summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--images_build/client/dign_client/bin/client.py77
-rw-r--r--images_build/server_web/Dockerfile4
-rw-r--r--k8s-resource/dign-client.yml78
-rw-r--r--k8s-resource/dign-server.yml99
-rw-r--r--scripts/tsg-diagnose-oneshot47
-rw-r--r--scripts/tsg-diagnose-periodical47
6 files changed, 338 insertions, 14 deletions
diff --git a/images_build/client/dign_client/bin/client.py b/images_build/client/dign_client/bin/client.py
index 6cacad8..bb380ab 100644
--- a/images_build/client/dign_client/bin/client.py
+++ b/images_build/client/dign_client/bin/client.py
@@ -169,7 +169,7 @@ DNS_SERVER_ALLOW_TTL = 60
DNS_SERVER_REDIRECT_TTL = 333
DNS_SERVER_REDIRECT_RANGE_LOW = 400
DNS_SERVER_REDIRECT_RANGE_HIGH = 500
-DNS_SERVER_IP = ["192.0.2.135"]
+DNS_SERVER_IP = ["192.0.2.101"]
DnsRequestFirewallDenyDrop = "Dns request timeout is deny drop sucess"
DnsARequestFireWallDenyRedirect = "Dns rdtype A request is deny reidrect sucess"
DnsAAAARequestFireWallDenyRedirect = "Dns rdtype AAAA request is deny redirect sucess"
@@ -180,7 +180,55 @@ DnsAAAARequestFirewallAllow = "Dns rdtype AAAA request data is sucess"
DnsCNAMERequestFirewallAllow = "Dns rdtype CNAME request data is sucess"
-
+REQUEST_RESOLVE = ['sha384.badssl.selftest.gdnt-cloud.website:443:192.0.2.101',\
+ 'sha256.badssl.selftest.gdnt-cloud.website:443:192.0.2.101',\
+ 'expired.badssl.selftest.gdnt-cloud.website:443:192.0.2.101',\
+ 'self-signed.badssl.selftest.gdnt-cloud.website:443:192.0.2.101',\
+ 'untrusted-root.badssl.selftest.gdnt-cloud.website:443:192.0.2.101',\
+ 'web-replay.badssl.selftest.gdnt-cloud.website:80:192.0.2.101',\
+ 'web-replay.badssl.selftest.gdnt-cloud.website:443:192.0.2.101',\
+ 'testing-download.badssl.selftest.gdnt-cloud.website:443:192.0.2.101',\
+ 'http.badssl.selftest.gdnt-cloud.website:80:192.0.2.101',\
+ 'http-credit-card.badssl.selftest.gdnt-cloud.website:80:192.0.2.101',\
+ 'http-dynamic-login.badssl.selftest.gdnt-cloud.website:80:192.0.2.101',\
+ 'http-login.badssl.selftest.gdnt-cloud.website:80:192.0.2.101',\
+ 'sha512.badssl.selftest.gdnt-cloud.website:443:192.0.2.101',\
+ 'rsa2048.badssl.selftest.gdnt-cloud.website:443:192.0.2.101',\
+ 'rsa4096.badssl.selftest.gdnt-cloud.website:443:192.0.2.101',\
+ 'testing-firewall-filter-host.badssl.selftest.gdnt-cloud.website:80:192.0.2.101',\
+ 'testing-firewall-filter-url.badssl.selftest.gdnt-cloud.website:80:192.0.2.101',\
+ 'testing-proxy-filter-host.badssl.selftest.gdnt-cloud.website:80:192.0.2.101',\
+ 'testing-proxy-filter-url.badssl.selftest.gdnt-cloud.website:80:192.0.2.101']
+
+def set_http_request_resolve(id_service_function):
+ global REQUEST_RESOLVE
+ ip_left_edge = 100
+ ip_http_server = ip_left_edge + id_service_function
+ REQUEST_RESOLVE = ['sha384.badssl.selftest.gdnt-cloud.website:443:192.0.2.%d' % ip_http_server,\
+ 'sha256.badssl.selftest.gdnt-cloud.website:443:192.0.2.%d' % ip_http_server,\
+ 'expired.badssl.selftest.gdnt-cloud.website:443:192.0.2.%d' % ip_http_server,\
+ 'self-signed.badssl.selftest.gdnt-cloud.website:443:192.0.2.%d' % ip_http_server,\
+ 'untrusted-root.badssl.selftest.gdnt-cloud.website:443:192.0.2.%d' % ip_http_server,\
+ 'web-replay.badssl.selftest.gdnt-cloud.website:80:192.0.2.%d' % ip_http_server,\
+ 'web-replay.badssl.selftest.gdnt-cloud.website:443:192.0.2.%d' % ip_http_server,\
+ 'testing-download.badssl.selftest.gdnt-cloud.website:443:192.0.2.%d' % ip_http_server,\
