#!/bin/bash

set -e

echo "loading ruleset"
$NFT -f - <<EOF
table ip t {
	set s {
		type ipv4_addr
		counter
		elements = { 1.1.1.1 counter packets 1 bytes 11 }
	}
	chain c {
		counter packets 1 bytes 11 update @s { ip saddr } accept
		counter packets 2 bytes 12 drop
	}

	chain c2 {
		counter packets 3 bytes 13 accept
		counter packets 4 bytes 14 drop
	}
}
table inet t {
	chain c {
		counter packets 5 bytes 15 accept
		counter packets 6 bytes 16 drop
	}
}
table ip t2 {
	chain c2 {
		counter packets 7 bytes 17 accept
		counter packets 8 bytes 18 drop
	}
}
EOF

echo "resetting specific rule"
handle=$($NFT -a list chain t c | sed -n 's/.*accept # handle \([0-9]*\)$/\1/p')
$NFT reset rule t c handle $handle
EXPECT='table ip t {
	set s {
		type ipv4_addr
		size 65535
		flags dynamic
		counter
		elements = { 1.1.1.1 counter packets 1 bytes 11 }
	}

	chain c {
		counter packets 0 bytes 0 update @s { ip saddr } accept
		counter packets 2 bytes 12 drop
	}

	chain c2 {
		counter packets 3 bytes 13 accept
		counter packets 4 bytes 14 drop
	}
}
table inet t {
	chain c {
		counter packets 5 bytes 15 accept
		counter packets 6 bytes 16 drop
	}
}
table ip t2 {
	chain c2 {
		counter packets 7 bytes 17 accept
		counter packets 8 bytes 18 drop
	}
}'
$DIFF -u <(echo "$EXPECT") <($NFT list ruleset)

echo "resetting specific chain"
EXPECT='table ip t {
	set s {
		type ipv4_addr
		size 65535
		flags dynamic
		counter
	}

	chain c2 {
		counter packets 3 bytes 13 accept
		counter packets 4 bytes 14 drop
	}
}'
$DIFF -u <(echo "$EXPECT") <($NFT reset rules chain t c2)

echo "resetting specific table"
EXPECT='table ip t {
	set s {
		type ipv4_addr
		size 65535
		flags dynamic
		counter
	}

	chain c {
		counter packets 0 bytes 0 update @s { ip saddr } accept
		counter packets 2 bytes 12 drop
	}

	chain c2 {
		counter packets 0 bytes 0 accept
		counter packets 0 bytes 0 drop
	}
}'
$DIFF -u <(echo "$EXPECT") <($NFT reset rules table t)

echo "resetting specific family"
EXPECT='table ip t {
	set s {
		type ipv4_addr
		size 65535
		flags dynamic
		counter
	}

	chain c {
		counter packets 0 bytes 0 update @s { ip saddr } accept
		counter packets 0 bytes 0 drop
	}

	chain c2 {
		counter packets 0 bytes 0 accept
		counter packets 0 bytes 0 drop
	}
}
table ip t2 {
	chain c2 {
		counter packets 7 bytes 17 accept
		counter packets 8 bytes 18 drop
	}
}'
$DIFF -u <(echo "$EXPECT") <($NFT reset rules ip)

echo "resetting whole ruleset"
EXPECT='table ip t {
	set s {
		type ipv4_addr
		size 65535
		flags dynamic
		counter
	}

	chain c {
		counter packets 0 bytes 0 update @s { ip saddr } accept
		counter packets 0 bytes 0 drop
	}

	chain c2 {
		counter packets 0 bytes 0 accept
		counter packets 0 bytes 0 drop
	}
}
table inet t {
	chain c {
		counter packets 5 bytes 15 accept
		counter packets 6 bytes 16 drop
	}
}
table ip t2 {
	chain c2 {
		counter packets 0 bytes 0 accept
		counter packets 0 bytes 0 drop
	}
}'
$DIFF -u <(echo "$EXPECT") <($NFT reset rules)
