#!/bin/bash

# test a kernel rollback operation
# fail reason: rule

tmpfile=$(mktemp)
if [ ! -w $tmpfile ] ; then
	echo "Failed to create tmp file" >&2
	exit 0
fi

trap "rm -rf $tmpfile" EXIT # cleanup if aborted

GOOD_RULESET="table ip t {
	set t {
		type ipv4_addr
		elements = { 1.1.1.1 }
	}

	chain c {
		ct state new
		tcp dport { 22222 }
		ip saddr @t drop
		jump other
	}

	chain other {
	}
}"

BAD_RULESET="flush ruleset
table ip t2 {
	chain c2 {
		this is an invalid rule
	}
}"

echo "$GOOD_RULESET" > $tmpfile
$NFT -f $tmpfile
if [ $? -ne 0 ] ; then
	echo "E: unable to load good ruleset" >&2
	exit 1
fi

echo "$BAD_RULESET" > $tmpfile
$NFT -f $tmpfile 2>/dev/null
if [ $? -eq 0 ]	; then
	echo "E: bogus ruleset loaded?" >&2
	exit 1
fi

KERNEL_RULESET="$($NFT list ruleset -nn)"

if [ "$GOOD_RULESET" != "$KERNEL_RULESET" ] ; then
        DIFF="$(which diff)"
        [ -x $DIFF ] && $DIFF -u <(echo "$GOOD_RULESET") <(echo "$KERNEL_RULESET")
        exit 1
fi

exit 0