Skip to content
This repository was archived by the owner on Nov 3, 2023. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: ortuman/jackal
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: netsec-ethz/jackal
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref

There isn’t anything to compare.

ortuman:main and netsec-ethz:master are entirely different commit histories.

Showing with 2,029 additions and 283 deletions.
  1. +11 −0 .circleci/Dockerfile-profanity
  2. +41 −0 .circleci/Dockerfile-scionHost
  3. +2 −0 .circleci/bash_env.sh
  4. +140 −0 .circleci/config.yml
  5. +109 −0 .circleci/docker-compose.yml
  6. BIN .circleci/setup/config/coreAS1301_config.tar
  7. BIN .circleci/setup/config/infraAS1303_config.tar
  8. BIN .circleci/setup/config/infraAS1305_config.tar
  9. +15 −0 .circleci/setup/install_client.sh
  10. +10 −0 .circleci/setup/loadASConfig.sh
  11. +23 −0 .circleci/setup/start_jackal.sh
  12. +14 −0 .circleci/setup/wait_for_db.sh
  13. +19 −0 .circleci/setup/wait_for_paths.sh
  14. +13 −0 .circleci/testdata/c1_data/profanity/accounts
  15. 0 .circleci/testdata/c1_data/profanity/plugin_settings
  16. 0 .circleci/testdata/c1_data/profanity/plugin_themes
  17. +27 −0 .circleci/testdata/c1_data/server1.xmpp.crt
  18. +15 −0 .circleci/testdata/c2_data/profanity/accounts
  19. 0 .circleci/testdata/c2_data/profanity/pgp/user2_at_server2.xmpp/pubkeys
  20. 0 .circleci/testdata/c2_data/profanity/plugin_settings
  21. 0 .circleci/testdata/c2_data/profanity/plugin_themes
  22. +1 −0 .circleci/testdata/c2_data/profanity/scripts/message_test
  23. +27 −0 .circleci/testdata/c2_data/server2.xmpp.crt
  24. +96 −0 .circleci/testdata/s1_data/example.jackal.yml
  25. +267 −0 .circleci/testdata/s1_data/server1.sql
  26. +27 −0 .circleci/testdata/s1_data/ssl/server1.xmpp.crt
  27. +39 −0 .circleci/testdata/s1_data/ssl/server1.xmpp.key
  28. +96 −0 .circleci/testdata/s2_data/example.jackal.yml
  29. +269 −0 .circleci/testdata/s2_data/server2.sql
  30. +27 −0 .circleci/testdata/s2_data/ssl/server2.xmpp.crt
  31. +39 −0 .circleci/testdata/s2_data/ssl/server2.xmpp.key
  32. +0 −8 .gitignore
  33. +4 −4 Makefile
  34. +43 −151 README.md
  35. +56 −42 go.mod
  36. +174 −63 go.sum
  37. +73 −0 s2s/config.go
  38. +84 −1 s2s/dial.go
  39. +9 −2 s2s/in.go
  40. +3 −3 s2s/in_test.go
  41. +7 −2 s2s/out.go
  42. +4 −4 s2s/out_test.go
  43. +8 −1 s2s/s2s.go
  44. +3 −0 s2s/s2s_test.go
  45. +90 −0 s2s/scionserver.go
  46. +3 −2 s2s/server.go
  47. +99 −0 scion_example.jackal.yml
  48. +42 −0 transport/quicsocket.go
11 changes: 11 additions & 0 deletions .circleci/Dockerfile-profanity
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
FROM ubuntu:18.04

# Install base
RUN apt-get update && apt-get install --assume-yes profanity

# Set up the profanity account
RUN mkdir --parent /root/.local/share/profanity

COPY testdata/ /root/

ENTRYPOINT [ "/bin/bash" ]
41 changes: 41 additions & 0 deletions .circleci/Dockerfile-scionHost
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
FROM ubuntu:18.04

# Install base
RUN apt-get update && apt-get install --assume-yes \
systemd \
sudo \
apt-transport-https \
ca-certificates

