Luis/clan-master-thesis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

several fixups discussed on tuesday

Browse Source
This commit is contained in:
Qubasa
2026-03-06 17:56:30 +01:00
parent 0a0ca0800a
commit f29d810240
6 changed files with 10 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Chapters/Conclusion.tex
View File

@@ -1,4 +1,4 @@
\chapter{Conclusion} % Main chapter title \chapter{Conclusion} % Main chapter title
\label{Conclusion} \label{Conclusion}

2
Chapters/Discussion.tex
View File

@@ -1,4 +1,4 @@
\chapter{Discussion} % Main chapter title \chapter{Discussion} % Main chapter title
\label{Discussion} \label{Discussion}

11
Chapters/Methodology.tex
View File

@@ -72,7 +72,6 @@ and reordering. These impairments are applied symmetrically on all
machines, meaning effective round-trip impairment is approximately machines, meaning effective round-trip impairment is approximately
double the per-machine values. double the per-machine values.
\subsection{Configuration Methodology} \subsection{Configuration Methodology}
Each VPN is built from source within the Nix flake, ensuring that all Each VPN is built from source within the Nix flake, ensuring that all
@@ -82,7 +81,7 @@ under \texttt{pkgs/} in the flake.
Cryptographic material (WireGuard keys, Nebula certificates, ZeroTier Cryptographic material (WireGuard keys, Nebula certificates, ZeroTier
identities) is generated deterministically via Clan's vars generator identities) is generated deterministically via Clan's vars generator
system. system.
Generated keys are stored in version control under Generated keys are stored in version control under
\texttt{vars/per-machine/\{name\}/} and read at NixOS evaluation time, \texttt{vars/per-machine/\{name\}/} and read at NixOS evaluation time,
@@ -101,7 +100,8 @@ Table~\ref{tab:benchmark_suite} summarises each benchmark.
\label{tab:benchmark_suite} \label{tab:benchmark_suite}
\begin{tabular}{llll} \begin{tabular}{llll}
\hline \hline
\textbf{Benchmark} & \textbf{Protocol} & \textbf{Duration} & \textbf{Key Metrics} \\ \textbf{Benchmark} & \textbf{Protocol} & \textbf{Duration} &
\textbf{Key Metrics} \\
\hline \hline
Ping & ICMP & 3 runs $\times$ 100 pkts & RTT, packet loss \\ Ping & ICMP & 3 runs $\times$ 100 pkts & RTT, packet loss \\
TCP iPerf3 & TCP & 30 s & Throughput, retransmits, CPU \\ TCP iPerf3 & TCP & 30 s & Throughput, retransmits, CPU \\
@@ -348,8 +348,6 @@ typical observations, while min and max capture outlier behavior.
The nix-cache benchmark additionally reports standard deviation via The nix-cache benchmark additionally reports standard deviation via
hyperfine's built-in statistical output. hyperfine's built-in statistical output.
\section{Source Code Analysis} \section{Source Code Analysis}
To complement the performance benchmarks with architectural To complement the performance benchmarks with architectural
@@ -517,8 +515,6 @@ wall-clock duration, number of attempts, VPN restart count and
duration, connectivity wait time, source and target machine names, duration, connectivity wait time, source and target machine names,
and on failure, the relevant service logs. and on failure, the relevant service logs.
\section{VPNs Under Test} \section{VPNs Under Test}
VPNs were selected based on: VPNs were selected based on:
@@ -532,7 +528,6 @@ VPNs were selected based on:
\bitem{Linux support:} All VPNs must run on Linux. \bitem{Linux support:} All VPNs must run on Linux.
\end{itemize} \end{itemize}
Ten VPN implementations were selected for evaluation, spanning a range Ten VPN implementations were selected for evaluation, spanning a range
of architectures from centralized coordination to fully decentralized of architectures from centralized coordination to fully decentralized
mesh topologies. Table~\ref{tab:vpn_selection} summarizes the selection. mesh topologies. Table~\ref{tab:vpn_selection} summarizes the selection.

4
Chapters/Results.tex
View File

@@ -12,8 +12,6 @@ The chapter concludes with findings from the source code analysis.
\section{Baseline Performance} \section{Baseline Performance}
% Under the baseline impairment profile (no added latency, loss, or % Under the baseline impairment profile (no added latency, loss, or
% reordering), the overhead introduced by each VPN relative to the % reordering), the overhead introduced by each VPN relative to the
% internal (no VPN) baseline and WireGuard can be measured in isolation. % internal (no VPN) baseline and WireGuard can be measured in isolation.
@@ -97,4 +95,4 @@ High impairment profiles defined in Chapter~\ref{Methodology}.
\section{Summary of Findings} \section{Summary of Findings}
% Brief summary table or ranking of VPNs by key metrics. % Brief summary table or ranking of VPNs by key metrics.
% Save deeper interpretation for a Discussion chapter. % Save deeper interpretation for a Discussion chapter.

1
_typos.toml
View File

@@ -6,6 +6,7 @@ extend-exclude = [
"**/facter-report.nix", "**/facter-report.nix",
"**/key.json", "**/key.json",
"pkgs/clan-cli/clan_lib/machines/test_suggestions.py", "pkgs/clan-cli/clan_lib/machines/test_suggestions.py",
"Chapters/Zusammenfassung.tex",
] ]
[default.extend-words] [default.extend-words]

33
main.tex
View File

@@ -95,7 +95,8 @@
% THESIS INFORMATION % THESIS INFORMATION
%---------------------------------------------------------------------------------------- %----------------------------------------------------------------------------------------
\thesistitle{An Analysis of P2P VPN Implementation} % Your thesis title, this is used in the title \thesistitle{An Analysis of P2P VPN Implementation} % Your thesis
% title, this is used in the title
% and abstract, print it elsewhere with \ttitle % and abstract, print it elsewhere with \ttitle
%\supervisor{\textsc{Ber Lorke}} % Your supervisor's name, this is %\supervisor{\textsc{Ber Lorke}} % Your supervisor's name, this is
% used in the title page, print it elsewhere with \supname % used in the title page, print it elsewhere with \supname
@@ -248,35 +249,7 @@ and Management}} % Your department's name and URL, this is used in
\end{abstract} \end{abstract}
%---------------------------------------------------------------------------------------- \input{Chapters/Zusammenfassung}
% GERMAN ABSTRACT PAGE
%----------------------------------------------------------------------------------------
\begingroup
\renewcommand{\abstractname}{Zusammenfassung}
\begin{abstract}
\addchaptertocentry{Zusammenfassung}
Diese Arbeit untersucht Peer-to-Peer-Mesh-VPNs mithilfe eines
reproduzierbaren, Nix-basierten Frameworks, das auf einem
Deployment-System namens Clan aufbaut. Wir evaluieren zehn
VPN-Implementierungen, darunter Tailscale (über Headscale),
Hyprspace, Nebula, Tinc und ZeroTier, unter vier
Netzwerkbeeinträchtigungsprofilen mit variierendem Paketverlust,
Paketumsortierung, Latenz und Jitter, was über 300 einzelne
Messungen in sieben Benchmarks ergibt.
Unsere Analyse zeigt, dass Tailscale unter beeinträchtigten
Bedingungen den Standard-Netzwerkstack des Linux-Kernels
übertrifft, was auf seinen Userspace-IP-Stack mit optimierten
Parametern zurückzuführen ist. Wir bestätigen dies, indem wir die
Benchmarks mit entsprechend angepassten Kernel-Parametern erneut
durchführen und vergleichbare Durchsatzgewinne beobachten. Die
Untersuchung deckte zudem eine kritische Sicherheitslücke in einem
der evaluierten VPNs auf.
\end{abstract}
\endgroup
%---------------------------------------------------------------------------------------- %----------------------------------------------------------------------------------------
% ACKNOWLEDGEMENTS % ACKNOWLEDGEMENTS