From 5479cdfe6cede09f61a3bf890d55dab651669a13 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 18 Feb 2016 15:45:21 +0100 Subject: [PATCH] tc: add a man page for cgroup filter Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1286711 Upstream Status: iproute2.git commit 5774f09ee8c6d commit 5774f09ee8c6d36c34986bacea423b5b4dd1cb48 Author: Phil Sutter Date: Fri Oct 23 19:47:09 2015 +0200 tc: add a man page for cgroup filter Cc: Thomas Graf Signed-off-by: Phil Sutter --- man/man8/tc-cgroup.8 | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 man/man8/tc-cgroup.8 diff --git a/man/man8/tc-cgroup.8 b/man/man8/tc-cgroup.8 new file mode 100644 index 0000000..2bea7d4 --- /dev/null +++ b/man/man8/tc-cgroup.8 @@ -0,0 +1,80 @@ +.TH "Cgroup classifier in tc" 8 " 21 Oct 2015" "iproute2" "Linux" + +.SH NAME +cgroup \- control group based traffic control filter +.SH SYNOPSIS +.in +8 +.ti -8 +.BR tc " " filter " ... " cgroup " [ " match +.IR EMATCH_TREE " ] [ " +.B action +.IR ACTION_SPEC " ]" +.SH DESCRIPTION +This filter serves as a hint to +.B tc +that the assigned class ID of the net_cls control group the process the packet +originates from belongs to should be used for classification. Obviously, it is +useful for locally generated packets only. +.SH OPTIONS +.TP +.BI action " ACTION_SPEC" +Apply an action from the generic actions framework on matching packets. +.TP +.BI match " EMATCH_TREE" +Match packets using the extended match infrastructure. See +.BR tc-ematch (8) +for a detailed description of the allowed syntax in +.IR EMATCH_TREE . +.SH EXAMPLES +In order to use this filter, a net_cls control group has to be created first and +class as well as process ID(s) assigned to it. The following creates a net_cls +cgroup named "foobar": + +.RS +.EX +modprobe cls_cgroup +mkdir /sys/fs/cgroup/net_cls +mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls +mkdir /sys/fs/cgroup/net_cls/foobar +.EE +.RE + +To assign a class ID to the created cgroup, a file named +.I net_cls.classid +has to be created which contains the class ID to be assigned as a hexadecimal, +64bit wide number. The upper 32bits are reserved for the major handle, the +remaining hold the minor. So a class ID of e.g. +.B ff:be +has to be written like so: +.B 0xff00be +(leading zeroes may be omitted). To continue the above example, the following +assigns class ID 1:2 to foobar cgroup: + +.RS +.EX +echo 0x10002 > /sys/fs/cgroup/net_cls/foobar/net_cls.classid +.EE +.RE + +Finally some PIDs can be assigned to the given cgroup: + +.RS +.EX +echo 1234 > /sys/fs/cgroup/net_cls/foobar/tasks +echo 5678 > /sys/fs/cgroup/net_cls/foobar/tasks +.EE +.RE + +Now by simply attaching a +.B cgroup +filter to a +.B qdisc +makes packets from PIDs 1234 and 5678 be pushed into class 1:2. + +.SH SEE ALSO +.BR tc (8), +.BR tc-ematch (8), +.br +the file +.I Documentation/cgroups/net_cls.txt +of the Linux kernel tree -- 1.8.3.1