^^&&^^

Edit File: nftables.cpython-36.pyc

i)Ac]8������������������@���sD���d�dl�Z�d�dlT�d�dlZd�dlZdZG�dd��d�ZG�dd��d�ZdS�)�����N)�*z0.1c���������������@���s ���e�Zd�ZdZdd��Zdd��ZdS�)�SchemaValidatorz+Libnftables JSON validator using jsonschemac����������	���C���sJ���t�jjt�jjt�d�}t|d��}tj|�|�_W�d�Q�R�X�dd�l	}||�_	d�S�)Nzschema.json�rr���)
�os�path�join�dirname�__file__�open�json�load�schema�
jsonschema)�selfZschema_pathZschema_filer�����r����/usr/lib/python3.6/nftables.py�__init__���s
����zSchemaValidator.__init__c�������������C���s���|�j�j||�jd��d�S�)N)�instancer
���)r����validater
���)r���r���r���r���r���r���"���s����zSchemaValidator.validateN)�__name__�
__module__�__qualname__�__doc__r���r���r���r���r���r���r������s���r���c������������
���@���sP��e�Zd�ZdZdddddddd	�ZdWdXdYdZd[d\d]d^d_d`dadbd�ZdZdcdd�Zdd��Zdd��Z	dd��Z
dd��Zdd ��Zd!d"��Z
d#d$��Zd%d&��Zd'd(��Zd)d*��Zd+d,��Zd-d.��Zd/d0��Zd1d2��Zd3d4��Zd5d6��Zd7d8��Zd9d:��Zd;d<��Zd=d>��Zd?d@��ZdAdB��ZdCdD��ZdEdF��ZdGdH��Z dIdJ��Z!dKdL��Z"dMdN��Z#dOdP��Z$dQdR��Z%dSdT��Z&dUdV��Z'dS�)d�Nftablesz*A class representing libnftables interface��������������������� ����@���)�scanner�parser�evalZnetlinkZmnlz	proto-ctxZsegtreer��������������������	����
�������)�
reversedns�service�	stateless�handler����echo�guid�
numeric_proto�numeric_prio�numeric_symbol�numeric_time�terseN�libnftables.so.1.0.0c�������������C���s>��t�j|�}|j|�_t|�j_tg|�j_|j|�_t|�j_tg|�j_|j	|�_	ttg|�j	_|j
|�_
t|�j
_tg|�j
_|j|�_ttg|�j_|j|�_t|�j_tg|�j_|j
|�_
t|�j
_tg|�j
_|j|�_t|�j_tg|�j_|j|�_t|�j_tg|�j_|j|�_t|�j_ttg|�j_|j|�_tg|j_|�jd�|�_|�j|�j��|�j|�j��dS�)al��Instantiate a new Nftables class object.

Accepts a shared object file to open, by default standard search path
        is searched for a file named 'libnftables.so'.

After loading the library using ctypes module, a new nftables context
        is requested from the library and buffering of output and error streams
        is turned on.
        r���N)ZcdllZLoadLibraryZnft_ctx_newZc_void_pZrestypeZc_intZargtypes�nft_ctx_output_get_flagsZc_uint�nft_ctx_output_set_flags�nft_ctx_output_get_debug�nft_ctx_output_set_debugZnft_ctx_buffer_output�nft_ctx_get_output_bufferZc_char_pZnft_ctx_buffer_error�nft_ctx_get_error_buffer�nft_run_cmd_from_buffer�nft_ctx_free�_Nftables__ctx)r���Zsofile�libr���r���r���r���C���sD����

zNftables.__init__c�������������C���s���|�j�|�j��d�S�)N)r>���r?���)r���r���r���r����__del__���s����zNftables.__del__c�������������C���s���|�j�|�}|�j|�j�|@�S�)N)�output_flagsr7���r?���)r����name�flagr���r���r���Z__get_output_flag����s����
zNftables.__get_output_flagc�������������C���sD���|�j�|�}|�j|�j�}|r$||B�}n
||�@�}|�j|�j|��||@�S�)N)rB���r7���r?���r8���)r���rC����valrD����flagsZ	new_flagsr���r���r���Z__set_output_flag����s����

zNftables.__set_output_flagc�������������C���s
���|�j�d�S�)z�Get the current state of reverse DNS output.

Returns a boolean indicating whether reverse DNS lookups are performed
        for IP addresses in output.
        r+���)�_Nftables__get_output_flag)r���r���r���r����get_reversedns_output����s����zNftables.get_reversedns_outputc�������������C���s���|�j�d|�S�)z�Enable or disable reverse DNS output.

