├── .gitignore ├── LICENSE ├── NOTICE ├── README.md ├── apps ├── Makefile ├── libdaq │ ├── LICENSE │ ├── Makefile │ ├── Makefile.untrusted │ ├── daq-2.2.1_graphene_dpdk.patch │ └── libdaq.manifest.template ├── libdaqdpdk-dummy │ ├── Makefile │ └── libdaqdpdk.c ├── libdnet │ ├── Makefile │ └── libdnet.manifest.template ├── libnuma-dummy │ ├── Makefile │ └── libnuma.c ├── libpcap │ ├── Makefile │ ├── Makefile.findalldevstest │ ├── example.txt │ ├── libpcap.manifest.template │ └── libpcap.manifest.template.findalldevstest ├── luajit │ ├── Makefile │ ├── example.lua │ └── libluajit.manifest.template ├── openssl │ ├── Makefile │ └── openssl.manifest.template ├── pcre │ ├── Makefile │ └── pcre.manifest.template ├── snort3 │ ├── LICENSE │ ├── Makefile │ ├── Makefile.vanilla │ ├── download-pcaps.sh │ ├── rules │ │ ├── community_1.rules │ │ ├── community_10.rules │ │ ├── community_100.rules │ │ ├── community_1000.rules │ │ ├── community_3462.rules │ │ └── sample.rules │ ├── run.sh │ ├── run_pktgen.sh │ ├── run_snort.sh │ ├── runcpu.sh │ ├── snort3-nohwloc.patch │ └── snort3.manifest.template └── zlib │ ├── Makefile │ └── zlib.manifest.template ├── build.sh ├── docs ├── clocs.txt ├── graphene-build.sh └── snort-build.sh ├── exps ├── 01_throughput.R ├── 02_dropped.R ├── 03_percent_analyzed.R ├── LICENSE ├── collect.py ├── droprate.py └── tests │ ├── devnotes.txt │ ├── snort_1024B │ ├── test_1024B_16KF.lua │ ├── test_1024B_1F.lua │ ├── test_1024B_1KF.lua │ ├── test_1024B_256F.lua │ ├── test_1024B_2KF.lua │ ├── test_1024B_32KF.lua │ ├── test_1024B_4KF.lua │ ├── test_1024B_512F.lua │ └── test_1024B_8KF.lua │ ├── snort_128B │ ├── test_128B_16KF.lua │ ├── test_128B_1F.lua │ ├── test_128B_1KF.lua │ ├── test_128B_256F.lua │ ├── test_128B_2KF.lua │ ├── test_128B_32KF.lua │ ├── test_128B_4KF.lua │ ├── test_128B_512F.lua │ └── test_128B_8KF.lua │ ├── snort_2048B │ ├── test_2048B_16KF.lua │ ├── test_2048B_1F.lua │ ├── test_2048B_1KF.lua │ ├── test_2048B_256F.lua │ ├── test_2048B_2KF.lua │ ├── test_2048B_32KF.lua │ ├── test_2048B_4KF.lua │ ├── test_2048B_512F.lua │ └── test_2048B_8KF.lua │ ├── snort_256B │ ├── test_256B_16KF.lua │ ├── test_256B_1F.lua │ ├── test_256B_1KF.lua │ ├── test_256B_256F.lua │ ├── test_256B_2KF.lua │ ├── test_256B_32KF.lua │ ├── test_256B_4KF.lua │ ├── test_256B_512F.lua │ └── test_256B_8KF.lua │ ├── snort_4096B │ ├── test_4096B_16KF.lua │ ├── test_4096B_1F.lua │ ├── test_4096B_1KF.lua │ ├── test_4096B_256F.lua │ ├── test_4096B_2KF.lua │ ├── test_4096B_32KF.lua │ ├── test_4096B_4KF.lua │ ├── test_4096B_512F.lua │ └── test_4096B_8KF.lua │ ├── snort_512B │ ├── test_512B_16KF.lua │ ├── test_512B_1F.lua │ ├── test_512B_1KF.lua │ ├── test_512B_256F.lua │ ├── test_512B_2KF.lua │ ├── test_512B_32KF.lua │ ├── test_512B_4KF.lua │ ├── test_512B_512F.lua │ └── test_512B_8KF.lua │ ├── snort_64B │ ├── test_64B_16KF.lua │ ├── test_64B_1F.lua │ ├── test_64B_1KF.lua │ ├── test_64B_256F.lua │ ├── test_64B_2KF.lua │ ├── test_64B_32KF.lua │ ├── test_64B_4KF.lua │ ├── test_64B_512F.lua │ └── test_64B_8KF.lua │ ├── snort_8192B │ ├── test_8192B_16KF.lua │ ├── test_8192B_1F.lua │ ├── test_8192B_1KF.lua │ ├── test_8192B_256F.lua │ ├── test_8192B_2KF.lua │ ├── test_8192B_32KF.lua │ ├── test_8192B_4KF.lua │ ├── test_8192B_512F.lua │ └── test_8192B_8KF.lua │ └── test_start.lua ├── misc ├── LICENSE ├── README.md ├── graphene-01-mmap-map32bit.diff ├── graphene-02-unmap-tcs.diff ├── graphene-03-trustedclock-dpdkocalls.diff ├── graphene-pull-request-58.patch └── testclock │ ├── a.out │ ├── run.sh │ └── testclock.c └── sec-ids-whitepaper.pdf /.gitignore: -------------------------------------------------------------------------------- 1 | /graphene-snort/Runtime/ 2 | *~ 3 | *.token 4 | *.sig 5 | *.manifest.sgx 6 | *.log 7 | *.csv 8 | *.pdf 9 | 10 | graphene-snort/LibOS/shim/test/apps/libdaq/dummy 11 | graphene-snort/LibOS/shim/test/apps/libdaq/install_untrusted 12 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Snort Intrusion Detection System with Intel SGX 2 | Copyright 2018 Intel(R) Corporation 3 | 4 | Portion of this software were developed at Intel Labs (https://www.intel.com/intellabs) 5 | This software is a research proof of concept to demonstrate the use of SGX for 6 | protecting unmodified version of snort intrusion detection system. 7 | 8 | This software not intended for production use. 9 | 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Snort Intrusion Detection System with Intel Software Guard Extension (Intel SGX) 2 | 3 | > :warning: **DISCONTINUATION OF PROJECT** - *This project will no longer be maintained by Intel. Intel has ceased development and contributions including, but not limited to, maintenance, bug fixes, new releases, or updates, to this project.* **Intel no longer accepts patches to this project.** 4 | 5 | 6 | This software is a research proof of concept and not intended for production use 7 | 8 | Network Function Virtualization (NFV) promises the benefits of reduced infrastructure, personnel, and management costs by outsourcing network middleboxes to the public or private cloud. Unfortunately, running network functions in the cloud entails security challenges, especially for complex stateful services. , SEC-IDS is an research attempt to harden the king of middleboxes - Intrusion Detection Systems (IDS) - using Intel Software Guard Extensions (Intel SGX) technology. SEC-IDS, is an unmodified Snort 3 with a DPDK network layer that achieves line rate throughput. SEC-IDS achieves computational integrity by running all Snort code inside an Intel SGX enclave. At the same time, SEC-IDS achieves near-native performance, with throughput close to 100 percent of vanilla Snort 3, by retaining network I/O outside of the enclave. Our experiments indicate that performance is only constrained by the limited amount of Enclave physical memory available on current Intel SGX Skylake based E3 Xeon platforms. Finally, we kept the porting effort minimal by using the Graphene-SGX library OS. Only 27 Lines of Code (LoC) were modified in Snort and 178 LoC in Graphene-SGX itself. 9 | 10 | 11 | ## How to run build and run SEC-IDS 12 | prerequsites : Intel SGX Enabled server platform with a DPDK compatible 10Gbps network controller 13 | 14 | ### Prepare the system first 15 | 16 | Install Ubuntu 16.04 x86_64 on a SGX Enabled machine. Ensure Hyperthreading and Power state management is disabled in BIOS 17 | 18 | 19 | Install dependencies and set appropriate kernel parameters for best performance 20 | 21 | ``` 22 | sudo apt update && sudo apt upgrade 23 | sudo apt install make gcc build-essential ocaml automake autoconf libtool wget python libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev libnuma-dev python-protobuf python-crypto flex bison libpcap-dev unzip cmake hwloc libhwloc-dev pkg-config 24 | sudo apt install htop linux-tools-common linux-tools-`uname -r` 25 | sudo systemctl enable ssh # to persist ssh daemon across reboots 26 | sudo vim /etc/default/grub # change GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="default_hugepagesz=1GB hugepagesz=1G hugepages=16 iommu=pt intel_iommu=on intel_idle.max_cstate=0 intel_pstate=disable" 27 | sudo update-grub 28 | 29 | ``` 30 | 31 | Add the following line in /etc/security/limits.conf to permanently change available locked memory 32 | 33 | ``` 34 | * hard memlock 20971520" and "* soft memlock 20971520" 35 | ``` 36 | 37 | Reboot the machine! 38 | 39 | Once the machine comes up execute the following commands. Note: These commands need to be executed on every boot 40 | 41 | ``` 42 | mkdir /mnt/huge 43 | mount -t hugetlbfs nodev /mnt/huge 44 | ulimit -l unlimited # in case limits.conf doesn't help 45 | sudo sysctl vm.mmap_min_addr=0 46 | ``` 47 | 48 | Optionally, to set the correct date/time on the system, execute the following command 49 | 50 | ``` 51 | sudo date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date: | cut -d' ' -f5-8)Z" # for correct datetime 52 | ``` 53 | 54 | 55 | The build.sh script will automatically build and configure all necessary components automatically. 56 | Make changes in the script as required. The complete build process may take upto 15 minutes 57 | 58 | NOTE: provide the absolute path of linux sgx driver when prompted. That would be absolute path of ./linux-sgx-driver 59 | 60 | ``` 61 | ./build.sh 62 | ``` 63 | 64 | NOTE !!! The following steps below the line are for reference only. The ./build.sh script will perform all steps below 65 | 66 | ------------------------------------------------------------------------------------------------------------------------------ 67 | 68 | Install linux-sgx-driver 69 | 70 | ``` 71 | mkdir ~/01org && cd ~/01org 72 | git clone https://github.com/01org/linux-sgx-driver && cd linux-sgx-driver 73 | make 74 | sudo mkdir -p "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx" # the following commands are from linux-sgx-driver README 75 | sudo cp isgx.ko "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx" 76 | sudo sh -c "cat /etc/modules | grep -Fxq isgx || echo isgx >> /etc/modules" 77 | sudo /sbin/depmod 78 | sudo /sbin/modprobe isgx 79 | ``` 80 | 81 | 82 | Install Linux SGX SDK 83 | 84 | ``` 85 | git clone https://github.com/01org/linux-sgx.git && cd linux-sgx 86 | ./download_prebuilt.sh # the following commands are from linux-sgx README 87 | make 88 | make sdk_install_pkg 89 | make psw_install_pkg 90 | cd linux/installer/bin && sudo ./sgx_linux_x64_psw_${version}.bin 91 | cd linux/installer/bin && sudo ./sgx_linux_x64_sdk_${version}.bin # Choose "/opt/intel" as installdir 92 | sudo service aesmd start 93 | cd /opt/intel/sgxsdk/SampleCode/LocalAttestation && make && ./app # simple test that SGX SDK works 94 | ``` 95 | 96 | 97 | 98 | Install Intel DPDK (SGX-Snort was tested with DPDK 17.08) 99 | 100 | ``` 101 | cd ~ 102 | git clone http://dpdk.org/git/dpdk && cd dpdk 103 | make install T=x86_64-native-linuxapp-gcc DESTDIR=install EXTRA_CFLAGS="-fPIC" 104 | echo 'export RTE_SDK=$HOME/dpdk' >> ~/.bashrc 105 | echo 'export RTE_TARGET=x86_64-native-linuxapp-gcc' >> ~/.bashrc 106 | cd usertools && sudo ./dpdk-setup.sh # choose "[17] Insert VFIO module"; then "[23] Bind Ethernet/Crypto device to VFIO module" for all required network interfaces; then "[24] Setup VFIO permissions" 107 | ``` 108 | 109 | Apply graphene patches and Build Graphene-SGX. Also build libdaq libraries to link with Graphene PAL 110 | 111 | ``` 112 | git clone --recursive https://github.com/oscarlab/graphene.git 113 | pushd graphene 114 | git reset --hard 4d8eacdd44029af28887247ebeb11b3d3ac1f6df 115 | patch -p1 < ../misc/graphene-pull-request-58.patch || exit 1 116 | pushd Pal/src/host/Linux-SGX/sgx-driver/ 117 | make 118 | ./load.sh 119 | popd 120 | patch -p2 < ../misc/graphene-01-mmap-map32bit.diff || exit 1 121 | patch -p2 < ../misc/graphene-02-unmap-tcs.diff || exit 1 122 | patch -p2 < ../misc/graphene-03-trustedclock-dpdkocalls.diff || exit 1 123 | sed -i -r 's/CPUFREQ [0-9]+\.[0-9]+/CPUFREQ 3785.0/' Pal/src/host/Linux-SGX/enclave_ocalls.c # Adjust CPUFREQ here based on CPU frequency 124 | openssl genrsa -3 -out Pal/src/host/Linux-SGX/signer/enclave-key.pem 3072 125 | export RTE_SDK=$(readlink -f ../dpdk) 126 | export RTE_TARGET=x86_64-native-linuxapp-gcc 127 | cp -a ../apps/* LibOS/shim/test/apps/ 128 | make -C LibOS/shim/test/apps/libdaq -f Makefile.untrusted 129 | make clean && make SGX=1 130 | ``` 131 | 132 | Then build snort and depdendent libaries with graphene SGX support 133 | 134 | ``` 135 | make -C LibOS/shim/test/apps 136 | 137 | ``` 138 | 139 | -------------------------------------------------------------------------------------------------------------------------- 140 | 141 | 142 | ### Time to test SGX snort ...Success if you see snort version output 143 | 144 | ``` 145 | export LD_LIBRARY_PATH="$LD_LIBRARY_PATH":$(readlink -f graphene/LibOS/shim/test/apps/libdaq/install/lib) 146 | cd graphene/LibOS/shim/test/apps/snort3 && SGX=1 ./pal_loader snort3.manifest.sgx --version && cd - 147 | 148 | ``` 149 | 150 | Test helloworld app inside Graphene-SGX to make sure the installation was successful 151 | 152 | ``` 153 | cd graphene/LibOS/shim/test/native/ && make SGX=1 DEBUG=1 && make SGX_RUN=1 && ./pal_loader SGX helloworld 154 | ``` 155 | 156 | Run experiments on SGX-Snort (NOTE: change constants in run scripts for your configuration beforehand!) 157 | 158 | ``` 159 | ./graphene-snort/LibOS/shim/test/apps/snort3 && run.sh -v=sgx 160 | ``` 161 | 162 | Run experiments on vanilla Snort (NOTE: change constants in run scripts for your configuration beforehand!) 163 | 164 | ``` 165 | ./graphene-snort/LibOS/shim/test/apps/snort3 && run.sh -v=vanilla 166 | ``` 167 | 168 | 169 | Sample rules are already present in ~/code/graphene-snort/LibOS/shim/test/apps/snort3/rules/ folder. 170 | you can also add rules by adding the new rules file in the folder. 171 | 172 | Latest Rules are available at https://www.snort.org/downloads/community/snort3-community-rules.tar.gz 173 | 174 | To use new rules in SEC-IDS you must add the new rules file name in the snort manifest file 175 | 176 | ``` 177 | ./graphene/LibOS/shim/test/apps/snort3/snort3.manifest.template:sgx.allowed_files.rules6 = file:install/etc/snort/.rules 178 | ``` 179 | 180 | Include the new rule file in snortrules for snort to use it 181 | 182 | ``` 183 | ./graphene/LibOS/shim/test/apps/snort3/run.sh:declare -a snortrules=("" "" ".rules") 184 | ``` 185 | 186 | 187 | ### LICENSE INFORMATION 188 | 189 | Snort v3 and daq-2.2.1 patches are released under GPLv2 190 | 191 | Graphene patches are released under LGPL 192 | 193 | Build and run scripts are released under Apache 2.0 194 | 195 | -------------------------------------------------------------------------------- /apps/Makefile: -------------------------------------------------------------------------------- 1 | # top-level Makefile to build all dependencies of snort3 and then snort3 itself 2 | 3 | SUBDIRS = libdaq libdnet libpcap luajit openssl pcre zlib libdaqdpdk-dummy libnuma-dummy snort3 4 | 5 | all: 6 | for dir in $(SUBDIRS) ; do \ 7 | make -C $$dir SGX=1 ; \ 8 | make -C $$dir SGX_RUN=1 ; \ 9 | done 10 | make -C snort3 -f Makefile.vanilla 11 | deps: 12 | sudo apt-get install flex bison libpcap-dev autoconf libtool hwloc 13 | 14 | clean: 15 | for dir in $(SUBDIRS) ; do \ 16 | make -C $$dir distclean ; \ 17 | done 18 | make -C snort3 -f Makefile.vanilla distclean 19 | 20 | distclean: clean 21 | -------------------------------------------------------------------------------- /apps/libdaq/Makefile: -------------------------------------------------------------------------------- 1 | SRCDIR = daq-2.2.1 2 | 3 | target = dummy2 4 | exec_target = libdaq.manifest 5 | 6 | level = ../../ 7 | include ../../Makefile 8 | 9 | dpdkflags = --with-dpdk-includes=$(RTE_SDK)/x86_64-native-linuxapp-gcc/include --with-dpdk-libraries=$(RTE_SDK)/x86_64-native-linuxapp-gcc/lib 10 | confflags = CFLAGS="-DIN_ENCLAVE -O3 -g" --prefix=$(abspath .)/install $(dpdkflags) 11 | sedprepared=$(subst /,\/,$(abspath .))\/..\/libdaqdpdk-dummy 12 | 13 | dummy2: 14 | # get napatech LibDAQ dependency 15 | rm -rf $(SRCDIR) daq_dpdk_multiqueue 16 | git clone https://github.com/napatech/daq_dpdk_multiqueue.git 17 | git --git-dir=daq_dpdk_multiqueue/.git --work-tree=daq_dpdk_multiqueue/ reset --hard 7c40e02b2b98e6b0974daf13935b1bd71172b2b1 18 | mv daq_dpdk_multiqueue/$(SRCDIR) . && rm -rf daq_dpdk_multiqueue 19 | cd $(SRCDIR) && patch -p1 < ../daq-2.2.1_graphene_dpdk.patch && ./configure $(confflags) 20 | cd $(SRCDIR) && make install 21 | cd $(SRCDIR) && make distclean 22 | sed -i 's/-lpthread/-lpthread -L$(sedprepared) -ldaqdpdk/' install/bin/daq-modules-config 23 | touch dummy2 24 | 25 | distclean: clean 26 | cd $(SRCDIR) && make distclean || true 27 | rm -rf libdaq.manifest.sgx dummy2 install daq-2.2.1/autom4te.cache 28 | rm -rf $(SRCDIR) 29 | -------------------------------------------------------------------------------- /apps/libdaq/Makefile.untrusted: -------------------------------------------------------------------------------- 1 | SRCDIR = daq-2.2.1 2 | 3 | dpdkflags = --with-dpdk-includes=$(RTE_SDK)/x86_64-native-linuxapp-gcc/include --with-dpdk-libraries=$(RTE_SDK)/x86_64-native-linuxapp-gcc/lib 4 | confflags = CFLAGS="-fPIC -O3 -g" --prefix=$(abspath .)/install_untrusted $(dpdkflags) 5 | 6 | dummy: 7 | rm -rf $(SRCDIR) daq_dpdk_multiqueue 8 | git clone https://github.com/napatech/daq_dpdk_multiqueue.git 9 | git --git-dir=daq_dpdk_multiqueue/.git --work-tree=daq_dpdk_multiqueue/ reset --hard 7c40e02b2b98e6b0974daf13935b1bd71172b2b1 10 | mv daq_dpdk_multiqueue/$(SRCDIR) . && rm -rf daq_dpdk_multiqueue 11 | cd $(SRCDIR) && patch -p1 < ../daq-2.2.1_graphene_dpdk.patch && ./configure $(confflags) 12 | cd $(SRCDIR) && make install 13 | cd $(SRCDIR) && make distclean 14 | touch dummy 15 | 16 | distclean: 17 | cd $(SRCDIR) && make distclean || true 18 | rm -rf dummy install_untrusted daq-2.2.1/autom4te.cache 19 | rm -rf $(SRCDIR) 20 | 21 | -------------------------------------------------------------------------------- /apps/libdaq/libdaq.manifest.template: -------------------------------------------------------------------------------- 1 | #!