RAKIS init

Author: man9ourah

Diff for: .gitignore

@@ -1,6 +1,5 @@
 /build
 /install
-/obj-*
 
 # No editor backup files.
 *.sw*
@@ -49,3 +48,6 @@ TAGS
 cscope.*
 ncscope.*
 *cscope*
+
+.cache/
+compile_commands.json

Diff for: CI-Examples/curl/.gitignore

@@ -0,0 +1,6 @@
+/*-src
+/*-ins
+/.lck
+/curl
+/nghttpx
+/out

Diff for: CI-Examples/curl/Makefile

@@ -0,0 +1,159 @@
+ARCH_LIBDIR ?= /lib/$(shell $(CC) -dumpmachine)
+ROOT_DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+
+ifeq ($(DEBUG),1)
+GRAMINE_LOG_LEVEL = debug
+else
+GRAMINE_LOG_LEVEL = error
+endif
+
+CURL_SRC = curl-src
+CURL_INS = curl-ins
+
+OPENSSL_SRC = openssl-src
+OPENSSL_INS = openssl-ins
+
+NGTCP2_SRC = ngtcp2-src
+NGTCP2_INS = ngtcp2-ins
+
+NGHTTP3_SRC = nghttp3-src
+NGHTTP3_INS = nghttp3-ins
+
+NGHTTP2_SRC = nghttp2-src
+NGHTTP2_INS = nghttp2-ins
+
+JANSSON_SRC = jansson-src
+JANSSON_INS = jansson-ins
+
+EUROSYS_EXP_DOWNLOAD_SIZE ?= 1G
+
+.PHONY: all
+all: curl curl.manifest nghttpx
+ifeq ($(SGX),1)
+all: curl.manifest.sgx curl.sig curl.token nghttpx
+endif
+
+curl.manifest: curl.manifest.template
+	gramine-manifest \
+		-Dlog_level=$(GRAMINE_LOG_LEVEL) \
+		-Darch_libdir=$(ARCH_LIBDIR) \
+		-Dlibcurl_dir=$(ROOT_DIR)/$(CURL_INS)/lib/ \
+		-Dlibssl_dir=$(ROOT_DIR)/$(OPENSSL_INS)/lib64/ \
+		-Dlibnghttp3_dir=$(ROOT_DIR)/$(NGHTTP3_INS)/lib/ \
+		-Dlibngtcp2_dir=$(ROOT_DIR)/$(NGTCP2_INS)/lib/ \
+		$< > $@
+
+curl.manifest.sgx curl.sig: sgx_sign
+	@:
+
+.INTERMEDIATE: sgx_sign
+sgx_sign: curl.manifest curl
+	gramine-sgx-sign \
+		--manifest $< \
+		--output $<.sgx
+
+curl.token: curl.sig
+	gramine-sgx-get-token \
+		--output curl.token --sig curl.sig
+
+$(OPENSSL_INS)/lib64/:
+	git clone --depth 1 -b openssl-3.0.9+quic \
+		https://github.com/quictls/openssl $(OPENSSL_SRC) && \
+		cd $(OPENSSL_SRC) && ./config enable-tls1_3 \
+		--prefix=$(ROOT_DIR)/$(OPENSSL_INS) && make install
+
+$(NGHTTP3_INS)/lib:
+	git clone -b v0.12.0 https://github.com/ngtcp2/nghttp3 $(NGHTTP3_SRC) && \
+		cd $(NGHTTP3_SRC) && autoreconf -i && ./configure --prefix=$(ROOT_DIR)/$(NGHTTP3_INS) --enable-lib-only && \
+		make install
+
+$(NGTCP2_INS)/lib: $(OPENSSL_INS)/lib64/ $(NGHTTP3_INS)/lib
+	git clone -b v0.16.0 https://github.com/ngtcp2/ngtcp2 $(NGTCP2_SRC) && \
+		cd $(NGTCP2_SRC) && autoreconf -i && \
+		PKG_CONFIG_PATH=$(ROOT_DIR)/$(NGHTTP3_INS)/lib/pkgconfig:$(ROOT_DIR)/$(OPENSSL_INS)/lib64/pkgconfig \
+		LDFLAGS="-Wl,-rpath,$(ROOT_DIR)/$(OPENSSL_INS)/lib64" \
+		./configure --prefix=$(ROOT_DIR)/$(NGTCP2_INS) --enable-lib-only && \
+		make install
+
+$(CURL_INS)/bin/curl: $(NGTCP2_INS)/lib
+	git clone https://github.com/curl/curl $(CURL_SRC) && \
+		cd $(CURL_SRC) && git checkout 1eca27f && \
+		autoreconf -fi && LDFLAGS="-Wl,-rpath,$(ROOT_DIR)/$(OPENSSL_INS)/lib64" \
+		./configure --with-openssl=$(ROOT_DIR)/$(OPENSSL_INS) \
+		--with-nghttp3=$(ROOT_DIR)/$(NGHTTP3_INS) --with-ngtcp2=$(ROOT_DIR)/$(NGTCP2_INS) \
+		--prefix=$(ROOT_DIR)/$(CURL_INS) && \
+		make install
+
+$(JANSSON_INS)/lib:
+	git clone https://github.com/akheron/jansson.git $(JANSSON_SRC) && \
+		cd $(JANSSON_SRC) && git checkout 2.10 && \
+		mkdir build && cd build && cmake ../ -DCMAKE_INSTALL_PREFIX=$(ROOT_DIR)/$(JANSSON_INS) && \
+		make install
+
