

# FPGA packet filter with Ethernet MAC and web server using a RISC-V softcore processor

### **Thesis**

Matthew Gilpin 45801600

2023

The University of Queensland
School of Electrical Engineering and Computer Science

Matthew John Gilpin matt@gilpin.au

August 13, 2023

Prof Michael Bruenig
Head of School
School of Electrical Engineering and Computer Science
The University of Queensland
St Lucia, QLD 4072

Dear Professor Bruenig,

In accordance with the requirements of the degree of Bachelor of Engineering (Honours) in the division of Electrical Engineering, I present the following thesis entitled

"FPGA packet filter with Etherent MAC and web server using a RISC-V softcore processor".

This work was performed in under the supervision of Dr. Matthew D'Souza. I declare that the work submitted in the thesis is my own, except as acknowledged in the text and footnotes, and that it has not previously been submitted for a degree at the University of Queensland or any other institution.

| Yours sincerely,    |
|---------------------|
|                     |
| Matthew John Gilpin |

### **Abstract**

Start this section on a new page [this template will automatically handle this].

The abstract should outline the main approach and findings of the thesis and normally must be between 300 and 800 words.

# **List of Abbreviations**

| Abbreviations |                                         |
|---------------|-----------------------------------------|
| IoT           | Internet of Things                      |
| CPU           | Central Processing Unit                 |
| FPGA          | Field Programmable Gate Array           |
| PF            | Packet Filter                           |
| MAC           | Medium Access Control                   |
| ISA           | Instruction Set Architecture            |
| ASIC          | Application Specific Integrated Circuit |
| SoC           | System on Chip                          |
| TRL           | Technology Readiness Level              |
| IP            | Intellectual Property                   |
| PHY           | Physical layer                          |
| RMII          | Reduced Media Independent Interface     |
| CRC           | Cyclic Redundancy Check                 |
| FIFO          | First-In First-Out                      |
| LSB           | Least Significant Bit                   |
| FSM           | Finite State Machine                    |
| CLI           | Command Line Interface                  |
| GUI           | Graphical User Interface                |
| RTOS          | Real Time Operating System              |

# **Contents**

|    | Abst    | tract                            | iii |
|----|---------|----------------------------------|-----|
| Li | st of A | Abbreviations                    | iv  |
| Co | onten   | ts                               | V   |
| Li | st of l | Figures                          | vii |
| Li | st of ' | Tables                           | vii |
| 1  | Intr    | oduction                         | 1   |
|    | 1.1     | Motivation                       | 1   |
| 2  | Lite    | rature review                    | 2   |
|    | 2.1     | Field Programmable Gate Arrays   | 2   |
|    | 2.2     | Packet Filter Firewall           | 3   |
|    | 2.3     | RISC-V processor                 | 4   |
|    | 2.4     | Ethernet MAC                     | 5   |
|    | 2.5     | Web servers and network stacks   | 6   |
| 3  | Met     | hodology                         | 8   |
|    | 3.1     | FPGA                             | 8   |
|    | 3.2     | System on Chip                   | 9   |
|    |         | 3.2.1 MicroSD card               | 9   |
|    | 3.3     | Ethernet Media Access Controller | 9   |
|    | 3.4     | Packet Classifier                | 9   |
|    | 3.5     | Firmware                         | 10  |
|    |         | 3.5.1 Real Time Operating System | 10  |
|    |         | 3.5.2 Network Stack              | 10  |
|    |         | 3.5.3 Webserver                  | 10  |
|    |         | 3.5.4 Drivers                    | 10  |
|    |         | 3.5.5 Command line interface     | 11  |
|    |         | 3.5.6 Improvements               | 11  |

| •  | CONTENTED INC |
|----|---------------|
| V1 | CONTENTS      |
|    |               |

| 4  | Resu  | ults                | 12 |
|----|-------|---------------------|----|
|    | 4.1   | Modifications       | 12 |
|    | 4.2   | Performance         | 12 |
|    |       | 4.2.1 Testing setup | 12 |
|    |       | 4.2.2 Results       | 12 |
|    | 4.3   | Ultilisation        | 12 |
| 5  | Con   | clusion             | 13 |
| Bi | bliog | raphy               | 14 |
| A  | App   | endix               | 17 |
|    | A.1   | Name of Appendix-1  | 17 |
|    | A.2   | Name of Appendix-2  | 17 |
|    |       |                     |    |

