expr: meta: Add cgroup support

The kernel support is add in the commit: netfilter: nft_meta: add cgroup support Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Ana Rey <anarey@gmail.com> 2014-11-03 18:10:49 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2014-11-10 18:03:52 +0100
commit: 1d4a4808bb967532a30230f1957236586ab6f2b6 (patch)
tree: de0db67905fb34f599e4d3ead4fe1ff73e18a1fa /include/linux
parent: d69d742abcd7358b67036053ed1e441f5150c333 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index bb21315..832bc46 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -579,6 +579,7 @@ enum nft_exthdr_attributes {
  * @NFT_META_CPU: cpu id through smp_processor_id()
  * @NFT_META_IIFGROUP: packet input interface group
  * @NFT_META_OIFGROUP: packet output interface group
+ * @NFT_META_CGROUP: socket control group (skb->sk->sk_classid)
  */
 enum nft_meta_keys {
 	NFT_META_LEN,
@@ -604,6 +605,7 @@ enum nft_meta_keys {
 	NFT_META_CPU,
 	NFT_META_IIFGROUP,
 	NFT_META_OIFGROUP,
+	NFT_META_CGROUP,
 };
 
 /**
@@ -774,7 +776,7 @@ enum nft_reject_inet_code {
 	NFT_REJECT_ICMPX_ADMIN_PROHIBITED,
 	__NFT_REJECT_ICMPX_MAX
 };
-#define NFT_REJECT_ICMPX_MAX	(__NFT_REJECT_ICMPX_MAX + 1)
+#define NFT_REJECT_ICMPX_MAX	(__NFT_REJECT_ICMPX_MAX - 1)
 
 /**
  * enum nft_reject_attributes - nf_tables reject expression netlink attributes
author	Ana Rey <anarey@gmail.com>	2014-11-03 18:10:49 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2014-11-10 18:03:52 +0100
commit	1d4a4808bb967532a30230f1957236586ab6f2b6 (patch)
tree	de0db67905fb34f599e4d3ead4fe1ff73e18a1fa /include/linux
parent	d69d742abcd7358b67036053ed1e441f5150c333 (diff)