-
-
Notifications
You must be signed in to change notification settings - Fork 313
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
14 changed files
with
483 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# Testing Port17 | ||
|
||
## Simple Docker Setup | ||
|
||
Run `run.sh` to start the docker compose test network. | ||
Then, connect to the test network, by starting the core with the "test" spn map and the correct bootstrap file. | ||
|
||
Run `stop.sh` to remove all docker resources again. | ||
|
||
Setup Guide can be found in the directory. | ||
|
||
## Advanced Setup with Shadow | ||
|
||
For advanced testing we use [shadow](https://github.com/shadow/shadow). | ||
The following section will help you set up shadow and will guide you how to test Port17 in a local Shadow environment. | ||
|
||
### Setting up | ||
|
||
Download the docker version from here: [https://security.cs.georgetown.edu/shadow-docker-images/shadow-standalone.tar.gz](https://security.cs.georgetown.edu/shadow-docker-images/shadow-standalone.tar.gz) | ||
|
||
Then import the image into docker with `gunzip -c shadow-standalone.tar.gz | sudo docker load`. | ||
|
||
### Running | ||
|
||
Execute `sudo docker run -t -i -u shadow shadow-standalone /bin/bash` to start an interactive container with shadow. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# Setup Guide | ||
|
||
1. Build SPN Hub | ||
|
||
``` | ||
cd ../../../cmds/hub/ | ||
./build | ||
``` | ||
|
||
2. Reset any previous state (for a fresh test) | ||
|
||
``` | ||
./reset-databases.sh | ||
``` | ||
|
||
3. Change compose file and config template as required | ||
|
||
Files: | ||
- `docker-compose.yml` | ||
- `config-template.json` | ||
|
||
4. Start test network | ||
|
||
``` | ||
./run.sh | ||
``` | ||
|
||
5. Option 1: Join as Hub | ||
|
||
For testing just one Hub with a different build or config, you can simply use `./join.sh` to join the network with the most recently build hub binary. | ||
|
||
6. Option 2: Join as Portmaster | ||
|
||
For connecting to the SPN test network with Portmaster, execute portmaster like this: | ||
|
||
sudo ../../../cmds/portmaster-core/portmaster-core --disable-shutdown-event --devmode --log debug --data /opt/safing/portmaster | ||
|
||
Note: | ||
This uses the same portmaster data and config as your installed version. | ||
As the SPN Test net operates under a different ID ("test" instead of "main"), this will not pollute the SPN state of your installed Portmaster. | ||
|
||
7. Stop the test net | ||
|
||
This is important, as just stopping the `./run.sh` script will leave you with interfaces with public IPs! | ||
|
||
``` | ||
./stop.sh | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
#!/bin/bash | ||
|
||
cd "$( dirname "${BASH_SOURCE[0]}" )" | ||
|
||
realpath() { | ||
path=`eval echo "$1"` | ||
folder=$(dirname "$path") | ||
echo $(cd "$folder"; pwd)/$(basename "$path"); | ||
