Plots, fixes
This commit is contained in:
parent
29b3119720
commit
fb5adf26f1
4 changed files with 293 additions and 89 deletions
120
exp.py
120
exp.py
|
|
@ -6,6 +6,7 @@ P2_SSH = "exp@p2"
|
|||
P2_PSW = "exp"
|
||||
P2_REPODIR = "/home/exp/exp"
|
||||
EXPDIR = "/dev/shm/exp"
|
||||
LOG_BACKUP_DIR = "/home/tuxmain"
|
||||
P2_ADDR = "192.168.3.14"
|
||||
DOMAINS_ = [
|
||||
# Apple
|
||||
|
|
@ -33,11 +34,11 @@ DOMAINS_ = [
|
|||
WATTMETER = True
|
||||
|
||||
RECORDS = [
|
||||
#{ "filename": "youtube", "repeat": 1 },
|
||||
#{ "filename": "youtube", "repeat": 1000 },
|
||||
#{ "filename": "peertube", "repeat": 10 },
|
||||
#{ "filename": "wikipedia", "repeat": 10 },
|
||||
{ "filename": "apple", "repeat": 100 },
|
||||
#{ "filename": "google", "repeat": 10 },
|
||||
{ "filename": "wikipedia", "repeat": 100 },
|
||||
#{ "filename": "apple", "repeat": 1000 },
|
||||
#{ "filename": "google", "repeat": 1000 },
|
||||
]
|
||||
CERT_SIGN_ALGS = [
|
||||
"prime256v1", # widely used
|
||||
|
|
@ -46,8 +47,8 @@ CERT_SIGN_ALGS = [
|
|||
"rsa2048", "rsa3072", "rsa4096", # widely used
|
||||
]
|
||||
IMPLS = [
|
||||
#"aws_lc_rs", # Amazon's Rust crypto widely used in Rust stuff
|
||||
#"boring", # Google's fork of OpenSSL used in Chrome and Android
|
||||
"aws_lc_rs", # Amazon's Rust crypto widely used in Rust stuff
|
||||
"boring", # Google's fork of OpenSSL used in Chrome and Android
|
||||
"openssl", # widely used
|
||||
#"ring", # used in most Rust stuff
|
||||
#"symcrypt", # Microsoft's crypto
|
||||
|
|
@ -72,6 +73,7 @@ KEXES = [
|
|||
"SECP256R1",
|
||||
"SECP384R1",
|
||||
]
|
||||
IDLE = "idle - - - - - - 600.000081539154 0.0 896 4792 0.5399999999999991"
|
||||
|
||||
# Testing all combinations would be too much. Instead we isolate independent parts.
|
||||
EXPERIMENTS = {
|
||||
|
|
@ -83,36 +85,36 @@ EXPERIMENTS = {
|
|||
"AES_128_GCM_SHA256",
|
||||
"AES_256_GCM_SHA384",
|
||||
"CHACHA20_POLY1305_SHA256",
|
||||
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||
"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
||||
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
#"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||
#"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
||||
],
|
||||
"kexes": ["X25519"],
|
||||
"cert": ["prime256v1"],
|
||||
},
|
||||
# # Compare signatures among implementations and TLS versions
|
||||
## Compare signatures among implementations and TLS versions
|
||||
"impl-cert-ver": {
|
||||
"impls": IMPLS,
|
||||
"records": RECORDS,
|
||||
"ciphers": [
|
||||
"AES_128_GCM_SHA256",
|
||||
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
],
|
||||
"kexes": ["X25519"],
|
||||
"cert": [
|
||||
"prime256v1",
|
||||
#"secp384r1",
|
||||
"rsa2048",
|
||||
#"rsa3072", "rsa4096"
|
||||
"rsa3072", "rsa4096"
|
||||
],
|
||||
},
|
||||
# # Compare key exchange groups among implementations and TLS versions
|
||||
## Compare key exchange groups among implementations and TLS versions
|
||||
"impl-kex-ver": {
|
||||
"impls": IMPLS,
|
||||
"records": RECORDS,
|
||||
"ciphers": [
|
||||
"AES_128_GCM_SHA256",
|
||||
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
],
|
||||
"kexes": ["X25519", "SECP256R1", "SECP384R1"],
|
||||
"cert": ["prime256v1"],
|
||||
|
|
@ -122,8 +124,9 @@ EXPERIMENTS = {
|
|||
# "records": RECORDS,
|
||||
# "ciphers": [
|
||||
# "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
# "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
||||
# ],
|
||||
# "kexes": ["SECP384R1"],
|
||||
# "kexes": ["X25519"],
|
||||
# "cert": ["prime256v1"],
|
||||
#},
|
||||
}
|
||||
|
|
@ -286,24 +289,28 @@ SETUPS = {
|
|||
"netreplay_tls_mode": "none",
|
||||
"p2_port": 80,
|
||||
"listen_port": 80,
|
||||
"tls_invariant": True,
|
||||
},
|
||||
"client": {
|
||||
"rpxy_config": "tls",
|
||||
"netreplay_tls_mode": "server",
|
||||
"p2_port": 80,
|
||||
"listen_port": 443,
|
||||
"tls_invariant": False,
|
||||
},
|
||||
"server": {
|
||||
"rpxy_config": "plain",
|
||||
"netreplay_tls_mode": "client",
|
||||
"p2_port": 443,
|
||||
"listen_port": 80,
|
||||
"tls_invariant": False,
|
||||
},
|
||||
#"both": {
|
||||
# "rpxy_config": "tls",
|
||||
# "netreplay_tls_mode": "both",
|
||||
# "p2_port": 443,
|
||||
# "listen_port": 443,
|
||||
# "tls_invariant": False,
|
||||
#},
|
||||
}
|
||||
|
||||
|
|
@ -357,22 +364,15 @@ def choose_impl(expdir, p, impl):
|
|||
expdir += "/"
|
||||
os.symlink(os.getcwd()+"/rpxy_rustls_"+impl, expdir+str(p)+"_rpxy", False)
|
||||
|
||||
def run_rpxy(expdir, repodir, config_name, impl, ciphers=None, kexes=None):
|
||||
def run_netreplay(expdir, repodir, record, p2_addr, p2_port, listen_port, tls_mode, only_record=None, ciphers=None, kexes=None):
|
||||
if expdir[-1] != "/":
|
||||
expdir += "/"
|
||||
repodir = repodir.removesuffix("/")
|
||||
env = {"RUST_LOG": "debug"}
|
||||
if ciphers:
|
||||
env["CIPHERS"] = ",".join(ciphers)
|
||||
env["CIPHERS"] = ciphers
|
||||
if kexes:
|
||||
env["KEXES"] = ",".join(KEXES)
|
||||
return subprocess.Popen([repodir+"/rpxy_rustls_"+impl, "--config", expdir+"configs/"+config_name+".toml"], env=env)
|
||||
|
||||
def run_netreplay(expdir, repodir, record, p2_addr, p2_port, listen_port, tls_mode, only_record=None):
|
||||
if expdir[-1] != "/":
|
||||
expdir += "/"
|
||||
repodir = repodir.removesuffix("/")
|
||||
env = {"RUST_LOG": "debug"}
|
||||
env["KEXES"] = kexes
|
||||
cmd = [repodir+"/netreplay", repodir+"/records/"+record["filename"], "play", p2_addr, str(p2_port), str(listen_port), expdir+"current_certs", tls_mode, "-r", str(record["repeat"])]
|
||||
if only_record != None:
|
||||
cmd += ["--record", only_record]
|
||||
|
|
@ -401,7 +401,7 @@ def get_net_stat(ssh):
|
|||
bytes_out = int(items[8])
|
||||
return (bytes_in, bytes_out)
|
||||
|
||||
def run_exp(ssh, expdir, p2_path, exps, only_record=None):
|
||||
def run_exp(ssh, expdir, p2_path, exps, only_record=None, idle=False):
|
||||
wattmeter = None
|
||||
if WATTMETER:
|
||||
errmsg = YRefParam()
|
||||
|
|
@ -420,13 +420,58 @@ def run_exp(ssh, expdir, p2_path, exps, only_record=None):
|
|||
ssh.run(f"killall rpxy_rustls_{impl}")
|
||||
except invoke.exceptions.UnexpectedExit as e:
|
||||
pass
|
||||
rpxy_cpu = get_cpu_stat(ssh)
|
||||
logfile_name = expdir+"/log-"+str(int(time.time()))
|
||||
logfile = open(logfile_name, "w")
|
||||
logfile_name = "log-"+str(int(time.time()))
|
||||
logfile_path = expdir+"/"+logfile_name
|
||||
logfile = open(logfile_path, "w")
|
||||
logfile.write("exp impl alg kex cipher setup record time cpu bytes_in bytes_out Wh\n")
|
||||
logfile.close()
|
||||
|
||||
if idle:
|
||||
print("Measuring idle...")
|
||||
rpxy_cpu = get_cpu_stat(ssh)
|
||||
p2_bytes_in, p2_bytes_out = get_net_stat(ssh)
|
||||
energy = 0
|
||||
if WATTMETER:
|
||||
energy = wattmeter.get_meter()
|
||||
start = time.time()
|
||||
|
||||
time.sleep(600)
|
||||
|
||||
end = time.time()
|
||||
new_energy = 0
|
||||
if WATTMETER:
|
||||
new_energy = wattmeter.get_meter()
|
||||
new_p2_bytes_in, new_p2_bytes_out = get_net_stat(ssh)
|
||||
new_rpxy_cpu = get_cpu_stat(ssh)
|
||||
rpxy_cpu_diff = new_rpxy_cpu - rpxy_cpu
|
||||
p2_bytes_in_diff = new_p2_bytes_in - p2_bytes_in
|
||||
p2_bytes_out_diff = new_p2_bytes_out - p2_bytes_out
|
||||
energy_diff = new_energy - energy
|
||||
time_diff = end - start
|
||||
while True:
|
||||
try:
|
||||
with open(logfile_path, "a") as logfile:
|
||||
logfile.write(f"idle - - - - - - {time_diff} {rpxy_cpu_diff} {p2_bytes_in_diff} {p2_bytes_out_diff} {energy_diff}\n")
|
||||
logfile.close()
|
||||
break
|
||||
except Exception as e:
|
||||
print("Can't open log file:", e)
|
||||
time.sleep(1)
|
||||
else:
|
||||
while True:
|
||||
try:
|
||||
with open(logfile_path, "a") as logfile:
|
||||
logfile.write(IDLE+"\n")
|
||||
logfile.close()
|
||||
break
|
||||
except Exception as e:
|
||||
print("Can't open log file:", e)
|
||||
time.sleep(1)
|
||||
sh(f"cp {logfile_path} {LOG_BACKUP_DIR}/{logfile_name}")
|
||||
|
||||
for expname in exps:
|
||||
exp = exps[expname]
|
||||
first_set = True
|
||||
for impl in exp["impls"]:
|
||||
for alg in exp["cert"]:
|
||||
for kex in exp["kexes"]:
|
||||
|
|
@ -434,6 +479,8 @@ def run_exp(ssh, expdir, p2_path, exps, only_record=None):
|
|||
choose_cert_alg(expdir, alg)
|
||||
ssh.run(f"python {p2_path}/exp.py cert {alg}")
|
||||
for setup in SETUPS:
|
||||
if SETUPS[setup]["tls_invariant"] and not first_set:
|
||||
continue
|
||||
setupdir = expdir+"setups/"+setup
|
||||
for record in exp["records"]:
|
||||
print(f"EXPERIMENT {expname}: {impl} {alg} {kex} {cipher} {setup}")
|
||||
|
|
@ -443,13 +490,14 @@ def run_exp(ssh, expdir, p2_path, exps, only_record=None):
|
|||
runbg(ssh, f"{p2_path}/rpxy_rustls_{impl} --config {expdir}/configs/{p2_rpxy_config}.toml --log-dir /dev/shm", vars)
|
||||
time.sleep(1)
|
||||
|
||||
rpxy_cpu = get_cpu_stat(ssh)
|
||||
p2_bytes_in, p2_bytes_out = get_net_stat(ssh)
|
||||
energy = 0
|
||||
if WATTMETER:
|
||||
energy = wattmeter.get_meter()
|
||||
|
||||
start = time.time()
|
||||
