netfilter: nft_meta: add cgroup support

This allows you to filter traffic by process control group (cgroup). Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Ana Rey <anarey@gmail.com> 2014-11-03 18:10:50 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2014-11-09 16:21:22 +0100
commit: ce674173e9f4ef7fd0dc04ea0773cdedfbf8e366 (patch)
tree: 1ab3456f0effd56be2fc2fb25d2a7b02e012a716 /net
parent: c5a589cc3034d035e8490216a45abd3a3b3cd85e (diff)
download: blackbird-op-linux-ce674173e9f4ef7fd0dc04ea0773cdedfbf8e366.tar.gz
blackbird-op-linux-ce674173e9f4ef7fd0dc04ea0773cdedfbf8e366.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 1e7c076ca63a..e99911eda915 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -165,6 +165,12 @@ void nft_meta_get_eval(const struct nft_expr *expr,
 			goto err;
 		dest->data[0] = out->group;
 		break;
+	case NFT_META_CGROUP:
+		if (skb->sk == NULL)
+			break;
+
+		dest->data[0] = skb->sk->sk_classid;
+		break;
 	default:
 		WARN_ON(1);
 		goto err;
@@ -240,6 +246,7 @@ int nft_meta_get_init(const struct nft_ctx *ctx,
 	case NFT_META_CPU:
 	case NFT_META_IIFGROUP:
 	case NFT_META_OIFGROUP:
+	case NFT_META_CGROUP:
 		break;
 	default:
 		return -EOPNOTSUPP;
author	Ana Rey <anarey@gmail.com>	2014-11-03 18:10:50 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2014-11-09 16:21:22 +0100
commit	ce674173e9f4ef7fd0dc04ea0773cdedfbf8e366 (patch)
tree	1ab3456f0effd56be2fc2fb25d2a7b02e012a716 /net
parent	c5a589cc3034d035e8490216a45abd3a3b3cd85e (diff)
download	blackbird-op-linux-ce674173e9f4ef7fd0dc04ea0773cdedfbf8e366.tar.gz blackbird-op-linux-ce674173e9f4ef7fd0dc04ea0773cdedfbf8e366.zip