removed m1 cargo test

The script can be used to simulate setups of different sizes. A short
description is added to the `misc/` folder for further information.

This can be used for both benchmarking but also hunting down bugs which
may occur with larger setups.

Signed-off-by: Paul Spooren <mail@aparcar.org>

.github/workflows/qc.yaml

@@ -110,7 +110,12 @@ jobs:
       - run: RUSTDOCFLAGS="-D warnings" cargo doc --no-deps --document-private-items
 
   cargo-test:
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-13]
+        # - ubuntu is x86-64
+        # - macos-13 is also x86-64 architecture
     steps:
       - uses: actions/checkout@v3
       - uses: actions/cache@v3

Cargo.lock

@@ -1066,6 +1066,12 @@ version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
 
+[[package]]
+name = "hex"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
+
 [[package]]
 name = "home"
 version = "0.5.9"
@@ -1291,9 +1297,8 @@ dependencies = [
 
 [[package]]
 name = "memsec"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c797b9d6bb23aab2fc369c65f871be49214f5c759af65bde26ffaaa2b646b492"
+version = "0.6.3"
+source = "git+https://github.com/rosenpass/memsec.git?rev=aceb9baee8aec6844125bd6612f92e9a281373df#aceb9baee8aec6844125bd6612f92e9a281373df"
 dependencies = [
  "getrandom 0.2.15",
  "libc",
@@ -2326,6 +2331,12 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "take-until"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b4e17d8598067a8c134af59cd33c1c263470e089924a11ab61cf61690919fe3b"
+
 [[package]]
 name = "tempfile"
 version = "3.10.1"
@@ -2858,8 +2869,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "89ba4e9811befc20af3b6efb15924a7238ee5e8e8706a196576462a00b9f1af1"
 dependencies = [
  "derive_builder 0.10.2",
+ "hex",
  "libc",
  "neli",
+ "take-until",
  "thiserror",
 ]
 

Cargo.toml

@@ -41,7 +41,7 @@ env_logger = "0.10.2"
 toml = "0.7.8"
 static_assertions = "1.1.0"
 allocator-api2 = "0.2.14"
-memsec = { version="0.7.0", features = [ "alloc_ext", ] }
+memsec = { git="https://github.com/rosenpass/memsec.git" ,rev="aceb9baee8aec6844125bd6612f92e9a281373df", features = [ "alloc_ext", ] }
 rand = "0.8.5"
 typenum = "1.17.0"
 log = { version = "0.4.21" }
@@ -77,6 +77,6 @@ procspawn = {version = "1.0.0", features= ["test-support"]}
 
 
 #Broker dependencies (might need cleanup or changes)
-wireguard-uapi = "3.0.0"
+wireguard-uapi = { version = "3.0.0", features = ["xplatform"] }
 command-fds = "0.2.3"
 rustix = { version = "0.38.27", features = ["net"] }

misc/README.md

@@ -0,0 +1,40 @@
+# Additional files
+
+This folder contains additional files that are used in the project.
+
+## `generate_configs.py`
+
+The script is used to generate configuration files for a benchmark setup
+consisting of a device under testing (DUT) and automatic test equipment (ATE),
+basically a strong machine capable of running multiple Rosenpass instances at
+once.
+
+At the top of the script multiple variables can be set to configure the DUT IP
+address and more. Once configured you may run `python3 generate_configs.py` to
+create the configuration files.
+
+A new folder called `output/` is created containing the subfolder `dut/` and
+`ate/`. The former has to be copied on the DUT, ideally reproducible hardware
+like a Raspberry Pi, while the latter is copied to the ATE, i.e. a laptop.
+
+### Running a benchmark
+
+On the ATE a run script is required since multiple instances of `rosenpass` are
+started with different configurations in parallel. The scripts are named after
+the number of instances they start, e.g. `run-50.sh` starts 50 instances.
+
+```shell
+# on the ATE aka laptop
+cd output/ate
+./run-10.sh
+```
+
+On the DUT you start a single Rosenpass instance with the configuration matching
+the ATE number of peers.
+
+```shell
+# on the DUT aka Raspberry Pi
+rosenpass exchange-config configs/dut-10.toml
+```
+
+Use whatever measurement tool you like to monitor the DUT and ATE.