+$(NGHTTP2_INS)/bin/nghttpx: $(NGTCP2_INS)/lib $(JANSSON_INS)/lib
+	git clone https://github.com/nghttp2/nghttp2.git $(NGHTTP2_SRC) && \
+		cd $(NGHTTP2_SRC) && git checkout e7f5940 && \
+		autoreconf -fi && \
+		PKG_CONFIG_PATH=$(ROOT_DIR)/$(NGHTTP3_INS)/lib/pkgconfig:$(ROOT_DIR)/$(OPENSSL_INS)/lib64/pkgconfig:$(ROOT_DIR)/$(JANSSON_INS)/lib/pkgconfig:$(ROOT_DIR)/$(NGTCP2_INS)/lib/pkgconfig \
+		LDFLAGS="-Wl,-rpath,$(ROOT_DIR)/$(OPENSSL_INS)/lib64" \
+		CFLAGS=-I$(ROOT_DIR)/$(OPENSSL_INS)/include \
+		./configure --enable-maintainer-mode --prefix=$(ROOT_DIR)/$(NGHTTP2_INS) \
+		--disable-shared --enable-app --enable-http3 --without-jemalloc \
+		--without-libxml2 --without-systemd && \
+		make install
+
+curl: $(CURL_INS)/bin/curl
+	cp $< $@
+	touch out
+
+nghttpx: $(NGHTTP2_INS)/bin/nghttpx
+	cp $< $@
+
+.PHONY: clean
+clean:
+	$(RM) *.token *.sig *.manifest.sgx *.manifest curl .lck nghttpx out
+
+.PHONY: distclean
+distclean: clean
+	$(RM) -r $(CURL_SRC) $(CURL_INS) \
+		$(OPENSSL_SRC) $(OPENSSL_INS) $(NGTCP2_SRC) \
+		$(NGTCP2_INS) $(NGHTTP3_SRC) $(NGHTTP3_INS) \
+		$(NGHTTP2_SRC) $(NGHTTP2_INS) $(JANSSON_SRC) $(JANSSON_INS)
+
+
+eurosys-reproduce-curl-%-sgx: export SGX := 1
+
+eurosys-reproduce-curl-gramine-%: export PATH := $(HOME)/.local/gramine/bin:$(PATH)
+eurosys-reproduce-curl-gramine-%: export PYTHONPATH := $(HOME)/.local/gramine/lib/python3.10/site-packages:$(PYTHONPATH)
+eurosys-reproduce-curl-gramine-%: export PKG_CONFIG_PATH := $(HOME)/.local/gramine/lib/x86_64-linux-gnu/pkgconfig:$(PKG_CONFIG_PATH)
+eurosys-reproduce-curl-gramine-%: export SETTING := Gramine
+
+eurosys-reproduce-curl-rakis-%: export PATH := $(HOME)/.local/rakis/bin:$(PATH)
+eurosys-reproduce-curl-rakis-%: export PYTHONPATH := $(HOME)/.local/rakis/lib/python3.10/site-packages:$(PYTHONPATH)
+eurosys-reproduce-curl-rakis-%: export PKG_CONFIG_PATH := $(HOME)/.local/rakis/lib/x86_64-linux-gnu/pkgconfig:$(PKG_CONFIG_PATH)
+eurosys-reproduce-curl-rakis-%: export SETTING := Rakis
+
+eurosys-reproduce-curl-native: export NATIVE := 1
+eurosys-reproduce-curl-native: export PATH := $(HOME)/.local/rakis/bin:$(PATH)
+eurosys-reproduce-curl-native: export PYTHONPATH := $(HOME)/.local/rakis/lib/python3.10/site-packages:$(PYTHONPATH)
+eurosys-reproduce-curl-native: export PKG_CONFIG_PATH := $(HOME)/.local/rakis/lib/x86_64-linux-gnu/pkgconfig:$(PKG_CONFIG_PATH)
+
+eurosys-reproduce-curl-%: clean
+	$(MAKE) eurosys-reproduce-run-curl
+
+eurosys-reproduce-run-curl: all
+ifeq ($(NATIVE),1)
+	@echo "\n******************************************"
+	@echo "[*] Running curl in NATIVE setting..."
+	./curl --http3-only https://10.50.0.2:9443/dump$(EUROSYS_EXP_DOWNLOAD_SIZE) --insecure -o out -w "@curl-format.txt" -Z
+
+else ifeq ($(SGX),1)
+	@echo "\n******************************************"
+	@echo "[*] Running Curl in $(SETTING)-SGX setting..."
+	gramine-sgx ./curl --http3-only https://10.50.0.2:9443/dump$(EUROSYS_EXP_DOWNLOAD_SIZE) --insecure -o out -w "@curl-format.txt" -Z
+
+else
+	@echo "\n******************************************"
+	@echo "[*] Running Curl in $(SETTING)-Direct setting..."
+	gramine-direct ./curl --http3-only https://10.50.0.2:9443/dump$(EUROSYS_EXP_DOWNLOAD_SIZE) --insecure -o out -w "@curl-format.txt" -Z
+endif

