anjuna-nitro-userspace-netd-parent

Configure and start a network bridge between the AWS EC2 host and the enclave.

SYNOPSIS

anjuna-nitro-userspace-netd-parent [OPTION...]

DESCRIPTION

anjuna-nitro-userspace-netd-parent enables Nitro enclaves to send and receive network traffic:

  • Outbound connections initiated from within the enclave.

  • Inbound connections to the enclave’s exposed ports.

This agent includes two parts; one running on the parent instance (anjuna-nitro-userspace-netd-parent), and the other inside the enclave (which is started automatically by the Anjuna Nitro Runtime when the Nitro Enclave starts).

The two agents communicate over the vsock interface, which is the only channel of communication that an enclave can use to interact with external services.

When connecting from inside the Parent VM to the enclave, you can connect to the enclave port via the localhost address (127.0.0.1). The listening ports inside the enclave will be exported (exposed) to both the localhost on the parent VM and to the externally facing IP on eth0 of the parent VM via the external port specified.

For the enclave to work properly, it is important to run anjuna-nitro-userspace-netd-parent before starting the enclave, even if no port needs to be exposed to enable networking capabilities in the Nitro enclaves. When there are ports to expose, you must use the --expose parameter.

OPTIONS

Usage: anjuna-nitro-userspace-netd-parent [OPTION...]

Options:
  --help        Prints help information
  --usage       --expose [<port number>] | [<parent port number>:<enclave port number>] [--expose <port> | <port>:<port> ...]

With the --expose option you can define one of the following:

  • < port number > - expose the enclave port with the specified number to the outside world via the same port number in the Parent VM.

  • < parent port number >:< enclave port number > - expose the specified enclave port number to the outside world via the specified parent port number.

You can pass the --expose flag multiple times to specify multiple ports to expose.

EXIT STATUS

  • 0 on success

  • > 0 on error

EXAMPLE

$ anjuna-nitro-userspace-netd-parent --expose 80
Expose enclave port 80 via port 80 in the parent

$ anjuna-nitro-userspace-netd-parent --expose 8080:80
Expose enclave port 80 in the enclave via port 8080 in the parent