#!/bin/bash

# tests for Netfilter bug #965 and the related fix
# (regarding rule management with a given position/handle spec)

set -e
$NFT add table t
$NFT add chain t c
$NFT add rule t c accept	# should have handle 2
$NFT add rule t c accept	# should have handle 3
$NFT add rule t c position 2 drop

EXPECTED="table ip t {
	chain c {
		accept
		drop
		accept
	}
}"

GET="$($NFT list ruleset)"

if [ "$EXPECTED" != "$GET" ] ; then
	DIFF="$(which diff)"
	[ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
	exit 1
fi