Cgroup classifier in tc(8) Linux Cgroup classifier in tc(8)
NAME
cgroup - control group based traffic control filter
SYNOPSIS
tc filter ... cgroup [ match EMATCH_TREE ] [ action ACTION_SPEC ]
DESCRIPTION
This filter serves as a hint to tc that the assigned class ID of the
net_cls control group the process the packet originates from belongs to
should be used for classification. Obviously, it is useful for locally
generated packets only.
OPTIONS
action ACTION_SPEC
Apply an action from the generic actions framework on matching
packets.
match EMATCH_TREE
Match packets using the extended match infrastructure. See tc-
ematch(8) for a detailed description of the allowed syntax in
EMATCH_TREE.
EXAMPLES
In order to use this filter, a net_cls control group has to be created
first and class as well as process ID(s) assigned to it. The following
creates a net_cls cgroup named "foobar":
modprobe cls_cgroup
mkdir /sys/fs/cgroup/net_cls
mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls
mkdir /sys/fs/cgroup/net_cls/foobar
To assign a class ID to the created cgroup, a file named net_cls.clas-
sid has to be created which contains the class ID to be assigned as a
hexadecimal, 64bit wide number. The upper 32bits are reserved for the
major handle, the remaining hold the minor. So a class ID of e.g.
ff:be has to be written like so: 0xff00be (leading zeroes may be omit-
ted). To continue the above example, the following assigns class ID 1:2
to foobar cgroup:
echo 0x10002 > /sys/fs/cgroup/net_cls/foobar/net_cls.classid
Finally some PIDs can be assigned to the given cgroup:
echo 1234 > /sys/fs/cgroup/net_cls/foobar/tasks
echo 5678 > /sys/fs/cgroup/net_cls/foobar/tasks
Now by simply attaching a cgroup filter to a qdisc makes packets from
PIDs 1234 and 5678 be pushed into class 1:2.
SEE ALSO
tc(8), tc-ematch(8),
the file Documentation/cgroups/net_cls.txt of the Linux kernel tree
iproute2 21 Oct 2015 Cgroup classifier in tc(8)
Linux-Distributionen
Huschi als Linux-Admin