diff options
author | Phil Sutter <phil@nwl.cc> | 2023-08-15 13:47:28 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-09-01 13:15:03 +0200 |
commit | 35ff97e9aca8cd301ff9b9a95b0a72de1aeb700b (patch) | |
tree | 5f4b36dfccf29e4290e48b3a7dfe6bc7dab5dbf2 /iptables-test.py | |
parent | 63e4a64e943be64a7e0486838071b981074e696d (diff) |
Revert --compat option related commits
This reverts the following commits:
b14c971db6db0 ("tests: Test compat mode")
11c464ed015b5 ("Add --compat option to *tables-nft and *-nft-restore commands")
ca709b5784c98 ("nft: Introduce and use bool nft_handle::compat")
402b9b3c07c81 ("nft: Pass nft_handle to add_{target,action}()")
This implementation of a compatibility mode implements rules using
xtables extensions if possible and thus relies upon existence of those
in kernel space. Assuming no viable replacement for the internal
mechanics of this mode will be found in foreseeable future, it will
effectively block attempts at deprecating and removing of these xtables
extensions in favor of nftables expressions and thus hinder upstream's
future plans for iptables.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables-test.py')
-rwxr-xr-x | iptables-test.py | 19 |
1 files changed, 4 insertions, 15 deletions
diff --git a/iptables-test.py b/iptables-test.py index 22b445df..6f63cdbe 100755 --- a/iptables-test.py +++ b/iptables-test.py @@ -28,8 +28,6 @@ EBTABLES_SAVE = "ebtables-save" #IPTABLES_SAVE = ['xtables-save','-4'] #IP6TABLES_SAVE = ['xtables-save','-6'] -COMPAT_ARG = "" - EXTENSIONS_PATH = "extensions" LOGFILE="/tmp/iptables-test.log" log_file = None @@ -85,7 +83,7 @@ def run_test(iptables, rule, rule_save, res, filename, lineno, netns): ''' ret = 0 - cmd = iptables + COMPAT_ARG + " -A " + rule + cmd = iptables + " -A " + rule ret = execute_cmd(cmd, filename, lineno, netns) # @@ -320,7 +318,7 @@ def run_test_file_fast(iptables, filename, netns): # load all rules via iptables_restore - command = EXECUTABLE + " " + iptables + "-restore" + COMPAT_ARG + command = EXECUTABLE + " " + iptables + "-restore" if netns: command = "ip netns exec " + netns + " " + command @@ -560,8 +558,6 @@ def main(): help='Check for missing tests') parser.add_argument('-n', '--nftables', action='store_true', help='Test iptables-over-nftables') - parser.add_argument('-c', '--nft-compat', action='store_true', - help='Test iptables-over-nftables in compat mode') parser.add_argument('-N', '--netns', action='store_const', const='____iptables-container-test', help='Test netnamespace path') @@ -581,10 +577,8 @@ def main(): variants.append("legacy") if args.nftables: variants.append("nft") - if args.nft_compat: - variants.append("nft_compat") if len(variants) == 0: - variants = [ "legacy", "nft", "nft_compat" ] + variants = [ "legacy", "nft" ] if os.getuid() != 0: print("You need to be root to run this, sorry", file=sys.stderr) @@ -604,12 +598,7 @@ def main(): total_tests = 0 for variant in variants: global EXECUTABLE - global COMPAT_ARG - if variant == "nft_compat": - EXECUTABLE = "xtables-nft-multi" - COMPAT_ARG = " --compat" - else: - EXECUTABLE = "xtables-" + variant + "-multi" + EXECUTABLE = "xtables-" + variant + "-multi" test_files = 0 tests = 0 |