|
NAME | SYNOPSIS | DESCRIPTION | ALGORITHM | PARAMETERS | SEE ALSO | AUTHORS | COLOPHON |
SKBPRIO(8) Linux SKBPRIO(8)
skbprio - SKB Priority Queue
tc qdisc ... add skbprio [ limit packets ]
SKB Priority Queue is a queueing discipline intended to prioritize
the most important packets during a denial-of-service ( DoS ) attack.
The priority of a packet is given by skb->priority , where a higher
value places the packet closer to the exit of the queue. When the
queue is full, the lowest priority packet in the queue is dropped to
make room for the packet to be added if it has higher priority. If
the packet to be added has lower priority than all packets in the
queue, it is dropped.
Without SKB priority queue, queue length limits must be imposed on
individual sub-queues, and there is no straightforward way to enforce
a global queue length limit across all priorities. SKBprio queue
enforces a global queue length limit while not restricting the
lengths of individual sub-queues.
While SKB Priority Queue is agnostic to how skb->priority is
assigned. A typical use case is to copy the 6-bit DS field of IPv4
and IPv6 packets using tc-skbedit(8). If skb->priority is greater or
equal to 64, the priority is assumed to be 63. Priorities less than
64 are taken at face value.
SKB Priority Queue enables routers to locally decide which packets to
drop under a DoS attack. Priorities should be assigned to packets
such that the higher the priority, the more expected behavior a
source shows. So sources have an incentive to play by the rules.
Skbprio maintains 64 lists (priorities go from 0 to 63). When a
packet is enqueued, it gets inserted at the tail of its priority
list. When a packet needs to be sent out to the network, it is taken
from the head of the highest priority list. When the queue is full,
the packet at the tail of the lowest priority list is dropped to
serve the ingress packet - if it is of higher priority, otherwise the
ingress packet is dropped. This algorithm allocates as much bandwidth
as possible to high priority packets, while only servicing low
priority packets when there is enough bandwidth.
limit Maximum queue size specified in packets. It defaults to 64.
The range for this parameter is [0, UINT32_MAX].
tc-prio(8), tc-skbedit(8)
Nishanth Devarajan <devarajn@uci.edu>, Michel Machado
<michel@digirati.com.br>
This manpage maintained by Bert Hubert <ahu@ds9a.nl>
This page is part of the iproute2 (utilities for controlling TCP/IP
networking and traffic) project. Information about the project can
be found at
⟨http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2⟩.
If you have a bug report for this manual page, send it to
netdev@vger.kernel.org, shemminger@osdl.org. This page was obtained
from the project's upstream Git repository
⟨https://git.kernel.org/pub/scm/network/iproute2/iproute2.git⟩ on
2020-08-13. (At that time, the date of the most recent commit that
was found in the repository was 2020-06-24.) If you discover any
rendering problems in this HTML version of the page, or you believe
there is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
iproute2 13 August 2018 SKBPRIO(8)