} | ||
|
||
if [[ ! -f "../../client" ]]; then | ||
echo "please compile client.go in main directory (output: client)" | ||
exit 1 | ||
fi | ||
|
||
bin_path="$(realpath ../../client)" | ||
data_path="$(realpath ./testdata)" | ||
if [[ ! -d "$data_path" ]]; then | ||
mkdir "$data_path" | ||
fi | ||
shared_path="$(realpath ./testdata/shared)" | ||
if [[ ! -d "$shared_path" ]]; then | ||
mkdir "$shared_path" | ||
fi | ||
|
||
docker network ls | grep spn-simpletest-network >/dev/null 2>&1 | ||
if [[ $? -ne 0 ]]; then | ||
docker network create spn-simpletest-network --subnet 6.0.0.0/24 | ||
fi | ||
|
||
docker run -ti --rm \ | ||
--name spn-simpletest-clientsim \ | ||
--network spn-simpletest-network \ | ||
-v $bin_path:/opt/client:ro \ | ||
-v $data_path/clientsim:/opt/data \ | ||
-v $shared_path:/opt/shared \ | ||
--entrypoint /opt/client \ | ||
toolset.safing.network/dev \ | ||
--data /opt/data \ | ||
--bootstrap-file /opt/shared/bootstrap.dsd \ | ||
--log trace $* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
{ | ||
"core": { | ||
"log": { | ||
"level": "trace" | ||
}, | ||
"metrics": { | ||
"instance": "test_$HUBNAME", | ||
"push": "" | ||
} | ||
}, | ||
"spn": { | ||
"publicHub": { | ||
"name": "test-$HUBNAME", | ||
"transports": ["http:80", "http:8080", "tcp:17"], | ||
"allowUnencrypted": true, | ||
"bindToAdvertised": true | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,139 @@ | ||
version: "2.4" | ||
|
||
networks: | ||
default: | ||
ipam: | ||
driver: default | ||
config: | ||
- subnet: 6.0.0.0/24 | ||
|
||
services: | ||
hub1: | ||
container_name: spn-test-simple-hub1 | ||
hostname: hub1 | ||
image: toolset.safing.network/dev | ||
entrypoint: "/opt/shared/entrypoint.sh" | ||
volumes: | ||
- ${SPN_TEST_BIN}:/opt/hub1:ro | ||
- ${SPN_TEST_DATA_DIR}/hub1:/opt/data | ||
- ${SPN_TEST_SHARED_DATA_DIR}:/opt/shared | ||
networks: | ||
default: | ||
ipv4_address: 6.0.0.11 | ||
|
||
hub2: | ||
container_name: spn-test-simple-hub2 | ||
hostname: hub2 | ||
image: alpine | ||
entrypoint: "/opt/shared/entrypoint.sh" | ||
volumes: | ||
- ${SPN_TEST_BIN}:/opt/hub2:ro | ||
- ${SPN_TEST_DATA_DIR}/hub2:/opt/data | ||
- ${SPN_TEST_SHARED_DATA_DIR}:/opt/shared | ||
networks: | ||
default: | ||
ipv4_address: 6.0.0.12 | ||
|
||
hub3: | ||
container_name: spn-test-simple-hub3 | ||
hostname: hub3 | ||
image: toolset.safing.network/dev | ||
entrypoint: "/opt/shared/entrypoint.sh" | ||
volumes: | ||
- ${SPN_TEST_BIN}:/opt/hub3:ro | ||
- ${SPN_TEST_DATA_DIR}/hub3:/opt/data | ||
- ${SPN_TEST_SHARED_DATA_DIR}:/opt/shared | ||
networks: | ||
default: | ||
ipv4_address: 6.0.0.13 | ||
|
||
hub4: | ||
container_name: spn-test-simple-hub4 | ||
hostname: hub4 | ||
image: toolset.safing.network/dev | ||
entrypoint: "/opt/shared/entrypoint.sh" | ||
volumes: | ||
- ${SPN_TEST_BIN}:/opt/hub4:ro | ||
- ${SPN_TEST_DATA_DIR}/hub4:/opt/data | ||
