Re: cgroup filter on physics interface can't control container

hello guys, I said before "we can save sk_classid before skb_scrub_packet and restore it after that" since skb->sk had been freed in skb_scrub_packet(), so it is not reasonable. yes? I have another idea. commit:f84517253(cls_cgroup: Store classid in struct sock) introduces sk_classid and put it

Re: cgroup filter on physics interface can't control container

ping... On 2013/12/9 10:32, Libo Chen wrote: > hello network hackers, > > A linux container was builded with veth pair(veth0 inside container, > veth1 outside container), > > the config as below: > > lxc.network.type = veth > lxc.network.flags = up > lxc.network.link = br0 // base