TNG

What is TNG?

TNG (TEE Network Gateway) is a tool for establishing secure communication tunnels, supporting various inbound and outbound traffic methods. It also provides secure session capabilities based on remote attestation (Remote Attestation). By configuring different ingress (Ingress) and egress (Egress) endpoints, users can flexibly control the encryption and decryption of traffic without modifying existing applications.

Usage

The main part of TNG is the launch subcommand. Here is the usage:

Usage: tng launch [OPTIONS]

Options:
  -c, --config-file <CONFIG_FILE>
      --config-content <CONFIG_CONTENT>
  -h, --help                             Print help

You have to provide a JSON config file, or provide configuration content in JSON directly from the command line arguments, which will be used to configure the TNG instance.

The simplest way to launch a TNG instance is using our pre-built Docker image:

docker run -it --rm --network host ghcr.io/inclavare-containers/tng:latest tng launch --config-content='<your config json string>'

Check the reference document for the configuration.

Build

Build and run with the docker image

It is recommend to build TNG with docker. Here are the steps.

Pull the code
Pull the dependencies

cd tng
git submodule update --init

Build with docker

docker build -t tng:latest --target tng-release -f Dockerfile .

Now we have got the docker image tng:latest.

Run tng

docker run -it --rm --network host tng:latest tng launch --config-content='<your config json string>'

Create a TNG tarball

First you should build tng:latest docker image with the steps above.
Then run the script to package a tarball

./pack-sdk.sh

The tarball will be generated with name tng-<version>.tar.gz

To install the tarball in a new environment

tar -xvf tng-*.tar.gz -C /

To run the tng binary, you also need to install some dependencies. For ubuntu20.04:

apt-get install -y libssl1.1 iptables

Update iptables

You may need to switch to iptanles-nft if you are using a newer kernel on which iptables-legacy may not work.

update-alternatives --set iptables /usr/sbin/iptables-nft

Run tng

/opt/tng-0.1.0/bin/tng launch --config-content='<your config json string>'

To uninstall it, just remove the dir

rm -rf /opt/tng-*

Example

You can get some examples from the integration test cases.

Contribution

We welcome community contributions to make TNG a better tool for confidential computing scenarios! If you have any questions or suggestions, feel free to submit an Issue or Pull Request.

License

Apache-2.0

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
.github/workflows		.github/workflows
deps		deps
docs		docs
src		src
tests		tests
.dockerignore		.dockerignore
.gitignore		.gitignore
.gitmodules		.gitmodules
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
README_zh.md		README_zh.md
build.rs		build.rs
pack-sdk.sh		pack-sdk.sh
rust-toolchain.toml		rust-toolchain.toml
version-base.yml		version-base.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

TNG

What is TNG?

Usage

Build

Build and run with the docker image

Create a TNG tarball

Example

Contribution

License

About

Releases

Packages

Languages

License

inclavare-containers/TNG

Folders and files

Latest commit

History

Repository files navigation

TNG

What is TNG?

Usage

Build

Build and run with the docker image

Create a TNG tarball

Example

Contribution

License

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages