1. 16 Mar, 2017 1 commit
  2. 08 Mar, 2017 2 commits
  3. 01 Feb, 2017 1 commit
  4. 31 Jan, 2017 1 commit
  5. 11 Jan, 2017 2 commits
  6. 17 Nov, 2016 4 commits
  7. 10 Aug, 2016 1 commit
  8. 10 Jun, 2016 1 commit
  9. 11 May, 2016 3 commits
  10. 20 Apr, 2016 2 commits
    • anonym's avatar
      Completely rewrite the firewall leak detector. · c2a2465c
      anonym authored
      The old design was very inflexible, which over time lead to the
      implementation growing messy as different checks were added. The
      issue was that it had to hard-code the particular checks we
      wanted, and did not allow the user to formulate an expression for
      which packets are considered leaks or not. So, let's instead
      provide an assertion-like function to which the user passes a
      block describing how we want all our packets to look.
      
      Furthermore, now all firewall leak tests should be ok with the
      simulated Tor network provided by Chutney. Since all Tor nodes
      (incl. bridges) run from the same host (and IP address) we also
      include the server port when verifying that no unexpected hosts were
      contacted.
      
      Note that in some cases we've lost a bit of information and
      precision, e.g. among the anti-tests we no longer exactly match
      the protocol that was leaked, but that wasn't very valuable to
      begin with, and instead we test *exactly* the code that these are
      anti tests for -- a true anti test, indeed!
      
      Also, the 'no traffic has flowed to the LAN' (now renamed) had a
      serious bug which was fixed in passing -- the `@lan_host`
      variable was not set, so it is `nil`, which could never be among
      the IPv4 TCP leaks, so that step always succeeded! :S
      c2a2465c
    • anonym's avatar
      Just use lower case directly. · 20d97c52
      anonym authored
      We don't need to be fancy about the case any more.
      20d97c52
  11. 19 Apr, 2016 3 commits
    • anonym's avatar
      Simplify and improve flow. · 44c3ed6b
      anonym authored
      There's really no need to first gather the bridge configurations and
      then construct + write the bridge lines -- let's just do it in the
      same loop.
      44c3ed6b
    • anonym's avatar
      Slightly simplify. · 8ecb774e
      anonym authored
      ... by removing unnecessary class variable (it's not used outside of
      this step) and give the replacement (local) variable a better name.
      
      Note that @bridge_hosts is pretty stupid at the moment, since it will
      get the same static value appended many times, but improvements are
      pending.
      8ecb774e
    • anonym's avatar
      Test bridges and pluggable transports with Chutney. · f9c244ef
      anonym authored
      We now set up all bridges (from now on that term also includes PTs)
      using Chutney, so we no longer need to provide them in our "secret"
      local configuration any more, which is a big plus in itself.
      
      This includes replacing one of the authorities with a bridge
      authority.
      
      Note: the firewall test (i.e. that only the expected hosts are
      contacted) is pretty broken at the moment, definitely in the bridge
      mode case, but perhaps in normal operation too, since what we check is
      which hosts are contacted, and the complete Tor network *and* bridges
      now run on the same host (and IP address).
      f9c244ef
  12. 29 Feb, 2016 1 commit
  13. 19 Jan, 2016 1 commit
  14. 07 Dec, 2015 6 commits
  15. 24 Nov, 2015 1 commit
  16. 20 Nov, 2015 1 commit
    • intrigeri's avatar
      Test suite: run ping as root. · 59a55080
      intrigeri authored
      On Jessie, setcap is used by default instead of setuid root for /bin/ping,
      but aufs does not support file capabilities:
      
        $ /sbin/getcap /bin/ping
        Failed to get capabilities of file `/bin/ping' (Operation not supported)
      
        $ /sbin/getcap /lib/live/mount/rootfs/filesystem.squashfs/bin/ping
        /lib/live/mount/rootfs/filesystem.squashfs/bin/ping = cap_net_raw+ep
      
      We could of course make /bin/ping setuid root back, just as it has
      always been, but with our firewall it'll only allow pinging the LAN; for
      now, I'm deciding that the limited usefulness is not worth the security
      implications (even though we confine ping with AppArmor), and ping will
      remain root only for now. We'll see how much sensible complains we get
      during the 2.0 beta and RC phases.
      59a55080
  17. 19 Nov, 2015 1 commit
  18. 17 Nov, 2015 2 commits
  19. 11 Nov, 2015 1 commit
    • intrigeri's avatar
      Turn htpdate.service into Type=oneshot. · 9bc8ef56
      intrigeri authored
      I want to use time-sync.target (see systemd.special(7)), so that we can
      order stuff after it.
      
      But with Type=simple, we can't tell when htpdate is done, so we can't
      specify that time-sync.target has not been reached until then. So let's
      use Type=oneshot. But then, 20-time.sh would block until htpdate is
      done, which is not what we want; this is solved by using --no-block when
      restarting the service there.
      9bc8ef56
  20. 07 Sep, 2015 1 commit
  21. 06 Aug, 2015 1 commit
  22. 08 Jul, 2015 2 commits
    • intrigeri's avatar
      Test suite: run ping as root. · 8be56369
      intrigeri authored
      For some reason, on Jessie, running ping as a regular users results in "ping:
      icmp open socket: Operation not permitted", with exit code == 2. But as root, it
      "works" and the firewall blocks the packets. This is rather an improvement than
      a problem (stuff is blocked earlier, which is cheaper), so let's just deal with
      it in the test suite only, by running ping as root: the main purpose here is to
      test the firewall.
      
      This change also affects the netcat command used to open TCP and UDP
      connections, for code simplicity's sake. Here again, the goal is to test
      the firewall.
      8be56369
    • intrigeri's avatar
  23. 15 May, 2015 1 commit