From c311c4626b637c78ee5f0d1116d09de42dec5db8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pascal=20Eng=C3=A9libert?= Date: Wed, 25 Mar 2026 09:49:10 +0100 Subject: [PATCH] Fix kill, makecerts, summary --- exp.py | 42 +++++++++++++++++++++--------------------- makecerts.py | 21 ++++++++++++++++++--- plots.py | 36 +++++++++++++++++++++++++----------- 3 files changed, 64 insertions(+), 35 deletions(-) diff --git a/exp.py b/exp.py index 6661712..b9f588d 100644 --- a/exp.py +++ b/exp.py @@ -87,7 +87,9 @@ CONFIGS = { True, ], "records": [ - { "filename": "wikipedia", "repeat": 10000, "time": 90 }, + #{ "filename": "wikipedia", "repeat": 10000, "time": 90 }, + { "filename": "yt2-ads", "repeat": 10000, "time": 600 }, + { "filename": "yt2-ublock", "repeat": 10000, "time": 600 }, ], "repo_dir": "/home/tuxmain/reps/tlsbench", "exp_dir": "/dev/shm/exp", @@ -263,6 +265,8 @@ CONFIGS = { # Can't repeat more than 8000 times here # TODO check if netreplay client frees ports correctly, or try to reuse ports { "filename": "wikipedia", "repeat": 8000, "time": 45 }, + { "filename": "yt2-ads", "repeat": 8000, "time": 180 }, + { "filename": "yt2-ublock", "repeat": 8000, "time": 180 }, ], "repo_dir": "/home/pengelib/tlsbench", "exp_dir": "/dev/shm/exp", @@ -339,12 +343,12 @@ CERT_SIGN_ALGS = [ "rsa2048", "rsa3072", "rsa4096", # widely used ] IMPLS = [ - #"aws-lc", # Amazon's crypto widely used in Rust stuff - #"boring", # Google's fork of OpenSSL used in Chrome and Android + "aws-lc", # Amazon's crypto widely used in Rust stuff + "boring", # Google's fork of OpenSSL used in Chrome and Android #"graviola", # New crypto in Rust "openssl", # widely used #"openssl-static", - #"ring", # used in most Rust stuff + "ring", # used in most Rust stuff #"symcrypt", # Microsoft's crypto #"wolfcrypt" # used in embedded (won't build with rpxy for now) ] @@ -398,9 +402,9 @@ EXPERIMENTS = { "kexes": ["X25519"], "cert": [ "prime256v1", - "secp384r1", + #"secp384r1", "rsa2048", - "rsa3072", + #"rsa3072", "rsa4096", ], "earlydata": ["0"], @@ -415,7 +419,7 @@ EXPERIMENTS = { "kexes": [ "X25519", "SECP256R1", - "SECP384R1", + #"SECP384R1", "X25519MLKEM768", "SECP256R1MLKEM768", "MLKEM768", @@ -452,11 +456,11 @@ EXPERIMENTS = { "AES_256_GCM_SHA384", #"CHACHA20_POLY1305_SHA256", #"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256", - #"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384", #"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", ], "kexes": [ - #"X25519", + "X25519", #"SECP256R1", #"SECP384R1", "X25519MLKEM768", @@ -466,9 +470,10 @@ EXPERIMENTS = { "cert": [ #"prime256v1", #"secp384r1", - "rsa2048", + #"rsa2048", #"rsa3072", #"rsa4096", + "realistic", ], "earlydata": ["0"], }, @@ -951,17 +956,12 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False): new_energy_rapl = get_rapl_energy(ssh, remote_path) new_remote_bytes_in, new_remote_bytes_out = get_net_stat(ssh) - # Kill server - if side == "client": - try: - ssh_run(None, "killall netreplay") - except invoke.exceptions.UnexpectedExit as e: - pass - else: - try: - ssh_run(ssh, "killall netreplay-"+impl) - except invoke.exceptions.UnexpectedExit as e: - pass + # Kill netreplay + sh("killall netreplay") + try: + ssh_run(ssh, "killall netreplay-"+impl) + except invoke.exceptions.UnexpectedExit as e: + pass # Measure CPU after (as it may update only after the process is killed) new_cpu = 0 diff --git a/makecerts.py b/makecerts.py index a2002bd..894a586 100644 --- a/makecerts.py +++ b/makecerts.py @@ -1,16 +1,29 @@ # Get certificates from domains and make a similar chain. import os +import shutil import OpenSSL import ssl #import asn1 CERTS_DIR = "/dev/shm/exp/certs/" -ALGS = ["prime256v1", "secp384r1", "rsa2048", "rsa3072", "rsa4096"] +ALGS = [ + "prime256v1", + "secp384r1", + "rsa2048", + "rsa3072", + "rsa4096" +] DOMAINS = [ - #"txmn.tk", #"wikipedia.org", - "youtube.com" + "youtube.com", + "rr2---sn-gxo5uxg-jqbl.googlevideo.com",# main domain googlevideo.com returns certificate for google.com only + "googleusercontent.com", + "gstatic.com", + "googlesyndication.com", + "googleapis.com", + "i.ytimg.com", + "ad.doubleclick.net", ] def sh(cmds): @@ -169,6 +182,8 @@ def fetch_cas(): if __name__ == "__main__": os.makedirs(f"{CERTS_DIR}realistic", exist_ok=True) + for alg in ALGS: + shutil.copy2(f"{CERTS_DIR}{alg}/ca.crt", f"{CERTS_DIR}realistic/ca-{alg}.crt") cas = fetch_cas() for domain in DOMAINS: cert = get_server_cert(domain) diff --git a/plots.py b/plots.py index 2a1e416..80654fd 100644 --- a/plots.py +++ b/plots.py @@ -490,18 +490,24 @@ def tabulate(lines): if len(line[col]) > widths[col]: widths[col] = len(line[col]) table = "" + ruler = False for line in lines: for col in range(len(line)): if col > 0: table += " " table += line[col] - table += " " * (widths[col] - len(line[col])) + rem = widths[col] - len(line[col]) + if ruler: + table += " " * (rem % 4) + " ยท " * (rem // 4) + else: + table += " " * rem table += "\n" + ruler = not ruler return table def make_summary(logs): - plain_result_key = lambda log: (log["exp"], log["side"]) - result_key = lambda log: (log["exp"], log["side"], log["impl"], log["alg"], log["kex"], log["cipher"], log["ed"]) + plain_result_key = lambda log: (log["exp"], log["side"], log["record"]) + result_key = lambda log: (log["exp"], log["side"], log["record"], log["impl"], log["alg"], log["kex"], log["cipher"], log["ed"]) plain_results = {} results = {} @@ -512,30 +518,38 @@ def make_summary(logs): idle_val = { "cpu": float(log["cpu"]) / float(log["time"]), "energy": float(log["Wh"]) / float(log["time"]) * 3600, + "in": float(log["bytes_in"]) / float(log["time"]), + "out": float(log["bytes_out"]) / float(log["time"]), } if log["tls"] == "0": n = float(log.get("n", "1000")) plain_results[plain_result_key(log)] = { "cpu": (float(log["cpu"]) - idle_val["cpu"] * float(log["time"])) / n, - "energy": (float(log["Wh"]) * 3600 - idle_val["energy"] * float(log["time"])) / n + "energy": (float(log["Wh"]) * 3600 - idle_val["energy"] * float(log["time"])) / n, + "in": (float(log["bytes_in"]) - idle_val["in"] * float(log["time"])) / n, + "out": (float(log["bytes_out"]) - idle_val["out"] * float(log["time"])) / n, } if log["exp"] != "idle" and log["tls"] == "1": n = float(log.get("n", "1000")) results[result_key(log)] = { "cpu": (float(log["cpu"]) - idle_val["cpu"] * float(log["time"])) / n, - "energy": (float(log["Wh"]) * 3600 - idle_val["energy"] * float(log["time"])) / n + "energy": (float(log["Wh"]) * 3600 - idle_val["energy"] * float(log["time"])) / n, + "in": (float(log["bytes_in"]) - idle_val["in"] * float(log["time"])) / n, + "out": (float(log["bytes_out"]) - idle_val["out"] * float(log["time"])) / n, } - lines = [["key", "idle (W)", "no_tls (Ws/S)", "tls (Ws/S)", "tls_only (1)"]] + lines = [["key", "idle (W)", "no_tls (Ws/S)", "tls (Ws/S)", "tls_only (Ws/S)", "tls_in (1)", "tls_out (1)"]] for k in results: - no_tls = plain_results[k[:2]]["energy"] - tls = results[k]["energy"] + r = results[k] + p = plain_results[k[:3]] lines.append([ "/".join([str(i) for i in k]), str(idle_val["energy"]), - str(no_tls), - str(tls), - str((tls - no_tls) / tls), + str(p["energy"]), + str(r["energy"]), + str(r["energy"] - p["energy"]), + str((r["in"] - p["in"]) / r["in"]), + str((r["out"] - p["out"]) / r["out"]), ]) print(tabulate(lines))