summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_cgroup.c
Commit message (Collapse)AuthorAgeFilesLines
* extensions: libxt_cgroup: Add translation to nftLaura Garcia Liebana2016-06-141-0/+28
| | | | | | | | | | | | | | | | Add translation for cgroup to nft. Path parameter not supported in nft yet. Examples: $ sudo iptables-translate -t filter -A INPUT -m cgroup --cgroup 0 -j ACCEPT nft add rule ip filter INPUT meta cgroup 0 counter accept $ sudo iptables-translate -t filter -A INPUT -m cgroup ! --cgroup 0 -j ACCEPT nft add rule ip filter INPUT meta cgroup != 0 counter accept Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: fix cgroup2 help message in libxt_cgroup.c.Rami Rosen2016-01-251-1/+1
| | | | | | | This patch fixes a typo in the cgroup2 cgroup_help_v1() method in extensions\ibxt_cgroup.c. Signed-off-by: Rami Rosen <rami.rosen@intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxt_cgroup2: add support for cgroup2 path matchingTejun Heo2015-12-231-0/+86
| | | | | | | | | | | | | | | | | This patch updates xt_cgroup so that it supports revision 1 interface which includes cgroup2 path based matching. v3: Folded into xt_cgroup as a new revision interface as suggested by Pablo. v2: cgroup2_match->userspacesize and ->save and man page updated as per Jan. Signed-off-by: Tejun Heo <tj@kernel.org> Cc: Daniel Borkmann <dborkman@redhat.com> Cc: Jan Engelhardt <jengelh@inai.de> Cc: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxt_cgroup: prepare for multi revisionsTejun Heo2015-12-231-24/+27
| | | | | | | | | | | | libxt_cgroup will grow cgroup2 path based match. Postfix existing symbols with _v0 and prepare for multi revision registration. While at it, rename O_CGROUP to O_CLASSID and fwid to classid. Signed-off-by: Tejun Heo <tj@kernel.org> Cc: Daniel Borkmann <dborkman@redhat.com> Cc: Jan Engelhardt <jengelh@inai.de> Cc: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables: add libxt_cgroup frontendDaniel Borkmann2014-01-041-0/+67
This patch adds the user space extension/frontend for process matching based on cgroups from the kernel patch entitled "netfilter: xtables: lightweight process control group matching". Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>