tuxmain/tlsbench
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Plot machine name, more values in config

Browse source
This commit is contained in:
Pascal Engélibert 2025-12-05 13:52:46 +01:00
commit ef0715fad2
3 changed files with 185 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

39
README.md
View file

@ -223,10 +223,10 @@ Add p2 the `/etc/hosts`:
192.168.3.14 p2
```
Install sa on p2:
Install things on p2:
```bash
sudo apt install acct
sudo apt install acct dtach
sudo chmod +s /sbin/sa
```
@ -235,7 +235,7 @@ Run:
```bash
python exp.py make pi -c
python exp.py send pi
python exp.py update-certs # also do this command on p2
python exp.py update-certs pi # also do this command on p2
python exp.py run pi --idle
```
@ -248,9 +248,36 @@ Profile code execution on the local machine.
Add the domains the `/etc/hosts`:
```
127.0.0.1 google.com.localhost
127.0.0.1 youtube.com.localhost
127.0.0.1 www.youtube.com.localhost
127.0.0.1 i.ytimg.com.localhost
127.0.0.1 fonts.gstatic.com.localhost
127.0.0.1 www.gstatic.com.localhost
127.0.0.1 www.google.com.localhost
# etc.
127.0.0.1 accounts.google.com.localhost
127.0.0.1 yt3.ggpht.com.localhost
127.0.0.1 rr1---sn-gxo5uxg-jqbl.googlevideo.com.localhost
127.0.0.1 rr2---sn-gxo5uxg-jqbl.googlevideo.com.localhost
127.0.0.1 rr4---sn-q4fl6nds.googlevideo.com.localhost
127.0.0.1 fr.wikipedia.org.localhost
127.0.0.1 upload.wikimedia.org.localhost
127.0.0.1 apple.com.localhost
127.0.0.1 www.apple.com.localhost
192.168.3.1 youtube.com
192.168.3.1 www.youtube.com
192.168.3.1 i.ytimg.com
192.168.3.1 fonts.gstatic.com
192.168.3.1 www.gstatic.com
192.168.3.1 www.google.com
192.168.3.1 accounts.google.com
192.168.3.1 yt3.ggpht.com
192.168.3.1 rr1---sn-gxo5uxg-jqbl.googlevideo.com
192.168.3.1 rr2---sn-gxo5uxg-jqbl.googlevideo.com
192.168.3.1 rr4---sn-q4fl6nds.googlevideo.com
192.168.3.1 fr.wikipedia.org
192.168.3.1 upload.wikimedia.org
192.168.3.1 apple.com
192.168.3.1 www.apple.com
```
Install sa:
@ -284,7 +311,7 @@ Run:
```bash
python exp.py make local -c
python exp.py send local
python exp.py update-certs
python exp.py update-certs local
python exp.py run local
python plots.py prof <path/to/log>
```

125
exp.py
View file

@ -2,6 +2,7 @@
import os, sys, subprocess
CONFIGS = {
# placid -> pi3
"pi": {
"experiments": [
"impl-cipher-ver",
@ -13,6 +14,9 @@ CONFIGS = {
"client",
"server",
],
"repodir": "/home/tuxmain/reps/tlsbench",
"expdir": "/dev/shm/exp",
"log_backup_dir": "/home/tuxmain",
"p2_hostname": "p2",
"p2_addr": "192.168.3.14",
"p2_ssh": "exp@p2",
@ -23,7 +27,9 @@ CONFIGS = {
"p3_suffix": "",
"p3_port_plain": 80,
"p3_port_tls": 443,
"idle": "idle - - - - - - 600.000081539154 0.0 896 4792 0.5399999999999991 -",
},
# placid local
"local": {
"experiments": [
"impl-cipher-ver",
@ -35,6 +41,9 @@ CONFIGS = {
"client-local",
"server-local",
],
"repodir": "/home/tuxmain/reps/tlsbench",
"expdir": "/dev/shm/exp",
"log_backup_dir": "/home/tuxmain",
"p2_hostname": "localhost",
"p2_addr": "127.0.0.1",
"p2_repodir": "/home/tuxmain/reps/tlsbench",
@ -44,13 +53,61 @@ CONFIGS = {
"p3_suffix": ".localhost",
"p3_port_plain": 8080,
"p3_port_tls": 8443,
}
},
# placid -> pifou
"pifou": {
"experiments": [
