FPGA/ASIC>> SGX-DPDK>> 返回
项目作者: InNetworkFiltering

项目描述 :
A firewall application that leverages DPDK for performance and SGX for security.
高级语言: C
项目地址: git://github.com/InNetworkFiltering/SGX-DPDK.git
创建时间: 2019-01-11T10:38:15Z
项目社区:https://github.com/InNetworkFiltering/SGX-DPDK
开源协议:MIT License
下载


SGXDPDK Firewall

A firewall application that leverages DPDK for performance and SGX for security.

Requirement

Hardware:

Software:

Build

Install DPDK

Install DPDK 17.05.2 following Getting Started Guide for Linux.

Make sure your can build and run DPDK sample applications before start building this project.

Install SGX

Install Intel SGX for Linux 2.1 following its README.

Make sure you have the full installation including Intel SGX Linux Driver 2.1 and you can run SGX sample applications before moving to the next steps.

Build firewall

At first, export DPDK and SGX environment varibles (adjust according to your system)

  1. export RTE_SDK=~/dpdk-stable-17.05.2
  2. export RTE_TARGET=x86_64-native-linuxapp-gcc
  3. export SGX_SDK=/opt/intel/sgxsdk
  4. source $SGX_SDK/environment

Then, you can build this project for different targets

  • Build the native version of firewall without SGX

    1.   make native

    This will generate a binary ‘firewall_native’ that does not need SGX support.
    It is the unmodified version of DPDK ip_pipeline application.

  • Build the SGX full-copy firewall in hardware release mode

    1.   make SGX_PRERELEASE=1 SGX_DEBUG=0 ENABLE_FULL_COPY=1 ENABLE_INPUT_SKETCH=1

    This will generate a binary firewall_sgx and a SGX enclave file enclave.so

  • Build the SGX near-zero-copy firewall in hardware release mode

    1.   make SGX_PRERELEASE=1 SGX_DEBUG=0 ENABLE_INPUT_SKETCH=1

    This will generate a binary firewall_sgx and a SGX enclave file enclave.so

To clean the working directory, just run make clean. This is necessary when switching from one target to another.

If you want to build the SGX applications in simulation mode or other modes, check the Makefile for more information.

Run

All three applications are developed based on DPDK sample application ip_pipeline. The firewall pipeline type is choosen in the config file config/*.cfg. Here’s an example to run the application with port mask 1 and config file config/sgx_firewall.cfg. For the full explanation of the commandline options, check the ip_pipeline doc (search for “Running the application”).

  1. # native version
  2. sudo firewall_native -p1 -f config/sgx_firewall.cfg
  3. # sgx version
  4. sudo firewall_sgx -p1 -f config/sgx_firewall.cfg

Documentation

License

The project is licensed under MIT License.