tuxmain/tlsbench
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Plot machine name, more values in config

Browse source
This commit is contained in:
Pascal Engélibert 2025-12-05 13:52:46 +01:00
commit ef0715fad2
3 changed files with 185 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

125
exp.py
View file

@ -2,6 +2,7 @@
import os, sys, subprocess
CONFIGS = {
# placid -> pi3
"pi": {
"experiments": [
"impl-cipher-ver",
@ -13,6 +14,9 @@ CONFIGS = {
"client",
"server",
],
"repodir": "/home/tuxmain/reps/tlsbench",
"expdir": "/dev/shm/exp",
"log_backup_dir": "/home/tuxmain",
"p2_hostname": "p2",
"p2_addr": "192.168.3.14",
"p2_ssh": "exp@p2",
@ -23,7 +27,9 @@ CONFIGS = {
"p3_suffix": "",
"p3_port_plain": 80,
"p3_port_tls": 443,
"idle": "idle - - - - - - 600.000081539154 0.0 896 4792 0.5399999999999991 -",
},
# placid local
"local": {
"experiments": [
"impl-cipher-ver",
@ -35,6 +41,9 @@ CONFIGS = {
"client-local",
"server-local",
],
"repodir": "/home/tuxmain/reps/tlsbench",
"expdir": "/dev/shm/exp",
"log_backup_dir": "/home/tuxmain",
"p2_hostname": "localhost",
"p2_addr": "127.0.0.1",
"p2_repodir": "/home/tuxmain/reps/tlsbench",
@ -44,13 +53,61 @@ CONFIGS = {
"p3_suffix": ".localhost",
"p3_port_plain": 8080,
"p3_port_tls": 8443,
}
},
# placid -> pifou
"pifou": {
"experiments": [
"impl-cipher-ver",
"impl-cert-ver",
"impl-kex-ver",
],
"setups": [
"none",
"client",
"server",
],
"repodir": "/home/tuxmain/reps/tlsbench",
"expdir": "/dev/shm/exp",
"log_backup_dir": "/home/tuxmain",
"p2_hostname": "192.168.3.3",
"p2_addr": "192.168.3.3",
"p2_ssh": "exp@192.168.3.3",
"p2_psw": "exp",
"p2_repodir": "/home/exp/exp",
"wattmeter": True,
"perf": False,
"p3_suffix": "",
"p3_port_plain": 80,
"p3_port_tls": 443,
"idle": "idle - - - - - - 600.0001013278961 0.0 735 4942 1.7759999999999962 -",
},
# placid local
"pifou-local": {
"experiments": [
"impl-cipher-ver",
"impl-cert-ver",
"impl-kex-ver",
],
"setups": [
"none-local",
"client-local",
"server-local",
],
"repodir": "/home/exp/exp",
"expdir": "/dev/shm/exp",
"log_backup_dir": "/home/exp",
"p2_hostname": "localhost",
"p2_addr": "127.0.0.1",
"p2_repodir": "/home/exp/exp",
"wattmeter": False,
"perf": True,
"perf_dir": "/home/exp/.cache/exp",
"p3_suffix": ".localhost",
"p3_port_plain": 8080,
"p3_port_tls": 8443,
},
}
REPODIR = "/home/tuxmain/reps/tlsbench"
P2_REPODIR = "/home/exp/exp"
EXPDIR = "/dev/shm/exp"
LOG_BACKUP_DIR = "/home/tuxmain"
DOMAINS_ = [
# Apple
"apple.com", "www.apple.com", "graffiti-tags.apple.com", "securemetrics.apple.com",
@ -78,7 +135,7 @@ DOMAINS_ = [
RECORDS = [
#{ "filename": "youtube", "repeat": 100 },
#{ "filename": "peertube", "repeat": 10 },
{ "filename": "wikipedia", "repeat": 100 },
{ "filename": "wikipedia", "repeat": 400 },
#{ "filename": "apple", "repeat": 1000 },
#{ "filename": "google", "repeat": 1000 },
]
@ -115,7 +172,6 @@ KEXES = [
"SECP256R1",
"SECP384R1",
]
IDLE = "idle - - - - - - 600.000081539154 0.0 896 4792 0.5399999999999991"
# Testing all combinations would be too much. Instead we isolate independent parts.
EXPERIMENTS = {
@ -493,11 +549,13 @@ def get_net_stat(ssh):
bytes_out = int(items[8])
return (bytes_in, bytes_out)
def run_exp(expdir, config, only_record=None, idle=False):
def run_exp(config, only_record=None, idle=False):
ssh = None
if "p2_ssh" in config:
ssh = connect_ssh(config)
expdir = config["expdir"]
log_backup_dir = config["log_backup_dir"]
p2_path = config["p2_repodir"]
wattmeter = None
if config["wattmeter"]:
@ -560,17 +618,17 @@ def run_exp(expdir, config, only_record=None, idle=False):
except Exception as e:
print("Can't open log file:", e)
time.sleep(1)
else:
elif "idle" in config:
while True:
try:
with open(logfile_path, "a") as logfile:
logfile.write(IDLE+"\n")
logfile.write(config["idle"]+"\n")
logfile.close()
break
except Exception as e:
print("Can't open log file:", e)
time.sleep(1)
sh(f"cp {logfile_path} {LOG_BACKUP_DIR}/{logfile_name}")
