mirror of
https://github.com/TrustTunnel/TrustTunnel.git
synced 2026-04-12 22:34:24 +00:00
6560bc6cb9
Squashed commit of the following: commit c459ff3d2b0d7a66edf0d47f31b1d1d1b004810d Author: Andrey Yakushin <a.yakushin@adguard.com> Date: Tue Feb 17 19:02:50 2026 +0400 Docs about eof commit dbea1ce0eeb2ae94fe6dc31fac476864463e7e58 Author: Andrey Yakushin <a.yakushin@adguard.com> Date: Mon Feb 16 14:41:21 2026 +0400 Some comments about capacity checks commit 4fe43594fdf633d690d05d05b129c70b20b15a9c Author: Andrey Yakushin <a.yakushin@adguard.com> Date: Mon Feb 16 14:36:17 2026 +0400 Do not write curl's output to subprocess.PIPE due to a python bug commit 430e15971146317da3e535ba29cf8afde068f4c0 Author: Andrey Yakushin <a.yakushin@adguard.com> Date: Mon Feb 16 14:29:39 2026 +0400 Defer headers sending in case of StreamBlocked error commit 25a5ffdd375ef4104b8fe8a186d841a95b4602be Author: Andrey Yakushin <a.yakushin@adguard.com> Date: Mon Feb 16 14:27:13 2026 +0400 Drop udp packets instead or terminating http3 stream in case of partial sending commit de9d464c796a5dee98b4933b0ec779442a069a42 Author: Andrey Yakushin <a.yakushin@adguard.com> Date: Mon Feb 16 14:22:57 2026 +0400 Handle StreamBlocked error
Architecture
The benchmark consists of 3 isolated parts:
remote-side- acts as HTTP servers for the benchmarkmiddle-box- acts as a VPN endpoint host, either WireGuard or TrustTunnellocal-side- acts as a benchmark running host, can establish tunnels to the server residing on the remote side through the VPN endpoint
How to run
Single host
-
Build docker images
cd ./bench ./single_host.sh build --client=<TrustTunnelClient.git> --endpoint=<TrustTunnel.git>This command prepares all the parts to run on the current host. To see the full set of the available options run:
./single_host.sh --help -
Run the benchmark
./single_host.sh runThis command runs all the parts of the benchmark on the current host.
Separate hosts
Assume IP addresses of host_1, host_2 and host_3 are 1.1.1.1, 2.2.2.2 and 3.3.3.3 respectively.
-
Running
host_1as a remote sidescp Dockerfile user@1.1.1.1:~ scp -r remote-side user@1.1.1.1:~ ssh user@1.1.1.1 docker build -t bench-common . docker build -t bench-rs ./remote-side docker run -d -p 8080:8080 -p 5201:5201 -p 5201:5201/udp bench-rs -
Running
host_2as a middle boxscp Dockerfile user@2.2.2.2:~ git clone <TrustTunnel.git> ./middle-box/trusttunnel-rust/trusttunnel-endpoint scp -r middle-box user@2.2.2.2:~ ssh user@2.2.2.2 docker build -t bench-common .-
WireGuard
docker build -t bench-mb-wg ./middle-box/wireguard docker run -d \ --cap-add=NET_ADMIN --cap-add=SYS_MODULE --device=/dev/net/tun \ -p 51820:51820/udp \ bench-mb-wg -
TrustTunnel
docker build \ --build-arg ENDPOINT_HOSTNAME=endpoint.bench \ -t bench-mb-ag ./middle-box/trusttunnel-rust/ docker run -d \ --cap-add=NET_ADMIN --cap-add=SYS_MODULE --device=/dev/net/tun \ -p 4433:4433 -p 4433:4433/udp \ bench-mb-ag
-
-
Run the benchmark from
host_3scp Dockerfile user@3.3.3.3:~ git clone <TrustTunnel.git> ./local-side/trusttunnel/trusttunnel-endpoint scp -r local-side user@3.3.3.3:~ ssh user@3.3.3.3 docker build -t bench-common . docker build -t bench-ls ./local-side-
No VPN
./local-side/bench.sh no-vpn bridge 1.1.1.1 results/no-vpn -
WireGuard
docker build -t bench-ls-wg ./local-side/wireguard ./local-side/bench.sh wg bridge 1.1.1.1 results/wg 2.2.2.2 -
TrustTunnel
docker build -t bench-ls-ag ./local-side/trusttunnel ./local-side/bench.sh ag bridge 1.1.1.1 results/ag 2.2.2.2 endpoint.bench
-