Diff for: CI-Examples/curl/README.md

@@ -0,0 +1,72 @@
+# Curl (Rakis experiment)
+
+We use curl to test the performance of UDP in RAKIS. Basically, we try to
+download files of different sizes using the quic protocol which uses UDP.
+Unfortunately, as quic is still experimental in Curl, we have to build it from
+source with all of its dependencies, as well as a proxy server that can serve
+files over quic protocol.
+
+Running `make SGX=1` should be enough to build everything. It may take time so
+grab a cup of coffee.
+
+Once the build process is done, we should see two binaries: `curl` and
+`nghttpx`.
+
+In addition to this build process, we need an http server that can run behind
+`nghttpx` and do the actual serving of files. For our purpose, we will use
+`apache`. You can choose whatever server you like.
+
+Lets first take care of running the server and the proxy `nghttpx`.
+We want our http server and proxy to reside on the client_ns network namespace;
+excuse the confusing name of the network namespace as it will be hosting the
+server part of the experiment but it really does not matter as long as we have
+client part and server in two different network namespace. To do that, first we
+run apache as follows:
+```
+APACHE_STARTED_BY_SYSTEMD=true sudo -E ip netns exec client_ns /usr/sbin/apachectl start
+```
+
+Then, we run the `nghttpx` proxy server in-front of it also within the
+client_ns namespace. For the certificates, we will just use the sample
+certificates provided in curl source code:
+```
+sudo ip netns exec client_ns ./nghttpx /home/mansour/rakis/CI-Examples/curl/curl-src/tests/stunnel.pem /home/mansour/rakis/CI-Examples/curl/curl-src/tests/stunnel.pem --backend=0.0.0.0,80  --frontend="10.50.0.2,9443;quic"
+```
+
+With that, our server should be ready to serve files with quic protocol in the
+client_ns.
+
+Now we run curl:
+```
+gramine-sgx ./curl --http3-only https://10.50.0.2:9443/dump1G --insecure -o out -w "@curl-format.txt" -Z
+```
+
+## Eurosys artifact reviewers
+
+Our server already has `apache` and the `nghttpx` proxy running on the client_ns
+network namespace. So you can skip setting up the server and only worry about
+running the curl process with different runtime settings.
+
+We provide Makefile targets that will make this easier and less confusing:
+
+| Target | Setting |
+| ------- | -------- |
+| eurosys-reproduce-curl-native | native |
+| eurosys-reproduce-curl-gramine-sgx | Gramine-SGX |
+| eurosys-reproduce-curl-gramine-direct | Gramine-Direct |
+| eurosys-reproduce-curl-rakis-sgx | Rakis-SGX |
+| eurosys-reproduce-curl-rakis-direct | Rakis-direct |
+
+To set the size of the file to download, simply set the
+`EUROSYS_EXP_DOWNLOAD_SIZE` environment variable before invoking make. The
+default file to download is of size 1G.
+
+For example, to use Rakis-SGX to download 100M file you can run:
+```
+EUROSYS_EXP_DOWNLOAD_SIZE=100M make eurosys-reproduce-curl-rakis-sgx
+```
+
+The make command will take a long time for the first run to compile everything
+(about 10 mins) needed but will just run curl for later runs. The total_time in
+the output is what we used to report in the paper, normalized to the native
+execution download times.

