First open-source DDoS protection system
This very first stable version of Gatekeeper is a long-coming dream of our group. The dream of an Internet whose stakeholders do not fear DDoS attacks.
When bad men combine, the good must associate; else they will fall, one by one, an unpitied sacrifice in a contemptible struggle. -- Edmund Burke (1770).
As in a college commencement, this release is not the end, but the beginning of the transition from dreamland to reality. Thank you very much to all of those that have made any contribution to help us to get to this moment. On behalf of these contributors, we welcome all the future members of our community.
This version adds the following items to the RC2:
max_num_ipv4_fib_entries
and max_num_ipv6_fib_entries
of GK blocks (see issue #440);dylib.c.gk_unload_bpf_flow_handler()
to unload BPF programs in runtime (see pull request #454);systemd
(see pull request #458);gkctl
to wait for Gatekeeper during boot (see pull request #467);lpmlib
(see pull request #506);This release is dedicated to all of those that had their lives, projects, and businesses, in any way, disrupted by DDoS.
This release candidate addresses a number of small issues, bugs, and needs identified during tests of the RC1 in production. We expect that the final version will be this release candidate or a small variation of it. The following list summarizes the changes since the RC1:
gkctl/scripts/*.lua
for command gkctl
;This is the version that we are going to use for the first deployment: a single 10Gbps Gatekeeper server and two Grantor servers. This version has been thoroughly tested in test environments. We expected that the final release will be this RC1 with small changes (if needed) due to production demands.