Plots, fixes

README.md

@@ -107,10 +107,6 @@ Most of the implementations can be used through RusTLS.
 
 However RusTLS clients won't enable to force TLS1.2 if 1.3 is available.
 
-### rpxy
-
-Reverse-proxy utilisant RusTLS.
-
 ### WolfSSL
 
 ```bash
@@ -122,31 +118,6 @@ make
 sudo make install
 ```
 
-### self-signed cert
-
-```bash
-openssl req -x509 -newkey rsa:2048 -keyout /tmp/foo.home.key -subj "/CN=foo.home/C=AT/ST=Lyon/L=Lyon/O=MyOrg" -out /tmp/foo.home.crt -nodes -sha256 -addext "subjectAltName=DNS:foo.home"
-```
-
-### Client
-
-Automatize experiments using [Selenium](https://www.selenium.dev/documentation/webdriver/getting_started/)
-
-#### Experiment management
-
-* Manager tells P2 what shared libs and rpxy binary to load.
-* Tell P1, P2, P3 what rpxy config to load.
-* Start measures.
-	* Start Yocto (USB).
-	* Start 
-
-#### Ad-hoc proxy?
-
-Features:
-* Use RusTLS and any backend easily
-* Listen to plain HTTP or TLS (1.2 or 1.3)
-* 
-
 ## State of the art
 
 * https://pub.h-brs.de/frontdoor/deliver/index/docId/4771/file/2019-ESP32-TLS-Power.pdf
@@ -175,13 +146,68 @@ Features:
 	* https://github.com/MarcT0K/privacy-carbon-experiments
 * https://davidtnaylor.com/CostOfTheS.pdf
 	* 2014
-	* 
 
 ## Sources
 
 * [RFC8446 (TLS 1.3)](https://datatracker.ietf.org/doc/html/rfc8446)
 
-## Notes
+## Reproduce
+
+### Record
+
+Authorize rpxy and netreplay to bind to ports 80 and 443:
+```bash
+sudo setcap CAP_NET_BIND_SERVICE=+eip netreplay
+```
+
+Open Firefox with a dedicated profile: (create the profile using the GUI if it doesn't exist)
+
+```bash
+firefox -P tlsbench
+```
+
+In settings, disable DNS security.
+
+In `about:config`, set `devtools.chrome.enabled` to `true`.
+
+In the `about:config` tab, open the console, execute this script to override DNS for the selected names, and redirect them to localhost:
+
+```js
+const gOverride = Cc["@mozilla.org/network/native-dns-override;1"].getService(Ci.nsINativeDNSResolverOverride);
+gOverride.clearOverrides();
+var names = [
+	"apple.com", "www.apple.com",
+	"yt3.ggpht.com",
+	"accounts.google.com", "www.google.com",
+	"fonts.gstatic.com", "www.gstatic.com",
+	"mzstatic.com",
+	"wikimedia.org", "intake-analytics.wikimedia.org", "meta.wikimedia.org", "upload.wikimedia.org",
+	"wikipedia.org", "fr.wikipedia.org",
+	"youtube.com", "www.youtube.com",
+	"i.ytimg.com"
+];
+for(var i in names) {
+	gOverride.addIPOverride(names[i], "127.0.0.1");
+}
+```
+
+Stop anything running on ports 80 or 443.
+
+Start the record proxy:
+
+```bash
+./netreplay records/mynewrecord record
+```
+
+Just browse. Any traffic to and from the selected names will be recorded. Terminate netplayer with CTRL+C when finished.
+
+### Measure
+
+Add p2 the `/etc/hosts`:
+
+```
+192.168.3.14	p2
+```
 
 Install sa on p2:
 
@@ -190,35 +216,11 @@ sudo apt install acct
 sudo chmod +s /sbin/sa
 ```
 
-Override DNS in browser:
-
-```bash
-firefox -P tlsbench
-```
-
-In `about:config`, set `devtools.chrome.enabled` to `true`.
-Set default DNS in settings.
-In console:
-
-```js
-const gOverride = Cc["@mozilla.org/network/native-dns-override;1"].getService(Ci.nsINativeDNSResolverOverride);
-gOverride.clearOverrides();
-var names = ["apple.com", "www.apple.com", "mzstatic.com", "youtube.com", "www.youtube.com", "i.ytimg.com", "fonts.gstatic.com", "www.google.com", "accounts.google.com", "yt3.ggpht.com", "www.gstatic.com"];
-for(var i in names) {
-	gOverride.addIPOverride(names[i], "127.0.0.1");
-}
-```
-
-Authorize rpxy to bind to ports 80 and 443:
-```bash
-sudo setcap CAP_NET_BIND_SERVICE=+eip netreplay
-```
-
 ```bash
 python exp.py make -c
 python exp.py send
 python exp.py update-certs # also do this command on p2
-python exp.py run
+python exp.py run --idle
 ```
 
 On Debian, update-certs says 0 certs added even if it has actually updated some certs. This step is still needed.