# systemd
# Based on: https://developers.redhat.com/blog/2014/05/05/running-systemd-within-docker-container/
# - converted to ubuntu, i.e. fixed some paths and removed unnecessary cleanup
# - keep systemd-user-sessions.service, to allow login through SSH (login disabled on startup until this is run)
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i = systemd-tmpfiles-setup.service ] || rm -f $i; done); \
(cd /lib/systemd/system/multi-user.target.wants/; for i in *; do [ $i = systemd-user-sessions.service ] || rm -f $i; done); \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]


# Install SCION
RUN bash -c 'echo "deb [trusted=yes] https://packages.netsec.inf.ethz.ch/debian all main" >> /etc/apt/sources.list'
RUN apt-get update && apt-get install --assume-yes scionlab

# Add 'scionlab' user with passwordless sudo & configure authorized_keys to allow automatic deployment
RUN sed '/^%sudo/s/ALL$/NOPASSWD:ALL/' /etc/sudoers -i
RUN useradd --create-home --shell /bin/bash --groups sudo scionlab

# manually prepare "gen" and services:
COPY ./setup/loadASConfig.sh /root/

# Jackal
RUN apt-get install --assume-yes mysql-client
COPY ./setup/wait_for_db.sh /root/
COPY testdata/ /root/

ENTRYPOINT [ "/bin/systemd" ]
2 changes: 2 additions & 0 deletions .circleci/bash_env.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
local_env=".circleci/env.sh"
[ -f "${local_env}" ] && source "${local_env}"
140 changes: 140 additions & 0 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
# Copyright 2019 ETH Zurich
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Python CircleCI 2.0 configuration file
#
# Check https://circleci.com/docs/2.0/language-python/ for more details
#
version: 2
jobs:
unit_tests:
docker:
- image: circleci/golang:1.12
working_directory: /go/src/github.com/ortuman/jackal
environment:
GO111MODULE: "on"

steps:
- checkout
- run:
name: Build jackal
command: |
set -xe
go test ./...
integration:
docker:
- image: circleci/golang:1.12
working_directory: ~/repo
environment:
GO111MODULE: "on"
BASH_ENV: "~/repo/.circleci/bash_env.sh"
JACKAL_DIR: "/root"
coreAS1301IP: 172.31.0.110
infraAS1303IP: 172.31.0.111
infraAS1305IP: 172.31.0.112

steps:
- checkout

- setup_remote_docker:
docker_layer_caching: false #not available in the free plan

