stack-orchestrator/scripts/relay-test-tcp-dport.py

#!/usr/bin/env python3
"""TCP dport 8001 round trip — connect to a Solana entrypoint (ip_echo path).

The mangle rule matches -p tcp --dport 8001, so connecting TO port 8001
on any host triggers SNAT to the relay IP. The entrypoint responds with
ip_echo (4 bytes: our IP in network order).
"""
import socket
import sys

PORT = int(sys.argv[1]) if len(sys.argv) > 1 else 8001
HOST = sys.argv[2] if len(sys.argv) > 2 else "34.83.231.102"  # entrypoint.mainnet-beta.solana.com

# Resolve hostname
try:
    addr = socket.getaddrinfo(HOST, PORT, socket.AF_INET)[0][4][0]
except socket.gaierror:
    addr = HOST

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5)

try:
    s.connect((addr, PORT))
    print(f"OK TCP handshake to {addr}:{PORT}")
    # ip_echo: peer sends our IP back as 4 bytes
    s.settimeout(2)
    try:
        data = s.recv(64)
        if len(data) >= 4:
            ip = socket.inet_ntoa(data[:4])
            print(f"OK ip_echo says we are {ip}")
        else:
            print(f"OK got {len(data)} bytes: {data.hex()}")
    except socket.timeout:
        print("NOTE: no ip_echo response (handshake succeeded)")
except socket.timeout:
    print("TIMEOUT")
    sys.exit(1)
except ConnectionRefusedError:
    print(f"OK connection refused by {addr}:{PORT} (host reachable)")
except Exception as e:
    print(f"ERROR {e}")
    sys.exit(1)
finally:
    s.close()
feat: end-to-end relay test scripts Three Python scripts send real packets from the kind node through the full relay path (biscayne → tunnel → mia-sw01 → was-sw01 → internet) and verify responses come back via the inbound path. No indirect counter-checking — a response proves both directions work. - relay-test-udp.py: DNS query with sport 8001 - relay-test-tcp-sport.py: HTTP request with sport 8001 - relay-test-tcp-dport.py: TCP connect to entrypoint dport 8001 (ip_echo) - test-ashburn-relay.sh: orchestrates from ansible controller via nsenter Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-08 00:43:06 +00:00			`#!/usr/bin/env python3`
			`"""TCP dport 8001 round trip — connect to a Solana entrypoint (ip_echo path).`

			`The mangle rule matches -p tcp --dport 8001, so connecting TO port 8001`
			`on any host triggers SNAT to the relay IP. The entrypoint responds with`
			`ip_echo (4 bytes: our IP in network order).`
			`"""`
			`import socket`
			`import sys`

			`PORT = int(sys.argv[1]) if len(sys.argv) > 1 else 8001`
			`HOST = sys.argv[2] if len(sys.argv) > 2 else "34.83.231.102" # entrypoint.mainnet-beta.solana.com`

			`# Resolve hostname`
			`try:`
			`addr = socket.getaddrinfo(HOST, PORT, socket.AF_INET)[0][4][0]`
			`except socket.gaierror:`
			`addr = HOST`

			`s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)`
			`s.settimeout(5)`

			`try:`
			`s.connect((addr, PORT))`
			`print(f"OK TCP handshake to {addr}:{PORT}")`
			`# ip_echo: peer sends our IP back as 4 bytes`
			`s.settimeout(2)`
			`try:`
			`data = s.recv(64)`
			`if len(data) >= 4:`
			`ip = socket.inet_ntoa(data[:4])`
			`print(f"OK ip_echo says we are {ip}")`
			`else:`
			`print(f"OK got {len(data)} bytes: {data.hex()}")`
			`except socket.timeout:`
			`print("NOTE: no ip_echo response (handshake succeeded)")`
			`except socket.timeout:`
			`print("TIMEOUT")`
			`sys.exit(1)`
			`except ConnectionRefusedError:`
			`print(f"OK connection refused by {addr}:{PORT} (host reachable)")`
			`except Exception as e:`
			`print(f"ERROR {e}")`
			`sys.exit(1)`
			`finally:`
			`s.close()`