# **List of Figures**

| 2.1 | Packet classifier                        | 4  |
|-----|------------------------------------------|----|
| 2.2 | MAC layer headers                        | 5  |
| 3.1 | Digilent Nexys A7 FPGA development board | 8  |
| 3.2 | SMI Write message structure              | 10 |
|     |                                          |    |
|     |                                          |    |

# **List of Tables**

### Introduction

#### 1.1 Motivation

In a technology era of increasing numbers of cyber attacks and record number of connected devices, ensuring these devices operate safely and securely is paramount. The Australian Cyber Security Center (ACSC) received in excess of 76,000 cybercrime reports and growing in the 2021-22 financial year [1]. The growing trend of Internet of Things (IoT) will provide more opportunity for black hats (malicious attackers). IHS Markit estimates 125 billion IoT devices will be connected by 2030 [2]. This proliferation of IoT devices necessitates robust and adaptable security measures to counter the evolving threats posed by malicious actors.

To manage the surge of IoT devices, a shift to edge computing has emerged in favour of the traditionally more centralised cloud computing architectures. Edge computing as [3] puts it, is the paradigm which involves the computation and analysis of data at the *edge* of the network to be as close as possible to the source of the data. This has many advantages including: lower latency, lower bandwidth requirements, enhanced availability, energy efficiency, improved security and privacy [3]. Consequently, smaller and more efficient computers can be deployed at the edge/perimeter of these networks [4].

Just like any other computer connected to the broader network, edge networks must also be safeguarded from malicious bad actors. Field programmable gate arrays (FPGAs) offer the flexibility of custom hardware that can be designed to incentivise low latency, high throughput yet efficient wire-speed firewalls. While current hardware firewalls exist in todays markets, they often come at a cost and high power usage rendering them unsuitable in edge networks. To address this, this thesis proposal attempts to design a FPGA firewall that fulfils these criteria.

### Literature review

Research into existing literature has been conducted on multiple topics in relation to the project. These topics include, field programmable gate arrays, packet filter firewalls, RISC-V processors, Ethernet MAC, webs servers and network stacks.

### 2.1 Field Programmable Gate Arrays

First introduced by Xilinx in 1984, field programmable gate arrays (FPGAs) allowed for large custom logic designs to be recognised without the need for expensive application specific integrated circuits (ASICs). More importantly, FPGAs did not suffer from the same scalability issues that programmable array logic (PAL) encountered and has allowed for larger and more complex designs [5].

A big advantage to custom logic is the ability to create highly parallelised designs with lower latencies than software based serialised algorithms. This comes down to having a great degree of freedom when it comes to designing the architecture and ability to optimise for specific tasks. As such, FPGAs have became ubiquitous in both digital signal processing and for accelerating an assortment of heterogeneous computing architectures and processes [6]. System on chip (SoC) design with custom hardware acceleration modules is an active area research. As [6] points out, there is a focus towards using both hardware and software in *edge* devices due to growing numbers of IoT devices.

Several papers, [7] [8] [9], have proposed a range of other related FPGA based firewalls that have different properties and focus on different optimisations. The key benefit to these firewalls is their high performance - namely, low latency, and high throughput. Article [7] proposed an Ethernet firewall using LwIP (A TCP/IP stack) with five-tuple binding (the five filtered parameters in packet filters) to achieve a throughput of 950Mbps with a latency of 61.266us. A conference proceeding in 2000 [8] used a comparator unit to check the fields of the IP headers obtained a filtering rate of 500,000 packets per second.