misc/generate_configs.py

@@ -0,0 +1,105 @@
+from pathlib import Path
+from subprocess import run
+
+
+config = dict(
+    peer_counts=[1, 5, 10, 50, 100, 500],
+    peer_count_max=100,
+    ate_ip="192.168.2.1",
+    dut_ip="192.168.2.4",
+    dut_port=9999,
+    path_to_rosenpass_bin="/Users/user/src/rosenppass/rosenpass/target/debug/rosenpass",
+)
+
+print(config)
+
+output_dir = Path("output")
+output_dir.mkdir(exist_ok=True)
+
+template_dut = """
+public_key = "keys/dut-public-key"
+secret_key = "keys/dut-secret-key"
+listen = ["{dut_ip}:{dut_port}"]
+verbosity = "Quiet"
+"""
+template_dut_peer = """
+[[peers]] # ATE-{i}
+public_key = "keys/ate-{i}-public-key"
+endpoint = "{ate_ip}:{ate_port}"
+key_out = "out/key_out_{i}"
+"""
+
+template_ate = """
+public_key = "keys/ate-{i}-public-key"
+secret_key = "keys/ate-{i}-secret-key"
+listen = ["{ate_ip}:{ate_port}"]
+verbosity = "Quiet"
+
+[[peers]] # DUT
+public_key = "keys/dut-public-key"
+endpoint = "{dut_ip}:{dut_port}"
+key_out = "out/key_out_{i}"
+"""
+
+(output_dir / "dut" / "keys").mkdir(exist_ok=True, parents=True)
+(output_dir / "dut" / "out").mkdir(exist_ok=True, parents=True)
+(output_dir / "dut" / "configs").mkdir(exist_ok=True, parents=True)
+(output_dir / "ate" / "keys").mkdir(exist_ok=True, parents=True)
+(output_dir / "ate" / "out").mkdir(exist_ok=True, parents=True)
+(output_dir / "ate" / "configs").mkdir(exist_ok=True, parents=True)
+
+for peer_count in config["peer_counts"]:
+    dut_config = template_dut.format(**config)
+    for i in range(peer_count):
+        dut_config += template_dut_peer.format(**config, i=i, ate_port=50000 + i)
+
+    (output_dir / "dut" / "configs" / f"dut-{peer_count}.toml").write_text(dut_config)
+
+    if not (output_dir / "dut" / "keys" / "dut-public-key").exists():
+        print("Generate DUT keys")
+        run(
+            [
+                config["path_to_rosenpass_bin"],
+                "gen-keys",
+                f"configs/dut-{peer_count}.toml",
+            ],
+            cwd=output_dir / "dut",
+        )
+    else:
+        print("DUT keys already exist")
+
+# copy the DUT public key to the ATE
+(output_dir / "ate" / "keys" / "dut-public-key").write_bytes(
+    (output_dir / "dut" / "keys" / "dut-public-key").read_bytes()
+)
+
+ate_script = "(trap 'kill 0' SIGINT; \\\n"
+
+for i in range(config["peer_count_max"]):
+    (output_dir / "ate" / "configs" / f"ate-{i}.toml").write_text(
+        template_ate.format(**config, i=i, ate_port=50000 + i)
+    )
+
+    if not (output_dir / "ate" / "keys" / f"ate-{i}-public-key").exists():
+        # generate ATE keys
+        run(
+            [config["path_to_rosenpass_bin"], "gen-keys", f"configs/ate-{i}.toml"],
+            cwd=output_dir / "ate",
+        )
+    else:
+        print(f"ATE-{i} keys already exist")
+
+    # copy the ATE public keys to the DUT
+    (output_dir / "dut" / "keys" / f"ate-{i}-public-key").write_bytes(
+        (output_dir / "ate" / "keys" / f"ate-{i}-public-key").read_bytes()
+    )
+
+    ate_script += (
+        f"{config['path_to_rosenpass_bin']} exchange-config configs/ate-{i}.toml & \\\n"
+    )
+
+    if (i + 1) in config["peer_counts"]:
+        write_script = ate_script
+        write_script += "wait)"
+
+        (output_dir / "ate" / f"run-{i+1}.sh").write_text(write_script)

wireguard-broker/Cargo.toml

@@ -44,6 +44,7 @@ path = "src/bin/priviledged.rs"
 test = false
 doc = false
 required-features=["enable_broker_api"]
+cfg = { target_os = "linux" } 
 
 [[bin]]
 name = "rosenpass-wireguard-broker-socket-handler"
@@ -51,3 +52,4 @@ test = false
 path = "src/bin/socket_handler.rs"
 doc = false
 required-features=["enable_broker_api"]
+cfg = { target_os = "linux" } 

wireguard-broker/src/bin/priviledged.rs

@@ -1,56 +1,67 @@
-use std::io::{stdin, stdout, Read, Write};
-use std::result::Result;
+fn main() {
+    #[cfg(target_os = "linux")]
+    linux::main().unwrap();
 
