Hello Daniel,
I have a question regarding xt_cgroup, again )
I'm interesting why did you add check for none zero id into
cgroup_mt_check. With it, it's impossible
to introduce some rules, like -m cgroup ! --cgroup 0. It could be useful
for end user, for example, to block
all processes which was under cgroups, but not whole traffic.
Of course it could be made by ROOT_CGROUP with none 0 classid, which
will contain all processes in the system.
But, I think, in this case OS will be faced with little overhead to mark
every packet.
--
Best regards,
Alexey Perevalov
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
