17 files changed, 114 insertions, 120 deletions

diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t
index 6334dd76..ce6d51a4 100644
--- a/tests/py/any/ct.t
+++ b/tests/py/any/ct.t
@@ -75,19 +75,19 @@ ct expiration != {33-55};ok;ct expiration != { 33s-55s}
 
 ct helper "ftp";ok
 ct helper "12345678901234567";fail
-ct helper '""';fail
+ct helper "";fail
 
 ct state . ct mark { new . 0x12345678};ok
 ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634};ok
 ct direction . ct mark { original . 0x12345678};ok
 ct state . ct mark vmap { new . 0x12345678 : drop};ok
 
-ct original bytes \> 100000;ok;ct original bytes > 100000
-ct reply packets \< 100;ok;ct reply packets < 100
-ct bytes \> 100000;ok;ct bytes > 100000
+ct original bytes > 100000;ok
+ct reply packets < 100;ok
+ct bytes > 100000;ok
 
-ct avgpkt \> 200;ok;ct avgpkt > 200
-ct original avgpkt \< 500;ok;ct original avgpkt < 500
+ct avgpkt > 200;ok
+ct original avgpkt < 500;ok
 
 # bogus direction
 ct both bytes gt 1;fail
@@ -107,7 +107,7 @@ ct mark original;fail
 
 ct event set new;ok
 ct event set new or related or destroy or foobar;fail
-ct event set 'new | related | destroy | label';ok;ct event set new,related,destroy,label
+ct event set new | related | destroy | label;ok;ct event set new,related,destroy,label
 ct event set new,related,destroy,label;ok
 ct event set new,destroy;ok
 ct event set 1;ok;ct event set new
diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload
index 7ebf3f8d..9f288e79 100644
--- a/tests/py/any/ct.t.payload
+++ b/tests/py/any/ct.t.payload
@@ -343,31 +343,31 @@ ip test-ip4 output
   [ lookup reg 1 set __map%d dreg 1 ]
   [ ct set mark with reg 1 ]
 
-# ct original bytes \> 100000
+# ct original bytes > 100000
 ip test-ip4 output
   [ ct load bytes => reg 1 , dir original ]
   [ byteorder reg 1 = hton(reg 1, 8, 8) ]
   [ cmp gt reg 1 0x00000000 0xa0860100 ]
 
-# ct reply packets \< 100
+# ct reply packets < 100
 ip test-ip4 output
   [ ct load packets => reg 1 , dir reply ]
   [ byteorder reg 1 = hton(reg 1, 8, 8) ]
   [ cmp lt reg 1 0x00000000 0x64000000 ]
 
-# ct bytes \> 100000
+# ct bytes > 100000
 ip test-ip4 output
   [ ct load bytes => reg 1 ]
   [ byteorder reg 1 = hton(reg 1, 8, 8) ]
   [ cmp gt reg 1 0x00000000 0xa0860100 ]
 
-# ct avgpkt \> 200
+# ct avgpkt > 200
 ip test-ip4 output
   [ ct load avgpkt => reg 1 ]
   [ byteorder reg 1 = hton(reg 1, 8, 8) ]
   [ cmp gt reg 1 0x00000000 0xc8000000 ]
 
-# ct original avgpkt \< 500
+# ct original avgpkt < 500
 ip test-ip4 output
   [ ct load avgpkt => reg 1 , dir original ]
   [ byteorder reg 1 = hton(reg 1, 8, 8) ]
@@ -396,7 +396,7 @@ ip test-ip4 output
   [ immediate reg 1 0x00000001 ]
   [ ct set event with reg 1 ]
 
