doc: Clarify cgroup meta variable

The documentation mentions control group id where the meaning is a class id associated to the cgroup of a socket. This used to be fine until there came cgroup v2 that use similar terminolgy (cgroup id) for very different thing -- a numeric identifier of a particular (v2) cgroup. This contemporary cgroup id isn't exposed by netfilter (v2 matching is based on paths externally). Fix the docs and decrease confusion by more precise description of the metavariable. [ Added comment in description to refer to socket cgroupv2 --pablo ] Signed-off-by: Michal Koutný <mkoutny@suse.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Michal Koutný <mkoutny@suse.com> 2025-06-30 16:15:26 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2025-07-03 14:23:12 +0200
commit: 2ff29969b1a60cade7e3968aeddf90fde511ab57 (patch)
tree: 0ca7e334a868b2019762be1311653eb40bbd6fe2 /doc
parent: 01acf253005ab89b9f2f94d2788644a54bed1c8f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index ea231fe5..2266724e 100644
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -117,7 +117,7 @@ devgroup
 outgoing device group|
 devgroup
 |cgroup|
-control group id |
+control group net_cls.classid (for matching on cgroupv2, see *socket cgroupv2*)|
 integer (32 bit)
 |random|
 pseudo-random number|
author	Michal Koutný <mkoutny@suse.com>	2025-06-30 16:15:26 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2025-07-03 14:23:12 +0200
commit	2ff29969b1a60cade7e3968aeddf90fde511ab57 (patch)
tree	0ca7e334a868b2019762be1311653eb40bbd6fe2 /doc
parent	01acf253005ab89b9f2f94d2788644a54bed1c8f (diff)