Make debugging optional

pq-tls-benchmark-framework/emulation-exp/code/kex/README.md

-## Python venv
-Create a python virtual environment to install all necessary python packages in.
+# Run the kex experiment
+To run the kex experimant, you need to first have the necessary prerequisites installed. After that you can run the experiment and analyze the results.
+
+## Install prerequisites
+In `benchmarking-pqc-in-quic/pq-tls-benchmark-framework/emulation-exp/code`:
+```bash
+    ./install_prereq-ubuntu.sh
 ```
+
+### Python venv
+Create a python virtual environment to install all necessary python packages in. 
+In `benchmarking-pqc-in-quic/pq-tls-benchmark-framework/emulation-exp/code/kex`:
+```bash
     python -m venv .venv
     source .venv/bin/activate
 
     pip install numpy pandas pyshark pyyaml
-```
\ No newline at end of file
+```
+
+## Run the experiment
+To run the experiment, first setup the experiment, then run it, and finally cleanup the experiment.
+Make sure to adapt the parallelism in experiment.py to the number of cores you have available.
+In `benchmarking-pqc-in-quic/pq-tls-benchmark-framework/emulation-exp/code/kex`:
+```bash
+    ./scripts/setup.sh $(nproc)
+    sudo .venv/bin/python scripts/experiment.py testscenarios/scenario_static.csv testscenarios/scenario_delay.csv
+    ./scripts/teardown.sh $(nproc)
+```
+
+## Generate graphs from the results
+The results are stored in the `results` directory. You can generate graphs from the results by running the genereate_graphs.py script.

pq-tls-benchmark-framework/emulation-exp/code/kex/nginx.conf

@@ -2,7 +2,7 @@
 
 worker_processes 4;
 
-error_log logs/debug.log debug;
+# error_log logs/debug.log debug; # enabling debugging logs leads to huge log files and is thus not recommended for benching.
 error_log logs/error.log;
 
 # env SSLKEYLOGFILE=/home/bebbo/sslkeylogfile; # does not work on its own

pq-tls-benchmark-framework/emulation-exp/code/kex/scripts/experiment.py

 #!/usr/bin/env python
 
+import csv
 import multiprocessing as mp
 import os
 import subprocess
 import sys
 
-import csv
 import pandas as pd
 
 # POOL_SIZE is the parallelism level. There should be the same amount of cores or more on your CPU.

pq-tls-benchmark-framework/emulation-exp/code/kex/scripts/helper_scripts/setup_ns.sh

@@ -74,7 +74,9 @@ for i in $(seq 1 ${NUMBER_OF_NETWORK_NAMESPACES}); do
         root netem
 done
 
-# $DATE is set by setup.sh
+# $DATE and $DEBUG is set by setup.sh
 # Only set up tshark for the first network namespace
-mkdir -p -m 777 captures && touch captures/capture_${DATE}.pcap && chmod a+w captures/capture_${DATE}.pcap
-ip netns exec cli_ns_1 tshark -i ${CLIENT_VETH} -w captures/capture_${DATE}.pcap &
+if [ "$DEBUG" == "true" ]; then
+    mkdir -p -m 777 captures && touch captures/capture_${DATE}.pcap && chmod a+w captures/capture_${DATE}.pcap
+    ip netns exec cli_ns_1 tshark -i ${CLIENT_VETH} -w captures/capture_${DATE}.pcap &
+fi

pq-tls-benchmark-framework/emulation-exp/code/kex/scripts/setup.sh

 #!/bin/bash
 set -ex
 
+# First argument is the number of network namespaces to create
+# Second argument is optional, if set to any value, will enable debug mode
+
 NUMBER_OF_NETWORK_NAMESPACES=1
-echo "Setting up ${NUMBER_OF_NETWORK_NAMESPACES} network namespaces"
 if [ -n "$1" ]; then
     NUMBER_OF_NETWORK_NAMESPACES=$1
 fi
+echo "Setting up ${NUMBER_OF_NETWORK_NAMESPACES} network namespaces"
+
+DEBUG=false
+if [ -n "$2" ]; then
+    DEBUG=true
+fi
+echo "Debug mode enabled: ${DEBUG}"
 
 ROOT="$(dirname $(pwd))"
 
@@ -27,6 +36,7 @@ make s_timer quic_s_timer
 ##########################
 export DATE=$(date +%Y%m%d%H%M%S) 
 export NUMBER_OF_NETWORK_NAMESPACES
+export DEBUG
 sudo -E $(pwd)/scripts/helper_scripts/setup_ns.sh
 
 ##########################
@@ -59,12 +69,17 @@ cp nginx.conf ${NGINX_CONF_DIR}/nginx.conf
 # echo "EXITING EARLY NOW TO TEST LOCALLY"
 # Then you would have to start nginx yourself, but can start it outside the emulated network.
 # exit 0
+if [ "$DEBUG" == "true" ]; then
+    NGINX_DEBUG_GLOBAL_DIRECTIVE="error_log logs/debug.log debug;"
+fi
 for i in $(seq 1 ${NUMBER_OF_NETWORK_NAMESPACES}); do
-    sudo ip netns exec srv_ns_${i} ${NGINX_APP} -g "pid logs/nginx-${i}.pid;"
+    sudo ip netns exec srv_ns_${i} ${NGINX_APP} -g "pid logs/nginx-${i}.pid; ${NGINX_DEBUG_GLOBAL_DIRECTIVE}"
 done
 echo "Nginx started"
 
 # Start collecting keys
-tail -f -n0 ${NGINX_LOGS_DIR}/debug.log | \
-grep -Poa --line-buffered '(?<=ssl keylog: ).*' | \
-tee -a captures/sslkeylogfile_${DATE}.log > /dev/null &
+if [ "$DEBUG" == "true" ]; then
+    tail -f -n0 ${NGINX_LOGS_DIR}/debug.log | \
+    grep -Poa --line-buffered '(?<=ssl keylog: ).*' | \
+    tee -a captures/sslkeylogfile_${DATE}.log > /dev/null &
+fi

pq-tls-benchmark-framework/emulation-exp/code/nginx-1.26.1-patches/README.md

 These patches are adapted from https://mailman.nginx.org/pipermail/nginx-devel/2024-January/W5CRPNYOC72XXFF45KQSD3VNNMGJ4WMR.html.
 
+They have the aim to enable ssl key logging for nginx.
+
 The SSL_CTX_set_keylog_callback() call from src/event/quic/ngx_event_quic_openssl_compat.c seems to overwrite the one in src/event/ngx_event_openssl.c leading to only having to overwrite the quic callback function. In case you would not compile with quic enabled, you would probably have to apply the other side of the patch referenced above.

pq-tls-benchmark-framework/emulation-exp/code/setup_ns.sh

-#!/bin/bash
-set -ex
-
-##########################
-# Setup network namespaces
-##########################
-
-# Server
-SERVER_VETH_LL_ADDR=00:00:00:00:00:01
-SERVER_NS=srv_ns
-SERVER_VETH=srv_ve
-
-# Client
-CLIENT_NS=cli_ns
-CLIENT_VETH_LL_ADDR=00:00:00:00:00:02
-CLIENT_VETH=cli_ve
-
-ip netns add ${SERVER_NS}
-ip netns add ${CLIENT_NS}
-
-# Add virtual link of types VETH
-ip link add \
-   name ${SERVER_VETH} \
-   address ${SERVER_VETH_LL_ADDR} \
-   netns ${SERVER_NS} type veth \
-   peer name ${CLIENT_VETH} \
-   address ${CLIENT_VETH_LL_ADDR} \
-   netns ${CLIENT_NS}
-
-ip netns exec ${SERVER_NS} \
-   ip link set dev ${SERVER_VETH} up
-ip netns exec ${SERVER_NS} \
-   ip link set dev lo up
-ip netns exec ${SERVER_NS} \
-   ip addr add 10.0.0.1/24 dev ${SERVER_VETH}
-
-ip netns exec ${CLIENT_NS} \
-   ip link set dev ${CLIENT_VETH} up
-ip netns exec ${CLIENT_NS} \
-   ip link set dev lo up
-ip netns exec ${CLIENT_NS} \
-   ip addr add 10.0.0.2/24 dev ${CLIENT_VETH}
-
-# Add neighbour objects for IP connection
-ip netns exec ${SERVER_NS} \
-   ip neigh add 10.0.0.2 \
-      lladdr ${CLIENT_VETH_LL_ADDR} \
-      dev ${SERVER_VETH}
-ip netns exec ${CLIENT_NS} \
-   ip neigh add 10.0.0.1 \
-      lladdr ${SERVER_VETH_LL_ADDR} \
-      dev ${CLIENT_VETH}
-
-# Turn off optimizations
-# that dent realism.
-ip netns exec ${CLIENT_NS} \
-   ethtool -K ${CLIENT_VETH} gso off gro off tso off
-
-ip netns exec ${SERVER_NS} \
-   ethtool -K ${SERVER_VETH} gso off gro off tso off
-
-# Add netem as qdisc for traffic control
-ip netns exec ${CLIENT_NS} \
-   tc qdisc add \
-      dev ${CLIENT_VETH} \
-      root netem
-ip netns exec ${SERVER_NS} \
-   tc qdisc add \
-      dev ${SERVER_VETH} \
-      root netem
-
-# $DATE is set by setup.sh
-mkdir -p -m 777 captures && touch captures/capture_${DATE}.pcap && chmod a+w captures/capture_${DATE}.pcap
-ip netns exec ${CLIENT_NS} tshark -i ${CLIENT_VETH} -w captures/capture_${DATE}.pcap &