.TH SKBPRIO 8 "13 August 2018" "iproute2" "Linux"

.SH NAME

skbprio \- SKB Priority Queue

.SH SYNOPSIS

.B tc qdisc ... add skbprio

.B [ limit

packets

.B ]

.SH DESCRIPTION

SKB Priority Queue is a queueing discipline intended to prioritize

the most important packets during a denial-of-service (

.B DoS

) attack. The priority of a packet is given by

.B skb->priority

, where a higher value places the packet closer to the exit of the queue. When

the queue is full, the lowest priority packet in the queue is dropped to make

room for the packet to be added if it has higher priority. If the packet to be

added has lower priority than all packets in the queue, it is dropped.

Without SKB priority queue, queue length limits must be imposed

on individual sub-queues, and there is no straightforward way to enforce

a global queue length limit across all priorities. SKBprio queue enforces

a global queue length limit while not restricting the lengths of

individual sub-queues.

While SKB Priority Queue is agnostic to how

.B skb->priority

is assigned. A typical use case is to copy

the 6-bit DS field of IPv4 and IPv6 packets using

.BR tc-skbedit (8).

If

.B skb->priority

is greater or equal to 64, the priority is assumed to be 63.

Priorities less than 64 are taken at face value.

SKB Priority Queue enables routers to locally decide which

packets to drop under a DoS attack.

Priorities should be assigned to packets such that the higher the priority,

the more expected behavior a source shows.

So sources have an incentive to play by the rules.

.SH ALGORITHM

Skbprio maintains 64 lists (priorities go from 0 to 63).

When a packet is enqueued, it gets inserted at the

.B tail

of its priority list. When a packet needs to be sent out to the network, it is

taken from the head of the highest priority list. When the queue is full,

the packet at the tail of the lowest priority list is dropped to serve the

ingress packet - if it is of higher priority, otherwise the ingress packet is

dropped. This algorithm allocates as much bandwidth as possible to high

priority packets, while only servicing low priority packets when

there is enough bandwidth.

.SH PARAMETERS

.TP

limit

Maximum queue size specified in packets. It defaults to 64.

The range for this parameter is [0, UINT32_MAX].

.SH SEE ALSO

.BR tc-prio (8),

.BR tc-skbedit (8)

.SH AUTHORS

Nishanth Devarajan <devarajn@uci.edu>, Michel Machado <michel@digirati.com.br>

This manpage maintained by Bert Hubert <ahu@ds9a.nl>