_|j|_t|j_tg|j_|j|_t|j_tg|j_|j|_t|j_ttg|j_|j|_tg|j_|jd�|_|j|j�|j|j�dS)alInstantiate a new Nftables class object.

        Accepts a shared object file to open, by default standard search path
        is searched for a file named 'libnftables.so'.

        After loading the library using ctypes module, a new nftables context
        is requested from the library and buffering of output and error streams
        is turned on.
        rN)ZcdllZLoadLibraryZnft_ctx_newZc_void_pZrestypeZc_intZargtypes�nft_ctx_output_get_flagsZc_uint�nft_ctx_output_set_flags�nft_ctx_output_get_debug�nft_ctx_output_set_debugZnft_ctx_buffer_output�nft_ctx_get_output_bufferZc_char_pZnft_ctx_buffer_error�nft_ctx_get_error_buffer�nft_run_cmd_from_buffer�nft_ctx_free�_Nftables__ctx)rZsofile�librrrrCsD


zNftables.__init__cCs|j|j�dS)N)r>r?)rrrr�__del__szNftables.__del__cCs|j|}|j|j�|@S)N)�output_flagsr7r?)r�name�flagrrrZ__get_output_flag�s
||@}|j|j|�||@S)N)rBr7r?r8)rrC�valrD�flagsZ	new_flagsrrrZ__set_output_flag�s

|jd�S)z�Get the current state of reverse DNS output.

        Returns a boolean indicating whether reverse DNS lookups are performed
        for IP addresses in output.
        r+)�_Nftables__get_output_flag)rrrr�get_reversedns_output�szNftables.get_reversedns_outputcCs|jd|�S)z�Enable or disable reverse DNS output.

        Accepts a boolean turning reverse DNS lookups in output on or off.

        Returns the previous value.
|jd�S)z�Get the current state of service name output.

        Returns a boolean indicating whether service names are used for port
        numbers in output or not.
        r,)rG)rrrr�get_service_output�szNftables.get_service_outputcCs|jd|�S)z�Enable or disable service name output.

        Accepts a boolean turning service names for port numbers in output on
        or off.

        Returns the previous value.
|jd�S)z�Get the current state of stateless output.

        Returns a boolean indicating whether stateless output is active or not.
        r-)rG)rrrr�get_stateless_output�szNftables.get_stateless_outputcCs|jd|�S)z�Enable or disable stateless output.

        Accepts a boolean turning stateless output either on or off.

        Returns the previous value.
|jd�S)z~Get the current state of handle output.

        Returns a boolean indicating whether handle output is active or not.
        r.)rG)rrrr�get_handle_output�szNftables.get_handle_outputcCs|jd|�S)z�Enable or disable handle output.

        Accepts a boolean turning handle output on or off.

        Returns the previous value.
|jd�S)zzGet the current state of JSON output.

        Returns a boolean indicating whether JSON output is active or not.
        r)rG)rrrr�get_json_output�szNftables.get_json_outputcCs|jd|�S)z�Enable or disable JSON output.

        Accepts a boolean turning JSON output either on or off.

        Returns the previous value.
|jd�S)zzGet the current state of echo output.

        Returns a boolean indicating whether echo output is active or not.
        r/)rG)rrrr�get_echo_output�szNftables.get_echo_outputcCs|jd|�S)z�Enable or disable echo output.

        Accepts a boolean turning echo output on or off.

        Returns the previous value.
|jd�S)z�Get the current state of GID/UID output.

        Returns a boolean indicating whether names for group/user IDs are used
        in output or not.
        r0)rG)rrrr�get_guid_output�szNftables.get_guid_outputcCs|jd|�S)z�Enable or disable GID/UID output.

        Accepts a boolean turning names for group/user IDs on or off.

        Returns the previous value.
|jd�S)ztGet current status of numeric protocol output flag.

        Returns a boolean value indicating the status.
        r1)rG)rrrr�get_numeric_proto_outputsz!Nftables.get_numeric_proto_outputcCs|jd|�S)z�Set numeric protocol output flag.

        Accepts a boolean turning numeric protocol output either on or off.

        Returns the previous value.
|jd�S)zzGet current status of numeric chain priority output flag.

