Skip to content

tbarbette/retina-docker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
print_tls
print_tls
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
VERSION
VERSION
 
 
docker-entrypoint.sh
docker-entrypoint.sh
 
 
release.sh
release.sh
 
 

Repository files navigation

Docker image for Retina

This docker image provides an easy-to-use docker image to run the sample apps of Retina or a new one that prints the TLS handshakes (print_tls). It will use a PCAP socket to sniff packets from a physical interface. While it does compile DPDK, it is configured to avoid hugepages and other run-time dependencies so this docker provides an easy functional test.

However, you won't get the (very important!) hardware acceleration of Retina. Indeed the PCAP layer is very slow, and RSS will not work. Therefore, Retina is limited to a single core. In no way is this Docker image meant for performance testing. If you want to try the real thing, you may use the CloudLab experiment instead.

A video of a demo has been made as part of the SIGCOMM AEC evaluation. It showcases how to run the log_tls app, then the print_tls app, and finally how to modify and recompile the print_tls application to only filter Netflix packets.

Installation

Install docker

See https://docs.docker.com/get-docker/

Run the container

docker run -it --rm --network host --name my_retina tbarbette/retina eth0 print_tls

eth0 being the name of your interface on which you want to TAP and print_tls the application to launch (you may try other apps from the examples folder in Retina).

Run a command inside the container

If you want to run a command, such as wget https://www.google.com inside the container while retina is running, you may do :

docker exec -it my_retina wget https://www.google.com

Note that by default, the docker app quits after 60 seconds. Therefore running the command after the docker terminated will fail.

Modify the container

Clone this repository and, for instance, change the filter in print_tls/src/main.rs.

#[filter("")]

Which can become:

#[filter("tls.sni ~ '(.+?\\.)?nflxvideo\\.net'")]

or change the Rust callbacks or anything you want. Follow the Retina API at https://stanford-esrg.github.io/retina/retina_core/

then build the docker image with

docker build -t retina .

and run your own image with :

docker run -it --rm --network host --name my_retina retina eth0 tls_log

Notice we use retina instead of tbarbette/retina which is the local image you just built.

About

Docker packages for the great Retina framework

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

8 tags

Packages

No packages published

Languages