|
Packit |
d3f73b |
.TH SKBPRIO 8 "13 August 2018" "iproute2" "Linux"
|
|
Packit |
d3f73b |
.SH NAME
|
|
Packit |
d3f73b |
skbprio \- SKB Priority Queue
|
|
Packit |
d3f73b |
|
|
Packit |
d3f73b |
.SH SYNOPSIS
|
|
Packit |
d3f73b |
.B tc qdisc ... add skbprio
|
|
Packit |
d3f73b |
.B [ limit
|
|
Packit |
d3f73b |
packets
|
|
Packit |
d3f73b |
.B ]
|
|
Packit |
d3f73b |
|
|
Packit |
d3f73b |
.SH DESCRIPTION
|
|
Packit |
d3f73b |
SKB Priority Queue is a queueing discipline intended to prioritize
|
|
Packit |
d3f73b |
the most important packets during a denial-of-service (
|
|
Packit |
d3f73b |
.B DoS
|
|
Packit |
d3f73b |
) attack. The priority of a packet is given by
|
|
Packit |
d3f73b |
.B skb->priority
|
|
Packit |
d3f73b |
, where a higher value places the packet closer to the exit of the queue. When
|
|
Packit |
d3f73b |
the queue is full, the lowest priority packet in the queue is dropped to make
|
|
Packit |
d3f73b |
room for the packet to be added if it has higher priority. If the packet to be
|
|
Packit |
d3f73b |
added has lower priority than all packets in the queue, it is dropped.
|
|
Packit |
d3f73b |
|
|
Packit |
d3f73b |
Without SKB priority queue, queue length limits must be imposed
|
|
Packit |
d3f73b |
on individual sub-queues, and there is no straightforward way to enforce
|
|
Packit |
d3f73b |
a global queue length limit across all priorities. SKBprio queue enforces
|
|
Packit |
d3f73b |
a global queue length limit while not restricting the lengths of
|
|
Packit |
d3f73b |
individual sub-queues.
|
|
Packit |
d3f73b |
|
|
Packit |
d3f73b |
While SKB Priority Queue is agnostic to how
|
|
Packit |
d3f73b |
.B skb->priority
|
|
Packit |
d3f73b |
is assigned. A typical use case is to copy
|
|
Packit |
d3f73b |
the 6-bit DS field of IPv4 and IPv6 packets using
|
|
Packit |
d3f73b |
.BR tc-skbedit (8).
|
|
Packit |
d3f73b |
If
|
|
Packit |
d3f73b |
.B skb->priority
|
|
Packit |
d3f73b |
is greater or equal to 64, the priority is assumed to be 63.
|
|
Packit |
d3f73b |
Priorities less than 64 are taken at face value.
|
|
Packit |
d3f73b |
|
|
Packit |
d3f73b |
SKB Priority Queue enables routers to locally decide which
|
|
Packit |
d3f73b |
packets to drop under a DoS attack.
|
|
Packit |
d3f73b |
Priorities should be assigned to packets such that the higher the priority,
|
|
Packit |
d3f73b |
the more expected behavior a source shows.
|
|
Packit |
d3f73b |
So sources have an incentive to play by the rules.
|
|
Packit |
d3f73b |
|
|
Packit |
d3f73b |
.SH ALGORITHM
|
|
Packit |
d3f73b |
|
|
Packit |
d3f73b |
Skbprio maintains 64 lists (priorities go from 0 to 63).
|
|
Packit |
d3f73b |
When a packet is enqueued, it gets inserted at the
|
|
Packit |
d3f73b |
.B tail
|
|
Packit |
d3f73b |
of its priority list. When a packet needs to be sent out to the network, it is
|
|
Packit |
d3f73b |
taken from the head of the highest priority list. When the queue is full,
|
|
Packit |
d3f73b |
the packet at the tail of the lowest priority list is dropped to serve the
|
|
Packit |
d3f73b |
ingress packet - if it is of higher priority, otherwise the ingress packet is
|
|
Packit |
d3f73b |
dropped. This algorithm allocates as much bandwidth as possible to high
|
|
Packit |
d3f73b |
priority packets, while only servicing low priority packets when
|
|
Packit |
d3f73b |
there is enough bandwidth.
|
|
Packit |
d3f73b |
|
|
Packit |
d3f73b |
.SH PARAMETERS
|
|
Packit |
d3f73b |
.TP
|
|
Packit |
d3f73b |
limit
|
|
Packit |
d3f73b |
Maximum queue size specified in packets. It defaults to 64.
|
|
Packit |
d3f73b |
The range for this parameter is [0, UINT32_MAX].
|
|
Packit |
d3f73b |
|
|
Packit |
d3f73b |
.SH SEE ALSO
|
|
Packit |
d3f73b |
.BR tc-prio (8),
|
|
Packit |
d3f73b |
.BR tc-skbedit (8)
|
|
Packit |
d3f73b |
|
|
Packit |
d3f73b |
.SH AUTHORS
|
|
Packit |
d3f73b |
Nishanth Devarajan <devarajn@uci.edu>, Michel Machado <michel@digirati.com.br>
|
|
Packit |
d3f73b |
|
|
Packit |
d3f73b |
This manpage maintained by Bert Hubert <ahu@ds9a.nl>
|