/SGX-DPDK

A firewall application that leverages DPDK for performance and SGX for security.

Primary LanguageCMIT LicenseMIT

SGXDPDK Firewall

A firewall application that leverages DPDK for performance and SGX for security.

Requirement

Hardware:

Software:

Build

Install DPDK

Install DPDK 17.05.2 following Getting Started Guide for Linux.

Make sure your can build and run DPDK sample applications before start building this project.

Install SGX

Install Intel SGX for Linux 2.1 following its README.

Make sure you have the full installation including Intel SGX Linux Driver 2.1 and you can run SGX sample applications before moving to the next steps.

Build firewall

At first, export DPDK and SGX environment varibles (adjust according to your system)

export RTE_SDK=~/dpdk-stable-17.05.2
export RTE_TARGET=x86_64-native-linuxapp-gcc
export SGX_SDK=/opt/intel/sgxsdk
source $SGX_SDK/environment

Then, you can build this project for different targets

  • Build the native version of firewall without SGX

    make native
    

    This will generate a binary 'firewall_native' that does not need SGX support. It is the unmodified version of DPDK ip_pipeline application.

  • Build the SGX full-copy firewall in hardware release mode

    make SGX_PRERELEASE=1 SGX_DEBUG=0 ENABLE_FULL_COPY=1 ENABLE_INPUT_SKETCH=1
    

    This will generate a binary firewall_sgx and a SGX enclave file enclave.so

  • Build the SGX near-zero-copy firewall in hardware release mode

    make SGX_PRERELEASE=1 SGX_DEBUG=0 ENABLE_INPUT_SKETCH=1
    

    This will generate a binary firewall_sgx and a SGX enclave file enclave.so

To clean the working directory, just run make clean. This is necessary when switching from one target to another.

If you want to build the SGX applications in simulation mode or other modes, check the Makefile for more information.

Run

All three applications are developed based on DPDK sample application ip_pipeline. The firewall pipeline type is choosen in the config file config/*.cfg. Here's an example to run the application with port mask 1 and config file config/sgx_firewall.cfg. For the full explanation of the commandline options, check the ip_pipeline doc (search for "Running the application").

# native version
sudo firewall_native -p1 -f config/sgx_firewall.cfg
# sgx version
sudo firewall_sgx -p1 -f config/sgx_firewall.cfg

Documentation

License

The project is licensed under MIT License.