A very nice question! Thank you. Old one, but will help people in here
A. You can use cgroups with tc. I've never heard about that, but after googling found following:
net_cls — this subsystem tags network packets with a class identifier
(classid) that allows the Linux traffic controller ( tc) to identify
packets originating from a particular cgroup task.
According to this you should work with tc and get statistics from there (many tools available).
http://patchwork.ozlabs.org/patch/194809/
Contact Alexey, maybe he can help you with that :)
B. You can use SELinux and iptables for stats, but limit bandwith with cgroups - I do like this approach more - tc looks ugly for me in some cases and not optimal for integration.
SELinux has hooks for network and can assign additional data as label to each packet according to process labels, even able to transmit to another system and filter/log/get statistics, do everything you can with iptables by using SECMARK.
http://selinuxproject.org/page/NB_Networking
If you are not familiar with SELinux yet, I recommend you to read RedHat/Fedora guides "Security-Enhanced Linux" and "SELinux FAQ", additionally there are very nice explanation and guides, blog posts by Daniel J. Walsh (Dan Walsh) - google for it.
Also, very good (and better) starting point for newbies are following videos on YouTube, I'm sure you can handle it in about three hours to understand everything you need:
- SELinux for Everyone - Paul Wayper
- SELinux for Sysadmins - Paul Wayper
SELINUX IS EASY, DONT BE AFRAID