Any create/update/delete operation that returns a validation or
marshalling error can leave the message batch in an incomplete state
due to short-circuiting. This can result in either:
- Non-atomic transactions if Flush is called (incomplete batch)
- Users being unable to clear the incomplete batch (no API exposed)
This change ensures that errors are collected and deferred until Flush.
Instead of returning immediately, the following methods now append
errors to a slice checked at Flush:
- AddSet
- DelRule
- SetAddElements
See: https://github.com/google/nftables/issues/323
This commit adds integration tests to the nftables package to verify
that the Go code correctly programs nftables rules. The tests use
external nftables scripts to define the expected state and compare
it with the state produced by the Go code.
Change-Id: I9c8439ee462b4882b221e6244f53379b822446dc
Signed-off-by: Antonio Ojea <aojea@google.com>
nickgarlis
Antonio Ojea