-# ct event set 'new | related | destroy | label'
+# ct event set new | related | destroy | label
 ip test-ip4 output
   [ immediate reg 1 0x00000407 ]
   [ ct set event with reg 1 ]
diff --git a/tests/py/any/log.t b/tests/py/any/log.t
index 37982022..d1b4ab62 100644
--- a/tests/py/any/log.t
+++ b/tests/py/any/log.t
@@ -24,7 +24,7 @@ log prefix aaaaa-aaaaaa group 2 snaplen 33;ok;log prefix "aaaaa-aaaaaa" group 2
 # The correct rule is log group 2 queue-threshold 2
 log group 2 queue-threshold 2;ok
 log group 2 snaplen 33;ok
-log group 2 prefix \"nft-test: \";ok;log prefix "nft-test: " group 2
+log group 2 prefix "nft-test: ";ok;log prefix "nft-test: " group 2
 
 log flags all;ok
 log level debug flags ip options flags skuid;ok
diff --git a/tests/py/any/log.t.payload b/tests/py/any/log.t.payload
index 385b8bba..ffb914d2 100644
--- a/tests/py/any/log.t.payload
+++ b/tests/py/any/log.t.payload
@@ -46,7 +46,7 @@ ip test-ip4 output
 ip test-ip4 output
   [ log group 2 snaplen 33 qthreshold 0 ]
 
-# log group 2 prefix \"nft-test: \"
+# log group 2 prefix "nft-test: "
 ip test-ip4 output
   [ log prefix nft-test:  group 2 snaplen 0 qthreshold 0 ]
 
diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t
index 9df038e5..b3bb0504 100644
--- a/tests/py/any/meta.t
+++ b/tests/py/any/meta.t
@@ -70,7 +70,7 @@ meta iifname {"dummy0", "lo"};ok;iifname {"dummy0", "lo"}
 meta iifname != {"dummy0", "lo"};ok;iifname != {"dummy0", "lo"}
 meta iifname "dummy*";ok;iifname "dummy*"
 meta iifname "dummy\*";ok;iifname "dummy\*"
-meta iifname '""';fail
+meta iifname "";fail
 
 meta iiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok;iiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre}
 meta iiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok;iiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre}
@@ -89,7 +89,7 @@ meta oifname != "dummy0";ok;oifname != "dummy0"
 meta oifname { "dummy0", "lo"};ok;oifname { "dummy0", "lo"}
 meta oifname "dummy*";ok;oifname "dummy*"
 meta oifname "dummy\*";ok;oifname "dummy\*"
-meta oifname '""';fail
+meta oifname "";fail
 
 meta oiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok;oiftype {ether, ppp, ipip, ipip6, loopback, sit, ipgre}
 meta oiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre};ok;oiftype != {ether, ppp, ipip, ipip6, loopback, sit, ipgre}
diff --git a/tests/py/arp/arp.t b/tests/py/arp/arp.t
index 36c7f196..d62cc546 100644
--- a/tests/py/arp/arp.t
+++ b/tests/py/arp/arp.t
@@ -55,4 +55,4 @@ arp operation != inreply;ok
 arp operation != nak;ok
 arp operation != reply;ok
 
-meta iifname \"invalid\" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566;ok;iifname "invalid" arp htype 1 arp ptype ip arp hlen 6 arp plen 4 @nh,192,32 3232272144 @nh,144,48 set 18838586676582
+meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566;ok;iifname "invalid" arp htype 1 arp ptype ip arp hlen 6 arp plen 4 @nh,192,32 3232272144 @nh,144,48 set 18838586676582
diff --git a/tests/py/arp/arp.t.payload b/tests/py/arp/arp.t.payload
index 34ae2414..bb95e1c1 100644
--- a/tests/py/arp/arp.t.payload
+++ b/tests/py/arp/arp.t.payload
@@ -268,7 +268,7 @@ arp test-arp input
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ cmp neq reg 1 0x00000200 ]
 
-# meta iifname \"invalid\" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566
+# meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566
 arp test-arp input
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x61766e69 0x0064696c 0x00000000 0x00000000 ]
diff --git a/tests/py/arp/arp.t.payload.netdev b/tests/py/arp/arp.t.payload.netdev
index 21818ba2..00c26ccc 100644
--- a/tests/py/arp/arp.t.payload.netdev
+++ b/tests/py/arp/arp.t.payload.netdev
@@ -358,7 +358,7 @@ netdev test-netdev ingress
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ cmp neq reg 1 0x00000200 ]
 