$(PAL) 2 | # nothing really... 3 | -------------------------------------------------------------------------------- /apps/libdaqdpdk-dummy/Makefile: -------------------------------------------------------------------------------- 1 | libdaqdpdk.so.1: libdaqdpdk.c 2 | gcc -fPIC -shared -Wl,-soname,libdaqdpdk.so.1 -o $@ $^ 3 | ln -s libdaqdpdk.so.1 libdaqdpdk.so 4 | 5 | clean: 6 | rm -rf libdaqdpdk.so* 7 | 8 | distclean: clean 9 | -------------------------------------------------------------------------------- /apps/libdaqdpdk-dummy/libdaqdpdk.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | 5 | int ocall_dpdk_initialize(char* config_name, int config_snaplen, unsigned int config_timeout, uint32_t config_flags, int config_mode, 6 | char* dpdk_args, int debug, int dpdk_queues, void** ctxt_ptr, char* errbuf, size_t errlen) { 7 | return 0; 8 | } 9 | 10 | int ocall_dpdk_start_device(void* handle, void* dev) { 11 | return 0; 12 | } 13 | 14 | int ocall_dpdk_acquire(void* handle) { 15 | return 0; 16 | } 17 | 18 | int ocall_dpdk_stop(void* handle) { 19 | return 0; 20 | } 21 | 22 | int ocall_dpdk_shutdown(void* handle) { 23 | return 0; 24 | } 25 | -------------------------------------------------------------------------------- /apps/libdnet/Makefile: -------------------------------------------------------------------------------- 1 | SRCDIR = libdnet-master 2 | 3 | target = dnet 4 | exec_target = libdnet.manifest 5 | 6 | level = ../../ 7 | include ../../Makefile 8 | 9 | confflags = --prefix=$(abspath .)/install 10 | 11 | master.zip: 12 | wget https://github.com/jncornett/libdnet/archive/master.zip 13 | 14 | $(SRCDIR)/configure: master.zip 15 | unzip -u master.zip 16 | 17 | libdnet.so: $(SRCDIR)/configure 18 | cd $(SRCDIR) && ./configure $(confflags) 19 | cd $(SRCDIR) && make -j 8 install 20 | cp -a install/lib/$@* ./ 21 | 22 | dnet: libdnet.so 23 | cp install/sbin/$@ ./ 24 | 25 | distclean: clean 26 | rm -rf $(SRCDIR) libdnet.manifest.sgx master.zip libdnet.so* dnet install 27 | -------------------------------------------------------------------------------- /apps/libdnet/libdnet.manifest.template: -------------------------------------------------------------------------------- 1 | #!$(PAL) 2 | 3 | loader.preload = file:$(SHIMPATH) 4 | loader.exec = file:dnet 5 | loader.env.LD_LIBRARY_PATH = .:/lib:/usr/lib:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu 6 | loader.debug_type = none 7 | 8 | fs.mount.lib.type = chroot 9 | fs.mount.lib.path = /lib 10 | fs.mount.lib.uri = file:$(LIBCDIR) 11 | 12 | fs.mount.cwd.type = chroot 13 | fs.mount.cwd.path = $(PWD) 14 | fs.mount.cwd.uri = file: 15 | 16 | sys.stack.size = 1m 17 | sys.brk.size = 64M 18 | glibc.heap_size = 16M 19 | 20 | sgx.enclave_size=256M 21 | 22 | sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 23 | sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 24 | sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6 25 | sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2 26 | sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0 27 | sgx.trusted_files.libdnet = file:install/lib/libdnet.so.1 28 | -------------------------------------------------------------------------------- /apps/libnuma-dummy/Makefile: -------------------------------------------------------------------------------- 1 | libnuma.so.1: libnuma.c 2 | gcc -fPIC -shared -Wl,-soname,libnuma.so.1 -o $@ $^ 3 | ln -s libnuma.so.1 libnuma.so 4 | 5 | clean: 6 | rm -rf libnuma.so* 7 | 8 | distclean: clean 9 | -------------------------------------------------------------------------------- /apps/libnuma-dummy/libnuma.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | struct bitmask { 5 | unsigned long size; /* number of bits in the map */ 6 | unsigned long *maskp; 7 | }; 8 | 9 | int numa_available(void) { 10 | return 0; 11 | } 12 | 13 | long get_mempolicy(int *mode, unsigned long *nodemask, unsigned long maxnode, void *addr, unsigned long flags) { 14 | return 0; 15 | } 16 | 17 | void numa_bitmask_free(struct bitmask *bmp) { 18 | /* noop */; 19 | } 20 | 21 | struct bitmask *numa_allocate_nodemask(void) { 22 | return NULL; 23 | } 24 | 25 | int set_mempolicy(int mode, unsigned long *nodemask, unsigned long maxnode) { 26 | return 0; 27 | } 28 | 29 | void numa_set_localalloc(void) { 30 | /* noop */; 31 | } 32 | 33 | void numa_set_preferred(int node) { 34 | /* noop */; 35 | } 36 | -------------------------------------------------------------------------------- /apps/libpcap/Makefile: -------------------------------------------------------------------------------- 1 | SRCDIR = libpcap-master 2 | 3 | target = filtertest 4 | exec_target = libpcap.manifest 5 | 6 | level = ../../ 7 | include ../../Makefile 8 | 9 | confflags = --prefix=$(abspath .)/install 10 | 11 | master.zip: 12 | wget https://github.com/the-tcpdump-group/libpcap/archive/master.zip 13 | 14 | $(SRCDIR)/configure: master.zip 15 | unzip -u master.zip 16 | 17 | libpcap.so: $(SRCDIR)/configure 18 | cd $(SRCDIR) && ./configure $(confflags) 19 | cd $(SRCDIR) && make -j 8 install 20 | cd $(SRCDIR) && make -j 8 tests 21 | cp -a install/lib/$@* ./ 22 | 23 | filtertest: libpcap.so 24 | cp $(SRCDIR)/$@ ./ 25 | 26 | distclean: clean 27 | rm -rf $(SRCDIR) libpcap.manifest.sgx master.zip libpcap.so* filtertest install 28 | 29 | run: 30 | ./libpcap.manifest.sgx -F example.txt 0 31 | -------------------------------------------------------------------------------- /apps/libpcap/Makefile.findalldevstest: -------------------------------------------------------------------------------- 1 | SRCDIR = libpcap-master 2 | 3 | target = findalldevstest 4 | exec_target = libpcap.manifest 5 | 6 | level = ../../ 7 | include ../../Makefile 8 | 9 | confflags = --prefix=$(abspath .)/install 10 | 11 | master.zip: 12 | wget https://github.com/the-tcpdump-group/libpcap/archive/master.zip 13 | 14 | $(SRCDIR)/configure: master.zip 15 | unzip -u master.zip 16 | 17 | libpcap.so: $(SRCDIR)/configure 18 | cd $(SRCDIR) && ./configure $(confflags) 19 | cd $(SRCDIR) && make -j 8 install 20 | cd $(SRCDIR) && make -j 8 tests 21 | cp -a install/lib/$@* ./ 22 | 23 | findalldevstest: libpcap.so 24 | cp $(SRCDIR)/$@ ./ 25 | 26 | distclean: clean 27 | rm -rf $(SRCDIR) libpcap.manifest.sgx master.zip libpcap.so* findalldevstest install 28 | -------------------------------------------------------------------------------- /apps/libpcap/example.txt: -------------------------------------------------------------------------------- 1 | # common block merging, same block elimination, result propogation 2 | host 192.168.1.1 3 | -------------------------------------------------------------------------------- /apps/libpcap/libpcap.manifest.template: -------------------------------------------------------------------------------- 1 | #!$(PAL) 2 | 3 | loader.preload = file:$(SHIMPATH) 4 | loader.exec = file:filtertest 5 | loader.env.LD_LIBRARY_PATH = .:/lib:/usr/lib:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu 6 | loader.debug_type = none 7 | 8 | fs.mount.lib.type = chroot 9 | fs.mount.lib.path = /lib 10 | fs.mount.lib.uri = file:$(LIBCDIR) 11 | 12 | fs.mount.cwd.type = chroot 13 | fs.mount.cwd.path = $(PWD) 14 | fs.mount.cwd.uri = file: 15 | 16 | sys.stack.size = 1m 17 | sys.brk.size = 64M 18 | glibc.heap_size = 16M 19 | 20 | sgx.enclave_size=256M 21 | 22 | sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 23 | sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 24 | sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6 25 | sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2 26 | sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0 27 | 28 | sgx.allowed_files.example = file:example.txt 29 | -------------------------------------------------------------------------------- /apps/libpcap/libpcap.manifest.template.findalldevstest: -------------------------------------------------------------------------------- 1 | #!$(PAL) 2 | 3 | loader.preload = file:$(SHIMPATH) 4 | loader.exec = file:findalldevstest 5 | loader.env.LD_LIBRARY_PATH = .:/lib:/usr/lib:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu 6 | loader.debug_type = inline 7 | 8 | fs.mount.lib.type = chroot 9 | fs.mount.lib.path = /lib 10 | fs.mount.lib.uri = file:$(LIBCDIR) 11 | 12 | sys.stack.size = 1m 13 | sys.brk.size = 64M 14 | glibc.heap_size = 16M 15 | 16 | sgx.enclave_size=256M 17 | 18 | sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 19 | sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 20 | sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6 21 | sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2 22 | sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0 23 | -------------------------------------------------------------------------------- /apps/luajit/Makefile: -------------------------------------------------------------------------------- 1 | SRCDIR = LuaJIT-master 2 | 3 | target = luajit 4 | exec_target = libluajit.manifest 5 | 6 | level = ../../ 7 | include ../../Makefile 8 | 9 | confflags = PREFIX=$(abspath .)/install 10 | 11 | master.zip: 12 | wget https://github.com/LuaJIT/LuaJIT/archive/master.zip 13 | 14 | $(SRCDIR)/README: master.zip 15 | unzip -u master.zip 16 | 17 | libluajit-5.1.so: $(SRCDIR)/README 18 | cd $(SRCDIR) && make -j 8 install $(confflags) 19 | cp -a install/lib/$@* ./ 20 | 21 | luajit: libluajit-5.1.so 22 | cp install/bin/$@ ./ 23 | 24 | distclean: clean 25 | rm -rf $(SRCDIR) libluajit.manifest.sgx master.zip libluajit-5.1.so* luajit install 26 | -------------------------------------------------------------------------------- /apps/luajit/example.lua: -------------------------------------------------------------------------------- 1 | local ffi = require("ffi") 2 | ffi.cdef[[ 3 | void Sleep(int ms); 4 | int poll(struct pollfd *fds, unsigned long nfds, int timeout); 5 | ]] 6 | 7 | local sleep 8 | if ffi.os == "Windows" then 9 | function sleep(s) 10 | ffi.C.Sleep(s*1000) 11 | end 12 | else 13 | function sleep(s) 14 | ffi.C.poll(nil, 0, s*1000) 15 | end 16 | end 17 | 18 | for i=1,160 do 19 | io.write("."); io.flush() 20 | sleep(0.01) 21 | end 22 | io.write("\n") 23 | -------------------------------------------------------------------------------- /apps/luajit/libluajit.manifest.template: -------------------------------------------------------------------------------- 1 | #!$(PAL) 2 | 3 | loader.preload = file:$(SHIMPATH) 4 | loader.exec = file:luajit 5 | loader.env.LD_LIBRARY_PATH = .:/lib:/usr/lib:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu 6 | loader.debug_type = none 7 | 8 | fs.mount.lib.type = chroot 9 | fs.mount.lib.path = /lib 10 | fs.mount.lib.uri = file:$(LIBCDIR) 11 | 12 | fs.mount.cwd.type = chroot 13 | fs.mount.cwd.path = $(PWD) 14 | fs.mount.cwd.uri = file: 15 | 16 | fs.mount.lib2.type = chroot 17 | fs.mount.lib2.path = /lib/x86_64-linux-gnu 18 | fs.mount.lib2.uri = file:/lib/x86_64-linux-gnu 19 | 20 | sys.stack.size = 16M 21 | sys.brk.size = 256M 22 | glibc.heap_size = 256M 23 | 24 | sgx.enclave_size=1G 25 | 26 | sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 27 | sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 28 | sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6 29 | sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2 30 | sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0 31 | sgx.trusted_files.libgcc = file:/lib/x86_64-linux-gnu/libgcc_s.so.1 32 | 33 | sgx.allowed_files.example = file:example.lua 34 | -------------------------------------------------------------------------------- /apps/openssl/Makefile: -------------------------------------------------------------------------------- 1 | SRCDIR = openssl-master 2 | 3 | target = openssl 4 | exec_target = openssl.manifest 5 | 6 | level = ../../ 7 | include ../../Makefile 8 | 9 | confflags = --prefix=$(abspath .)/install --openssldir=$(abspath .)/install 10 | 11 | master.zip: 12 | wget https://github.com/openssl/openssl/archive/master.zip 13 | 14 | $(SRCDIR)/config: master.zip 15 | unzip -u master.zip 16 | 17 | libcrypto.so: $(SRCDIR)/config 18 | cd $(SRCDIR) && ./config $(confflags) 19 | cd $(SRCDIR) && make -j 8 20 | cd $(SRCDIR) && make install 21 | cp -a ./install/lib/$@* ./ 22 | 23 | libssl.so: libcrypto.so 24 | cp -a ./install/lib/$@* ./ 25 | 26 | openssl: libcrypto.so libssl.so 27 | cp ./install/bin/$@ ./ 28 | 29 | distclean: clean 30 | rm -rf $(SRCDIR) openssl.manifest.sgx master.zip libcrypto.so* libssl.so* openssl install 31 | -------------------------------------------------------------------------------- /apps/openssl/openssl.manifest.template: -------------------------------------------------------------------------------- 1 | #!$(PAL) 2 | 3 | loader.preload = file:$(SHIMPATH) 4 | loader.exec = file:openssl 5 | loader.env.LD_LIBRARY_PATH = .:/lib:/usr/lib:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu 6 | loader.debug_type = none 7 | 8 | fs.mount.lib.type = chroot 9 | fs.mount.lib.path = /lib 10 | fs.mount.lib.uri = file:$(LIBCDIR) 11 | 12 | fs.mount.cwd.type = chroot 13 | fs.mount.cwd.path = $(PWD) 14 | fs.mount.cwd.uri = file: 15 | 16 | sys.stack.size = 1m 17 | sys.brk.size = 64M 18 | glibc.heap_size = 16M 19 | 20 | sgx.enclave_size=256M 21 | 22 | sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 23 | sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 24 | sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6 25 | sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2 26 | sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0 27 | sgx.trusted_files.libcrypto = file:libcrypto.so.1.1 28 | sgx.trusted_files.libssl = file:libssl.so.1.1 29 | 30 | sgx.allowed_files.conf = file:install/openssl.cnf 31 | sgx.allowed_files.conf2 = file:install/ct_log_list.cnf 32 | -------------------------------------------------------------------------------- /apps/pcre/Makefile: -------------------------------------------------------------------------------- 1 | SRCDIR = pcre-8.41 2 | 3 | target = pcretest 4 | exec_target = pcre.manifest 5 | 6 | level = ../../ 7 | include ../../Makefile 8 | 9 | confflags = --prefix=$(abspath .)/install 10 | 11 | $(SRCDIR)/configure: 12 | wget -qO- https://ftp.pcre.org/pub/pcre/$(SRCDIR).tar.gz | tar xvz 13 | 14 | libpcre.so: $(SRCDIR)/configure 15 | cd $(SRCDIR) && ./configure $(confflags) 16 | cd $(SRCDIR) && make -j 8 install 17 | cp -a ./install/lib/$@* ./ 18 | 19 | libpcreposix.so: libpcre.so 20 | cp -a ./install/lib/$@* ./ 21 | 22 | pcretest: libpcre.so libpcreposix.so 23 | cp ./install/bin/$@ ./ 24 | 25 | distclean: clean 26 | rm -rf $(SRCDIR) pcre.manifest.sgx libpcre.so* libpcreposix.so* pcretest install 27 | -------------------------------------------------------------------------------- /apps/pcre/pcre.manifest.template: -------------------------------------------------------------------------------- 1 | #!$(PAL) 2 | 3 | loader.preload = file:$(SHIMPATH) 4 | loader.exec = file:pcretest 5 | loader.env.LD_LIBRARY_PATH = .:/lib:/usr/lib:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu 6 | loader.debug_type = none 7 | 8 | fs.mount.lib.type = chroot 9 | fs.mount.lib.path = /lib 10 | fs.mount.lib.uri = file:$(LIBCDIR) 11 | 12 | fs.mount.cwd.type = chroot 13 | fs.mount.cwd.path = $(PWD) 14 | fs.mount.cwd.uri = file: 15 | 16 | sys.stack.size = 1m 17 | sys.brk.size = 64M 18 | glibc.heap_size = 16M 19 | 20 | sgx.enclave_size=256M 21 | 22 | sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 23 | sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 24 | sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6 25 | sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2 26 | sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0 27 | sgx.trusted_files.libpcre = file:install/lib/libpcre.so.1 28 | sgx.trusted_files.libpcreposix = file:install/lib/libpcreposix.so.0 29 | -------------------------------------------------------------------------------- /apps/snort3/Makefile: -------------------------------------------------------------------------------- 1 | # NOTE: Build system of Snort3 thinks it needs hwloc even though we patch code 2 | # to remove any dependency; thus, be sure to install hwloc system-wide 3 | # and do not be surprised when the build mentions hwloc 4 | 5 | # "master" for up-to-date version 6 | SNORTVERSION =BUILD_239 7 | SRCDIR = snort3-$(SNORTVERSION) 8 | 9 | target = snort 10 | exec_target = snort3.manifest 11 | 12 | level = ../../ 13 | include ../../Makefile 14 | 15 | INSTALLDIR=$(abspath .)/install 16 | DEPDIR=$(abspath .)/.. 