[Deprecated] Gazelle Proxy - Overview

Warning: This documentation is out-dated, newest version of the documentation is available at https://gazelle.ihe.net/gazelle-documentation/Proxy/user.html

Project Overview

The proxy is used to capture TCP/IP packets exchanged by test participants. The packages flow is analyzed and stored in a database for further analysis by protocol specific analysers.

The packet analyser availables are :

  • HTTP
  • DICOM
  • HL7V2
  • Syslog
  • Raw

Each message is saved with the network details, including an id of the socket (named channel id) used for that message as a socket can transport many messages (HTTP, DICOM). 

The proxy is set up on ovh1.ihe-europe.net, and accessed with the web interface. ovh1.ihe-europe.net has a limited range of port numbers available from the Internet. Ports from 10200 to 11000 must be used for channel creation. 

Usage 

The web interface allows to create channels. A channel opens a port on the server hosting the proxy and redirecting all traffic to a configured server on a specific port.

Data stream is not modified, but analyzed using the chosen packet analyser.

Channel List

This page displays the list of current running channels. A channel can be deleted if password is known.

New channel

It allows to create a new channel if password is known. All fields are required.

Messages list

A grid displays all messages matching provided filter. Reset button sets all fields to default value.

Each row allows to display message details if id is clicked. Network details can also be clicked to define filter values.

For HTTP(S) messages, matching request/response is displayed in parenthesis.

Filter panel is collapsable, to provide more space for grid.

TLS channels (NOT AVAILABLE FOR THE MOMENT)

The proxy allows to capture HTTP messages sent over a TLS channel. However, as we are not yet able to decode encrypted frames (like in a man in the middle attack), the proxy acts as a TLS server and a TLS client. Decoding of the frame is planned for a future release.

If the proxy has to be used transparently, clients and servers should not check for the mapping between the ip and the certificate (server : DN = TCP qualified name, client : validation of certificate based on IP).

When a TLS channel is created, a PKCS12 (.p12) file MUST be provided for the TLS server socket. The p12 should contain a private key and certificates. The .p12 MUST be protected by a password, provided in the matching form input.

The server p12 should mimic the real server certificates, as clients could validate the TLS channel against a truststore.

Also, the proxy supports TLS authentication. When a client connects to the proxy, it first connects to the real server without using any certificate. When the TLS channel is open, data from client is forwarded to the server. The server then can ask a renegotiation to the proxy for authentication. The key used is then the p12 provided for client.

At the moment, if the proxy failed to authenticate on server, the source connection is closed without the source error transmitted.

Gazelle integration

The proxy is integrated with Gazelle using web standards.

It publishes a web service allowing Gazelle to send test instance steps and configurations. Also, when a step is done, Gazelle calls the web service.

The proxy then opens the needed channels and listen on specified ports (provided in the system configurations). It also records the test instance chronology for further searches.

In Gazelle, if the test instance has proxy enabled, a link is available on each step. This link opens the proxy with the Gazelle step technical id as a parameter. The proxy then builds a filter to get messages matching the step and displays the matching messages.

Proxy - User guide

Click to here to enter the Proxy

 Proxy trainings:

Introduction

Gazelle TestManagement tools can be used in conjunction with a proxy for the capture of the messages exchanged between a test participants.

The proxy is able to capture : 

  • HL7v2 messages
  • Dicom Transactions
  • Webservices messages
  • Syslog messages

The advantages of using the proxy when running a test are the followings :

  • the Proxy is a neutral way to capture the exchanged messages.
  • the Proxy displays the captured messages in a unified way for all the tests performed, simplifying the work of the monitors when examining the logs
  • the Proxy provides permanent link to the captured messages that can be linked to test instance steps and avoid the cut and paste of logs in the chat window of the test instance. It then helps linking the logs to the test and enables all the participants to the test to see the entire set of messages exchanges between the test participants.
  • the Proxy helps verifying the captured messages through a direct link to the EVS Client GUI.

Example message

Limitations

  • Proxy acts as a network relay between two SUTs. As a result, system configuration has to be modified. The TCP connection must be established on the proxy on the system configuration's proxy port instead of opening a connection to the responder SUT directly.

How does it work ?

For each system in Gazelle TestManagement tool there is a set of configuration parameters. For each port that an SUT needs to open, there is a mirror port number on the proxy. 

All proxy ports must be opened by a Gazelle admin, each system configuration being mapped to a proxy port.

The proxy GUI can be access at the following URL : http://gazelle.ihe.net/proxy

Automated filtering

Proxy and Gazelle know each other, and each test step in Gazelle has a proxy link.

messages link

This link displays the list of the messages matching the test step configuration. It also filters the messages by time, showing only messages sent after the last test step marked as verified (or test instance started) and this test step marked as to be verified.

sample filter

Finding captured messages manually

By accessing proxy directly using http://gazelle.ihe.net/proxy, messages can be filtered on different criterias. By clicking a value in the table, it either opens the message details for id column, or set the filter for other columns.

The messages list displays only one type of message, if HTTP is selected, HL7v2 messages are not shown.

Each captured message has a permanent link that can be used in Gazelle. The best way to use it is to add this link to a test step instance. The monitor will be then able to validate the message using EVSClient.

WebService API

  • startAllChannels : It takes "List<Configuration> configurations" in argument. It start a new channel in proxy for each configuration set.
  • startTestInstance : It takes "TestInstance testInstance" in argument. It start a new channel in proxy for a test instance.
  • markTestStep : It takes "int testStepId" in argument. It set the date of a test step with the current.
  • getMinProxyPort : It return the min_proxy_port define in proxy configuration.
  • getMaxProxyPort : It return the max_proxy_port define in proxy configuration.