44 files changed, 880 insertions, 0 deletions
diff --git a/tests/shell/testcases/listing/0001ruleset_0 b/tests/shell/testcases/listing/0001ruleset_0
new file mode 100755
index 0000000..19cb3b0
--- /dev/null
+++ b/tests/shell/testcases/listing/0001ruleset_0
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# list ruleset shows a table
+
+set -e
+
+$NFT add table test
diff --git a/tests/shell/testcases/listing/0002ruleset_0 b/tests/shell/testcases/listing/0002ruleset_0
new file mode 100755
index 0000000..b4a535c
--- /dev/null
+++ b/tests/shell/testcases/listing/0002ruleset_0
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# list ruleset show nothing if empty ruleset
+
+EXPECTED=""
+
+set -e
diff --git a/tests/shell/testcases/listing/0003table_0 b/tests/shell/testcases/listing/0003table_0
new file mode 100755
index 0000000..5060be0
--- /dev/null
+++ b/tests/shell/testcases/listing/0003table_0
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# list table show what is expected
+
+EXPECTED="table ip test {
+}"
+
+set -e
+
+$NFT add table test
+
+GET="$($NFT list table test)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
+
+# also this way
+GET="$($NFT list table ip test)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0004table_0 b/tests/shell/testcases/listing/0004table_0
new file mode 100755
index 0000000..1d69119
--- /dev/null
+++ b/tests/shell/testcases/listing/0004table_0
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# list table only show table asked for
+
+EXPECTED="table ip test {
+}"
+
+set -e
+
+$NFT add table test
+$NFT add table test2
+
+GET="$($NFT list table test)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
+
diff --git a/tests/shell/testcases/listing/0005ruleset_ip_0 b/tests/shell/testcases/listing/0005ruleset_ip_0
new file mode 100755
index 0000000..39c0328
--- /dev/null
+++ b/tests/shell/testcases/listing/0005ruleset_ip_0
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# listing ruleset per family
+
+EXPECTED="table ip test {
+}"
+
+set -e
+
+$NFT add table ip test
+$NFT add table ip6 test
+$NFT add table inet test
+$NFT add table arp test
+$NFT add table bridge test
+
+GET="$($NFT list ruleset ip)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0006ruleset_ip6_0 b/tests/shell/testcases/listing/0006ruleset_ip6_0
new file mode 100755
index 0000000..1b67f50
--- /dev/null
+++ b/tests/shell/testcases/listing/0006ruleset_ip6_0
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# listing ruleset per family
+
+EXPECTED="table ip6 test {
+}"
+
+set -e
+
+$NFT add table ip test
+$NFT add table ip6 test
+$NFT add table inet test
+$NFT add table arp test
+$NFT add table bridge test
+
+GET="$($NFT list ruleset ip6)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0007ruleset_inet_0 b/tests/shell/testcases/listing/0007ruleset_inet_0
new file mode 100755
index 0000000..257c7a9
--- /dev/null
+++ b/tests/shell/testcases/listing/0007ruleset_inet_0
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# listing ruleset per family
+
+EXPECTED="table inet test {
+}"
+
+set -e
+
+$NFT add table ip test
+$NFT add table ip6 test
+$NFT add table inet test
+$NFT add table arp test
+$NFT add table bridge test
+
+GET="$($NFT list ruleset inet)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0008ruleset_arp_0 b/tests/shell/testcases/listing/0008ruleset_arp_0
new file mode 100755
index 0000000..be42c47
--- /dev/null
+++ b/tests/shell/testcases/listing/0008ruleset_arp_0
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# listing ruleset per family
+
+EXPECTED="table arp test {
+}"
+
+set -e
+
+$NFT add table ip test
+$NFT add table ip6 test
+$NFT add table inet test