-# meta iifname \"invalid\" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566
+# meta iifname "invalid" arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566
 netdev test-netdev ingress
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x61766e69 0x0064696c 0x00000000 0x00000000 ]
diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t
index f25be599..52765166 100644
--- a/tests/py/inet/tcp.t
+++ b/tests/py/inet/tcp.t
@@ -76,7 +76,7 @@ tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop;ok
 tcp flags != { fin, urg, ecn, cwr} drop;ok
 tcp flags cwr;ok
 tcp flags != cwr;ok
-tcp 'flags & (syn|fin) == (syn|fin)';ok;tcp flags & (fin | syn) == fin | syn
+tcp flags & (syn|fin) == (syn|fin);ok;tcp flags & (fin | syn) == fin | syn
 
 tcp window 22222;ok
 tcp window 22;ok
diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload
index bf2ffaaf..512b42e9 100644
--- a/tests/py/inet/tcp.t.payload
+++ b/tests/py/inet/tcp.t.payload
@@ -421,7 +421,7 @@ inet test-inet input
   [ payload load 1b @ transport header + 13 => reg 1 ]
   [ cmp neq reg 1 0x00000080 ]
 
-# tcp 'flags & (syn|fin) == (syn|fin)'
+# tcp flags & (syn|fin) == (syn|fin)
 inet test-inet input
   [ meta load l4proto => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t
index d773042a..0421d01b 100644
--- a/tests/py/ip/ip.t
+++ b/tests/py/ip/ip.t
@@ -113,10 +113,10 @@ ip daddr 192.168.0.1;ok
 ip daddr 192.168.0.1 drop;ok
 ip daddr 192.168.0.2;ok
 
-ip saddr \& 0xff == 1;ok;ip saddr & 0.0.0.255 == 0.0.0.1
-ip saddr \& 0.0.0.255 \< 0.0.0.127;ok;ip saddr & 0.0.0.255 < 0.0.0.127
+ip saddr & 0xff == 1;ok;ip saddr & 0.0.0.255 == 0.0.0.1
+ip saddr & 0.0.0.255 < 0.0.0.127;ok
 
-ip saddr \& 0xffff0000 == 0xffff0000;ok;ip saddr 255.255.0.0/16
+ip saddr & 0xffff0000 == 0xffff0000;ok;ip saddr 255.255.0.0/16
 
 ip version 4 ip hdrlength 5;ok
 ip hdrlength 0;ok
diff --git a/tests/py/ip/ip.t.payload b/tests/py/ip/ip.t.payload
index e9de690d..eba79dec 100644
--- a/tests/py/ip/ip.t.payload
+++ b/tests/py/ip/ip.t.payload
@@ -484,19 +484,19 @@ ip test-ip4 input
   [ payload load 4b @ network header + 16 => reg 1 ]
   [ cmp eq reg 1 0x0200a8c0 ]
 
-# ip saddr \& 0xff == 1
+# ip saddr & 0xff == 1
 ip test-ip4 input
   [ payload load 4b @ network header + 12 => reg 1 ]
   [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ]
   [ cmp eq reg 1 0x01000000 ]
 
-# ip saddr \& 0.0.0.255 \< 0.0.0.127
+# ip saddr & 0.0.0.255 < 0.0.0.127
 ip test-ip4 input
   [ payload load 4b @ network header + 12 => reg 1 ]
   [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ]
   [ cmp lt reg 1 0x7f000000 ]
 
-# ip saddr \& 0xffff0000 == 0xffff0000
+# ip saddr & 0xffff0000 == 0xffff0000
 ip test-ip4 input
   [ payload load 4b @ network header + 12 => reg 1 ]
   [ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ 0x00000000 ]
diff --git a/tests/py/ip/ip.t.payload.bridge b/tests/py/ip/ip.t.payload.bridge
index d1c57a01..f16759bf 100644
--- a/tests/py/ip/ip.t.payload.bridge
+++ b/tests/py/ip/ip.t.payload.bridge
@@ -632,7 +632,7 @@ bridge test-bridge input
   [ payload load 4b @ network header + 16 => reg 1 ]
   [ cmp eq reg 1 0x0200a8c0 ]
 
-# ip saddr \& 0xff == 1
+# ip saddr & 0xff == 1
 bridge test-bridge input 
   [ payload load 2b @ link header + 12 => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
@@ -640,7 +640,7 @@ bridge test-bridge input
   [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ]
   [ cmp eq reg 1 0x01000000 ]
 
-# ip saddr \& 0.0.0.255 \< 0.0.0.127
+# ip saddr & 0.0.0.255 < 0.0.0.127
 bridge test-bridge input 
   [ payload load 2b @ link header + 12 => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
@@ -648,7 +648,7 @@ bridge test-bridge input
   [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ]
   [ cmp lt reg 1 0x7f000000 ]
 
-# ip saddr \& 0xffff0000 == 0xffff0000
+# ip saddr & 0xffff0000 == 0xffff0000
 bridge test-bridge input 
   [ payload load 2b @ link header + 12 => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
diff --git a/tests/py/ip/ip.t.payload.inet b/tests/py/ip/ip.t.payload.inet
index e6cb700f..12b03e2e 100644
--- a/tests/py/ip/ip.t.payload.inet
+++ b/tests/py/ip/ip.t.payload.inet
@@ -632,7 +632,7 @@ inet test-inet input
   [ payload load 4b @ network header + 16 => reg 1 ]
   [ cmp eq reg 1 0x0200a8c0 ]
 
-# ip saddr \& 0xff == 1
+# ip saddr & 0xff == 1
 inet test-inet input
   [ meta load nfproto => reg 1 ]
   [ cmp eq reg 1 0x00000002 ]
@@ -640,7 +640,7 @@ inet test-inet input
   [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ]
   [ cmp eq reg 1 0x01000000 ]
 
-# ip saddr \& 0.0.0.255 \< 0.0.0.127
+# ip saddr & 0.0.0.255 < 0.0.0.127
 inet test-inet input
   [ meta load nfproto => reg 1 ]
   [ cmp eq reg 1 0x00000002 ]
@@ -648,7 +648,7 @@ inet test-inet input
   [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ]
   [ cmp lt reg 1 0x7f000000 ]
 
-# ip saddr \& 0xffff0000 == 0xffff0000
+# ip saddr & 0xffff0000 == 0xffff0000
 inet test-inet input
   [ meta load nfproto => reg 1 ]
   [ cmp eq reg 1 0x00000002 ]
diff --git a/tests/py/ip/ip.t.payload.netdev b/tests/py/ip/ip.t.payload.netdev
index 0f15247f..187a39f3 100644
--- a/tests/py/ip/ip.t.payload.netdev
+++ b/tests/py/ip/ip.t.payload.netdev
@@ -531,7 +531,7 @@ netdev test-netdev ingress
   [ cmp eq reg 1 0x0100a8c0 ]
   [ immediate reg 0 drop ]
 
-# ip saddr \& 0xff == 1
+# ip saddr & 0xff == 1
 netdev test-netdev ingress 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
@@ -539,7 +539,7 @@ netdev test-netdev ingress
   [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ]
   [ cmp eq reg 1 0x01000000 ]
 
-# ip saddr \& 0.0.0.255 \< 0.0.0.127
+# ip saddr & 0.0.0.255 < 0.0.0.127
 netdev test-netdev ingress 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
@@ -547,7 +547,7 @@ netdev test-netdev ingress
   [ bitwise reg 1 = (reg=1 & 0xff000000 ) ^ 0x00000000 ]
   [ cmp lt reg 1 0x7f000000 ]
 
