Michel Machado
Michel Machado
According to [the documentation of rte_kni_alloc()](https://doc.dpdk.org/api/rte__kni_8h.html#a6f0e3bfe35ac99edbf07dd709d294176), each KNI interface needs at least `2 x KNI_FIFO_COUNT_MAX` packets. But the define `KNI_FIFO_COUNT_MAX` is not exported. Once `KNI_FIFO_COUNT_MAX` is exported, avoid duplicate `#define`...
While running Gatekeeper on KVM, a couple of issues have been identified. The following log entry is likely the biggest issue here since it means that Gatekeeper is not properly...
Implementing [fwknop](https://www.cipherdyne.org/fwknop/)'s server as a policy would test the expressiveness of Gatekeeper's policies, be an instructive example for policy writers, and "add" one more feature to Gatekeeper.
Soon the QUIC protocol will become an Internet standard; one can track the status of all related RFCs [here](https://datatracker.ietf.org/wg/quic/documents/). Therefore, we need a BPF example for QUIC, so users can...
We have a number of small patches to DPDK in https://github.com/cjdoucette/dpdk that Gatekeeper relies on. We should get these patches merged upstream, so Gatekeeper can use the latest version of...
The latest version of DPDK (i.e. 20.08.0) exports [`rte_softrss_be()`](https://doc.dpdk.org/api/rte__thash_8h.html#a00a9d49d177be1bf3ea42e0825b310bb). So, once Gatekeeper adopts a new release of DPDK, we should drop `lib/flow.c:gk_softrss_be()` and use `rte_softrss_be()` instead.
Enabling policies to load balance flows markedly increases the value of Gatekeeper deployments since Gatekeeper servers act as load balancers with DDoS protection and discard the need for dedicated load...
The longest prefix matching (LPM) table of GK blocks does not accept a default route (i.e. a route for the prefix of length zero) because it uses DPDK's LPM implementation,...
Explore tool [ThreadSpotter](http://threadspotter.paratools.com/) to see if we can find news ways to improve the performance of Gatekeeper, or at least simplify the optimization process. The [old manual](https://docs.roguewave.com/threadspotter/2011.2/manual_html_linux/manual_html/) of ThreadSpotter still...
When the flow table of a GK block is full, a new flow doesn't get a flow entry, but the GK block will send the packet through the request channel;...