In kernel document doc/cgroup/net_cls.txt， it introduces the function of net_cls.classid, and show an example of netfilter (iptables) using this tag to perform actions. the command of iptables is:

iptables -A OUTPUT -m cgroup ! --cgroup 0x100001 -j DROP

but, I've got an error:

iptables v1.4.7: Couldn't load match `cgroup':/lib64/xtables/libipt_cgroup.so: cannot open shared object file: No such file or directory

Then, I began to search fo libipt_cgroup.so in the newest version of iptables-1.4.21, but I got noting.

So, I want to know the reason for it, and how to resolve it, thx!