17 | pcapdir =$(DEPDIR)/libpcap/install 18 | daqdir =$(DEPDIR)/libdaq/install 19 | dnetdir =$(DEPDIR)/libdnet/install 20 | luajitdir =$(DEPDIR)/luajit/install 21 | pcredir =$(DEPDIR)/pcre/install 22 | openssldir=$(DEPDIR)/openssl/install 23 | libnumadir=$(DEPDIR)/libnuma-dummy 24 | daqdpdkdir=$(DEPDIR)/libdaqdpdk-dummy 25 | 26 | deplibs = $(addsuffix /lib, $(pcapdir) $(daqdir) $(dnetdir) $(luajitdir) $(pcredir) $(openssldir)) $(DEPDIR)/zlib $(libnumadir) $(daqdpdkdir) 27 | 28 | confflags = --with-pcap-includes=$(pcapdir)/include --with-pcap-libraries=$(pcapdir)/lib \ 29 | --with-daq-includes=$(daqdir)/include --with-daq-libraries=$(daqdir)/lib \ 30 | --with-dnet-includes=$(dnetdir)/include --with-dnet-libraries=$(dnetdir)/lib \ 31 | --with-luajit-includes=$(luajitdir)/include/luajit-2.0 --with-luajit-libraries=$(luajitdir)/lib \ 32 | --with-pcre-includes=$(pcredir)/include --with-pcre-libraries=$(pcredir)/lib \ 33 | --with-openssl=$(openssldir) 34 | 35 | addpath = $(daqdir)/bin:$(dnetdir)/bin:$(luajitdir)/bin:$(pcapdir)/bin:$(PATH) 36 | ldlibrarypath = $(pcapdir)/lib:$(daqdir)/lib:$(dnetdir)/lib:$(luajitdir)/lib:$(pcredir)/lib:$(openssldir)/lib:$(daqdpdkdir):$(LD_LIBRARY_PATH) 37 | pkgconfigpath =$(INSTALLDIR)/lib/pkgconfig 38 | 39 | $(SRCDIR)/configure_cmake.sh: 40 | wget -nc https://github.com/snortadmin/snort3/archive/$(SNORTVERSION).zip 41 | 42 | $(INSTALLDIR)/lib: $(SRCDIR)/configure_cmake.sh 43 | unzip -u $(SNORTVERSION).zip 44 | cd $(SRCDIR) && patch -s -t -N -r - -p1 < ../snort3-nohwloc.patch | true 45 | cd $(SRCDIR) && PATH=$(addpath) ./configure_cmake.sh --prefix=$(INSTALLDIR) $(confflags) 46 | cd $(SRCDIR)/build && PATH=$(addpath) LD_LIBRARY_PATH=$(ldlibrarypath) make install 47 | 48 | $(INSTALLDIR)/lib/snort_extra: $(INSTALLDIR)/lib 49 | cd $(SRCDIR)/extra && PATH=$(addpath) PKG_CONFIG_PATH=$(pkgconfigpath) ./configure_cmake.sh --prefix=$(INSTALLDIR) 50 | cd $(SRCDIR)/extra/build && PATH=$(addpath) LD_LIBRARY_PATH=$(ldlibrarypath) make install 51 | 52 | snort: $(INSTALLDIR)/lib/snort_extra 53 | cp -a $(INSTALLDIR)/bin/$@ ./ 54 | cp -a rules/*.rules $(INSTALLDIR)/etc/snort 55 | mkdir -p $(INSTALLDIR)/deps 56 | for deplib in $(deplibs) ; do \ 57 | cp -a $$deplib/*.so* $(INSTALLDIR)/deps ; \ 58 | done 59 | cd $(INSTALLDIR)/deps && ln -sf libpcap.so.1 libpcap.so.0.8 # TODO: workaround for Ubuntu-related libpcap bug 60 | 61 | distclean: clean 62 | rm -rf $(SRCDIR) $(INSTALLDIR) snort3.manifest.sgx snort $(SNORTVERSION).zip* 63 | -------------------------------------------------------------------------------- /apps/snort3/Makefile.vanilla: -------------------------------------------------------------------------------- 1 | # NOTE: Build system of Snort3 thinks it needs hwloc even though we patch code 2 | # to remove any dependency; thus, be sure to install hwloc system-wide 3 | # and do not be surprised when the build mentions hwloc 4 | 5 | .DEFAULT_GOAL := snort_vanilla 6 | 7 | # "master" for up-to-date version 8 | SNORTVERSION =BUILD_239 9 | SRCDIR = snort3-$(SNORTVERSION) 10 | 11 | INSTALLDIR=$(abspath .)/install_vanilla 12 | DEPDIR=$(abspath .)/.. 13 | pcapdir =$(DEPDIR)/libpcap/install 14 | daqdir =$(DEPDIR)/libdaq/install_untrusted 15 | dnetdir =$(DEPDIR)/libdnet/install 16 | luajitdir =$(DEPDIR)/luajit/install 17 | pcredir =$(DEPDIR)/pcre/install 18 | openssldir=$(DEPDIR)/openssl/install 19 | 20 | deplibs = $(addsuffix /lib, $(pcapdir) $(daqdir) $(dnetdir) $(luajitdir) $(pcredir) $(openssldir)) $(DEPDIR)/zlib 21 | 22 | confflags = --with-pcap-includes=$(pcapdir)/include --with-pcap-libraries=$(pcapdir)/lib \ 23 | --with-daq-includes=$(daqdir)/include --with-daq-libraries=$(daqdir)/lib \ 24 | --with-dnet-includes=$(dnetdir)/include --with-dnet-libraries=$(dnetdir)/lib \ 25 | --with-luajit-includes=$(luajitdir)/include/luajit-2.0 --with-luajit-libraries=$(luajitdir)/lib \ 26 | --with-pcre-includes=$(pcredir)/include --with-pcre-libraries=$(pcredir)/lib \ 27 | --with-openssl=$(openssldir) 28 | 29 | addpath = $(daqdir)/bin:$(dnetdir)/bin:$(luajitdir)/bin:$(pcapdir)/bin:$(PATH) 30 | ldlibrarypath = $(pcapdir)/lib:$(daqdir)/lib:$(dnetdir)/lib:$(luajitdir)/lib:$(pcredir)/lib:$(openssldir)/lib:$(LD_LIBRARY_PATH) 31 | pkgconfigpath =$(INSTALLDIR)/lib/pkgconfig 32 | 33 | $(SRCDIR)/configure_cmake.sh: 34 | wget -nc https://github.com/snortadmin/snort3/archive/$(SNORTVERSION).zip 35 | 36 | $(INSTALLDIR)/lib: $(SRCDIR)/configure_cmake.sh 37 | unzip -u $(SNORTVERSION).zip 38 | cd $(SRCDIR) && patch -s -t -N -r - -p1 < ../snort3-nohwloc.patch | true 39 | cd $(SRCDIR) && PATH=$(addpath) ./configure_cmake.sh --prefix=$(INSTALLDIR) $(confflags) 40 | cd $(SRCDIR)/build && PATH=$(addpath) LD_LIBRARY_PATH=$(ldlibrarypath) make -j 8 install 41 | 42 | $(INSTALLDIR)/lib/snort_extra: $(INSTALLDIR)/lib 43 | cd $(SRCDIR)/extra && PATH=$(addpath) PKG_CONFIG_PATH=$(pkgconfigpath) ./configure_cmake.sh --prefix=$(INSTALLDIR) 44 | cd $(SRCDIR)/extra/build && PATH=$(addpath) LD_LIBRARY_PATH=$(ldlibrarypath) make -j 8 install 45 | 46 | snort_vanilla: $(INSTALLDIR)/lib/snort_extra 47 | cp -a $(INSTALLDIR)/bin/snort ./$@ 48 | cp -a rules/*.rules $(INSTALLDIR)/etc/snort 49 | mkdir -p $(INSTALLDIR)/deps 50 | for deplib in $(deplibs) ; do \ 51 | cp -a $$deplib/*.so* $(INSTALLDIR)/deps ; \ 52 | done 53 | cd $(INSTALLDIR)/deps && ln -sf libpcap.so.1 libpcap.so.0.8 # TODO: workaround for Ubuntu-related libpcap bug 54 | 55 | clean: 56 | rm -rf $(SRCDIR) $(INSTALLDIR) snort_vanilla $(SNORTVERSION).zip* 57 | 58 | distclean: clean 59 | -------------------------------------------------------------------------------- /apps/snort3/download-pcaps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # downloading three pcaps from http://tcpreplay.appneta.com/wiki/captures.html 4 | 5 | wget -nc https://s3.amazonaws.com/tcpreplay-pcap-files/test.pcap 6 | wget -nc https://s3.amazonaws.com/tcpreplay-pcap-files/bigFlows.pcap 7 | wget -nc https://s3.amazonaws.com/tcpreplay-pcap-files/smallFlows.pcap 8 | mv *.pcap pcaps/ | true 9 | -------------------------------------------------------------------------------- /apps/snort3/rules/community_1.rules: -------------------------------------------------------------------------------- 1 | alert tcp $HOME_NET 2589 -> $EXTERNAL_NET any ( msg:"MALWARE-BACKDOOR - Dagger_1.4.0"; flow:to_client,established; content:"2|00 00 00 06 00 00 00|Drives|24 00|",depth 16; metadata:ruleset community; classtype:misc-activity; sid:105; rev:14; ) 2 | -------------------------------------------------------------------------------- /apps/snort3/rules/community_10.rules: -------------------------------------------------------------------------------- 1 | alert tcp $HOME_NET 2589 -> $EXTERNAL_NET any ( msg:"MALWARE-BACKDOOR - Dagger_1.4.0"; flow:to_client,established; content:"2|00 00 00 06 00 00 00|Drives|24 00|",depth 16; metadata:ruleset community; classtype:misc-activity; sid:105; rev:14; ) 2 | alert tcp $EXTERNAL_NET any -> $HOME_NET 7597 ( msg:"MALWARE-BACKDOOR QAZ Worm Client Login access"; flow:to_server,established; content:"qazwsx.hsq"; metadata:ruleset community; reference:mcafee,98775; classtype:misc-activity; sid:108; rev:11; ) 3 | alert tcp $EXTERNAL_NET any -> $HOME_NET 12345:12346 ( msg:"MALWARE-BACKDOOR netbus getinfo"; flow:to_server,established; content:"GetInfo|0D|"; metadata:ruleset community; classtype:trojan-activity; sid:110; rev:10; ) 4 | alert tcp $HOME_NET 20034 -> $EXTERNAL_NET any ( msg:"MALWARE-BACKDOOR NetBus Pro 2.0 connection established"; flow:to_client,established; flowbits:isset,backdoor.netbus_2.connect; content:"BN|10 00 02 00|",depth 6; content:"|05 00|",depth 2,offset 8; metadata:ruleset community; classtype:trojan-activity; sid:115; rev:15; ) 5 | alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"MALWARE-BACKDOOR Infector.1.x"; flow:established,to_client; content:"WHATISIT",depth 9; metadata:impact_flag red,ruleset community; reference:nessus,11157; classtype:misc-activity; sid:117; rev:17; ) 6 | alert tcp $HOME_NET 666 -> $EXTERNAL_NET any ( msg:"MALWARE-BACKDOOR SatansBackdoor.2.0.Beta"; flow:to_client,established; content:"Remote|3A| ",depth 11,nocase; content:"You are connected to me.|0D 0A|Remote|3A| Ready for commands",distance 0,nocase; metadata:ruleset community; reference:url,www.megasecurity.org/trojans/s/satanzbackdoor/SBD2.0b.html; reference:url,www3.ca.com/securityadvisor/pest/pest.aspx?id=5260; classtype:trojan-activity; sid:118; rev:12; ) 7 | alert tcp $HOME_NET 6789 -> $EXTERNAL_NET any ( msg:"MALWARE-BACKDOOR Doly 2.0 access"; flow:established,to_client; content:"Wtzup Use",depth 32; metadata:ruleset community; classtype:misc-activity; sid:119; rev:11; ) 8 | alert tcp $EXTERNAL_NET 1000:1300 -> $HOME_NET 146 ( msg:"MALWARE-BACKDOOR Infector 1.6 Client to Server Connection Request"; flow:to_server,established; content:"FC "; metadata:ruleset community; reference:nessus,11157; classtype:misc-activity; sid:121; rev:14; ) 9 | alert tcp $HOME_NET 31785 -> $EXTERNAL_NET any ( msg:"MALWARE-BACKDOOR HackAttack 1.20 Connect"; flow:established,to_client; content:"host"; metadata:ruleset community; classtype:misc-activity; sid:141; rev:10; ) 10 | alert tcp $EXTERNAL_NET any -> $HOME_NET 21 ( msg:"PROTOCOL-FTP ADMw0rm ftp login attempt"; flow:to_server,established; content:"USER",nocase; content:"w0rm",distance 1,nocase; pcre:"/^USER\s+w0rm/smi"; metadata:ruleset community; service:ftp; classtype:suspicious-login; sid:144; rev:16; ) 11 | -------------------------------------------------------------------------------- /apps/snort3/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | SNORTVERSION="sgx" # or "vanilla" 4 | for i in "$@"; do 5 | case $i in 6 | -v=*|--version=*) 7 | SNORTVERSION="${i#*=}" 8 | shift 9 | ;; 10 | *) 11 | # unknown option 12 | ;; 13 | esac 14 | done 15 | 16 | declare -a times=(3) 17 | declare -a zthreads=(2 3) 18 | declare -a sleeps=(120) # best values are 60-180 19 | 20 | # config and pcap files for PktGen go together 21 | declare -a pktgenconfigs=("snort_64B/test_64B_256F.lua" "snort_64B/test_64B_1KF.lua" "snort_64B/test_64B_4KF.lua" "snort_64B/test_64B_8KF.lua" "snort_64B/test_64B_16KF.lua" "snort_64B/test_64B_32KF.lua" \ 22 | "snort_128B/test_128B_256F.lua" "snort_128B/test_128B_1KF.lua" "snort_128B/test_128B_4KF.lua" "snort_128B/test_128B_8KF.lua" "snort_128B/test_128B_16KF.lua" "snort_128B/test_128B_32KF.lua" \ 23 | "snort_256B/test_256B_256F.lua" "snort_256B/test_256B_1KF.lua" "snort_256B/test_256B_4KF.lua" "snort_256B/test_256B_8KF.lua" "snort_256B/test_256B_16KF.lua" "snort_256B/test_256B_32KF.lua" \ 24 | "snort_512B/test_512B_256F.lua" "snort_512B/test_512B_1KF.lua" "snort_512B/test_512B_4KF.lua" "snort_512B/test_512B_8KF.lua" "snort_512B/test_512B_16KF.lua" "snort_512B/test_512B_32KF.lua" \ 25 | "snort_1024B/test_1024B_256F.lua" "snort_1024B/test_1024B_1KF.lua" "snort_1024B/test_1024B_4KF.lua" "snort_1024B/test_1024B_8KF.lua" "snort_1024B/test_1024B_16KF.lua" "snort_1024B/test_1024B_32KF.lua" \ 26 | "test_start.lua" "test_start.lua" "test_start.lua") 27 | declare -a pktgenpcaps=("" "" "" "" "" "" \ 28 | "" "" "" "" "" "" \ 29 | "" "" "" "" "" "" \ 30 | "" "" "" "" "" "" \ 31 | "" "" "" "" "" "" \ 32 | "test.pcap" "smallFlows.pcap" "bigFlows.pcap") 33 | 34 | # config, rules, and alers for Snort go together 35 | declare -a snortconfigs=("" "snort.lua" "snort.lua" "snort.lua" "snort.lua" "snort.lua" "snort.lua" "snort.lua") 36 | declare -a snortrules=("" "" "community_1.rules" "community_10.rules" "community_100.rules" "community_1000.rules" "community_3462.rules" "community_3462.rules") 37 | declare -a snortalerts=("" "" "" "" "" "" "" "fast") 38 | 39 | # prep phase, for sanity 40 | ./run_pktgen.sh -k="killpktgen" || true 41 | sleep 5 42 | 43 | logfile="exp-${SNORTVERSION}-`date --rfc-3339=date`.log" 44 | echo "===== snort $logfile =====" | tee $logfile 45 | echo "" | tee -a $logfile 46 | 47 | total=$((${#times[@]} * ${#sleeps[@]} * ${#zthreads[@]} * ${#pktgenconfigs[@]} * ${#snortconfigs[@]})) 48 | current=0 49 | 50 | for time in "${times[@]}"; do 51 | for sl in "${sleeps[@]}"; do 52 | for zthread in "${zthreads[@]}"; do 53 | for pktgenidx in ${!pktgenconfigs[@]}; do 54 | for snortidx in ${!snortconfigs[@]}; do 55 | current=$((current+1)) 56 | pktgenconfig=${pktgenconfigs[$pktgenidx]} 57 | pktgenpcap=${pktgenpcaps[$pktgenidx]} 58 | 59 | snortconfig=${snortconfigs[$snortidx]} 60 | snortrule=${snortrules[$snortidx]} 61 | snortalert=${snortalerts[$snortidx]} 62 | 63 | settings="TIME=$time SLEEP=$sl ZTHREAD=$zthread PKTGENCONFIG=$pktgenconfig PKTGENPCAP=$pktgenpcap SNORTCONFIG=$snortconfig SNORTRULE=$snortrule SNORTALERT=$snortalert" 64 | echo "EXPERIMENT_START $settings ($current/$total)" | tee -a $logfile 65 | 66 | ./run_pktgen.sh -c=$pktgenconfig -p=$pktgenpcap 67 | sleep 10 68 | ./run_snort.sh -v=$SNORTVERSION -z=$zthread -s=$sl -c=$snortconfig -R=$snortrule -A=$snortalert -l=/tmp/snort.log 69 | sleep 3 70 | ./run_pktgen.sh -k="killpktgen" 71 | sleep 3 72 | 73 | sed -i '/^trusted:/d' /tmp/snort.log 74 | sed -i '/^allowed:/d' /tmp/snort.log 75 | sed -i '/^EAL:/d' /tmp/snort.log 76 | sed -i '/^adding pages to enclave:/d' /tmp/snort.log 77 | sed -i '/^manifest file:/d' /tmp/snort.log 78 | sed -i '/^enclave created:/d' /tmp/snort.log 79 | sed -i '/^ base:/d' /tmp/snort.log 80 | sed -i '/^ size:/d' /tmp/snort.log 81 | sed -i '/^ attr:/d' /tmp/snort.log 82 | sed -i '/^ xfrm:/d' /tmp/snort.log 83 | sed -i '/^ ssaframesize:/d' /tmp/snort.log 84 | sed -i '/^ isvprodid:/d' /tmp/snort.log 85 | sed -i '/^ isvsvn:/d' /tmp/snort.log 86 | sed -i '/^enclave initializing:/d' /tmp/snort.log 87 | sed -i '/^ enclave id:/d' /tmp/snort.log 88 | sed -i '/^ enclave hash:/d' /tmp/snort.log 89 | sed -i '/^Get sealing key:/d' /tmp/snort.log 90 | sed -i '/^enclave (software) key hash:/d' /tmp/snort.log 91 | sed -i '/^file:/d' /tmp/snort.log 92 | sed -i '/^PMD:/d' /tmp/snort.log 93 | sed -i '/dpdk stats/! {/\[\*\*\]/d}' /tmp/snort.log # rm `-A fast` output 94 | cat /tmp/snort.log >> $logfile 95 | 96 | echo "EXPERIMENT_END $settings" | tee -a $logfile 97 | echo "" | tee -a $logfile 98 | done #snort 99 | done #pktgen 100 | done #zthreads 101 | done #sleeps 102 | done #times 103 | 104 | echo "DONE!" 105 | -------------------------------------------------------------------------------- /apps/snort3/run_pktgen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | USER=root 4 | SERVER=10.23.152.158 5 | PKTGENPATH=/$USER/pktgen-3.4.0 # NOTE: version 3.4.2 doesn't work correctly with ssh! 6 | PCAPSPATH=/$USER/pcaps 7 | CONFIGFILE=test_start.lua # dummy default 8 | PCAPFILE= 9 | KILL= 10 | 11 | for i in "$@"; do 12 | case $i in 13 | -k=*|--kill=*) 14 | KILL="${i#*=}" 15 | shift 16 | ;; 17 | -u=*|--user=*) 18 | USER="${i#*=}" 19 | shift 20 | ;; 21 | -s=*|--server=*) 22 | SERVER="${i#*=}" 23 | shift 24 | ;; 25 | -p=*|--pcap=*) 26 | PCAPFILE="${i#*=}" 27 | shift 28 | ;; 29 | -c=*|--config=*) 30 | CONFIGFILE="${i#*=}" 31 | shift 32 | ;; 33 | *) 34 | # unknown option 35 | ;; 36 | esac 37 | done 38 | 39 | if [[ ! -z $KILL ]]; then 40 | ssh -tq $USER@$SERVER "sudo killall -q pktgen" 41 | exit 0 42 | fi 43 | 44 | PKTGENCMD="sudo app/x86_64-native-linuxapp-gcc/pktgen -l 0-1 -n 2 --proc-type auto --log-level 7 -m 4096 --file-prefix pktgen -b 0000:01:00.1 -- -T -P -m 1.0 -f test/$CONFIGFILE" 45 | if [[ ! -z $PCAPFILE ]]; then 46 | PKTGENCMD="$PKTGENCMD -s 0:$PCAPSPATH/$PCAPFILE" 47 | fi 48 | 49 | ssh -nf $USER@$SERVER "sh -c 'cd $PKTGENPATH; nohup $PKTGENCMD > /dev/null 2>&1 &'" 50 | -------------------------------------------------------------------------------- /apps/snort3/run_snort.