+$NFT add table arp test
+$NFT add table bridge test
+
+GET="$($NFT list ruleset arp)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0009ruleset_bridge_0 b/tests/shell/testcases/listing/0009ruleset_bridge_0
new file mode 100755
index 0000000..c6a99f5
--- /dev/null
+++ b/tests/shell/testcases/listing/0009ruleset_bridge_0
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# listing ruleset per family
+
+EXPECTED="table bridge test {
+}"
+
+set -e
+
+$NFT add table ip test
+$NFT add table ip6 test
+$NFT add table inet test
+$NFT add table arp test
+$NFT add table bridge test
+
+GET="$($NFT list ruleset bridge)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0010sets_0 b/tests/shell/testcases/listing/0010sets_0
new file mode 100755
index 0000000..0f5f2bd
--- /dev/null
+++ b/tests/shell/testcases/listing/0010sets_0
@@ -0,0 +1,62 @@
+#!/bin/bash
+
+# listing all sets
+
+EXPECTED="table ip nat {
+	set ssh {
+		type ipv4_addr
+	}
+}
+table ip6 test {
+	set testset {
+		type ipv6_addr
+	}
+}
+table arp test_arp {
+	set test_set_arp00 {
+		type inet_service
+	}
+	set test_set_arp01 {
+		type inet_service
+		flags constant
+	}
+}
+table bridge test_bridge {
+	set test_set_bridge {
+		type inet_service
+	}
+}
+table inet filter {
+	set set0 {
+		type inet_service
+	}
+	set set1 {
+		type inet_service
+		flags constant
+	}
+	set set2 {
+		type icmpv6_type
+	}
+}"
+
+set -e
+
+$NFT add table ip nat
+$NFT add set ip nat ssh { type ipv4_addr \; }
+$NFT add table ip6 test
+$NFT add set ip6 test testset { type ipv6_addr \; }
+$NFT add table arp test_arp
+$NFT add set arp test_arp test_set_arp00 { type inet_service \; }
+$NFT add set arp test_arp test_set_arp01 { type inet_service \; flags constant \; }
+$NFT add table bridge test_bridge
+$NFT add set bridge test_bridge test_set_bridge { type inet_service \; }
+$NFT add table inet filter
+$NFT add set inet filter set0 { type inet_service \; }
+$NFT add set inet filter set1 { type inet_service \; flags constant \; }
+$NFT add set inet filter set2 { type icmpv6_type \; }
+
+GET="$($NFT list sets)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0011sets_0 b/tests/shell/testcases/listing/0011sets_0
new file mode 100755
index 0000000..b6f12b5
--- /dev/null
+++ b/tests/shell/testcases/listing/0011sets_0
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# listing all sets, no anonymous sets allowed
+
+EXPECTED="table ip nat {
+}
+table ip6 test {
+}
+table arp test_arp {
+}
+table bridge test_bridge {
+}
+table inet filter {
+}"
+
+set -e
+
+$NFT add table ip nat
+$NFT add chain ip nat test
+$NFT add rule ip nat test tcp dport {123, 321}
+
+$NFT add table ip6 test
+$NFT add chain ip6 test test
+$NFT add rule ip6 test test udp sport {123, 321}
+
+$NFT add table arp test_arp
+$NFT add chain arp test_arp test
+$NFT add rule arp test_arp test meta mark {123, 321}
+
+$NFT add table bridge test_bridge
+$NFT add chain bridge test_bridge test
+$NFT add rule bridge test_bridge test ip daddr {1.1.1.1, 2.2.2.2}
+
+$NFT add table inet filter
+$NFT add chain inet filter test
+$NFT add rule inet filter test tcp dport {80, 443}
+
+GET="$($NFT list sets)"
+
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0012sets_0 b/tests/shell/testcases/listing/0012sets_0
new file mode 100755
index 0000000..6e4c959
--- /dev/null
+++ b/tests/shell/testcases/listing/0012sets_0
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# listing all sets, filtering by family
+
+EXPECTED="table inet filter {
+	set set0 {
+		type inet_service
+	}
+	set set1 {
+		type inet_service
+		flags constant
+	}
+	set set2 {
+		type icmpv6_type
+	}
+}"
+
+set -e
+
+$NFT add table ip nat
+$NFT add set ip nat ssh { type ipv4_addr \; }
