summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter/nf_tables.h4
-rw-r--r--src/expr/meta.c3
2 files changed, 5 insertions, 2 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index bb21315..832bc46 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -579,6 +579,7 @@ enum nft_exthdr_attributes {
* @NFT_META_CPU: cpu id through smp_processor_id()
* @NFT_META_IIFGROUP: packet input interface group
* @NFT_META_OIFGROUP: packet output interface group
+ * @NFT_META_CGROUP: socket control group (skb->sk->sk_classid)
*/
enum nft_meta_keys {
NFT_META_LEN,
@@ -604,6 +605,7 @@ enum nft_meta_keys {
NFT_META_CPU,
NFT_META_IIFGROUP,
NFT_META_OIFGROUP,
+ NFT_META_CGROUP,
};
/**
@@ -774,7 +776,7 @@ enum nft_reject_inet_code {
NFT_REJECT_ICMPX_ADMIN_PROHIBITED,
__NFT_REJECT_ICMPX_MAX
};
-#define NFT_REJECT_ICMPX_MAX (__NFT_REJECT_ICMPX_MAX + 1)
+#define NFT_REJECT_ICMPX_MAX (__NFT_REJECT_ICMPX_MAX - 1)
/**
* enum nft_reject_attributes - nf_tables reject expression netlink attributes
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 5b5159f..59cb55b 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -23,7 +23,7 @@
#include "expr_ops.h"
#ifndef NFT_META_MAX
-#define NFT_META_MAX (NFT_META_OIFGROUP + 1)
+#define NFT_META_MAX (NFT_META_CGROUP + 1)
#endif
struct nft_expr_meta {
@@ -157,6 +157,7 @@ static const char *meta_key2str_array[NFT_META_MAX] = {
[NFT_META_CPU] = "cpu",
[NFT_META_IIFGROUP] = "iifgroup",
[NFT_META_OIFGROUP] = "oifgroup",
+ [NFT_META_CGROUP] = "cgroup",
};
static const char *meta_key2str(uint8_t key)