tc filter ... cgroup [ match EMATCH_TREE ] [ action ACTION_SPEC ]
This filter serves as a hint to tc that the assigned class ID of the
net_cls control group the process the packet originates from belongs to
should be used for classification. Obviously, it is useful for locally
generated packets only.
Apply an action from the generic actions framework on matching
Match packets using the extended match infrastructure. See tc-
ematch(8) for a detailed description of the allowed syntax in
In order to use this filter, a net_cls control group has to be created
first and class as well as process ID(s) assigned to it. The following
creates a net_cls cgroup named "foobar":
mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls
To assign a class ID to the created cgroup, a file named net_cls.clas-
sid has to be created which contains the class ID to be assigned as a
hexadecimal, 64bit wide number. The upper 32bits are reserved for the
major handle, the remaining hold the minor. So a class ID of e.g.
ff:be has to be written like so: 0xff00be (leading zeroes may be omit-
ted). To continue the above example, the following assigns class ID 1:2
to foobar cgroup:
echo 0x10002 > /sys/fs/cgroup/net_cls/foobar/net_cls.classid
Finally some PIDs can be assigned to the given cgroup:
echo 1234 > /sys/fs/cgroup/net_cls/foobar/tasks
echo 5678 > /sys/fs/cgroup/net_cls/foobar/tasks
Now by simply attaching a cgroup filter to a qdisc makes packets from
PIDs 1234 and 5678 be pushed into class 1:2.
the file Documentation/cgroups/net_cls.txt of the Linux kernel tree
iproute2 21 Oct 2015 Cgroup classifier in tc(8)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2019
All Rights Reserved.