Add update-set operation for delta updates to sets

[pzmarzly]

To avoid passing entire chain on every minor update, let's define a new operation that only takes a delta change, and applies it on bpfilter daemon side.

Notes

Currently every change to a set will nonetheless trigger codegen regeneration and reloading of the BPF program, but we decided it's not an issue worth superoptimizing for. We have some ideas how to make it faster (turn deletions into bpf_map deletions, keep track of bpf_map free storage, grow it exponentially if needed).

Example usage

$ bfcli ruleset set --from-str "
    chain test_xdp BF_HOOK_XDP{ifindex=2} ACCEPT
      set blocked_ips (ip4.saddr) in {192.168.2.1;192.168.2.2}
      rule
        (ip4.saddr) in blocked_ips
        counter
        DROP
  "
$ bfcli chain update-set \
    --name test_xdp \
    --set-name blocked_ips \
    --add 192.168.1.1 --add 192.168.1.2 \
    --remove 192.168.2.1
info   : updated set 'blocked_ips' in chain 'test_xdp'
$ bfcli ruleset get
chain test_xdp BF_HOOK_XDP{ifindex=2} ACCEPT
    counters policy 283 packets 154188 bytes; error 0 packets 0 bytes
    set blocked_ips (ip4.saddr) in {
        192.168.2.2
        192.168.1.1
        192.168.1.2
    }
    rule
        (ip4.saddr) in blocked_ips
        counters 0 packets 0 bytes
        DROP

[yaakov-stein]

I find it's helpful for learning to see how other people add features and the design decisions they make, so I figured I'd give this a look over even though I just joined. Given that I'm still ramping up on the repo, please take any comments with a heavy grain of salt :)

(I didn't look over the tests and wasn't dissecting the code line by line, more just going over it for a general idea.)

Cool feature - looking forward to using it!

[qdeslandes]

Please ensure you review the tests. For the command line arguments:

• The set key format can be fetched from the API
• --set-add and --set-remove should be simplified to --add and --remove
• You should accumulate the arguments from multiple --add and --remove: the user should be able to do `--add "192.168.1.1" --add "192.168.1.2"

[pzmarzly]

Updated:

• changed --set-add {a,b,c} to --add a --add b --add c
• duplicates are not happening anymore, at the cost of scanning linked lists every time
• applied suggestions
• split into more commits to make review easier

[qdeslandes]

• Fix the commit names
• The first commit message is not descriptive of the work done
• Definition and implementation of update-set should be in the same commit
• You need to update the documentation

[qdeslandes]

A few more changes, but the PR looks good. Looking forward to using this!

[qdeslandes]

One last comment, otherwise LGTM!

[qdeslandes]

Ensure opts->to_add or opts->to_remove is not empty, in which case you should return an error.