From d7ac61b58e789c8ef7a503edd43013fd8524099f Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Fri, 27 Apr 2018 16:50:13 +0200
Subject: iptables-test: add nft switch and test binaries from git

instead of testing the system-wide installed iptables, test the
version from git instead.

Also add a --nftables switch to feed the test cases to xt-compat.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 iptables-test.py | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

(limited to 'iptables-test.py')

diff --git a/iptables-test.py b/iptables-test.py
index 9e137f8c..f3ec1b5c 100755
--- a/iptables-test.py
+++ b/iptables-test.py
@@ -51,7 +51,7 @@ def delete_rule(iptables, rule, filename, lineno):
     '''
     Removes an iptables rule
     '''
-    cmd = iptables + " -D " + rule
+    cmd = EXECUTEABLE + " " + iptables + " -D " + rule
     ret = execute_cmd(cmd, filename, lineno)
     if ret == 1:
         reason = "cannot delete: " + iptables + " -I " + rule
@@ -75,7 +75,7 @@ def run_test(iptables, rule, rule_save, res, filename, lineno):
     '''
     ret = 0
 
-    cmd = iptables + " -A " + rule
+    cmd = EXECUTEABLE + " " + iptables + " -A " + rule
     ret = execute_cmd(cmd, filename, lineno)
 
     #
@@ -109,7 +109,8 @@ def run_test(iptables, rule, rule_save, res, filename, lineno):
         elif splitted[0] == IP6TABLES:
             command = IP6TABLES_SAVE
     args = splitted[1:]
-    proc = subprocess.Popen(command, stdin=subprocess.PIPE,
+    proc = subprocess.Popen((os.path.abspath(os.path.curdir) + "/iptables/" + EXECUTEABLE, command),
+                            stdin=subprocess.PIPE,
                             stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     out, err = proc.communicate()
 
@@ -267,6 +268,8 @@ def main():
                         help='Run only this test')
     parser.add_argument('-m', '--missing', action='store_true',
                         help='Check for missing tests')
+    parser.add_argument('-n', '--nftables', action='store_true',
+                        help='Test iptables-over-nftables')
     args = parser.parse_args()
 
     #
@@ -276,10 +279,18 @@ def main():
         show_missing()
         return
 
+    global EXECUTEABLE
+    EXECUTEABLE = "xtables-multi"
+    if args.nftables:
+        EXECUTEABLE = "xtables-compat-multi"
+
     if os.getuid() != 0:
         print "You need to be root to run this, sorry"
         return
 
+    os.putenv("XTABLES_LIBDIR", os.path.abspath(EXTENSIONS_PATH))
+    os.putenv("PATH", "%s/iptables:%s" % (os.path.abspath(os.path.curdir), os.getenv("PATH")))
+
     test_files = 0
     tests = 0
     passed = 0
-- 
cgit v1.2.3