got following bug report:
nft add ... ct mark set mark and 0x10
... always sets 0.
What reporter meant to write instead was 'ct mark',
not 'mark'.
We can't just remove support for 'mark' and force
'meta mark', but we can start to discourage it by always
printing the longer form.
Later on, we could start to print deprecation warning if needed.
NB: Patch causes gazillion of test case warnings, I would fix those
up of course.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
doc/nft.xml | 2 +-
src/meta.c | 33 ++-------------------------------
2 files changed, 3 insertions(+), 32 deletions(-)
diff --git a/doc/nft.xml b/doc/nft.xml
index dc93a8c65784..a7fec132430b 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -3086,7 +3086,7 @@ filter prerouting fib saddr . iif oif missing drop
filter prerouting fib daddr . iif type != { local, broadcast, multicast } drop
# perform lookup in a specific 'blackhole' table (0xdead, needs ip appropriate ip rule)
-filter prerouting meta mark set 0xdead fib daddr . mark type vmap { blackhole : drop, prohibit : jump prohibited, unreachable : drop }
+filter prerouting meta mark set 0xdead fib daddr . meta mark type vmap { blackhole : drop, prohibit : jump prohibited, unreachable : drop }
</programlisting>
</example>
</para>
diff --git a/src/meta.c b/src/meta.c
index ff0cb122d7df..a67e8fa314f5 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -446,32 +446,9 @@ const struct meta_template meta_templates[] = {
BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN),
};
-static bool meta_key_is_qualified(enum nft_meta_keys key)
-{
- switch (key) {
- case NFT_META_LEN:
- case NFT_META_NFPROTO:
- case NFT_META_L4PROTO:
- case NFT_META_PROTOCOL:
- case NFT_META_PRIORITY:
- case NFT_META_PRANDOM:
- case NFT_META_SECPATH:
- case NFT_META_BRI_IIFNAME:
- case NFT_META_BRI_OIFNAME:
- return true;
- default:
- return false;
- }
-}
-
static void meta_expr_print(const struct expr *expr, struct output_ctx *octx)
{
- if (meta_key_is_qualified(expr->meta.key))
- nft_print(octx, "meta %s",
- meta_templates[expr->meta.key].token);
- else
- nft_print(octx, "%s",
- meta_templates[expr->meta.key].token);
+ nft_print(octx, "meta %s", meta_templates[expr->meta.key].token);
}
static bool meta_expr_cmp(const struct expr *e1, const struct expr *e2)
@@ -594,13 +571,7 @@ struct expr *meta_expr_alloc(const struct location *loc, enum nft_meta_keys key)
static void meta_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
{
- if (meta_key_is_qualified(stmt->meta.key))
- nft_print(octx, "meta %s set ",
- meta_templates[stmt->meta.key].token);
- else
- nft_print(octx, "%s set ",
- meta_templates[stmt->meta.key].token);
-
+ nft_print(octx, "%s set ", meta_templates[stmt->meta.key].token);
expr_print(stmt->meta.expr, octx);
}
--
2.16.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
