diff options
author | Christian Göttsche <cgzones@googlemail.com> | 2019-11-20 18:43:54 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-11-21 14:24:21 +0100 |
commit | 3a7bdd02207f7ae6cd74af8c313d6d0f8f66f4be (patch) | |
tree | 2b61871c82fd3d51050852eb0a26dc42be99d4ff /src | |
parent | 9f9930e774039c5487a9236a25d9dabd5df39355 (diff) |
statement: make secmark statements idempotent
Currently lines like
ct state new meta secmark set tcp dport map @secmapping_in
becomes
ct state new secmark name tcp dport map @secmapping_in
which is not correct.
Fixes: 3bc84e5c1fdd ("src: add support for setting secmark")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/statement.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/statement.c b/src/statement.c index af84e06c..be35bcef 100644 --- a/src/statement.c +++ b/src/statement.c @@ -233,6 +233,9 @@ static void objref_stmt_print(const struct stmt *stmt, struct output_ctx *octx) case NFT_OBJECT_CT_EXPECT: nft_print(octx, "ct expectation set "); break; + case NFT_OBJECT_SECMARK: + nft_print(octx, "meta secmark set "); + break; default: nft_print(octx, "%s name ", objref_type_name(stmt->objref.type)); |