#!/bin/bash

RC=0

check() { # (set, elems, expected)
	out=$($NFT get element ip t $1 "{ $2 }")
	out=$(grep "elements =" <<< "$out")
	out="${out#* \{ }"
	out="${out% \}}"
	[[ "$out" == "$3" ]] && return
	echo "ERROR: asked for '$2' in set $1, expecting '$3' but got '$out'"
	((RC++))
}

RULESET="add table ip t
add set ip t s { type inet_service; flags interval; }
add element ip t s { 10, 20-30, 40, 50-60 }
add set ip t ips { type ipv4_addr; flags interval; }
add element ip t ips { 10.0.0.1, 10.0.0.5-10.0.0.8 }
add element ip t ips { 10.0.0.128/25, 10.0.1.0/24, 10.0.2.3-10.0.2.12 }
add set ip t cs { type ipv4_addr . inet_service; flags interval; }
add element ip t cs { 10.0.0.1 . 22, 10.1.0.0/16 . 1-1024 }
add element ip t cs { 10.2.0.1-10.2.0.8 . 1024-65535 }
"

$NFT -f - <<< "$RULESET"

# simple cases, (non-)existing values and ranges
check s 10 10
check s 11 ""
check s 20-30 20-30
check s 15-18 ""

# multiple single elements, ranges smaller than present
check s "10, 40" "10, 40"
check s "22-24, 26-28" "20-30, 20-30"
check s 21-29 20-30

# mixed single elements and ranges
check s "10, 20" "10, 20-30"
check s "10, 22" "10, 20-30"
check s "10, 22-24" "10, 20-30"

# non-existing ranges matching elements
check s 10-40 ""
check s 10-20 ""
check s 10-25 ""
check s 25-55 ""

# playing with IPs, ranges and prefixes
check ips 10.0.0.1 10.0.0.1
check ips 10.0.0.2 ""
check ips 10.0.1.0/24 10.0.1.0/24
check ips 10.0.1.2/31 10.0.1.0/24
check ips 10.0.1.0 10.0.1.0/24
check ips 10.0.1.3 10.0.1.0/24
check ips 10.0.1.255 10.0.1.0/24
check ips 10.0.2.3-10.0.2.12 10.0.2.3-10.0.2.12
check ips 10.0.2.10 10.0.2.3-10.0.2.12
check ips 10.0.2.12 10.0.2.3-10.0.2.12

# test concatenated ranges, i.e. Pi, Pa and Po
check cs "10.0.0.1 . 22" "10.0.0.1 . 22"
check cs "10.0.0.1 . 23" ""
check cs "10.0.0.2 . 22" ""
check cs "10.1.0.1 . 42" "10.1.0.0/16 . 1-1024"
check cs "10.1.1.0/24 . 10-20" "10.1.0.0/16 . 1-1024"
check cs "10.2.0.3 . 20000" "10.2.0.1-10.2.0.8 . 1024-65535"

exit $RC