ndev2

Experimental Testbed Description: The testbed consists of 2 machines: the client and the server. The client machine has GK installed as a test kernel module: tstgk and can be used to enqueue outgoing packets with the appropriate tc commands. The error free working of the GK setup commands is seen here.

The required working of commands specifying bandwidths in percentages of the interface capacity, is seen here.

Iperf tests were conducted on Gatekeeper to test its throughput and also compare it with the default qdisc in place i.e pfifofast to see how much performance price is paid to use Gatekeeper's priority queue algorithm. The results are shown in the tab

ndev2

During GSoC 2017, I worked with mentors Cody Doucette and Sachin Paryani, with my mentor organisation: Boston University/Linux XIA group. My main responsibility was to add security software queuing discipline functionality to the Linux kernel. And in order to access this queuing discipline, to write enabling code in tc(8) userspace; a part of the iproute-2 codebase, (mirrored repo found here). Secondarily, I was also required to modify tc(8) code to allow bandwidth limits to be specified in percentages of the interface capacity, to make tc commands more user friendly.

The queueing discipline is called Gatekeeper Priority Queue (standalone codebase maintained here.) Gatekeeper is an open source defence against denial-of-service (DoS) attacks. To protect server resour