        Returns a boolean value indicating the status.
        r2)rG)rrrr�get_numeric_prio_outputsz Nftables.get_numeric_prio_outputcCs|jd|�S)z�Set numeric chain priority output flag.

        Accepts a boolean turning numeric chain priority output either on or

        Returns the previous value.
        r2)rI)rrErrr�set_numeric_prio_outputsz Nftables.set_numeric_prio_outputcCs
|jd�S)zsGet current status of numeric symbols output flag.

        Returns a boolean value indicating the status.
        r3)rG)rrrr�get_numeric_symbol_output%sz"Nftables.get_numeric_symbol_outputcCs|jd|�S)z�Set numeric symbols output flag.

        Accepts a boolean turning numeric representation of symbolic constants
        in output either on or off.

        Returns the previous value.
|jd�S)zqGet current status of numeric times output flag.

        Returns a boolean value indicating the status.
        r4)rG)rrrr�get_numeric_time_output6sz Nftables.get_numeric_time_outputcCs|jd|�S)z�Set numeric times output flag.

        Accepts a boolean turning numeric representation of time values
        in output either on or off.

        Returns the previous value.
        r4)rI)rrErrr�set_numeric_time_output=sz Nftables.set_numeric_time_outputcCs
|jd�S)z|Get the current state of terse output.

        Returns a boolean indicating whether terse output is active or not.
        r5)rG)rrrr�get_terse_outputGszNftables.get_terse_outputcCs|jd|�S)z�Enable or disable terse output.

        Accepts a boolean turning terse output either on or off.

        Returns the previous value.
        r5)rI)rrErrr�set_terse_outputNszNftables.set_terse_outputcCsV|j|j�}g}x2|jj�D]$\}}||@r|j|�||M}qW|rR|j|�|S)zmGet currently active debug flags.

        Returns a set of flag names. See set_debug() for details.
        )r9r?�debug_flags�items�append)rrE�names�n�vrrr�	get_debugWs

zNftables.get_debugcCs`|j�}t|�ttgkr|g}d}x*|D]"}t|�tkrB|j|}||O}q(W|j|j|�|S)aSet debug output flags.

        Accepts either a single flag or a set of flags. Each flag might be
        given either as string or integer value as shown in the following

        Name      | Value (hex)
        scanner   | 0x1
        parser    | 0x2
        eval      | 0x4
        netlink   | 0x8
        mnl       | 0x10
        proto-ctx | 0x20
        segtree   | 0x40

        Returns a set of previously active debug flags, as returned by
        get_debug() method.
        r)rg�type�str�intrar:r?)r�values�oldrErfrrr�	set_debughs
zNftables.set_debugcCsdd}t|t�sd}|jd�}|j|j|�}|j|j�}|j|j�}|rZ|jd�}|jd�}|||fS)a�Run a simple nftables command via libnftables.

        Accepts a string containing an nftables command just like what one
        would enter into an interactive nftables (nft -i) session.

        Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() fuction
        output -- a string containing output written to stdout
        error  -- a string containing output written to stderr


zNftables.cmdcCsJ|jd�}|jtj|��\}}}|s.|j|�t|�r@tj|�}|||fS)aiRun an nftables command in JSON syntax via libnftables.

        Accepts a hash object as input.

        Returns a tuple (rc, output, error):
        rc     -- return code as returned by nft_run_cmd_from_buffer() function
        output -- a hash object containing library standard output
        error  -- a string containing output written to stderr
        T)rRrur�dumps�len�loads)r�	json_rootZjson_out_oldrrrsrtrrr�json_cmd�s

zNftables.json_cmdcCs|jst�|_|jj|�dS)z�Validate JSON object against libnftables schema.

        Accepts a hash object as input.

        Returns True if JSON is valid, raises an exception otherwise.
        T)�	validatorrr)rryrrr�
json_validate�szNftables.json_validaterrrrrrr ��iii)r6)(rrrrrarBr{rrArGrIrHrJrKrLrMrNrOrPrQrRrSrTrUrVrWrXrYrZr[r\r]r^r_r`rgrmrurzr|rrrrr%sl