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | THREADS=2 # at least two threads, one for DPDK, one for Snort 4 | SLEEPDURATION=30 5 | CONFIGFILE= 6 | RULESFILE= 7 | ALERT= 8 | 9 | LOGFILE=/tmp/snort.log 10 | SNORTVERSION="sgx" # or "vanilla" 11 | 12 | for i in "$@"; do 13 | case $i in 14 | -z=*|--zthreads=*) 15 | THREADS="${i#*=}" 16 | shift 17 | ;; 18 | -s=*|--sleep=*) 19 | SLEEPDURATION="${i#*=}" 20 | shift 21 | ;; 22 | -c=*|--config=*) 23 | CONFIGFILE="${i#*=}" 24 | shift 25 | ;; 26 | -R=*|--rules=*) 27 | RULESFILE="${i#*=}" 28 | shift 29 | ;; 30 | -A=*|--alert=*) 31 | ALERT="${i#*=}" 32 | shift 33 | ;; 34 | -l=*|--logfile=*) 35 | LOGFILE="${i#*=}" 36 | shift 37 | ;; 38 | -v=*|--version=*) 39 | SNORTVERSION="${i#*=}" 40 | shift 41 | ;; 42 | *) 43 | # unknown option 44 | ;; 45 | esac 46 | done 47 | 48 | SNORTCMD="-z $THREADS" 49 | if [[ ! -z $CONFIGFILE ]]; then 50 | SNORTCMD="$SNORTCMD -c install/etc/snort/$CONFIGFILE" 51 | fi 52 | if [[ ! -z $RULESFILE ]]; then 53 | SNORTCMD="$SNORTCMD -R install/etc/snort/$RULESFILE" 54 | fi 55 | if [[ ! -z $ALERT ]]; then 56 | SNORTCMD="$SNORTCMD -A $ALERT" 57 | fi 58 | 59 | EXECRUN="-E LD_LIBRARY_PATH=../libdaq/install_untrusted/lib/ ./snort3.manifest.sgx" 60 | EXECKILL="pal-Linux-SGX" 61 | if [ "$SNORTVERSION" == "vanilla" ]; then 62 | EXECRUN="-E LD_LIBRARY_PATH=install_vanilla/deps install_vanilla/bin/snort" 63 | EXECKILL="snort" 64 | fi 65 | 66 | # prep phase, for sanity 67 | sudo killall -q -9 pal-Linux-SGX || true 68 | sudo killall -q -9 snort || true 69 | sudo rm -f /var/run/.snrt_config || true 70 | 71 | export LUA_PATH="`pwd`/install_vanilla/include/snort/lua/?.lua;" 72 | export SNORT_LUA_PATH="install_vanilla/etc/snort/" 73 | 74 | while true ; do 75 | sudo $EXECRUN --daq dpdk -i dpdk0 --daq-var dpdk_queues=1 --daq-var dpdk_args="-n 2 -l 1 -m 4096 --file-prefix snrt -b 0000:01:00.1 -b 0000:01:00.2 -b 0000:01:00.3" $SNORTCMD >$LOGFILE 2>&1 & 76 | sleep $SLEEPDURATION 77 | sudo killall -q $EXECKILL 78 | sleep 5 79 | 80 | if grep -q -e 'assert' -e 'Assertion' -e 'FATAL' -e 'Segmentation' -e 'segmentation' -e 'segfault' $LOGFILE; then # sometimes Graphene/Snort break, retry 81 | sudo killall -q -9 $EXECKILL || true 82 | sudo rm -f /var/run/.snrt_config || true 83 | sleep 5 84 | continue 85 | fi 86 | 87 | for job in `jobs -p`; do 88 | wait $job 89 | done 90 | break 91 | done #infinite loop 92 | -------------------------------------------------------------------------------- /apps/snort3/runcpu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | SNORTVERSION="sgx" # or "vanilla" 4 | for i in "$@"; do 5 | case $i in 6 | -v=*|--version=*) 7 | SNORTVERSION="${i#*=}" 8 | shift 9 | ;; 10 | *) 11 | # unknown option 12 | ;; 13 | esac 14 | done 15 | 16 | declare -a times=(1 2 3) 17 | declare -a zthreads=(2 3) 18 | declare -a sleeps=(120) # best values are 60-180 19 | 20 | # config and pcap files for PktGen go together 21 | declare -a pktgenconfigs=("snort_1024B/test_1024B_256F.lua" "snort_1024B/test_1024B_1KF.lua" "snort_1024B/test_1024B_4KF.lua" "snort_1024B/test_1024B_8KF.lua" "snort_1024B/test_1024B_16KF.lua" "snort_1024B/test_1024B_32KF.lua") 22 | declare -a pktgenpcaps=("" "" "" "" "" "") 23 | 24 | # config, rules, and alers for Snort go together 25 | declare -a snortconfigs=("snort.lua" "snort.lua") 26 | declare -a snortrules=("community_3462.rules" "community_3462.rules") 27 | declare -a snortalerts=("" "fast") 28 | 29 | # prep phase, for sanity 30 | ./run_pktgen.sh -k="killpktgen" || true 31 | sleep 5 32 | 33 | logfile="exp-cpu-${SNORTVERSION}-`date --rfc-3339=date`.log" 34 | echo "===== snort $logfile =====" | tee $logfile 35 | echo "" | tee -a $logfile 36 | 37 | total=$((${#times[@]} * ${#sleeps[@]} * ${#zthreads[@]} * ${#pktgenconfigs[@]} * ${#snortconfigs[@]})) 38 | current=0 39 | 40 | for time in "${times[@]}"; do 41 | for sl in "${sleeps[@]}"; do 42 | for zthread in "${zthreads[@]}"; do 43 | for pktgenidx in ${!pktgenconfigs[@]}; do 44 | for snortidx in ${!snortconfigs[@]}; do 45 | current=$((current+1)) 46 | pktgenconfig=${pktgenconfigs[$pktgenidx]} 47 | pktgenpcap=${pktgenpcaps[$pktgenidx]} 48 | 49 | snortconfig=${snortconfigs[$snortidx]} 50 | snortrule=${snortrules[$snortidx]} 51 | snortalert=${snortalerts[$snortidx]} 52 | 53 | settings="TIME=$time SLEEP=$sl ZTHREAD=$zthread PKTGENCONFIG=$pktgenconfig PKTGENPCAP=$pktgenpcap SNORTCONFIG=$snortconfig SNORTRULE=$snortrule SNORTALERT=$snortalert" 54 | echo "EXPERIMENT_START $settings ($current/$total)" | tee -a $logfile 55 | 56 | ./run_pktgen.sh -c=$pktgenconfig -p=$pktgenpcap 57 | sleep 10 58 | top -bn1000 -p $(pgrep ksgxswapd) >> $logfile 2>&1 & 59 | ./run_snort.sh -v=$SNORTVERSION -z=$zthread -s=$sl -c=$snortconfig -R=$snortrule -A=$snortalert -l=/tmp/snort.log 60 | killall top 61 | sleep 3 62 | ./run_pktgen.sh -k="killpktgen" 63 | sleep 3 64 | 65 | echo "EXPERIMENT_END $settings" | tee -a $logfile 66 | echo "" | tee -a $logfile 67 | done #snort 68 | done #pktgen 69 | done #zthreads 70 | done #sleeps 71 | done #times 72 | 73 | echo "DONE!" 74 | -------------------------------------------------------------------------------- /apps/snort3/snort3-nohwloc.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/main/thread_config.cc b/src/main/thread_config.cc 2 | index a3ffb14..b00af62 100644 3 | --- a/src/main/thread_config.cc 4 | +++ b/src/main/thread_config.cc 5 | @@ -23,7 +23,11 @@ 6 | 7 | #include "thread_config.h" 8 | 9 | +#define NOHWLOC // Dmitrii Kuvaiskii on 7/21/2017: rm hwloc dependency 10 | + 11 | +#ifndef NOHWLOC 12 | #include 13 | +#endif 14 | 15 | #include "log/messages.h" 16 | #include "utils/util.h" 17 | @@ -32,13 +36,16 @@ 18 | #include "catch/catch.hpp" 19 | #endif 20 | 21 | +#ifndef NOHWLOC 22 | static hwloc_topology_t topology = nullptr; 23 | static hwloc_cpuset_t process_cpuset = nullptr; 24 | static const struct hwloc_topology_support* topology_support = nullptr; 25 | +#endif 26 | static unsigned instance_max = 1; 27 | 28 | struct CpuSet 29 | { 30 | +#ifndef NOHWLOC 31 | CpuSet(hwloc_cpuset_t set) : cpuset(set) { } 32 | ~CpuSet() 33 | { 34 | @@ -47,10 +54,14 @@ struct CpuSet 35 | } 36 | 37 | hwloc_cpuset_t cpuset; 38 | +#else 39 | + char dummy; 40 | +#endif 41 | }; 42 | 43 | bool ThreadConfig::init() 44 | { 45 | +#ifndef NOHWLOC 46 | if (hwloc_topology_init(&topology)) 47 | return false; 48 | if (hwloc_topology_load(topology)) 49 | @@ -66,6 +77,7 @@ bool ThreadConfig::init() 50 | } 51 | else 52 | process_cpuset = hwloc_bitmap_dup(hwloc_topology_get_allowed_cpuset(topology)); 53 | +#endif 54 | return true; 55 | } 56 | 57 | @@ -75,9 +87,11 @@ void ThreadConfig::set_instance_max(unsigned max) 58 | instance_max = max; 59 | else 60 | { 61 | +#ifndef NOHWLOC 62 | /* A max of 0 indicates automatic allocation. Set the instance max to the total number of 63 | CPUs in the our process's running cpuset. */ 64 | instance_max = hwloc_bitmap_weight(process_cpuset); 65 | +#endif 66 | } 67 | } 68 | 69 | @@ -88,6 +102,7 @@ unsigned ThreadConfig::get_instance_max() 70 | 71 | CpuSet* ThreadConfig::validate_cpuset_string(const char* cpuset_str) 72 | { 73 | +#ifndef NOHWLOC 74 | hwloc_bitmap_t cpuset = hwloc_bitmap_alloc(); 75 | if (hwloc_bitmap_list_sscanf(cpuset, cpuset_str) || 76 | !hwloc_bitmap_isincluded(cpuset, process_cpuset)) 77 | @@ -96,6 +111,9 @@ CpuSet* ThreadConfig::validate_cpuset_string(const char* cpuset_str) 78 | return nullptr; 79 | } 80 | return new CpuSet(cpuset); 81 | +#else 82 | + return nullptr; 83 | +#endif 84 | } 85 | 86 | void ThreadConfig::destroy_cpuset(CpuSet *cpuset) 87 | @@ -105,6 +123,7 @@ void ThreadConfig::destroy_cpuset(CpuSet *cpuset) 88 | 89 | void ThreadConfig::term() 90 | { 91 | +#ifndef NOHWLOC 92 | if (topology) 93 | { 94 | hwloc_topology_destroy(topology); 95 | @@ -116,6 +135,7 @@ void ThreadConfig::term() 96 | process_cpuset = nullptr; 97 | } 98 | topology_support = nullptr; 99 | +#endif 100 | } 101 | 102 | ThreadConfig::~ThreadConfig() 103 | @@ -126,6 +146,7 @@ ThreadConfig::~ThreadConfig() 104 | 105 | void ThreadConfig::set_thread_affinity(SThreadType type, unsigned id, CpuSet* cpuset) 106 | { 107 | +#ifndef NOHWLOC 108 | if (topology_support->cpubind->set_thisthread_cpubind) 109 | { 110 | TypeIdPair key { type, id }; 111 | @@ -137,10 +158,12 @@ void ThreadConfig::set_thread_affinity(SThreadType type, unsigned id, CpuSet* cp 112 | } 113 | else 114 | ParseWarning(WARN_CONF, "This platform does not support setting thread affinity.\n"); 115 | +#endif 116 | } 117 | 118 | void ThreadConfig::implement_thread_affinity(SThreadType type, unsigned id) 119 | { 120 | +#ifndef NOHWLOC 121 | if (!topology_support->cpubind->set_thisthread_cpubind) 122 | return; 123 | 124 | @@ -168,6 +191,7 @@ void ThreadConfig::implement_thread_affinity(SThreadType type, unsigned id) 125 | } 126 | 127 | free(s); 128 | +#endif 129 | } 130 | 131 | 132 | @@ -183,6 +207,7 @@ TEST_CASE("Parse cpuset string negative test", "[ThreadConfig]") 133 | CHECK(cpuset == nullptr); 134 | } 135 | 136 | +#ifndef NOHWLOC 137 | TEST_CASE("Parse cpuset string positive test", "[ThreadConfig]") 138 | { 139 | char* s; 140 | @@ -227,5 +252,6 @@ TEST_CASE("Set and implement thread affinity", "[ThreadConfig]") 141 | hwloc_bitmap_free(thread_cpuset); 142 | } 143 | } 144 | +#endif 145 | 146 | #endif 147 | -------------------------------------------------------------------------------- /apps/snort3/snort3.manifest.template: -------------------------------------------------------------------------------- 1 | #!$(PAL) 2 | 3 | loader.preload = file:$(SHIMPATH) 4 | loader.exec = file:snort 5 | 6 | loader.env.LD_LIBRARY_PATH = install/deps:/lib:/usr/lib:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu 7 | loader.env.LUA_PATH = install/include/snort/lua/?.lua; 8 | loader.env.SNORT_LUA_PATH = install/etc/snort/ 9 | 10 | loader.debug_type = none 11 | 12 | fs.mount.lib.type = chroot 13 | fs.mount.lib.path = /lib 14 | fs.mount.lib.uri = file:$(LIBCDIR) 15 | 16 | fs.mount.cwd.type = chroot 17 | fs.mount.cwd.path = $(PWD) 18 | fs.mount.cwd.uri = file: 19 | 20 | fs.mount.usr.type = chroot 21 | fs.mount.usr.path = /usr 22 | fs.mount.usr.uri = file:/usr 23 | 24 | fs.mount.lib2.type = chroot 25 | fs.mount.lib2.path = /lib/x86_64-linux-gnu 26 | fs.mount.lib2.uri = file:/lib/x86_64-linux-gnu 27 | 28 | sys.stack.size = 1m 29 | sys.brk.size = 64M 30 | glibc.heap_size = 16M 31 | 32 | sgx.enclave_size=2G 33 | sgx.thread_num=8 34 | 35 | ### libc and libstdc++ libraries 36 | sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 37 | sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 38 | sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6 39 | sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2 40 | sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0 41 | sgx.trusted_files.libgcc = file:/lib/x86_64-linux-gnu/libgcc_s.so.1 42 | sgx.trusted_files.libcpp = file:/usr/lib/x86_64-linux-gnu/libstdc++.so.6 43 | sgx.trusted_files.liblzma = file:/lib/x86_64-linux-gnu/liblzma.so.5 44 | 45 | ### NIS libraries 46 | sgx.trusted_files.libnssfiles = file:/lib/x86_64-linux-gnu/libnss_files.so.2 47 | sgx.trusted_files.libnssnis = file:/lib/x86_64-linux-gnu/libnss_nis.so.2 48 | sgx.trusted_files.libnsl = file:/lib/x86_64-linux-gnu/libnsl.so.1 49 | 50 | # dependencies of Snort 51 | # sgx.trusted_files.libdaq = file:install/deps/libdaq.so.4 52 | sgx.trusted_files.libsfbpf = file:install/deps/libsfbpf.so.0 53 | sgx.trusted_files.libdnet = file:install/deps/libdnet.so.1 54 | sgx.trusted_files.libpcap = file:install/deps/libpcap.so.0.8 55 | sgx.trusted_files.luajit = file:install/deps/libluajit-5.1.so.2 56 | sgx.trusted_files.libcrypto = file:install/deps/libcrypto.so.1.1 57 | sgx.trusted_files.libpcre = file:install/deps/libpcre.so.1 58 | sgx.trusted_files.libz = file:install/deps/libz.so.1 59 | sgx.trusted_files.libnuma = file:install/deps/libnuma.so.1 60 | sgx.trusted_files.libdaqdpdk = file:install/deps/libdaqdpdk.so.1 61 | 62 | # C++ plugins of Snort 63 | sgx.trusted_files.plugincxx1 = file:install/lib/snort_extra/inspectors/data_log.so 64 | sgx.trusted_files.plugincxx2 = file:install/lib/snort_extra/inspectors/dpx.so 65 | sgx.trusted_files.plugincxx3 = file:install/lib/snort_extra/daqs/daq_socket.so 66 | sgx.trusted_files.plugincxx4 = file:install/lib/snort_extra/daqs/daq_regtest.so 67 | sgx.trusted_files.plugincxx5 = file:install/lib/snort_extra/codecs/cd_wlan.so 68 | sgx.trusted_files.plugincxx6 = file:install/lib/snort_extra/codecs/cd_ppp.so 69 | sgx.trusted_files.plugincxx7 = file:install/lib/snort_extra/codecs/cd_null.so 70 | sgx.trusted_files.plugincxx8 = file:install/lib/snort_extra/codecs/cd_linux_sll.so 71 | sgx.trusted_files.plugincxx9 = file:install/lib/snort_extra/codecs/cd_slip.so 72 | sgx.trusted_files.plugincxx10 = file:install/lib/snort_extra/codecs/cd_token_ring.so 73 | sgx.trusted_files.plugincxx11 = file:install/lib/snort_extra/codecs/cd_pflog.so 74 | sgx.trusted_files.plugincxx12 = file:install/lib/snort_extra/codecs/cd_raw4.so 75 | sgx.trusted_files.plugincxx13 = file:install/lib/snort_extra/codecs/cd_pim.so 76 | sgx.trusted_files.plugincxx14 = file:install/lib/snort_extra/codecs/cd_raw6.so 77 | sgx.trusted_files.plugincxx15 = file:install/lib/snort_extra/codecs/cd_eapol.so 78 | sgx.trusted_files.plugincxx16 = file:install/lib/snort_extra/so_rules/sid_18758.so 79 | sgx.trusted_files.plugincxx17 = file:install/lib/snort_extra/search_engines/lowmem.so 80 | sgx.trusted_files.plugincxx18 = file:install/lib/snort_extra/ips_options/ips_urg.so 81 | sgx.trusted_files.plugincxx19 = file:install/lib/snort_extra/ips_options/ips_pkt_num.so 82 | sgx.trusted_files.plugincxx20 = file:install/lib/snort_extra/loggers/alert_unixsock.so 83 | sgx.trusted_files.plugincxx21 = file:install/lib/snort_extra/loggers/log_null.so 84 | sgx.trusted_files.plugincxx22 = file:install/lib/snort_extra/loggers/alert_ex.so 85 | 86 | # config files + rules for Snort 87 | sgx.allowed_files.lua1 = file:install/etc/snort/snort.lua 88 | sgx.allowed_files.lua2 = file:install/etc/snort/snort_defaults.lua 89 | sgx.allowed_files.lua3 = file:install/etc/snort/file_magic.lua 90 | sgx.allowed_files.rules = file:install/etc/snort/sample.rules 91 | sgx.allowed_files.rules2 = file:install/etc/snort/community.rules 92 | sgx.allowed_files.rules3 = file:install/etc/snort/community_1.rules 93 | sgx.allowed_files.rules4 = file:install/etc/snort/community_10.rules 94 | sgx.allowed_files.rules5 = file:install/etc/snort/community_100.rules 95 | sgx.allowed_files.rules6 = file:install/etc/snort/community_1000.rules 96 | sgx.allowed_files.rules7 = file:install/etc/snort/community_3462.rules 97 | 98 | sgx.allowed_files.configlua = file:install/include/snort/lua/snort_config.lua 99 | sgx.allowed_files.pluginlua = file:install/include/snort/lua/snort_plugin.lua 100 | 101 | # Lua plugins of Snort 102 | sgx.allowed_files.pluginlua1 = file:install/lib/snort_extra/ips_options/find.lua 103 | sgx.allowed_files.pluginlua2 = file:install/lib/snort_extra/loggers/alert.lua 104 | 105 | # PCAP inputs for Snort 106 | sgx.allowed_files.input1 = file:pcaps/test.pcap 107 | sgx.allowed_files.input2 = file:pcaps/smallFlows.pcap 108 | sgx.allowed_files.input3 = file:pcaps/bigFlows.pcap 109 | -------------------------------------------------------------------------------- /apps/zlib/Makefile: -------------------------------------------------------------------------------- 1 | SRCDIR = zlib-1.2.11 2 | 3 | target = examplesh 4 | exec_target = zlib.manifest 5 | 6 | level = ../../ 7 | include ../../Makefile 8 | 9 | $(SRCDIR)/configure: 10 | wget -qO- http://zlib.net/$(SRCDIR).tar.gz | tar xvz 11 | 12 | libz.so: $(SRCDIR)/configure 13 | cd $(SRCDIR) && ./configure 14 | cd $(SRCDIR) && make -j 8 15 | cp -a $(SRCDIR)/$@* ./ 16 | 17 | examplesh: libz.so 18 | cp $(SRCDIR)/$@ ./ 19 | 20 | distclean: clean 21 | rm -rf $(SRCDIR) zlib.manifest.sgx libz.so* examplesh foo.gz 22 | -------------------------------------------------------------------------------- /apps/zlib/zlib.manifest.template: -------------------------------------------------------------------------------- 1 | #!$(PAL) 2 | 3 | loader.preload = file:$(SHIMPATH) 4 | loader.exec = file:examplesh 5 | loader.env.LD_LIBRARY_PATH = .:/lib:/usr/lib:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu 6 | loader.debug_type = none 7 | 8 | fs.mount.lib.type = chroot 9 | fs.mount.lib.path = /lib 10 | fs.mount.lib.uri = file:$(LIBCDIR) 11 | 12 | fs.mount.cwd.type = chroot 13 | fs.mount.cwd.path = $(PWD) 14 | fs.mount.cwd.uri = file: 15 | 16 | sys.stack.size = 1m 17 | sys.brk.size = 64M 18 | glibc.heap_size = 16M 19 | 20 | sgx.enclave_size=256M 21 | 22 | sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 23 | sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 24 | sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6 25 | sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2 26 | sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0 27 | sgx.trusted_files.libz = file:libz.so.1 28 | 29 | sgx.allowed_files.foo = file:foo.gz 30 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -x 4 | set -e 5 | 6 | apt-get update -y 7 | 8 | apt-get install -y --no-install-recommends make gcc build-essential ocaml automake autoconf libtool wget python libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev libnuma-dev python-protobuf python-crypto flex bison libpcap-dev unzip cmake hwloc libhwloc-dev pkg-config git linux-tools-common linux-tools-`uname -r` linux-headers-generic 9 | 10 | if [ ! -d /opt/intel/sgxsdk ] ; then 11 | wget https://download.01.org/intel-sgx/linux-2.0/sgx_linux_ubuntu16.04.1_x64_sdk_2.0.100.40950.bin 12 | printf 'no\n/opt/intel\n' | bash ./sgx_linux_ubuntu16.04.1_x64_sdk_2.0.100.40950.bin 13 | fi 14 | 15 | if [ ! -d /opt/intel/sgxpsw ] ; then 16 | wget https://download.01.org/intel-sgx/linux-2.0/sgx_linux_ubuntu16.04.1_x64_psw_2.0.100.40950.bin 17 | # The patch is necessary to allow the script to execute in a 18 | # container. The patch allows the script to run to completion 19 | # and install the necessary .so libraries. 