Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add more logging #714

Draft
wants to merge 17 commits into
base: main
Choose a base branch
from
Next Next commit
add more logging
Signed-off-by: Marius Sincovici <[email protected]>
mariusSincovici committed Dec 9, 2024
commit 3b6cd0a4bebbcbd04d50c302fe82e9272479dd3c
2 changes: 1 addition & 1 deletion ci/docker/tester/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
pytest==8.3.3
# Used for running tests with --timeout flag
pytest-timeout==2.0.1
pytest-timeout==2.3.1
requests==2.32.3
sh==1.14.1
paramiko==3.5.0
6 changes: 2 additions & 4 deletions daemon/rpc_set_defaults.go
Original file line number Diff line number Diff line change
@@ -30,10 +30,8 @@ func (r *RPC) SetDefaults(ctx context.Context, in *pb.Empty) (*pb.Payload, error
log.Println(internal.WarningPrefix, err)
}

if internal.IsDevEnv(string(r.environment)) {
if !r.ncClient.Revoke(true) {
log.Println(internal.WarningPrefix, "error revoking token")
}
if !r.ncClient.Revoke(true) {
log.Println(internal.WarningPrefix, "error revoking token")
}

if err := r.cm.Reset(); err != nil {
6 changes: 5 additions & 1 deletion test/qa/lib/firewall.py
Original file line number Diff line number Diff line change
@@ -367,7 +367,11 @@ def is_active(ports: list[Port] | None = None, subnets: list[str] | None = None)
def is_empty() -> bool:
"""Returns True when firewall does not have DROP rules."""
# under snap, also on host, ignore docker rules
return "DROP" not in os.popen("sudo iptables -S | grep -v DOCKER").read()
rules = os.popen("sudo iptables -S | grep -v DOCKER").read()
if "DROP" in rules:
logging.log("DROP in {rules}")
return False
return True


def _get_iptables_rules() -> list[str]:
4 changes: 4 additions & 0 deletions test/qa/lib/info.py
Original file line number Diff line number Diff line change
@@ -29,6 +29,10 @@ def collect():
str(nameserver_info),
"Processes:",
str(processes),
"Default route:",
str(os.popen("sudo ip route get 1.1.1.1").read()),
"iptables stats",
str(os.popen("sudo iptables -L -v -n").read()),
"-------------------end of system-information--------------------",
]
)
60 changes: 16 additions & 44 deletions test/qa/lib/network.py
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@
from threading import Thread

import dns.resolver
import pytest

Check failure on line 7 in test/qa/lib/network.py

GitHub Actions / ruff

Ruff (F401)

test/qa/lib/network.py:7:8: F401 `pytest` imported but unused
import requests
import sh

@@ -26,14 +26,14 @@
class PacketCaptureThread(Thread):
def __init__(self, connection_settings):
Thread.__init__(self)
self.packets_captured: int = -1
self.connection_settings = connection_settings
self.packets = ""

def run(self):
self.packets_captured = _capture_packets(self.connection_settings)
self.packets = _capture_packets(self.connection_settings)


def _capture_packets(connection_settings: (str, str, str)) -> int:
def _capture_packets(connection_settings: (str, str, str)) -> str:
technology = connection_settings[0]
protocol = connection_settings[1]
obfuscated = connection_settings[2]
@@ -57,9 +57,7 @@
tshark_result: str = sh.tshark("-i", "any", "-T", "fields", "-e", "ip.src", "-e", "ip.dst", "-a", "duration:3", "-a", "packets:1", "-f", traffic_filter)
#tshark_result: str = os.popen(f"sudo tshark -i any -T fields -e ip.src -e ip.dst -a duration:3 -a packets:1 -f {traffic_filter}").read()

packets = tshark_result.strip().splitlines()

return len(packets)
return tshark_result.strip()


def capture_traffic(connection_settings) -> int:
@@ -69,11 +67,14 @@
t_connect = PacketCaptureThread(connection_settings)
t_connect.start()

sh.ping("-c", "2", "-w", "2", "1.1.1.1")
try:
sh.ping("-c", "2", "-w", "2", "1.1.1.1")
except sh.ErrorReturnCode:
logging.log(t_connect.packets)

t_connect.join()

return t_connect.packets_captured
return len(t_connect.packets.splitlines())


def _is_internet_reachable(retry=5) -> bool:
@@ -85,6 +86,7 @@
except sh.ErrorReturnCode:
time.sleep(1)
i += 1
_is_internet_reachable_outside_vpn(1)
return False


