diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-04-21 01:26:46 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-05-03 00:18:04 +0200 |
| commit | 38228087252c1d5da9dc88a09d3539e9882d808e (patch) | |
| tree | 71e975e946db1b3b1421cf52df3e8bedac941aef /include | |
| parent | 80440b227b0013eb5c0eae8ceb3af2fbba267619 (diff) | |
src: add cgroupsv2 support
Add support for matching on the cgroups version 2.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/datatype.h | 3 | ||||
| -rw-r--r-- | include/expression.h | 1 | ||||
| -rw-r--r-- | include/linux/netfilter/nf_tables.h | 2 | ||||
| -rw-r--r-- | include/socket.h | 2 |
4 files changed, 7 insertions, 1 deletions
diff --git a/include/datatype.h b/include/datatype.h index a16f8f2b..448be57f 100644 --- a/include/datatype.h +++ b/include/datatype.h @@ -48,6 +48,7 @@ * @TYPE_TIME_DATA Date type (integer subtype) * @TYPE_TIME_HOUR Hour type (integer subtype) * @TYPE_TIME_DAY Day type (integer subtype) + * @TYPE_CGROUPV2 cgroups v2 (integer subtype) */ enum datatypes { TYPE_INVALID, @@ -96,6 +97,7 @@ enum datatypes { TYPE_TIME_DATE, TYPE_TIME_HOUR, TYPE_TIME_DAY, + TYPE_CGROUPV2, __TYPE_MAX }; #define TYPE_MAX (__TYPE_MAX - 1) @@ -271,6 +273,7 @@ extern const struct datatype time_type; extern const struct datatype boolean_type; extern const struct datatype priority_type; extern const struct datatype policy_type; +extern const struct datatype cgroupv2_type; void inet_service_type_print(const struct expr *expr, struct output_ctx *octx); diff --git a/include/expression.h b/include/expression.h index 2d07f3d9..7e626c48 100644 --- a/include/expression.h +++ b/include/expression.h @@ -325,6 +325,7 @@ struct expr { struct { /* SOCKET */ enum nft_socket_keys key; + uint32_t level; } socket; struct { /* EXPR_RT */ diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index b1633e7b..8c85ef8e 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1014,6 +1014,7 @@ enum nft_socket_attributes { NFTA_SOCKET_UNSPEC, NFTA_SOCKET_KEY, NFTA_SOCKET_DREG, + NFTA_SOCKET_LEVEL, __NFTA_SOCKET_MAX }; #define NFTA_SOCKET_MAX (__NFTA_SOCKET_MAX - 1) @@ -1029,6 +1030,7 @@ enum nft_socket_keys { NFT_SOCKET_TRANSPARENT, NFT_SOCKET_MARK, NFT_SOCKET_WILDCARD, + NFT_SOCKET_CGROUPV2, __NFT_SOCKET_MAX }; #define NFT_SOCKET_MAX (__NFT_SOCKET_MAX - 1) diff --git a/include/socket.h b/include/socket.h index fbfddd11..79938ccf 100644 --- a/include/socket.h +++ b/include/socket.h @@ -19,6 +19,6 @@ struct socket_template { extern const struct socket_template socket_templates[]; extern struct expr *socket_expr_alloc(const struct location *loc, - enum nft_socket_keys key); + enum nft_socket_keys key, uint32_t level); #endif /* NFTABLES_SOCKET_H */ |