The enabling concept behind the above FPGA based firewalls is SoC design which involves integrating multiple components into a single package, or in this case a single FPGA. Often these will include small softcore microprocessors and some custom hardware such as the Ethernet or packet

filtering like the proposed packet filters in [7]. Having a microprocessor in the FPGA design can significantly reduce the complexity of the design and allows for quick and easy development in software instead of hardware [10]. In FPGA design, softcore processors are configurable and can be modelled in a hardware description language (HDL) which can then be synthesised onto ASICs or FPGAs hardware [10]. There are several softcore processors available for FPGA designs including ARM Cortex, Nios II, MicroBlaze, and RISC-V.

While recently the royalty free RISC-V based cores have been popular amongst many SoC designs, other older processors are still common in the literature. The two big FPGA vendors, Xilinx (now AMD) and Altera (now Intel) have their own RISC based softcores. As an example, Janik et al. [11] used Xilinx's MicroBlaze processor as a media converter between optical (SFP interface) and copper (Ethernet) networks. Likewise, Altera's Nios II can be found in a variety of research papers including an embedded web server which significantly simplified the design [12].

#### 2.2 Packet Filter Firewall

Usually, the first line of defence against bad actors, firewalls play a vital component in computer networks and as such can become vastly complex. In essence, the job of a firewall is to isolate and restrict access to an internal network from an external one to increase security [13].

There are several types of firewalls such as packet filters (PF), stateful packet firewalls and application firewalls [14]. Traditional PFs are considered as stateless and filter exclusively on the fields in the network (layer 2) and transport (layer 3) layer headers [14]. Such fields include IP addresses, port numbers and protocol type.

Due to this, PFs are inherently simple and efficient. Consequently, they are widely available and can be either implemented in software or in hardware [13]. The book, [13], also highlights some inherent flaws with PFs which include not being able to suppress sophisticated attacks and in some cases, can be challenging to properly configure. More advanced firewalls can perform deep packet inspection which explore the contents of the higher layers to better evaluate a packets true intention [14].

While firewalls such as *iptables* in Linux are software based, hardware acceleration can vastly improve the performance of a packet filter. As stated in section 2.1, hardware acceleration allows for parallelised algorithms to be executed independently of a central processing unit (CPU). Wicaksana and Sasongko, [15], proposed a packet classification engine as shown in figure 2.1. To obtain a fast and reconfigurable packet classifier, the authors of [15] used a hierarchical tree-based algorithm that inspects the multidimensional fields of the IP header through the use of parallel decision trees.

Essentially, the architecture in figure 2.1 employs memory to store the ruleset and uses a multiplexer and a comparator to evaluate each of the fields in the header. As an safegaurd, the authors opted for a *default-deny* ruleset to prevent any unwanted traffic.



Figure 2.1: Packet classifier [15]

Wasti [16] presents several other classification algorithms for both hardware and software packet filters. 'Sequential matching' provides the most trivial solution as it matches each rule to the incoming packet. While simple, this design has scalability issues as more rules get added. Another method proposed in [16] is by using a 'Grid of tries' which uses tries (a type of tree datastructure) to help pattern match the packets, but fails to extend to multiple fields. Hardware algorithms using Ternary CAMs (stores words with 3-valued-digits - namely '0', '1' and '\*') and Bit-parallelism were also discussed. Both of these exploited the parallelised nature of hardware design. One limiting factor with the classification methods cited in [16] is their configurability and expandability.

### 2.3 RISC-V processor

In the world of processor architectures, there are four major families, namely AMD64, x86, ARM and RISC-V. The two former instruction set architectures (ISA) are apart of the complex instructions sets (CISC) and are found in the majority of computers. ARM and RISC-V have a reduced instruction set compared to the CISC family and subsequently fall under the RISC family and are ideal for low power microprocessors [17].

