On 01/06/2014 03:54 PM, Libo Chen wrote: > On 2014/1/3 13:20, Cong Wang wrote: >> On Thu, Jan 2, 2014 at 7:11 PM, Libo Chen <clbchenlibo.chen@xxxxxxxxxx> wrote: >>> Hi guys, >>> >>> Now, lxc created with veth can not be under control by >>> cls_cgroup. >>> >>> the former discussion: >>> http://lkml.indiana.edu/hypermail/linux/kernel/1312.1/00214.html >>> >>> In short, because cls_cgroup relys classid attached to sock >>> filter skb, but sock will be cleared inside dev_forward_skb() >>> in veth_xmit(). >> >> >> So what are you trying to achieve here? > > sys container using veth can be controlled by cls_cgroup basing on physic network interface > It's a problem about virtual nic, not container/net namespace. If veth device is running in host. the skb is transmitted firstly by veth device and then delivered by physical device. if you set both qdisc rule on veth and physical device. which qdisc rule will take effect? In your patch, both qdisc rule are effective. it looks strange. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