+$NFT add table ip6 test
+$NFT add set ip6 test testset { type ipv6_addr \; }
+$NFT add table arp test_arp
+$NFT add set arp test_arp test_set_arp00 { type inet_service \; }
+$NFT add set arp test_arp test_set_arp01 { type inet_service \; flags constant \; }
+$NFT add table bridge test_bridge
+$NFT add set bridge test_bridge test_set_bridge { type inet_service \; }
+$NFT add table inet filter
+$NFT add set inet filter set0 { type inet_service \; }
+$NFT add set inet filter set1 { type inet_service \; flags constant \; }
+$NFT add set inet filter set2 { type icmpv6_type \; }
+
+GET="$($NFT list sets inet)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0013objects_0 b/tests/shell/testcases/listing/0013objects_0
new file mode 100755
index 0000000..c78ada9
--- /dev/null
+++ b/tests/shell/testcases/listing/0013objects_0
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -e
+
+$NFT add table test
+$NFT add chain test input
+$NFT add quota test https-quota 25 mbytes
+$NFT add ct helper test cthelp { type \"sip\" protocol tcp \; }
+if [ "$NFT_TEST_HAVE_cttimeout" != n ] ; then
+	$NFT add ct timeout test cttime { protocol udp \; policy = {replied : 12, unreplied : 15 } \; }
+fi
+if [ "$NFT_TEST_HAVE_ctexpect" != n ] ; then
+	$NFT add ct expectation test ctexpect { protocol tcp \; dport 5432 \; timeout 1h \; size 12 \; }
+fi
+
+if [ "$NFT_TEST_HAVE_cttimeout" = n ] ; then
+	echo "Ran partial test due to NFT_TEST_HAVE_cttimeout=n (skipped)"
+	exit 77
+fi
+if [ "$NFT_TEST_HAVE_ctexpect" = n ] ; then
+	echo "Ran partial test due to NFT_TEST_HAVE_ctexpect=n (skipped)"
+	exit 77
+fi
diff --git a/tests/shell/testcases/listing/0014objects_0 b/tests/shell/testcases/listing/0014objects_0
new file mode 100755
index 0000000..31d94f8
--- /dev/null
+++ b/tests/shell/testcases/listing/0014objects_0
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# list only the object asked for with table
+
+EXPECTED="table ip test {
+	quota https-quota {
+		25 mbytes
+	}
+}"
+
+set -e
+
+$NFT add table test
+$NFT add quota test https-quota 25 mbytes
+$NFT add ct helper test cthelp { type \"sip\" protocol tcp \; }
+$NFT add table test-ip
+
+GET="$($NFT list quotas)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
+
+GET="$($NFT list quota test https-quota)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
+
diff --git a/tests/shell/testcases/listing/0015dynamic_0 b/tests/shell/testcases/listing/0015dynamic_0
new file mode 100755
index 0000000..65fbe62
--- /dev/null
+++ b/tests/shell/testcases/listing/0015dynamic_0
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# list only the object asked for with table
+
+EXPECTED="table ip filter {
+	set test_set {
+		type ipv4_addr . inet_service . ipv4_addr . inet_service . inet_proto
+		size 100000
+		flags dynamic,timeout
+	}
+}"
+
+set -e
+
+$NFT -f - <<< "$EXPECTED"
+
+GET="$($NFT list set ip filter test_set)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
+
+$NFT flush set ip filter test_set
diff --git a/tests/shell/testcases/listing/0016anonymous_0 b/tests/shell/testcases/listing/0016anonymous_0
new file mode 100755
index 0000000..83acbcc
--- /dev/null
+++ b/tests/shell/testcases/listing/0016anonymous_0
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+$NFT add table x
+$NFT add chain x y
+$NFT add rule x y ip saddr { 1.1.1.1 }
+$NFT add rule x y meta mark set ip saddr map { 1.1.1.1 : 2 }
+
+$NFT list set x __set0 &>/dev/null
+ret=$?
+if [ $ret -eq 0 ]
+then
+	exit 1
+fi
+
+$NFT flush set x __set0 &>/dev/null
+ret=$?
+if [ $ret -eq 0 ]
+then
+	exit 1
+fi
+
+$NFT list map x __map0 &>/dev/null
+if [ $ret -eq 0 ]
+then
+	exit 1
+fi
+
+$NFT flush map x __map0 &>/dev/null
+ret=$?
