| Phil Sutter | 5774f09 | 2015-10-23 19:47:09 +0200 | [diff] [blame] | 1 | .TH "Cgroup classifier in tc" 8 " 21 Oct 2015" "iproute2" "Linux" |
| 2 | |
| 3 | .SH NAME |
| 4 | cgroup \- control group based traffic control filter |
| 5 | .SH SYNOPSIS |
| 6 | .in +8 |
| 7 | .ti -8 |
| 8 | .BR tc " " filter " ... " cgroup " [ " match |
| 9 | .IR EMATCH_TREE " ] [ " |
| 10 | .B action |
| 11 | .IR ACTION_SPEC " ]" |
| 12 | .SH DESCRIPTION |
| 13 | This filter serves as a hint to |
| 14 | .B tc |
| 15 | that the assigned class ID of the net_cls control group the process the packet |
| 16 | originates from belongs to should be used for classification. Obviously, it is |
| 17 | useful for locally generated packets only. |
| 18 | .SH OPTIONS |
| 19 | .TP |
| 20 | .BI action " ACTION_SPEC" |
| 21 | Apply an action from the generic actions framework on matching packets. |
| 22 | .TP |
| 23 | .BI match " EMATCH_TREE" |
| 24 | Match packets using the extended match infrastructure. See |
| 25 | .BR tc-ematch (8) |
| 26 | for a detailed description of the allowed syntax in |
| 27 | .IR EMATCH_TREE . |
| 28 | .SH EXAMPLES |
| 29 | In order to use this filter, a net_cls control group has to be created first and |
| 30 | class as well as process ID(s) assigned to it. The following creates a net_cls |
| 31 | cgroup named "foobar": |
| 32 | |
| 33 | .RS |
| 34 | .EX |
| 35 | modprobe cls_cgroup |
| 36 | mkdir /sys/fs/cgroup/net_cls |
| 37 | mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls |
| 38 | mkdir /sys/fs/cgroup/net_cls/foobar |
| 39 | .EE |
| 40 | .RE |
| 41 | |
| 42 | To assign a class ID to the created cgroup, a file named |
| 43 | .I net_cls.classid |
| 44 | has to be created which contains the class ID to be assigned as a hexadecimal, |
| 45 | 64bit wide number. The upper 32bits are reserved for the major handle, the |
| 46 | remaining hold the minor. So a class ID of e.g. |
| 47 | .B ff:be |
| 48 | has to be written like so: |
| 49 | .B 0xff00be |
| 50 | (leading zeroes may be omitted). To continue the above example, the following |
| 51 | assigns class ID 1:2 to foobar cgroup: |
| 52 | |
| 53 | .RS |
| 54 | .EX |
| 55 | echo 0x10002 > /sys/fs/cgroup/net_cls/foobar/net_cls.classid |
| 56 | .EE |
| 57 | .RE |
| 58 | |
| 59 | Finally some PIDs can be assigned to the given cgroup: |
| 60 | |
| 61 | .RS |
| 62 | .EX |
| 63 | echo 1234 > /sys/fs/cgroup/net_cls/foobar/tasks |
| 64 | echo 5678 > /sys/fs/cgroup/net_cls/foobar/tasks |
| 65 | .EE |
| 66 | .RE |
| 67 | |
| 68 | Now by simply attaching a |
| 69 | .B cgroup |
| 70 | filter to a |
| 71 | .B qdisc |
| 72 | makes packets from PIDs 1234 and 5678 be pushed into class 1:2. |
| 73 | |
| 74 | .SH SEE ALSO |
| 75 | .BR tc (8), |
| 76 | .BR tc-ematch (8), |
| 77 | .br |
| 78 | the file |
| 79 | .I Documentation/cgroups/net_cls.txt |
| 80 | of the Linux kernel tree |