#!/bin/bash

# test loading a ruleset with the 'action object' pattern

tmpfile=$(mktemp)
if [ ! -w $tmpfile ] ; then
	echo "Failed to create tmp file" >&2
	exit 0
fi

trap "rm -f $tmpfile" EXIT # cleanup if aborted

set -e

FAMILIES="ip ip6 inet arp bridge"

generate1()
{
	local family=$1
	echo "
	add table $family t
	add chain $family t c
	add rule $family t c accept
	add set $family t s {type inet_service;}
	add element $family t s {8080}
	insert rule $family t c meta l4proto tcp tcp dport @s accept
	replace rule $family t c handle 2 meta l4proto tcp tcp dport {9090}
	add map $family t m {type inet_service:verdict;}
	add element $family t m {10080:drop}
	insert rule $family t c meta l4proto tcp tcp dport vmap @m
	add rule $family t c meta l4proto udp udp sport vmap {1111:accept}
	" >> $tmpfile
}

generate2()
{
	local family=$1
	echo "
	flush chain $family t c
	delete element $family t m {10080:drop}
	delete element $family t s {8080}
	delete chain $family t c
	delete table $family t
	" >> $tmpfile
}

for family in $FAMILIES ; do
	generate1 $family
done

$NFT -f $tmpfile
if [ $? -ne 0 ] ; then
	echo "E: unable to load ruleset 1" >&2
	exit 1
fi

echo "" > $tmpfile
for family in $FAMILIES ; do
	generate2 $family
done

$NFT -f $tmpfile
if [ $? -ne 0 ] ; then
	echo "E: unable to load ruleset 2" >&2
	exit 1
fi

exit 0