Provided by: iproute2_4.15.0-2ubuntu1.3_amd64 bug


       cgroup - control group based traffic control filter


       tc filter ... cgroup [ match EMATCH_TREE ] [ action ACTION_SPEC ]


       This filter serves as a hint to tc that the assigned class ID of the net_cls control group
       the process the packet originates from belongs  to  should  be  used  for  classification.
       Obviously, it is useful for locally generated packets only.


       action ACTION_SPEC
              Apply an action from the generic actions framework on matching packets.

       match EMATCH_TREE
              Match  packets  using  the  extended  match  infrastructure. See tc-ematch(8) for a
              detailed description of the allowed syntax in EMATCH_TREE.


       In order to use this filter, a net_cls control group has to be created first and class  as
       well  as  process  ID(s)  assigned  to  it.  The  following creates a net_cls cgroup named

              modprobe cls_cgroup
              mkdir /sys/fs/cgroup/net_cls
              mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls
              mkdir /sys/fs/cgroup/net_cls/foobar

       To assign a class ID to the created cgroup, a file named net_cls.classid has to be created
       which  contains the class ID to be assigned as a hexadecimal, 64bit wide number. The upper
       32bits are reserved for the major handle, the remaining hold the minor. So a class  ID  of
       e.g.   ff:be  has  to  be  written  like  so: 0xff00be (leading zeroes may be omitted). To
       continue the above example, the following assigns class ID 1:2 to foobar cgroup:

              echo 0x10002 > /sys/fs/cgroup/net_cls/foobar/net_cls.classid

       Finally some PIDs can be assigned to the given cgroup:

              echo 1234 > /sys/fs/cgroup/net_cls/foobar/tasks
              echo 5678 > /sys/fs/cgroup/net_cls/foobar/tasks

       Now by simply attaching a cgroup filter to a qdisc makes packets from PIDs 1234  and  5678
       be pushed into class 1:2.


       tc(8), tc-ematch(8),
       the file Documentation/cgroups/net_cls.txt of the Linux kernel tree