&default not working for table[pattern]

[JustinAzoff]

global pattern_table: table[pattern] of set[subnet] = {
    [
    /test.*/
    ] = set(
        1.1.1.1/32,
        2.2.2.2/32,
        3.3.3.3/32)
} &default=set(4.4.4.4/32);

global string_table: table[string] of set[subnet] = {
    [
    "test"
    ] = set(
        1.1.1.1/32,
        2.2.2.2/32,
        3.3.3.3/32)
} &default=set(4.4.4.4/32);

event zeek_init()
{
    print pattern_table["testing one two"];
    print "should be 4.4.4.4", pattern_table["foo"];
    print "";

    print string_table["test"];
    print "should be 4.4.4.4",  string_table["foo"];
}

outputs

[{
1.1.1.1/32,
2.2.2.2/32,
3.3.3.3/32
}]
should be 4.4.4.4, []

{
1.1.1.1/32,
2.2.2.2/32,
3.3.3.3/32
}
should be 4.4.4.4, {
4.4.4.4/32
}

[awelzel]

Hmm, hmm - pattern_table[/test.*/] ~would do~ does the expected thing. It's the special string lookup matching doesn't take &default into account.

I could see two reasons for keeping it, but at least documenting the behavior. One, &default_insert can't be made to work (we wouldn't know what pattern to insert on mismatch), so that may be surprising asymmetric. The other, the special lookup of pattern tables is comparable to the matching_subnets() bif behavior for table[subnet] - it doesn't take &default into account either.

But that's just my hunch. Paging @ckreibich / @vpax :-)

[JustinAzoff]

Ah, I didn't know table[subnet] also didn't support a default, I guess I've done that in the past by adding a catch-all for 0.0.0.0/0

[vpax]

Yeah I think your points @awelzel are apt. This is additional functionality on top of the usual functionality, so it doesn't fit readily into the overall &default framework