summaryrefslogtreecommitdiff
path: root/net/netfilter/nft_socket.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/netfilter/nft_socket.c')
-rw-r--r--net/netfilter/nft_socket.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c
index 9c169d100651..d601974c9d2e 100644
--- a/net/netfilter/nft_socket.c
+++ b/net/netfilter/nft_socket.c
@@ -34,7 +34,7 @@ static void nft_socket_wildcard(const struct nft_pktinfo *pkt,
}
}
-#ifdef CONFIG_CGROUPS
+#ifdef CONFIG_SOCK_CGROUP_DATA
static noinline bool
nft_sock_get_eval_cgroupv2(u32 *dest, const struct nft_pktinfo *pkt, u32 level)
{
@@ -106,7 +106,7 @@ static void nft_socket_eval(const struct nft_expr *expr,
}
nft_socket_wildcard(pkt, regs, sk, dest);
break;
-#ifdef CONFIG_CGROUPS
+#ifdef CONFIG_SOCK_CGROUP_DATA
case NFT_SOCKET_CGROUPV2:
if (!nft_sock_get_eval_cgroupv2(dest, pkt, priv->level)) {
regs->verdict.code = NFT_BREAK;
@@ -134,7 +134,7 @@ static int nft_socket_init(const struct nft_ctx *ctx,
const struct nlattr * const tb[])
{
struct nft_socket *priv = nft_expr_priv(expr);
- unsigned int len, level;
+ unsigned int len;
if (!tb[NFTA_SOCKET_DREG] || !tb[NFTA_SOCKET_KEY])
return -EINVAL;
@@ -160,7 +160,9 @@ static int nft_socket_init(const struct nft_ctx *ctx,
len = sizeof(u32);
break;
#ifdef CONFIG_CGROUPS
- case NFT_SOCKET_CGROUPV2:
+ case NFT_SOCKET_CGROUPV2: {
+ unsigned int level;
+
if (!tb[NFTA_SOCKET_LEVEL])
return -EINVAL;
@@ -171,6 +173,7 @@ static int nft_socket_init(const struct nft_ctx *ctx,
priv->level = level;
len = sizeof(u64);
break;
+ }
#endif
default:
return -EOPNOTSUPP;
generated by cgit v1.2.3-70-g09d2 (git 2.51.1) at 2025-11-02 12:56:32 +0000