blob: 2bea7d4af24882acecd2c56acb3677e9a16985d3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
.TH "Cgroup classifier in tc" 8 " 21 Oct 2015" "iproute2" "Linux"
.SH NAME
cgroup \- control group based traffic control filter
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " " filter " ... " cgroup " [ " match
.IR EMATCH_TREE " ] [ "
.B action
.IR ACTION_SPEC " ]"
.SH DESCRIPTION
This filter serves as a hint to
.B tc
that the assigned class ID of the net_cls control group the process the packet
originates from belongs to should be used for classification. Obviously, it is
useful for locally generated packets only.
.SH OPTIONS
.TP
.BI action " ACTION_SPEC"
Apply an action from the generic actions framework on matching packets.
.TP
.BI match " EMATCH_TREE"
Match packets using the extended match infrastructure. See
.BR tc-ematch (8)
for a detailed description of the allowed syntax in
.IR EMATCH_TREE .
.SH EXAMPLES
In order to use this filter, a net_cls control group has to be created first and
class as well as process ID(s) assigned to it. The following creates a net_cls
cgroup named "foobar":
.RS
.EX
modprobe cls_cgroup
mkdir /sys/fs/cgroup/net_cls
mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls
mkdir /sys/fs/cgroup/net_cls/foobar
.EE
.RE
To assign a class ID to the created cgroup, a file named
.I net_cls.classid
has to be created which contains the class ID to be assigned as a hexadecimal,
64bit wide number. The upper 32bits are reserved for the major handle, the
remaining hold the minor. So a class ID of e.g.
.B ff:be
has to be written like so:
.B 0xff00be
(leading zeroes may be omitted). To continue the above example, the following
assigns class ID 1:2 to foobar cgroup:
.RS
.EX
echo 0x10002 > /sys/fs/cgroup/net_cls/foobar/net_cls.classid
.EE
.RE
Finally some PIDs can be assigned to the given cgroup:
.RS
.EX
echo 1234 > /sys/fs/cgroup/net_cls/foobar/tasks
echo 5678 > /sys/fs/cgroup/net_cls/foobar/tasks
.EE
.RE
Now by simply attaching a
.B cgroup
filter to a
.B qdisc
makes packets from PIDs 1234 and 5678 be pushed into class 1:2.
.SH SEE ALSO
.BR tc (8),
.BR tc-ematch (8),
.br
the file
.I Documentation/cgroups/net_cls.txt
of the Linux kernel tree
|