RISC-V is an open and royalty free ISA and as a result, a plethora of softcore based custom implementations have been designed [18]. Consequently, there is an abundance of articles delving into RISC-V from evaluating the ISA [19] to creating multicore architectures [20]. A 2019 paper, [18] evaluated a variety of different RISC-V softcore processors. RISC-V International have also published a list<sup>1</sup> of different RISC-V implementations that have a unique architecture ID. The majority of these

<sup>&</sup>lt;sup>1</sup>See: https://github.com/riscv/riscv-isa-manual/blob/master/marchid.md

2.4. ETHERNET MAC 5

are either written in a HDL for either application specific integrated circuits (ASICs) or FPGAs. The *NEORV32 RISC-V* softcore processor is written purely in vendor-agnostic VHDL and importantly has a considerable amount of documentation.

Being a softcore processor, control is given over which modules are implemented. Some basic features of the *NEORV32 RISC-V* include UART, SPI, and GPIO interfaces [21]. The datasheet, [21], also mentions that it supports a 'Wishbone b4 classic' external bus interface. A Wishbone B4 (or just 'wishbone') interconnection is designed specifically to connect modular pieces of hardware together on a SoC into the memory mapped 32bit address space in the processor [22]. This approach has the benefit of not needing to create custom instructions for the microprocessor.

#### 2.4 Ethernet MAC

First introduced in 1983, the IEEE 802.3 standard [23], more commonly known by the name of 'Ethernet', defines the 'Medium Access Control' (MAC) protocol amongst other things for two or more devices to communicate over a network. This standard is just one part in the layered network models such as the OSI model or TCP/IP model, namely the network layer - layer 2.

A core function of the Ethernet MAC is to attach the required MAC layer headers to the head and tail of the layer 3 payload to create an Ethernet packet. The fields in an Ethernet packet can be seen in figure 2.2.



Figure 2.2: MAC layer headers [23]

After the packet has been constructed, the data is forwarded out to the physical (PHY) layer least significant bit (LSB) first [23]. Typically, a PHY management chip is used to handle the physical layer channel encoding amongst other things. These PHY chips often can be interfaced with the media independent interfaces such as MII, RMII, GMII and RGMII [24]. The reduced media independent interface (RMII) is one of these standards defined in [23] and consists of a reference clock, 2 bit wide transmit (TX), 2 bit wide receive (RX) lines and a few other supplementary signals as defined in the LAN8720A datasheet [25].

The MAC layer itself is usually implemented in hardware as it has several advantages over a software implementation. The core reasons behind this are due to parallelised nature of FPGAs and that parts of the MAC can operate independently [26]. One key example is the calculation of the frame check sequence (FCS in figure 2.2). The FCS for Ethernet is a 32bit cyclic redundancy check (CRC) [23] and in addition to Etherent, the CRC32 can be found in an extensive amount of applications. As such, research has been conducted into parallelising the calculation. Noteably, Mitra and Nayak [27] proposed a low latency parallelised architecture for FPGA design on CRC32. As a result, packets can be assembled faster and offload additional processing burden from the CPU.

Numerous articles [24] [28] [29] can be found about Ethernet MACs implemented on FPGAs each with a slightly different approach. Fundamentally though, as best highlighted in [24], a simple way of implementing a MAC is by employing a finite state machine (FSM) to set the required fields. Another technique found in these articles is the use first-in first-out (FIFO) buffers to cross clock domains. This is a common technique used in FPGA design as it allows you to have the packet assembly logic at a much higher clock rate than the output RMII reference clock speed [28].

In addition to the papers, there are a plethora of intellectual property (IP) blocks for xMII interfaces in HDL which have their own benefits and drawbacks. Some freely available HDL modules for Ethernet MACs can be found in both a complete <sup>1 2 3</sup> and incomplete state <sup>4</sup>.

#### 2.5 Web servers and network stacks

Almost all firewalls need to be configured with a ruleset which can be configured in two common ways, using a command line interface (CLI) or by a web-based graphical user interface (GUI). Before a web server can be realised, the network stack (Layers 3, and 4) need to be established since a web server operates at the application layer (layer 4). As embedded platforms are resource limited, special precautions need to be taken into consideration when it comes to memory and resource usage [30].

