Closed NullHypothesis closed 10 months ago
As of https://github.com/Amnesic-Systems/nitriding/commit/ed7746bdbd709e1d11438bb89c87fc144ed77ded, nitriding uses a single TCP connection between EC2 and enclave to forward network traffic to and from the enclave. TCP-over-TCP is known to be problematic. Instead, we should tunnel over UDP but support in our vsock package is blocked on SOCK_DGRAM support in the kernel (see https://github.com/mdlayher/vsock/issues/2).
SOCK_DGRAM
As of https://github.com/Amnesic-Systems/nitriding/commit/ed7746bdbd709e1d11438bb89c87fc144ed77ded, nitriding uses a single TCP connection between EC2 and enclave to forward network traffic to and from the enclave. TCP-over-TCP is known to be problematic. Instead, we should tunnel over UDP but support in our vsock package is blocked on
SOCK_DGRAMsupport in the kernel (see https://github.com/mdlayher/vsock/issues/2).