- run:
name: build
command: |
set -xe
make build
# Start integration tests
- run:
name: Build containers
command: |
set -xe
sudo -E docker-compose -f .circleci/docker-compose.yml kill # stop containers
sudo -E docker-compose -f .circleci/docker-compose.yml down # bring composition down
sudo -E docker-compose -f .circleci/docker-compose.yml build
- run:
name: Start AS Containers
command: |
set -xe
sudo -E docker-compose -f .circleci/docker-compose.yml up --no-start coreAS1301 infraAS1303 infraAS1305
for c in coreAS1301 infraAS1303 infraAS1305; do
sudo -E docker cp ./.circleci/setup/config/${c}_config.tar $c:/root/host_config.tar
done
for c in infraAS1303 infraAS1305; do
sudo -E docker cp ./.circleci/setup/start_jackal.sh $c:/root/start_jackal.sh
sudo -E docker cp ./jackal $c:/root/jackal
done
sudo -E docker-compose -f .circleci/docker-compose.yml up --no-recreate -d coreAS1301 infraAS1303 infraAS1305
for c in coreAS1301 infraAS1303 infraAS1305; do
sudo -E docker-compose -f .circleci/docker-compose.yml exec $c /root/loadASConfig.sh
done
- run:
name: Check SCION connections
command: |
set -xe
sudo -E docker exec infraAS1303 /bin/bash -c "until grep -q 'Registered beacons debug_id' /var/log/scion/bs*.log; do sleep 1; done;"
sudo -E docker exec infraAS1305 /bin/bash -c "until grep -q 'Registered beacons debug_id' /var/log/scion/bs*.log; do sleep 1; done;"
sudo -E docker cp .circleci/setup/wait_for_paths.sh coreAS1301:/root/
sudo -E docker exec coreAS1301 /bin/bash -c "/root/wait_for_paths.sh 19-ffaa:0:1301 19-ffaa:0:1303 10"
sudo -E docker exec coreAS1301 /bin/bash -c "/root/wait_for_paths.sh 19-ffaa:0:1301 19-ffaa:0:1305 10"
sudo -E docker exec coreAS1301 /bin/bash -c "scmp echo -c 3 -local 19-ffaa:0:1301,[127.0.0.1] -remote 19-ffaa:0:1303,[127.0.0.1]"
sudo -E docker exec coreAS1301 /bin/bash -c "scmp echo -c 3 -local 19-ffaa:0:1301,[127.0.0.1] -remote 19-ffaa:0:1305,[127.0.0.1]"
- run:
name: Start jackal servers
command: |
set -xe
sudo -E docker exec infraAS1303 /bin/bash -c '/root/start_jackal.sh;'
sudo -E docker exec infraAS1303 /bin/bash -c "until grep -q '19-ffaa:0:1303,\[127.0.0.1\]' ${JACKAL_DIR}/jackal.log; do sleep 1; done;"
sudo -E docker exec infraAS1305 /bin/bash -c '/root/start_jackal.sh;'
sudo -E docker exec infraAS1305 /bin/bash -c "until grep -q '19-ffaa:0:1305,\[127.0.0.1\]' ${JACKAL_DIR}/jackal.log; do sleep 1; done;"
- run:
name: Start XMPP client1
command: |
set -xe
sudo -E docker-compose -f .circleci/docker-compose.yml create profanity1
sudo -E docker cp ./.circleci/setup/install_client.sh profanity1:/root/install_client.sh
sudo -E docker-compose -f .circleci/docker-compose.yml up --no-recreate -d profanity1
sudo -E docker exec profanity1 /bin/bash -c '/root/install_client.sh'
sudo -E docker exec -it -d profanity1 profanity -a user1
sudo -E docker exec profanity1 /bin/bash -c 'until grep -q "logged in successfully" /root/.local/share/profanity/logs/profanity.log; do cat /root/.local/share/profanity/logs/profanity.log; sleep 1; done;'
- run:
name: Start XMPP client2
command: |
set -xe
sudo -E docker-compose -f .circleci/docker-compose.yml create profanity2
sudo -E docker cp ./.circleci/setup/install_client.sh profanity2:/root/install_client.sh
sudo -E docker-compose -f .circleci/docker-compose.yml up --no-recreate -d profanity2
sudo -E docker exec profanity2 /bin/bash -c '/root/install_client.sh'
sudo -E docker exec -it -d profanity2 profanity -a user2
sudo -E docker exec profanity2 /bin/bash -c 'until grep -q "logged in successfully" /root/.local/share/profanity/logs/profanity.log; do cat /root/.local/share/profanity/logs/profanity.log; sleep 1; done;'
- run:
name: Check if c2@s2 reached c1@s1
command: |
set -xe
sudo -E docker exec profanity1 /bin/bash -c 'until grep -q "user2@server2\.xmpp" /root/.local/share/profanity/logs/profanity.log; do cat /root/.local/share/profanity/logs/profanity.log; sleep 1; done;'
workflows:
version: 2
tests:
jobs:
- unit_tests
- integration
109 changes: 109 additions & 0 deletions .circleci/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
version: "2"

networks:
as_net:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.31.0.0/16

services:
db1:
image: mysql:5.7
restart: always
environment:
MYSQL_ROOT_PASSWORD: 'password'
networks:
as_net:
db2:
image: mysql:5.7
restart: always
environment:
MYSQL_ROOT_PASSWORD: 'password'
networks:
as_net:

coreAS1301:
build:
context: .
dockerfile: Dockerfile-scionHost
image: scionhost:tmp
container_name: coreAS1301
networks:
as_net:
ipv4_address: ${coreAS1301IP}
tty: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro

infraAS1303:
build:
context: .
dockerfile: Dockerfile-scionHost
image: scionhost:tmp
container_name: infraAS1303
depends_on:
- coreAS1301
- db1
networks:
as_net:
ipv4_address: ${infraAS1303IP}
environment:
JACKAL_ID: server1
tty: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
links:
- db1:mysql_host

