Home

netcls

Net_cls is a Linux kernel cgroup controller that enables network traffic classification by assigning a 32-bit class identifier to all packets generated by processes within a cgroup. The classid can then be used by traffic control (tc) to apply quality-of-service (QoS) policies to the categorized traffic, independent of IP addresses or ports.

How it works: Each cgroup under the net_cls controller exposes a net_cls.classid attribute. Writing a value to

Configuration and workflow: To use net_cls, create or assign processes to a cgroup that has a nonzero

Typical use cases: Net_cls is commonly employed to implement QoS or bandwidth management across multiple services

Limitations and scope: net_cls is primarily associated with the legacy cgroup (v1) hierarchy; in many distributions

this
attribute
tags
all
outgoing
packets
from
processes
in
that
cgroup
with
the
specified
classid.
tc
can
then
use
classful
qdiscs
and
filters
to
route
or
shape
traffic
based
on
the
classid,
allowing
different
queues
or
policies
to
be
applied
to
different
groups
of
processes.
classid,
and
configure
the
relevant
network
interface
with
tc
to
recognize
that
classid.
Typical
workflow
involves
creating
a
cgroup,
setting
net_cls.classid,
and
attaching
tc
filters
to
map
the
classid
to
a
particular
qdisc
class
or
queue.
This
enables
per-service
or
per-user
QoS
on
a
single
host.
or
tenants
on
a
shared
system.
It
is
useful
for
ensuring
critical
applications
receive
preferential
treatment
or
for
isolating
the
network
behavior
of
different
components
in
containerized
or
multi-tenant
environments.
and
kernel
configurations,
support
in
cgroup
v2
is
limited
or
implemented
differently.
Effective
use
requires
appropriate
privileges,
proper
tc
configuration,
and
mechanisms
to
ensure
processes
reside
in
the
intended
cgroups.
It
is
not
a
one-size
solution
and
may
interact
with
other
classifiers
and
network
controls
in
complex
environments.