Code Monkey home page Code Monkey logo

osdd's Introduction

Getting started with Data Diodes

This Github is created to share knowledge about data diodes, also known as unidirectional gateways, to a wider audience. The data diode concept of unidirectional traffic is easy to understand but we noticed that when starting with the data diodes in the real world there are some barriers to overcome. This workshop will help you to start with the basic concept of data diodes while keeping the costs to a minimum

First issue is getting your hands on data diode hardware, which we solved in the hardware section.

Second issue is understanding how data is transferred through a data diode because unidirectional network traffic has some issues which can result in packet loss. This is described in Packet loss explained. We think this is one of the main issues you need to understand and overcome before implementing data diodes in production.

Last issue is getting your first successes when experimenting with data diodes in combination with software. It's a best practice to have a working setup before developing more complex implementations. For this we created the workshop based on open source tools to explain you step by step how to:

  1. send a single message,
  2. transfer a large (>1Gb+) batch file (stop using external drives) and
  3. stream audio/video from the internet to an offline machine using the data diode.

By the end of the workshop you should be able to understand how to use data diodes in your own projects or research.

Summary

Workshop working with data diodes

Click here for the workshop

Packet loss (almost) explained

Packet loss explained

Example data-diode hardware setups

Datadiode hardware setups
Note: Try this demonstrator in combination with the workshop before buying or building a real data diode. โ‚ฌ25 euro functional data-diode demonstrator

Various links

Various links to related content

Motivation

Interview on why this project is created

Help needed to improve this project

Linux kernel packet loss - Help needed!

keywords: cross domain solution, unidirectional gateway, l2 firewall, cyber, cybersecurity, ot security

osdd's People

Contributors

julieenn avatar vrolijk avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

gholdzhang serinakragt quyen88 hsninbil j0t4 julieenn tanhosy vgisc-com

osdd's Issues

Linux network buffers example

Just a reminder and link

adjust memory to 1.677MB โ€“ endless memory :-)

net.core.rmem_max=1677721600
net.core.rmem_default=167772160
net.core.wmem_max=1677721600
net.core.wmem_default=167772160
net.core.optmem_max= 2048000

set minimum size, initial size, and maximum size in bytes

net.ipv4.tcp_rmem= 1024000 8738000 1677721600
net.ipv4.tcp_wmem= 1024000 8738000 1677721600
net.ipv4.tcp_mem= 1024000 8738000 1677721600
net.ipv4.udp_mem= 1024000 8738000 1677721600

The server is now allocating about 500MB to network buffer and everything is running very well.

Source: https://www.cyberciti.biz/faq/linux-tcp-tuning/

Linux kernel packet loss - Help needed!

As described in https://github.com/Vrolijk/OSDD/blob/main/packetloss_explained.md Linux does drop UDP packets. There are several ways to optimize UDP traffic like Forward Error Control (FEC) within the application, optimizing the UDP network buffers but even with these optimizations UDP remains unreliable.

During the creation of the workshop we collected some idea's but where not able to add them to the workshop.
Use eXpress Data Path XDP: https://github.com/Vrolijk/OSDD/blob/main/examples/XDP_to_prevent_packet_loss.md
Modify udp.c within the kernel with function when using data diodes: https://github.com/torvalds/linux/blob/master/net/ipv4/udp.c
Create an FEC application: https://github.com/Vrolijk/OSDD/blob/main/netcat-diode.md

If you have more suggestions or know how to implement these suggestions (if they are viable) please leave a comment.

Regards,
Rene

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.