Article [7] investigated using the open source lightweight IP (LwIP) network stack as a mechanism for interfacing with the firewall. The LwIP library is a popular lightweight TCP/IP stack which has been investigated in a plethora of research papers and projects [31] [30]. Often these papers run LwIP on real time operating systems (RTOS) such as FreeRTOS or Zephyr.

FreeRTOS is a leading RTOS for microprocessors and is distributed freely under the MIT license. As an RTOS, it provides an abstraction to the hardware that allows for multitasking and brings other OS-Like features to embedded systems. Several ports are available including one for RISC-V.

FreeRTOS also provide their own TCP/IP network stack called *FreeRTOS-Plus-TCP* which includes a HTTP web server example and is much newer than LwIP. Consequently, less research can be found apart from existing documentation. The library aims to provide a threadsafe Berkley sockets API and

<sup>&</sup>lt;sup>1</sup>See: https://github.com/yol/ethernet\_mac

<sup>&</sup>lt;sup>2</sup>See: https://github.com/alexforencich/verilog-ethernet/

<sup>&</sup>lt;sup>3</sup>See: https://opencores.org/projects/ethernet\_tri\_mode

<sup>&</sup>lt;sup>4</sup>See: https://github.com/pabennett/ethernet\_mac

7

network stack supporting multiple protocols such as DHCP, DNS, TCP, and UDP [32]. LwIP is not threadsafe and typically suffers from memory issues as found in [30].

# Methodology

This chapter will detail the design decisions and steps taken to complete the project.

#### 3.1 FPGA

The Digilent Nexys A7-100T FPGA development board was used for this project. Namely, this board featured a Xilinx Artix 7 100T FPGA (part number XC7A100T-1CSG324C), LAN8720A 100MBit/s RMII PHY and PMOD (auxiliary outputs) amoung other IO.



Figure 3.1: Digilent Nexys A7 FPGA development board.

As a packet filter, a second Ethernet interface was required. Hence, a secondary LAN8720A breakout board was used and connected using the PMOD connectors on the development board.

3.2. SYSTEM ON CHIP 9

#### **PMOD Interface**

Have some eye diagrams here to show the validity of using PMOD.

### 3.2 System on Chip

The NEORV32 processor by GitHub user stnolling was used in this project. It's a highly configurable microcontroller-like SoC.

#### 3.2.1 MicroSD card

The web assets were stored on a MicroSD card. SD cards have 2 modes of operation: native SD mode and SPI mode. To keep things simple, the microSD card was connected to with SPI mode.

#### 3.3 Ethernet Media Access Controller

The advantage of using an FPGA is that custom hardware can be designed for specific tasks. In this design the MAC layer was done purely in hardware to free up the microprocessor by handling all of the lower level logic.

This MAC was implemented as a memory-mapped perhipheral which used the MCU's Wishbone B4 classic interface. This then made it easily accessable over the memory address space of the MCU.

#### 3.4 Packet Classifier

To further save MCU resources, the packet classification was done in hardware. Not only did this reduce the load on the MCU itself - giving it more time to do other things - it allowed the interface to run at 'wirespeed'. That is, at the full speed of the interface - 100Mbit/s.

This was possible by having the rulset been evaluated in parallel as the data is coming into the firewall. This method however is not suitable for large rulesets as the fan-in and fan-out limit the maximum number of parallel comparisons. For every new rule, the number of gates grows exponentially. Hence a design decision of a maximum ruleset of size 8 was chosen.

The way this classifier was designed was to be a 'default-block' where all connections were blocked except for the ones specifically whitelisted in the ruleset.

The specific rules had a few options, namely the source IP address, destination IP address, source port, destination port and protocol could be configured. In addition to these, each field had a wildcard operator which allowed all values for that specific option to be classified.

