{"id":24956281,"url":"https://github.com/daschr/cuda_firewall","last_synced_at":"2025-04-10T18:42:47.125Z","repository":{"id":190359608,"uuid":"413337702","full_name":"daschr/cuda_firewall","owner":"daschr","description":"Implementing a Firewall using dpdk and CUDA","archived":false,"fork":false,"pushed_at":"2022-06-07T12:07:45.000Z","size":6407,"stargazers_count":10,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"async","last_synced_at":"2025-03-24T16:24:40.299Z","etag":null,"topics":["cuda","dpdk","firewall"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/daschr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2021-10-04T08:31:33.000Z","updated_at":"2025-02-23T21:47:05.000Z","dependencies_parsed_at":"2023-08-24T09:40:21.974Z","dependency_job_id":null,"html_url":"https://github.com/daschr/cuda_firewall","commit_stats":null,"previous_names":["daschr/cuda_firewall"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daschr%2Fcuda_firewall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daschr%2Fcuda_firewall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daschr%2Fcuda_firewall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daschr%2Fcuda_firewall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/daschr","download_url":"https://codeload.github.com/daschr/cuda_firewall/tar.gz/refs/heads/async","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248271910,"owners_count":21075800,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cuda","dpdk","firewall"],"created_at":"2025-02-03T06:28:17.514Z","updated_at":"2025-04-10T18:42:47.101Z","avatar_url":"https://github.com/daschr.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Thesis - *Offloading network packet classification to GPUs using CUDA and dpdk*\nSee [this PDF](https://github.com/daschr/cuda_firewall/blob/e4e9b63af005667067a52d3d302dcd39398bfcf8/thesis.pdf).\n\n# cuda_firewall\nImplementing a Firewall using dpdk and CUDA\n\n# current stats\n\n![measurement](https://github.com/daschr/cuda_firewall/blob/main/results_no-forward.png)\n\n## Line rate*\n| line rate | 100Mbits/s | 500 Mbits/s | 1Gbit/s | 5 Gbit/s | 10 Gbit/s | 20 Gbit/s | 40 Gbit/s|\n|-----------|:----------:|:-----------:|:-------:|:--------:|:---------:|:---------:|:--------:|\n||**reached**|**reached**|**reached**|**reached**|**reached**|*pending*|*pending*|\n\n \u003cfont size=\"1\"\u003e *tested using iperf3 and two Mellanox ConnectX-3 NICs (40GigE)\u003c/font\u003e \n\n\n## Packet rate**\n\n| packet rate | with tap forward | without tap forward |\n|-----------|:----------:|:-----------:|\n||~2.8Mpps|~12.5Mpps|\n\n \u003cfont size=\"1\"\u003e **tested using pktgen-dpdk using the asynchronous execution model (*async* branch) and two Mellanox ConnectX-3 NICs (40GigE)\u003c/font\u003e \n\n# current progress\n- [x] working bitvector search usng CUDA\n- [x] make use of dpdk table api\n- [x] simple 5 tuple rule syntax with DROP/ACCEPT actions\n- [x] l2 polling on trunk port and l2 forward to correspondending tap iface, if lookup successfully highest priority rule has ACCEPT action\n- [x] simple l2 forward of incoming packet from tap to trunk port\n- [ ] switch from tap to kni\n- [ ] add better stats collection to firewall\n- [x] improving speed of bitvector search\n- [ ] misc. refactoring\n\n# settings\n* use `isolcpus` to isolate at least two adjacent logical cores\n* force device managed flow steering, f.e. for Mellanox ConnectX-3: `mlx4_core.log_num_mgm_entry_size=-1`\n* example: `GRUB_CMDLINE_LINUX_DEFAULT=\"quiet isolcpus=2,3 mlx4_core.log_num_mgm_entry_size=-1\"`\n\n\n# usage\n\n* build dpdk (\u003e=21.08)\n* `make all`\n* run:\n   1. `sudo ./firewall -l0-1 --vdev=net_tap0,iface=fw0  rules.txt`\n   2. `ip a add \u003csome ip 1\u003e dev fw0`\n   3. on second host: `ip a add \u003csome ip 2\u003e \u003csome connected iface\u003e`\n   4. now test \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaschr%2Fcuda_firewall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdaschr%2Fcuda_firewall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaschr%2Fcuda_firewall/lists"}