1Cgroup classifier in tc(8) Linux Cgroup classifier in tc(8)
2
6 cgroup - control group based traffic control filter
7
9 tc filter ... cgroup [ match EMATCH_TREE ] [ action ACTION_SPEC ]
10
12 This filter serves as a hint to tc that the assigned class ID of the
13 net_cls control group the process the packet originates from belongs to
14 should be used for classification. Obviously, it is useful for locally
15 generated packets only.
16
18 action ACTION_SPEC
19 Apply an action from the generic actions framework on matching
20 packets.
21 match EMATCH_TREE
23 Match packets using the extended match infrastructure. See tc-
24 ematch(8) for a detailed description of the allowed syntax in
25 EMATCH_TREE.
26
28 In order to use this filter, a net_cls control group has to be created
29 first and class as well as process ID(s) assigned to it. The following
30 creates a net_cls cgroup named "foobar":
31 modprobe cls_cgroup
33 mkdir /sys/fs/cgroup/net_cls
34 mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls
35 mkdir /sys/fs/cgroup/net_cls/foobar
36 To assign a class ID to the created cgroup, a file named net_cls.clas‐
38 sid has to be created which contains the class ID to be assigned as a
39 hexadecimal, 64bit wide number. The upper 32bits are reserved for the
40 major handle, the remaining hold the minor. So a class ID of e.g.
41 ff:be has to be written like so: 0xff00be (leading zeroes may be omit‐
42 ted). To continue the above example, the following assigns class ID 1:2
43 to foobar cgroup:
44 echo 0x10002 > /sys/fs/cgroup/net_cls/foobar/net_cls.classid
46 Finally some PIDs can be assigned to the given cgroup:
48 echo 1234 > /sys/fs/cgroup/net_cls/foobar/tasks
50 echo 5678 > /sys/fs/cgroup/net_cls/foobar/tasks
51 Now by simply attaching a cgroup filter to a qdisc makes packets from
53 PIDs 1234 and 5678 be pushed into class 1:2.
54
57 tc(8), tc-ematch(8),
58 the file Documentation/cgroups/net_cls.txt of the Linux kernel tree
59iproute2 21 Oct 2015 Cgroup classifier in tc(8)