statement: make secmark statements idempotent

Currently lines like

    ct state new meta secmark set tcp dport map @secmapping_in

becomes

    ct state new secmark name tcp dport map @secmapping_in

which is not correct.

Fixes: 3bc84e5c1fdd ("src: add support for setting secmark")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/statement.c b/src/statement.c
index af84e06c971e81161fd1c66af815e7a9b2102d83..be35bceff19abc2c542f83e9c7446490711d12e2 100644 (file)
--- a/src/statement.c
+++ b/src/statement.c
@@ -233,6 +233,9 @@ static void objref_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
        case NFT_OBJECT_CT_EXPECT:
                nft_print(octx, "ct expectation set ");
                break;
+       case NFT_OBJECT_SECMARK:
+               nft_print(octx, "meta secmark set ");
+               break;
        default:
                nft_print(octx, "%s name ",
                          objref_type_name(stmt->objref.type));