- Python 96.3%
- Shell 3%
- C 0.7%
| .gitignore | ||
| crawler.py | ||
| exp.py | ||
| g5kwatt.py | ||
| install-certs-arch.sh | ||
| install-certs-debian.sh | ||
| makecerts.py | ||
| mkcacert.sh | ||
| mkcert.sh | ||
| mkcerts.sh | ||
| plots.py | ||
| powercap.c | ||
| profile.py | ||
| README.md | ||
TLS
WolfSSL
git clone https://github.com/wolfSSL/wolfssl --depth 1
cd wolfssl
sh autogen.sh
./configure --enable-all --enable-all-crypto --disable-shared --prefix=/opt/wolfssl-rs/
make
sudo make install
Reproduce
Record
On the controler machine.
Installation
Build netreplay and copy it in this folder.
Authorize netreplay to bind to ports 80 and 443:
sudo setcap CAP_NET_BIND_SERVICE=+eip netreplay
Open Firefox with a dedicated profile: (create the profile using the GUI if it doesn't exist)
firefox -P tlsbench
In settings, disable DNS security.
In about:config, set network.dns.forceResolve to 127.0.0.1.
Run the shell command:
python exp.py make debug -c
In Firefox, go to security settings, Certificates, import /dev/shm/exp/certs/prime256v1/ca.crt and trust it for identifying websites.
After installation
Stop anything running on ports 80 or 443.
Start the record proxy:
./netreplay records/mynewrecord record
Just browse. Any traffic will be recorded. Terminate netplayer with CTRL+C when finished.
Measure
Copy the tlsbench folder on the target.
Build netreplay with the wanted cryptographic backends on the target (one build per backend), and place each version in tlsbench, named netreplay-aws-lc, netreplay-boring, etc.
Install dependencies on the target:
sudo apt install acct dtach
sudo chmod +s /sbin/sa
Modify experiment parameters at the top of exp.py to suit your setup and the wanted experiments.
Run:
python exp.py make pi3 -c
python exp.py send pi3
python exp.py run pi3 --idle
It may be needed to keep an SSH connection to the target open during the experiment, and to set RemoveIPC=no in /etc/systemd/logind.conf (then systemctl restart systemd-logind).
Profile
Profile code execution on the local machine.
Install sa:
sudo apt install acct dtach python3-invoke python3-fabric
sudo chmod +s /sbin/sa
Install OpenSSL with debug symbols:
# Options from Debian build
# Debian package libssl3t64 -> Developer Information -> buildd reproducibility -> trixie rbuild
# https://tests.reproducible-builds.org/debian/rb-pkg/trixie/amd64/openssl.html
/usr/bin/perl ./Configure --release -g --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/x86_64-linux-gnu shared no-idea no-mdc2 no-rc5 no-ssl3 no-ssl3-method enable-rfc3779 enable-cms no-capieng no-rdrand enable-tfo enable-zstd enable-zlib enable-fips enable-ec_nistp_64_gcc_128
# Or, if OpenSSL 1.1:
/usr/bin/perl ./Configure --release -g --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/x86_64-linux-gnu shared no-idea no-mdc2 no-rc5 no-ssl3 no-ssl3-method enable-rfc3779 enable-cms no-capieng no-rdrand enable-zlib enable-ec_nistp_64_gcc_128 linux-x86_64
To build netreplay with this openssl:
OPENSSL_LIB_DIR=/home/pi/reps/openssl-openssl-3.6.1/ OPENSSL_DIR=/home/pi/reps/openssl-openssl-3.6.1/ cargo build --release
Authorize non-root users to use perf:
sudo sysctl kernel.perf_event_paranoid=-1
Run:
python exp.py make local -c
python exp.py run local
python plots.py prof <path/to/log>
RAPL
gcc -O3 powercap.c -o powercap
sudo chown root powercap
sudo chmod u+s powercap
Grid5000
ssh nancy.g5k
oarsub -q default -l host=2,walltime=2 -p "wattmeter=YES" -I
# Check the name of the other node in https://intranet.grid5000.fr/oar/Lyon/drawgantt-svg/
# Let's call them p1 and p2
ping p2
# Note p2 addr to exp.py
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
pip3 install fabric
python exp.py make g5k -c
python exp.py send g5k
# Notes
scp /lib/x86_64-linux-gnu/libssl.so.3.6 nancy.g5k:~/
scp /lib/x86_64-linux-gnu/libcrypto.so.3.6 nancy.g5k:~/
scp records/wikipedia nancy.g5k:tlsbench/records/
Wattmetre
API timestamp at Paris time.