netreplay = run_netreplay(expdir, REPODIR, record, P2_ADDR, SETUPS[setup]["p2_port"], SETUPS[setup]["listen_port"], SETUPS[setup]["netreplay_tls_mode"], only_record=only_record)
|
||||
netreplay = run_netreplay(expdir, REPODIR, record, P2_ADDR, SETUPS[setup]["p2_port"], SETUPS[setup]["listen_port"], SETUPS[setup]["netreplay_tls_mode"], only_record=only_record, ciphers=cipher, kexes=kex)
|
||||
|
||||
# TODO detect when netreplay has finished
|
||||
try:
|
||||
|
|
@ -468,6 +516,10 @@ def run_exp(ssh, expdir, p2_path, exps, only_record=None):
|
|||
|
||||
#time.sleep(30)
|
||||
#sh("killall netreplay")
|
||||
try:
|
||||
ssh.run(f"rm /dev/shm/access.log /dev/shm/rpxy.log")
|
||||
except invoke.exceptions.UnexpectedExit as e:
|
||||
pass
|
||||
try:
|
||||
ssh.run(f"killall rpxy_rustls_{impl}")
|
||||
except invoke.exceptions.UnexpectedExit as e:
|
||||
|
|
@ -488,17 +540,18 @@ def run_exp(ssh, expdir, p2_path, exps, only_record=None):
|
|||
p2_bytes_in_diff = new_p2_bytes_in - p2_bytes_in
|
||||
p2_bytes_out_diff = new_p2_bytes_out - p2_bytes_out
|
||||
energy_diff = new_energy - energy
|
||||
rpxy_cpu = new_rpxy_cpu
|
||||
time_diff = end - start
|
||||
while True:
|
||||
try:
|
||||
with open(logfile_name, "a") as logfile:
|
||||
with open(logfile_path, "a") as logfile:
|
||||
logfile.write(f"{expname} {impl} {alg} {kex} {cipher} {setup} {record_filename} {time_diff} {rpxy_cpu_diff} {p2_bytes_in_diff} {p2_bytes_out_diff} {energy_diff}\n")
|
||||
logfile.close()
|
||||
break
|
||||
except Exception as e:
|
||||
print("Can't open log file:", e)
|
||||
time.sleep(1)
|
||||
sh(f"cp {logfile_path} {LOG_BACKUP_DIR}/{logfile_name}")
|
||||
first_set = False
|
||||
if WATTMETER:
|
||||
YAPI.FreeAPI()
|
||||
|
||||
|
|
@ -564,6 +617,7 @@ Run options:
|
|||
--passphrase Prompt SSH key decryption passphrase (when using pubkey login)
|
||||
--count Do not run experiments but display number of experiments
|
||||
--record <id> Only play this record
|
||||
--idle Also measure when idle
|
||||
""".format(
|
||||
sig_algs=" ".join(CERT_SIGN_ALGS),
|
||||
impls=" ".join(IMPLS),
|
||||
|
|
@ -607,7 +661,7 @@ Run options:
|
|||
from yoctopuce.yocto_power import *
|
||||
|
||||
ssh = connect_ssh()
|
||||
run_exp(ssh, EXPDIR, P2_REPODIR, EXPERIMENTS, only_record=getargv("--record", None))
|
||||
run_exp(ssh, EXPDIR, P2_REPODIR, EXPERIMENTS, only_record=getargv("--record", None), idle="--idle" in sys.argv)
|
||||
elif opt == "script":
|
||||
print(SCRIPT_FIREFOX_HOSTS)
|
||||
else:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue