diff --git a/contrib/measurements/2020-09-24_2.0-pre_perf.json b/contrib/measurements/2020-09-24_2.0-pre_perf.json deleted file mode 100644 index bd7f514..0000000 --- a/contrib/measurements/2020-09-24_2.0-pre_perf.json +++ /dev/null @@ -1,165 +0,0 @@ -{ - "meta": { - "region": "eu-central-1", - "instance_type": "m5.large", - "ami": "ami-00a205cb8e06c3c4e", - "version": "2.0-pre", - "duration": 621.4215319156647 - }, - "native": { - "iperf": { - "throughput": 9680424000.0, - "cpu_sender": 12.878548, - "cpu_receiver": 66.330665 - }, - "ping_100": { - "rtt_min": 0.045, - "rtt_max": 0.204, - "rtt_avg": 0.052, - "pkt_loss": 0.0 - }, - "ping_500": { - "rtt_min": 0.047, - "rtt_max": 0.213, - "rtt_avg": 0.054, - "pkt_loss": 0.0 - }, - "ping_1000": { - "rtt_min": 0.048, - "rtt_max": 0.629, - "rtt_avg": 0.055, - "pkt_loss": 0.0 - } - }, - "plain": { - "iperf": { - "throughput": 5733394000.0, - "cpu_sender": 11.835632, - "cpu_receiver": 67.865656 - }, - "ping_100": { - "rtt_min": 0.074, - "rtt_max": 3.375, - "rtt_avg": 0.093, - "pkt_loss": 0.0 - }, - "ping_500": { - "rtt_min": 0.076, - "rtt_max": 1.886, - "rtt_avg": 0.095, - "pkt_loss": 0.0 - }, - "ping_1000": { - "rtt_min": 0.076, - "rtt_max": 1.873, - "rtt_avg": 0.094, - "pkt_loss": 0.0 - } - }, - "aes256": { - "iperf": { - "throughput": 3917323000.0, - "cpu_sender": 7.746875, - "cpu_receiver": 65.508621 - }, - "ping_100": { - "rtt_min": 0.076, - "rtt_max": 1.527, - "rtt_avg": 0.093, - "pkt_loss": 0.0 - }, - "ping_500": { - "rtt_min": 0.075, - "rtt_max": 1.969, - "rtt_avg": 0.094, - "pkt_loss": 0.0 - }, - "ping_1000": { - "rtt_min": 0.079, - "rtt_max": 1.973, - "rtt_avg": 0.096, - "pkt_loss": 0.0 - } - }, - "aes128": { - "iperf": { - "throughput": 3899771000.0, - "cpu_sender": 6.73498, - "cpu_receiver": 64.197019 - }, - "ping_100": { - "rtt_min": 0.073, - "rtt_max": 1.522, - "rtt_avg": 0.094, - "pkt_loss": 0.0 - }, - "ping_500": { - "rtt_min": 0.08, - "rtt_max": 1.979, - "rtt_avg": 0.098, - "pkt_loss": 0.0 - }, - "ping_1000": { - "rtt_min": 0.082, - "rtt_max": 2.162, - "rtt_avg": 0.099, - "pkt_loss": 0.0 - } - }, - "chacha20": { - "iperf": { - "throughput": 2888735000.0, - "cpu_sender": 6.548527, - "cpu_receiver": 63.424257 - }, - "ping_100": { - "rtt_min": 0.078, - "rtt_max": 0.276, - "rtt_avg": 0.095, - "pkt_loss": 0.0 - }, - "ping_500": { - "rtt_min": 0.084, - "rtt_max": 0.241, - "rtt_avg": 0.1, - "pkt_loss": 0.0 - }, - "ping_1000": { - "rtt_min": 0.087, - "rtt_max": 0.424, - "rtt_avg": 0.106, - "pkt_loss": 0.0 - } - }, - "results": { - "throughput_mbits": { - "native": 9680.424, - "plain": 5733.394, - "aes256": 3917.323, - "aes128": 3899.771, - "chacha20": 2888.735 - }, - "latency_us": { - "plain": { - "100": 20.5, - "500": 20.5, - "1000": 19.5 - }, - "aes256": { - "100": 20.5, - "500": 20.0, - "1000": 20.5 - }, - "aes128": { - "100": 21.0, - "500": 22.000000000000004, - "1000": 22.000000000000004 - }, - "chacha20": { - "100": 21.5, - "500": 23.000000000000004, - "1000": 25.5 - } - } - } -} \ No newline at end of file diff --git a/contrib/measurements/2020-10-28_2.0.0-alpha1_perf.json b/contrib/measurements/2020-10-28_2.0.0-alpha1_perf.json new file mode 100644 index 0000000..2b91f30 --- /dev/null +++ b/contrib/measurements/2020-10-28_2.0.0-alpha1_perf.json @@ -0,0 +1,165 @@ +{ + "meta": { + "region": "eu-central-1", + "instance_type": "m5.large", + "ami": "ami-00a205cb8e06c3c4e", + "version": "2.0.0-alpha1", + "duration": 621.3780446052551 + }, + "native": { + "iperf": { + "throughput": 9681224000.0, + "cpu_sender": 13.679709, + "cpu_receiver": 71.69651 + }, + "ping_100": { + "rtt_min": 0.045, + "rtt_max": 0.18, + "rtt_avg": 0.051, + "pkt_loss": 0.0 + }, + "ping_500": { + "rtt_min": 0.047, + "rtt_max": 0.184, + "rtt_avg": 0.054, + "pkt_loss": 0.0 + }, + "ping_1000": { + "rtt_min": 0.049, + "rtt_max": 0.175, + "rtt_avg": 0.056, + "pkt_loss": 0.0 + } + }, + "plain": { + "iperf": { + "throughput": 5472962000.0, + "cpu_sender": 15.087884, + "cpu_receiver": 67.570992 + }, + "ping_100": { + "rtt_min": 0.078, + "rtt_max": 0.257, + "rtt_avg": 0.093, + "pkt_loss": 0.0 + }, + "ping_500": { + "rtt_min": 0.08, + "rtt_max": 0.243, + "rtt_avg": 0.097, + "pkt_loss": 0.0 + }, + "ping_1000": { + "rtt_min": 0.08, + "rtt_max": 0.591, + "rtt_avg": 0.096, + "pkt_loss": 0.0 + } + }, + "aes256": { + "iperf": { + "throughput": 3947676000.0, + "cpu_sender": 6.859741, + "cpu_receiver": 62.826154 + }, + "ping_100": { + "rtt_min": 0.081, + "rtt_max": 1.653, + "rtt_avg": 0.096, + "pkt_loss": 0.0 + }, + "ping_500": { + "rtt_min": 0.081, + "rtt_max": 1.259, + "rtt_avg": 0.098, + "pkt_loss": 0.0 + }, + "ping_1000": { + "rtt_min": 0.082, + "rtt_max": 0.257, + "rtt_avg": 0.099, + "pkt_loss": 0.0 + } + }, + "aes128": { + "iperf": { + "throughput": 4200596000.0, + "cpu_sender": 10.291266, + "cpu_receiver": 64.395908 + }, + "ping_100": { + "rtt_min": 0.081, + "rtt_max": 0.294, + "rtt_avg": 0.097, + "pkt_loss": 0.0 + }, + "ping_500": { + "rtt_min": 0.084, + "rtt_max": 0.238, + "rtt_avg": 0.099, + "pkt_loss": 0.0 + }, + "ping_1000": { + "rtt_min": 0.086, + "rtt_max": 0.291, + "rtt_avg": 0.101, + "pkt_loss": 0.0 + } + }, + "chacha20": { + "iperf": { + "throughput": 2854407000.0, + "cpu_sender": 5.648368, + "cpu_receiver": 58.473016 + }, + "ping_100": { + "rtt_min": 0.082, + "rtt_max": 0.515, + "rtt_avg": 0.098, + "pkt_loss": 0.0 + }, + "ping_500": { + "rtt_min": 0.089, + "rtt_max": 3.457, + "rtt_avg": 0.105, + "pkt_loss": 0.0 + }, + "ping_1000": { + "rtt_min": 0.092, + "rtt_max": 0.366, + "rtt_avg": 0.108, + "pkt_loss": 0.0 + } + }, + "results": { + "throughput_mbits": { + "native": 9681.224, + "plain": 5472.962, + "aes256": 3947.676, + "aes128": 4200.596, + "chacha20": 2854.407 + }, + "latency_us": { + "plain": { + "100": 21.0, + "500": 21.5, + "1000": 20.0 + }, + "aes256": { + "100": 22.500000000000004, + "500": 22.000000000000004, + "1000": 21.5 + }, + "aes128": { + "100": 23.000000000000004, + "500": 22.500000000000004, + "1000": 22.500000000000004 + }, + "chacha20": { + "100": 23.500000000000004, + "500": 25.5, + "1000": 26.0 + } + } + } +} \ No newline at end of file diff --git a/contrib/performance.py b/contrib/performance.py index 70a6e8d..5c49a1f 100755 --- a/contrib/performance.py +++ b/contrib/performance.py @@ -8,7 +8,7 @@ from datetime import date # Note: this script will run for ~8 minutes and incur costs of about $ 0.02 FILE = "../target/release/vpncloud" -VERSION = "2.0-pre" +VERSION = "2.0.0-alpha1" REGION = "eu-central-1" env = EC2Environment( diff --git a/src/cloud.rs b/src/cloud.rs index e4c9f40..fabeabb 100644 --- a/src/cloud.rs +++ b/src/cloud.rs @@ -492,7 +492,13 @@ impl GenericCloud GenericCloud { - debug!("Init error from {}: {}", src, err); - info!("Ignoring invalid init message from peer {}", addr_nice(src)); - return Ok(()) - } + Err(err) => return Err(err) } } else if let Some(peer) = self.peers.get_mut(&src) { peer.crypto.handle_message(data) @@ -748,14 +750,20 @@ impl GenericCloud { + debug!("Fatal crypto init error from {}: {}", src, e); info!("Closing pending connection to {} due to error in crypto init", addr_nice(src)); self.pending_inits.remove(&src); - } else { + } + Err(e @ Error::CryptoInit(_)) => { + debug!("Recoverable init error from {}: {}", src, e); + info!("Ignoring invalid init message from peer {}", addr_nice(src)); + } + Err(e) => { error!("Error: {}", e); } + Ok(_) => {} } } diff --git a/src/crypto/init.rs b/src/crypto/init.rs index b320ef5..d80725d 100644 --- a/src/crypto/init.rs +++ b/src/crypto/init.rs @@ -453,7 +453,7 @@ impl InitState

