nftnl_table_set_u64(nlt, NFTNL_TABLE_HANDLE,
cmd->handle.handle.id);
- nlt = nftnl_table_alloc();
- if (nlt == NULL)
- memory_allocation_error();
-
nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
NFT_MSG_DELTABLE,
cmd->handle.family,
echo "E: unable to load good ruleset" >&2
exit 1
fi
+
+KERNEL_RULESET="$($NFT list ruleset)"
+if [ "" != "$KERNEL_RULESET" ] ; then
+ DIFF="$(which diff)"
+ echo "Got a ruleset, but expected empty: "
+ echo "$KERNEL_RULESET"
+ exit 1
+fi
+
+RULESET="table ip x {
+}
+table ip y {
+}"
+
+$NFT -f - <<< "$RULESET"
+if [ $? -ne 0 ] ; then
+ echo "E: unable to load good ruleset" >&2
+ exit 1
+fi
+
+RULESETFAIL="flush ruleset
+create table ip nat
+create table inet filter
+create chain ip nat testchain
+delete table ip testtable"
+
+# testtable doesn't exist, batch expected to fail
+$NFT -f - <<< "$RULESETFAIL" && exit 2
+
+KERNEL_RULESET="$($NFT list ruleset)"
+if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$RULESET") <(echo "$KERNEL_RULESET")
+ exit 1
+fi
projects / thirdparty / nftables.git / commitdiff
