14.4. Ingress qdisc
All qdiscs discussed so far are egress qdiscs. Each interface however can
also have an ingress qdisc which is not used to send packets
out to the network adaptor. Instead, it allows you to apply tc filters to
packets coming in over the interface, regardless of whether they have a local
destination or are to be forwarded.
As the tc filters contain a full Token Bucket Filter implementation, and are
also able to match on the kernel flow estimator, there is a lot of
functionality available. This effectively allows you to police incoming
traffic, before it even enters the IP stack.
14.4.1. Parameters & usage
The ingress qdisc itself does not require any parameters. It differs from
other qdiscs in that it does not occupy the root of a device. Attach it like
this:
# tc qdisc add dev eth0 ingress |
This allows you to have other, sending, qdiscs on your device besides the
ingress qdisc.
For a contrived example how the ingress qdisc could be used, see the
Cookbook.