-# ip saddr \& 0xffff0000 == 0xffff0000
+# ip saddr & 0xffff0000 == 0xffff0000
 netdev test-netdev ingress 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
diff --git a/tests/py/ip/objects.t b/tests/py/ip/objects.t
index 76b802ac..5e8c7631 100644
--- a/tests/py/ip/objects.t
+++ b/tests/py/ip/objects.t
@@ -19,8 +19,8 @@ ip saddr 192.168.1.3 quota name "qt3";fail
 quota name tcp dport map {443 : "qt1", 80 : "qt2", 22 : "qt1"};ok
 
 # ct helper
-%cthelp1 type ct helper { type \"ftp\" protocol tcp\; };ok
-%cthelp2 type ct helper { type \"ftp\" protocol tcp\; l3proto ip6\; };fail
+%cthelp1 type ct helper { type "ftp" protocol tcp; };ok
+%cthelp2 type ct helper { type "ftp" protocol tcp; l3proto ip6; };fail
 
 ct helper set "cthelp1";ok
 ct helper set tcp dport map {21 : "cthelp1", 2121 : "cthelp1" };ok
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index 7998914a..d2d13218 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -15,11 +15,9 @@
 
 import sys
 import os
-import subprocess
 import argparse
 import signal
 
-NFT_BIN = os.getenv('NFT', "src/nft")
 TESTS_PATH = os.path.dirname(os.path.abspath(__file__))
 TESTS_DIRECTORY = ["any", "arp", "bridge", "inet", "ip", "ip6"]
 LOGFILE = "/tmp/nftables-test.log"
@@ -57,6 +55,9 @@ class Chain:
     def __eq__(self, other):
         return self.__dict__ == other.__dict__
 
+    def __str__(self):
+        return "%s" % self.name
+
 
 class Table:
     """Class that represents a table"""
@@ -69,6 +70,9 @@ class Table:
     def __eq__(self, other):
         return self.__dict__ == other.__dict__
 
+    def __str__(self):
+        return "%s %s" % (self.family, self.name)
+
 
 class Set:
     """Class that represents a set"""
@@ -133,8 +137,8 @@ def table_exist(table, filename, lineno):
     '''
     Exists a table.
     '''
-    cmd = NFT_BIN + " list -nnn table " + table.family + " " + table.name
-    ret = execute_cmd(cmd, filename, lineno)
+    cmd = "list table %s" % table
+    ret = execute_cmd(cmd, filename, lineno, numeric="all")
 
     return True if (ret == 0) else False
 
@@ -143,7 +147,7 @@ def table_flush(table, filename, lineno):
     '''
     Flush a table.
     '''
-    cmd = NFT_BIN + " flush table " + table.family + " " + table.name
+    cmd = "flush table %s" % table
     execute_cmd(cmd, filename, lineno)
 
     return cmd
@@ -162,7 +166,7 @@ def table_create(table, filename, lineno):
     table_list.append(table)
 
     # We add a new table
-    cmd = NFT_BIN + " add table " + table.family + " " + table.name
+    cmd = "add table %s" % table
     ret = execute_cmd(cmd, filename, lineno)
 
     if ret != 0:
@@ -195,15 +199,13 @@ def table_delete(table, filename=None, lineno=None):
     '''
     Deletes a table.
     '''
-    table_info = " " + table.family + " " + table.name + " "
-
     if not table_exist(table, filename, lineno):
         reason = "Table " + table.name + \
                  " does not exist but I added it before."
         print_error(reason, filename, lineno)
         return -1
 
-    cmd = NFT_BIN + " delete table" + table_info
+    cmd = "delete table %s" % table
     ret = execute_cmd(cmd, filename, lineno)
     if ret != 0:
         reason = cmd + ": " + "I cannot delete table '" + table.name + \
@@ -224,9 +226,8 @@ def chain_exist(chain, table, filename):
     '''
     Checks a chain
     '''
-    table_info = " " + table.family + " " + table.name + " "
-    cmd = NFT_BIN + " list -nnn chain" + table_info + chain.name
-    ret = execute_cmd(cmd, filename, chain.lineno)
+    cmd = "list chain %s %s" % (table, chain)
+    ret = execute_cmd(cmd, filename, chain.lineno, numeric="all")
 
     return True if (ret == 0) else False
 
@@ -235,16 +236,13 @@ def chain_create(chain, table, filename):
     '''
     Adds a chain
     '''
-    table_info = " " + table.family + " " + table.name + " "
-
     if chain_exist(chain, table, filename):
         reason = "This chain '" + chain.name + "' exists in " + table.name + \
                  ". I cannot create two chains with same name."
         print_error(reason, filename, chain.lineno)
         return -1
 
