@@ -51,7 +51,7 @@ def delete_rule(iptables, rule, filename, lineno):
'''
Removes an iptables rule
'''
- cmd = iptables + " -D " + rule
+ cmd = EXECUTEABLE + " " + iptables + " -D " + rule
ret = execute_cmd(cmd, filename, lineno)
if ret == 1:
reason = "cannot delete: " + iptables + " -I " + rule
@@ -75,7 +75,7 @@ def run_test(iptables, rule, rule_save, res, filename, lineno):
'''
ret = 0
- cmd = iptables + " -A " + rule
+ cmd = EXECUTEABLE + " " + iptables + " -A " + rule
ret = execute_cmd(cmd, filename, lineno)
#
@@ -109,7 +109,8 @@ def run_test(iptables, rule, rule_save, res, filename, lineno):
elif splitted[0] == IP6TABLES:
command = IP6TABLES_SAVE
args = splitted[1:]
- proc = subprocess.Popen(command, stdin=subprocess.PIPE,
+ proc = subprocess.Popen((os.path.abspath(os.path.curdir) + "/iptables/" + EXECUTEABLE, command),
+ stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = proc.communicate()
@@ -267,6 +268,8 @@ def main():
help='Run only this test')
parser.add_argument('-m', '--missing', action='store_true',
help='Check for missing tests')
+ parser.add_argument('-n', '--nftables', action='store_true',
+ help='Test iptables-over-nftables')
args = parser.parse_args()
#
@@ -276,10 +279,18 @@ def main():
show_missing()
return
+ global EXECUTEABLE
+ EXECUTEABLE = "xtables-multi"
+ if args.nftables:
+ EXECUTEABLE = "xtables-compat-multi"
+
if os.getuid() != 0:
print "You need to be root to run this, sorry"
return
+ os.putenv("XTABLES_LIBDIR", os.path.abspath(EXTENSIONS_PATH))
+ os.putenv("PATH", "%s/iptables:%s" % (os.path.abspath(os.path.curdir), os.getenv("PATH")))
+
test_files = 0
tests = 0
passed = 0
instead of testing the system-wide installed iptables, test the version from git instead. Also add a --nftables switch to feed the test cases to xt-compat. Signed-off-by: Florian Westphal <fw@strlen.de> --- iptables-test.py | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-)