Norman Feske
254
run/eigentor.run
254
run/eigentor.run
@@ -1,254 +0,0 @@
|
||||
#
|
||||
# \brief Test for TOR
|
||||
# \author Stefan Kalkowski
|
||||
# \date 2016-06-24
|
||||
#
|
||||
|
||||
#
|
||||
# Currently this scenario needs static network settings,
|
||||
# which we can only anticipate under QEMU
|
||||
#
|
||||
assert_spec x86
|
||||
if {![have_include power_on/qemu]} {
|
||||
puts "\n Run script is not supported on this platform. \n"; exit 0 }
|
||||
|
||||
create_boot_directory
|
||||
import_from_depot [depot_user]/src/[base_src] \
|
||||
[depot_user]/pkg/[drivers_nic_pkg] \
|
||||
[depot_user]/src/init \
|
||||
[depot_user]/src/curl \
|
||||
[depot_user]/src/dynamic_rom \
|
||||
[depot_user]/src/fetchurl \
|
||||
[depot_user]/src/libc \
|
||||
[depot_user]/src/libcrypto \
|
||||
[depot_user]/src/libssl \
|
||||
[depot_user]/src/libssh \
|
||||
[depot_user]/src/nic_router \
|
||||
[depot_user]/src/posix \
|
||||
[depot_user]/src/ram_fs \
|
||||
[depot_user]/src/report_rom \
|
||||
[depot_user]/src/rtc_drv \
|
||||
[depot_user]/src/vfs_jitterentropy \
|
||||
[depot_user]/src/vfs_lxip \
|
||||
[depot_user]/src/vfs \
|
||||
[depot_user]/src/zlib
|
||||
build { app/tor }
|
||||
|
||||
install_config {
|
||||
<config>
|
||||
<parent-provides>
|
||||
<service name="ROM"/>
|
||||
<service name="RAM"/>
|
||||
<service name="IRQ"/>
|
||||
<service name="IO_MEM"/>
|
||||
<service name="IO_PORT"/>
|
||||
<service name="PD"/>
|
||||
<service name="RM"/>
|
||||
<service name="CPU"/>
|
||||
<service name="LOG"/>
|
||||
</parent-provides>
|
||||
<default-route>
|
||||
<any-service> <parent/> <any-child/> </any-service>
|
||||
</default-route>
|
||||
<default caps="200"/>
|
||||
|
||||
<start name="timer">
|
||||
<resource name="RAM" quantum="1M"/>
|
||||
<provides> <service name="Timer"/> </provides>
|
||||
</start>
|
||||
|
||||
<start name="rtc_drv">
|
||||
<resource name="RAM" quantum="1M"/>
|
||||
<provides> <service name="Rtc"/> </provides>
|
||||
</start>
|
||||
|
||||
<start name="drivers" caps="1000">
|
||||
<resource name="RAM" quantum="32M" constrain_phys="yes"/>
|
||||
<binary name="init"/>
|
||||
<route>
|
||||
<service name="ROM" label="config"> <parent label="drivers.config"/> </service>
|
||||
<service name="Timer"> <child name="timer"/> </service>
|
||||
<any-service> <parent/> </any-service>
|
||||
</route>
|
||||
<provides> <service name="Nic"/> </provides>
|
||||
</start>
|
||||
|
||||
<start name="nic_router" caps="200">
|
||||
<resource name="RAM" quantum="10M"/>
|
||||
<provides><service name="Nic"/></provides>
|
||||
<config>
|
||||
|
||||
<policy label_prefix="tor" domain="tor" />
|
||||
<policy label_prefix="web-client -> fetchurl" domain="fetchurl" />
|
||||
|
||||
<domain name="uplink" interface="10.1.1.2/24" gateway="10.1.1.1">
|
||||
<nat domain="tor" tcp-ports="100" />
|
||||
</domain>
|
||||
|
||||
<domain name="tor" interface="10.1.2.1/24">
|
||||
<tcp dst="0.0.0.0/0">
|
||||
<permit-any domain="uplink" />
|
||||
</tcp>
|
||||
</domain>
|
||||
|
||||
<domain name="fetchurl" interface="10.1.3.1/24">
|
||||
<tcp-forward port="9050" domain="tor" to="10.1.2.2" />
|
||||
</domain>
|
||||
|
||||
</config>
|
||||
<route>
|
||||
<service name="Nic"> <child name="drivers"/> </service>
|
||||
<any-service> <parent/> <any-child/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
<start name="config_fs">
|
||||
<binary name="ram_fs"/>
|
||||
<resource name="RAM" quantum="48M"/>
|
||||
