doc: note meta cgroup returns zero on cgroupv2-only hosts

Commit 2ff29969 ("doc: Clarify cgroup meta variable") corrected the
terminology and pointed readers to socket cgroupv2. The man page still
gives no indication that meta cgroup silently returns zero on
cgroupv2-only hosts with CONFIG_CGROUP_NET_CLASSID=y (the distribution
default) and no active net_cls hierarchy, the common configuration
on modern systems. Rules load without error and match nothing.

Make the behaviour explicit in the meta expression types table.

Signed-off-by: Avinash H. Duduskar <avinashhd@protonmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index bd80cd7f92fda5777eaed7b31ce2058c0788ef00..f09817fee8799f7943d524d6e99114023b8bf07a 100644 (file)
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -117,7 +117,8 @@ devgroup
 outgoing device group|
 devgroup
 |cgroup|
-control group net_cls.classid (for matching on cgroupv2, see *socket cgroupv2*)|
+control group net_cls.classid; reads zero on cgroupv2-only hosts without an
+active net_cls hierarchy (for matching on cgroupv2, see *socket cgroupv2*)|
 integer (32 bit)
 |random|
 pseudo-random number|