A block diagram of the classifier can be seen in figure XX below. To control the flow of the packets, a buffer was used on the input to store the packet as it was coming in. At the same time the classifier would start classifying the packet. If allowed, then the packet would be moved on to another buffer

before been sent out the other interface. If the packet was blocked, then the data would be dropped by clearing the buffers and then just ignoring the remainder of the incomming packet.

#### 3.5 Firmware

#### 3.5.1 Real Time Operating System

In addition to simplifying the project, and RTOS was used as this would allow the use of network TCP stacks. The RTOS that was used in this design was FreeRTOS V10.4.4 due to its familirity and compatability with the NEORV32 MCU.

#### 3.5.2 Network Stack

There were two main options for the network stack, LwIP and FreeRTOS-Plus-TCP. The main concern with LwIP was that it was not threadsafe and had memory issues. In addition to this, as FreeRTOS was chosen as the RTOS, their own TCP stack was used as it was thought to have tighter integration.

#### 3.5.3 Webserver

A simple HTTP webserver running on top of a TCP server was used to serve the webpages for the project.

#### 3.5.4 Drivers

#### **Ethernet drivers**

Since the ethernet hardware was custom, drivers were needed to interface with the hardware in software. There were two types of commands that were needed, first the RMII serial managment interface (SMI) and secondly the MAC drivers - the drivers that would handle the data. The SMI interface is used to control the mode of operation of the PHY chip including the speed, Auto-MDIX, duplex settings. The LAN8720A datasheet, ( [25]) provided some details (seen in figure 3.2) into how the protocol operated. The datasheet also outlined that a maximum frequency of 2.5MHz, but no lower bound. As such the interface was 'bitbanged' to reduce complexity. The maximum switching frequency of the NEORV32's GPIO was measured to be  $\approx$  1MHz, thus the interface could operate without any additional delays.



Figure 3.2: SMI Write message structure. [25]

3.5. FIRMWARE 11

As the Ethernet hardware used the Wishbone interface, the register locations were mapped into the processors address space. Simple macros can be created for ease of use.

```
#define ETH_MAC_TX_BASE 0x13371000
  #define ETH_MAC_CMD_BASE 0x13370000
2
  #define ETH_MAC_CMD
                       (*(volatile uint32_t *)ETH_MAC_CMD_BASE)
4
  #define ETH_MAC_TX ((EthMacTx *) ETH_MAC_TX_BASE)
6
7
  typedef struct __attribute__((__packed__)) {
      volatile uint32_t SIZE;
8
       volatile uint32_t DATA[375]; // 1500 / 4 = 375.
9
  } EthMacTx;
10
```

Listing 3.1: Python example

```
#define ETH_MAC_TX_BASE 0x13371000
      #define ETH_MAC_CMD_BASE 0x13370000
2
3
       #define ETH_MAC_CMD (*(volatile uint32_t *)ETH_MAC_CMD_BASE)
4
       #define ETH_MAC_TX ((EthMacTx *) ETH_MAC_TX_BASE)
6
       typedef struct __attribute__((__packed__))
7
           volatile uint32_t SIZE;
8
           volatile uint32_t DATA[375]; // 1500 / 4 = 375.
9
       } EthMacTx;
10
```

Listing 3.2: Python example

#### SD card drivers

As part of the documentation for the FreeRTOS-Plus-FAT file system, drivers for the media was required. Like the Ethernet hardware, the driver had to implement at least three functions: function that reads sectors from the media, one that rights sectors to the media and one to initialise the media.

#### 3.5.5 Command line interface

#### 3.5.6 Improvements

• Bidirectional filtering - currently only doing incomming filtering

# Results

To ensure that the firewall was performing properly, a few tests were conducted. In this chapter, the testing results for the performance and the resource utilisation among other features are discussed.

### 4.1 Modifications

The design was changed from the 2 ethernet interfaces to a design with just a single ethernet interface.