-    cmd = NFT_BIN + " add chain" + table_info + chain.name + \
-          "\{ " + chain.config + "\; \}"
+    cmd = "add chain %s %s { %s; }" % (table, chain, chain.config)
 
     ret = execute_cmd(cmd, filename, chain.lineno)
     if ret != 0:
@@ -265,22 +263,20 @@ def chain_delete(chain, table, filename=None, lineno=None):
     '''
     Flushes and deletes a chain.
     '''
-    table_info = " " + table.family + " " + table.name + " "
-
     if not chain_exist(chain, table, filename):
         reason = "The chain " + chain.name + " does not exists in " + \
                  table.name + ". I cannot delete it."
         print_error(reason, filename, lineno)
         return -1
 
-    cmd = NFT_BIN + " flush chain" + table_info + chain.name
+    cmd = "flush chain %s %s" % (table, chain)
     ret = execute_cmd(cmd, filename, lineno)
     if ret != 0:
         reason = "I cannot flush this chain " + chain.name
         print_error(reason, filename, lineno)
         return -1
 
-    cmd = NFT_BIN + " delete chain" + table_info + chain.name
+    cmd = "delete chain %s %s" % (table, chain)
     ret = execute_cmd(cmd, filename, lineno)
     if ret != 0:
         reason = cmd + "I cannot delete this chain. DD"
@@ -323,13 +319,11 @@ def set_add(s, test_result, filename, lineno):
             print_error(reason, filename, lineno)
             return -1
 
-        table_handle = " " + table.family + " " + table.name + " "
-        if s.flags == "":
-            set_cmd = " " + s.name + " { type " + s.type + "\;}"
-        else:
-            set_cmd = " " + s.name + " { type " + s.type + "\; flags " + s.flags + "\; }"
+        flags = s.flags
+        if flags != "":
+            flags = "flags %s; " % flags
 
-        cmd = NFT_BIN + " add set" + table_handle + set_cmd
+        cmd = "add set %s %s { type %s; %s}" % (table, s.name, s.type, flags)
         ret = execute_cmd(cmd, filename, lineno)
 
         if (ret == 0 and test_result == "fail") or \
@@ -365,17 +359,8 @@ def set_add_elements(set_element, set_name, state, filename, lineno):
             print_error(reason, filename, lineno)
             return -1
 
-        table_info = " " + table.family + " " + table.name + " "
-
-        element = ""
-        for e in set_element:
-            if not element:
-                element = e
-            else:
-                element = element + ", " + e
-
-        set_text = set_name + " { " + element + " }"
-        cmd = NFT_BIN + " add element" + table_info + set_text
+        element = ", ".join(set_element)
+        cmd = "add element %s %s { %s }" % (table, set_name, element)
         ret = execute_cmd(cmd, filename, lineno)
 
         if (state == "fail" and ret == 0) or (state == "ok" and ret != 0):
@@ -397,11 +382,8 @@ def set_delete_elements(set_element, set_name, table, filename=None,
     '''
     Deletes elements in a set.
     '''
-    table_info = " " + table.family + " " + table.name + " "
-
     for element in set_element:
-        set_text = set_name + " {" + element + "}"
-        cmd = NFT_BIN + " delete element" + table_info + set_text
+        cmd = "delete element %s %s { %s }" % (table, set_name, element)
         ret = execute_cmd(cmd, filename, lineno)
         if ret != 0:
             reason = "I cannot delete an element" + element + \
@@ -429,8 +411,7 @@ def set_delete(table, filename=None, lineno=None):
                             lineno)
 
         # We delete the set.
-        table_info = " " + table.family + " " + table.name + " "
-        cmd = NFT_BIN + " delete set " + table_info + " " + set_name
+        cmd = "delete set %s %s" % (table, set_name)
         ret = execute_cmd(cmd, filename, lineno)
 
         # Check if the set still exists after I deleted it.
@@ -446,9 +427,8 @@ def set_exist(set_name, table, filename, lineno):
     '''
     Check if the set exists.
     '''
-    table_info = " " + table.family + " " + table.name + " "
-    cmd = NFT_BIN + " list -nnn set" + table_info + set_name
-    ret = execute_cmd(cmd, filename, lineno)
+    cmd = "list set %s %s" % (table, set_name)
+    ret = execute_cmd(cmd, filename, lineno, numeric="all")
 
     return True if (ret == 0) else False
 
@@ -457,9 +437,8 @@ def _set_exist(s, filename, lineno):
     '''
     Check if the set exists.
     '''
-    table_handle = " " + s.family + " " + s.table + " "
-    cmd = NFT_BIN + " list -nnn set" + table_handle + s.name
-    ret = execute_cmd(cmd, filename, lineno)
+    cmd = "list set %s %s %s" % (s.family, s.table, s.name)
+    ret = execute_cmd(cmd, filename, lineno, numeric="all")
 
     return True if (ret == 0) else False
 
@@ -510,9 +489,7 @@ def obj_add(o, test_result, filename, lineno):
             print_error(reason, filename, lineno)
             return -1
 
-        table_handle = " " + table.family + " " + table.name + " "
-
-        cmd = NFT_BIN + " add " + o.type + table_handle + o.name + " " + o.spcf
+        cmd = "add %s %s %s %s" % (o.type, table, o.name, o.spcf)
         ret = execute_cmd(cmd, filename, lineno)
 
         if (ret == 0 and test_result == "fail") or \
@@ -552,8 +529,7 @@ def obj_delete(table, filename=None, lineno=None):
             return -1
 
         # We delete the object.
-        table_info = " " + table.family + " " + table.name + " "
-        cmd = NFT_BIN + " delete " + o.type + table_info + " " + o.name
+        cmd = "delete %s %s %s" % (o.type, table, o.name)
         ret = execute_cmd(cmd, filename, lineno)
 
         # Check if the object still exists after I deleted it.
@@ -569,9 +545,8 @@ def obj_exist(o, table, filename, lineno):
     '''
     Check if the object exists.
     '''
-    table_handle = " " + table.family + " " + table.name + " "
-    cmd = NFT_BIN + " list -nnn " + o.type + table_handle + o.name
-    ret = execute_cmd(cmd, filename, lineno)
+    cmd = "list %s %s %s" % (o.type, table, o.name)
+    ret = execute_cmd(cmd, filename, lineno, numeric="all")
 
     return True if (ret == 0) else False
 
@@ -580,9 +555,8 @@ def _obj_exist(o, filename, lineno):
     '''
     Check if the object exists.
     '''
-    table_handle = " " + o.family + " " + o.table + " "
-    cmd = NFT_BIN + " list -nnn " + o.type + table_handle + o.name
-    ret = execute_cmd(cmd, filename, lineno)
+    cmd = "list %s %s %s %s" % (o.type, o.family, o.table, o.name)
+    ret = execute_cmd(cmd, filename, lineno, numeric="all")
 
     return True if (ret == 0) else False
 
@@ -697,13 +671,11 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path):
             chain = chain_get_by_name(table_chain)
             unit_tests += 1
             table_flush(table, filename, lineno)
-            table_info = " " + table.family + " " + table.name + " "
 
             payload_log = os.tmpfile()
 