+ 'http.badssl.selftest.gdnt-cloud.website:80:192.0.2.%d' % ip_http_server,\
+ 'http-credit-card.badssl.selftest.gdnt-cloud.website:80:192.0.2.%d' % ip_http_server,\
+ 'http-dynamic-login.badssl.selftest.gdnt-cloud.website:80:192.0.2.%d' % ip_http_server,\
+ 'http-login.badssl.selftest.gdnt-cloud.website:80:192.0.2.%d' % ip_http_server,\
+ 'sha512.badssl.selftest.gdnt-cloud.website:443:192.0.2.%d' % ip_http_server,\
+ 'rsa2048.badssl.selftest.gdnt-cloud.website:443:192.0.2.%d' % ip_http_server,\
+ 'rsa4096.badssl.selftest.gdnt-cloud.website:443:192.0.2.%d' % ip_http_server,\
+ 'testing-firewall-filter-host.badssl.selftest.gdnt-cloud.website:80:192.0.2.%d' % ip_http_server,\
+ 'testing-firewall-filter-url.badssl.selftest.gdnt-cloud.website:80:192.0.2.%d' % ip_http_server,\
+ 'testing-proxy-filter-host.badssl.selftest.gdnt-cloud.website:80:192.0.2.%d' % ip_http_server,\
+ 'testing-proxy-filter-url.badssl.selftest.gdnt-cloud.website:80:192.0.2.%d' % ip_http_server]
+
+def set_dns_server_ip(id_service_function):
+ global DNS_SERVER_IP
+ ip_left_edge = 100
+ ip_dns_server = ip_left_edge + id_service_function
+ DNS_SERVER_IP = ['192.0.2.%d' % ip_dns_server]
class _WritelnDecorator(object):
"""Used to decorate file-like objects with a handy 'writeln' method"""
@@ -532,6 +580,7 @@ class SSLCheckRequestBuild:
self.conn.setopt(self.conn.WRITEFUNCTION, BytesIO().write)
self.conn.setopt(self.conn.OPT_CERTINFO, 1)
self.conn.setopt(self.conn.SSL_VERIFYPEER, False)
+ self.conn.setopt(self.conn.RESOLVE,REQUEST_RESOLVE)
def _set_conn_opt(self,test_suite_name, url):
self.conn.setopt(self.conn.MAX_RECV_SPEED_LARGE, int(suite_test_config_dict[test_suite_name]['max_recv_speed_large']))
@@ -583,6 +632,7 @@ class SslInterceptRequestBuild:
self.conn.setopt(self.conn.WRITEFUNCTION, BytesIO().write)
self.conn.setopt(self.conn.OPT_CERTINFO, 1)
self.conn.setopt(self.conn.SSL_VERIFYPEER, False)
+ self.conn.setopt(self.conn.RESOLVE,REQUEST_RESOLVE)
def _set_conn_opt(self,test_suite_name,url):
self.conn.setopt(self.conn.MAX_RECV_SPEED_LARGE, int(suite_test_config_dict[test_suite_name]['max_recv_speed_large']))
@@ -631,6 +681,7 @@ class ProxyRequestBuild:
self.bodyBuf = BytesIO()
self.conn = pycurl.Curl()
self.conn.setopt(self.conn.ENCODING, "gzip,deflate")
+ self.conn.setopt(self.conn.RESOLVE,REQUEST_RESOLVE)
def _cert_verify(self, certs, isSsl):
if isSsl == True:
@@ -770,6 +821,7 @@ class SSLFileDownloadBuild:
self.conn.setopt(self.conn.WRITEFUNCTION, BytesIO().write)
self.conn.setopt(self.conn.SSL_VERIFYPEER, False)
self.conn.setopt(self.conn.OPT_CERTINFO, 1)
+ self.conn.setopt(self.conn.RESOLVE,REQUEST_RESOLVE)
def _get_conninfo(self,conn):
dictconninfo = {}
@@ -831,6 +883,7 @@ class HttpFirewallActionBuild:
def __init__(self):
self.conn = pycurl.Curl()
self.conn.setopt(self.conn.WRITEFUNCTION, BytesIO().write)
+ self.conn.setopt(self.conn.RESOLVE,REQUEST_RESOLVE)
def _set_conn_opt(self,test_suite_name, url):
self.conn.setopt(self.conn.MAX_RECV_SPEED_LARGE, int(suite_test_config_dict[test_suite_name]['max_recv_speed_large']))
@@ -894,6 +947,7 @@ class SslFirewallActionBuild:
self.conn.setopt(self.conn.WRITEFUNCTION, BytesIO().write)
self.conn.setopt(self.conn.OPT_CERTINFO, 1)
self.conn.setopt(self.conn.SSL_VERIFYPEER, False)
+ self.conn.setopt(self.conn.RESOLVE,REQUEST_RESOLVE)
def _set_conn_opt(self,test_suite_name, url):
self.conn.setopt(self.conn.MAX_RECV_SPEED_LARGE, int(suite_test_config_dict[test_suite_name]['max_recv_speed_large']))
