per systemd service traffic control

Add methods to configure per systemd service traffic control. It could use the [net_cls cgroup](http://lxr.free-electrons.com/source/Documentation/cgroups/net_cls.txt) and the [tc-cgroup classifier](http://man7.org/linux/man-pages/man8/tc-cgroup.8.html).

[systemd.resource-control(5)](https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html) used to have a parameter "NetClass", added in v227, 2015-10-07 but it is removed in v229 because this cgroup parameter will not be in unified cgroup hierarchy and systemd wants to go towards that. So tcd would need to write in the cgroup file itself on cgroup-v1, or use something around xt_cgroup (see [the thread on "xt_cgroup cgroup2 path match"](https://lkml.org/lkml/2016/2/11/786))

Making this work on ingress traffic is not easy, since the ingress qdisc is performed sooner in the [Linux network stack](https://en.wikipedia.org/wiki/Netfilter#/media/File:Netfilter-packet-flow.svg) than the socket lookup. It requires using the [iptables' conntrack --save-mark/--restore-mark options](https://wiki.archlinux.org/index.php/Advanced_traffic_control#Example_of_ingress_traffic_shaping_with_SNAT) and [the tc connmark action](https://lwn.net/Articles/629160/).


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

per systemd service traffic control #9

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

per systemd service traffic control #9

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions