Linux cli command tc-cgroup

➡ A Linux man page (short for manual page) is a form of software documentation found on Linux and Unix-like operating systems. This man-page explains the command tc-cgroup and provides detailed information about the command tc-cgroup, system calls, library functions, and other aspects of the system, including usage, options, and examples of _. You can access this man page by typing man followed by the tc-cgroup.

  2 minute read  

NAME 🖥️ tc-cgroup 🖥️

control group based traffic control filter

SYNOPSIS

tc filtercgroup [ match EMATCH_TREE ] [ action ACTION_SPEC ]

DESCRIPTION

This filter serves as a hint to tc that the assigned class ID of the net_cls control group the process the packet originates from belongs to should be used for classification. Obviously, it is useful for locally generated packets only.

OPTIONS

action* ACTION_SPEC*
Apply an action from the generic actions framework on matching packets.

match* EMATCH_TREE*
Match packets using the extended match infrastructure. See tc-ematch(8) for a detailed description of the allowed syntax in EMATCH_TREE.

EXAMPLES

In order to use this filter, a net_cls control group has to be created first and class as well as process ID(s) assigned to it. The following creates a net_cls cgroup named “foobar”:

modprobe cls_cgroup mkdir /sys/fs/cgroup/net_cls mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls mkdir /sys/fs/cgroup/net_cls/foobar

To assign a class ID to the created cgroup, a file named net_cls.classid has to be created which contains the class ID to be assigned as a hexadecimal, 64bit wide number. The upper 32bits are reserved for the major handle, the remaining hold the minor. So a class ID of e.g. ff:be has to be written like so: 0xff00be (leading zeroes may be omitted). To continue the above example, the following assigns class ID 1:2 to foobar cgroup:

echo 0x10002 > /sys/fs/cgroup/net_cls/foobar/net_cls.classid

Finally some PIDs can be assigned to the given cgroup:

echo 1234 > /sys/fs/cgroup/net_cls/foobar/tasks echo 5678 > /sys/fs/cgroup/net_cls/foobar/tasks

Now by simply attaching a cgroup filter to a qdisc makes packets from PIDs 1234 and 5678 be pushed into class 1:2.

SEE ALSO

tc(8), tc-ematch(8),
the file Documentation/cgroups/net_cls.txt of the Linux kernel tree

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░