+if [ $ret -eq 0 ]
+then
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0017objects_0 b/tests/shell/testcases/listing/0017objects_0
new file mode 100755
index 0000000..c4e72db
--- /dev/null
+++ b/tests/shell/testcases/listing/0017objects_0
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+EXPECTED="table inet filter {
+	map countermap {
+		type ipv4_addr : counter
+	}
+}"
+
+set -e
+
+$NFT -f - <<< "$EXPECTED"
+$NFT flush map inet filter countermap
+
+GET="$($NFT list map inet filter countermap)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0018data_0 b/tests/shell/testcases/listing/0018data_0
new file mode 100755
index 0000000..4af253d
--- /dev/null
+++ b/tests/shell/testcases/listing/0018data_0
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+EXPECTED="table inet filter {
+	map ipmap {
+		type ipv4_addr : ipv4_addr
+	}
+}"
+
+set -e
+
+$NFT -f - <<< "$EXPECTED"
+$NFT flush map inet filter ipmap
+
+GET="$($NFT list map inet filter ipmap)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0019set_0 b/tests/shell/testcases/listing/0019set_0
new file mode 100755
index 0000000..6e8cb4d
--- /dev/null
+++ b/tests/shell/testcases/listing/0019set_0
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+EXPECTED="table inet filter {
+	set ipset {
+		type ipv4_addr
+	}
+}"
+
+set -e
+
+$NFT -f - <<< "$EXPECTED"
+$NFT flush set inet filter ipset
+
+GET="$($NFT list set inet filter ipset)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/0020flowtable_0 b/tests/shell/testcases/listing/0020flowtable_0
new file mode 100755
index 0000000..6eb82cf
--- /dev/null
+++ b/tests/shell/testcases/listing/0020flowtable_0
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# list only the flowtable asked for with table
+
+set -e
+
+FLOWTABLES="flowtable f {
+	hook ingress priority filter
+	devices = { lo }
+}
+flowtable f2 {
+	hook ingress priority filter
+	devices = { d0 }
+}"
+
+RULESET="table inet filter {
+	$FLOWTABLES
+}
+table ip filter {
+	$FLOWTABLES
+}"
+
+EXPECTED="table inet filter {
+	flowtable f {
+		hook ingress priority filter
+		devices = { lo }
+	}
+}"
+EXPECTED2="table ip filter {
+	flowtable f2 {
+		hook ingress priority filter
+		devices = { d0 }
+	}
+}"
+EXPECTED3="table ip filter {
+	flowtable f {
+		hook ingress priority filter
+		devices = { lo }
+	}
+	flowtable f2 {
+		hook ingress priority filter
+		devices = { d0 }
+	}
+}"
+
+iface_cleanup() {
+	ip link del d0 &>/dev/null || :
+}
+trap 'iface_cleanup' EXIT
+iface_cleanup
+
+ip link add d0 type dummy
+
+$NFT -f - <<< "$RULESET"
+
+GET="$($NFT list flowtable inet filter f)"
+$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+
+GET="$($NFT list flowtable ip filter f2)"
+$DIFF -u <(echo "$EXPECTED2") <(echo "$GET")
+
+GET="$($NFT list flowtables ip)"
+$DIFF -u <(echo "$EXPECTED3") <(echo "$GET")
diff --git a/tests/shell/testcases/listing/0021ruleset_json_terse_0 b/tests/shell/testcases/listing/0021ruleset_json_terse_0
new file mode 100755
index 0000000..98a7ce8
--- /dev/null
+++ b/tests/shell/testcases/listing/0021ruleset_json_terse_0
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+$NFT flush ruleset
+$NFT add table ip test
+$NFT add chain ip test c
+$NFT add set ip test s { type ipv4_addr\; }
+$NFT add element ip test s { 192.168.3.4, 192.168.3.5 }
+
+if [ "$NFT_TEST_HAVE_json" != n ]; then
+	if $NFT -j -t list ruleset | grep '192\.168'
+	then
+		exit 1
+	fi
+fi
+
+if [ "$NFT_TEST_HAVE_json" = n ]; then
+    echo "Test partially skipped due to missing JSON support."
