tests: add test case for rule replacement expression deactivation

When a rule is replaced, all of the expressions that are in use need to
be deactivated.

Kernel missed to do this on replace.  In this example, this would
result in a leak of the chain use counter ("jump" expression
deactivation is not called).  This then either resulted in a BUG or
WARN, depending on kernel version.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/tests/shell/testcases/rule_management/0010replace_0 b/tests/shell/testcases/rule_management/0010replace_0
new file mode 100755 (executable)
index 0000000..251cebb
--- /dev/null
+++ b/tests/shell/testcases/rule_management/0010replace_0
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# test for kernel commit ca08987885a147643817d02bf260bc4756ce8cd4
+# ("netfilter: nf_tables: deactivate expressions in rule replecement routine")
+
+set -e
+$NFT add table t
+$NFT add chain t c1
+$NFT add chain t c2
+$NFT add rule ip t c1 jump c2
+$NFT replace rule ip t c1 handle 3 accept
+$NFT flush ruleset