nftables 1.000

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +7 -0
  2. data/lib/nft/ctx.rb +46 -0
  3. data/lib/nft/library.rb +26 -0
  4. data/lib/nft/misc/file_descriptor.rb +23 -0
  5. data/lib/nft/version.rb +5 -0
  6. data/lib/nft.rb +51 -0
  7. metadata +71 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 1b6b43d401eac94c7a2dc1432207ddd7f554139f760d0b1e5583749d5fe4e48c
4
+ data.tar.gz: 0ce94e30a941ee4ffdf868d5573a86d1e825d504e64261a4ac4ff939600ac117
5
+ SHA512:
6
+ metadata.gz: 6c0f4820cc4e5d1c9f0158018a6a1311bc3690dbffcb232a3a0b94391274fb9e21d9bef8e2af28898d74a76ebd427772ee864184e06e31ef006a47fe18deacc7
7
+ data.tar.gz: 05f9f6cf6aabe2428ec85adc2539ab4fcac4d1b3ecb4ff68e1a49af5bac823d11ad00e5605e675e687b1e872e97262c8027a695935d1005df2d0c19f9de70db6
data/lib/nft/ctx.rb ADDED
@@ -0,0 +1,46 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'library'
4
+ require_relative 'misc/file_descriptor'
5
+
6
+ module NFT
7
+ module Ctx
8
+ include FileDescriptor
9
+
10
+ private
11
+
12
+ def ctx_create
13
+ ctx = NFT::Library.nft_ctx_new(NFT::Library::NFT_CTX_DEFAULT)
14
+
15
+ NFT::Library.nft_ctx_output_set_flags(ctx, 16)
16
+ NFT::Library.nft_ctx_output_set_debug(ctx, @debug) if @debug
17
+
18
+ @ctx = ctx
19
+ end
20
+
21
+ def ctx_free
22
+ NFT::Library.nft_ctx_free(@ctx)
23
+ end
24
+
25
+ def ctx_run
26
+ stdout_origin, stdout_tmpfile = fd_redirect($stdout)
27
+ stderr_origin, stderr_tmpfile = fd_redirect($stderr)
28
+
29
+ yield
30
+
31
+ stdout_tmpfile.rewind
32
+ stderr_tmpfile.rewind
33
+ [stdout_tmpfile.read, stderr_tmpfile.read]
34
+ ensure
35
+ fd_restore($stdout, stdout_origin, stdout_tmpfile)
36
+ fd_restore($stderr, stderr_origin, stderr_tmpfile)
37
+ end
38
+
39
+ def ctx_debug!(data)
40
+ return data if @debug.nil?
41
+
42
+ warn data.slice!(0, data.index('{"nftables":') || 0)
43
+ data
44
+ end
45
+ end
46
+ end
data/lib/nft/library.rb ADDED
@@ -0,0 +1,26 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'ffi'
4
+
5
+ module NFT
6
+ module Library
7
+ extend FFI::Library
8
+ ffi_lib 'nftables'
9
+
10
+ NFT_CTX_DEFAULT = 0
11
+
12
+ NFT_DEBUG_SCANNER = 0x1
13
+ NFT_DEBUG_PARSER = 0x2
14
+ NFT_DEBUG_EVALUATION = 0x4
15
+ NFT_DEBUG_NETLINK = 0x8
16
+ NFT_DEBUG_MNL = 0x10
17
+ NFT_DEBUG_PROTO_CTX = 0x20
18
+ NFT_DEBUG_SEGTREE = 0x40
19
+
20
+ attach_function :nft_ctx_new, %i[int], :pointer
21
+ attach_function :nft_ctx_free, %i[pointer], :void
22
+ attach_function :nft_run_cmd_from_buffer, %i[pointer string], :int
23
+ attach_function :nft_ctx_output_set_flags, %i[pointer int], :void
24
+ attach_function :nft_ctx_output_set_debug, %i[pointer int], :void
25
+ end
26
+ end
data/lib/nft/misc/file_descriptor.rb ADDED
@@ -0,0 +1,23 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'tempfile'
4
+
5
+ module NFT
6
+ module FileDescriptor
7
+ private
8
+
9
+ def fd_redirect(name)
10
+ origin = name.clone
11
+ tempfile = Tempfile.new("nft.#{(0...8).map { rand(65..90).chr }.join}")
12
+ name.reopen(tempfile)
13
+
14
+ [origin, tempfile]
15
+ end
16
+
17
+ def fd_restore(name, origin, tempfile)
18
+ name.reopen(origin)
19
+ tempfile.close
20
+ tempfile.unlink
21
+ end
22
+ end
23
+ end
data/lib/nft/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module NFT
4
+ VERSION = '1.000'
5
+ end
data/lib/nft.rb ADDED
@@ -0,0 +1,51 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'json'
4
+
5
+ require_relative 'nft/library'
6
+ require_relative 'nft/ctx'
7
+
8
+ ##
9
+ # The NFT module is a foreign function interface for the high-level
10
+ # userspace netfilter nftables library.