- ${SPN_TEST_SHARED_DATA_DIR}:/opt/shared | ||
networks: | ||
default: | ||
ipv4_address: 6.0.0.14 | ||
|
||
hub5: | ||
container_name: spn-test-simple-hub5 | ||
hostname: hub5 | ||
image: toolset.safing.network/dev | ||
entrypoint: "/opt/shared/entrypoint.sh" | ||
volumes: | ||
- ${SPN_TEST_BIN}:/opt/hub5:ro | ||
- ${SPN_TEST_DATA_DIR}/hub5:/opt/data | ||
- ${SPN_TEST_SHARED_DATA_DIR}:/opt/shared | ||
networks: | ||
default: | ||
ipv4_address: 6.0.0.15 | ||
|
||
hub6: | ||
container_name: spn-test-simple-hub6 | ||
hostname: hub6 | ||
image: toolset.safing.network/dev | ||
entrypoint: "/opt/shared/entrypoint.sh" | ||
volumes: | ||
- ${SPN_TEST_OLD_BIN}:/opt/hub6:ro | ||
- ${SPN_TEST_DATA_DIR}/hub6:/opt/data | ||
- ${SPN_TEST_SHARED_DATA_DIR}:/opt/shared | ||
networks: | ||
default: | ||
ipv4_address: 6.0.0.16 | ||
|
||
hub7: | ||
container_name: spn-test-simple-hub7 | ||
hostname: hub7 | ||
image: toolset.safing.network/dev | ||
entrypoint: "/opt/shared/entrypoint.sh" | ||
volumes: | ||
- ${SPN_TEST_OLD_BIN}:/opt/hub7:ro | ||
- ${SPN_TEST_DATA_DIR}/hub7:/opt/data | ||
- ${SPN_TEST_SHARED_DATA_DIR}:/opt/shared | ||
networks: | ||
default: | ||
ipv4_address: 6.0.0.17 | ||
|
||
hub8: | ||
container_name: spn-test-simple-hub8 | ||
hostname: hub8 | ||
image: toolset.safing.network/dev | ||
entrypoint: "/opt/shared/entrypoint.sh" | ||
volumes: | ||
- ${SPN_TEST_OLD_BIN}:/opt/hub8:ro | ||
- ${SPN_TEST_DATA_DIR}/hub8:/opt/data | ||
- ${SPN_TEST_SHARED_DATA_DIR}:/opt/shared | ||
networks: | ||
default: | ||
ipv4_address: 6.0.0.18 | ||
|
||
hub9: | ||
container_name: spn-test-simple-hub9 | ||
hostname: hub9 | ||
image: toolset.safing.network/dev | ||
entrypoint: "/opt/shared/entrypoint.sh" | ||
volumes: | ||
- ${SPN_TEST_OLD_BIN}:/opt/hub9:ro | ||
- ${SPN_TEST_DATA_DIR}/hub9:/opt/data | ||
- ${SPN_TEST_SHARED_DATA_DIR}:/opt/shared | ||
networks: | ||
default: | ||
ipv4_address: 6.0.0.19 | ||
|
||
hub10: | ||
container_name: spn-test-simple-hub10 | ||
hostname: hub10 | ||
image: toolset.safing.network/dev | ||
entrypoint: "/opt/shared/entrypoint.sh" | ||
volumes: | ||
- ${SPN_TEST_OLD_BIN}:/opt/hub10:ro | ||
- ${SPN_TEST_DATA_DIR}/hub10:/opt/data | ||
- ${SPN_TEST_SHARED_DATA_DIR}:/opt/shared | ||
networks: | ||
default: | ||
ipv4_address: 6.0.0.20 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/bin/sh | ||
|
||
# Get hostname. | ||
HUBNAME=$HOSTNAME | ||
if [ "$HUBNAME" = "" ]; then | ||
HUBNAME=$(cat /etc/hostname) | ||
fi | ||
export HUBNAME | ||
|
||
# Read, process and write config. | ||
cat /opt/shared/config-template.json | sed "s/\$HUBNAME/$HUBNAME/g" > /opt/data/config.json | ||
|
||
# Get binary to start. | ||
BIN=$(ls /opt/ | grep hub) | ||
|
||
# Start Hub. | ||
/opt/$BIN --data /opt/data --log trace --spn-map test --bootstrap-file /opt/shared/bootstrap.dsd --api-address 0.0.0.0:817 --devmode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