### 4.2 Performance

- 4.2.1 Testing setup
- 4.2.2 Results
- 4.3 Ultilisation

# **Conclusion**

Conclude your thesis.

# **Bibliography**

- [1] A. C. S. Center, "Acsc annual cyber threat report, july 2021 to june 2022." https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-july-2021-june-2022, Nov 2022.
- [2] IHS, "The internet of things: a movement, not a market." https://cdn.ihs.com/www/pdf/ IoT\_ebook.pdf, 2017.
- [3] W. Shi, G. Pallis, and Z. Xu, "Edge computing [scanning the issue]," *Proceedings of the IEEE*, vol. 107, no. 8, pp. 1474–1481, 2019.
- [4] M. Caprolu, R. Di Pietro, F. Lombardi, and S. Raponi, "Edge computing perspectives: Architectures, technologies, and open security issues," in *2019 IEEE International Conference on Edge Computing (EDGE)*, pp. 116–123, IEEE, 2019.
- [5] S. M. Trimberger, "Three ages of fpgas: A retrospective on the first thirty years of fpga technology," *Proceedings of the IEEE*, vol. 103, no. 3, pp. 318–331, 2015.
- [6] M. Gokhale and L. Shannon, "Fpga computing," *IEEE MICRO*, vol. 41, no. 4, pp. 6–7, 2021.
- [7] S. Lin, D. Zhang, Y. Fu, and S. Wang, "A design of the ethernet firewall based on fpga," in 2017 10th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI), vol. 2018-, pp. 1–5, IEEE, 2017.
- [8] A. Kayssi, L. Harik, R. Ferzli, and M. Fawaz, "Fpga-based internet protocol firewall chip," in *ICECS 2000. 7th IEEE International Conference on Electronics, Circuits and Systems (Cat. No.00EX445)*, vol. 1, pp. 316–319 vol.1, IEEE, 2000.
- [9] S. M. Keni and S. Mande, "Packet filtering for ipv4 protocol using fpga," in 2018 Second International Conference on Intelligent Computing and Control Systems (ICICCS), pp. 400–403, IEEE, 2018.
- [10] S. Cuenca-Asensi, A. Martínez-Álvarez, F. Restrepo-Calle, F. R. Palomo, H. Guzmán-Miranda, and M. A. Aguirre, "Soft core based embedded systems in critical aerospace applications," *Journal of systems architecture*, vol. 57, no. 10, pp. 886–895, 2011.

BIBLIOGRAPHY 15

[11] L. Janik, M. Novak, L. Hudcova, O. Wilfert, and A. Dobesch, "Lwip based network solution for microblaze," in 2016 International Conference on Broadband Communications for Next Generation Networks and Multimedia Applications (CoBCom), pp. 1–4, IEEE, 2016.

