@@ -570,6 +570,8 @@ STDERR_IS_TTY = sys.stderr.isatty()
help='Check for missing tests')
parser.add_argument('-n', '--nftables', action='store_true',
help='Test iptables-over-nftables')
+ parser.add_argument('--compat', action='store_true',
+ help='Test iptables-over-nftables in forced compat mode')
parser.add_argument('-N', '--netns', action='store_const',
const='____iptables-container-test',
help='Test netnamespace path')
@@ -589,8 +591,10 @@ STDERR_IS_TTY = sys.stderr.isatty()
variants.append("legacy")
if args.nftables:
variants.append("nft")
+ if args.compat:
+ variants.append("nft-compat")
if len(variants) == 0:
- variants = [ "legacy", "nft" ]
+ variants = [ "legacy", "nft", "nft-compat" ]
if os.getuid() != 0:
print("You need to be root to run this, sorry", file=sys.stderr)
@@ -609,8 +613,14 @@ STDERR_IS_TTY = sys.stderr.isatty()
total_passed = 0
total_tests = 0
for variant in variants:
+
+ exec_infix = variant
+ if variant == "nft-compat":
+ os.putenv("XTABLES_COMPAT", "2")
+ exec_infix = "nft"
+
global EXECUTABLE
- EXECUTABLE = "xtables-" + variant + "-multi"
+ EXECUTABLE = "xtables-" + exec_infix + "-multi"
test_files = 0
tests = 0
Test iptables-nft with forced compat extension restore as third modus operandi. Signed-off-by: Phil Sutter <phil@nwl.cc> --- iptables-test.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-)