#!/bin/bash

rnd=$(mktemp -u XXXXXXXX)
ns1="nft1trans-$rnd"

#
# dependency tracking for implicit set
#
RULESET="table ip x {
	chain w {}
	chain m {}

	chain y {
		ip saddr vmap { 1.1.1.1 : jump w, 2.2.2.2 : accept, 3.3.3.3 : goto m }
	}
}"

$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0
$NFT -f - <<< "$RULESET" >/dev/null || exit 0
ip netns add $ns1
ip netns exec $ns1 $NFT -f - <<< "$RULESET" >/dev/null || exit 0
ip netns del $ns1

RULESET="flush chain ip x y
delete chain ip x w"

$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0
$NFT -f - <<< "$RULESET" >/dev/null || exit 0

#
# dependency tracking for map in implicit chain
#
RULESET="table ip x {
	chain w {}
	chain m {}

	chain y {
		meta iifname \"eno1\" jump {
			ip saddr vmap { 1.1.1.1 : jump w, 3.3.3.3 : goto m }
		}
	}
}"

$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0
$NFT -f - <<< "$RULESET" >/dev/null || exit 0
ip netns add $ns1
ip netns exec $ns1 $NFT -f - <<< "$RULESET" >/dev/null || exit 0
ip netns del $ns1

RULESET="flush chain ip x y
delete chain ip x w"

$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0
$NFT -f - <<< "$RULESET" >/dev/null || exit 0

#
# dependency tracking for explicit map
#
RULESET="table ip x {
	chain w {}
	chain m {}

	map y {
		type ipv4_addr : verdict
		elements = { 1.1.1.1 : jump w, 2.2.2.2 : accept, 3.3.3.3 : goto m }
	}
}"

$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0
$NFT -f - <<< "$RULESET" >/dev/null || exit 0
ip netns add $ns1
ip netns exec $ns1 $NFT -f - <<< "$RULESET" >/dev/null || exit 0
ip netns del $ns1

RULESET="delete set ip x y
delete chain ip x w"

$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0
$NFT -f - <<< "$RULESET" >/dev/null || exit 0

#
# error path for implicit set
#
RULESET="table inet filter {
	chain w {
		jump z
	}
	chain z {
		jump w
	}

	chain test {
		ip protocol { tcp, udp } ip saddr vmap { 1.1.1.1 : jump z } counter flow add @nonexisting
		ip6 nexthdr { tcp, udp } ct mark and 2 == 2 counter
	}
}"

$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0
$NFT -f - <<< "$RULESET" >/dev/null || exit 0

#
# error path for implicit set
#
RULESET="table inet filter {
	chain w {
		jump z
	}
	chain z {
		jump w
	}

	chain test {
		ip protocol { tcp, udp } jump {
			ip saddr vmap { 1.1.1.1 : jump z }
		}
	        ip6 nexthdr { tcp, udp } ct mark and 2 == 2 counter
	}
}"

$NFT -c -f - <<< "$RULESET" >/dev/null || exit 0
$NFT -f - <<< "$RULESET" >/dev/null || exit 0
