修改部署文件

deploy/bird/Dockerfile

@@ -36,6 +36,7 @@ FROM debian:bookworm-slim
 RUN apt-get update && apt-get install -y --no-install-recommends \
     ca-certificates \
     gettext-base \
+    tzdata \
     netcat-openbsd \
     libreadline8 \
     libncurses6 \
@@ -46,6 +47,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 COPY --from=builder /usr/sbin/bird /usr/sbin/bird
 COPY --from=builder /usr/sbin/birdc /usr/sbin/birdc
 COPY --from=builder /etc/bird /etc/bird
+ENV TZ=Asia/Shanghai
 
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh \

deploy/bird/docker-compose.ssh.yml

@@ -2,9 +2,16 @@ services:
   bird-rpki-client:
     environment:
       BIRD_CONFIG_TEMPLATE_PATH: "/config/bird.conf.ssh.template"
-      RPKI_HOST: "0.0.0.0"
+      RPKI_HOST: "rpki-rtr"
       RPKI_PORT: "${RPKI_RTR_SSH_PORT:-22}"
       OBSERVE_PROTO: "rpki_ssh"
     volumes:
       - ./bird.conf.ssh.template:/config/bird.conf.ssh.template:ro
       - ../../certs:/config/ssh:ro
+    networks:
+      - rpki_net
+
+networks:
+  rpki_net:
+    name: rpki_net
+    driver: bridge

deploy/bird/docker-compose.yml

@@ -7,11 +7,10 @@ services:
         BIRD_VERSION: "3.2.1"
     container_name: bird-rpki-client
     restart: unless-stopped
-    network_mode: host
     environment:
       BIRD_CONFIG_TEMPLATE_PATH: "/config/bird.conf.template"
 
-      RPKI_HOST: "0.0.0.0"
+      RPKI_HOST: "rpki-rtr-tcp"
       RPKI_PORT: "323"
 
       OBSERVE_PROTO: "rpki_tcp"
@@ -33,3 +32,10 @@ services:
     volumes:
       - ./bird.conf.template:/config/bird.conf.template:ro
       - ../../logs/bird:/app/logs
+    networks:
+      - rpki_net
+
+networks:
+  rpki_net:
+    name: rpki_net
+    driver: bridge

deploy/bird/entrypoint.sh

@@ -120,7 +120,7 @@ print_first_n_objects() {
 }
 
 print_snapshot() {
-  echo "==== $(date -u +"%Y-%m-%dT%H:%M:%SZ") RPKI snapshot ($PROTO) ===="
+  echo "==== $(date +"%Y-%m-%dT%H:%M:%S%:z") RPKI snapshot ($PROTO) ===="
   birdc -s "$SOCK_PATH" show protocols all "$PROTO" || true
 
   if [ "$SHOW_ASPA" = "1" ]; then

deploy/client/Dockerfile

@@ -14,10 +14,11 @@ RUN cargo build --release --bin rtr_debug_client
 FROM debian:bookworm-slim AS runtime
 
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends ca-certificates \
+    && apt-get install -y --no-install-recommends ca-certificates tzdata \
     && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
+ENV TZ=Asia/Shanghai
 
 COPY --from=builder /build/target/release/rtr_debug_client /usr/local/bin/rtr_debug_client
 COPY --chmod=755 deploy/client/entrypoint.sh /usr/local/bin/rtr-debug-client-entrypoint.sh

deploy/client/docker-compose.clients.yml

@@ -3,40 +3,50 @@ version: "3.9"
 services:
   rtr-client-1:
     image: rpki-rtr-debug-client:latest
-    network_mode: host
-    command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
+    command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
     restart: no
+    networks:
+      - rpki_net
 
   rtr-client-2:
     image: rpki-rtr-debug-client:latest
-    network_mode: host
-    command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
+    command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
     restart: no
+    networks:
+      - rpki_net
 
   rtr-client-3:
     image: rpki-rtr-debug-client:latest
-    network_mode: host
-    command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
+    command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
     restart: no
+    networks:
+      - rpki_net
 
   rtr-client-4:
     image: rpki-rtr-debug-client:latest
-    network_mode: host
-    command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
+    command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
     restart: no
+    networks:
+      - rpki_net
 
   rtr-client-5:
     image: rpki-rtr-debug-client:latest
-    network_mode: host
-    command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
+    command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
     restart: no
+    networks:
+      - rpki_net
+
+networks:
+  rpki_net:
+    name: rpki_net
+    driver: bridge

deploy/client/docker-compose.ssh.yml

@@ -6,10 +6,9 @@ services:
       context: ../..
       dockerfile: deploy/client/Dockerfile
     image: rpki-rtr-debug-client:latest
-    network_mode: host
     command:
       [
-        "127.0.0.1:${RPKI_RTR_SSH_PORT:-22}",
+        "rpki-rtr-ssh:${RPKI_RTR_SSH_PORT:-22}",
         "2",
         "reset",
         "--ssh",
@@ -28,3 +27,10 @@ services:
     restart: no
     stdin_open: true
     tty: true
+    networks:
+      - rpki_net
+
+networks:
+  rpki_net:
+    name: rpki_net
+    driver: bridge

