summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2021-05-10 18:52:45 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2021-05-11 21:39:01 +0200
commit419d196886889e9b37f76f8c803cb08dcbc05505 (patch)
treeeed1e42837a4a55d8cf16e65914b9ae961adddcd /include
parent62b02808594d962f83e8b76f4da32da0673c7cfe (diff)
src: add set element catch-all support
Add a catchall expression (EXPR_SET_ELEM_CATCHALL). Use the asterisk (*) to represent the catch-all set element, e.g. table x { set y { type ipv4_addr counter elements = { 1.2.3.4 counter packets 0 bytes 0, * counter packets 0 bytes 0 } } } Special handling for segtree: zap the catch-all element from the set element list and re-add it after processing. Remove wildcard_expr deadcode in src/parser_bison.y This patch also adds several tests for the tests/py and tests/shell infrastructures. Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/expression.h3
-rw-r--r--include/linux/netfilter/nf_tables.h2
2 files changed, 5 insertions, 0 deletions
diff --git a/include/expression.h b/include/expression.h
index 7e626c48..be703d75 100644
--- a/include/expression.h
+++ b/include/expression.h
@@ -71,6 +71,7 @@ enum expr_types {
EXPR_RT,
EXPR_FIB,
EXPR_XFRM,
+ EXPR_SET_ELEM_CATCHALL,
};
#define EXPR_MAX EXPR_XFRM
@@ -497,6 +498,8 @@ extern struct expr *set_ref_expr_alloc(const struct location *loc,
extern struct expr *set_elem_expr_alloc(const struct location *loc,
struct expr *key);
+struct expr *set_elem_catchall_expr_alloc(const struct location *loc);
+
extern void range_expr_value_low(mpz_t rop, const struct expr *expr);
extern void range_expr_value_high(mpz_t rop, const struct expr *expr);
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 8c85ef8e..894a62cf 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -393,9 +393,11 @@ enum nft_set_attributes {
* enum nft_set_elem_flags - nf_tables set element flags
*
* @NFT_SET_ELEM_INTERVAL_END: element ends the previous interval
+ * @NFT_SET_ELEM_CATCHALL: special catch-all element
*/
enum nft_set_elem_flags {
NFT_SET_ELEM_INTERVAL_END = 0x1,
+ NFT_SET_ELEM_CATCHALL = 0x2,
};
/**