class ExprLookup(NFTRuleExpr):
conv_maps = NFTRuleExpr.conv_maps + (
conv_map_tuple('setid', 'NFTA_LOOKUP_SET', 'set', 'raw'),
conv_map_tuple('sreg', 'NFTA_LOOKUP_SREG', 'sreg', 'reg'),
conv_map_tuple('flags', 'NFTA_LOOKUP_FLAGS', 'flags', 'raw'),
)
class ExprPayload(NFTRuleExpr):
conv_maps = NFTRuleExpr.conv_maps + (
conv_map_tuple('dreg', 'NFTA_PAYLOAD_DREG', 'dreg', 'reg'),
conv_map_tuple('base', 'NFTA_PAYLOAD_BASE', 'base', 'payload_base'),
conv_map_tuple('offset', 'NFTA_PAYLOAD_OFFSET', 'offset', 'raw'),
conv_map_tuple('len', 'NFTA_PAYLOAD_LEN', 'len', 'raw'),
)
class cparser_payload_base(NFTRuleExpr.cparser_extract_str):
STRVAL = 'NFT_PAYLOAD_{0}_HEADER'
@classmethod
def from_netlink(cls, ndmsg):
val = super(ExprPayload.cparser_payload_base,
cls).from_netlink(ndmsg)
if val == 'll':
return 'link'
return val
@classmethod
def to_netlink(cls, val):
if val == 'link':
val = 'll'
return super(ExprPayload.cparser_payload_base, cls).to_netlink(val)
@staticmethod
def from_dict(val):
return val
@staticmethod
def to_dict(val):
return val
class ExprBitwise(NFTRuleExpr):
conv_maps = NFTRuleExpr.conv_maps + (
conv_map_tuple('sreg', 'NFTA_BITWISE_SREG', 'sreg', 'reg'),
conv_map_tuple('dreg', 'NFTA_BITWISE_DREG', 'dreg', 'reg'),
conv_map_tuple('len', 'NFTA_BITWISE_LEN', 'len', 'raw'),
conv_map_tuple('mask', 'NFTA_BITWISE_MASK', 'mask', 'data'),
conv_map_tuple('xor', 'NFTA_BITWISE_XOR', 'xor', 'data'),
)
class ExprMeta(NFTRuleExpr):
conv_maps = NFTRuleExpr.conv_maps + (
conv_map_tuple('key', 'NFTA_META_KEY', 'key', 'meta_key'),
conv_map_tuple('dreg', 'NFTA_META_DREG', 'dreg', 'reg'),
)
class cparser_meta_key(NFTRuleExpr.cparser_extract_str):
STRVAL = 'NFT_META_{0}'
class ExprCmp(NFTRuleExpr):
conv_maps = NFTRuleExpr.conv_maps + (
conv_map_tuple('sreg', 'NFTA_CMP_SREG', 'sreg', 'reg'),
conv_map_tuple('op', 'NFTA_CMP_OP', 'op', 'cmp_op'),
conv_map_tuple('data', 'NFTA_CMP_DATA', 'data', 'data'),
)
class cparser_cmp_op(NFTRuleExpr.cparser_extract_str):
STRVAL = 'NFT_CMP_{0}'
class ExprNat(NFTRuleExpr):
conv_maps = NFTRuleExpr.conv_maps + (
conv_map_tuple('nat_type', 'NFTA_NAT_TYPE', 'nat_type', 'nat_type'),
conv_map_tuple('family', 'NFTA_NAT_FAMILY', 'family', 'inet_family'),
conv_map_tuple('sreg_addr_min', 'NFTA_NAT_REG_ADDR_MIN',
'sreg_addr_min', 'reg'),
conv_map_tuple('sreg_addr_max', 'NFTA_NAT_REG_ADDR_MAX',
'sreg_addr_max', 'reg'),
)
class cparser_nat_type(NFTRuleExpr.cparser_extract_str):
STRVAL = 'NFT_NAT_{0}'
class NFTRule(nfta_nla_parser):
conv_maps = (
conv_map_tuple('family', 'nfgen_family', 'family', 'nfproto'),
conv_map_tuple('table', 'NFTA_RULE_TABLE', 'table', 'raw'),
conv_map_tuple('chain', 'NFTA_RULE_CHAIN', 'chain', 'raw'),
conv_map_tuple('handle', 'NFTA_RULE_HANDLE', 'handle', 'raw'),
conv_map_tuple('expressions', 'NFTA_RULE_EXPRESSIONS', 'expr',
'expressions_list'),
conv_map_tuple('compat', 'NFTA_RULE_COMPAT', 'compat', 'raw'),
conv_map_tuple('position', 'NFTA_RULE_POSITION', 'position', 'raw'),
conv_map_tuple('userdata', 'NFTA_RULE_USERDATA', 'userdata',
'user_data'),
conv_map_tuple('rule_id', 'NFTA_RULE_ID', 'rule_id', 'raw'),
conv_map_tuple('position_id', 'NFTA_RULE_POSITION_ID', 'position_id',
'raw'),
)
@classmethod
def from_netlink(cls, ndmsg):
obj = super(NFTRule, cls).from_netlink(ndmsg)
obj.family = cls.cparser_nfproto.from_netlink(ndmsg['nfgen_family'])
return obj
class cparser_user_data(object):
def __init__(self, udata_type, value):
self.type = udata_type
self.value = value