+    exit 77
+fi
diff --git a/tests/shell/testcases/listing/0022terse_0 b/tests/shell/testcases/listing/0022terse_0
new file mode 100755
index 0000000..4841771
--- /dev/null
+++ b/tests/shell/testcases/listing/0022terse_0
@@ -0,0 +1,69 @@
+#!/bin/bash
+
+RULESET="table inet filter {
+	set example {
+		type ipv4_addr
+		flags interval
+		elements = { 10.10.10.10, 10.10.11.11 }
+	}
+
+	chain input {
+		type filter hook prerouting priority filter; policy accept;
+		ip saddr != { 10.10.10.100, 10.10.10.111 } ip saddr @example drop
+	}
+}"
+
+set -e
+
+$NFT -f - <<< "$RULESET"
+
+GET="$($NFT list ruleset)"
+if [ "$RULESET" != "$GET" ] ; then
+	$DIFF -u <(echo "$RULESET") <(echo "$GET")
+	exit 1
+fi
+
+EXPECTED="table inet filter {
+	set example {
+		type ipv4_addr
+		flags interval
+	}
+
+	chain input {
+		type filter hook prerouting priority filter; policy accept;
+		ip saddr != { 10.10.10.100, 10.10.10.111 } ip saddr @example drop
+	}
+}"
+
+GET="$($NFT -t list ruleset)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
+
+EXPECTED="table inet filter {
+	set example {
+		type ipv4_addr
+		flags interval
+		elements = { 10.10.10.10, 10.10.11.11 }
+	}
+}"
+
+GET="$($NFT list set inet filter example)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
+
+EXPECTED="table inet filter {
+	set example {
+		type ipv4_addr
+		flags interval
+	}
+}"
+
+GET="$($NFT -t list set inet filter example)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
diff --git a/tests/shell/testcases/listing/dumps/0001ruleset_0.nft b/tests/shell/testcases/listing/dumps/0001ruleset_0.nft
new file mode 100644
index 0000000..1c9f40c
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0001ruleset_0.nft
@@ -0,0 +1,2 @@
+table ip test {
+}
diff --git a/tests/shell/testcases/listing/dumps/0002ruleset_0.nft b/tests/shell/testcases/listing/dumps/0002ruleset_0.nft
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0002ruleset_0.nft
diff --git a/tests/shell/testcases/listing/dumps/0003table_0.nft b/tests/shell/testcases/listing/dumps/0003table_0.nft
new file mode 100644
index 0000000..1c9f40c
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0003table_0.nft
@@ -0,0 +1,2 @@
+table ip test {
+}
diff --git a/tests/shell/testcases/listing/dumps/0004table_0.nft b/tests/shell/testcases/listing/dumps/0004table_0.nft
new file mode 100644
index 0000000..56d035d
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0004table_0.nft
@@ -0,0 +1,4 @@
+table ip test {
+}
+table ip test2 {
+}
diff --git a/tests/shell/testcases/listing/dumps/0005ruleset_ip_0.nft b/tests/shell/testcases/listing/dumps/0005ruleset_ip_0.nft
new file mode 100644
index 0000000..c37261b
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0005ruleset_ip_0.nft
@@ -0,0 +1,10 @@
+table ip test {
+}
+table ip6 test {
+}
+table inet test {
+}
+table arp test {
+}
+table bridge test {
+}
diff --git a/tests/shell/testcases/listing/dumps/0006ruleset_ip6_0.nft b/tests/shell/testcases/listing/dumps/0006ruleset_ip6_0.nft
new file mode 100644
index 0000000..c37261b
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0006ruleset_ip6_0.nft
@@ -0,0 +1,10 @@
+table ip test {
+}
+table ip6 test {
+}
+table inet test {
+}
+table arp test {
+}
+table bridge test {
+}
diff --git a/tests/shell/testcases/listing/dumps/0007ruleset_inet_0.nft b/tests/shell/testcases/listing/dumps/0007ruleset_inet_0.nft
new file mode 100644
index 0000000..c37261b
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0007ruleset_inet_0.nft
@@ -0,0 +1,10 @@
+table ip test {
+}
+table ip6 test {
+}
+table inet test {
