From: Phil Sutter <phil@nwl.cc>
To: Thomas Haller <thaller@redhat.com>
Cc: NetFilter <netfilter-devel@vger.kernel.org>,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: [nft v3 PATCH 4/4] py: add Nftables.input_{set,get}_flags() API
Date: Thu, 27 Jul 2023 19:02:54 +0200 [thread overview]
Message-ID: <ZMKjPtfVkeycyU8s@orbyte.nwl.cc> (raw)
In-Reply-To: <20230720143147.669250-5-thaller@redhat.com>
On Thu, Jul 20, 2023 at 04:27:03PM +0200, Thomas Haller wrote:
> Add new API to expose the input flags in the Python API.
>
> Note that the chosen approach differs from the existing
> nft_ctx_output_get_flags() and nft_ctx_output_get_debug()
> API, which themselves are inconsistent approaches.
>
> The new API directly exposes the underlying C API, that is, the numeric
> flags.
Insisting on forcing users to set input flags differently than output
flags is a bit odd, but once complaints come in we can still follow-up I
guess.
[...]
> diff --git a/py/nftables.py b/py/nftables.py
> index 68fcd7dd103c..e2417b7598c0 100644
> --- a/py/nftables.py
> +++ b/py/nftables.py
[...]
> @@ -152,6 +182,30 @@ class Nftables:
> def __del__(self):
> self.nft_ctx_free(self.__ctx)
>
> + def input_get_flags(self):
> + """Query input flags for the nft context.
> +
> + See input_get_flags() for supported flags.
> +
> + Returns the currently set input flags as number.
> + """
> + return self.nft_ctx_input_get_flags(self.__ctx)
> +
> + def input_set_flags(self, flags):
> + """Set input flags for the nft context as number.
> +
> + By default, a new context objects has flags set to zero.
> +
> + The following flags are currently supported.
> + NFT_CTX_INPUT_NO_DNS (0x1) disables blocking address lookup.
> + NFT_CTX_INPUT_JSON (0x2) enables JSON mode for input.
> +
> + Unknown flags are silently accepted.
> +
> + Returns nothing.
> + """
> + self.nft_ctx_input_set_flags(self.__ctx, flags)
Please make this return the old flags. It makes temporary flag setting
much easier, see this snippet from tests/py/nft-test.py for instance:
| # Check for matching ruleset listing
| numeric_proto_old = nftables.set_numeric_proto_output(True)
| stateless_old = nftables.set_stateless_output(True)
| list_cmd = 'list table %s' % table
| rc, pre_output, err = nftables.cmd(list_cmd)
| nftables.set_numeric_proto_output(numeric_proto_old)
| nftables.set_stateless_output(stateless_old)
Thanks, Phil
prev parent reply other threads:[~2023-07-27 17:02 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-20 14:26 [nft v3 PATCH 0/4] add input flags and "no-dns"/"json" flags Thomas Haller
2023-07-20 14:27 ` [nft v3 PATCH 1/4] src: add input flags for nft_ctx Thomas Haller
2023-07-20 14:27 ` [nvt v3 PATCH 2/4] src: add input flag NFT_CTX_INPUT_NO_DNS to avoid blocking Thomas Haller
2023-07-27 16:52 ` Phil Sutter
2023-07-20 14:27 ` [nft v3 PATCH 3/4] src: add input flag NFT_CTX_INPUT_JSON to enable JSON parsing Thomas Haller
2023-07-27 16:57 ` Phil Sutter
2023-07-20 14:27 ` [nft v3 PATCH 4/4] py: add Nftables.input_{set,get}_flags() API Thomas Haller
2023-07-27 17:02 ` Phil Sutter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZMKjPtfVkeycyU8s@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=thaller@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).