This repository was archived by the owner on Apr 20, 2021. It is now read-only.
per systemd service traffic control #9
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add methods to configure per systemd service traffic control. It could use the net_cls cgroup and the tc-cgroup classifier.
systemd.resource-control(5) used to have a parameter "NetClass", added in v227, 2015-10-07 but it is removed in v229 because this cgroup parameter will not be in unified cgroup hierarchy and systemd wants to go towards that. So tcd would need to write in the cgroup file itself on cgroup-v1, or use something around xt_cgroup (see the thread on "xt_cgroup cgroup2 path match")
Making this work on ingress traffic is not easy, since the ingress qdisc is performed sooner in the Linux network stack than the socket lookup. It requires using the iptables' conntrack --save-mark/--restore-mark options and the tc connmark action.
The text was updated successfully, but these errors were encountered: