фильтр управления трафиком на основе группы управления (control group based traffic control filter)
Имя (Name)
cgroup - control group based traffic control filter
Синопсис (Synopsis)
tc filter ... cgroup [ match EMATCH_TREE ] [ action ACTION_SPEC ]
Описание (Description)
This filter serves as a hint to tc that the assigned class ID of
the net_cls control group the process the packet originates from
belongs to should be used for classification. Obviously, it is
useful for locally generated packets only.
Параметры (Options)
action ACTION_SPEC
Apply an action from the generic actions framework on
matching packets.
match EMATCH_TREE
Match packets using the extended match infrastructure. See
tc-ematch(8) for a detailed description of the allowed
syntax in EMATCH_TREE.
Примеры (Examples)
In order to use this filter, a net_cls control group has to be
created first and class as well as process ID(s) assigned to it.
The following creates a net_cls cgroup named "foobar":
modprobe cls_cgroup
mkdir /sys/fs/cgroup/net_cls
mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls
mkdir /sys/fs/cgroup/net_cls/foobar
To assign a class ID to the created cgroup, a file named
net_cls.classid has to be created which contains the class ID to
be assigned as a hexadecimal, 64bit wide number. The upper 32bits
are reserved for the major handle, the remaining hold the minor.
So a class ID of e.g. ff:be has to be written like so: 0xff00be
(leading zeroes may be omitted). To continue the above example,
the following assigns class ID 1:2 to foobar cgroup:
echo 0x10002 > /sys/fs/cgroup/net_cls/foobar/net_cls.classid
Finally some PIDs can be assigned to the given cgroup:
echo 1234 > /sys/fs/cgroup/net_cls/foobar/tasks
echo 5678 > /sys/fs/cgroup/net_cls/foobar/tasks
Now by simply attaching a cgroup filter to a qdisc makes packets
from PIDs 1234 and 5678 be pushed into class 1:2.
Смотри также (See also)
tc(8), tc-ematch(8),
the file Documentation/cgroups/net_cls.txt of the Linux kernel
tree
