search

AltraMayor / gatekeeper

The first open-source DDoS protection system
https://github.com/AltraMayor/gatekeeper/wiki
GNU General Public License v3.0
1.34k stars 232 forks source link

gk: drop packets of flows not backed by a flow entry #670

Closed AltraMayor closed 9 months ago

AltraMayor commented 9 months ago

When a flow table is full, sending packets of flows not backed by a flow entry to a Grantor server is counterproductive because

  1. it stresses the request channel; and
  2. it often wastes the policy decisions that cannot be installed to the flow table since the table is full.