infraAS1305:
build:
context: .
dockerfile: Dockerfile-scionHost
image: scionhost:tmp
container_name: infraAS1305
depends_on:
- coreAS1301
- db2
networks:
as_net:
ipv4_address: ${infraAS1305IP}
environment:
JACKAL_ID: server2
tty: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
links:
- db2:mysql_host

profanity1:
build:
context: .
dockerfile: Dockerfile-profanity
image: profanity
container_name: profanity1
networks:
as_net:
ipv4_address: 172.31.0.12
environment:
CLIENT_ID: client1
tty: true
entrypoint: /bin/bash

profanity2:
build:
context: .
dockerfile: Dockerfile-profanity
image: profanity
container_name: profanity2
networks:
as_net:
ipv4_address: 172.31.0.13
environment:
CLIENT_ID: client2
tty: true
entrypoint: /bin/bash
Binary file added .circleci/setup/config/coreAS1301_config.tar
Binary file not shown.
Binary file added .circleci/setup/config/infraAS1303_config.tar
Binary file not shown.
Binary file added .circleci/setup/config/infraAS1305_config.tar
Binary file not shown.
15 changes: 15 additions & 0 deletions .circleci/setup/install_client.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/bin/bash
set -xe

# Set up the profanity account
if [ "$CLIENT_ID" == "client1" ]; then
cp -r /root/c1_data/profanity/* /root/.local/share/profanity/
echo "172.31.0.111 server1.xmpp" >> /etc/hosts
cp /root/c1_data/server1.xmpp.crt /usr/local/share/ca-certificates/
update-ca-certificates
else
cp -r /root/c2_data/profanity/* /root/.local/share/profanity/
echo "172.31.0.112 server2.xmpp" >> /etc/hosts
cp /root/c2_data/server2.xmpp.crt /usr/local/share/ca-certificates/
update-ca-certificates
fi
10 changes: 10 additions & 0 deletions .circleci/setup/loadASConfig.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/bash
set -ex

# set configuration
rm /etc/scion/gen -rf
tar -C /etc/scion/ -xf /root/host_config.tar
for srv in `cat /etc/scion/scionlab-services.txt`; do
systemctl enable $srv
done
systemctl start scionlab.target
23 changes: 23 additions & 0 deletions .circleci/setup/start_jackal.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#!/bin/bash

set -ex
BASE=$(dirname $0)
cd $BASE

./wait_for_db.sh
echo "19-ffaa:0:1303,[127.0.0.1] server1.xmpp." | sudo tee -a /etc/hosts

echo "GRANT ALL ON jackal.* TO 'jackal'@ IDENTIFIED BY 'password';" | mysql -h mysql_host -u root -ppassword
echo "CREATE DATABASE jackal;" | mysql -h mysql_host -u jackal -ppassword

if [ "$JACKAL_ID" == "server1" ]; then
echo "Jackal server 1 data"
cp -r ~/s1_data/* .
mysql -h mysql_host -D jackal -u jackal -ppassword < server1.sql
else
echo "Jackal server 2 data"
cp -r ~/s2_data/* .
mysql -h mysql_host -D jackal -u jackal -ppassword < server2.sql
fi

./jackal -c example.jackal.yml </dev/null &> jackal.stdout &
14 changes: 14 additions & 0 deletions .circleci/setup/wait_for_db.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/bash

set -e

# wait for MySQL DB to be ready
counter=1
while ! mysql --protocol TCP -h mysql_host -u root -ppassword -e "show databases;" > /dev/null 2>&1; do
sleep 1
((counter++))
if [ $counter -gt 10 ]; then
>&2 echo "We have been waiting for MySQL too long already; failing."
exit 1
fi
done
19 changes: 19 additions & 0 deletions .circleci/setup/wait_for_paths.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#!/bin/bash
set -e

# Usage: wait_for_paths.sh source destination wait_seconds

src=$1
dst=$2
seconds=$3

CMD="showpaths -srcIA $src -dstIA $dst"
count=1
while ! $CMD &>/dev/null; do
((count++))
sleep 1
if [ $count -gt $seconds ]; then
>&2 echo "No paths after $count seconds"
exit 1
fi
done
Loading