20 | patch -p0 sgx_linux_ubuntu16.04.1_x64_psw_2.0.100.40950.bin < #exit 4 25 | EOF 26 | yes no /opt/intel | bash ./sgx_linux_ubuntu16.04.1_x64_psw_2.0.100.40950.bin 27 | fi 28 | 29 | if [ ! -d dpdk ] ; then 30 | wget -qO- https://fast.dpdk.org/rel/dpdk-17.08.tar.gz | tar zxv 31 | mv dpdk-17.08 dpdk 32 | pushd dpdk 33 | make install T=x86_64-native-linuxapp-gcc DESTDIR=install EXTRA_CFLAGS="-fPIC" 34 | export RTE_SDK=$(readlink -f .) 35 | export RTE_TARGET=x86_64-native-linuxapp-gcc 36 | # cd tools && sudo ./dpdk-setup.sh # choose "[17] Insert VFIO module"; then "[23] Bind Ethernet/Crypto device to VFIO module" for all required network interfaces; then "[24] Setup VFIO permissions" 37 | popd 38 | fi 39 | 40 | ### 1. Install linux-sgx-driver 41 | if [ ! -d linux-sgx-driver ] ; then 42 | git clone https://github.com/01org/linux-sgx-driver && pushd linux-sgx-driver 43 | make 44 | sudo mkdir -p "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx" # the following commands are from linux-sgx-driver README 45 | sudo cp isgx.ko "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx" 46 | sudo sh -c "cat /etc/modules | grep -Fxq isgx || echo isgx >> /etc/modules" 47 | sudo /sbin/depmod 48 | sudo service aesmd stop 49 | lsmod | grep graphene_sgx && rmmod graphene_sgx 50 | sudo /sbin/modprobe -r isgx 51 | sudo /sbin/modprobe isgx 52 | sudo service aesmd start 53 | popd 54 | fi 55 | 56 | 57 | # How to handle timing thread? It's an ugly and brittle hack. Some untrusted time interface bypassing the Library OS restrictions (i.e. shared memory?) 58 | 59 | 60 | if [ ! -d graphene ] ; then 61 | git clone --recursive https://github.com/oscarlab/graphene.git 62 | pushd graphene 63 | git reset --hard 4d8eacdd44029af28887247ebeb11b3d3ac1f6df 64 | patch -p1 < ../misc/graphene-pull-request-58.patch || exit 1 65 | pushd Pal/src/host/Linux-SGX/sgx-driver/ 66 | make 67 | ./load.sh 68 | popd 69 | patch -p2 < ../misc/graphene-01-mmap-map32bit.diff || exit 1 70 | patch -p2 < ../misc/graphene-02-unmap-tcs.diff || exit 1 71 | patch -p2 < ../misc/graphene-03-trustedclock-dpdkocalls.diff || exit 1 72 | sed -i -r 's/CPUFREQ [0-9]+\.[0-9]+/CPUFREQ 3785.0/' Pal/src/host/Linux-SGX/enclave_ocalls.c # Adjust CPUFREQ here based on CPU frequency 73 | openssl genrsa -3 -out Pal/src/host/Linux-SGX/signer/enclave-key.pem 3072 74 | export RTE_SDK=$(readlink -f ../dpdk) 75 | export RTE_TARGET=x86_64-native-linuxapp-gcc 76 | cp -a ../apps/* LibOS/shim/test/apps/ 77 | make -C LibOS/shim/test/apps/libdaq -f Makefile.untrusted 78 | make clean && make SGX=1 79 | make -C LibOS/shim/test/apps 80 | fi 81 | 82 | -------------------------------------------------------------------------------- /docs/graphene-build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ### Graphene-SGX build, based on https://github.com/oscarlab/graphene/wiki/SGX-Quick-Start 4 | 5 | # dependencies 6 | ### NOTE: also clone and install linux-sgx-driver and linux-sgx beforehand! 7 | sudo apt install python-protobuf python-crypto 8 | 9 | # allow 0 address in Linux; required for running Graphene-SGX enclaves 10 | sudo sysctl vm.mmap_min_addr=0 11 | 12 | # build Graphene-SGX in parts (w/o modified Linux kernel and ignoring Reference Monitor) 13 | git clone https://github.com/oscarlab/graphene.git 14 | cd graphene 15 | export my_path=`pwd` 16 | 17 | git pull origin pull/58/head # pull request for compatibility with new linux-sgx-driver 18 | ### NOTE: alternatively, we can apply a patch internally: 19 | # wget https://github.com/oscarlab/graphene/pull/58.patch 20 | # git apply --directory=graphene-snort 58.patch 21 | 22 | cd $my_path/Pal/src/host/Linux-SGX/signer 23 | openssl genrsa -3 -out enclave-key.pem 3072 24 | 25 | cd $my_path/Pal/src 26 | make SGX=1 DEBUG=1 27 | 28 | cd $my_path/Pal/src/host/Linux-SGX/sgx-driver 29 | make # when prompted for Intel sgx driver directory, enter full path, e.g. "/home/dimakuv/01org/linux-sgx-driver" 30 | sudo ./load.sh 31 | ps -aux | grep aesmd # double-check that aesmd is working 32 | ls /dev/*sgx # double-check that both Intel driver (isgx) and Graphene driver (gsgx) are working 33 | dmesg | tail # double-check drivers do not output any errors/warnings 34 | 35 | cd $my_path/LibOS 36 | make DEBUG=1 # NOTE: gawk and gcc spit out many warnings, ignore them all 37 | 38 | # try our fresh build: HelloWorld example 39 | cd $my_path/LibOS/shim/test/native 40 | make SGX=1 DEBUG=1 41 | make SGX_RUN=1 42 | ./pal_loader SGX helloworld # should print smth meaningful 43 | PERF=1 ./pal_loader SGX helloworld # can do perf-stat for kicks 44 | GDB=1 ./pal_loader SGX helloworld # can GDB like crazy 45 | 46 | # try our fresh build: Syscall microbenches 47 | cd $my_path/LibOS/shim/test/apps/lmbench 48 | make SGX=1 DEBUG=1 # NOTE: will give error because cannot find random files 49 | cd lmbench-2.5/bin/linux/ 50 | head -c 64K < /dev/urandom > random.64K 51 | head -c 256K < /dev/urandom > random.256K 52 | head -c 1M < /dev/urandom > random.1M 53 | head -c 4M < /dev/urandom > random.4M 54 | head -c 16M < /dev/urandom > random.16M 55 | cd ../../../ 56 | make SGX=1 DEBUG=1 # NOTE: now make is happy 57 | make SGX_RUN=1 58 | cd lmbench-2.5/bin/linux/ 59 | ./pal_loader SGX lat_syscall null # check pure Graphene-SGX framework overhead 60 | ./pal_loader SGX lat_syscall open # check overhead of open() syscall 61 | ./pal_loader SGX lat_proc fork # check overhead of fork() syscall (note `lat_proc`) 62 | 63 | -------------------------------------------------------------------------------- /docs/snort-build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ### Vanilla Snort build 4 | ### (TODO: LibDAQ refuses to build with manual installation of libpcap, so we work-around by installing from Ubuntu repo and ln real libpcap) 5 | 6 | # dependencies for LibDAQ 7 | sudo apt install flex 8 | sudo apt install bison 9 | sudo apt install libpcap-dev 10 | 11 | # dependencies for hwloc 12 | sudo apt install autoconf 13 | sudo apt install libtool 14 | 15 | # get libpcap dependency for LibDAQ 16 | git clone https://github.com/the-tcpdump-group/libpcap.git 17 | cd libpcap 18 | ./configure --prefix=$HOME/code/libpcap/install 19 | make -j 8 install 20 | cd install/lib/ 21 | ln -s libpcap.so.1 libpcap.so.0.8 # TODO: workaround for Ubuntu-related libpcap bug 22 | 23 | # get LibDAQ dependency 24 | wget -qO- https://www.snort.org/downloads/snortplus/daq-2.2.1.tar.gz | tar xvz 25 | cd daq-2.2.1/ 26 | ./configure --prefix=$HOME/code/daq-2.2.1/install 27 | ## FOR OUR daq-2.2.1 add: --with-dpdk-includes=$RTE_SDK/x86_64-native-linuxapp-gcc/include --with-dpdk-libraries=$RTE_SDK/x86_64-native-linuxapp-gcc/lib 28 | make install 29 | 30 | # get libdnet dependency (NOTE: original link to dugsong contains bug, see https://github.com/snortadmin/snort3/issues/7) 31 | git clone https://github.com/jncornett/libdnet.git 32 | cd libdnet 33 | ./configure --prefix=$HOME/code/libdnet/install 34 | make -j 8 install 35 | 36 | # get hwloc dependency (NOTE: cannot change default install path) 37 | git clone https://github.com/open-mpi/hwloc.git 38 | cd hwloc 39 | ./autogen.sh 40 | ./configure 41 | sudo make -j 8 install 42 | 43 | # get LuaJIT dependency 44 | git clone http://luajit.org/git/luajit-2.0.git 45 | cd luajit-2.0 46 | make -j 8 install PREFIX=$HOME/code/luajit-2.0/install 47 | 48 | # get OpenSSL dependency 49 | git clone https://github.com/openssl/openssl.git 50 | cd openssl 51 | ./config --prefix=$HOME/code/openssl/install --openssldir=$HOME/code/openssl/install 52 | make -j 8 test 53 | make install 54 | 55 | # get PCRE dependency 56 | wget -qO- https://ftp.pcre.org/pub/pcre/pcre-8.41.tar.gz | tar xvz 57 | cd pcre-8.41 58 | ./configure --prefix=$HOME/code/pcre-8.41/install 59 | make -j 8 install 60 | 61 | # get zlib dependency (NOTE: cannot change default install path) 62 | wget -qO- http://zlib.net/zlib-1.2.11.tar.gz | tar xvz 63 | cd zlib-1.2.11 64 | ./configure 65 | make -j 8 66 | sudo make install 67 | 68 | # build Snort3 69 | git clone https://github.com/snortadmin/snort3.git 70 | cd snort3 71 | export my_path=$HOME/code/snort3/install 72 | export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$HOME/code/libpcap/install/lib:$HOME/code/daq-2.2.1/install/lib:$HOME/code/libdnet/install/lib:$HOME/code/luajit-2.0/install/lib:$HOME/code/pcre-8.41/install/lib:$HOME/code/openssl/install/lib 73 | export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$HOME/code/hwloc/hwloc/.libs:$HOME/code/zlib-1.2.11 74 | PATH=$PATH:$HOME/code/daq-2.2.1/install/bin:$HOME/code/libdnet/install/bin:$HOME/code/luajit-2.0/install/bin:$HOME/code/libpcap/install/bin \ 75 | OPENSSL_ROOT_DIR=$HOME/code/openssl/install \ 76 | ./configure_cmake.sh \ 77 | --prefix=$my_path \ 78 | --with-pcap-includes=$HOME/code/libpcap/install/include --with-pcap-libraries=$HOME/code/libpcap/install/lib \ 79 | --with-daq-includes=$HOME/code/daq-2.2.1/install/include --with-daq-libraries=$HOME/code/daq-2.2.1/install/lib \ 80 | --with-dnet-includes=$HOME/code/libdnet/install/include --with-dnet-libraries=$HOME/code/libdnet/install/lib \ 81 | --with-luajit-includes=$HOME/code/luajit-2.0/install/include/luajit-2.0 --with-luajit-libraries=$HOME/code/luajit-2.0/install/lib \ 82 | --with-openssl=$HOME/code/openssl/install \ 83 | --with-pcre-includes=$HOME/code/pcre-8.41/install/include --with-pcre-libraries=$HOME/code/pcre-8.41/install/lib \ 84 | --enable-debug-msgs --enable-debug --enable-gdb 85 | cd build 86 | make -j 8 install 87 | 88 | # build plugins (in extra/) 89 | cd ../extra 90 | export PKG_CONFIG_PATH=$my_path/lib/pkgconfig 91 | ./configure_cmake.sh --prefix=$my_path 92 | cd build 93 | make -j 8 install 94 | 95 | # try our fresh build 96 | export LUA_PATH=$my_path/include/snort/lua/\?.lua\;\; 97 | export SNORT_LUA_PATH=$my_path/etc/snort/ 98 | $my_path/bin/snort --help # this should output smth meaningful 99 | $my_path/bin/snort -r ~/pcaps/messenger.pcap # get this file from wireshark's samples first 100 | 101 | # get some stats while snort is working 102 | $my_path/bin/snort -r ~/pcaps/maccdc2012_00000.pcap -c /home/dimakuv/code/snort3/install/etc/snort/snort.lua -R /home/dimakuv/code/snort3/install/etc/snort/sample.rules & 103 | cat /proc/`pgrep snort`/status | less 104 | 105 | # read all PCAP files from ~/pcaps/ using two worker threads 106 | $my_path/bin/snort --pcap-dir ~/pcaps/ -c $my_path/etc/snort/snort.lua -R $my_path/etc/snort/sample.rules -z 2 107 | 108 | # read all PCAP files from ~/pcaps/ using two worker threads and outputting alerts using C++ alert_ex plugin 109 | $my_path/bin/snort --pcap-dir ~/pcaps/ -c $my_path/etc/snort/snort.lua -R $my_path/etc/snort/sample.rules -z 2 --script-path $my_path/lib/snort_extra -A alert_ex 110 | 111 | # full-throttle: strace while snort reads all PCAP files from ~/pcaps/ using two worker threads and outputting alerts using lualert plugin and stopping after 10 packets 112 | strace -f $my_path/bin/snort --pcap-dir ~/pcaps/ -c $my_path/etc/snort/snort.lua -R $my_path/etc/snort/sample.rules --script-path $my_path/lib/snort_extra -A lualert -n 10 -z 2 2>&1 | tee strace.log 113 | 114 | # tapping on network interfaces 115 | # NOTE: we need to start as sudo to init eno1 in promisceous mode but then lower priviliges to non-root user dimakuv 116 | # also, -E preserve envvars like Lua paths but sanitizes LD_LIBRARY_PATH, so we explicitly add it 117 | sudo -E LD_LIBRARY_PATH=$LD_LIBRARY_PATH $my_path/bin/snort -u dimakuv -c $my_path/etc/snort/snort.lua -i eno1 118 | 119 | # the same as above, but with better output (separate files for threads and ignoring uninteresting syscalls) 120 | sudo -E LD_LIBRARY_PATH=$LD_LIBRARY_PATH strace -ff -o strace -e 'trace=!mprotect,nanosleep' $my_path/bin/snort -u dimakuv -c $my_path/etc/snort/snort.lua -i eno1 121 | 122 | # use ltrace instead of strace; only output libcalls to libpcap 123 | sudo -E LD_LIBRARY_PATH=$LD_LIBRARY_PATH ltrace -f -o ltrace.log -l libpcap.so.1 $my_path/bin/snort -u dimakuv -c $my_path/etc/snort/snort.lua -i eno1 124 | -------------------------------------------------------------------------------- /exps/01_throughput.R: -------------------------------------------------------------------------------- 1 | library(ggplot2) 2 | theme_set(theme_bw(base_size = 14)) 3 | 4 | stderror <- function(x) sd(x)/sqrt(length(x)) 5 | 6 | # Multiple plot function 7 | # 8 | # ggplot objects can be passed in ..., or to plotlist (as a list of ggplot objects) 9 | # - cols: Number of columns in layout 10 | # - layout: A matrix specifying the layout. If present, 'cols' is ignored. 11 | # 12 | # If the layout is something like matrix(c(1,2,3,3), nrow=2, byrow=TRUE), 13 | # then plot 1 will go in the upper left, 2 will go in the upper right, and 14 | # 3 will go all the way across the bottom. 15 | # 16 | multiplot <- function(..., plotlist=NULL, file, cols=1, layout=NULL) { 17 | library(grid) 18 | 19 | # Make a list from the ... arguments and plotlist 20 | plots <- c(list(...), plotlist) 21 | 22 | numPlots = length(plots) 23 | 24 | # If layout is NULL, then use 'cols' to determine layout 25 | if (is.null(layout)) { 26 | # Make the panel 27 | # ncol: Number of columns of plots 28 | # nrow: Number of rows needed, calculated from # of cols 29 | layout <- matrix(seq(1, cols * ceiling(numPlots/cols)), 30 | ncol = cols, nrow = ceiling(numPlots/cols)) 31 | } 32 | 33 | if (numPlots==1) { 34 | print(plots[[1]]) 35 | 36 | } else { 37 | # Set up the page 38 | grid.newpage() 39 | pushViewport(viewport(layout = grid.layout(nrow(layout), ncol(layout)))) 40 | 41 | # Make each plot, in the correct location 42 | for (i in 1:numPlots) { 43 | # Get the i,j matrix positions of the regions that contain this subplot 44 | matchidx <- as.data.frame(which(layout == i, arr.ind = TRUE)) 45 | 46 | print(plots[[i]], vp = viewport(layout.pos.row = matchidx$row, 47 | layout.pos.col = matchidx$col)) 48 | } 49 | } 50 | } 51 | 52 | cbPalette <- c("#a1d99b", "#9ecae1", "#31a354", "#3182bd") 53 | 54 | plot_generic <- function(in_df, in_xfield, in_xlab, in_commonlab, show_legend=FALSE, show_ylabel=FALSE, in_ylim=2000, legend_pos="left") { 55 | in_df$variant_zthread <- gsub('-2', ', 1 thread', in_df$variant_zthread) 56 | in_df$variant_zthread <- gsub('-3', ', 2 threads', in_df$variant_zthread) 57 | in_df$variant_zthread <- factor(in_df$variant_zthread, levels = c("sgx, 1 thread", "vanilla, 1 thread", "sgx, 2 threads", "vanilla, 2 threads")) 58 | 59 | p = ggplot(in_df, aes_string(in_xfield, "mbps_analyzed", fill="variant_zthread")) + 60 | geom_bar(stat="identity", colour="black", position="dodge") + 61 | ylim(0,in_ylim) + ylab("Throughput (Mbps)") + 62 | xlab(in_xlab) + 63 | theme(legend.title=element_blank()) + 64 | scale_fill_manual(values=cbPalette) 65 | if (legend_pos == "left") { 66 | p = p + theme(legend.justification=c(0.05,0.98), legend.position=c(0.05,0.98)) 67 | } 68 | else { 69 | p = p + theme(legend.justification=c(0.95,0.98), legend.position=c(0.95,0.98)) 70 | } 71 | if (show_legend == FALSE) { 72 | p = p + theme(legend.position="none") 73 | } 74 | if (show_ylabel == FALSE) { 75 | p = p + theme(axis.title.y=element_blank()) 76 | } 77 | return(p) 78 | } 79 | 80 | plot_pktsize <- function(in_df, in_num_flows=256, in_num_rules=0, prefix="", show_legend=FALSE, show_ylabel=FALSE) { 81 | df = subset(in_df, in_df$snortconfig=="snort.lua" & in_df$snortalert=="" & in_df$pktgenpcap=="" & 82 | in_df$num_flows==in_num_flows & in_df$num_rules==in_num_rules) 83 | xlabel = paste(prefix, " # flows=", in_num_flows, ", # rules=", in_num_rules, sep="") 84 | return(plot_generic(df, "factor(pkt_size)", xlabel, "Packet size", show_legend, show_ylabel)) 85 | } 86 | 87 | plot_numflows <- function(in_df, in_pkt_size=64, in_num_rules=0, prefix="", show_legend=FALSE, show_ylabel=FALSE) { 88 | df = subset(in_df, in_df$snortconfig=="snort.lua" & in_df$snortalert=="" & in_df$pktgenpcap=="" & 89 | in_df$pkt_size==in_pkt_size & in_df$num_rules==in_num_rules) 90 | xlabel = paste(prefix, " pkt size=", in_pkt_size, "B, # rules=", in_num_rules, sep="") 91 | return(plot_generic(df, "factor(num_flows)", xlabel, "Number of flows", show_legend, show_ylabel)) 92 | } 93 | 94 | plot_numrules <- function(in_df, in_num_flows=256, in_pkt_size=64, prefix="", show_legend=FALSE, show_ylabel=FALSE) { 95 | df = subset(in_df, in_df$snortconfig=="snort.lua" & in_df$snortalert=="" & in_df$pktgenpcap=="" & 96 | in_df$num_flows==in_num_flows & in_df$pkt_size==in_pkt_size) 97 | xlabel = paste(prefix, " # flows=", in_num_flows, ", pkt size=", in_pkt_size, "B", sep="") 98 | return(plot_generic(df, "factor(num_rules)", xlabel, "Number of rules", show_legend, show_ylabel)) 99 | } 100 | 101 | plot_snortconfig <- function(in_df, in_snortconfig="", prefix="", show_legend=FALSE, show_ylabel=FALSE) { 102 | df = subset(in_df, in_df$snortconfig==in_snortconfig & in_df$snortalert=="" & in_df$pktgenpcap=="" & 103 | in_df$num_flows==32000 & in_df$num_rules==0) 