Accepts a boolean turning reverse DNS lookups in output on or off.

Returns the previous value.
        r+���)�_Nftables__set_output_flag)r���rE���r���r���r����set_reversedns_output����s����zNftables.set_reversedns_outputc�������������C���s
���|�j�d�S�)z�Get the current state of service name output.

Returns a boolean indicating whether service names are used for port
        numbers in output or not.
        r,���)rG���)r���r���r���r����get_service_output����s����zNftables.get_service_outputc�������������C���s���|�j�d|�S�)z�Enable or disable service name output.

Accepts a boolean turning service names for port numbers in output on
        or off.

Returns the previous value.
        r,���)rI���)r���rE���r���r���r����set_service_output����s����zNftables.set_service_outputc�������������C���s
���|�j�d�S�)z�Get the current state of stateless output.

Returns a boolean indicating whether stateless output is active or not.
        r-���)rG���)r���r���r���r����get_stateless_output����s����zNftables.get_stateless_outputc�������������C���s���|�j�d|�S�)z�Enable or disable stateless output.

Accepts a boolean turning stateless output either on or off.

Returns the previous value.
        r-���)rI���)r���rE���r���r���r����set_stateless_output����s����zNftables.set_stateless_outputc�������������C���s
���|�j�d�S�)z~Get the current state of handle output.

Returns a boolean indicating whether handle output is active or not.
        r.���)rG���)r���r���r���r����get_handle_output����s����zNftables.get_handle_outputc�������������C���s���|�j�d|�S�)z�Enable or disable handle output.

Accepts a boolean turning handle output on or off.

Returns the previous value.
        r.���)rI���)r���rE���r���r���r����set_handle_output����s����zNftables.set_handle_outputc�������������C���s
���|�j�d�S�)zzGet the current state of JSON output.

Returns a boolean indicating whether JSON output is active or not.
        r���)rG���)r���r���r���r����get_json_output����s����zNftables.get_json_outputc�������������C���s���|�j�d|�S�)z�Enable or disable JSON output.

Accepts a boolean turning JSON output either on or off.

Returns the previous value.
        r���)rI���)r���rE���r���r���r����set_json_output����s����zNftables.set_json_outputc�������������C���s
���|�j�d�S�)zzGet the current state of echo output.

Returns a boolean indicating whether echo output is active or not.
        r/���)rG���)r���r���r���r����get_echo_output����s����zNftables.get_echo_outputc�������������C���s���|�j�d|�S�)z�Enable or disable echo output.

Accepts a boolean turning echo output on or off.

Returns the previous value.
        r/���)rI���)r���rE���r���r���r����set_echo_output����s����zNftables.set_echo_outputc�������������C���s
���|�j�d�S�)z�Get the current state of GID/UID output.

Returns a boolean indicating whether names for group/user IDs are used
        in output or not.
        r0���)rG���)r���r���r���r����get_guid_output����s����zNftables.get_guid_outputc�������������C���s���|�j�d|�S�)z�Enable or disable GID/UID output.

Accepts a boolean turning names for group/user IDs on or off.

Returns the previous value.
        r0���)rI���)r���rE���r���r���r����set_guid_output����s����zNftables.set_guid_outputc�������������C���s
���|�j�d�S�)ztGet current status of numeric protocol output flag.

Returns a boolean value indicating the status.
        r1���)rG���)r���r���r���r����get_numeric_proto_output��s����z!Nftables.get_numeric_proto_outputc�������������C���s���|�j�d|�S�)z�Set numeric protocol output flag.

Accepts a boolean turning numeric protocol output either on or off.

Returns the previous value.
        r1���)rI���)r���rE���r���r���r����set_numeric_proto_output��s����z!Nftables.set_numeric_proto_outputc�������������C���s
���|�j�d�S�)zzGet current status of numeric chain priority output flag.

Returns a boolean value indicating the status.
        r2���)rG���)r���r���r���r����get_numeric_prio_output��s����z Nftables.get_numeric_prio_outputc�������������C���s���|�j�d|�S�)z�Set numeric chain priority output flag.

Accepts a boolean turning numeric chain priority output either on or
        off.

Returns the previous value.
        r2���)rI���)r���rE���r���r���r����set_numeric_prio_output��s����z Nftables.set_numeric_prio_outputc�������������C���s
���|�j�d�S�)zsGet current status of numeric symbols output flag.

