Skip to content
/ SGX-DPDK Public

A firewall application that leverages DPDK for performance and SGX for security.

License

MIT license
16 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

InNetworkFiltering/SGX-DPDK

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
App
App
 
 
Enclave
Enclave
 
 
config
config
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

SGXDPDK Firewall

A firewall application that leverages DPDK for performance and SGX for security.

Requirement

Hardware:

Software:

Build

Install DPDK

Install DPDK 17.05.2 following Getting Started Guide for Linux.

Make sure your can build and run DPDK sample applications before start building this project.

Install SGX

Install Intel SGX for Linux 2.1 following its README.

Make sure you have the full installation including Intel SGX Linux Driver 2.1 and you can run SGX sample applications before moving to the next steps.

Build firewall

At first, export DPDK and SGX environment varibles (adjust according to your system)

export RTE_SDK=~/dpdk-stable-17.05.2
export RTE_TARGET=x86_64-native-linuxapp-gcc
export SGX_SDK=/opt/intel/sgxsdk
source $SGX_SDK/environment

Then, you can build this project for different targets

  • Build the native version of firewall without SGX

    make native

    This will generate a binary 'firewall_native' that does not need SGX support. It is the unmodified version of DPDK ip_pipeline application.

  • Build the SGX full-copy firewall in hardware release mode

    make SGX_PRERELEASE=1 SGX_DEBUG=0 ENABLE_FULL_COPY=1 ENABLE_INPUT_SKETCH=1

    This will generate a binary firewall_sgx and a SGX enclave file enclave.so

  • Build the SGX near-zero-copy firewall in hardware release mode

    make SGX_PRERELEASE=1 SGX_DEBUG=0 ENABLE_INPUT_SKETCH=1

    This will generate a binary firewall_sgx and a SGX enclave file enclave.so

To clean the working directory, just run make clean. This is necessary when switching from one target to another.

If you want to build the SGX applications in simulation mode or other modes, check the Makefile for more information.

Run

All three applications are developed based on DPDK sample application ip_pipeline. The firewall pipeline type is choosen in the config file config/*.cfg. Here's an example to run the application with port mask 1 and config file config/sgx_firewall.cfg. For the full explanation of the commandline options, check the ip_pipeline doc (search for "Running the application").

# native version
sudo firewall_native -p1 -f config/sgx_firewall.cfg
# sgx version
sudo firewall_sgx -p1 -f config/sgx_firewall.cfg

Documentation

License

The project is licensed under MIT License.

About

A firewall application that leverages DPDK for performance and SGX for security.

Topics

dpdk firewall sgx

Resources

Readme

License

MIT license
Activity

Stars

16 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages