git.ipfire.org Git - thirdparty/nftables.git/commit

author	Ana Rey <anarey@gmail.com>
	Mon, 3 Nov 2014 17:10:51 +0000 (18:10 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 10 Nov 2014 17:08:32 +0000 (18:08 +0100)
commit	fecb6b4fa737ae374a738d207fa35f16e3813434
tree	4cd5ebac9ce09a066368b12aa3aff0869dcca84c	tree \| snapshot
parent	47c760a43d755c3973fb1b31044b226c48fa1f2f	commit \| diff

src: Add cgroup support in meta expresion

The new attribute of meta is "cgroup".

Example of use in nft:

# nft add rule ip test output meta cgroup != 0x100001 counter drop

Moreover, this adds tests to the meta.t test file.

The kernel support is addedin the commit:
ce67417 ("netfilter: nft_meta: add cgroup support")

The libnftnl support is add in the commit:
1d4a480 ("expr: meta: Add cgroup support")

More information about the steps to use cgroup:
https://www.kernel.org/doc/Documentation/cgroups/net_cls.txt

More info about cgroup in iptables:
http://git.kernel.org/cgit/linux/kernel/git/pablo/nftables.git/commit/net/netfilter/xt_cgroup.c?id=82a37132f300ea53bdcd812917af5a6329ec80c3

Signed-off-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/linux/netfilter/nf_tables.h		diff \| blob \| blame \| history
src/meta.c		diff \| blob \| blame \| history
src/parser.y		diff \| blob \| blame \| history
src/scanner.l		diff \| blob \| blame \| history
tests/regression/any/meta.t		diff \| blob \| blame \| history