@@ -117,43 +119,15 @@
def _is_dns_resolvable(retry=5) -> bool:
"""Returns True when domain resolution is working."""
i = 0
domain = "nordvpn.com"
while i < retry:
try:
# @TODO gitlab docker runner has public ipv6, but no connectivity. remove -4 once fixed
return "icmp_seq=" in sh.ping("-4", "-c", "1", "-w", "1", "nordvpn.com")
except sh.ErrorReturnCode:
time.sleep(1)
i += 1
return False


def _is_dns_resolvable_outside_vpn(retry: int = 5) -> bool:
"""Returns True when domain resolution outside vpn is not working."""
i = 0
while i < retry:
try:
# @TODO gitlab docker runner has public ipv6, but no connectivity. remove -4 once fixed
# @TODO need dns query to go arround vpn tunnel, here with regular ping it does not
return "icmp_seq=" in sh.ping("-4", "-c", "1", "-m", f"{FWMARK}", "-w", "1", "nordvpn.com")
except sh.ErrorReturnCode:
time.sleep(1)
i += 1
return False


def _is_dns_not_resolvable(retry: int = 5) -> bool:
"""Returns True when domain resolution is not working."""
i = 0
while i < retry:
try:
with pytest.raises((dns.resolver.NoNameservers, dns.resolver.LifetimeTimeout)):
resolver = dns.resolver.Resolver()
resolver.lifetime = 1
resolver.resolve("nordvpn.com")
resolver = dns.resolver.Resolver()
resolver.resolve(domain, 'A') # 'A' for IPv4
return True
except: # noqa: E722
except Exception as e: # noqa: BLE001
print(f"_is_dns_resolvable: DNS {domain} FAILURE. Error: {e}")
time.sleep(1)
i += 1
return False


@@ -165,15 +139,13 @@

# If assert below fails, and you are running Kill Switch tests on your machine, inside of Docker,
# set DNS in resolv.conf of your system to anything else but 127.0.0.53
return not _is_internet_reachable(retry) and _is_dns_not_resolvable(retry)
return not _is_internet_reachable(retry) and not _is_dns_resolvable(retry)


def is_available(retry=5) -> bool:
"""Returns True when network access is available or throws AssertionError otherwise."""
assert _is_internet_reachable_outside_vpn(retry)
assert _is_internet_reachable(retry)
assert _is_dns_resolvable_outside_vpn(retry)
assert _is_dns_resolvable(retry)
return True


16 changes: 1 addition & 15 deletions test/qa/lib/ssh.py
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@
from collections import namedtuple

import paramiko
import pytest

Check failure on line 7 in test/qa/lib/ssh.py

GitHub Actions / ruff

Ruff (F401)

test/qa/lib/ssh.py:7:8: F401 `pytest` imported but unused

import lib

@@ -126,23 +126,9 @@
i += 1
return False

def _is_dns_not_resolvable(self, retry=5) -> bool:
"""Returns True when domain resolution is not working."""
for _ in range(retry):
try:
with pytest.raises(RuntimeError) as ex:
self.ssh_class_instance.exec_command("ping -c 1 -w 1 nordvpn.com")

return "Network is unreachable" in str(ex) or \
"Name or service not known" in str(ex) or \
"Temporary failure in name resolution" in str(ex)
except RuntimeError as ex:
time.sleep(1)
return False

def is_not_available(self, retry=5) -> bool:
"""Returns True when network access is not available."""
return not self._is_internet_reachable(retry) and self._is_dns_not_resolvable(retry)
return not self._is_internet_reachable(retry) and not self._is_dns_resolvable(retry)

def ping(self, target: str, retry=5) -> bool:
i = 0
18 changes: 18 additions & 0 deletions test/qa/test_fileshare.py
Original file line number Diff line number Diff line change
@@ -14,6 +14,24 @@

from lib import daemon, fileshare, info, logging, login, meshnet, poll, ssh

# Later move this to another place
# Helper class to run sh commands with _tty_out=false
class ShWithoutTTY:
def __init__(self, base=None, level=None):
self.base = base or sh
self.level = level

def __getattr__(self, name):
# Create a new wrapper for the next level
return ShWithoutTTY(base=getattr(self.base, name), level=name)

def __call__(self, *args, **kwargs):
# When the command is finally called, add _tty_out=False
kwargs["_tty_out"] = False
return self.base(*args, **kwargs)

sh = ShWithoutTTY()

Check failure on line 33 in test/qa/test_fileshare.py

GitHub Actions / ruff

Ruff (F811)

test/qa/test_fileshare.py:33:1: F811 Redefinition of unused `sh` from line 13

ssh_client = ssh.Ssh("qa-peer", "root", "root")

# for snap testing, make this path from current folder e.g. ./tmp/testfiles