In this proposal, I describe my plan to adapt Gatekeeper’s priority to the Linux kernel in context of traffic control and QoS. Gatekeeper is an open source defence against denial-of-service (DoS) attacks. To protect server resources from an attack, it services requests based on priority: the higher its priority, the closer to the exit of the egress queue its placed. Additionally, it also limits the requests’ maximum link bandwidth occupancy to 5%. Such countermeasures are implemented through the priority queue data structure which holds all requests in a single priority queue dropping low-priority requests when resources are low. This functionality allows us to allocate as many resources as possible to high-priority requests while servicing low-priority requests only when resources are idle. The successful implementation of this project will essentially enable a regular Linux router to help isolate and protect legitimate traffic during DoS attacks by employing Gatekeeper’s priority queue as a kernel module, enabled by its userspace component in Linux's tc(8) utility.


Nishanth Devarajan


  • Cody Doucette
  • Sachin Paryani