#!/bin/bash

set -e

$NFT add table t
$NFT add chain t output {type nat hook output priority 0 \; }
$NFT add chain t c1
$NFT add rule t c1 masquerade
# kernel should return EOPNOTSUPP
$NFT add rule t output tcp dport vmap {1 :jump c1 } 2>/dev/null
echo "E: accepted masquerade in output hook in a vmap" >&2