0001 =========================
0002 Network classifier cgroup
0003 =========================
0004
0005 The Network classifier cgroup provides an interface to
0006 tag network packets with a class identifier (classid).
0007
0008 The Traffic Controller (tc) can be used to assign
0009 different priorities to packets from different cgroups.
0010 Also, Netfilter (iptables) can use this tag to perform
0011 actions on such packets.
0012
0013 Creating a net_cls cgroups instance creates a net_cls.classid file.
0014 This net_cls.classid value is initialized to 0.
0015
0016 You can write hexadecimal values to net_cls.classid; the format for these
0017 values is 0xAAAABBBB; AAAA is the major handle number and BBBB
0018 is the minor handle number.
0019 Reading net_cls.classid yields a decimal result.
0020
0021 Example::
0022
0023 mkdir /sys/fs/cgroup/net_cls
0024 mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls
0025 mkdir /sys/fs/cgroup/net_cls/0
0026 echo 0x100001 > /sys/fs/cgroup/net_cls/0/net_cls.classid
0027
0028 - setting a 10:1 handle::
0029
0030 cat /sys/fs/cgroup/net_cls/0/net_cls.classid
0031 1048577
0032
0033 - configuring tc::
0034
0035 tc qdisc add dev eth0 root handle 10: htb
0036 tc class add dev eth0 parent 10: classid 10:1 htb rate 40mbit
0037
0038 - creating traffic class 10:1::
0039
0040 tc filter add dev eth0 parent 10: protocol ip prio 10 handle 1: cgroup
0041
0042 configuring iptables, basic example::
0043
0044 iptables -A OUTPUT -m cgroup ! --cgroup 0x100001 -j DROP
