0.1.6-SNAPSHOT

Author: anders-wartoft

BUILD_NUMBER

@@ -1 +1 @@
-274
+275

README.md

@@ -458,6 +458,10 @@ See LICENSE file
 
 ## 0.1.6-SNAPSHOT
 * Removed `topic` configuration from downstream. Downstream uses upstream's topic name, or a translation of that name.
+* Fixed the following issues:
+  * resend will not accept payloadSize=auto #1
+  * Separate internal logging from event stream from Upstream Kafka #2
+  * Dedup can't use TLS to connect to Kafka #3
 
 ## 0.1.5-SNAPSHOT
 * Multiple sockets with SO_REUSEPORT for faster and more reliable UDP receive in Linux and Mac for downstream. Fallback to single thread in Windows.

config/testcases/dedup-17.env

@@ -0,0 +1,24 @@
+WINDOW_SIZE=10000
+MAX_WINDOWS=10000
+RAW_TOPICS=transfer
+CLEAN_TOPIC=dedup
+GAP_TOPIC=gaps
+BOOTSTRAP_SERVERS=kafka-downstream.sitia.nu:9094
+STATE_DIR_CONFIG=/tmp/dedup_state_16_{id}/
+GAP_EMIT_INTERVAL_SEC=60
+PERSIST_INTERVAL_MS=10000
+INSTANCE_ID={id}
+#JAVA_OPTS=-javaagent:/opt/airgap/dedup/jolokia-agent.jar=port=8778,host=127.0.0.1
+
+
+KAFKA_SECURITY_PROTOCOL=SSL
+KAFKA_SSL_TRUSTSTORE_LOCATION=./tmp/kafka-certificates/kafka-downstream.truststore.jks
+KAFKA_SSL_TRUSTSTORE_PASSWORD=changeit
+# Use a client keystore that contains a client certificate/private key for mTLS
+KAFKA_SSL_KEYSTORE_LOCATION=./tmp/kafka-certificates/airgap-upstream.keystore.jks
+KAFKA_SSL_KEYSTORE_PASSWORD=changeit
+# If the key has a separate password, set it; otherwise keystore password is usually the same
+KAFKA_SSL_KEY_PASSWORD=changeit
+# Explicitly set keystore/truststore types (these keystores are PKCS12)
+KAFKA_SSL_KEYSTORE_TYPE=PKCS12
+KAFKA_SSL_TRUSTSTORE_TYPE=PKCS12

config/testcases/downstream-airgap-17.properties

@@ -0,0 +1,54 @@
+# Used in some log events to identify the source
+id=Downstream_17
+# Used in the MTU code
+nic=ens160
+# UDP address to listen on
+targetIP=0.0.0.0
+# UDP port to listen on
+targetPort=1234
+# Kafka target. If more than one, separate the servers with a comma ,
+bootstrapServers=kafka-downstream.sitia.nu:9094
+# Topic to write internal logging to
+internalTopic=airgap-internal
+
+# kafka or cmd
+target=kafka
+
+# More logging
+logLevel=info
+
+# Client id to use when sending events to Kafka. Will be overridden by the certificate CN if Kafka mTLS is used
+clientId=downstream-17
+
+# Glob that will identify the path(s) to all private keys we should try to use
+# when a key exchange packet is received
+privateKeyFiles=certs/private*.pem
+
+mtu=1500
+#mtu=1500
+# After reading the config, where should we send the logs? Default is stdout
+#logFileName=./tmp/downstream.log
+
+# TLS to Kafka
+# Certificate file
+certFile=certs/tmp/airgap-downstream.crt
+# Key file
+keyFile=certs/tmp/airgap-downstream.key
+# CA file
+caFile=certs/tmp/kafka-ca.crt
+
+# This is the magic that saves the upstream topic 'transfer' to the downstream topic 'transfer-12b'
+#topicTranslations={"transfer": "transfer-15"}
+
+
+# One goroutine per CPU core or two per NUMA node.
+numReceivers=2
+# Allows burst absorption; uses RAM for latency tolerance.
+channelBufferSize=65536
+# Small batching boosts handler efficiency without noticeable delay.
+batchSize=128
+# Reduces reallocation when packets vary in size.
+readBufferMultiplier=32
+
+# Log statistics every minute
+logStatistics=60

config/testcases/downstream-lg-17.properties

@@ -0,0 +1,9 @@
+input=kafka
+topic=dedup
+client-id=downstream
+bootstrap-server=kafka-downstream.sitia.nu:9092
+print-keys=true
+filter=gap
+regex=_(\d+)$
+duplicate-detection=false
+output=cmd

