| Rami Rosen | 077f02f | 2013-04-08 04:04:20 +0000 | [diff] [blame] | 1 | Network classifier cgroup |
| 2 | ------------------------- |
| 3 | |
| 4 | The Network classifier cgroup provides an interface to |
| 5 | tag network packets with a class identifier (classid). |
| 6 | |
| 7 | The Traffic Controller (tc) can be used to assign |
| 8 | different priorities to packets from different cgroups. |
| Daniel Borkmann | 82a3713 | 2013-12-29 18:27:12 +0100 | [diff] [blame] | 9 | Also, Netfilter (iptables) can use this tag to perform |
| 10 | actions on such packets. |
| Rami Rosen | 077f02f | 2013-04-08 04:04:20 +0000 | [diff] [blame] | 11 | |
| 12 | Creating a net_cls cgroups instance creates a net_cls.classid file. |
| 13 | This net_cls.classid value is initialized to 0. |
| 14 | |
| 15 | You can write hexadecimal values to net_cls.classid; the format for these |
| 16 | values is 0xAAAABBBB; AAAA is the major handle number and BBBB |
| 17 | is the minor handle number. |
| 18 | Reading net_cls.classid yields a decimal result. |
| 19 | |
| 20 | Example: |
| 21 | mkdir /sys/fs/cgroup/net_cls |
| 22 | mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls |
| 23 | mkdir /sys/fs/cgroup/net_cls/0 |
| 24 | echo 0x100001 > /sys/fs/cgroup/net_cls/0/net_cls.classid |
| 25 | - setting a 10:1 handle. |
| 26 | |
| 27 | cat /sys/fs/cgroup/net_cls/0/net_cls.classid |
| 28 | 1048577 |
| 29 | |
| 30 | configuring tc: |
| 31 | tc qdisc add dev eth0 root handle 10: htb |
| 32 | |
| 33 | tc class add dev eth0 parent 10: classid 10:1 htb rate 40mbit |
| 34 | - creating traffic class 10:1 |
| 35 | |
| 36 | tc filter add dev eth0 parent 10: protocol ip prio 10 handle 1: cgroup |
| Daniel Borkmann | 82a3713 | 2013-12-29 18:27:12 +0100 | [diff] [blame] | 37 | |
| 38 | configuring iptables, basic example: |
| 39 | iptables -A OUTPUT -m cgroup ! --cgroup 0x100001 -j DROP |