man-pages/man8/tc-skbprio.8.html
2021-03-31 01:06:50 +01:00

124 lines
3.8 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of SKBPRIO</TITLE>
</HEAD><BODY>
<H1>SKBPRIO</H1>
Section: Linux (8)<BR>Updated: 13 August 2018<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
skbprio - SKB Priority Queue
<P>
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>tc qdisc ... add skbprio</B>
<B>[ limit</B>
packets
<B>]</B>
<P>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
SKB Priority Queue is a queueing discipline intended to prioritize
the most important packets during a denial-of-service (
<B>DoS</B>
) attack. The priority of a packet is given by
<B>skb-&gt;priority</B>
, where a higher value places the packet closer to the exit of the queue. When
the queue is full, the lowest priority packet in the queue is dropped to make
room for the packet to be added if it has higher priority. If the packet to be
added has lower priority than all packets in the queue, it is dropped.
<P>
Without SKB priority queue, queue length limits must be imposed
on individual sub-queues, and there is no straightforward way to enforce
a global queue length limit across all priorities. SKBprio queue enforces
a global queue length limit while not restricting the lengths of
individual sub-queues.
<P>
While SKB Priority Queue is agnostic to how
<B>skb-&gt;priority</B>
is assigned. A typical use case is to copy
the 6-bit DS field of IPv4 and IPv6 packets using
<B><A HREF="/cgi-bin/man/man2html?8+tc-skbedit">tc-skbedit</A></B>(8).
If
<B>skb-&gt;priority</B>
is greater or equal to 64, the priority is assumed to be 63.
Priorities less than 64 are taken at face value.
<P>
SKB Priority Queue enables routers to locally decide which
packets to drop under a DoS attack.
Priorities should be assigned to packets such that the higher the priority,
the more expected behavior a source shows.
So sources have an incentive to play by the rules.
<P>
<A NAME="lbAE">&nbsp;</A>
<H2>ALGORITHM</H2>
<P>
Skbprio maintains 64 lists (priorities go from 0 to 63).
When a packet is enqueued, it gets inserted at the
<B>tail</B>
of its priority list. When a packet needs to be sent out to the network, it is
taken from the head of the highest priority list. When the queue is full,
the packet at the tail of the lowest priority list is dropped to serve the
ingress packet - if it is of higher priority, otherwise the ingress packet is
dropped. This algorithm allocates as much bandwidth as possible to high
priority packets, while only servicing low priority packets when
there is enough bandwidth.
<P>
<A NAME="lbAF">&nbsp;</A>
<H2>PARAMETERS</H2>
<DL COMPACT>
<DT id="1">limit<DD>
Maximum queue size specified in packets. It defaults to 64.
The range for this parameter is [0, UINT32_MAX].
<P>
</DL>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<B><A HREF="/cgi-bin/man/man2html?8+tc-prio">tc-prio</A></B>(8),
<B><A HREF="/cgi-bin/man/man2html?8+tc-skbedit">tc-skbedit</A></B>(8)
<P>
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHORS</H2>
Nishanth Devarajan &lt;<A HREF="mailto:devarajn@uci.edu">devarajn@uci.edu</A>&gt;, Michel Machado &lt;<A HREF="mailto:michel@digirati.com.br">michel@digirati.com.br</A>&gt;
<P>
This manpage maintained by Bert Hubert &lt;<A HREF="mailto:ahu@ds9a.nl">ahu@ds9a.nl</A>&gt;
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="2"><A HREF="#lbAB">NAME</A><DD>
<DT id="3"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="4"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT id="5"><A HREF="#lbAE">ALGORITHM</A><DD>
<DT id="6"><A HREF="#lbAF">PARAMETERS</A><DD>
<DT id="7"><A HREF="#lbAG">SEE ALSO</A><DD>
<DT id="8"><A HREF="#lbAH">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:06:17 GMT, March 31, 2021
</BODY>
</HTML>