"impl-cipher-ver",
"impl-cert-ver",
"impl-kex-ver",
],
"setups": [
"none",
"client",
"server",
],
"repodir": "/home/tuxmain/reps/tlsbench",
"expdir": "/dev/shm/exp",
"log_backup_dir": "/home/tuxmain",
"p2_hostname": "192.168.3.3",
"p2_addr": "192.168.3.3",
"p2_ssh": "exp@192.168.3.3",
"p2_psw": "exp",
"p2_repodir": "/home/exp/exp",
"wattmeter": True,
"perf": False,
"p3_suffix": "",
"p3_port_plain": 80,
"p3_port_tls": 443,
"idle": "idle - - - - - - 600.0001013278961 0.0 735 4942 1.7759999999999962 -",
},
# placid local
"pifou-local": {
"experiments": [
"impl-cipher-ver",
"impl-cert-ver",
"impl-kex-ver",
],
"setups": [
"none-local",
"client-local",
"server-local",
],
"repodir": "/home/exp/exp",
"expdir": "/dev/shm/exp",
"log_backup_dir": "/home/exp",
"p2_hostname": "localhost",
"p2_addr": "127.0.0.1",
"p2_repodir": "/home/exp/exp",
"wattmeter": False,
"perf": True,
"perf_dir": "/home/exp/.cache/exp",
"p3_suffix": ".localhost",
"p3_port_plain": 8080,
"p3_port_tls": 8443,
},
}
REPODIR = "/home/tuxmain/reps/tlsbench"
P2_REPODIR = "/home/exp/exp"
EXPDIR = "/dev/shm/exp"
LOG_BACKUP_DIR = "/home/tuxmain"
DOMAINS_ = [
# Apple
"apple.com", "www.apple.com", "graffiti-tags.apple.com", "securemetrics.apple.com",
@ -78,7 +135,7 @@ DOMAINS_ = [
RECORDS = [
#{ "filename": "youtube", "repeat": 100 },
#{ "filename": "peertube", "repeat": 10 },
{ "filename": "wikipedia", "repeat": 100 },
{ "filename": "wikipedia", "repeat": 400 },
#{ "filename": "apple", "repeat": 1000 },
#{ "filename": "google", "repeat": 1000 },
]
@ -115,7 +172,6 @@ KEXES = [
"SECP256R1",
"SECP384R1",
]
IDLE = "idle - - - - - - 600.000081539154 0.0 896 4792 0.5399999999999991"
# Testing all combinations would be too much. Instead we isolate independent parts.
EXPERIMENTS = {
@ -493,11 +549,13 @@ def get_net_stat(ssh):
bytes_out = int(items[8])
return (bytes_in, bytes_out)
def run_exp(expdir, config, only_record=None, idle=False):
def run_exp(config, only_record=None, idle=False):
ssh = None
if "p2_ssh" in config:
ssh = connect_ssh(config)
expdir = config["expdir"]
log_backup_dir = config["log_backup_dir"]
p2_path = config["p2_repodir"]
wattmeter = None
if config["wattmeter"]:
@ -560,17 +618,17 @@ def run_exp(expdir, config, only_record=None, idle=False):
except Exception as e:
print("Can't open log file:", e)
time.sleep(1)
else:
elif "idle" in config:
while True:
try:
with open(logfile_path, "a") as logfile:
logfile.write(IDLE+"\n")
logfile.write(config["idle"]+"\n")
logfile.close()
break
except Exception as e:
print("Can't open log file:", e)
time.sleep(1)
sh(f"cp {logfile_path} {LOG_BACKUP_DIR}/{logfile_name}")
sh(f"cp {logfile_path} {log_backup_dir}/{logfile_name}")
run_id = 0
for expname in config["experiments"]:
@ -610,7 +668,18 @@ def run_exp(expdir, config, only_record=None, idle=False):
energy = wattmeter.get_meter()
start = time.time()
netreplay = run_netreplay(expdir, REPODIR, record, config["p2_addr"], SETUPS[setup]["p2_port"], SETUPS[setup]["listen_port"], SETUPS[setup]["netreplay_tls_mode"], only_record=only_record, ciphers=cipher, kexes=kex)
netreplay = run_netreplay(
config["expdir"],
config["repodir"],
record,
config["p2_addr"],
SETUPS[setup]["p2_port"],