config/testcases/upstream-airgap-17.properties

@@ -0,0 +1,52 @@
+# Used in some log events to identify the source
+id=Upstream_17
+# Used in the MTU code
+nic=lo0
+# UDP target (downstream, use static arp and route to be able to send packets over a diode)
+#targetIP=kafka-downstream.sitia.nu
+targetIP=localhost
+# UDP target port
+targetPort=1234
+# Kafka source. If more than one, separate the servers with a comma ,
+source=kafka
+bootstrapServers=kafka-upstream.sitia.nu:9094,kafka-upstream.sitia.nu:8094
+# Topic to read
+topic=transfer
+# Kafka group id to use. If several threads are used, this is prepended to the thread names.
+groupID=17
+logLevel=info
+# Read from this time instead of starting at the end
+#    2024-01-28T10:24:55+01:00
+from=
+# For testing, you can use random, else use kafka
+#source=random
+source=kafka
+# Downstream public key file
+encryption=false
+publicKeyFile=certs/server2.pem
+# Every n seconds, generate a new symmetric key
+generateNewSymmetricKeyEvery=50
+#payloadSize=auto
+payloadSize=1500
+# After reading the config, where should we send the logs? Default is stdout
+#logFileName=./tmp/upstream.log
+# Format: {"name": "thread_name", "offset": offset_in_seconds}
+#sendingThreads=[{"now": 0}, {"3minutes": -10}]
+sendingThreads=[{"No-delay": 0}]
+# TLS to Kafka
+# Certificate file
+certFile=certs/tmp/airgap-upstream.crt
+# Key file
+keyFile=certs/tmp/airgap-upstream.key
+# CA file
+caFile=certs/tmp/kafka-ca.crt
+
+# To test the gap detection removing gaps, remove the filter out for previously dropped packets
+# Deliver every even numbered packet:
+#deliverFilter=2,4,6
+# compress the payload if events longer than this in bytes
+compressWhenLengthExceeds=1200
+
+logStatistics=60
+
+eps=500

config/testcases/upstream-lg-17.properties

@@ -0,0 +1,13 @@
+input=counter
+string=TEST_
+filter=guard
+filter=gap
+regex=_(\d+)$
+duplicate-detection=true
+output=kafka
+client-id=test
+topic=transfer
+bootstrap-server=kafka-upstream.sitia.nu:9092
+statistics=true
+output=cmd
+limit=100

doc/Deduplication.md

@@ -20,6 +20,17 @@
     export STATE_DIR_CONFIG=/tmp/dedup_state_a/
     export GAP_EMIT_INTERVAL_SEC=60
     export PERSIST_INTERVAL_MS=10000
+
+    # For TLS connections, also add
+    export KAFKA_SECURITY_PROTOCOL=SSL
+    export KAFKA_SSL_TRUSTSTORE_LOCATION=/opt/airgap/certs/client.truststore.jks
+    export KAFKA_SSL_TRUSTSTORE_PASSWORD=changeit
+    export KAFKA_SSL_KEYSTORE_LOCATION=/opt/airgap/certs/client.keystore.jks
+    export KAFKA_SSL_KEYSTORE_PASSWORD=changeit
+
+    # or
+    export KAFKA_SASL_MECHANISM=PLAIN
+    export KAFKA_SASL_JAAS_CONFIG='org.apache.kafka.common.security.plain.PlainLoginModule required username="user" password="pass";'
     ```
 
 3. **Start the deduplication service:**

java-streams/dependency-reduced-pom.xml

@@ -4,7 +4,7 @@
   <groupId>nu.sitia.airgap.streams</groupId>
   <artifactId>air-gap-deduplication</artifactId>
   <name>air-gap Deduplication</name>
-  <version>0.1.5-SNAPSHOT</version>
+  <version>0.1.6-SNAPSHOT</version>
   <url>http://maven.apache.org</url>
   <build>
     <plugins>

java-streams/pom.xml

@@ -4,7 +4,7 @@
   <groupId>nu.sitia.airgap.streams</groupId>
   <artifactId>air-gap-deduplication</artifactId>
   <packaging>jar</packaging>
-  <version>0.1.5-SNAPSHOT</version>
+  <version>0.1.6-SNAPSHOT</version>
   <name>air-gap Deduplication</name>
   <url>http://maven.apache.org</url>
   <dependencies>