<provides> <service name="File_system"/> </provides>
|
||||
<config>
|
||||
<content>
|
||||
<dir name="data"/>
|
||||
<dir name="conf">
|
||||
<inline name="torrc">
|
||||
SOCKSPort 10.1.2.2:9050
|
||||
DataDirectory /tor
|
||||
</inline></dir>
|
||||
</content>
|
||||
<policy label_prefix="tor -> data" root="/data" writeable="yes"/>
|
||||
<policy label_prefix="tor -> conf" root="/conf" writeable="no"/>
|
||||
</config>
|
||||
</start>
|
||||
|
||||
<start name="tor" caps="300">
|
||||
<resource name="RAM" quantum="30M"/>
|
||||
<config ld_verbose="yes">
|
||||
<vfs>
|
||||
<dir name="dev">
|
||||
<jitterentropy name="random"/>
|
||||
<jitterentropy name="urandom"/>
|
||||
<log/> <rtc/>
|
||||
</dir>
|
||||
<dir name="etc">
|
||||
<dir name="tor"><fs label="conf" /></dir>
|
||||
</dir>
|
||||
<dir name="tor"> <fs label="data"/> </dir>
|
||||
</vfs>
|
||||
<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc"
|
||||
ip_addr="10.1.2.2" gateway="10.1.2.1" netmask="255.255.255.0"/>
|
||||
</config>
|
||||
<route>
|
||||
<any-service> <child name="nic_router"/> <parent/> <any-child/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
|
||||
<start name="dynamic_rom">
|
||||
<resource name="RAM" quantum="4M"/>
|
||||
<provides><service name="ROM"/></provides>
|
||||
<config>
|
||||
<rom name="init.config">
|
||||
<inline description="initial state">
|
||||
<config />
|
||||
</inline>
|
||||
<sleep milliseconds="5000" />
|
||||
<inline description="start web client">
|
||||
<config>
|
||||
<parent-provides>
|
||||
<service name="ROM"/>
|
||||
<service name="RAM"/>
|
||||
<service name="PD"/>
|
||||
<service name="RM"/>
|
||||
<service name="CPU"/>
|
||||
<service name="LOG"/>
|
||||
<service name="Nic"/>
|
||||
<service name="Timer"/>
|
||||
</parent-provides>
|
||||
<start name="fetchurl" caps="500">
|
||||
<resource name="RAM" quantum="40M"/>
|
||||
<config>
|
||||
<vfs>
|
||||
<dir name="dev">
|
||||
<log/> <null/> <inline name="rtc">2000-01-01 00:00</inline>
|
||||
<inline name="random">01234567890123456789</inline>
|
||||
</dir>
|
||||
<dir name="socket">
|
||||
<lxip ip_addr="10.1.3.2" gateway="10.1.3.1" netmask="255.255.255.0"/>
|
||||
</dir>
|
||||
</vfs>
|
||||
<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc" socket="/socket"/>
|
||||
<fetch url="https://check.torproject.org/" path="/dev/log"
|
||||
proxy="socks5h://10.1.3.1:9050"/>
|
||||
</config>
|
||||
<route> <any-service> <parent/> </any-service> </route>
|
||||
</start>
|
||||
</config>
|
||||
</inline>
|
||||
<sleep milliseconds="40000" />
|
||||
</rom>
|
||||
</config>
|
||||
|
||||
</start>
|
||||
|
||||
<start name="web-client" caps="600">
|
||||
<binary name="init"/>
|
||||
<resource name="RAM" quantum="40M"/>
|
||||
<configfile name="init.config"/>
|
||||
<route>
|
||||
<service name="ROM" label="init.config"> <child name="dynamic_rom"/> </service>
|
||||
<service name="Nic"> <child name="nic_router"/> </service>
|
||||
<any-service> <parent/> <any-child/> </any-service>
|
||||
</route>
|
||||
</start>
|
||||
</config>
|
||||
}
|
||||
|
||||
build_boot_image { libevent.lib.so tor }
|
||||
|
||||
#
|
||||
# Prepare network environment
|
||||
#
|
||||
|
||||
set tapdev tap0
|
||||
set netdev eth0
|
||||
set username $tcl_platform(user)
|
||||
|
||||
if {[have_include power_on/qemu]} {
|
||||
if { [info exists ::env(TAP) ] } {
|
||||
set tapdev $::env(TAP) }
|
||||
if { [info exists ::env(ETH) ] } {
|
||||
set netdev $::env(ETH) }
|
||||
|
||||
exec sudo ip tuntap add dev $tapdev mode tap user $username