@@ -939,6 +993,7 @@ class FilterTestingBuild:
def __init__(self):
self.conn = pycurl.Curl()
self.conn.setopt(self.conn.WRITEFUNCTION, BytesIO().write)
+ self.conn.setopt(self.conn.RESOLVE,REQUEST_RESOLVE)
def _set_conn_opt(self,test_suite_name, url):
self.conn.setopt(self.conn.MAX_RECV_SPEED_LARGE, int(suite_test_config_dict[test_suite_name]['max_recv_speed_large']))
@@ -1209,6 +1264,7 @@ class TsgDiagnose:
self.client = None
self.config_dict = {}
self.dign_duration = 0
+ self.count_service_function = 1
def _get_dign_option(self):
parser = argparse.ArgumentParser(description="Tsg Tools - tsg diagnose", epilog = "Example:help")
@@ -1216,11 +1272,13 @@ class TsgDiagnose:
parser.add_argument('-c','--count', type = int, default = 1, help='Specifies the count of tsg diagnoses ,range:1-65535')
parser.add_argument('-p','--configpath', type = str, default = '/opt/dign_client/etc/client.conf',help='Specifies the config file, default /opt/dign_client/etc/client.conf')
parser.add_argument('-l','--loop', action='store_true', default = False, help='Tsg diagnose loop, exit when recv a signal')
+ parser.add_argument('-C','--count_service_function', type = int, default = 1, help='Specifies the counts of service_function ,range:1-256')
args = parser.parse_args()
self.interval = args.interval
self.loop = args.loop
self.count = args.count
self.config = args.configpath
+ self.count_service_function = args.count_service_function
if self.count == 0:
print("Error: bad number of tsg diagnose and will exit")
parser.print_help()
@@ -1292,8 +1350,8 @@ class TsgDiagnose:
self._add_suite('test_proxyDenyFilterHost_http')
self._add_suite('test_proxyDenyFilterURL_http')
- def _dign_running(self):
- print(format(("Test start time: " + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())),'#^70s'))
+ def _dign_running(self,id_service_function):
+ print(format(("Service function id:" + str(id_service_function) + ",Test start time: " + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())),'#^70s'))
runningLogPath = "/opt/dign_client/log/tsg-diagnose.log" + '.' + time.strftime("%Y-%m-%d", time.localtime())
#runningLogger = get_logger("running",runningLogPath, False)
#runningLogger.debug("Diagnose Start,the It will take up to %d seconds" %(self.dign_duration))
@@ -1308,7 +1366,14 @@ class TsgDiagnose:
f.write(time.strftime("%a %b %d %H:%M:%S %Y", time.localtime()) + "Diagnose end, Testing results:" + "\n" + result_stream.getvalue())
f.close()
#runningLogger.debug("Diagnose end, Testing results:" + "\n" + result_stream.getvalue())
- print(format(("Test end time: " + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())),'=^70s'))
+ print(format(("Service function id:" + str(id_service_function) + ",Test end time: " + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())),'=^70s'))
+
+ def _dign_service_function_running(self):
+ for id_service_function in range(1,self.count_service_function + 1):
+ set_http_request_resolve(id_service_function)
+ set_dns_server_ip(id_service_function)
+ #print(REQUEST_RESOLVE)
+ self._dign_running(id_service_function)
def dign_exec(self):
self._get_dign_option()
@@ -1322,7 +1387,7 @@ class TsgDiagnose:
int(self.config_dict['start_time_random_delay_range']['right_edge'])))
while True:
print("\nRUN %d" %(dign_counter + 1))
- self._dign_running()
+ self._dign_service_function_running()
dign_counter = dign_counter + 1
if not self.loop:
