Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
.../optimizations/dumps/single_anon_set.nft | 12 ++++++++
.../single_anon_set.replace-single-anon-sets | 12 ++++++++
.../testcases/optimizations/single_anon_set | 30 +++++++++++++++++++
3 files changed, 54 insertions(+)
create mode 100644 tests/shell/testcases/optimizations/dumps/single_anon_set.nft
create mode 100644 tests/shell/testcases/optimizations/dumps/single_anon_set.replace-single-anon-sets
create mode 100755 tests/shell/testcases/optimizations/single_anon_set
diff --git a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft
new file mode 100644
index 000000000000..5320bcfc360a
--- /dev/null
+++ b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft
@@ -0,0 +1,12 @@
+table ip test {
+ chain test {
+ ip saddr { 127.0.0.1 } accept
+ ip saddr { 127.0.0.0/8 } accept
+ ip saddr { 127.0.0.1-192.168.7.3 } accept
+ ip daddr { 192.168.7.1, 192.168.7.5 } accept
+ tcp dport { 80, 443 } accept
+ tcp dport != { 22 } drop
+ tcp sport { 1-1023 } drop
+ iif { "lo" } accept
+ }
+}
diff --git a/tests/shell/testcases/optimizations/dumps/single_anon_set.replace-single-anon-sets b/tests/shell/testcases/optimizations/dumps/single_anon_set.replace-single-anon-sets
new file mode 100644
index 000000000000..b9afa245fc16
--- /dev/null
+++ b/tests/shell/testcases/optimizations/dumps/single_anon_set.replace-single-anon-sets
@@ -0,0 +1,12 @@
+table ip test {
+ chain test {
+ ip saddr 127.0.0.1 accept
+ ip saddr 127.0.0.0/8 accept
+ ip saddr 127.0.0.1-192.168.7.3 accept
+ ip daddr { 192.168.7.1, 192.168.7.5 } accept
+ tcp dport { 80, 443 } accept
+ tcp dport != 22 drop
+ tcp sport 1-1023 drop
+ iif "lo" accept
+ }
+}
diff --git a/tests/shell/testcases/optimizations/single_anon_set b/tests/shell/testcases/optimizations/single_anon_set
new file mode 100755
index 000000000000..81c8533b2a57
--- /dev/null
+++ b/tests/shell/testcases/optimizations/single_anon_set
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -e
+
+# Input file contains rules with anon sets that contain
+# one element, plus extra rule with two elements (that should be
+# left alone).
+
+# Second file contains a postprocessed version with rules
+# translated to simple equality test rather than set lookup.
+dumpfile=$(dirname $0)/dumps/$(basename $0).nft
+dumpfile_pp=$(dirname $0)/dumps/$(basename $0).replace-single-anon-sets
+
+$NFT -O replace-single-anon-sets -f "$dumpfile"
+A=$(mktemp)
+$NFT list ruleset > "$A"
+
+# This checks that -O no-remove... kept all auto-generated
+# dependencies, even though the imported file doesn't
+# mention them.
+
+diff -u "$A" "$dumpfile_pp"
+ret=$?
+
+rm -f "$A"
+
+$NFT delete table ip test
+$NFT -f "$dumpfile"
+
+exit $ret
--
2.26.3