104 | if (in_snortconfig == "") { 105 | xlabel = " w/o" 106 | } else { 107 | xlabel = " w/" 108 | } 109 | xlabel = paste(prefix, xlabel, ", # flows=32000, # rules=0", sep="") 110 | return(plot_generic(df, "factor(pkt_size)", xlabel, "Packet size", show_legend, show_ylabel, in_ylim=6800)) 111 | } 112 | 113 | plot_snortalert <- function(in_df, in_snortalert="", prefix="", show_legend=FALSE, show_ylabel=FALSE) { 114 | df = subset(in_df, in_df$snortconfig=="snort.lua" & in_df$snortalert==in_snortalert & in_df$pktgenpcap=="" & 115 | in_df$num_flows==32000 & in_df$num_rules==3462) 116 | if (in_snortalert == "") { 117 | xlabel = " w/o" 118 | } else { 119 | xlabel = " w/" 120 | } 121 | xlabel = paste(prefix, xlabel, ", # flows=32000, # rules=3462", sep="") 122 | return(plot_generic(df, "factor(pkt_size)", xlabel, "Packet size", show_legend, show_ylabel, in_ylim=1200)) 123 | } 124 | 125 | plot_pcap <- function(in_df, in_pktgenpcap="", prefix="", show_legend=FALSE, show_ylabel=FALSE) { 126 | df = subset(in_df, in_df$snortconfig=="snort.lua" & in_df$snortalert=="" & in_df$pktgenpcap==in_pktgenpcap) 127 | xlabel = paste(prefix, " # flows=", df$num_flows[1], ", pkt size=", df$pkt_size[1], "B", sep="") 128 | return(plot_generic(df, "factor(num_rules)", xlabel, "Number of rules", show_legend, show_ylabel, in_ylim=1500, legend_pos="right")) 129 | } 130 | 131 | # ---------------------- 132 | setwd("final") 133 | dir.create("fig", showWarnings=F) 134 | df = read.table('exp-all.csv',header=T,sep=',') 135 | 136 | df$percent_dropped = df$rx_priority0_dropped / df$rx_total_packets * 100 137 | df$percent_analyzed = df$daq_analyzed / df$daq_received * 100 138 | df$timing_mpps = df$timing_pps / 1000.0 / 1000.0 139 | df$daq_percent_received = df$daq_received/df$rx_total_packets * 100 140 | df$mbps_received = df$timing_mpps * df$pkt_size * 8 141 | df$mpps_analyzed = df$timing_mpps * df$percent_analyzed / 100 142 | df$mbps_analyzed = df$mpps_analyzed * df$pkt_size * 8 143 | 144 | dferr = aggregate(mbps_analyzed ~ variant + sleep + zthread + pktgenconfig + pktgenpcap + snortconfig + snortrule + snortalert + pkt_size + num_flows + num_rules + variant_zthread, data=df, FUN = function(x) c(mean = mean(x), se = stderror(x))) 145 | dferr <- do.call(data.frame, dferr) 146 | dferr$mbps_analyzed.sepercent = dferr$mbps_analyzed.se / dferr$mbps_analyzed.mean * 100 147 | 148 | df = aggregate(. ~ variant + sleep + zthread + pktgenconfig + pktgenpcap + snortconfig + snortrule + snortalert + pkt_size + num_flows + num_rules + variant_zthread, data=df, mean) 149 | df <- do.call(data.frame, df) 150 | 151 | pdf("fig/01_tput_pktsize.pdf", width=15, height=3) 152 | p0 = plot_pktsize(df, in_num_flows=256, in_num_rules=0, prefix="(a)", show_legend=TRUE, show_ylabel=TRUE) 153 | p1 = plot_pktsize(df, in_num_flows=32000, in_num_rules=0, prefix="(b)") 154 | p2 = plot_pktsize(df, in_num_flows=256, in_num_rules=3462, prefix="(c)") 155 | p3 = plot_pktsize(df, in_num_flows=32000, in_num_rules=3462, prefix="(d)") 156 | multiplot(p0, p1, p2, p3, cols=4) 157 | dev.off() 158 | 159 | pdf("fig/02_tput_numflows.pdf", width=15, height=3) 160 | p0 = plot_numflows(df, in_pkt_size=64, in_num_rules=0, prefix="(a)", show_legend=TRUE, show_ylabel=TRUE) 161 | p1 = plot_numflows(df, in_pkt_size=1024, in_num_rules=0, prefix="(b)") 162 | p2 = plot_numflows(df, in_pkt_size=64, in_num_rules=3462, prefix="(c)") 163 | p3 = plot_numflows(df, in_pkt_size=1024, in_num_rules=3462, prefix="(d)") 164 | multiplot(p0, p1, p2, p3, cols=4) 165 | dev.off() 166 | 167 | pdf("fig/03_tput_numrules.pdf", width=15, height=3) 168 | p0 = plot_numrules(df, in_num_flows=256, in_pkt_size=64, prefix="(a)", show_legend=TRUE, show_ylabel=TRUE) 169 | p1 = plot_numrules(df, in_num_flows=32000, in_pkt_size=64, prefix="(b)") 170 | p2 = plot_numrules(df, in_num_flows=256, in_pkt_size=1024, prefix="(c)") 171 | p3 = plot_numrules(df, in_num_flows=32000, in_pkt_size=1024, prefix="(d)") 172 | multiplot(p0, p1, p2, p3, cols=4) 173 | dev.off() 174 | 175 | pdf("fig/04_tput_config.pdf", width=8, height=3) 176 | p0 = plot_snortconfig(df, in_snortconfig="", prefix="(a)", show_legend=TRUE, show_ylabel=TRUE) 177 | p1 = plot_snortconfig(df, in_snortconfig="snort.lua", prefix="(b)") 178 | multiplot(p0, p1, cols=2) 179 | dev.off() 180 | 181 | pdf("fig/05_tput_alert.pdf", width=8, height=3) 182 | p0 = plot_snortalert(df, in_snortalert="", prefix="(a)", show_legend=TRUE, show_ylabel=TRUE) 183 | p1 = plot_snortalert(df, in_snortalert="fast", prefix="(b)") 184 | multiplot(p0, p1, cols=2) 185 | dev.off() 186 | 187 | pdf("fig/06_tput_pcap.pdf", width=15, height=3) 188 | p0 = plot_pcap(df, in_pktgenpcap="test.pcap", prefix="(a) test: ", show_legend=TRUE, show_ylabel=TRUE) 189 | p1 = plot_pcap(df, in_pktgenpcap="smallFlows.pcap", prefix="(b) small: ") 190 | p2 = plot_pcap(df, in_pktgenpcap="bigFlows.pcap", prefix="(c) big: ") 191 | multiplot(p0, p1, p2, cols=3) 192 | dev.off() 193 | -------------------------------------------------------------------------------- /exps/02_dropped.R: -------------------------------------------------------------------------------- 1 | library(ggplot2) 2 | theme_set(theme_bw(base_size = 14)) 3 | 4 | stderror <- function(x) sd(x)/sqrt(length(x)) 5 | 6 | # Multiple plot function 7 | # 8 | # ggplot objects can be passed in ..., or to plotlist (as a list of ggplot objects) 9 | # - cols: Number of columns in layout 10 | # - layout: A matrix specifying the layout. If present, 'cols' is ignored. 11 | # 12 | # If the layout is something like matrix(c(1,2,3,3), nrow=2, byrow=TRUE), 13 | # then plot 1 will go in the upper left, 2 will go in the upper right, and 14 | # 3 will go all the way across the bottom. 15 | # 16 | multiplot <- function(..., plotlist=NULL, file, cols=1, layout=NULL) { 17 | library(grid) 18 | 19 | # Make a list from the ... arguments and plotlist 20 | plots <- c(list(...), plotlist) 21 | 22 | numPlots = length(plots) 23 | 24 | # If layout is NULL, then use 'cols' to determine layout 25 | if (is.null(layout)) { 26 | # Make the panel 27 | # ncol: Number of columns of plots 28 | # nrow: Number of rows needed, calculated from # of cols 29 | layout <- matrix(seq(1, cols * ceiling(numPlots/cols)), 30 | ncol = cols, nrow = ceiling(numPlots/cols)) 31 | } 32 | 33 | if (numPlots==1) { 34 | print(plots[[1]]) 35 | 36 | } else { 37 | # Set up the page 38 | grid.newpage() 39 | pushViewport(viewport(layout = grid.layout(nrow(layout), ncol(layout)))) 40 | 41 | # Make each plot, in the correct location 42 | for (i in 1:numPlots) { 43 | # Get the i,j matrix positions of the regions that contain this subplot 44 | matchidx <- as.data.frame(which(layout == i, arr.ind = TRUE)) 45 | 46 | print(plots[[i]], vp = viewport(layout.pos.row = matchidx$row, 47 | layout.pos.col = matchidx$col)) 48 | } 49 | } 50 | } 51 | 52 | cbPalette <- c("#a1d99b", "#9ecae1", "#31a354", "#3182bd") 53 | 54 | plot_generic <- function(in_df, in_xfield, in_xlab, in_commonlab, show_legend=FALSE, show_ylabel=FALSE, in_ylim=25, legend_pos="left") { 55 | in_df$variant_zthread <- gsub('-2', ', 1 thread', in_df$variant_zthread) 56 | in_df$variant_zthread <- gsub('-3', ', 2 threads', in_df$variant_zthread) 57 | in_df$variant_zthread <- factor(in_df$variant_zthread, levels = c("sgx, 1 thread", "vanilla, 1 thread", "sgx, 2 threads", "vanilla, 2 threads")) 58 | 59 | p = ggplot(in_df, aes_string(in_xfield, "percent_dropped", fill="variant_zthread")) + 60 | geom_bar(stat="identity", colour="black", position="dodge") + 61 | ylim(0,in_ylim) + ylab("Packets dropped (%)") + 62 | xlab(in_xlab) + 63 | theme(legend.title=element_blank()) + 64 | scale_fill_manual(values=cbPalette) 65 | if (legend_pos == "left") { 66 | p = p + theme(legend.justification=c(0.05,0.98), legend.position=c(0.05,0.98)) 67 | } 68 | else { 69 | p = p + theme(legend.justification=c(0.95,0.98), legend.position=c(0.95,0.98)) 70 | } 71 | if (show_legend == FALSE) { 72 | p = p + theme(legend.position="none") 73 | } 74 | if (show_ylabel == FALSE) { 75 | p = p + theme(axis.title.y=element_blank()) 76 | } 77 | return(p) 78 | } 79 | 80 | plot_pktsize <- function(in_df, in_num_flows=256, in_num_rules=0, prefix="", show_legend=FALSE, show_ylabel=FALSE) { 81 | df = subset(in_df, in_df$snortconfig=="snort.lua" & in_df$snortalert=="" & in_df$pktgenpcap=="" & 82 | in_df$num_flows==in_num_flows & in_df$num_rules==in_num_rules) 83 | xlabel = paste(prefix, " # flows=", in_num_flows, ", # rules=", in_num_rules, sep="") 84 | return(plot_generic(df, "factor(pkt_size)", xlabel, "Packet size", show_legend, show_ylabel)) 85 | } 86 | 87 | plot_numflows <- function(in_df, in_pkt_size=64, in_num_rules=0, prefix="", show_legend=FALSE, show_ylabel=FALSE) { 88 | df = subset(in_df, in_df$snortconfig=="snort.lua" & in_df$snortalert=="" & in_df$pktgenpcap=="" & 89 | in_df$pkt_size==in_pkt_size & in_df$num_rules==in_num_rules) 90 | xlabel = paste(prefix, " pkt size=", in_pkt_size, "B, # rules=", in_num_rules, sep="") 91 | return(plot_generic(df, "factor(num_flows)", xlabel, "Number of flows", show_legend, show_ylabel)) 92 | } 93 | 94 | plot_numrules <- function(in_df, in_num_flows=256, in_pkt_size=64, prefix="", show_legend=FALSE, show_ylabel=FALSE) { 95 | df = subset(in_df, in_df$snortconfig=="snort.lua" & in_df$snortalert=="" & in_df$pktgenpcap=="" & 96 | in_df$num_flows==in_num_flows & in_df$pkt_size==in_pkt_size) 97 | xlabel = paste(prefix, " # flows=", in_num_flows, ", pkt size=", in_pkt_size, "B", sep="") 98 | return(plot_generic(df, "factor(num_rules)", xlabel, "Number of rules", show_legend, show_ylabel)) 99 | } 100 | 101 | plot_snortconfig <- function(in_df, in_snortconfig="", prefix="", show_legend=FALSE, show_ylabel=FALSE) { 102 | df = subset(in_df, in_df$snortconfig==in_snortconfig & in_df$snortalert=="" & in_df$pktgenpcap=="" & 103 | in_df$num_flows==32000 & in_df$num_rules==0) 104 | if (in_snortconfig == "") { 105 | xlabel = " w/o" 106 | } else { 107 | xlabel = " w/" 108 | } 109 | xlabel = paste(prefix, xlabel, ", # flows=32000, # rules=0", sep="") 110 | return(plot_generic(df, "factor(pkt_size)", xlabel, "Packet size", show_legend, show_ylabel)) 111 | } 112 | 113 | plot_snortalert <- function(in_df, in_snortalert="", prefix="", show_legend=FALSE, show_ylabel=FALSE) { 114 | df = subset(in_df, in_df$snortconfig=="snort.lua" & in_df$snortalert==in_snortalert & in_df$pktgenpcap=="" & 115 | in_df$num_flows==32000 & in_df$num_rules==3462) 116 | if (in_snortalert == "") { 117 | xlabel = " w/o" 118 | } else { 119 | xlabel = " w/" 120 | } 121 | xlabel = paste(prefix, xlabel, ", # flows=32000, # rules=3462", sep="") 122 | return(plot_generic(df, "factor(pkt_size)", xlabel, "Packet size", show_legend, show_ylabel)) 123 | } 124 | 125 | plot_pcap <- function(in_df, in_pktgenpcap="", prefix="", show_legend=FALSE, show_ylabel=FALSE) { 126 | df = subset(in_df, in_df$snortconfig=="snort.lua" & in_df$snortalert=="" & in_df$pktgenpcap==in_pktgenpcap) 127 | xlabel = paste(prefix, " # flows=", df$num_flows[1], ", pkt size=", df$pkt_size[1], "B", sep="") 128 | return(plot_generic(df, "factor(num_rules)", xlabel, "Number of rules", show_legend, show_ylabel)) 129 | } 130 | 131 | # ---------------------- 132 | setwd("final") 133 | dir.create("fig", showWarnings=F) 134 | df = read.table('exp-all.csv',header=T,sep=',') 135 | 136 | df$percent_dropped = df$rx_priority0_dropped / df$rx_total_packets * 100 137 | df$percent_analyzed = df$daq_analyzed / df$daq_received * 100 138 | df$timing_mpps = df$timing_pps / 1000.0 / 1000.0 139 | df$daq_percent_received = df$daq_received/df$rx_total_packets * 100 140 | df$mbps_received = df$timing_mpps * df$pkt_size * 8 141 | df$mpps_analyzed = df$timing_mpps * df$percent_analyzed / 100 142 | df$mbps_analyzed = df$mpps_analyzed * df$pkt_size * 8 143 | 144 | dferr = aggregate(percent_dropped ~ variant + sleep + zthread + pktgenconfig + pktgenpcap + snortconfig + snortrule + snortalert + pkt_size + num_flows + num_rules + variant_zthread, data=df, FUN = function(x) c(mean = mean(x), se = stderror(x))) 145 | dferr <- do.call(data.frame, dferr) 146 | dferr$percent_dropped.sepercent = dferr$percent_dropped.se / dferr$percent_dropped.mean * 100 147 | 148 | df = aggregate(. ~ variant + sleep + zthread + pktgenconfig + pktgenpcap + snortconfig + snortrule + snortalert + pkt_size + num_flows + num_rules + variant_zthread, data=df, mean) 149 | df <- do.call(data.frame, df) 150 | 151 | pdf("fig/11_dropped_pktsize.pdf", width=15, height=3) 152 | p0 = plot_pktsize(df, in_num_flows=256, in_num_rules=0, prefix="(a)", show_legend=TRUE, show_ylabel=TRUE) 153 | p1 = plot_pktsize(df, in_num_flows=32000, in_num_rules=0, prefix="(b)") 154 | p2 = plot_pktsize(df, in_num_flows=256, in_num_rules=3462, prefix="(c)") 155 | p3 = plot_pktsize(df, in_num_flows=32000, in_num_rules=3462, prefix="(d)") 156 | multiplot(p0, p1, p2, p3, cols=4) 157 | dev.off() 158 | 159 | pdf("fig/12_dropped_numflows.pdf", width=15, height=3) 160 | p0 = plot_numflows(df, in_pkt_size=64, in_num_rules=0, prefix="(a)", show_legend=TRUE, show_ylabel=TRUE) 161 | p1 = plot_numflows(df, in_pkt_size=1024, in_num_rules=0, prefix="(b)") 162 | p2 = plot_numflows(df, in_pkt_size=64, in_num_rules=3462, prefix="(c)") 163 | p3 = plot_numflows(df, in_pkt_size=1024, in_num_rules=3462, prefix="(d)") 164 | multiplot(p0, p1, p2, p3, cols=4) 165 | dev.off() 166 | 167 | pdf("fig/13_dropped_numrules.pdf", width=15, height=3) 168 | p0 = plot_numrules(df, in_num_flows=256, in_pkt_size=64, prefix="(a)", show_legend=TRUE, show_ylabel=TRUE) 169 | p1 = plot_numrules(df, in_num_flows=32000, in_pkt_size=64, prefix="(b)") 170 | p2 = plot_numrules(df, in_num_flows=256, in_pkt_size=1024, prefix="(c)") 171 | p3 = plot_numrules(df, in_num_flows=32000, in_pkt_size=1024, prefix="(d)") 172 | multiplot(p0, p1, p2, p3, cols=4) 173 | dev.off() 174 | 175 | pdf("fig/14_dropped_config.pdf", width=8, height=3) 176 | p0 = plot_snortconfig(df, in_snortconfig="", prefix="(a)", show_legend=TRUE, show_ylabel=TRUE) 177 | p1 = plot_snortconfig(df, in_snortconfig="snort.lua", prefix="(b)") 178 | multiplot(p0, p1, cols=2) 179 | dev.off() 180 | 181 | pdf("fig/15_dropped_alert.pdf", width=8, height=3) 182 | p0 = plot_snortalert(df, in_snortalert="", prefix="(a)", show_legend=TRUE, show_ylabel=TRUE) 183 | p1 = plot_snortalert(df, in_snortalert="fast", prefix="(b)") 184 | multiplot(p0, p1, cols=2) 185 | dev.off() 186 | 187 | pdf("fig/16_dropped_pcap.pdf", width=15, height=3) 188 | p0 = plot_pcap(df, in_pktgenpcap="test.pcap", prefix="(a) test: ", show_legend=TRUE, show_ylabel=TRUE) 189 | p1 = plot_pcap(df, in_pktgenpcap="smallFlows.pcap", prefix="(b) small: ") 190 | p2 = plot_pcap(df, in_pktgenpcap="bigFlows.pcap", prefix="(c) big: ") 191 | multiplot(p0, p1, p2, cols=3) 192 | dev.off() 193 | -------------------------------------------------------------------------------- /exps/collect.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | filename = '' 4 | if len(sys.argv) > 1: 5 | filename = sys.argv[1] 6 | else: 7 | sys.exit('Please specify full log filename as first argument!') 8 | 9 | variant = 'sgx' 10 | if 'vanilla' in filename: 11 | variant = 'vanilla' 12 | 13 | s = open(filename).readlines() 14 | outfile= ['variant,time,sleep,zthread,pktgenconfig,pktgenpcap,snortconfig,snortrule,snortalert,rx_total_packets,rx_total_bytes,rx_priority0_dropped,daq_received,daq_analyzed,daq_allow,timing_seconds,timing_pps,pkt_size,num_flows,num_rules,variant_zthread'] 15 | formatted = '' 16 | expdesc = '' 17 | for i, line in enumerate(s): 18 | if line.startswith('EXPERIMENT_START'): 19 | expdesc = line 20 | formatted = variant + ',' 21 | formatted += line.replace('EXPERIMENT_START', '').replace('TIME=','').replace('SLEEP=',',').replace('ZTHREAD=',',') \ 22 | .replace('PKTGENCONFIG=',',').replace('PKTGENPCAP=',',').replace('SNORTCONFIG=',',').replace('SNORTRULE=',',') \ 23 | .replace('SNORTALERT=',',').split('(')[0] 24 | continue 25 | 26 | if 'dpdk stats' in line: 27 | if 'rx_total_packets' in line: formatted += ',' + line.split(':')[-1] 28 | if 'rx_total_bytes' in line: formatted += ',' + line.split(':')[-1] 29 | if 'rx_priority0_dropped' in line: formatted += ',' + line.split(':')[-1] 30 | 31 | if line.strip() == 'daq': 32 | assert 'received' in s[i+1] and 'analyzed' in s[i+2] and 'allow' in s[i+4] 33 | formatted += ',' + s[i+1].split(':')[-1] + ',' + s[i+2].split(':')[-1] + ',' + s[i+4].split(':')[-1] 34 | 35 | if line.strip() == 'timing': 36 | assert('seconds' in s[i+2] and 'pkts/sec' in s[i+4]) 37 | formatted += ',' + s[i+2].split(':')[-1] + ',' + s[i+4].split(':')[-1] 38 | 39 | if line.startswith('EXPERIMENT_END'): 40 | # packet size and flows 41 | pkt_size = 0; num_flows = 0 42 | if formatted.split(',')[5].strip() == '': 43 | pkt_size = int( formatted.split(',')[4].split('/')[0].replace('snort_','').replace('B','') ) 44 | num_flows = formatted.split(',')[4].split('B_')[1].replace('F.lua','') 45 | if "K" in num_flows: 46 | num_flows = int( num_flows.replace('K','') ) * 1000 47 | else: 48 | num_flows = int (num_flows ) 49 | elif formatted.split(',')[5].strip() == 'bigFlows.pcap': 50 | pkt_size = 449; num_flows = 40686 51 | elif formatted.split(',')[5].strip() == 'smallFlows.pcap': 52 | pkt_size = 646; num_flows = 1209 53 | elif formatted.split(',')[5].strip() == 'test.pcap': 54 | pkt_size = 445; num_flows = 37 55 | 56 | # number of rules 57 | num_rules = 0 58 | if formatted.split(',')[7].strip() != '': 59 | num_rules = int( formatted.split(',')[7].split('_')[1].split('.')[0] ) 60 | 61 | # concatenate variable and zthread (for legend on barplot) 62 | varzthread = formatted.split(',')[0] + '-' + formatted.split(',')[3] 63 | 64 | formatted += ',' + str(pkt_size) + ',' + str(num_flows) + ',' + str(num_rules) + ',' + varzthread 65 | 66 | if outfile[0].count(',') != formatted.count(','): 67 | print(expdesc) 68 | sys.exit('Wrong number of statistics collected!') 69 | 70 | outfile.append(formatted.replace('\n','').replace(' ','')) 71 | continue 72 | 73 | open(filename + '.csv', 'w').writelines(["%s\n" % item for item in outfile]) 74 | -------------------------------------------------------------------------------- /exps/droprate.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | filename = '' 4 | if len(sys.argv) > 1: 5 | filename = sys.argv[1] 6 | else: 7 | sys.exit('Please specify full log filename as first argument!') 8 | 9 | s = open(filename).readlines() 10 | formatted = '' 11 | prev_total = 0 12 | prev_dropped = 0 13 | curr_total = 0 14 | curr_dropped = 0 15 | seconds = 0 16 | for i, line in enumerate(s): 17 | if 'dpdk stats' in line: 18 | if 'rx_total_packets' in line: 19 | curr_total = int(line.split(':')[-1]) 20 | if 'rx_priority0_dropped' in line: 21 | curr_dropped = int(line.split(':')[-1]) 22 | formatted += str(seconds) + ': ' + str(curr_dropped-prev_dropped) + '/' + str(curr_total-prev_total) + ' = ' + "{0:.2f}".format((curr_dropped-prev_dropped)*100.0/(curr_total-prev_total)) + '%\n' 23 | prev_total = curr_total 24 | prev_dropped = curr_dropped 25 | seconds += 1 26 | 27 | print(formatted) 28 | -------------------------------------------------------------------------------- /exps/tests/devnotes.txt: -------------------------------------------------------------------------------- 1 | 2 | * For packets more than 1500B in size we need to increase MTU, but DPDK has weird problems 3 | 4 | * To have more than 10000 flows, we need to modify PktGen's source code, see http://www.dpdk.org/ml/archives/users/2017-May/001850.html 5 | * in app/pktgen-constants.h, should change `MAX_MBUFS_PER_PORT = (DEFAULT_TX_DESC * 8)` to `MAX_MBUFS_PER_PORT = (DEFAULT_TX_DESC * 48)` 6 | * values more than 48 do not work on my machine due to some memory limits 7 | * value of 48 gives maximum of 32K flows 8 | -------------------------------------------------------------------------------- /exps/tests/snort_1024B/test_1024B_16KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.63.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 1024); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_1024B/test_1024B_1F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.0"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 1024); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_1024B/test_1024B_1KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.3.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 1024); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_1024B/test_1024B_256F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 1024); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_1024B/test_1024B_2KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.7.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 1024); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_1024B/test_1024B_32KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.127.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 1024); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_1024B/test_1024B_4KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.15.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 1024); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_1024B/test_1024B_512F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.1.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 1024); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_1024B/test_1024B_8KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.31.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 1024); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_128B/test_128B_16KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.63.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 128); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_128B/test_128B_1F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.0"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 128); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_128B/test_128B_1KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.3.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 128); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_128B/test_128B_256F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 128); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_128B/test_128B_2KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.7.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 128); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_128B/test_128B_32KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.127.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 128); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_128B/test_128B_4KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.15.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 128); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_128B/test_128B_512F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.1.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 128); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_128B/test_128B_8KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.31.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 128); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_2048B/test_2048B_16KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.63.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 2048); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_2048B/test_2048B_1F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.0"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 2048); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_2048B/test_2048B_1KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.3.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 2048); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_2048B/test_2048B_256F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 2048); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_2048B/test_2048B_2KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.7.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 2048); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_2048B/test_2048B_32KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.127.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 2048); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_2048B/test_2048B_4KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.15.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 2048); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_2048B/test_2048B_512F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.1.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 2048); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_2048B/test_2048B_8KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.31.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 2048); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_256B/test_256B_16KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.63.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 256); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_256B/test_256B_1F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.0"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 256); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_256B/test_256B_1KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.3.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 256); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_256B/test_256B_256F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 256); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_256B/test_256B_2KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.7.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 256); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_256B/test_256B_32KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.127.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 256); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_256B/test_256B_4KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.15.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 256); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_256B/test_256B_512F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.1.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 256); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_256B/test_256B_8KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.31.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 256); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_4096B/test_4096B_16KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.63.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 4096); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_4096B/test_4096B_1F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.0"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 4096); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_4096B/test_4096B_1KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.3.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 4096); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_4096B/test_4096B_256F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 4096); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_4096B/test_4096B_2KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.7.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 4096); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_4096B/test_4096B_32KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.127.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 4096); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_4096B/test_4096B_4KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.15.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 4096); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_4096B/test_4096B_512F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.1.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 4096); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_4096B/test_4096B_8KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.31.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 4096); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_512B/test_512B_16KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.63.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 512); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_512B/test_512B_1F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.0"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 512); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_512B/test_512B_1KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.3.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 512); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_512B/test_512B_256F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 512); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_512B/test_512B_2KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.7.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 512); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_512B/test_512B_32KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.127.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 512); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_512B/test_512B_4KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.15.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 512); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_512B/test_512B_512F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.1.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 512); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_512B/test_512B_8KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.31.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 512); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_64B/test_64B_16KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.63.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 64); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_64B/test_64B_1F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.0"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 64); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_64B/test_64B_1KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.3.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 64); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_64B/test_64B_256F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 64); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_64B/test_64B_2KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.7.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 64); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_64B/test_64B_32KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.127.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 64); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_64B/test_64B_4KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.15.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 64); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_64B/test_64B_512F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.1.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 64); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_64B/test_64B_8KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.31.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 64); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_8192B/test_8192B_16KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.63.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 8192); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_8192B/test_8192B_1F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.0"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 8192); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_8192B/test_8192B_1KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.3.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 8192); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_8192B/test_8192B_256F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.0.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 8192); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_8192B/test_8192B_2KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.7.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 8192); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_8192B/test_8192B_32KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.127.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 8192); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_8192B/test_8192B_4KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.15.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 8192); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_8192B/test_8192B_512F.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.1.