Skip to content

Commit 1a8dae7

Browse files
committed
additional testing via docker
1 parent 93428fb commit 1a8dae7

4 files changed

Lines changed: 93 additions & 29 deletions

File tree

core/src/scanner.rs

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -60,10 +60,11 @@ trait NetworkExplorer {
6060
}
6161

6262
pub async fn scan(target_map: TargetMap, cfg: &ZondConfig) -> anyhow::Result<Vec<Host>> {
63+
STOP_SIGNAL.store(false, Ordering::Relaxed);
6364
let use_raw_sockets = preflight_check(cfg);
6465

65-
// Currently, even if we are root, we use the TCP connect scanner for port scanning
66-
// until the privileged SYN scanner is fully implemented.
66+
// Currently, even if we are root, we default to the TCP connect scanner for port scanning
67+
// until a specialized privileged strategy (e.g. SYN scan) is fully implemented.
6768
if !use_raw_sockets || true {
6869
let dispatcher = dispatcher::Dispatcher::new(target_map);
6970
let rx = dispatcher.run_shuffled();
@@ -85,6 +86,7 @@ pub async fn scan(target_map: TargetMap, cfg: &ZondConfig) -> anyhow::Result<Vec
8586
/// - **State**: Updates [`FOUND_HOST_COUNT`] and reacts to [`STOP_SIGNAL`].
8687
/// - **Concurrency**: Spawns multiple Tokio tasks; ensure the caller is within a multi-threaded runtime.
8788
pub async fn discover(targets: IpSet, cfg: &ZondConfig) -> anyhow::Result<Vec<Host>> {
89+
STOP_SIGNAL.store(false, Ordering::Relaxed);
8890
let use_raw_sockets = preflight_check(cfg);
8991
if !use_raw_sockets {
9092
return connect::discover(targets).await;

docker-compose.test.yml

Lines changed: 27 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,38 +1,50 @@
1-
# Docker Compose for Zond Integration Testing
2-
# Simulates a multi-node, mixed-service network environment.
1+
# Docker Compose for Zond Topological Integration Testing
2+
# Simulates LAN discovery, multi-NIC usage, and Routed segments.
33

44
services:
55
scanner:
66
build:
77
context: .
88
dockerfile: docker/scanner/Dockerfile
99
container_name: zond-integration-scanner
10-
volumes:
11-
- .:/app
1210
cap_add:
1311
- NET_ADMIN
1412
- NET_RAW
1513
networks:
1614
- lan_network
17-
- isolated_network
15+
- extra_network
1816
environment:
1917
- ZOND_LOG=trace
2018

21-
target-lan-1:
19+
gateway:
20+
image: debian:bookworm-slim
21+
container_name: zond-gateway
22+
cap_add:
23+
- NET_ADMIN
24+
command: >
25+
sh -c "apt-get update && apt-get install -y iproute2 iptables &&
26+
echo 1 > /proc/sys/net/ipv4/ip_forward &&
27+
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE &&
28+
tail -f /dev/null"
29+
networks:
30+
- lan_network
31+
- isolated_network
32+
33+
target-lan:
2234
build:
2335
context: .
2436
dockerfile: docker/targets/Dockerfile
25-
container_name: zond-target-1
37+
container_name: zond-target-lan
2638
networks:
2739
- lan_network
2840

29-
target-lan-2:
41+
target-extra:
3042
build:
3143
context: .
3244
dockerfile: docker/targets/Dockerfile
33-
container_name: zond-target-2
45+
container_name: zond-target-extra
3446
networks:
35-
- lan_network
47+
- extra_network
3648

3749
target-isolated:
3850
build:
@@ -48,6 +60,11 @@ networks:
4860
ipam:
4961
config:
5062
- subnet: 172.20.0.0/24
63+
extra_network:
64+
driver: bridge
65+
ipam:
66+
config:
67+
- subnet: 172.25.0.0/24
5168
isolated_network:
5269
driver: bridge
5370
ipam:

docker/scanner/Dockerfile

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,12 @@
1+
# Multi-stage Dockerfile for Zond Scanner
2+
# Stage 1: Build the binary inside a compatible environment
3+
FROM rust:1.93-slim-bookworm AS builder
4+
5+
WORKDIR /app
6+
COPY . .
7+
RUN cargo build --release
8+
9+
# Stage 2: Runtime image
110
FROM debian:bookworm-slim
211

312
RUN apt-get update && apt-get install -y \
@@ -13,6 +22,9 @@ RUN apt-get update && apt-get install -y \
1322

1423
WORKDIR /app
1524

16-
ENV PATH="/app:${PATH}"
25+
# Copy the binary and assets from the builder stage
26+
COPY --from=builder /app/target/release/zond /app/zond
27+
COPY --from=builder /app/assets /app/assets
1728

29+
ENV PATH="/app:${PATH}"
1830
CMD ["tail", "-f", "/dev/null"]

scripts/run_integration_docker.sh

Lines changed: 49 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,28 +1,61 @@
11
#!/bin/bash
2-
# Zond Docker Integration Test Runner
2+
# Zond Phase 1: Topological Integration Test Runner
33
#
4-
# This script builds the Zond binaries, brings up the Docker Compose environment,
5-
# and executes the integration scanner to verify network-wide discovery.
4+
# Verifies Multi-NIC discovery, DNS resolution, and Routed segment discovery.
65

76
set -e
87

9-
# 1. Build the project to ensure we have fresh binaries
10-
echo ">>> Building Zond binaries..."
11-
cargo build
8+
# 1. Note: Build is now handled inside the scanner.Dockerfile multi-stage build.
9+
echo ">>> (Build handled by Docker Compose)"
10+
# cargo build is no longer necessary on host
1211

13-
# 2. Build and start the Docker environment
12+
# 2. Start the environment
1413
echo ">>> Bringing up Docker nodes..."
15-
docker-compose -f docker-compose.test.yml up --build -d
14+
docker compose -f docker-compose.test.yml up --build -d
1615

17-
# Give containers a second to start listeners
18-
sleep 2
16+
# Give containers a second to start
17+
sleep 3
1918

20-
# 3. Perform a discovery scan from the scanner node
21-
echo ">>> Executing Zond discovery scan from scanner node..."
22-
docker exec zond-integration-scanner ./target/debug/zond discover 172.20.0.0/24 172.30.0.0/24
19+
# 3. Setup Routes for Discovery
20+
# We need to tell the scanner how to reach the isolated network (172.30.0.0/24) via the gateway
21+
# We search all networks for the one in the 172.20.0.0/24 subnet
22+
echo ">>> Extracting gateway IP..."
23+
for i in {1..5}; do
24+
GATEWAY_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}} {{end}}' zond-gateway | tr ' ' '\n' | grep '172.20.' | head -n 1)
25+
if [ ! -z "$GATEWAY_IP" ]; then
26+
break
27+
fi
28+
echo "Wait for gateway IP... ($i/5)"
29+
sleep 2
30+
done
2331

24-
# 4. Cleanup
32+
if [ -z "$GATEWAY_IP" ]; then
33+
echo "Error: Could not find gateway IP on LAN network."
34+
docker compose -f docker-compose.test.yml down
35+
exit 1
36+
fi
37+
38+
echo ">>> Setting up static route to isolated network via gateway at $GATEWAY_IP..."
39+
docker exec zond-integration-scanner ip route add 172.30.0.0/24 via $GATEWAY_IP
40+
41+
# 4. Perform Phase 1 Tests
42+
echo ">>> [Phase 1] Executing Topological Discovery Scan..."
43+
44+
# Scan all three target subnets
45+
# - 172.20.0.0/24 (LAN 1)
46+
# - 172.25.0.0/24 (LAN 2 - Extra NIC)
47+
# - 172.30.0.0/24 (Routed Isolated)
48+
# We turn on trace logging to see what's happening
49+
EXIT_CODE=0
50+
docker exec zond-integration-scanner ./zond -vvv discover 172.20.0.0/24 172.25.0.0/24 172.30.0.0/24 || EXIT_CODE=$?
51+
52+
if [ $EXIT_CODE -ne 0 ]; then
53+
echo ">>> Scan failed with exit code $EXIT_CODE. Container logs:"
54+
docker logs zond-integration-scanner
55+
fi
56+
57+
# 5. Cleanup
2558
echo ">>> Tearing down Docker nodes..."
26-
docker-compose -f docker-compose.test.yml down
59+
docker compose -f docker-compose.test.yml down
2760

28-
echo ">>> Docker Integration tests completed successfully."
61+
exit $EXIT_CODE

0 commit comments

Comments
 (0)