Re: Looking for pointers for ingress traffic limiting ...

Eike Frost wrote:
> anybody knows of a whitepaper or related documentation that could be 
> helpful in understanding [ ingress ]

Unfortunately, this is still on Jamal's and my to do list. Here's a
quick summary:
 - if present, the ingress qdisc is invoked for each packet arriving on
   the respective interface
 - ingress is a qdisc that only classifies but doesn't queue
 - the usual classifiers, classifier combinations, and policing
   functions can be used
 - the classification result is stored in skb->tc_index, a la
 - if the classification returns a "drop" result (TC_POLICE_SHOT), the
   packet is discarded. Otherwise, it is accepted.

Since there is no queue for implicit rate limiting (via PRIO, TBF, CBQ,
etc.), rate limiting must be done explicitly via policing. This is still
done exactly like policing on egress.

- Werner