{ Ok(()) } else { self.next_stage = CLOSING; - Err(Error::CryptoInit("Initialization timeout")) + Err(Error::CryptoInitFatal("Initialization timeout")) } } @@ -565,7 +565,7 @@ impl InitState

{ debug!("Init: best algorithm is {:?} with speed {}", algo.0, algo.1); Ok(Some(algo)) } else { - Err(Error::CryptoInit("No common algorithms")) + Err(Error::CryptoInitFatal("No common algorithms")) } } @@ -578,7 +578,7 @@ impl InitState

{ if self.salted_node_id_hash == salted_node_id_hash || self.check_salted_node_id_hash(&salted_node_id_hash, self.node_id) { - return Err(Error::CryptoInit("Connected to self")) + return Err(Error::CryptoInitFatal("Connected to self")) } if stage != self.next_stage { if self.next_stage == STAGE_PONG && stage == STAGE_PING { @@ -598,7 +598,7 @@ impl InitState

{ self.repeat_last_message(out); return Ok(InitResult::Continue) } else { - return Err(Error::CryptoInit("Received invalid stage as first message")) + return Err(Error::CryptoInitFatal("Received invalid stage as first message")) } } self.failed_retries = 0; @@ -633,7 +633,7 @@ impl InitState

{ // decrypt the payload let peer_payload = - self.decrypt(&mut encrypted_payload).map_err(|_| Error::CryptoInit("Failed to decrypt payload"))?; + self.decrypt(&mut encrypted_payload).map_err(|_| Error::CryptoInitFatal("Failed to decrypt payload"))?; // create and send stage 3 reply self.send_message(STAGE_PENG, None, out); @@ -645,7 +645,7 @@ impl InitState

{ InitMsg::Peng { mut encrypted_payload, .. } => { // decrypt the payload let peer_payload = - self.decrypt(&mut encrypted_payload).map_err(|_| Error::CryptoInit("Failed to decrypt payload"))?; + self.decrypt(&mut encrypted_payload).map_err(|_| Error::CryptoInitFatal("Failed to decrypt payload"))?; self.next_stage = CLOSING; // force resend when receiving any message Ok(InitResult::Success { peer_payload, is_initiator: false }) diff --git a/src/crypto/mod.rs b/src/crypto/mod.rs index 2c10043..4c1124e 100644 --- a/src/crypto/mod.rs +++ b/src/crypto/mod.rs @@ -124,7 +124,12 @@ impl Crypto { speeds.into_iter().map(|(a, s)| format!("{}: {:.1} MiB/s", a, s)).collect::>().join(", ") ); } - Ok(Self { node_id, key_pair: Arc::new(key_pair), trusted_keys: trusted_keys.into_boxed_slice().into(), algorithms: algos }) + Ok(Self { + node_id, + key_pair: Arc::new(key_pair), + trusted_keys: trusted_keys.into_boxed_slice().into(), + algorithms: algos + }) } pub fn generate_keypair(password: Option<&str>) -> (String, String) { @@ -268,6 +273,23 @@ impl PeerCrypto

{ self.core.is_some() } + pub fn algorithm_name(&self) -> &'static str { + if let Some(ref core) = self.core { + let algo = core.algorithm(); + if algo == &aead::CHACHA20_POLY1305 { + "chacha20" + } else if algo == &aead::AES_128_GCM { + "aes128" + } else if algo == &aead::AES_256_GCM { + "aes256" + } else { + unreachable!() + } + } else { + "plain" + } + } + fn handle_init_message(&mut self, buffer: &mut MsgBuffer) -> Result, Error> { let result = self.get_init()?.handle_init(buffer)?; if !buffer.is_empty() { diff --git a/src/error.rs b/src/error.rs index c86695c..642d978 100644 --- a/src/error.rs +++ b/src/error.rs @@ -5,10 +5,14 @@ use std::io; #[derive(Error, Debug)] pub enum Error { - /// Crypto init error, this is fatal and the init needs to be aborted + /// Crypto init error, this is recoverable #[error("Crypto initialization error: {0}")] CryptoInit(&'static str), + /// Crypto init error, this is fatal and the init needs to be aborted + #[error("Fatal crypto initialization error: {0}")] + CryptoInitFatal(&'static str), + /// Crypto error with this one message, no permanent error #[error("Crypto error: {0}")] Crypto(&'static str),