gatekeeper
gatekeeper copied to clipboard
AltraMayor
The first open-source DDoS protection system
Traffic on DPDK ports can be captured and displayed for debugging purposes: https://doc.dpdk.org/guides/howto/packet_capture_framework.html We should investigate whether Gatekeeper can support this feature, either by default or in a debugging mode....
Implementing [fwknop](https://www.cipherdyne.org/fwknop/)'s server as a policy would test the expressiveness of Gatekeeper's policies, be an instructive example for policy writers, and "add" one more feature to Gatekeeper.
Soon the QUIC protocol will become an Internet standard; one can track the status of all related RFCs [here](https://datatracker.ietf.org/wg/quic/documents/). Therefore, we need a BPF example for QUIC, so users can...
We have a number of small patches to DPDK in https://github.com/cjdoucette/dpdk that Gatekeeper relies on. We should get these patches merged upstream, so Gatekeeper can use the latest version of...
The latest version of DPDK (i.e. 20.08.0) exports [`rte_softrss_be()`](https://doc.dpdk.org/api/rte__thash_8h.html#a00a9d49d177be1bf3ea42e0825b310bb). So, once Gatekeeper adopts a new release of DPDK, we should drop `lib/flow.c:gk_softrss_be()` and use `rte_softrss_be()` instead.
The LLS block currently checks to make sure that we're only receiving packets that are destined to us, which is one of four L2 addresses. The NIC should be able...
Enabling policies to load balance flows markedly increases the value of Gatekeeper deployments since Gatekeeper servers act as load balancers with DDoS protection and discard the need for dedicated load...
For example, is the Gatekeeper front interface expected to be in the same subnet as the back interface, a different subnet, or it does not matter? Similarly, is the back...
Gatekeeper may benefit from some new DPDK features: 1. [Fast mbuf free](https://doc.dpdk.org/guides/nics/features.html#fast-mbuf-free): This feature requires that per queue, all mbufs come from the same mempool and has refcnt = 1....
After Gatekeeper processing the incoming packets, both request packets and granted packets will be sent to Grantors using IP-in-IP encapsulation. In the extreme case, all the packets from a Gatekeeper...
Metadata
Owner
Metadata
The first open-source DDoS protection system