Kernel silently accepts input chain filters using meta skuid, meta skgid, meta cgroup or socket cgroupv2 expressions but they don't work yet. Warn the users of this possibility. Signed-off-by: Topi Miettinen <toiwoton@xxxxxxxxx> --- doc/nft.txt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/nft.txt b/doc/nft.txt index f7a53ac9..4820b4ae 100644 --- a/doc/nft.txt +++ b/doc/nft.txt @@ -932,6 +932,11 @@ filter output oif wlan0 ^^^^^^^^^^^^^^^^^^^^^^^ --------------------------------- +Note that the kernel may accept expressions without errors even if it +doesn't implement the feature. For example, input chain filters using +*meta skuid*, *meta skgid*, *meta cgroup* or *socket cgroupv2* +expressions are silently accepted but they don't work yet. + EXIT STATUS ----------- On success, nft exits with a status of 0. Unspecified errors cause it to exit base-commit: 6fa4ff56385831f01bd9d993178969a4eddbcdbf -- 2.35.1