+}
+table arp test {
+}
+table bridge test {
+}
diff --git a/tests/shell/testcases/listing/dumps/0008ruleset_arp_0.nft b/tests/shell/testcases/listing/dumps/0008ruleset_arp_0.nft
new file mode 100644
index 0000000..c37261b
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0008ruleset_arp_0.nft
@@ -0,0 +1,10 @@
+table ip test {
+}
+table ip6 test {
+}
+table inet test {
+}
+table arp test {
+}
+table bridge test {
+}
diff --git a/tests/shell/testcases/listing/dumps/0009ruleset_bridge_0.nft b/tests/shell/testcases/listing/dumps/0009ruleset_bridge_0.nft
new file mode 100644
index 0000000..c37261b
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0009ruleset_bridge_0.nft
@@ -0,0 +1,10 @@
+table ip test {
+}
+table ip6 test {
+}
+table inet test {
+}
+table arp test {
+}
+table bridge test {
+}
diff --git a/tests/shell/testcases/listing/dumps/0010sets_0.nft b/tests/shell/testcases/listing/dumps/0010sets_0.nft
new file mode 100644
index 0000000..7303c40
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0010sets_0.nft
@@ -0,0 +1,39 @@
+table ip nat {
+	set ssh {
+		type ipv4_addr
+	}
+}
+table ip6 test {
+	set testset {
+		type ipv6_addr
+	}
+}
+table arp test_arp {
+	set test_set_arp00 {
+		type inet_service
+	}
+
+	set test_set_arp01 {
+		type inet_service
+		flags constant
+	}
+}
+table bridge test_bridge {
+	set test_set_bridge {
+		type inet_service
+	}
+}
+table inet filter {
+	set set0 {
+		type inet_service
+	}
+
+	set set1 {
+		type inet_service
+		flags constant
+	}
+
+	set set2 {
+		type icmpv6_type
+	}
+}
diff --git a/tests/shell/testcases/listing/dumps/0011sets_0.nft b/tests/shell/testcases/listing/dumps/0011sets_0.nft
new file mode 100644
index 0000000..4d0aeaf
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0011sets_0.nft
@@ -0,0 +1,25 @@
+table ip nat {
+	chain test {
+		tcp dport { 123, 321 }
+	}
+}
+table ip6 test {
+	chain test {
+		udp sport { 123, 321 }
+	}
+}
+table arp test_arp {
+	chain test {
+		meta mark { 0x0000007b, 0x00000141 }
+	}
+}
+table bridge test_bridge {
+	chain test {
+		ip daddr { 1.1.1.1, 2.2.2.2 }
+	}
+}
+table inet filter {
+	chain test {
+		tcp dport { 80, 443 }
+	}
+}
diff --git a/tests/shell/testcases/listing/dumps/0012sets_0.nft b/tests/shell/testcases/listing/dumps/0012sets_0.nft
new file mode 100644
index 0000000..7303c40
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0012sets_0.nft
@@ -0,0 +1,39 @@
+table ip nat {
+	set ssh {
+		type ipv4_addr
+	}
+}
+table ip6 test {
+	set testset {
+		type ipv6_addr
+	}
+}
+table arp test_arp {
+	set test_set_arp00 {
+		type inet_service
+	}
+
+	set test_set_arp01 {
+		type inet_service
+		flags constant
+	}
+}
+table bridge test_bridge {
+	set test_set_bridge {
+		type inet_service
+	}
+}
+table inet filter {
+	set set0 {
+		type inet_service
+	}
+
+	set set1 {
+		type inet_service
+		flags constant
+	}
+
+	set set2 {
+		type icmpv6_type
+	}
+}
diff --git a/tests/shell/testcases/listing/dumps/0013objects_0.nft b/tests/shell/testcases/listing/dumps/0013objects_0.nft
new file mode 100644
index 0000000..427db26
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0013objects_0.nft
@@ -0,0 +1,27 @@
+table ip test {
+	quota https-quota {
+		25 mbytes
+	}
+
+	ct helper cthelp {
+		type "sip" protocol tcp
+		l3proto ip
+	}
+
+	ct timeout cttime {
+		protocol udp
+		l3proto ip
+		policy = { unreplied : 15s, replied : 12s }
+	}
+
+	ct expectation ctexpect {
+		protocol tcp
+		dport 5432
+		timeout 1h
+		size 12
+		l3proto ip
+	}
+
+	chain input {
+	}
+}
