@@ -104,9 +104,6 @@ static const struct ct_template ct_templates[] = {
[NFT_CT_MARK] = CT_TEMPLATE("mark", &mark_type,
BYTEORDER_HOST_ENDIAN,
4 * BITS_PER_BYTE),
- [NFT_CT_SECMARK] = CT_TEMPLATE("secmark", &integer_type,
- BYTEORDER_HOST_ENDIAN,
- 4 * BITS_PER_BYTE),
[NFT_CT_EXPIRATION] = CT_TEMPLATE("expiration", &time_type,
BYTEORDER_HOST_ENDIAN,
4 * BITS_PER_BYTE),
@@ -331,8 +331,6 @@ static const struct meta_template meta_templates[] = {
1 , BYTEORDER_HOST_ENDIAN),
[NFT_META_RTCLASSID] = META_TEMPLATE("rtclassid", &realm_type,
4 * 8, BYTEORDER_HOST_ENDIAN),
- [NFT_META_SECMARK] = META_TEMPLATE("secmark", &integer_type,
- 4 * 8, BYTEORDER_HOST_ENDIAN),
};
static void meta_expr_print(const struct expr *expr)
@@ -294,7 +294,6 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%token SKGID "skgid"
%token NFTRACE "nftrace"
%token RTCLASSID "rtclassid"
-%token SECMARK "secmark"
%token CT "ct"
%token DIRECTION "direction"
@@ -1393,7 +1392,6 @@ meta_key : LENGTH { $$ = NFT_META_LEN; }
| SKGID { $$ = NFT_META_SKGID; }
| NFTRACE { $$ = NFT_META_NFTRACE; }
| RTCLASSID { $$ = NFT_META_RTCLASSID; }
- | SECMARK { $$ = NFT_META_SECMARK; }
;
meta_stmt : META meta_key SET expr
@@ -1412,7 +1410,6 @@ ct_key : STATE { $$ = NFT_CT_STATE; }
| DIRECTION { $$ = NFT_CT_DIRECTION; }
| STATUS { $$ = NFT_CT_STATUS; }
| MARK { $$ = NFT_CT_MARK; }
- | SECMARK { $$ = NFT_CT_SECMARK; }
| EXPIRATION { $$ = NFT_CT_EXPIRATION; }
| HELPER { $$ = NFT_CT_HELPER; }
| L3PROTOCOL { $$ = NFT_CT_L3PROTOCOL; }
@@ -384,7 +384,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"skgid" { return SKGID; }
"nftrace" { return NFTRACE; }
"rtclassid" { return RTCLASSID; }
-"secmark" { return SECMARK; }
"ct" { return CT; }
"direction" { return DIRECTION; }
The secctx should be used instead of the secmark. Remove for now. Signed-off-by: Patrick McHardy <kaber@trash.net> --- src/ct.c | 3 --- src/meta.c | 2 -- src/parser.y | 3 --- src/scanner.l | 1 - 4 files changed, 9 deletions(-)