-            cmd = NFT_BIN + " add rule --debug=netlink" + table_info + \
-                  chain.name + " " + rule[0]
-            ret = execute_cmd(cmd, filename, lineno, payload_log)
+            cmd = "add rule %s %s %s" % (table, chain, rule[0])
+            ret = execute_cmd(cmd, filename, lineno, payload_log, debug="netlink")
 
             state = rule[1].rstrip()
             if (ret in [0,134] and state == "fail") or (ret != 0 and state == "ok"):
@@ -740,13 +712,14 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path):
                                   gotf.name, 1)
 
                 # Check output of nft
-                process = subprocess.Popen([NFT_BIN, '-nnns', 'list', 'table',
-                                            table.family, table.name],
-                                           shell=False,
-                                           stdout=subprocess.PIPE,
-                                           preexec_fn=preexec)
-                pre_output = process.communicate()
-                output = pre_output[0].split(";")
+                numeric_old = nftables.set_numeric_output("all")
+                stateless_old = nftables.set_stateless_output(True)
+                list_cmd = 'list table %s' % table
+                rc, pre_output, err = nftables.cmd(list_cmd)
+                nftables.set_numeric_output(numeric_old)
+                nftables.set_stateless_output(stateless_old)
+
+                output = pre_output.split(";")
                 if len(output) < 2:
                     reason = cmd + ": Listing is broken."
                     print_error(reason, filename, lineno)
@@ -755,7 +728,7 @@ def rule_add(rule, filename, lineno, force_all_family_option, filename_path):
                     if not force_all_family_option:
                         return [ret, warning, error, unit_tests]
                 else:
-                    rule_output = output_clean(pre_output[0], chain)
+                    rule_output = output_clean(pre_output, chain)
                     if len(rule) == 3:
                         teoric_exit = rule[2]
                     else:
@@ -809,7 +782,8 @@ def signal_handler(signal, frame):
     signal_received = 1
 
 
-def execute_cmd(cmd, filename, lineno, stdout_log=False):
+def execute_cmd(cmd, filename, lineno,
+                stdout_log=False, numeric=False, debug=False):
     '''
     Executes a command, checks for segfaults and returns the command exit
     code.
@@ -817,23 +791,36 @@ def execute_cmd(cmd, filename, lineno, stdout_log=False):
     :param cmd: string with the command to be executed
     :param filename: name of the file tested (used for print_error purposes)
     :param lineno: line number being tested (used for print_error purposes)
+    :param stdout_log: redirect stdout to this file instead of global log_file
+    :param numeric: turn numeric output temporarily on
+    :param debug: temporarily set these debug flags
     '''
     global log_file
     print >> log_file, "command: %s" % cmd
     if debug_option:
         print cmd
 
+    if numeric:
+        numeric_old = nftables.get_numeric_output()
+        nftables.set_numeric_output(numeric)
+    if debug:
+        debug_old = nftables.get_debug()
+        nftables.set_debug(debug)
+
+    ret, out, err = nftables.cmd(cmd)
+
     if not stdout_log:
         stdout_log = log_file
 
-    ret = subprocess.call(cmd, shell=True, universal_newlines=True,
-                          stderr=log_file, stdout=stdout_log,
-                          preexec_fn=preexec)
+    stdout_log.write(out)
+    stdout_log.flush()
+    log_file.write(err)
     log_file.flush()
 
-    if ret == -11:
-        reason = "command segfaults: " + cmd
-        print_error(reason, filename, lineno)
+    if numeric:
+        nftables.set_numeric_output(numeric_old)
+    if debug:
+        nftables.set_debug(debug_old)
 
     return ret
 
@@ -1123,10 +1110,17 @@ def main():
     # Change working directory to repository root
     os.chdir(TESTS_PATH + "/../..")
 
-    if not os.path.isfile(NFT_BIN):
-        print "The nft binary does not exist. You need to build the project."
+    sys.path.append('py/')
+    from nftables import Nftables
+
+    if not os.path.exists('src/.libs/libnftables.so'):
+        print "The nftables library does not exist. " \
+              "You need to build the project."
         return
 
+    global nftables
+    nftables = Nftables('src/.libs/libnftables.so')
+
     test_files = files_ok = run_total = 0
     tests = passed = warnings = errors = 0
     global log_file