@classmethod
def from_netlink(cls, userdata):
userdata = [int(d, 16) for d in userdata.split(':')]
udata_type = userdata[0]
udata_len = userdata[1]
udata_value = ''.join([chr(d) for d in userdata[2:udata_len + 2]])
if udata_type == 0:
# 0 == COMMENT
return cls('comment', udata_value)
raise NotImplementedError("userdata type: {0}".format(udata_type))
@staticmethod
def to_netlink(udata):
if udata.type == 'comment':
userdata = '00:'
else:
raise NotImplementedError("userdata type: {0}".format(
udata.type))
userdata += "%0.2X:" % len(udata.value)
userdata += ':'.join(["%0.2X" % ord(d) for d in udata.value])
return userdata
@staticmethod
def to_dict(udata):
# Currently nft command to not export userdata to dict
return None
if udata.type == "comment":
return {"type": "comment", "value": udata.value}
raise NotImplementedError("userdata type: {0}".format(udata.type))
@classmethod
def from_dict(cls, d):
# See to_dict() method
return None
class cparser_expressions_list(object):
@staticmethod
def from_netlink(expressions):
return [get_expression_from_netlink(e) for e in expressions]
@staticmethod
def to_netlink(expressions):
return [e.to_netlink() for e in expressions]
@staticmethod
def from_dict(expressions):
return [get_expression_from_dict(e) for e in expressions]
@staticmethod
def to_dict(expressions):
return [e.to_dict() for e in expressions]
class cparser_nfproto(object):
@staticmethod
def from_netlink(val):
return NFPROTO_2_NAME[val]
@staticmethod
def to_netlink(val):
return NAME_2_NFPROTO[val]
@staticmethod
def from_dict(val):
return val
@staticmethod
def to_dict(val):
return val
class ExprTarget(NFTRuleExpr):
conv_maps = NFTRuleExpr.conv_maps + (conv_map_tuple(
'target_name', 'NFTA_TARGET_NAME', 'name', 'raw'), )
class ExprMatch(NFTRuleExpr):
conv_maps = NFTRuleExpr.conv_maps + (conv_map_tuple(
'match_name', 'NFTA_MATCH_NAME', 'name', 'raw'), )
class ExprCounter(NFTRuleExpr):
conv_maps = NFTRuleExpr.conv_maps + (
conv_map_tuple('bytes', 'NFTA_COUNTER_BYTES', 'bytes', 'raw'),
conv_map_tuple('packets', 'NFTA_COUNTER_PACKETS', 'pkts', 'raw'),
)
class ExprImmediate(NFTRuleExpr):
conv_maps = NFTRuleExpr.conv_maps + (
conv_map_tuple('dreg', 'NFTA_IMMEDIATE_DREG', 'dreg', 'reg'),
conv_map_tuple('data', 'NFTA_IMMEDIATE_DATA', 'data', 'data'),
)
class NFTRuleExpr(nfta_nla_parser):
#######################################################################
conv_maps = (conv_map_tuple('name', 'NFTA_EXPR_NAME', 'type', 'raw'), )
#######################################################################
@classmethod
def from_netlink(cls, expr_type, ndmsg):
inst = super(NFTRuleExpr, cls).from_netlink(ndmsg)
inst.name = expr_type
return inst
cparser_reg = NFTReg
cparser_data = NFTData
class cparser_extract_str(object):
STRVAL = None
@classmethod
def from_netlink(cls, val):
magic = '{0}'
left, right = cls.STRVAL.split(magic, 1)
if right:
val = val[len(left):-len(right)]
else:
val = val[len(left):]
return val.lower()
@classmethod
def to_netlink(cls, val):
return cls.STRVAL.format(val).upper()
@staticmethod
def from_dict(val):
return val
@staticmethod
def to_dict(val):
return val
class cparser_inet_family(object):
@staticmethod
def from_netlink(val):
if val == AF_INET:
return 'ip'
if val == AF_INET6:
return 'ip6'
return val
@staticmethod
def to_netlink(val):
if val == 'ip':
return AF_INET
if val == 'ip6':
return AF_INET6
return val
@staticmethod
def from_dict(val):
return val
@staticmethod
def to_dict(val):
return val
