tc-skbprio(8) — Linux manual page


SKBPRIO(8)                          Linux                         SKBPRIO(8)

NAME         top

       skbprio - SKB Priority Queue

SYNOPSIS         top

       tc qdisc ... add skbprio [ limit packets ]

DESCRIPTION         top

       SKB Priority Queue is a queueing discipline intended to prioritize
       the most important packets during a denial-of-service ( DoS ) attack.
       The priority of a packet is given by skb->priority , where a higher
       value places the packet closer to the exit of the queue. When the
       queue is full, the lowest priority packet in the queue is dropped to
       make room for the packet to be added if it has higher priority. If
       the packet to be added has lower priority than all packets in the
       queue, it is dropped.

       Without SKB priority queue, queue length limits must be imposed on
       individual sub-queues, and there is no straightforward way to enforce
       a global queue length limit across all priorities. SKBprio queue
       enforces a global queue length limit while not restricting the
       lengths of individual sub-queues.

       While SKB Priority Queue is agnostic to how skb->priority is
       assigned. A typical use case is to copy the 6-bit DS field of IPv4
       and IPv6 packets using tc-skbedit(8).  If skb->priority is greater or
       equal to 64, the priority is assumed to be 63.  Priorities less than
       64 are taken at face value.

       SKB Priority Queue enables routers to locally decide which packets to
       drop under a DoS attack.  Priorities should be assigned to packets
       such that the higher the priority, the more expected behavior a
       source shows.  So sources have an incentive to play by the rules.

ALGORITHM         top

       Skbprio maintains 64 lists (priorities go from 0 to 63).  When a
       packet is enqueued, it gets inserted at the tail of its priority
       list. When a packet needs to be sent out to the network, it is taken
       from the head of the highest priority list. When the queue is full,
       the packet at the tail of the lowest priority list is dropped to
       serve the ingress packet - if it is of higher priority, otherwise the
       ingress packet is dropped. This algorithm allocates as much bandwidth
       as possible to high priority packets, while only servicing low
       priority packets when there is enough bandwidth.

PARAMETERS         top

       limit  Maximum queue size specified in packets. It defaults to 64.
              The range for this parameter is [0, UINT32_MAX].

SEE ALSO         top

       tc-prio(8), tc-skbedit(8)

AUTHORS         top

       Nishanth Devarajan <>, Michel Machado

       This manpage maintained by Bert Hubert <>

COLOPHON         top

       This page is part of the iproute2 (utilities for controlling TCP/IP
       networking and traffic) project.  Information about the project can
       be found at 
       If you have a bug report for this manual page, send it to,  This page was obtained
       from the project's upstream Git repository
       ⟨⟩ on
       2020-07-14.  (At that time, the date of the most recent commit that
       was found in the repository was 2020-06-24.)  If you discover any
       rendering problems in this HTML version of the page, or you believe
       there is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to

iproute2                       13 August 2018                     SKBPRIO(8)