src: add set element catch-all support

Add a catchall expression (EXPR_SET_ELEM_CATCHALL). Use the asterisk (*) to represent the catch-all set element, e.g. table x { set y { type ipv4_addr counter elements = { 1.2.3.4 counter packets 0 bytes 0, * counter packets 0 bytes 0 } } } Special handling for segtree: zap the catch-all element from the set element list and re-add it after processing. Remove wildcard_expr deadcode in src/parser_bison.y This patch also adds several tests for the tests/py and tests/shell infrastructures. Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2021-05-10 18:52:45 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-05-11 21:39:01 +0200
commit: 419d196886889e9b37f76f8c803cb08dcbc05505 (patch)
tree: eed1e42837a4a55d8cf16e65914b9ae961adddcd /include/linux/netfilter/nf_tables.h
parent: 62b02808594d962f83e8b76f4da32da0673c7cfe (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 8c85ef8e..894a62cf 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -393,9 +393,11 @@ enum nft_set_attributes {
  * enum nft_set_elem_flags - nf_tables set element flags
  *
  * @NFT_SET_ELEM_INTERVAL_END: element ends the previous interval
+ * @NFT_SET_ELEM_CATCHALL: special catch-all element
  */
 enum nft_set_elem_flags {
 	NFT_SET_ELEM_INTERVAL_END	= 0x1,
+	NFT_SET_ELEM_CATCHALL		= 0x2,
 };
 
 /**
author	Pablo Neira Ayuso <pablo@netfilter.org>	2021-05-10 18:52:45 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-05-11 21:39:01 +0200
commit	419d196886889e9b37f76f8c803cb08dcbc05505 (patch)
tree	eed1e42837a4a55d8cf16e65914b9ae961adddcd /include/linux/netfilter/nf_tables.h
parent	62b02808594d962f83e8b76f4da32da0673c7cfe (diff)