1 files changed, 78 insertions, 0 deletions

diff --git a/src/test/test-nft-set.c b/src/test/test-nft-set.c
new file mode 100644
index 0000000..bb0c902
--- /dev/null
+++ b/src/test/test-nft-set.c
@@ -0,0 +1,78 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <assert.h>
+#include <unistd.h>
+
+#include "firewall-util.h"
+#include "in-addr-util.h"
+#include "log.h"
+#include "netlink-internal.h"
+#include "parse-util.h"
+#include "string-util.h"
+#include "tests.h"
+
+int main(int argc, char **argv) {
+        int r;
+
+        assert_se(argc == 7);
+
+        test_setup_logging(LOG_DEBUG);
+
+        if (getuid() != 0)
+                return log_tests_skipped("not root");
+
+        int nfproto;
+        nfproto = nfproto_from_string(argv[2]);
+        assert_se(nfproto_is_valid(nfproto));
+
+        const char *table = argv[3], *set = argv[4];
+
+        FirewallContext *ctx;
+        r = fw_ctx_new(&ctx);
+        assert_se(r == 0);
+
+        bool add;
+        if (streq(argv[1], "add"))
+                add = true;
+        else
+                add = false;
+
+        if (streq(argv[5], "uint32")) {
+                uint32_t element;
+
+                r = safe_atou32(argv[6], &element);
+                assert_se(r == 0);
+
+                r = nft_set_element_modify_any(ctx, add, nfproto, table, set, &element, sizeof(element));
+                assert_se(r == 0);
+        } else if (streq(argv[5], "uint64")) {
+                uint64_t element;
+
+                r = safe_atou64(argv[6], &element);
+                assert_se(r == 0);
+
+                r = nft_set_element_modify_any(ctx, add, nfproto, table, set, &element, sizeof(element));
+                assert_se(r == 0);
+        } else if (streq(argv[5], "in_addr")) {
+                union in_addr_union addr;
+                int af;
+
+                r = in_addr_from_string_auto(argv[6], &af, &addr);
+                assert_se(r == 0);
+
+                r = nft_set_element_modify_ip(ctx, add, nfproto, af, table, set, &addr);
+                assert_se(r == 0);
+        } else if (streq(argv[5], "network")) {
+                union in_addr_union addr;
+                int af;
+                unsigned char prefixlen;
+
+                r = in_addr_prefix_from_string_auto(argv[6], &af, &addr, &prefixlen);
+                assert_se(r == 0);
+
+                r = nft_set_element_modify_iprange(ctx, add, nfproto, af, table, set, &addr, prefixlen);
+                assert_se(r == 0);
+        }
+
+        return 0;
+}