svinota · svinota · Mar 5, 2019 · Feb 8, 2019 · Feb 8, 2019 · Feb 8, 2019
diff --git a/tests/general/test_nftables.py b/tests/general/test_nftables.py
@@ -0,0 +1,50 @@
+import json
+import errno
+from subprocess import check_output, CalledProcessError
+
+from pyroute2 import netns
+from pyroute2.nftables.main import NFTables
+from pyroute2.nftables.rule import NFTRule
+
+from utils import require_user
+
+#NFT_BIN_PATH = "/root/nft/nftables/src/nft"
+NFT_BIN_PATH = "nft"
+NS_NAME = 'pyroute2_test_nftable'
+
+
+class NFTables_test(object):
+
+    def setup(self):
+        require_user('root')
+        try:
+            netns.create(NS_NAME)
+        except OSError as e:
+            if e.errno == errno.EEXIST:
+                netns.remove(NS_NAME)
+                netns.create(NS_NAME)
+            else:
+                raise
+        try:
+            check_output([NFT_BIN_PATH, "-f", "nftables.ruleset"])
+        except OSError as e:
+            if e.errno == errno.ENOENT:
+                raise Exception("You must install nftables for the test")
+            else:
+                raise
+
+    def teardown(self):
+        netns.remove(NS_NAME)
+
+    def test_export_json(self):
+        try:
+            nft_res = json.loads(
+                check_output([NFT_BIN_PATH, "export", "json"]))
+        except CalledProcessError:
+            raise Exception(
+                "Please install nft compiled with --with-json option")
+        nft_res = [e['rule'] for e in nft_res['nftables'] if 'rule' in e]
+        my_res = []
+        for r in NFTables(nfgen_family=0).get_rules():
+            my_res.append(NFTRule.from_netlink(r).to_dict())
+        assert my_res == nft_res
diff --git a/tests/nftables.ruleset b/tests/nftables.ruleset
@@ -0,0 +1,15 @@
+
+flush ruleset
+
+table inet filter {
+	chain coucou {
+		accept
+	}
+	chain input {
+		type filter hook input priority 0; policy accept;
+                meta l4proto tcp tcp dport 1234 accept
+		iifname lo0 oifname wan0 ip saddr 1.2.3.4 ip daddr 1.2.3.4 ip version 3 jump coucou
+		iifname lo0 oifname wan0 (tcp dport | 1234) & 34 == 56 jump coucou
+		iifname lo0 oifname wan0 ether saddr 00:11:22:33:44:55 jump coucou
+	}
+}