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 8192); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/snort_8192B/test_8192B_8KF.lua: -------------------------------------------------------------------------------- 1 | package.path = package.path ..";?.lua;test/?.lua;app/?.lua;" 2 | 3 | pktgen.range.dst_mac("0", "start", "3c:fd:fe:9c:5c:b8"); 4 | pktgen.range.src_mac("0", "start", "3c:fd:fe:9c:5c:d8"); 5 | 6 | -- modify only dst IP to have different TCP flows 7 | pktgen.range.dst_ip("0", "start", "127.0.0.0"); 8 | pktgen.range.dst_ip("0", "inc", "0.0.0.1"); 9 | pktgen.range.dst_ip("0", "min", "127.0.0.0"); 10 | pktgen.range.dst_ip("0", "max", "127.0.31.255"); 11 | 12 | pktgen.range.src_ip("0", "start", "192.168.0.1"); 13 | pktgen.range.src_ip("0", "inc", "0.0.0.0"); 14 | pktgen.range.src_ip("0", "min", "192.168.0.1"); 15 | pktgen.range.src_ip("0", "max", "192.168.0.1"); 16 | 17 | pktgen.range.dst_port("0", "start", 2000); 18 | pktgen.range.dst_port("0", "inc", 0); 19 | pktgen.range.dst_port("0", "min", 2000); 20 | pktgen.range.dst_port("0", "max", 2000); 21 | 22 | pktgen.range.src_port("0", "start", 5000); 23 | pktgen.range.src_port("0", "inc", 0); 24 | pktgen.range.src_port("0", "min", 5000); 25 | pktgen.range.src_port("0", "max", 5000); 26 | 27 | pktgen.range.pkt_size("0", "start", 8192); 28 | pktgen.range.pkt_size("0", "inc", 0); 29 | pktgen.range.pkt_size("0", "min", 64); 30 | pktgen.range.pkt_size("0", "max", 32768); 31 | 32 | pktgen.set_proto("all", "tcp"); 33 | pktgen.set_range("all", "on"); 34 | 35 | pktgen.start("all"); 36 | -------------------------------------------------------------------------------- /exps/tests/test_start.lua: -------------------------------------------------------------------------------- 1 | -- simply start transmitting packets 2 | pktgen.start("all"); 3 | -------------------------------------------------------------------------------- /misc/LICENSE: -------------------------------------------------------------------------------- 1 | GNU LESSER GENERAL PUBLIC LICENSE 2 | 3 | Version 3, 29 June 2007 4 | 5 | Copyright © 2007 Free Software Foundation, Inc. 6 | 7 | Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. 8 | 9 | This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 10 | 11 | 0. Additional Definitions. 12 | 13 | As used herein, “this License” refers to version 3 of the GNU Lesser General Public License, and the “GNU GPL” refers to version 3 of the GNU General Public License. 14 | 15 | “The Library” refers to a covered work governed by this License, other than an Application or a Combined Work as defined below. 16 | 17 | An “Application” is any work that makes use of an interface provided by the Library, but which is not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library. 18 | 19 | A “Combined Work” is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the “Linked Version”. 20 | 21 | The “Minimal Corresponding Source” for a Combined Work means the Corresponding Source for the Combined Work, excluding any source code for portions of the Combined Work that, considered in isolation, are based on the Application, and not on the Linked Version. 22 | 23 | The “Corresponding Application Code” for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work. 24 | 25 | 1. Exception to Section 3 of the GNU GPL. 26 | 27 | You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL. 28 | 29 | 2. Conveying Modified Versions. 30 | 31 | If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: 32 | 33 | a) under this License, provided that you make a good faith effort to ensure that, in the event an Application does not supply the function or data, the facility still operates, and performs whatever part of its purpose remains meaningful, or 34 | b) under the GNU GPL, with none of the additional permissions of this License applicable to that copy. 35 | 3. Object Code Incorporating Material from Library Header Files. 36 | 37 | The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following: 38 | 39 | a) Give prominent notice with each copy of the object code that the Library is used in it and that the Library and its use are covered by this License. 40 | b) Accompany the object code with a copy of the GNU GPL and this license document. 41 | 4. Combined Works. 42 | 43 | You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: 44 | 45 | a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License. 46 | b) Accompany the Combined Work with a copy of the GNU GPL and this license document. 47 | c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document. 48 | d) Do one of the following: 49 | 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source. 50 | 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version. 51 | e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.) 52 | 5. Combined Libraries. 53 | 54 | You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: 55 | 56 | a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities, conveyed under the terms of this License. 57 | b) Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 58 | 6. Revised Versions of the GNU Lesser General Public License. 59 | 60 | The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. 61 | 62 | Each version is given a distinguishing version number. If the Library as you received it specifies that a certain numbered version of the GNU Lesser General Public License “or any later version” applies to it, you have the option of following the terms and conditions either of that published version or of any later version published by the Free Software Foundation. If the Library as you received it does not specify a version number of the GNU Lesser General Public License, you may choose any version of the GNU Lesser General Public License ever published by the Free Software Foundation. 63 | 64 | If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library. 65 | 66 | Copyright 2018, Intel(R) Corporation (http://www.intel.com) 67 | This software is a research proof of concept and not intended 68 | for production use. 69 | -------------------------------------------------------------------------------- /misc/README.md: -------------------------------------------------------------------------------- 1 | # Patches to add LibDAQ+DPDK support to Graphene-SGX 2 | Tested with commit 4d8eacdd44029af28887247ebeb11b3d3ac1f6df (March 23, 2017 by donporter). 3 | 4 | Apply patches in the following order: 5 | 1. graphene-pull-request-58.patch 6 | 2. graphene-01-mmap-map32bit.diff 7 | 3. graphene-02-unmap-tcs.diff 8 | 4. graphene-03-trustedclock-dpdkocalls.diff 9 | 10 | The first patch (pull request) fixes the naming issue of Intel SGX Driver. 11 | The second patch fixes issue with `mmap(.., MAP_32BIT,..)` that was triggered on LuaJIT library. 12 | The third patch fixes the Graphene-SGX bug of not-enough TCS slots for re-allocated threads. 13 | The fourth patch introduces the Trusted Clock thread (used in `gettime()` syscall) and DPDK Ocalls (used to initialize/finalize DPDK layer). 14 | 15 | # testclock utility 16 | This is an utility to find out the "correct" value for the coefficient of the trusted clock (CPUFREQ). 17 | Specify CPUFREQ values in `run.sh` and run the script. Peak the value that is closest to the real clock value. 18 | -------------------------------------------------------------------------------- /misc/graphene-01-mmap-map32bit.diff: -------------------------------------------------------------------------------- 1 | diff --git a/graphene-snort/LibOS/shim/src/sys/shim_mmap.c b/graphene-snort/LibOS/shim/src/sys/shim_mmap.c 2 | index 1d68a93..eac5a14 100644 3 | --- a/graphene-snort/LibOS/shim/src/sys/shim_mmap.c 4 | +++ b/graphene-snort/LibOS/shim/src/sys/shim_mmap.c 5 | @@ -51,8 +51,10 @@ void * shim_do_mmap (void * addr, size_t length, int prot, int flags, int fd, 6 | 7 | assert(!(flags & (VMA_UNMAPPED|VMA_TAINTED))); 8 | 9 | +// BUGFIX Dmitrii Kuvaiskii: at least LuaJIT requires MAP_32BIT flag, 10 | +// so silently ignore it 11 | if (flags & MAP_32BIT) 12 | - return (void *) -ENOSYS; 13 | + flags &= ~MAP_32BIT; 14 | 15 | int pal_alloc_type = 0; 16 | 17 | diff --git a/graphene-snort/LibOS/shim/test/apps/test-map32bit/Makefile b/graphene-snort/LibOS/shim/test/apps/test-map32bit/Makefile 18 | new file mode 100644 19 | index 0000000..c619f6c 20 | --- /dev/null 21 | +++ b/graphene-snort/LibOS/shim/test/apps/test-map32bit/Makefile 22 | @@ -0,0 +1,15 @@ 23 | +target = testmap32bit 24 | +exec_target = testmap32bit.manifest 25 | + 26 | +clean-extra += clean-tmp 27 | + 28 | +level = ../../ 29 | +include ../../Makefile 30 | + 31 | +$(target): %: %.c 32 | + @echo [ $@ ] 33 | + @$(CC) $(CFLAGS) -pthread -o $@ $< \ 34 | + $(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g') 35 | + 36 | +clean-tmp: 37 | + rm -f $(target).manifest.sgx 38 | diff --git a/graphene-snort/LibOS/shim/test/apps/test-map32bit/testmap32bit.c b/graphene-snort/LibOS/shim/test/apps/test-map32bit/testmap32bit.c 39 | new file mode 100644 40 | index 0000000..4f87fb3 41 | --- /dev/null 42 | +++ b/graphene-snort/LibOS/shim/test/apps/test-map32bit/testmap32bit.c 43 | @@ -0,0 +1,10 @@ 44 | +#include 45 | +#include 46 | +#include 47 | +#include 48 | + 49 | +int main(int argc, char** argv) { 50 | + void *ptr = mmap(NULL, 0x1000, PROT_READ|PROT_WRITE, MAP_32BIT|MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); 51 | + printf("created ptr = %p\n", ptr); 52 | + exit(0); 53 | +} 54 | diff --git a/graphene-snort/LibOS/shim/test/apps/test-map32bit/testmap32bit.manifest.template b/graphene-snort/LibOS/shim/test/apps/test-map32bit/testmap32bit.manifest.template 55 | new file mode 100644 56 | index 0000000..3558bc3 57 | --- /dev/null 58 | +++ b/graphene-snort/LibOS/shim/test/apps/test-map32bit/testmap32bit.manifest.template 59 | @@ -0,0 +1,21 @@ 60 | +#!$(PAL) 61 | + 62 | +loader.preload = file:$(SHIMPATH) 63 | +loader.exec = file:testmap32bit 64 | +loader.env.LD_LIBRARY_PATH = /lib:/usr/lib:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu 65 | +loader.debug_type = none 66 | + 67 | +fs.mount.lib.type = chroot 68 | +fs.mount.lib.path = /lib 69 | +fs.mount.lib.uri = file:$(LIBCDIR) 70 | + 71 | +sys.stack.size = 1m 72 | +sys.brk.size = 64M 73 | +glibc.heap_size = 16M 74 | + 75 | +sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2 76 | +sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6 77 | +sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2 78 | +sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6 79 | +sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0 80 | + 81 | -------------------------------------------------------------------------------- /misc/graphene-02-unmap-tcs.diff: -------------------------------------------------------------------------------- 1 | diff --git a/graphene-snort/LibOS/shim/test/apps/test-threadexit/Makefile b/graphene-snort/LibOS/shim/test/apps/test-threadexit/Makefile 2 | new file mode 100644 3 | index 0000000..98ee02d 4 | --- /dev/null 5 | +++ b/graphene-snort/LibOS/shim/test/apps/test-threadexit/Makefile 6 | @@ -0,0 +1,15 @@ 7 | +target = testthreadexit 8 | +exec_target = testthreadexit.manifest 9 | + 10 | +clean-extra += clean-tmp 11 | + 12 | +level = ../../ 13 | +include ../../Makefile 14 | + 15 | +$(target): %: %.c 16 | + @echo [ $@ ] 17 | + @$(CC) $(CFLAGS) -pthread -o $@ $< \ 18 | + $(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g') 19 | + 20 | +clean-tmp: 21 | + rm -f $(target).manifest.sgx 22 | diff --git a/graphene-snort/LibOS/shim/test/apps/test-threadexit/testthreadexit.c b/graphene-snort/LibOS/shim/test/apps/test-threadexit/testthreadexit.c 23 | new file mode 100644 24 | index 0000000..cd8e814 25 | --- /dev/null 26 | +++ b/graphene-snort/LibOS/shim/test/apps/test-threadexit/testthreadexit.c 27 | @@ -0,0 +1,44 @@ 28 | +#include 29 | +#include 30 | +#include 31 | +#include 32 | +#include 33 | +#include 34 | +#include 35 | + 36 | +void *print_message_function ( void *ptr ) { 37 | + int* thread_no = (int*) ptr; 38 | + printf(" thread %d started \n", *thread_no); 39 | + fflush(stdout); 40 | + sleep(1); 41 | + printf(" thread %d finished \n", *thread_no); 42 | + fflush(stdout); 43 | + pthread_exit(0); 44 | +// return NULL; 45 | +} 46 | + 47 | +/* there will be two simultaneous threads at each point in time and 48 | + NUMTHREADS+1 threads through the execution of program (including) 49 | + the main thread waiting for child threads */ 50 | +int main(int argc, char** argv) { 51 | + if (argc != 2) { 52 | + printf("usage: %s \n", argv[0]); 53 | + exit(0); 54 | + } 55 | + 56 | + int NUMTHREADS = atoi(argv[1]); 57 | + printf("main thread prepares to start %d threads\n", NUMTHREADS); 58 | + fflush(stdout); 59 | + 60 | + pthread_t thread1; 61 | + int thread_no; 62 | + for (thread_no=0; thread_nogpr = gs->ssa + 188 | enclave->ssaframesize - sizeof(sgx_arch_gpr_t); 189 | enclave_thread_gprs[t] = (unsigned long) gs->gpr; 190 | + gs->exit_target_mask = -1; // allow all targets on first entry 191 | } 192 | 193 | goto add_pages; 194 | @@ -844,14 +845,7 @@ static int load_enclave (struct pal_enclave * enclave, 195 | /* start running trusted PAL */ 196 | ecall_enclave_start(arguments, environments); 197 | 198 | - PAL_NUM exit_time = 0; 199 | -#if PRINT_ENCLAVE_STAT == 1 200 | - INLINE_SYSCALL(gettimeofday, 2, &tv, NULL); 201 | - exit_time = tv.tv_sec * 1000000UL + tv.tv_usec; 202 | -#endif 203 | - 204 | - unmap_tcs(); 205 | - INLINE_SYSCALL(exit, 0); 206 | + /* unreachable */ 207 | return 0; 208 | } 209 | 210 | diff --git a/graphene-snort/Pal/src/host/Linux-SGX/sgx_thread.c b/graphene-snort/Pal/src/host/Linux-SGX/sgx_thread.c 211 | index e17ae99..722de34 100644 212 | --- a/graphene-snort/Pal/src/host/Linux-SGX/sgx_thread.c 213 | +++ b/graphene-snort/Pal/src/host/Linux-SGX/sgx_thread.c 214 | @@ -54,11 +54,9 @@ void unmap_tcs (void) 215 | struct thread_map * map = &enclave_thread_map[index]; 216 | if (index >= enclave_thread_num) 217 | return; 218 | - SGX_DBG(DBG_I, "unmap TCS at 0x%08lx\n", map->tcs); 219 | current_tcs = NULL; 220 | ((struct enclave_dbginfo *) DBGINFO_ADDR)->thread_tids[index] = 0; 221 | map->tid = 0; 222 | - map->tcs = NULL; 223 | } 224 | 225 | static void * thread_start (void * arg) 226 | @@ -73,7 +71,7 @@ static void * thread_start (void * arg) 227 | } 228 | 229 | ecall_thread_start(); 230 | - unmap_tcs(); 231 | + /* unreachable */ 232 | return NULL; 233 | } 234 | 235 | diff --git a/graphene-snort/Pal/src/host/Linux-SGX/sgx_tls.h b/graphene-snort/Pal/src/host/Linux-SGX/sgx_tls.h 236 | index 5f49a71..84b30a8 100644 237 | --- a/graphene-snort/Pal/src/host/Linux-SGX/sgx_tls.h 238 | +++ b/graphene-snort/Pal/src/host/Linux-SGX/sgx_tls.h 239 | @@ -19,6 +19,7 @@ struct enclave_tls { 240 | void * ustack_top; 241 | void * ustack; 242 | void * thread; 243 | + uint64_t exit_target_mask; 244 | }; 245 | 246 | #ifndef DEBUG 247 | @@ -56,6 +57,7 @@ extern uint64_t dummy_debug_variable; 248 | #define SGX_USTACK_TOP 0x48 249 | #define SGX_USTACK 0x50 250 | #define SGX_THREAD 0x58 251 | +#define SGX_EXIT_TARGET_MASK 0x60 252 | 253 | #endif 254 | 255 | -------------------------------------------------------------------------------- /misc/testclock/a.out: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloud-security-research/sgx-ids/336e5c7f4891554de69cfeca944adf0246894c99/misc/testclock/a.out -------------------------------------------------------------------------------- /misc/testclock/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # first build 4 | gcc -O2 testclock.c -pthread 5 | 6 | # now run many times 7 | 8 | #for t in 30 60 90 120 150 180; do 9 | for t in 30 60 90 120; do 10 | for CPUFREQ in 782.0; do 11 | for i in 1 2 3; do 12 | echo "EXP $CPUFREQ $t $i" 13 | ./a.out $t $CPUFREQ 14 | done 15 | done 16 | done 17 | echo "DONE!" 18 | -------------------------------------------------------------------------------- /misc/testclock/testclock.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | volatile long unsigned trusted_clock; 9 | 10 | static void* clock_thread_main(void* dummy) { 11 | // printf("[clock_thread] starts incrementing trusted_clock variable\n"); 12 | 13 | trusted_clock = 0; 14 | 15 | asm volatile ( 16 | "mov %0, %%rcx\n\t" 17 | "mov (%%rcx), %%rax\n\t" 18 | "1: inc %%rax\n\t" 19 | " mov %%rax, (%%rcx)\n\t" 20 | " jmp 1b" 21 | : /* no output operands */ 22 | : "r"(&trusted_clock) 23 | : "%rax", "%rcx", "cc" 24 | ); 25 | 26 | /* unreachable */ 27 | return 0; 28 | } 29 | 30 | int main(int argc, char** argv) { 31 | #define CPUFREQ 3980.5 /* NOTE: for my particular Xeon CPU E3-1270 v5 @ 3.60GHz */ 32 | 33 | int s = 0; 34 | if (argc > 1) 35 | s = atoi(argv[1]); 36 | if (s == 0) 37 | s = 30; 38 | 39 | double r = 0.0; 40 | if (argc > 2) 41 | r = atof(argv[2]); 42 | if (r == 0.0) 43 | r = CPUFREQ; 44 | 45 | pthread_t clock_thread; 46 | pthread_create(&clock_thread, NULL, clock_thread_main, NULL); 47 | 48 | long unsigned start2, end2; 49 | long unsigned diff, diff2; 50 | struct timespec start, end; 51 | 52 | clock_gettime(CLOCK_MONOTONIC, &start); 53 | start2 = (long unsigned) (trusted_clock/r); 54 | 55 | sleep(s); 56 | 57 | clock_gettime(CLOCK_MONOTONIC, &end); 58 | end2 = (long unsigned) (trusted_clock/r); 59 | 60 | diff = (1000000000L * (end.tv_sec - start.tv_sec) + end.tv_nsec - start.tv_nsec) / 1000L; 61 | diff2 = end2 - start2; 62 | 63 | printf("clock_gettime = %10lu us\n", (long unsigned) diff); 64 | printf("trusted time = %10lu us\n", (long unsigned) diff2); 65 | 66 | return 0; 67 | } 68 | -------------------------------------------------------------------------------- /sec-ids-whitepaper.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloud-security-research/sgx-ids/336e5c7f4891554de69cfeca944adf0246894c99/sec-ids-whitepaper.pdf --------------------------------------------------------------------------------