deploy/client/docker-compose.tcp.yml

@@ -4,10 +4,16 @@ services:
       context: ../..
       dockerfile: deploy/client/Dockerfile
     image: rpki-rtr-debug-client:latest
-    network_mode: host
-    command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
+    command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
     restart: no
     stdin_open: true
     tty: true
+    networks:
+      - rpki_net
+
+networks:
+  rpki_net:
+    name: rpki_net
+    driver: bridge

deploy/client/docker-compose.tls.yml

@@ -6,10 +6,9 @@ services:
       context: ../..
       dockerfile: deploy/client/Dockerfile
     image: rpki-rtr-debug-client:latest
-    network_mode: host
     command:
       [
-        "127.0.0.1:324",
+        "rpki-rtr-tls:324",
         "2",
         "reset",
         "--tls",
@@ -30,3 +29,10 @@ services:
     restart: no
     stdin_open: true
     tty: true
+    networks:
+      - rpki_net
+
+networks:
+  rpki_net:
+    name: rpki_net
+    driver: bridge

deploy/client/docker-compose.yml

@@ -4,10 +4,16 @@ services:
       context: ../..
       dockerfile: deploy/client/Dockerfile
     image: rpki-rtr-debug-client:latest
-    network_mode: host
-    command: ["127.0.0.1:323", "2", "reset", "--keep-after-error", "--summary-only"]
+    command: ["rpki-rtr-tcp:323", "2", "reset", "--keep-after-error", "--summary-only"]
     volumes:
       - ../../logs/client:/app/logs
     restart: no
     stdin_open: true
     tty: true
+    networks:
+      - rpki_net
+
+networks:
+  rpki_net:
+    name: rpki_net
+    driver: bridge

deploy/server/docker-compose.ssh.yml

@@ -10,12 +10,12 @@ services:
     restart: no
     ports:
       - "323:323"
-      - "${RPKI_RTR_SSH_PORT:-22}:${RPKI_RTR_SSH_PORT:-22}"
+      - "${RPKI_RTR_SSH_HOST_PORT:-2222}:22"
     environment:
       RPKI_RTR_ENABLE_TLS: "false"
       RPKI_RTR_ENABLE_SSH: "true"
       RPKI_RTR_TCP_ADDR: "0.0.0.0:323"
-      RPKI_RTR_SSH_ADDR: "0.0.0.0:${RPKI_RTR_SSH_PORT:-22}"
+      RPKI_RTR_SSH_ADDR: "0.0.0.0:22"
       RPKI_RTR_SSH_HOST_KEY_PATH: "/app/certs/ssh_host_rsa_key"
       RPKI_RTR_SSH_AUTHORIZED_KEYS_PATH: "/app/certs/rtr-authorized_keys"
       RPKI_RTR_SSH_USERNAME: "rpki-rtr"
@@ -35,3 +35,10 @@ services:
       - ../../data:/app/slurm:ro
       - ../../certs:/app/certs:ro
       - ../../logs/server:/app/logs
+    networks:
+      - rpki_net
+
+networks:
+  rpki_net:
+    name: rpki_net
+    driver: bridge

deploy/server/docker-compose.tcp.yml

@@ -27,3 +27,10 @@ services:
       - ../../rtr-db:/app/rtr-db
       - ../../data:/app/slurm:ro
       - ../../logs/server:/app/logs
+    networks:
+      - rpki_net
+
+networks:
+  rpki_net:
+    name: rpki_net
+    driver: bridge

deploy/server/docker-compose.tls.yml

@@ -33,3 +33,10 @@ services:
       - ../../data:/app/slurm:ro
       - ../../tests/fixtures/tls:/app/certs:ro
       - ../../logs/server:/app/logs
+    networks:
+      - rpki_net
+
+networks:
+  rpki_net:
+    name: rpki_net
+    driver: bridge

deploy/server/docker-compose.yml

@@ -41,3 +41,10 @@ services:
       - ../../logs/server:/app/logs
       # TLS mode example:
       # - ../../certs:/app/certs:ro
+    networks:
+      - rpki_net
+
+networks:
+  rpki_net:
+    name: rpki_net
+    driver: bridge

tests/test_server_transports.rs

@@ -1,8 +1,9 @@
+use arc_swap::ArcSwap;
 use std::fs;
 use std::io::BufReader;
 use std::net::SocketAddr;
 use std::path::{Path, PathBuf};
-use std::sync::{Arc, RwLock};
+use std::sync::Arc;
 use std::time::Duration;
 
 use rustls::{ClientConfig, RootCertStore};
@@ -45,7 +46,7 @@ fn load_pem_key(path: &Path) -> PrivateKeyDer<'static> {
 }
 
 fn test_cache() -> SharedRtrCache {
-    Arc::new(RwLock::new(
+    Arc::new(ArcSwap::from_pointee(
         RtrCacheBuilder::new()
             .session_ids(SessionIds::from_array([42, 42, 42]))
             .serials([100, 100, 100])

tests/test_session.rs

@@ -157,8 +157,16 @@ async fn start_tls_session_server_with_cert(
             return;
         };
 
-        let _ =
-            handle_tls_connection(cache, stream, peer_addr, acceptor, notify_rx, shutdown_rx, None)
+        let _ = handle_tls_connection(
+            cache,
+            stream,
+            peer_addr,
+            acceptor,
+            true,
+            notify_rx,
+            shutdown_rx,
+            None,
+        )
         .await;
     });