#!/bin/bash

# NFT_TEST_REQUIRES(NFT_TEST_HAVE_reset_rule)

set -e

if [ $NFT_TEST_HAVE_setcount = y ]; then
	size="size 65535	# count 1"
else
	size="size 65535"
fi

echo "loading ruleset with anonymous set"
$NFT -f - <<EOF
table t {
        chain dns-nat-pre {
                type nat hook prerouting priority filter; policy accept;
                meta l4proto { tcp, udp } th dport 53 ip saddr 10.24.0.0/24 ip daddr != 10.25.0.1 counter packets 1000 bytes 1000 dnat to 10.25.0.1
        }
}
EOF

echo "resetting ruleset with anonymous set"
$NFT reset rules
EXPECT='table ip t {
	chain dns-nat-pre {
		type nat hook prerouting priority filter; policy accept;
		meta l4proto { tcp, udp } th dport 53 ip saddr 10.24.0.0/24 ip daddr != 10.25.0.1 counter packets 0 bytes 0 dnat to 10.25.0.1
	}
}'
$DIFF -u <(echo "$EXPECT") <($NFT list ruleset)
$NFT flush ruleset

echo "loading ruleset"
$NFT -f - <<EOF
table ip t {
	set s {
		type ipv4_addr
		counter
		elements = { 1.1.1.1 counter packets 1 bytes 11 }
	}
	chain c {
		counter packets 1 bytes 11 update @s { ip saddr } accept
		counter packets 2 bytes 12 drop
	}

	chain c2 {
		counter packets 3 bytes 13 accept
		counter packets 4 bytes 14 drop
	}
}
table inet t {
	chain c {
		counter packets 5 bytes 15 accept
		counter packets 6 bytes 16 drop
	}
}
table ip t2 {
	chain c2 {
		counter packets 7 bytes 17 accept
		counter packets 8 bytes 18 drop
	}
}
EOF

echo "resetting specific rule"
handle=$($NFT -a list chain t c | sed -n 's/.*accept # handle \([0-9]*\)$/\1/p')
$NFT reset rule t c handle $handle
EXPECT="table ip t {
	set s {
		type ipv4_addr
		$size
		flags dynamic
		counter
		elements = { 1.1.1.1 counter packets 1 bytes 11 }
	}

	chain c {
		counter packets 0 bytes 0 update @s { ip saddr } accept
		counter packets 2 bytes 12 drop
	}

	chain c2 {
		counter packets 3 bytes 13 accept
		counter packets 4 bytes 14 drop
	}
}
table inet t {
	chain c {
		counter packets 5 bytes 15 accept
		counter packets 6 bytes 16 drop
	}
}
table ip t2 {
	chain c2 {
		counter packets 7 bytes 17 accept
		counter packets 8 bytes 18 drop
	}
}"
$DIFF -u <(echo "$EXPECT") <($NFT list ruleset)

echo "resetting specific chain"
EXPECT='table ip t {
	chain c2 {
		counter packets 3 bytes 13 accept
		counter packets 4 bytes 14 drop
	}
}'
$DIFF -u <(echo "$EXPECT") <($NFT reset rules chain t c2)

echo "resetting specific table"
EXPECT="table ip t {
	set s {
		type ipv4_addr
		$size
		flags dynamic
		counter
		elements = { 1.1.1.1 counter packets 1 bytes 11 }
	}

	chain c {
		counter packets 0 bytes 0 update @s { ip saddr } accept
		counter packets 2 bytes 12 drop
	}

	chain c2 {
		counter packets 0 bytes 0 accept
		counter packets 0 bytes 0 drop
	}
}"
$DIFF -u <(echo "$EXPECT") <($NFT reset rules table t)

echo "resetting specific family"
EXPECT="table ip t {
	set s {
		type ipv4_addr
		$size
		flags dynamic
		counter
		elements = { 1.1.1.1 counter packets 1 bytes 11 }
	}

	chain c {
		counter packets 0 bytes 0 update @s { ip saddr } accept
		counter packets 0 bytes 0 drop
	}

	chain c2 {
		counter packets 0 bytes 0 accept
		counter packets 0 bytes 0 drop
	}
}
table ip t2 {
	chain c2 {
		counter packets 7 bytes 17 accept
		counter packets 8 bytes 18 drop
	}
}"
$DIFF -u <(echo "$EXPECT") <($NFT reset rules ip)

echo "resetting whole ruleset"
EXPECT="table ip t {
	set s {
		type ipv4_addr
		$size
		flags dynamic
		counter
		elements = { 1.1.1.1 counter packets 1 bytes 11 }
	}

	chain c {
		counter packets 0 bytes 0 update @s { ip saddr } accept
		counter packets 0 bytes 0 drop
	}

	chain c2 {
		counter packets 0 bytes 0 accept
		counter packets 0 bytes 0 drop
	}
}
table inet t {
	chain c {
		counter packets 5 bytes 15 accept
		counter packets 6 bytes 16 drop
	}
}
table ip t2 {
	chain c2 {
		counter packets 0 bytes 0 accept
		counter packets 0 bytes 0 drop
	}
}"
$DIFF -u <(echo "$EXPECT") <($NFT reset rules)