sh(f"cp {logfile_path} {log_backup_dir}/{logfile_name}")
run_id = 0
for expname in config["experiments"]:
@ -610,7 +668,18 @@ def run_exp(expdir, config, only_record=None, idle=False):
energy = wattmeter.get_meter()
start = time.time()
netreplay = run_netreplay(expdir, REPODIR, record, config["p2_addr"], SETUPS[setup]["p2_port"], SETUPS[setup]["listen_port"], SETUPS[setup]["netreplay_tls_mode"], only_record=only_record, ciphers=cipher, kexes=kex)
netreplay = run_netreplay(
config["expdir"],
config["repodir"],
record,
config["p2_addr"],
SETUPS[setup]["p2_port"],
SETUPS[setup]["listen_port"],
SETUPS[setup]["netreplay_tls_mode"],
only_record=only_record,
ciphers=cipher,
kexes=kex
)
# TODO detect when netreplay has finished
try:
@ -664,18 +733,19 @@ def run_exp(expdir, config, only_record=None, idle=False):
except Exception as e:
print("Can't open log file:", e)
time.sleep(1)
sh(f"cp {logfile_path} {LOG_BACKUP_DIR}/{logfile_name}")
sh(f"cp {logfile_path} {log_backup_dir}/{logfile_name}")
first_set = False
if config["wattmeter"]:
YAPI.FreeAPI()
def update_certs():
def update_certs(config):
info = platform.freedesktop_os_release()
dist = info.get("ID_LIKE", info["ID"])
expdir = config["expdir"]
if dist == "debian":
for alg in CERT_SIGN_ALGS:
sh([
f"sudo cp {EXPDIR}/certs/{alg}/ca.crt /usr/local/share/ca-certificates/ca-{alg}.crt",
f"sudo cp {expdir}/certs/{alg}/ca.crt /usr/local/share/ca-certificates/ca-{alg}.crt",
f"sudo chmod 644 /usr/local/share/ca-certificates/ca-{alg}.crt",
f"sudo chown root:root /usr/local/share/ca-certificates/ca-{alg}.crt"
])
@ -683,7 +753,7 @@ def update_certs():
elif dist == "arch":
for alg in CERT_SIGN_ALGS:
sh([
f"sudo cp {EXPDIR}/certs/{alg}/ca.crt /etc/ca-certificates/trust-source/anchors/ca-{alg}.crt",
f"sudo cp {expdir}/certs/{alg}/ca.crt /etc/ca-certificates/trust-source/anchors/ca-{alg}.crt",
f"sudo chmod 644 /etc/ca-certificates/trust-source/anchors/ca-{alg}.crt",
f"sudo chown root:root /etc/ca-certificates/trust-source/anchors/ca-{alg}.crt"
])
@ -712,12 +782,12 @@ def connect_ssh(config):
if __name__ == "__main__":
if len(sys.argv) < 2 or sys.argv[1] in ["h", "help", "?", "-h", "-help", "--help", "/?"]:
print("""Options:
make [-c] Create everything
cert <alg> Select cert signature algorithm
send <config> Send configs and certs to p2
update-certs Update system's certs
run <config> Run experiment
script Print Firefox script to override DNS
make <config> [-c] Create everything
cert <alg> Select cert signature algorithm
send <config> Send configs and certs to p2
update-certs <config> Update system's certs
run <config> Run experiment
script Print Firefox script to override DNS
Make options:
-c Make CA cert (otherwise use already existing one)
@ -744,21 +814,22 @@ Run options:
if opt == "make":
config = CONFIGS[sys.argv[2]]
make_ca = "-c" in sys.argv
make_everything(EXPDIR, DOMAINS, make_ca, config["p3_suffix"], config["p3_port_plain"], config["p3_port_tls"])
make_everything(config["expdir"], DOMAINS, make_ca, config["p3_suffix"], config["p3_port_plain"], config["p3_port_tls"])
elif opt == "cert":
alg = sys.argv[2]
if not alg in CERT_SIGN_ALGS:
print("Error: alg must be in", CERT_SIGN_ALGS)
exit(1)
choose_cert_alg(EXPDIR, alg)
choose_cert_alg(config["expdir"], alg)
elif opt == "send":
config = CONFIGS[sys.argv[2]]
import fabric
ssh = connect_ssh(config)
upload_dir(ssh, EXPDIR, "/dev/shm")
upload_dir(ssh, config["expdir"], "/dev/shm")
elif opt == "update-certs":
import platform
update_certs()
config = CONFIGS[sys.argv[2]]
update_certs(config)
elif opt == "run":
config = CONFIGS[sys.argv[2]]
if "--count" in sys.argv:
@ -779,7 +850,7 @@ Run options:
from yoctopuce.yocto_api import *
from yoctopuce.yocto_power import *
run_exp(EXPDIR, config, only_record=getargv("--record", None), idle="--idle" in sys.argv)
run_exp(config, only_record=getargv("--record", None), idle="--idle" in sys.argv)
elif opt == "script":
print(SCRIPT_FIREFOX_HOSTS)
else: