Fix kill, makecerts, summary

2026-03-25 09:49:10 +01:00 · 2026-03-25 09:49:10 +01:00 · c311c4626b
commit c311c4626b
parent b8ad9c1c03
3 changed files with 64 additions and 35 deletions
--- a/exp.py
+++ b/exp.py
@ -87,7 +87,9 @@ CONFIGS = {
 			True,
 		],
 		"records": [
-			{ "filename": "wikipedia", "repeat": 10000, "time": 90 },
+			#{ "filename": "wikipedia", "repeat": 10000, "time": 90 },
 			{ "filename": "yt2-ads", "repeat": 10000, "time": 600 },
 			{ "filename": "yt2-ublock", "repeat": 10000, "time": 600 },
 		],
 		"repo_dir": "/home/tuxmain/reps/tlsbench",
 		"exp_dir": "/dev/shm/exp",
@ -263,6 +265,8 @@ CONFIGS = {
 			# Can't repeat more than 8000 times here
 			# TODO check if netreplay client frees ports correctly, or try to reuse ports
 			{ "filename": "wikipedia", "repeat": 8000, "time": 45 },
 			{ "filename": "yt2-ads", "repeat": 8000, "time": 180 },
 			{ "filename": "yt2-ublock", "repeat": 8000, "time": 180 },
 		],
 		"repo_dir": "/home/pengelib/tlsbench",
 		"exp_dir": "/dev/shm/exp",
@ -339,12 +343,12 @@ CERT_SIGN_ALGS = [
 	"rsa2048", "rsa3072", "rsa4096", # widely used
 ]
 IMPLS = [
-	#"aws-lc", # Amazon's crypto widely used in Rust stuff
+	"aws-lc", # Amazon's crypto widely used in Rust stuff
-	#"boring", # Google's fork of OpenSSL used in Chrome and Android
+	"boring", # Google's fork of OpenSSL used in Chrome and Android
 	#"graviola", # New crypto in Rust
 	"openssl", # widely used
 	#"openssl-static",
-	#"ring", # used in most Rust stuff
+	"ring", # used in most Rust stuff
 	#"symcrypt", # Microsoft's crypto
 	#"wolfcrypt" # used in embedded (won't build with rpxy for now)
 ]
@ -398,9 +402,9 @@ EXPERIMENTS = {
 		"kexes": ["X25519"],
 		"cert": [
 			"prime256v1",
-			"secp384r1",
+			#"secp384r1",
 			"rsa2048",
-			"rsa3072",
+			#"rsa3072",
 			"rsa4096",
 		],
 		"earlydata": ["0"],
@ -415,7 +419,7 @@ EXPERIMENTS = {
 		"kexes": [
 			"X25519",
 			"SECP256R1",
-			"SECP384R1",
+			#"SECP384R1",
 			"X25519MLKEM768",
 			"SECP256R1MLKEM768",
 			"MLKEM768",
@ -452,11 +456,11 @@ EXPERIMENTS = {
 			"AES_256_GCM_SHA384",
 			#"CHACHA20_POLY1305_SHA256",
 			#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-			#"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+			"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
 			#"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
 		],
 		"kexes": [
-			#"X25519",
+			"X25519",
 			#"SECP256R1",
 			#"SECP384R1",
 			"X25519MLKEM768",
@ -466,9 +470,10 @@ EXPERIMENTS = {
 		"cert": [
 			#"prime256v1",
 			#"secp384r1",
-			"rsa2048",
+			#"rsa2048",
 			#"rsa3072",
 			#"rsa4096",
 			"realistic",
 		],
 		"earlydata": ["0"],
 	},
@ -951,17 +956,12 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
 											new_energy_rapl = get_rapl_energy(ssh, remote_path)
 										new_remote_bytes_in, new_remote_bytes_out = get_net_stat(ssh)
-										# Kill server
+										# Kill netreplay
-										if side == "client":
+										sh("killall netreplay")
-											try:
+										try:
-												ssh_run(None, "killall netreplay")
+											ssh_run(ssh, "killall netreplay-"+impl)
-											except invoke.exceptions.UnexpectedExit as e:
+										except invoke.exceptions.UnexpectedExit as e:
-												pass
+											pass
 										else:
 											try:
 												ssh_run(ssh, "killall netreplay-"+impl)
 											except invoke.exceptions.UnexpectedExit as e:
 												pass
 										# Measure CPU after (as it may update only after the process is killed)
 										new_cpu = 0
--- a/makecerts.py
+++ b/makecerts.py
@ -1,16 +1,29 @@
 # Get certificates from domains and make a similar chain.
 import os
 import shutil
 import OpenSSL
 import ssl
 #import asn1
 CERTS_DIR = "/dev/shm/exp/certs/"
-ALGS = ["prime256v1", "secp384r1", "rsa2048", "rsa3072", "rsa4096"]
+ALGS = [
 	"prime256v1",
 	"secp384r1",
 	"rsa2048",
 	"rsa3072",
 	"rsa4096"
 ]
 DOMAINS = [
 	#"txmn.tk",
 	#"wikipedia.org",
-	"youtube.com"
+	"youtube.com",
 	"rr2---sn-gxo5uxg-jqbl.googlevideo.com",# main domain googlevideo.com returns certificate for google.com only
 	"googleusercontent.com",
 	"gstatic.com",
 	"googlesyndication.com",
 	"googleapis.com",
 	"i.ytimg.com",
 	"ad.doubleclick.net",
 ]
 def sh(cmds):
@ -169,6 +182,8 @@ def fetch_cas():
 if __name__ == "__main__":
 	os.makedirs(f"{CERTS_DIR}realistic", exist_ok=True)
 	for alg in ALGS:
 		shutil.copy2(f"{CERTS_DIR}{alg}/ca.crt", f"{CERTS_DIR}realistic/ca-{alg}.crt")
 	cas = fetch_cas()
 	for domain in DOMAINS:
 		cert = get_server_cert(domain)
--- a/plots.py
+++ b/plots.py
@ -490,18 +490,24 @@ def tabulate(lines):
 			if len(line[col]) > widths[col]:
 				widths[col] = len(line[col])
 	table = ""
 	ruler = False
 	for line in lines:
 		for col in range(len(line)):
 			if col > 0:
 				table += " "
 			table += line[col]
-			table += " " * (widths[col] - len(line[col]))
+			rem = widths[col] - len(line[col])
 			if ruler:
 				table += " " * (rem % 4) + "  · " * (rem // 4)
 			else:
 				table += " " * rem
 		table += "\n"
 		ruler = not ruler
 	return table
 def make_summary(logs):
-	plain_result_key = lambda log: (log["exp"], log["side"])
+	plain_result_key = lambda log: (log["exp"], log["side"], log["record"])
-	result_key = lambda log: (log["exp"], log["side"], log["impl"], log["alg"], log["kex"], log["cipher"], log["ed"])
+	result_key = lambda log: (log["exp"], log["side"], log["record"], log["impl"], log["alg"], log["kex"], log["cipher"], log["ed"])
 	plain_results = {}
 	results = {}
@ -512,30 +518,38 @@ def make_summary(logs):
 			idle_val = {
 				"cpu": float(log["cpu"]) / float(log["time"]),
 				"energy": float(log["Wh"]) / float(log["time"]) * 3600,
 				"in": float(log["bytes_in"]) / float(log["time"]),
 				"out": float(log["bytes_out"]) / float(log["time"]),
 			}
 		if log["tls"] == "0":
 			n = float(log.get("n", "1000"))
 			plain_results[plain_result_key(log)] = {
 				"cpu": (float(log["cpu"]) - idle_val["cpu"] * float(log["time"])) / n,
-				"energy": (float(log["Wh"]) * 3600 - idle_val["energy"] * float(log["time"])) / n
+				"energy": (float(log["Wh"]) * 3600 - idle_val["energy"] * float(log["time"])) / n,
 				"in": (float(log["bytes_in"]) - idle_val["in"] * float(log["time"])) / n,
 				"out": (float(log["bytes_out"]) - idle_val["out"] * float(log["time"])) / n,
 			}
 		if log["exp"] != "idle" and log["tls"] == "1":
 			n = float(log.get("n", "1000"))
 			results[result_key(log)] = {
 				"cpu": (float(log["cpu"]) - idle_val["cpu"] * float(log["time"])) / n,
-				"energy": (float(log["Wh"]) * 3600 - idle_val["energy"] * float(log["time"])) / n
+				"energy": (float(log["Wh"]) * 3600 - idle_val["energy"] * float(log["time"])) / n,
 				"in": (float(log["bytes_in"]) - idle_val["in"] * float(log["time"])) / n,
 				"out": (float(log["bytes_out"]) - idle_val["out"] * float(log["time"])) / n,
 			}
-	lines = [["key", "idle (W)", "no_tls (Ws/S)", "tls (Ws/S)", "tls_only (1)"]]
+	lines = [["key", "idle (W)", "no_tls (Ws/S)", "tls (Ws/S)", "tls_only (Ws/S)", "tls_in (1)", "tls_out (1)"]]
 	for k in results:
-		no_tls = plain_results[k[:2]]["energy"]
+		r = results[k]
-		tls = results[k]["energy"]
+		p = plain_results[k[:3]]
 		lines.append([
 			"/".join([str(i) for i in k]),
 			str(idle_val["energy"]),
-			str(no_tls),
+			str(p["energy"]),
-			str(tls),
+			str(r["energy"]),
-			str((tls - no_tls) / tls),
+			str(r["energy"] - p["energy"]),
 			str((r["in"] - p["in"]) / r["in"]),
 			str((r["out"] - p["out"]) / r["out"]),
 		])
 	print(tabulate(lines))