11
+ #
12
+ # It provides a basic run method, to execute nftables commands. For valid
13
+ # commands see the +nftables+(8) manpage and the {nftables wiki}[https://wiki.nftables.org].
14
+ module NFT
15
+ class << self
16
+ include NFT::Ctx
17
+
18
+ ##
19
+ # Enable and control debugging output.
20
+ #
21
+ # For options see the libnftables(3) manpage.
22
+ # The information is printed to stderr.
23
+ #
24
+ # NFT.debug = NFT::Library::NFT_DEBUG_SCANNER | NFT::Library::NFT_DEBUG_PARSER
25
+ attr_accessor :debug
26
+
27
+ ##
28
+ # Run given nftables command.
29
+ #
30
+ # The method returns an array of hashes if the command presents any output
31
+ # or an empty array otherwise. On execution failure it raises a runtime
32
+ # error.
33
+ #
34
+ # NFT.run('list ruleset')
35
+ def run(cmd)
36
+ begin
37
+ ctx_create
38
+ rc = 0
39
+ stdout, stderror = ctx_run { rc = NFT::Library.nft_run_cmd_from_buffer(@ctx, cmd) }
40
+ ensure
41
+ ctx_free
42
+ end
43
+ return raise stderror unless rc.zero?
44
+
45
+ return [] if stdout.nil? || stdout.empty?
46
+
47
+ stdout = ctx_debug!(stdout)
48
+ stdout.split("\n").map(&:strip).reject(&:empty?).map { |line| JSON.parse(line) }
49
+ end
50
+ end
51
+ end
metadata ADDED
@@ -0,0 +1,71 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: nftables
3
+ version: !ruby/object:Gem::Version
4
+ version: '1.000'
5
+ platform: ruby
6
+ authors:
7
+ - Tobias Schäfer
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2024-12-15 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: ffi
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 1.16.1
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: 1.16.1
27
+ description: |
28
+ Ruby high-level userspace netfilter nftables package.
29
+
30
+ This package is a foreign function interface for the high-level userspace
31
+ netfilter nftables library.
32
+
33
+ It provides a basic run method, to execute nftables commands.
34
+ email:
35
+ - github@blackox.org
36
+ executables: []
37
+ extensions: []
38
+ extra_rdoc_files: []
39
+ files:
40
+ - lib/nft.rb
41
+ - lib/nft/ctx.rb
42
+ - lib/nft/library.rb
43
+ - lib/nft/misc/file_descriptor.rb
44
+ - lib/nft/version.rb
45
+ homepage: https://github.com/tschaefer/ruby-nftables
46
+ licenses:
47
+ - GPL-3.0-or-later
48
+ metadata:
49
+ rubygems_mfa_required: 'true'
50
+ source_code_uri: https://github.com/tschaefer/ruby-nftables
51
+ bug_tracker_uri: https://github.com/tschaefer/ruby-nftables/issues
52
+ post_install_message: All your nftables are belong to us!
53
+ rdoc_options: []
54
+ require_paths:
55
+ - lib
56
+ required_ruby_version: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ version: '3.1'
61
+ required_rubygems_version: !ruby/object:Gem::Requirement
62
+ requirements:
63
+ - - ">="
64
+ - !ruby/object:Gem::Version
65
+ version: '0'
66
+ requirements: []
67
+ rubygems_version: 3.5.23
68
+ signing_key:
69
+ specification_version: 4
70
+ summary: Ruby high-level userspace netfilter nftables package.
71
+ test_files: []