1 files changed, 34 insertions, 0 deletions

diff --git a/sshuttle/linux.py b/sshuttle/linux.py
index bd21180..c0bf28b 100644
--- a/sshuttle/linux.py
+++ b/sshuttle/linux.py
@@ -1,3 +1,4 @@
+import re
 import os
 import socket
 import subprocess as ssubprocess
@@ -49,6 +50,39 @@ def ipt(family, table, *args):
         raise Fatal('%r returned %d' % (argv, rv))
 
 
+def nft(family, table, action, *args):
+    if family == socket.AF_INET:
+        argv = ['nft', action, 'ip', table] + list(args)
+    elif family == socket.AF_INET6:
+        argv = ['nft', action, 'ip6', table] + list(args)
+    else:
+        raise Exception('Unsupported family "%s"' % family_to_string(family))
+    debug1('>> %s\n' % ' '.join(argv))
+    env = {
+        'PATH': os.environ['PATH'],
+        'LC_ALL': "C",
+    }
+    rv = ssubprocess.call(argv, env=env)
+    if rv:
+        raise Fatal('%r returned %d' % (argv, rv))
+
+
+def nft_get_handle(expression, chain):
+    cmd = 'nft'
+    argv = [cmd, 'list', expression, '-a']
+    env = {
+        'PATH': os.environ['PATH'],
+        'LC_ALL': "C",
+    }
+    p = ssubprocess.Popen(argv, stdout=ssubprocess.PIPE, env=env)
+    for line in p.stdout:
+        if (b'jump %s' % chain.encode('utf-8')) in line:
+            return re.sub('.*# ', '', line.decode('utf-8'))
+    rv = p.wait()
+    if rv:
+        raise Fatal('%r returned %d' % (argv, rv))
+
+
 _no_ttl_module = False