Cgroup classifier in tc(8) Linux Cgroup classifier in tc(8)
NAME
cgroup - control group based traffic control filter
SYNOPSIS
tc filter ... cgroup [ match EMATCH_TREE ] [ action ACTION_SPEC ]
DESCRIPTION
This filter serves as a hint to tc that the assigned class ID of the net_cls control group the process the
packet originates from belongs to should be used for classification. Obviously, it is useful for locally gen‐
erated packets only.
OPTIONS
action ACTION_SPEC
Apply an action from the generic actions framework on matching packets.
match EMATCH_TREE
Match packets using the extended match infrastructure. See tc-ematch(8) for a detailed description of
the allowed syntax in EMATCH_TREE.
EXAMPLES
In order to use this filter, a net_cls control group has to be created first and class as well as process
ID(s) assigned to it. The following creates a net_cls cgroup named "foobar":
modprobe cls_cgroup
mkdir /sys/fs/cgroup/net_cls
mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls
mkdir /sys/fs/cgroup/net_cls/foobar
To assign a class ID to the created cgroup, a file named net_cls.classid has to be created which contains the
class ID to be assigned as a hexadecimal, 64bit wide number. The upper 32bits are reserved for the major han‐
dle, the remaining hold the minor. So a class ID of e.g. ff:be has to be written like so: 0xff00be (leading
zeroes may be omitted). To continue the above example, the following assigns class ID 1:2 to foobar cgroup:
echo 0x10002 > /sys/fs/cgroup/net_cls/foobar/net_cls.classid
Finally some PIDs can be assigned to the given cgroup:
echo 1234 > /sys/fs/cgroup/net_cls/foobar/tasks
echo 5678 > /sys/fs/cgroup/net_cls/foobar/tasks
Now by simply attaching a cgroup filter to a qdisc makes packets from PIDs 1234 and 5678 be pushed into class
1:2.
SEE ALSO
tc(8), tc-ematch(8),
the file Documentation/cgroups/net_cls.txt of the Linux kernel tree
iproute2 21 Oct 2015 Cgroup classifier in tc(8)
Back to main site | Back to man page index