Hi Tejun, On 11/21/2015 05:13 PM, Tejun Heo wrote: > Signed-off-by: Tejun Heo <tj@xxxxxxxxxx> > Cc: Daniel Borkmann <daniel@xxxxxxxxxxxxx> > Cc: Daniel Wagner <daniel.wagner@xxxxxxxxxxxx> I did a quick test and for new connection the cgroup2 match worked as expected. For an existing connection I wasn't able to trigger the match. It is quite likely I do something wrong: ssh into the box # mkdir /sys/fs/cgroup/test # echo $$ > /sys/fs/cgroup/test/cgroup.procs # echo $PPID > /sys/fs/cgroup/test/cgroup.procs # iptables -A OUTPUT -m cgroup --path test Should I see matches with the existing ssh session? cheers, daniel -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
