of output and error streams
        is turned on.
        rN)�cdll�LoadLibrary�nft_ctx_new�c_void_p�restype�c_int�argtypes�nft_ctx_output_get_flags�c_uint�nft_ctx_output_set_flags�nft_ctx_output_get_debug�nft_ctx_output_set_debug�nft_ctx_buffer_output�nft_ctx_get_output_buffer�c_char_p�nft_ctx_buffer_error�nft_ctx_get_error_buffer�nft_run_cmd_from_buffer�nft_ctx_free�_Nftables__ctx)r�sofile�librrrrCsD









zNftables.__init__cCs|�|j�dS�N)rIrJ�rrrr�__del__szNftables.__del__cCs|j|}|�|j�|@SrM)�output_flagsr>rJ)r�name�flagrrr�__get_output_flag�s
zNftables.__get_output_flagcCsD|j|}|�|j�}|r||B}n||@}|�|j|�||@SrM)rPr>rJr@)rrQ�valrR�flags�	new_flagsrrr�__set_output_flag�s


zNftables.__set_output_flagcC�
|�d�S)z�Get the current state of reverse DNS output.

        Returns a boolean indicating whether reverse DNS lookups are performed
        for IP addresses in output.
        r+��_Nftables__get_output_flagrNrrr�get_reversedns_output��
zNftables.get_reversedns_outputcC�|�d|�S)z�Enable or disable reverse DNS output.

        Accepts a boolean turning reverse DNS lookups in output on or off.

        Returns the previous value.
        r+��_Nftables__set_output_flag�rrTrrr�set_reversedns_output��zNftables.set_reversedns_outputcCrX)z�Get the current state of service name output.

        Returns a boolean indicating whether service names are used for port
        numbers in output or not.
        r,rYrNrrr�get_service_output�r\zNftables.get_service_outputcCr])z�Enable or disable service name output.

        Accepts a boolean turning service names for port numbers in output on
        or off.

        Returns the previous value.
        r,r^r`rrr�set_service_output��zNftables.set_service_outputcCrX)z�Get the current state of stateless output.

        Returns a boolean indicating whether stateless output is active or not.
        r-rYrNrrr�get_stateless_output��
zNftables.get_stateless_outputcCr])z�Enable or disable stateless output.

        Accepts a boolean turning stateless output either on or off.

        Returns the previous value.
        r-r^r`rrr�set_stateless_output�rbzNftables.set_stateless_outputcCrX)z~Get the current state of handle output.

        Returns a boolean indicating whether handle output is active or not.
        r.rYrNrrr�get_handle_output�rgzNftables.get_handle_outputcCr])z�Enable or disable handle output.

        Accepts a boolean turning handle output on or off.

        Returns the previous value.
        r.r^r`rrr�set_handle_output�rbzNftables.set_handle_outputcCrX)zzGet the current state of JSON output.

        Returns a boolean indicating whether JSON output is active or not.
        rrYrNrrr�get_json_output�rgzNftables.get_json_outputcCr])z�Enable or disable JSON output.

        Accepts a boolean turning JSON output either on or off.

        Returns the previous value.
        rr^r`rrr�set_json_output�rbzNftables.set_json_outputcCrX)zzGet the current state of echo output.

        Returns a boolean indicating whether echo output is active or not.
        r/rYrNrrr�get_echo_output�rgzNftables.get_echo_outputcCr])z�Enable or disable echo output.

        Accepts a boolean turning echo output on or off.

        Returns the previous value.
        r/r^r`rrr�set_echo_output�rbzNftables.set_echo_outputcCrX)z�Get the current state of GID/UID output.

        Returns a boolean indicating whether names for group/user IDs are used
        in output or not.
        r0rYrNrrr�get_guid_output�r\zNftables.get_guid_outputcCr])z�Enable or disable GID/UID output.

        Accepts a boolean turning names for group/user IDs on or off.

        Returns the previous value.
        r0r^r`rrr�set_guid_output�rbzNftables.set_guid_outputcCrX)ztGet current status of numeric protocol output flag.

        Returns a boolean value indicating the status.
        r1rYrNrrr�get_numeric_proto_outputrgz!Nftables.get_numeric_proto_outputcCr])z�Set numeric protocol output flag.

        Accepts a boolean turning numeric protocol output either on or off.

        Returns the previous value.
        r1r^r`rrr�set_numeric_proto_outputrbz!Nftables.set_numeric_proto_outputcCrX)zzGet current status of numeric chain priority output flag.

        Returns a boolean value indicating the status.
        r2rYrNrrr�get_numeric_prio_outputrgz Nftables.get_numeric_prio_outputcCr])z�Set numeric chain priority output flag.

        Accepts a boolean turning numeric chain priority output either on or
        off.

        Returns the previous value.
        r2r^r`rrr�set_numeric_prio_outputrez Nftables.set_numeric_prio_outputcCrX)zsGet current status of numeric symbols output flag.

        Returns a boolean value indicating the status.
        r3rYrNrrr�get_numeric_symbol_output%rgz"Nftables.get_numeric_symbol_outputcCr])z�Set numeric symbols output flag.

        Accepts a boolean turning numeric representation of symbolic constants
        in output either on or off.

        Returns the previous value.
        r3r^r`rrr�set_numeric_symbol_output,rez"Nftables.set_numeric_symbol_outputcCrX)zqGet current status of numeric times output flag.

        Returns a boolean value indicating the status.
        r4rYrNrrr�get_numeric_time_output6rgz Nftables.get_numeric_time_outputcCr])z�Set numeric times output flag.

        Accepts a boolean turning numeric representation of time values
        in output either on or off.

        Returns the previous value.
        r4r^r`rrr�set_numeric_time_output=rez Nftables.set_numeric_time_outputcCrX)z|Get the current state of terse output.

        Returns a boolean indicating whether terse output is active or not.
        r5rYrNrrr�get_terse_outputGrgzNftables.get_terse_outputcCr])z�Enable or disable terse output.

        Accepts a boolean turning terse output either on or off.

        Returns the previous value.
        r5r^r`rrr�set_terse_outputNrbzNftables.set_terse_outputcCsR|�|j�}g}|j��D]\}}||@r|�|�||M}q
|r'|�|�|S)zmGet currently active debug flags.

        Returns a set of flag names. See set_debug() for details.
        )rArJ�debug_flags�items�append)rrT�names�n�vrrr�	get_debugWs

�
zNftables.get_debugcCs\|��}t|�ttfvr|g}d}|D]}t|�tur |j|}||O}q|�|j|�|S)aSet debug output flags.

        Accepts either a single flag or a set of flags. Each flag might be
        given either as string or integer value as shown in the following
        table:

        Name      | Value (hex)
        -----------------------
        scanner   | 0x1
        parser    | 0x2
        eval      | 0x4
        netlink   | 0x8
        mnl       | 0x10
        proto-ctx | 0x20
        segtree   | 0x40

        Returns a set of previously active debug flags, as returned by
        get_debug() method.
        r)r��type�str�intr{rBrJ)r�values�oldrTr�rrr�	set_debughs

zNftables.set_debugcCsdd}t|t�sd}|�d�}|�|j|�}|�|j�}|�|j�}|r-|�d�}|�d�}|||fS)a�Run a simple nftables command via libnftables.

        Accepts a string containing an nftables command just like what one
        would enter into an interactive nftables (nft -i) session.

        Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() fuction
        output -- a string containing output written to stdout
        error  -- a string containing output written to stderr
        FTzutf-8)�
isinstance�bytes�encoderHrJrDrG�decode)r�cmdline�cmdline_is_unicode�rc�output�errorrrr�cmd�s




zNftables.cmdcCsJ|�d�}|�t�|��\}}}|s|�|�t|�r t�|�}|||fS)aiRun an nftables command in JSON syntax via libnftables.

        Accepts a hash object as input.

        Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() function
        output -- a hash object containing library standard output
        error  -- a string containing output written to stderr
        T)rlr�r�dumps�len�loads)r�	json_root�json_out_oldr�r�r�rrr�json_cmd�s




zNftables.json_cmdcCs|jst�|_|j�|�dS)z�Validate JSON object against libnftables schema.

        Accepts a hash object as input.

        Returns True if JSON is valid, raises an exception otherwise.
        T)�	validatorrr)rr�rrr�
json_validate�szNftables.json_validate)r6)(rrrrr{rPr�rrOrZr_r[rarcrdrfrhrirjrkrlrmrnrorprqrrrsrtrurvrwrxryrzr�r�r�r�r�rrrrr%sr��
<
	
						


	#r)r�ctypes�sysr�NFTABLES_VERSIONrrrrrr�<module>s