From 29b31197207eced97627ec49515318b090cb6ee7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pascal=20Eng=C3=A9libert?= <tuxmain@zettascript.org>
Date: Thu, 6 Nov 2025 17:28:27 +0100
Subject: [PATCH] Fix freeze and error

---
 README.md |  18 ++-------
 exp.py    | 115 ++++++++++++++++++++++++++++++------------------------
 2 files changed, 67 insertions(+), 66 deletions(-)

diff --git a/README.md b/README.md
index ccc6a86..0644053 100644
--- a/README.md
+++ b/README.md
@@ -211,23 +211,13 @@ for(var i in names) {
 
 Authorize rpxy to bind to ports 80 and 443:
 ```bash
-sudo setcap CAP_NET_BIND_SERVICE=+eip rpxy_rustls_ring
-```
-
-Add CA certificate on ArchLinux:
-```bash
-sudo cp /dev/shm/exp/certs/rsa2048/ca.crt /etc/ca-certificates/trust-source/anchors/ca-rsa2048.crt
-sudo cp /dev/shm/exp/certs/rsa3072/ca.crt /etc/ca-certificates/trust-source/anchors/ca-rsa3072.crt
-sudo cp /dev/shm/exp/certs/rsa4096/ca.crt /etc/ca-certificates/trust-source/anchors/ca-rsa4096.crt
-sudo cp /dev/shm/exp/certs/secp384r1/ca.crt /etc/ca-certificates/trust-source/anchors/ca-secp384r1.crt
-sudo chown root:root /etc/ca-certificates/trust-source/anchors/ca-*.crt
-sudo update-ca-trust extract
+sudo setcap CAP_NET_BIND_SERVICE=+eip netreplay
 ```
 
 ```bash
-python exp.py make
-python exp.py send-setups
-python exp.py send-certs
+python exp.py make -c
+python exp.py send
+python exp.py update-certs # also do this command on p2
 python exp.py run
 ```
 
diff --git a/exp.py b/exp.py
index 7b5cd7a..767dbc1 100644
--- a/exp.py
+++ b/exp.py
@@ -1,7 +1,7 @@
 #!/usr/bin/python3
 import os, sys, subprocess
 
-REPODIR = "/home/tuxmain/Documents/doc/tlsbench"
+REPODIR = "/home/tuxmain/reps/tlsbench"
 P2_SSH = "exp@p2"
 P2_PSW = "exp"
 P2_REPODIR = "/home/exp/exp"
@@ -33,10 +33,10 @@ DOMAINS_ = [
 WATTMETER = True
 
 RECORDS = [
-	{ "filename": "youtube", "repeat": 10 },
+	#{ "filename": "youtube", "repeat": 1 },
 	#{ "filename": "peertube", "repeat": 10 },
 	#{ "filename": "wikipedia", "repeat": 10 },
-	#{ "filename": "apple", "repeat": 10 },
+	{ "filename": "apple", "repeat": 100 },
 	#{ "filename": "google", "repeat": 10 },
 ]
 CERT_SIGN_ALGS = [
@@ -76,56 +76,56 @@ KEXES = [
 # Testing all combinations would be too much. Instead we isolate independent parts.
 EXPERIMENTS = {
 	# Compare ciphers among implementations and TLS versions
-	# "impl-cipher-ver": {
-	# 	"impls": IMPLS,
-	# 	"records": RECORDS,
-	# 	"ciphers": [
-	# 		"AES_128_GCM_SHA256",
-	# 		"AES_256_GCM_SHA384",
-	# 		"CHACHA20_POLY1305_SHA256",
-	# 		"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-	# 		"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-	# 		"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-	# 	],
-	# 	"kexes": ["X25519"],
-	# 	"cert": ["prime256v1"],
-	# },
-	# # Compare signatures among implementations and TLS versions
-	# "impl-cert-ver": {
-	# 	"impls": IMPLS,
-	# 	"records": RECORDS,
-	# 	"ciphers": [
-	# 		"AES_128_GCM_SHA256",
-	# 		"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-	# 	],
-	# 	"kexes": ["X25519"],
-	# 	"cert": [
-	# 		"prime256v1",
-	# 		#"secp384r1",
-	# 		"rsa2048",
-	# 		#"rsa3072", "rsa4096"
-	# 	],
-	# },
-	# # Compare key exchange groups among implementations and TLS versions
-	# "impl-kex-ver": {
-	# 	"impls": IMPLS,
-	# 	"records": RECORDS,
-	# 	"ciphers": [
-	# 		"AES_128_GCM_SHA256",
-	# 		"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-	# 	],
-	# 	"kexes": ["X25519", "SECP256R1", "SECP384R1"],
-	# 	"cert": ["prime256v1"],
-	# },
-	"debug": {
+	"impl-cipher-ver": {
 		"impls": IMPLS,
 		"records": RECORDS,
 		"ciphers": [
+			"AES_128_GCM_SHA256",
+			"AES_256_GCM_SHA384",
+			"CHACHA20_POLY1305_SHA256",
 			"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+			"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+			"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
 		],
-		"kexes": ["SECP384R1"],
+		"kexes": ["X25519"],
 		"cert": ["prime256v1"],
 	},
+	# # Compare signatures among implementations and TLS versions
+	"impl-cert-ver": {
+		"impls": IMPLS,
+		"records": RECORDS,
+		"ciphers": [
+			"AES_128_GCM_SHA256",
+			"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+		],
+		"kexes": ["X25519"],
+		"cert": [
+			"prime256v1",
+			#"secp384r1",
+			"rsa2048",
+			#"rsa3072", "rsa4096"
+		],
+	},
+	# # Compare key exchange groups among implementations and TLS versions
+	"impl-kex-ver": {
+		"impls": IMPLS,
+		"records": RECORDS,
+		"ciphers": [
+			"AES_128_GCM_SHA256",
+			"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+		],
+		"kexes": ["X25519", "SECP256R1", "SECP384R1"],
+		"cert": ["prime256v1"],
+	},
+	#"debug": {
+	#	"impls": IMPLS,
+	#	"records": RECORDS,
+	#	"ciphers": [
+	#		"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+	#	],
+	#	"kexes": ["SECP384R1"],
+	#	"cert": ["prime256v1"],
+	#},
 }
 
