The kernel support is add in the commit:
netfilter: nft_meta: add cgroup support
Signed-off-by: Ana Rey <anarey@xxxxxxxxx>
---
include/linux/netfilter/nf_tables.h | 2 ++
src/expr/meta.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index bb21315..a8d3a49 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -579,6 +579,7 @@ enum nft_exthdr_attributes {
* @NFT_META_CPU: cpu id through smp_processor_id()
* @NFT_META_IIFGROUP: packet input interface group
* @NFT_META_OIFGROUP: packet output interface group
+ * @NFT_META_CGROUP: packet cgroup (skb->sk->sk_classid)
*/
enum nft_meta_keys {
NFT_META_LEN,
@@ -604,6 +605,7 @@ enum nft_meta_keys {
NFT_META_CPU,
NFT_META_IIFGROUP,
NFT_META_OIFGROUP,
+ NFT_META_CGROUP,
};
/**
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 5b5159f..59cb55b 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -23,7 +23,7 @@
#include "expr_ops.h"
#ifndef NFT_META_MAX
-#define NFT_META_MAX (NFT_META_OIFGROUP + 1)
+#define NFT_META_MAX (NFT_META_CGROUP + 1)
#endif
struct nft_expr_meta {
@@ -157,6 +157,7 @@ static const char *meta_key2str_array[NFT_META_MAX] = {
[NFT_META_CPU] = "cpu",
[NFT_META_IIFGROUP] = "iifgroup",
[NFT_META_OIFGROUP] = "oifgroup",
+ [NFT_META_CGROUP] = "cgroup",
};
static const char *meta_key2str(uint8_t key)
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
