README
¶
nitriding-proxy
Nitriding-proxy tunnels network traffic between nitriding and the Internet by creating a tun-based virtual network interface that's connected to the enclave's tun interface. A single TCP connection between nitriding-proxy and nitriding is forwarding traffic back and forth.
The diagram above illustrates the architecture. The yellow components are under your control: clients, the enclave application, and the network traffic between clients and the enclave application. Nitriding-proxy tunnels your network traffic over a VSOCK-based point-to-point TCP connection between nitriding-proxy and nitriding. The diagram above shows a client making an HTTPS request to the enclave.
Usage
Compile and run nitriding-proxy by running:
make run
Performance
Take a look at this wiki page to learn more about traffic throughput.
Documentation
¶
Index ¶
Constants ¶
const ( On = true Off = false )
const (
DefaultPort = 1024
)
Variables ¶
This section is empty.
Functions ¶
func SetupTunAsEnclave ¶
SetupTunAsEnclave sets up a tun interface and returns a ready-to-use file descriptor.
func SetupTunAsProxy ¶
SetupTunAsProxy sets up a tun interface and returns a ready-to-use file descriptor.
func ToggleNAT ¶
ToggleNAT toggles our iptables NAT rules, which ensure that the enclave can talk to the Internet.
func TunToVsock ¶
TunToVsock forwards network packets from the tun device to our TCP-over-VSOCK connection. The function keeps on forwarding packets until we encounter an error or EOF. Errors (including EOF) are written to the given channel.
func VsockToTun ¶
VsockToTun forwards network packets from our TCP-over-VSOCK connection to the tun interface. The function keeps on forwarding packets until we encounter an error or EOF. Errors (including EOF) are written to the given channel.
Types ¶
This section is empty.
Source Files
Directories