The proxy is used to capture TCP/IP packets exchanged by test participants using secured or not secured channel. The packed flow is analyzed and stored in a database for further analysis by protocol specific analysers.
The packet analysers available are :
Each message is saved with the network details, including an id of the socket (named channel id) used for that message as a socket can transport many messages (HTTP, DICOM).
The proxy is set up on ovh1.ihe-europe.net, and accessed with the web interface. ovh1.ihe-europe.net has a limited range of port numbers available from the Internet. Ports from 10200 to 11000 must be used for channel creation.
The web interface allows to create channels. A channel opens a port on the server hosting the proxy and redirecting all traffic to a configured server on a specific port.
Data stream is not modified, but analyzed using the chosen packet analyser.
This page displays the list of current running channels. A channel can be deleted if password is known.
It allows to create a new channel if password is known. All fields are required.
A grid displays all messages matching provided filter. Reset button sets all fields to default value.
Each row allows to display message details if id is clicked. Network details can also be clicked to define filter values.
For HTTP(S) messages, matching request/response is displayed in parenthesis.
The proxy is integrated with Gazelle using web standards.
It publishes a web service allowing Gazelle to send test instance steps and configurations. Also, when a step is done, Gazelle calls the web service.
The proxy then opens the needed channels and listen on specified ports (provided in the system configurations). It also records the test instance chronology for further searches.
In Gazelle, if the test instance has proxy enabled, a link is available on each step. This link opens the proxy with the Gazelle step technical id as a parameter. The proxy then builds a filter to get messages matching the step and displays the matching messages.
Gazelle TestManagement tools can be used in conjunction with a proxy for the capture of the messages exchanged between a test participants.
The proxy is able to capture :
The advantages of using the proxy when running a test are the followings :
Proxy acts as a network relay between two SUTs. As a result, system configuration has to be modified. The TCP connection must be established on the proxy on the system configuration’s proxy port instead of opening a connection to the responder SUT directly.
For each system in Gazelle TestManagement tool there is a set of configuration parameters. For each port that an SUT needs to open, there is a mirror port number on the proxy.
All proxy ports must be opened by a Gazelle admin, each system configuration being mapped to a proxy port.
The proxy GUI can be access at the following URL : https://gazelle.ihe.net/proxy
To start a new channel, you have to be connected as an administrator.
The form displayed should be completed with message type, proxy’s port, responder’s IP or hostname and responder’s port. The channel can be secure or not secure by activating the lock icon.
Then, one the channel is started, it can be visible in the channel list page
For secured configuration details, you can go to Administration/Secured Channel Configuration (admin only) or click on the lock icon to be redirected in read only mode (any user)
NB : Update the configuration induce a restart of all previously opened channels.
Proxy and Gazelle know each other, and each test step in Gazelle has a proxy link.
This link displays the list of the messages matching the test step configuration. It also filters the messages by time, showing only messages sent after the last test step marked as verified (or test instance started) and this test step marked as to be verified.
By accessing proxy directly using https://gazelle.ihe.net/proxy, messages can be filtered on different criterias. By clicking a value in the table, it either opens the message details for id column, or set the filter for other columns.
The messages list displays only one type of message, if HTTP is selected, HL7v2 messages are not shown.
Each captured message has a permanent link that can be used in Gazelle. The best way to use it is to add this link to a test step instance. The monitor will be then able to validate the message using EVSClient.
For version >5.0.8, gazelle-proxy can now have a persist feature that allowed user to persist created channel into csv file present in server. To perform this feature it needs 2 steps :
create a file named
/opt/proxy/proxyPersistentChannels.csv and make it accessible by jboss user
cd /opt/proxy/ sudo touch proxyPersistentChannels.csv sudo chmod -R 755 . && sudo chown -R jboss:jboss-admin .
Add property into Administration > Configuration
Once done you can know persist your channel during creation of new channel by ticking the case
Make the channel persistent?
The channel is now created with an
The chanel is written in
/opt/proxy/proxyPersistentChannels.csv in this format :
The fields are in this strict order:
"Type of Message","is Secured?","Proxy port","Responder Host","Responder port","is Persistent ?"
startAllChannels : It takes “List<Configuration> configurations” in argument. It starts a new channel in proxy for each configuration set.
startTestInstance : It takes “TestInstance testInstance” in argument. It starts a new channel in proxy for a test instance.
markTestStep : It takes “int testStepId” in argument. It set the date of a test step with the current.
getMinProxyPort : It returns the min_proxy_port define in proxy configuration.
getMaxProxyPort : It returns the max_proxy_port define in proxy configuration.
The proxy can be configured to use the “Admin only” mode. This mode restrict the access to the message list and details to administrators only.
Not logged in users or logged in users without admin rights will not be able to see any message if this mode is activated.
Any captured message will have a private access in this mode by default. Id the message is captured with this mode disabled,
when switching the mode on, the message will still be private by default.
An admin user can however Share connection. This basically means that a privacy key is associated to the connection and that any user with any rights knowing this privacy key will be able to access messages from this connection.
When this mode is enabled, the Message List is not accessible in the menu for not admin users :
When an Admin user access the message list with this mode enabled, he can see which message is shared and which message is private. He can also filter messages based on this criterion.
Finally when on a message detail page, the admin user can shared the associated connection, or make it private.
The current privacy state of the connection can be found as an icon on the top right corner of the Message details panel. For instance, the connection associated to the message in the following picture is private.
At any moment this mode can be enabled or disabled. Between two activations, connection will keep the same privacy status (shared or private). When the mode is disabled, all connection and all messages can be accessed by all users again. The fact that they are private in Admin only mode has no impact when the mode is disabled.