diff --git a/tests/shell/testcases/listing/dumps/0014objects_0.nft b/tests/shell/testcases/listing/dumps/0014objects_0.nft
new file mode 100644
index 0000000..9281a1a
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0014objects_0.nft
@@ -0,0 +1,12 @@
+table ip test {
+	quota https-quota {
+		25 mbytes
+	}
+
+	ct helper cthelp {
+		type "sip" protocol tcp
+		l3proto ip
+	}
+}
+table ip test-ip {
+}
diff --git a/tests/shell/testcases/listing/dumps/0015dynamic_0.nft b/tests/shell/testcases/listing/dumps/0015dynamic_0.nft
new file mode 100644
index 0000000..0f4244b
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0015dynamic_0.nft
@@ -0,0 +1,7 @@
+table ip filter {
+	set test_set {
+		type ipv4_addr . inet_service . ipv4_addr . inet_service . inet_proto
+		size 100000
+		flags dynamic,timeout
+	}
+}
diff --git a/tests/shell/testcases/listing/dumps/0016anonymous_0.nft b/tests/shell/testcases/listing/dumps/0016anonymous_0.nft
new file mode 100644
index 0000000..cb08933
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0016anonymous_0.nft
@@ -0,0 +1,6 @@
+table ip x {
+	chain y {
+		ip saddr 1.1.1.1
+		meta mark set ip saddr map { 1.1.1.1 : 0x00000002 }
+	}
+}
diff --git a/tests/shell/testcases/listing/dumps/0017objects_0.nft b/tests/shell/testcases/listing/dumps/0017objects_0.nft
new file mode 100644
index 0000000..e60e3af
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0017objects_0.nft
@@ -0,0 +1,5 @@
+table inet filter {
+	map countermap {
+		type ipv4_addr : counter
+	}
+}
diff --git a/tests/shell/testcases/listing/dumps/0018data_0.nft b/tests/shell/testcases/listing/dumps/0018data_0.nft
new file mode 100644
index 0000000..5d31855
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0018data_0.nft
@@ -0,0 +1,5 @@
+table inet filter {
+	map ipmap {
+		type ipv4_addr : ipv4_addr
+	}
+}
diff --git a/tests/shell/testcases/listing/dumps/0019set_0.nft b/tests/shell/testcases/listing/dumps/0019set_0.nft
new file mode 100644
index 0000000..915922c
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0019set_0.nft
@@ -0,0 +1,5 @@
+table inet filter {
+	set ipset {
+		type ipv4_addr
+	}
+}
diff --git a/tests/shell/testcases/listing/dumps/0020flowtable_0.nft b/tests/shell/testcases/listing/dumps/0020flowtable_0.nft
new file mode 100644
index 0000000..4a64e53
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0020flowtable_0.nft
@@ -0,0 +1,20 @@
+table inet filter {
+	flowtable f {
+		hook ingress priority filter
+		devices = { lo }
+	}
+
+	flowtable f2 {
+		hook ingress priority filter
+	}
+}
+table ip filter {
+	flowtable f {
+		hook ingress priority filter
+		devices = { lo }
+	}
+
+	flowtable f2 {
+		hook ingress priority filter
+	}
+}
diff --git a/tests/shell/testcases/listing/dumps/0021ruleset_json_terse_0.nft b/tests/shell/testcases/listing/dumps/0021ruleset_json_terse_0.nft
new file mode 100644
index 0000000..13c8ac6
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0021ruleset_json_terse_0.nft
@@ -0,0 +1,9 @@
+table ip test {
+	set s {
+		type ipv4_addr
+		elements = { 192.168.3.4, 192.168.3.5 }
+	}
+
+	chain c {
+	}
+}
diff --git a/tests/shell/testcases/listing/dumps/0022terse_0.nft b/tests/shell/testcases/listing/dumps/0022terse_0.nft
new file mode 100644
index 0000000..40665cb
--- /dev/null
+++ b/tests/shell/testcases/listing/dumps/0022terse_0.nft
@@ -0,0 +1,12 @@
+table inet filter {
+	set example {
+		type ipv4_addr
+		flags interval
+		elements = { 10.10.10.10, 10.10.11.11 }
+	}
+
+	chain input {
+		type filter hook prerouting priority filter; policy accept;
+		ip saddr != { 10.10.10.100, 10.10.10.111 } ip saddr @example drop
+	}
+}