Rooster

Asked: 2014-05-30 09:35:04 +0800 CST2014-05-30 09:35:04 +0800 CST 2014-05-30 09:35:04 +0800 CST

Trouble using net_cls control group in tandem with tc for packet filtering

I'm having some trouble limiting network bandwidth using the net_cls control group in conjunction with the linux traffic controller (tc). I think I might just be confused about how I'm writing the filter rules. I figured the easiest way to manage users network bandwidth would be to use their uid as part of their net_cls control groups classid. So I set the following rule in my cgconfig file (and keep rebooting the machine). I also have the proper setup in my cgrules.conf as any limits I impose on other controllers(like memory) are reflected properly.

So say I have a uid of 5004,

group cgroup_demo_cg {

    net_cls {
        net_cls.classid=0x00105004;
#or should it be the hex equivalent of 5004 ?
        #net_cls.classid=0x0010138c;
    }
}

So either way, the next step should be to add some tc stuff. THe handle is 10 either way so, first create the qdisk:

tc qdisc add dev eth0 root handle 10: htb

then set the class rule:

tc class add dev eth0 parent 10: classid 10:5004 htb rate 4kbit
#or if I had to use the hex value
tc class add dev eth0 parent 10: classid 10:138c htb rate 4kbit

then lastly apply a filter which I think should be the same whether I use the hex value or uid value(5004):

tc filter add dev eth0 parent 10: protocol ip prio 10 handle 1: cgroup

So after I set that up, I expect any network traffic from the user in that cgroup to have its network bandwidth limited by the tc accordingly, however it doesn't appear to be.

If I log in as the user, and set up an ssh session to another one of my machines, and then do a top command(which should send/receive a steady stream of some data), then run the command:

tc -s qdisc ls

I see:

qdisc htb 10: dev eth0 root refcnt 2 r2q 10 default 0 direct_packets_stat 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc pfifo_fast 0: dev eth1 root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 1364212 bytes 6045 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0

Which shows me that nothing was ever added to my qdisk? :(

Any one have any ideas what I'm doing wrong here?

Cheers!

Trouble using net_cls control group in tandem with tc for packet filtering

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Trouble using net_cls control group in tandem with tc for packet filtering

0 Answers