use ulog/iptables logs to debug connectivity issues in CI

NordSecurity · Dec 13, 2024 · 4e076c4 · 4e076c4
1 parent 39b9877
commit 4e076c4
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 10 deletions.
diff --git a/ci/docker/tester/Dockerfile b/ci/docker/tester/Dockerfile
@@ -6,9 +6,9 @@ COPY requirements.txt /tmp/requirements.txt
 
 # Install Debian packages
 RUN apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \
+    DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install vim linux-modules-6.8.0-49-generic \
         # linux app
-        apt-utils curl git iputils-ping sudo kmod systemd \
+        apt-utils curl git iputils-ping sudo kmod systemd ulogd2 \
         # preinstall deps required by nordvpn
         libxml2 iproute2 iptables \
         # install wireguard tools for tests
@@ -23,6 +23,8 @@ RUN apt-get update && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
+RUN modprobe nfnetlink_log
+
 # Install Python packages for tests
 RUN python3 -m pip install --no-cache-dir -r /tmp/requirements.txt && rm -rf /tmp/*
 

diff --git a/daemon/firewall/iptables/iptables.go b/daemon/firewall/iptables/iptables.go
@@ -107,7 +107,7 @@ func (ipt *IPTables) applyRule(rule firewall.Rule, add bool) error {
 		}
 		for _, ipTableRule := range ipTablesRules {
 			if !rule.Allow {
-				prefix := fmt.Sprintf("-j LOG --log-prefix \"LOG-pre-%s\" --log-level 4", rule.Name)
+				prefix := fmt.Sprintf("-j ULOG --nflog-prefix \"LOG-pre-%s\"", rule.Name)
 				log.Println(internal.DebugPrefix, "[iptables-debug], add rule: ", prefix)
 				logRule := strings.Replace(ipTableRule, "-j DROP", prefix, -1)
 				args := fmt.Sprintf("%s %s -w"+internal.SecondsToWaitForIptablesLock, flag, logRule)
@@ -128,7 +128,7 @@ func (ipt *IPTables) applyRule(rule firewall.Rule, add bool) error {
 			}
 
 			if !rule.Allow {
-				prefix := fmt.Sprintf("-j LOG --log-prefix \"LOG-post-%s\" --log-level 4", rule.Name)
+				prefix := fmt.Sprintf("-j NFLOG --nflog-prefix \"LOG-post-%s\"", rule.Name)
 				log.Println(internal.DebugPrefix, "[iptables-debug], add rule: ", prefix)
 				logRule := strings.Replace(ipTableRule, "-j DROP", prefix, -1)
 				args := fmt.Sprintf("%s %s -w"+internal.SecondsToWaitForIptablesLock, flag, logRule)

diff --git a/magefiles/mage.go b/magefiles/mage.go
@@ -23,7 +23,7 @@ const (
 	imageSnapPackager      = registryPrefix + "snaper:0.0.4"
 	imageProtobufGenerator = registryPrefix + "generator:1.4.1"
 	imageScanner           = registryPrefix + "scanner:1.1.0"
-	imageTester            = registryPrefix + "tester:1.3.1"
+	imageTester            = registryPrefix + "tester:conntrack"
 	imageQAPeer            = registryPrefix + "qa-peer:1.0.4"
 	imageRuster            = registryPrefix + "ruster:1.3.0"
 

diff --git a/test/qa/test_connect.py b/test/qa/test_connect.py
@@ -9,11 +9,18 @@
 from lib import daemon, info, logging, login, network, server
 import os
 
+import shutil
+import subprocess
+
 CONNECT_ALIAS = [
     "connect",
     "c"
 ]
 
+def setup_module():
+    subprocess.call(['sudo','/etc/init.d/ulogd2','start'])
+    time.sleep(5)
+
 def setup_function(function):  # noqa: ARG001
     daemon.start()
     login.login_as("default")
@@ -24,12 +31,10 @@ def teardown_function(function):  # noqa: ARG001
     logging.log(data=info.collect())
     logging.log()
 
-    kernel_logs = sh.sudo.dmesg()
     project_root = os.environ["WORKDIR"]
-    # Write the logs to the output file
-    with open(f"{project_root}/dist/logs/dmesg.log", "w") as file:
-        file.write("dmesg logs")
-        file.write(str(kernel_logs))
+
+    # shutil.copy("/var/log/syslogemu.log", f"{project_root}/dist/logs")
+    subprocess.call(['sudo','cp', "/var/log/ulog/syslogemu.log", f"{project_root}/dist/logs"])
 
     sh.nordvpn.logout("--persist-token")
     sh.nordvpn.set.defaults()