if dign_counter >= self.count:
diff --git a/images_build/server_web/Dockerfile b/images_build/server_web/Dockerfile
index d881629..1c67459 100644
--- a/images_build/server_web/Dockerfile
+++ b/images_build/server_web/Dockerfile
@@ -15,8 +15,8 @@ RUN sed -i s@/archive.ubuntu.com/@/mirrors.163.com/@g /etc/apt/sources.list \
libffi-dev \
make \
nginx \
- ruby2.5 \
- ruby2.5-dev \
+ ruby2.6 \
+ ruby2.6-dev \
net-tools \
iputils-ping \
faketime \
diff --git a/k8s-resource/dign-client.yml b/k8s-resource/dign-client.yml
new file mode 100644
index 0000000..b2e9bf3
--- /dev/null
+++ b/k8s-resource/dign-client.yml
@@ -0,0 +1,78 @@
+---
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: macvlan-client
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "macvlan",
+ "master": "ens4f1",
+ "mode": "bridge",
+ "ipam": {
+ "type": "host-local",
+ "ranges": [
+ [ {
+ "subnet": "192.0.2.0/24",
+ "rangeStart": "192.0.2.211",
+ "rangeEnd": "192.0.2.220",
+ "gateway": "192.0.2.1"
+ } ]
+ ]
+ }
+ }'
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: dign-client
+ labels:
+ app: dign-client
+
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: dign-client
+ template:
+ metadata:
+ labels:
+ app: dign-client
+ annotations:
+ k8s.v1.cni.cncf.io/networks: macvlan-client
+ spec:
+ containers:
+ - name: dign-client
+ image: "dign-client:latest"
+ imagePullPolicy: Never
+ workingDir: /opt/dign_client
+ command: ["/bin/sh", "-c", "update-ca-certificates; tail -f /dev/null"]
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: localtime-node
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: ca-cert-file
+ mountPath: /usr/local/share/ca-certificates
+ - name: log-path
+ mountPath: /opt/dign_client/log
+ - name: config-path
+ mountPath: /opt/dign_client/etc/client.conf
+ subPath: "client.conf"
+
+ volumes:
+ - name: localtime-node
+ hostPath:
+ path: /etc/localtime
+ - name: ca-cert-file
+ hostPath:
+ path: /opt/tsg/tsg-diagnose/etc/.certs_import/certs/sets/current/gen/crt
+ - name: log-path
+ hostPath:
+ path: /opt/tsg/tsg-diagnose/log
+ - name: config-path
+ hostPath:
+ path: /opt/tsg/tsg-diagnose/etc
+---
+
diff --git a/k8s-resource/dign-server.yml b/k8s-resource/dign-server.yml
new file mode 100644
index 0000000..e5da270
--- /dev/null
+++ b/k8s-resource/dign-server.yml
@@ -0,0 +1,99 @@
+---
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: macvlan-server
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "macvlan",
+ "master": "ens4f0",
+ "mode": "bridge",
+ "ipam": {
+ "type": "host-local",
+ "ranges": [
+ [ {
+ "subnet": "192.0.2.0/24",
+ "rangeStart": "192.0.2.201",
+ "rangeEnd": "192.0.2.210",
+ "gateway": "192.0.2.1"
+ } ]
+ ]
+ }
+ }'
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: dign-server
+ labels:
+ app: dign-server
+
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: dign-server
+ template:
+ metadata:
+ labels:
+ app: dign-server
+ annotations:
+ k8s.v1.cni.cncf.io/networks: macvlan-server
+
+ spec:
+ containers:
+ - name: dign-server-dns
+ image: "dign-server-dns:latest"
+ imagePullPolicy: Never
+ command: ["/bin/sh", "-c", "echo 66.66.66.66 www.1testanswer-cname.com >> /etc/hosts; webproc --config /etc/dnsmasq.conf -- dnsmasq --no-daemon"]
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: localtime-node
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: config-path
+ mountPath: /etc/dnsmasq.conf
+ subPath: dnsmasq.conf
+ readOnly: true
+