- [12] N. Joshi, P. Dakhole, and P. Zode, "Embedded web server on nios ii embedded fpga platform," in 2009 Second International Conference on Emerging Trends in Engineering and Technology, pp. 372–377, IEEE, 2009.
- [13] E. D. Zwicky, S. Cooper, and D. B. Chapman, *Building Internet Firewalls (2nd Ed.)*. USA: O'Reilly and Associates, Inc., 2000.
- [14] E. W. Fulp, "Chapter e74 firewalls," in *Computer and Information Security Handbook*, pp. e219–e237, Elsevier Inc, third edition ed., 2017.
- [15] A. Wicaksana and A. Sasongko, "Fast and reconfigurable packet classification engine in fpga-based firewall," in *Proceedings of the 2011 International Conference on Electrical Engineering and Informatics*, (Ithaca), pp. 1–6, IEEE, 2016.
- [16] S. Wasti, "Hardware assisted packet filtering firewall." https://madmuc.usask.ca/Pubs/shw320.pdf, 2001.
- [17] Y.-H. Cheng, L.-B. Huang, Y.-J. Cui, S. Ma, Y.-W. Wang, and B.-C. Sui, "Rv16: An ultra-low-cost embedded risc-v processor core," *Journal of computer science and technology*, vol. 37, no. 6, pp. 1307–1319, 2022.
- [18] C. Heinz, Y. Lavan, J. Hofmann, and A. Koch, "A catalog and in-hardware evaluation of open-source drop-in compatible risc-v softcore processors," in *2019 International Conference on ReConFigurable Computing and FPGAs (ReConFig)*, pp. 1–8, IEEE, 2019.
- [19] V. A. Frolov, V. A. Galaktionov, and V. V. Sanzharov, "Investigation of risc-v," *Programming and computer software*, vol. 47, no. 7, pp. 493–504, 2021.
- [20] M. A. ISLAM and K. KISE, "An efficient resource shared risc-v multicore architecture," *IEICE transactions on information and systems*, vol. E105.D, no. 9, pp. 1506–1515, 2022.
- [21] S. Nolting, "The neorv32 risc-v processor." https://stnolting.github.io/neorv32/, 2023. v1.8.1-r17-gd1b295de.
- [22] "Wishbone B4 SoC Interconnection." https://cdn.opencores.org/downloads/wbspec\_b4.pdf, Dec. 2010. Standard.
- [23] "IEEE 802.3-2012 IEEE Standard for Ethernet," standard, The Institute of Electrical and Electronics Engineers, Inc., New York, USA, Dec. 2012.

16 BIBLIOGRAPHY

[24] J. Hemanth, X. Fernando, P. Lafata, and Z. Baig, "An optimized packet transceiver design for ethernet-mac layer based on fpga," in *International Conference on Intelligent Data Communication Technologies and Internet of Things (ICICI) 2018*, vol. 26 of *Lecture Notes on Data Engineering and Communications Technologies*, pp. 725–732, Switzerland: Springer International Publishing AG, 2019.

- [25] Microchip Technology Incorporated, "Small footprint rmii 10/100 ethernet transceiver with hp auto-mdix support." "https://ww1.microchip.com/downloads/en/DeviceDoc/8720a.pdf", 2012. Revision 1.4 (08-23-12).
- [26] J. Sütő and S. Oniga, "Fpga implemented reduced ethernet mac," in 2013 IEEE 4th International Conference on Cognitive Infocommunications (CogInfoCom), pp. 29–32, 2013.
- [27] J. Mitra and T. Nayak, "Reconfigurable very high throughput low latency vlsi (fpga) design architecture of crc 32," *Integration (Amsterdam)*, vol. 56, pp. 1–14, 2017.
- [28] P. Guoteng, L. Li, O. Guodong, F. Qingchao, and B. Han, "Design and verification of a mac controller based on axi bus," in *2013 Third International Conference on Intelligent System Design and Engineering Applications*, pp. 558–562, IEEE, 2013.
- [29] N. M. Khalilzad, F. Yekeh, L. Asplund, and M. Pordel, "Fpga implementation of real-time ethernet communication using rmii interface," in 2011 IEEE 3rd International Conference on Communication Software and Networks, pp. 35–39, IEEE, 2011.
- [30] T. Stuckenberg, M. Gottschlich, S. Nolting, and H. Blume, "Design and optimization of an arm cortex-m based soc for tcp/ip communication in high temperature applications," in *Embedded Computer Systems: Architectures, Modeling, and Simulation*, Lecture Notes in Computer Science, (Cham), pp. 169–183, Springer International Publishing.
- [31] L. Liu, N. Li, and L. Feng, "Improvement and optimization of lwip," in 2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC), pp. 1342–1345, IEEE, 2016.
- [32] FreeRTOS, "Freertos plus tcp a free thread aware tcp/ip stack for freertos." https://www.freertos.org/FreeRTOS-Plus/FreeRTOS\_Plus\_TCP/index.html, Aug 2022.

# **Appendix A**

# **Appendix**

Write your appendix here. Following two are examples.

# **A.1** Name of Appendix-1

# A.2 Name of Appendix-2