-use rosenpass_wireguard_broker::api::msgs;
-use rosenpass_wireguard_broker::api::server::BrokerServer;
-use rosenpass_wireguard_broker::brokers::netlink as wg;
-
-#[derive(thiserror::Error, Debug)]
-pub enum BrokerAppError {
-    #[error(transparent)]
-    IoError(#[from] std::io::Error),
-    #[error(transparent)]
-    WgConnectError(#[from] wg::ConnectError),
-    #[error(transparent)]
-    WgSetPskError(#[from] wg::SetPskError),
-    #[error("Oversized message {}; something about the request is fatally wrong", .0)]
-    OversizedMessage(u64),
+    #[cfg(not(target_os = "linux"))]
+    panic!("This binary is only supported on Linux");
 }
 
-fn main() -> Result<(), BrokerAppError> {
-    let mut broker = BrokerServer::new(wg::NetlinkWireGuardBroker::new()?);
+#[cfg(target_os = "linux")]
+pub mod linux {
+    use std::io::{stdin, stdout, Read, Write};
+    use std::result::Result;
 
-    let mut stdin = stdin().lock();
-    let mut stdout = stdout().lock();
-    loop {
-        // Read the message length
-        let mut len = [0u8; 8];
-        stdin.read_exact(&mut len)?;
+    use rosenpass_wireguard_broker::api::msgs;
+    use rosenpass_wireguard_broker::api::server::BrokerServer;
+    use rosenpass_wireguard_broker::brokers::netlink as wg;
 
-        // Parse the message length
-        let len = u64::from_le_bytes(len);
-        if (len as usize) > msgs::REQUEST_MSG_BUFFER_SIZE {
-            return Err(BrokerAppError::OversizedMessage(len));
-        }
+    #[derive(thiserror::Error, Debug)]
+    pub enum BrokerAppError {
+        #[error(transparent)]
+        IoError(#[from] std::io::Error),
+        #[error(transparent)]
+        WgConnectError(#[from] wg::ConnectError),
+        #[error(transparent)]
+        WgSetPskError(#[from] wg::SetPskError),
+        #[error("Oversized message {}; something about the request is fatally wrong", .0)]
+        OversizedMessage(u64),
+    }
 
-        // Read the message itself
-        let mut req_buf = [0u8; msgs::REQUEST_MSG_BUFFER_SIZE];
-        let req_buf = &mut req_buf[..(len as usize)];
-        stdin.read_exact(req_buf)?;
+    pub fn main() -> Result<(), BrokerAppError> {
+        let mut broker = BrokerServer::new(wg::NetlinkWireGuardBroker::new()?);
 
-        // Process the message
-        let mut res_buf = [0u8; msgs::RESPONSE_MSG_BUFFER_SIZE];
-        let res = match broker.handle_message(req_buf, &mut res_buf) {
-            Ok(len) => &res_buf[..len],
-            Err(e) => {
-                eprintln!("Error processing message for wireguard PSK broker: {e:?}");
-                continue;
+        let mut stdin = stdin().lock();
+        let mut stdout = stdout().lock();
+        loop {
+            // Read the message length
+            let mut len = [0u8; 8];
+            stdin.read_exact(&mut len)?;
+
+            // Parse the message length
+            let len = u64::from_le_bytes(len);
+            if (len as usize) > msgs::REQUEST_MSG_BUFFER_SIZE {
+                return Err(BrokerAppError::OversizedMessage(len));
             }
-        };
 
-        // Write the response
-        stdout.write_all(&(res.len() as u64).to_le_bytes())?;
-        stdout.write_all(&res)?;
-        stdout.flush()?;
+            // Read the message itself
+            let mut req_buf = [0u8; msgs::REQUEST_MSG_BUFFER_SIZE];
+            let req_buf = &mut req_buf[..(len as usize)];
+            stdin.read_exact(req_buf)?;
+
+            // Process the message
+            let mut res_buf = [0u8; msgs::RESPONSE_MSG_BUFFER_SIZE];
+            let res = match broker.handle_message(req_buf, &mut res_buf) {
+                Ok(len) => &res_buf[..len],
+                Err(e) => {
+                    eprintln!("Error processing message for wireguard PSK broker: {e:?}");
+                    continue;
+                }
+            };
+
+            // Write the response
+            stdout.write_all(&(res.len() as u64).to_le_bytes())?;
+            stdout.write_all(&res)?;
+            stdout.flush()?;
+        }
     }
 }

wireguard-broker/src/brokers/mod.rs

@@ -1,6 +1,6 @@
 #[cfg(feature = "enable_broker_api")]
 pub mod mio_client;
-#[cfg(feature = "enable_broker_api")]
+#[cfg(all(feature = "enable_broker_api", target_os = "linux"))]
 pub mod netlink;
 
 pub mod native_unix;

wireguard-broker/src/brokers/netlink.rs

@@ -1,3 +1,5 @@
+#![cfg(target_os = "linux")]
+
 use std::fmt::Debug;
 
 use wireguard_uapi::linux as wg;