+ - name: dign-server-web
+ image: "dign-server-web:latest"
+ imagePullPolicy: Never
+ command: ["/bin/bash", "-c", "make inside-docker;nginx;tail -f /dev/null"]
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: localtime-node
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: certs-path
+ mountPath: /badssl.com/certs
+ readOnly: true
+ - name: common-path
+ mountPath: /badssl.com/common
+ readOnly: true
+
+ initContainers:
+ - name: tsg-dign-init
+ image: "dign-server-dns:latest"
+ imagePullPolicy: Never
+ command: ["/bin/sh","-c","i=1;while [ \"$i\" -le 32 ]; do ip_suffix=$(( i + 100 ));ifconfig net1:$i 192.0.2.$ip_suffix;i=$(( i + 1 ));done;"]
+ securityContext:
+ privileged: true
+
+ volumes:
+ - name: localtime-node
+ hostPath:
+ path: /etc/localtime
+ - name: config-path
+ hostPath:
+ path: /opt/tsg/tsg-diagnose/etc/
+ - name: certs-path
+ hostPath:
+ path: /opt/tsg/tsg-diagnose/etc/.certs_import/certs
+ - name: common-path
+ hostPath:
+ path: /opt/tsg/tsg-diagnose/etc/.certs_import/common
+--- \ No newline at end of file
diff --git a/scripts/tsg-diagnose-oneshot b/scripts/tsg-diagnose-oneshot
index b1ee4d4..6a973fc 100644
--- a/scripts/tsg-diagnose-oneshot
+++ b/scripts/tsg-diagnose-oneshot
@@ -1,4 +1,45 @@
#!/bin/bash -e
-systemctl start tsg-diagnose
-sleep 10
-docker exec -it dign-client /bin/sh -c "python bin/client.py" \ No newline at end of file
+K3S_BIN_PATH="/usr/bin/k3s"
+count_service_function=1
+
+ARGS=`getopt -a -o c:h -l count-service-function:,help -- "$@"`
+eval set -- "${ARGS}"
+usage(){
+ echo ""
+ echo "usage: tsg-diagnose-oneshot [option]"
+ echo ""
+ echo "Options:"
+ echo " -h --help Detailed usage syntax"
+ echo " -c --count-service-function Count of service-function,default:1"
+ exit 0
+}
+
+function get_args(){
+ while true
+ do
+ case "$1" in
+ -c|--count-sf)
+ export count_service_function=$2
+ ;;
+ -h|--help)
+ usage
+ ;;
+ --)
+ shift
+ break
+ ;;
+ esac
+ shift
+ done
+}
+
+get_args $@
+
+if [ -f "$K3S_BIN_PATH" ]; then
+ kubectl exec -it daemonset/dign-client -- python bin/client.py -C $count_service_function
+else
+ systemctl start tsg-diagnose
+ sleep 10
+ docker exec -it dign-client /bin/sh -c "python bin/client.py"
+fi
+
diff --git a/scripts/tsg-diagnose-periodical b/scripts/tsg-diagnose-periodical
index 127a54e..c4d83a9 100644
--- a/scripts/tsg-diagnose-periodical
+++ b/scripts/tsg-diagnose-periodical
@@ -1,4 +1,45 @@
#!/bin/bash -e
-systemctl start tsg-diagnose
-sleep 10
-docker exec -it dign-client /bin/sh -c "python bin/client.py -l" \ No newline at end of file
+K3S_BIN_PATH="/usr/bin/k3s"
+count_service_function=1
+
+ARGS=`getopt -a -o c:h -l count-service-function:,help -- "$@"`
+eval set -- "${ARGS}"
+usage(){
+ echo ""
+ echo "usage: tsg-diagnose-oneshot [option]"
+ echo ""
+ echo "Options:"
+ echo " -h --help Detailed usage syntax"
+ echo " -c --count-service-function Count of service-function,default:1"
+ exit 0
+}
+
+function get_args(){
+ while true
+ do
+ case "$1" in
+ -c|--count-sf)
+ export count_service_function=$2
+ ;;
+ -h|--help)
+ usage
+ ;;
+ --)
+ shift
+ break
+ ;;
+ esac
+ shift
+ done
+}
+
+get_args $@
+
+if [ -f "$K3S_BIN_PATH" ]; then
+ kubectl exec -it daemonset/dign-client -- python bin/client.py -C $count_service_function
+else
+ systemctl start tsg-diagnose
+ sleep 10
+ docker exec -it dign-client /bin/sh -c "python bin/client.py -l"
+fi
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 14:00:10 +0000