Diff for: CI-Examples/curl/curl-format.txt

@@ -0,0 +1,13 @@
+     time_namelookup:  %{time_namelookup}s\n
+        time_connect:  %{time_connect}s\n
+     time_appconnect:  %{time_appconnect}s\n
+    time_pretransfer:  %{time_pretransfer}s\n
+       time_redirect:  %{time_redirect}s\n
+  time_starttransfer:  %{time_starttransfer}s\n
+                     ----------\n
+          time_total:  %{time_total} && speed_download: %{speed_download}
+          size_upload: %{size_upload} bytes\n
+          speed_upload: %{speed_upload} bytes/s\n
+          num_connects: %{num_connects}\n
+          num_redirects: %{num_redirects}\n
+          redirect_url: %{redirect_url}\n

Diff for: CI-Examples/curl/curl.manifest.template

@@ -0,0 +1,66 @@
+# Memcached manifest file example
+
+loader.entrypoint = "file:{{ gramine.libos }}"
+libos.entrypoint = "/curl"
+
+loader.log_level = "{{ log_level }}"
+
+loader.env.LD_LIBRARY_PATH = "/libcurl/:/libssl/:/libnghttp3/:/libngtcp2/:/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}"
+
+loader.insecure__use_cmdline_argv = true
+
+sys.enable_sigterm_injection = true
+
+fs.mounts = [
+  { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
+  { path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
+  { path = "/usr/{{ arch_libdir }}", uri = "file:/usr/{{ arch_libdir }}" },
+  { path = "/libcurl/", uri = "file:{{ libcurl_dir }}"},
+  { path = "/libssl/", uri = "file:{{ libssl_dir }}"},
+  { path = "/libnghttp3/", uri = "file:{{ libnghttp3_dir }}"},
+  { path = "/libngtcp2/", uri = "file:{{ libngtcp2_dir }}"},
+  { path = "/etc", uri = "file:/etc" },
+  { path = "/curl", uri = "file:curl" },
+  { path = "/curl-format.txt", uri = "file:curl-format.txt" },
+  { path = "/out", uri = "file:out" },
+]
+
+sgx.debug = false
+sgx.nonpie_binary = true
+sgx.max_threads = 24
+
+
+# Memcached does not fail explicitly when enclave memory is exhausted. Instead, Memcached goes into
+# infinite loop without a listening socket. You can trigger this incorrect behavior by increasing
+# the number of threads to 12 (each thread requires 128MB of memory): `curl -t 12`. This is an
+# issue in Memcached source code, not related to Gramine.
+sgx.enclave_size = "1024M"
+
+sgx.trusted_files = [
+  "file:{{ gramine.libos }}",
+  "file:curl",
+  "file:{{ gramine.runtimedir() }}/",
+  "file:{{ arch_libdir }}/",
+  "file:/usr/{{ arch_libdir }}/",
+  "file:{{ libcurl_dir }}",
+  "file:{{ libssl_dir }}",
+  "file:{{ libnghttp3_dir }}",
+  "file:{{ libngtcp2_dir }}",
+  "file:curl-format.txt"
+]
+
+sgx.allowed_files = [
+  "file:/etc/nsswitch.conf",
+  "file:/etc/ethers",
+  "file:/etc/hosts",
+  "file:/etc/group",
+  "file:/etc/passwd",
+  "file:/etc/gai.conf",
+  "file:out"
+]
+
+rakis.enabled = true
+rakis.net_threads_num = 1
+rakis.netifs = [ { interface_name = "ens1f0", ip_addr = "10.50.0.1", gw_addr = "10.50.0.1", netmask = "255.255.0.0", mac_addr = "40:a6:b7:40:37:f8", xsks = [ { qid = 0, ctrl_prcs_path = "/tmp/rakis-xdp-def-ctrl" }] } ]
+rakis.io_uring.io_urings_num = 24
+rakis.arp_table = [ { ip_addr = "10.50.0.2", mac_addr = "40:a6:b7:40:37:f9" } ]

Diff for: CI-Examples/iperf3/.gitignore

@@ -0,0 +1,4 @@
+iperf/
+iperf3
+compile_commands.json
+results-*.csv