SETUPS[setup]["listen_port"],
SETUPS[setup]["netreplay_tls_mode"],
only_record=only_record,
ciphers=cipher,
kexes=kex
)
# TODO detect when netreplay has finished
try:
@ -664,18 +733,19 @@ def run_exp(expdir, config, only_record=None, idle=False):
except Exception as e:
print("Can't open log file:", e)
time.sleep(1)
sh(f"cp {logfile_path} {LOG_BACKUP_DIR}/{logfile_name}")
sh(f"cp {logfile_path} {log_backup_dir}/{logfile_name}")
first_set = False
if config["wattmeter"]:
YAPI.FreeAPI()
def update_certs():
def update_certs(config):
info = platform.freedesktop_os_release()
dist = info.get("ID_LIKE", info["ID"])
expdir = config["expdir"]
if dist == "debian":
for alg in CERT_SIGN_ALGS:
sh([
f"sudo cp {EXPDIR}/certs/{alg}/ca.crt /usr/local/share/ca-certificates/ca-{alg}.crt",
f"sudo cp {expdir}/certs/{alg}/ca.crt /usr/local/share/ca-certificates/ca-{alg}.crt",
f"sudo chmod 644 /usr/local/share/ca-certificates/ca-{alg}.crt",
f"sudo chown root:root /usr/local/share/ca-certificates/ca-{alg}.crt"
])
@ -683,7 +753,7 @@ def update_certs():
elif dist == "arch":
for alg in CERT_SIGN_ALGS:
sh([
f"sudo cp {EXPDIR}/certs/{alg}/ca.crt /etc/ca-certificates/trust-source/anchors/ca-{alg}.crt",
f"sudo cp {expdir}/certs/{alg}/ca.crt /etc/ca-certificates/trust-source/anchors/ca-{alg}.crt",
f"sudo chmod 644 /etc/ca-certificates/trust-source/anchors/ca-{alg}.crt",
f"sudo chown root:root /etc/ca-certificates/trust-source/anchors/ca-{alg}.crt"
])
@ -712,12 +782,12 @@ def connect_ssh(config):
if __name__ == "__main__":
if len(sys.argv) < 2 or sys.argv[1] in ["h", "help", "?", "-h", "-help", "--help", "/?"]:
print("""Options:
make [-c] Create everything
cert <alg> Select cert signature algorithm
send <config> Send configs and certs to p2
update-certs Update system's certs
run <config> Run experiment
script Print Firefox script to override DNS
make <config> [-c] Create everything
cert <alg> Select cert signature algorithm
send <config> Send configs and certs to p2
update-certs <config> Update system's certs
run <config> Run experiment
script Print Firefox script to override DNS
Make options:
-c Make CA cert (otherwise use already existing one)
@ -744,21 +814,22 @@ Run options:
if opt == "make":
config = CONFIGS[sys.argv[2]]
make_ca = "-c" in sys.argv
make_everything(EXPDIR, DOMAINS, make_ca, config["p3_suffix"], config["p3_port_plain"], config["p3_port_tls"])
make_everything(config["expdir"], DOMAINS, make_ca, config["p3_suffix"], config["p3_port_plain"], config["p3_port_tls"])
elif opt == "cert":
alg = sys.argv[2]
if not alg in CERT_SIGN_ALGS:
print("Error: alg must be in", CERT_SIGN_ALGS)
exit(1)
choose_cert_alg(EXPDIR, alg)
choose_cert_alg(config["expdir"], alg)
elif opt == "send":
config = CONFIGS[sys.argv[2]]
import fabric
ssh = connect_ssh(config)
upload_dir(ssh, EXPDIR, "/dev/shm")
upload_dir(ssh, config["expdir"], "/dev/shm")
elif opt == "update-certs":
import platform
update_certs()
config = CONFIGS[sys.argv[2]]
update_certs(config)
elif opt == "run":
config = CONFIGS[sys.argv[2]]
if "--count" in sys.argv:
@ -779,7 +850,7 @@ Run options:
from yoctopuce.yocto_api import *
from yoctopuce.yocto_power import *
run_exp(EXPDIR, config, only_record=getargv("--record", None), idle="--idle" in sys.argv)
run_exp(config, only_record=getargv("--record", None), idle="--idle" in sys.argv)
elif opt == "script":
print(SCRIPT_FIREFOX_HOSTS)
else:

69
plots.py
View file

@ -60,6 +60,10 @@ CRITERION_TITLE = {
PLOTS_DIR = "/dev/shm/plots"
def gnuplot_histogram(**kwargs):
if "machine" in kwargs and kwargs["machine"] != None:
kwargs["machine"] = ", " + kwargs["machine"]
else:
kwargs["machine"] = ""
cluster = ""
for i in range(kwargs["nb_impls"]-1):
cluster += """, "" using {}:xticlabels(1) title col""".format(i+4)
@ -71,7 +75,7 @@ set boxwidth 0.9 absolute
set style fill solid 1.0 border lt -1
set style histogram clustered gap 1 title textcolor lt -1
set style data histograms
set title font "CMU Sans Serif,12" "{object_title} by {criterion_title} ({record}, {side} side) ({unit})"
set title font "CMU Sans Serif,12" "{object_title} by {criterion_title} ({record}, {side}{machine}) ({unit})"
#set xtics border in scale 0,0 nomirror rotate by -45 autojustify
set xtics border in scale 0,0 nomirror autojustify
#set key fixed right top vertical Right noreverse noenhanced autotitle nobox
@ -88,6 +92,10 @@ plot \
os.system("gnuplot {plots_dir}/{object}_by_{criterion}_{side}_{record}.gnuplot".format(plots_dir=PLOTS_DIR, **kwargs))
def gnuplot_stacked_histogram(**kwargs):
if "machine" in kwargs and kwargs["machine"] != None:
kwargs["machine"] = ", " + kwargs["machine"]
else:
kwargs["machine"] = ""
cluster = ""
#for i in range(kwargs["nb_impls"]-1):
# cluster += """, "" using {}:xticlabels(1) title col""".format(i+4)
@ -99,7 +107,7 @@ set boxwidth 0.9 absolute
set style fill solid 1.0 border lt -1
set style histogram rowstacked
set style data histograms
set title font "CMU Sans Serif,12" "{object_title} by {criterion_title} ({record}, {side} side) ({unit})"
set title font "CMU Sans Serif,12" "{object_title} by {criterion_title} ({record}, {side}{machine}) ({unit})"
set xtics border in scale 0,0 nomirror noenhanced rotate by -15 autojustify
set key fixed left top vertical Left noenhanced autotitle nobox invert reverse opaque
set colorbox vertical origin screen 0.9, 0.2 size screen 0.05, 0.6 front noinvert bdefault
@ -111,7 +119,7 @@ plot for [i=2:{nb_functions}] "{plots_dir}/{object}_by_{criterion}_{side}_{recor
f.close()
os.system("gnuplot {plots_dir}/{object}_by_{criterion}_{side}_{record}.gnuplot".format(plots_dir=PLOTS_DIR, **kwargs))
def make_log_plot(logs, exp, criterion, side, obj, record):
def make_log_plot(logs, exp, criterion, side, obj, record, machine=None):
f = open(f"/dev/shm/plots/{obj}_by_{criterion}_{side}_{record}.dat", "w")
ciphers = {}
impls = []
@ -140,6 +148,9 @@ def make_log_plot(logs, exp, criterion, side, obj, record):
f.write("{} none {}\n".format(criterion, " ".join(impls)))
f.write(plain_line+" -"*len(impls)+"\n")
for cipher in ciphers:
for impl in impls:
if impl not in ciphers[cipher]:
ciphers[cipher][impl] = 0
f.write("{}({}) - {}\n".format(
ALG_LABEL[cipher],
VER_LABEL[log["cipher"]],
@ -149,9 +160,19 @@ def make_log_plot(logs, exp, criterion, side, obj, record):
]),
))
f.close()
gnuplot_histogram(object=obj, criterion=criterion, side=side, object_title=OBJ_TITLE[obj], criterion_title=CRITERION_TITLE[criterion], unit=UNIT[obj], nb_impls=len(impls), record=record)
gnuplot_histogram(
object=obj,
criterion=criterion,
side=side,
object_title=OBJ_TITLE[obj],
criterion_title=CRITERION_TITLE[criterion],
unit=UNIT[obj],
nb_impls=len(impls),
record=record,
machine=machine
)
def make_profile_plot(logs, exp, criterion, side, record, no_flamegraph=False):
def make_profile_plot(logs, exp, criterion, side, record, no_flamegraph=False, machine=None):
f = open(f"/dev/shm/plots/profile_by_{criterion}_{side}_{record}.dat", "w")
runs = []
functions = []
@ -183,7 +204,23 @@ def make_profile_plot(logs, exp, criterion, side, record, no_flamegraph=False):
]),
))
f.close()
gnuplot_stacked_histogram(object="profile", criterion=criterion, side=side, object_title=OBJ_TITLE["profile"], criterion_title=CRITERION_TITLE[criterion], unit=UNIT["profile"], record=record, nb_functions=len(functions)+1)
gnuplot_stacked_histogram(
object="profile",
criterion=criterion,
side=side,
object_title=OBJ_TITLE["profile"],
criterion_title=CRITERION_TITLE[criterion],
unit=UNIT["profile"],
record=record,
nb_functions=len(functions)+1,
machine=machine
)
def getargv(arg:str, default="", n:int=1, args:list=sys.argv):
if arg in args and len(args) > args.index(arg)+n:
return args[args.index(arg)+n]
else:
return default
if __name__ == "__main__":
cmd = sys.argv[1]
@ -209,18 +246,20 @@ if __name__ == "__main__":
no_flamegraph = "-f" in sys.argv
machine = getargv("-m", None)
if cmd == "log":
for side in ["client", "server"]:
for record in records:
make_log_plot(logs, "impl-cipher-ver", "cipher", side, "cpu", record)
make_log_plot(logs, "impl-cipher-ver", "cipher", side, "energy", record)
make_log_plot(logs, "impl-cert-ver", "cert", side, "cpu", record)
make_log_plot(logs, "impl-cert-ver", "cert", side, "energy", record)
make_log_plot(logs, "impl-kex-ver", "kex", side, "cpu", record)
make_log_plot(logs, "impl-kex-ver", "kex", side, "energy", record)
make_log_plot(logs, "impl-cipher-ver", "cipher", side, "cpu", record, machine=machine)
make_log_plot(logs, "impl-cipher-ver", "cipher", side, "energy", record, machine=machine)
make_log_plot(logs, "impl-cert-ver", "cert", side, "cpu", record, machine=machine)
make_log_plot(logs, "impl-cert-ver", "cert", side, "energy", record, machine=machine)
make_log_plot(logs, "impl-kex-ver", "kex", side, "cpu", record, machine=machine)
make_log_plot(logs, "impl-kex-ver", "kex", side, "energy", record, machine=machine)
elif cmd == "prof":
for side in ["client-local", "server-local"]:
for record in records:
make_profile_plot(logs, "impl-cipher-ver", "cipher", side, record, no_flamegraph=no_flamegraph)
make_profile_plot(logs, "impl-cert-ver", "cert", side, record, no_flamegraph=no_flamegraph)
make_profile_plot(logs, "impl-kex-ver", "kex", side, record, no_flamegraph=no_flamegraph)
make_profile_plot(logs, "impl-cipher-ver", "cipher", side, record, no_flamegraph=no_flamegraph, machine=machine)
make_profile_plot(logs, "impl-cert-ver", "cert", side, record, no_flamegraph=no_flamegraph, machine=machine)
make_profile_plot(logs, "impl-kex-ver", "kex", side, record, no_flamegraph=no_flamegraph, machine=machine)