|  | .TH SKBPRIO 8 "13 August 2018" "iproute2" "Linux" | 
|  | .SH NAME | 
|  | skbprio \- SKB Priority Queue | 
|  |  | 
|  | .SH SYNOPSIS | 
|  | .B tc qdisc ... add skbprio | 
|  | .B [ limit | 
|  | packets | 
|  | .B ] | 
|  |  | 
|  | .SH DESCRIPTION | 
|  | SKB Priority Queue is a queueing discipline intended to prioritize | 
|  | the most important packets during a denial-of-service ( | 
|  | .B DoS | 
|  | ) attack. The priority of a packet is given by | 
|  | .B skb->priority | 
|  | , where a higher value places the packet closer to the exit of the queue. When | 
|  | the queue is full, the lowest priority packet in the queue is dropped to make | 
|  | room for the packet to be added if it has higher priority. If the packet to be | 
|  | added has lower priority than all packets in the queue, it is dropped. | 
|  |  | 
|  | Without SKB priority queue, queue length limits must be imposed | 
|  | on individual sub-queues, and there is no straightforward way to enforce | 
|  | a global queue length limit across all priorities. SKBprio queue enforces | 
|  | a global queue length limit while not restricting the lengths of | 
|  | individual sub-queues. | 
|  |  | 
|  | While SKB Priority Queue is agnostic to how | 
|  | .B skb->priority | 
|  | is assigned. A typical use case is to copy | 
|  | the 6-bit DS field of IPv4 and IPv6 packets using | 
|  | .BR tc-skbedit (8). | 
|  | If | 
|  | .B skb->priority | 
|  | is greater or equal to 64, the priority is assumed to be 63. | 
|  | Priorities less than 64 are taken at face value. | 
|  |  | 
|  | SKB Priority Queue enables routers to locally decide which | 
|  | packets to drop under a DoS attack. | 
|  | Priorities should be assigned to packets such that the higher the priority, | 
|  | the more expected behavior a source shows. | 
|  | So sources have an incentive to play by the rules. | 
|  |  | 
|  | .SH ALGORITHM | 
|  |  | 
|  | Skbprio maintains 64 lists (priorities go from 0 to 63). | 
|  | When a packet is enqueued, it gets inserted at the | 
|  | .B tail | 
|  | of its priority list. When a packet needs to be sent out to the network, it is | 
|  | taken from the head of the highest priority list. When the queue is full, | 
|  | the packet at the tail of the lowest priority list is dropped to serve the | 
|  | ingress packet - if it is of higher priority, otherwise the ingress packet is | 
|  | dropped. This algorithm allocates as much bandwidth as possible to high | 
|  | priority packets, while only servicing low priority packets when | 
|  | there is enough bandwidth. | 
|  |  | 
|  | .SH PARAMETERS | 
|  | .TP | 
|  | limit | 
|  | Maximum queue size specified in packets. It defaults to 64. | 
|  | The range for this parameter is [0, UINT32_MAX]. | 
|  |  | 
|  | .SH SEE ALSO | 
|  | .BR tc-prio (8), | 
|  | .BR tc-skbedit (8) | 
|  |  | 
|  | .SH AUTHORS | 
|  | Nishanth Devarajan <devarajn@uci.edu>, Michel Machado <michel@digirati.com.br> | 
|  |  | 
|  | This manpage maintained by Bert Hubert <ahu@ds9a.nl> |