 DOMAINS = []
@@ -421,8 +421,10 @@ def run_exp(ssh, expdir, p2_path, exps, only_record=None):
 			except invoke.exceptions.UnexpectedExit as e:
 				pass
 	rpxy_cpu = get_cpu_stat(ssh)
-	logfile = open(expdir+"/log-"+str(int(time.time())), "w")
-	logfile.write("exp impl alg kex cipher setup record t_start t_end cpu bytes_in bytes_out Wh\n")
+	logfile_name = expdir+"/log-"+str(int(time.time()))
+	logfile = open(logfile_name, "w")
+	logfile.write("exp impl alg kex cipher setup record time cpu bytes_in bytes_out Wh\n")
+	logfile.close()
 	for expname in exps:
 		exp = exps[expname]
 		for impl in exp["impls"]:
@@ -436,7 +438,7 @@ def run_exp(ssh, expdir, p2_path, exps, only_record=None):
 							for record in exp["records"]:
 								print(f"EXPERIMENT {expname}: {impl} {alg} {kex} {cipher} {setup}")
 								p2_rpxy_config = SETUPS[setup]["rpxy_config"]
-								vars = {"CIPHERS": cipher, "KEXES": kex}
+								vars = {"CIPHERS": cipher, "KEXES": kex, "RUST_LOG": "debug"}
 								
 								runbg(ssh, f"{p2_path}/rpxy_rustls_{impl} --config {expdir}/configs/{p2_rpxy_config}.toml --log-dir /dev/shm", vars)
 								time.sleep(1)
@@ -487,9 +489,16 @@ def run_exp(ssh, expdir, p2_path, exps, only_record=None):
 								p2_bytes_out_diff = new_p2_bytes_out - p2_bytes_out
 								energy_diff = new_energy - energy
 								rpxy_cpu = new_rpxy_cpu
-								logfile.write(f"{expname} {impl} {alg} {kex} {cipher} {setup} {record_filename} {start} {end} {rpxy_cpu_diff} {p2_bytes_in_diff} {p2_bytes_out_diff} {energy}\n")
-								
-						logfile.flush()
+								time_diff = end - start
+								while True:
+									try:
+										with open(logfile_name, "a") as logfile:
+											logfile.write(f"{expname} {impl} {alg} {kex} {cipher} {setup} {record_filename} {time_diff} {rpxy_cpu_diff} {p2_bytes_in_diff} {p2_bytes_out_diff} {energy_diff}\n")
+											logfile.close()
+											break
+									except Exception as e:
+										print("Can't open log file:", e)
+										time.sleep(1)
 	if WATTMETER:
 		YAPI.FreeAPI()
 
@@ -499,6 +508,7 @@ def update_certs():
 		for alg in CERT_SIGN_ALGS:
 			sh([
 				f"sudo cp {EXPDIR}/certs/{alg}/ca.crt /usr/local/share/ca-certificates/ca-{alg}.crt",
+				f"sudo chmod 644 /usr/local/share/ca-certificates/ca-{alg}.crt",
 				f"sudo chown root:root /usr/local/share/ca-certificates/ca-{alg}.crt"
 			])
 		sh("sudo update-ca-certificates")
@@ -506,6 +516,7 @@ def update_certs():
 		for alg in CERT_SIGN_ALGS:
 			sh([
 				f"sudo cp {EXPDIR}/certs/{alg}/ca.crt /etc/ca-certificates/trust-source/anchors/ca-{alg}.crt",
+				f"sudo chmod 644 /etc/ca-certificates/trust-source/anchors/ca-{alg}.crt",
 				f"sudo chown root:root /etc/ca-certificates/trust-source/anchors/ca-{alg}.crt"
 			])
 		sh("sudo update-ca-trust extract")