Returns a boolean value indicating the status.
        r3���)rG���)r���r���r���r����get_numeric_symbol_output%��s����z"Nftables.get_numeric_symbol_outputc�������������C���s���|�j�d|�S�)z�Set numeric symbols output flag.

Accepts a boolean turning numeric representation of symbolic constants
        in output either on or off.

Returns the previous value.
        r3���)rI���)r���rE���r���r���r����set_numeric_symbol_output,��s����z"Nftables.set_numeric_symbol_outputc�������������C���s
���|�j�d�S�)zqGet current status of numeric times output flag.

Returns a boolean value indicating the status.
        r4���)rG���)r���r���r���r����get_numeric_time_output6��s����z Nftables.get_numeric_time_outputc�������������C���s���|�j�d|�S�)z�Set numeric times output flag.

Accepts a boolean turning numeric representation of time values
        in output either on or off.

Returns the previous value.
        r4���)rI���)r���rE���r���r���r����set_numeric_time_output=��s����z Nftables.set_numeric_time_outputc�������������C���s
���|�j�d�S�)z|Get the current state of terse output.

Returns a boolean indicating whether terse output is active or not.
        r5���)rG���)r���r���r���r����get_terse_outputG��s����zNftables.get_terse_outputc�������������C���s���|�j�d|�S�)z�Enable or disable terse output.

Accepts a boolean turning terse output either on or off.

Returns the previous value.
        r5���)rI���)r���rE���r���r���r����set_terse_outputN��s����zNftables.set_terse_outputc�������������C���sV���|�j�|�j�}g�}x2|�jj��D�]$\}}||@�r|j|��||�M�}qW�|rR|j|��|S�)zmGet currently active debug flags.

Returns a set of flag names. See set_debug() for details.
        )r9���r?����debug_flags�items�append)r���rE����names�n�vr���r���r����	get_debugW��s����

zNftables.get_debugc�������������C���s`���|�j���}t|�ttgkr|g}d}x*|D�]"}t|�tkrB|�j|�}||O�}q(W�|�j|�j|��|S�)a��Set debug output flags.

Accepts either a single flag or a set of flags. Each flag might be
        given either as string or integer value as shown in the following
        table:

Returns a set of previously active debug flags, as returned by
        get_debug() method.
        r���)rg����type�str�intra���r:���r?���)r����values�oldrE���rf���r���r���r����	set_debugh��s����

zNftables.set_debugc�������������C���sd���d}t�|t�sd}|jd�}|�j|�j|�}|�j|�j�}|�j|�j�}|rZ|jd�}|jd�}|||fS�)a���Run a simple nftables command via libnftables.

Accepts a string containing an nftables command just like what one
        would enter into an interactive nftables (nft -i) session.

Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() fuction
        output -- a string containing output written to stdout
        error  -- a string containing output written to stderr
        FTzutf-8)�
isinstance�bytes�encoder=���r?���r;���r<����decode)r���ZcmdlineZcmdline_is_unicode�rc�output�errorr���r���r����cmd���s����

zNftables.cmdc�������������C���sJ���|�j�d�}|�jtj|��\}}}|s.|�j�|��t|�r@tj|�}|||fS�)ai��Run an nftables command in JSON syntax via libnftables.

Accepts a hash object as input.

Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() function
        output -- a hash object containing library standard output
        error  -- a string containing output written to stderr
        T)rR���ru���r����dumps�len�loads)r����	json_rootZjson_out_oldrr���rs���rt���r���r���r����json_cmd���s����

zNftables.json_cmdc�������������C���s���|�j�st��|�_�|�j�j|��dS�)z�Validate JSON object against libnftables schema.

Accepts a hash object as input.

Returns True if JSON is valid, raises an exception otherwise.
        T)�	validatorr���r���)r���ry���r���r���r����
json_validate���s����zNftables.json_validater���r���r���r���r���r���r �����������i���i���i���)r6���)(r���r���r���r���ra���rB���r{���r���rA���rG���rI���rH���rJ���rK���rL���rM���rN���rO���rP���rQ���rR���rS���rT���rU���rV���rW���rX���rY���rZ���r[���r\���r]���r^���r_���r`���rg���rm���ru���rz���r|���r���r���r���r���r���%���sl���
<

#r���)r���Zctypes�sysr���ZNFTABLES_VERSIONr���r���r���r���r���r����<module>���s���