The IMQ device has two common usage cases:

•Ingress shaping: With linux only egress shaping is possible (except for the ingress queue which can only do rate limiting). IMQ enables you to use egress qdiscs for real ingress shaping.

•Shaping over multiple interfaces: Qdiscs get attached to devices. A consequence of this is that one qdisc can only handle traffic going to the interface it is attached to. Sometimes it is desireable to have global limits on multiple interfaces. With IMQ you can use iptables to specify which packets the qdiscs sees, so global limits can be placed.

By default you have two imq devices (imq0 and imq1). These are dummy interfaces, you can do nothing but attach qdiscs to them. Only egress qdiscs can be used, the current ingress qdisc is just another netfilter hooker.

Since packets never get directed to an imq device by the network stack itself no netfilter hooks will ever be called. You can use imq for ingress traffic control, but only using egress qdiscs (which makes more sense anyway since current ingress is very limited).

First you have to attach a qdisc to the imq device. The imq device can be treated like any other network device. The fw classifier can be used for filters. The packet length seen by the qdisc includes link layer headers of the device the packet has entered/will be leaving through so you can work with link speed when limiting traffic.

After attaching a qdisc to the device you have to specify which packets should go through the imq device. An iptables target (`IMQ') is provided for using all the packet-selecting power of iptables.

As soon as the interfaces reaches IFF_UP state selected packets will be enqeued to the imq device. Immediately dequeue is tried and dequeued packet (possibly reordered) gets reinjected into the network stack (software pump).