#!/bin/bash | ||
|
||
cd "$( dirname "${BASH_SOURCE[0]}" )" | ||
|
||
MAIN_INTEL_FILE="intel-testnet.json" | ||
|
||
if [[ ! -f $MAIN_INTEL_FILE ]]; then | ||
echo "missing $MAIN_INTEL_FILE" | ||
exit 1 | ||
fi | ||
|
||
echo "if the containing directory cannot be created, you might need to adjust permissions, as nodes are run with root in test containers..." | ||
echo "$ sudo chmod -R 777 data/hub*/updates" | ||
echo "starting to update..." | ||
|
||
for hubDir in data/hub*; do | ||
# Build destination path | ||
hubIntelFile="${hubDir}/updates/all/intel/spn/main-intel_v0-0-0.dsd" | ||
|
||
# Copy file | ||
mkdir -p "${hubDir}/updates/all/intel/spn" | ||
echo -n "J" > "$hubIntelFile" | ||
cat $MAIN_INTEL_FILE >> "$hubIntelFile" | ||
|
||
echo "updated $hubIntelFile" | ||
done | ||
|
||
if [[ -d /var/lib/portmaster ]]; then | ||
echo "updating intel for local portmaster installation..." | ||
|
||
portmasterSPNIntelFile="/var/lib/portmaster/updates/all/intel/spn/main-intel_v0-0-0.dsd" | ||
echo -n "J" > "$portmasterSPNIntelFile" | ||
cat $MAIN_INTEL_FILE >> "$portmasterSPNIntelFile" | ||
echo "updated $portmasterSPNIntelFile" | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# Get current list of IDs from test net: | ||
# curl http://127.0.0.1:817/api/v1/spn/map/test/pins | jq ".[] | .ID" | ||
# Then import into test client with: | ||
# curl -X POST --upload-file intel-client.yaml http://127.0.0.1:817/api/v1/spn/map/test/intel/update | ||
Hubs: | ||
Zwm48YWWFGdwXjhE1MyEkWfqxPr9DiUBoXpusTZ1FMQnuK: | ||
Trusted: true | ||
Zwu5LkkbfCbAcYxWG3vtWF1VvWjgWpc1GJfkwRdLFNtytV: | ||
Trusted: true | ||
ZwuQpz5CqYmYoLnt9KXQ8oxnmosBzfrCYwCGhxT4fsG1Dz: | ||
Trusted: true | ||
ZwwmC3dHzr7J6XW9mc2KD6FDNuXwPVJUFi9dLnDSNMyjLk: | ||
Trusted: true | ||
ZwxSBdvqtJyz8zRWKZe6QyK51KH9av6VFay2GQvpFrWKHq: | ||
Trusted: true | ||
ZwxnuL6zMLj4AxJX8Bj369w2tNrVtYxzffVcXZuMxdxbGj: | ||
Trusted: true | ||
ZwyXdnC8JkC7m796skGD7QWGoYycByR3KVntkXMY8CxRZQ: | ||
Trusted: true | ||
Zwz7AHiH1EevD9eYFqvQQPbVWyBBcksTRxxafbRx5Cvc4F: | ||
Trusted: true | ||
ZwzMtc65t9XBMwmLm2xNSL69FvqHGPLiqeNBZ3eEN5a9sS: | ||
Trusted: true | ||
ZwzjnCUNGsuWnkYmN3QEj8JPLxU6V1QQFk9b47AigmPKiH: | ||
Trusted: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
{ | ||
"BootstrapHubs": [ | ||
], | ||
"TrustedHubs": [ | ||
"ZwrY9G9HDo1J3qQrrQs8VF2KD99bj7KyWesJ5kWFUDBU6r", | ||
"Zwj56ZFXrsud8gc1Rw3zuxRwMLhGkwvtvnTxCVtJ8EWLhQ", | ||
"ZwpdW87ityD9i3N9x8oweCJnbZEqo346VBg4mCsCvTr1Zo", | ||
"ZwpJ6ebddk1sccUVpo92JUqicBfKzBN2w4pEGoEY7UsNhX", | ||
"Zwte3Jffp9PWmeWfrn8RyGuvZZFCg3v7XR3tpQjdo9TpVt", | ||
"ZwrTcdiPF5zR5h9q9EdjHCrrXzYVBdQe5HmEYUWXdLkke3", | ||
"Zwv7tSn5iU6bYKn53NaGCxPtL8vSxSK7F9VdQezDaDCLBt", | ||
"Zwvtdq3K9knP9iNaRS1Ju8CETWTqy7oRwbScjBtJGBpqhB" | ||
], | ||
"AdviseOnlyTrustedHubs": true, | ||
"AdviseOnlyTrustedHomeHubs": true, | ||
"AdviseOnlyTrustedDestinationHubs": true | ||
} |
Oops, something went wrong.