|
||||
exec sudo ip address flush dev $tapdev
|
||||
exec sudo ip address add 10.1.1.1/24 dev $tapdev
|
||||
exec sudo iptables -t nat -A POSTROUTING -o $netdev -j MASQUERADE
|
||||
exec sudo iptables -A FORWARD -i $tapdev -o $netdev -j ACCEPT
|
||||
exec sudo iptables -A FORWARD -i $netdev -o $tapdev -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
exec sudo sysctl -w net.ipv4.ip_forward=1
|
||||
|
||||
append qemu_args " -nographic -net nic,model=e1000 -net tap,ifname=tap0,downscript=no,script=no "
|
||||
}
|
||||
|
||||
#
|
||||
# Execute test case
|
||||
#
|
||||
|
||||
run_genode_until {.*Congratulations. This browser is configured to use Tor.*/n} 300
|
||||
set serial_id [output_spawn_id]
|
||||
set core_pid [exp_pid -i $serial_id]
|
||||
exec kill -9 $core_pid
|
||||
|
||||
#
|
||||
# Reset network environment again
|
||||
#
|
||||
|
||||
if {[have_include power_on/qemu]} {
|
||||
exec sudo sysctl -w net.ipv4.ip_forward=0 >/dev/null
|
||||
exec sudo iptables -F
|
||||
exec sudo iptables -t nat -F
|
||||
exec sudo ip link set $tapdev down
|
||||
exec sudo ip address flush dev $tapdev
|
||||
exec sudo ip tuntap del dev $tapdev mode tap
|
||||
}
|
||||
|
||||
# vi: set ft=tcl :
|
||||
185
run/tor_lx.run
185
run/tor_lx.run
@@ -1,185 +0,0 @@
|
||||
#
|
||||
# \brief Test for TOR on Linux
|
||||
# \author Stefan Kalkowski
|
||||
# \date 2016-06-24
|
||||
#
|
||||
|
||||
if {![have_spec linux]} {
|
||||
puts "\n Run script is not supported on this platform. \n"; exit 0 }
|
||||
|
||||
set tapdev tap0
|
||||
set netdev eth0
|
||||
set netprefix 192.168.1
|
||||
|
||||
set username $tcl_platform(user)
|
||||
|
||||
if { [info exists ::env(TAP) ] } {
|
||||
set tapdev $::env(TAP) }
|
||||
if { [info exists ::env(ETH) ] } {
|
||||
set netdev $::env(ETH) }
|
||||
if { [info exists ::env(NET) ] } {
|
||||
set netprefix $::env(NET) }
|
||||
|
||||
#
|
||||
# Build
|
||||
#
|
||||
|
||||
set build_components {
|
||||
core init
|
||||
timer
|
||||
drivers/rtc
|
||||
drivers/nic
|
||||
server/ram_fs
|
||||
app/tor
|
||||
lib/vfs/jitterentropy
|
||||
}
|
||||
|
||||
source ${genode_dir}/repos/base/run/platform_drv.inc
|
||||
append_platform_drv_build_components
|
||||
|
||||
build $build_components
|
||||
|
||||
create_boot_directory
|
||||
|
||||
#
|
||||
# Generate config
|
||||
#
|
||||
|
||||
set config {
|
||||
<config verbose="yes">
|
||||
<parent-provides>
|
||||
<service name="ROM"/>
|
||||
<service name="RAM"/>
|
||||
<service name="IRQ"/>
|
||||
<service name="IO_MEM"/>
|
||||
<service name="IO_PORT"/>
|
||||
<service name="PD"/>
|
||||
<service name="RM"/>
|
||||
<service name="CPU"/>
|
||||
<service name="LOG"/>
|
||||
</parent-provides>
|
||||
<default-route>
|
||||
<any-service> <parent/> <any-child/> </any-service>
|
||||
</default-route>
|
||||
<default caps="200"/>
|
||||
|
||||
<start name="timer">
|
||||
<resource name="RAM" quantum="1M"/>
|
||||
<provides> <service name="Timer"/> </provides>
|
||||
</start>
|
||||
|
||||
<start name="rtc_drv">
|
||||
<resource name="RAM" quantum="1M"/>
|
||||
<provides> <service name="Rtc"/> </provides>
|
||||
</start>
|
||||
|
||||
<start name="config_fs" priority="-1">
|
||||
<binary name="ram_fs"/>
|
||||
<resource name="RAM" quantum="20M"/>
|
||||
<provides> <service name="File_system"/> </provides>
|
||||
<config>
|
||||
<content>
|
||||
<dir name="data"/>
|
||||
<dir name="conf">
|
||||
<inline name="torrc">}
|
||||
append config "
|
||||
SOCKSPort $netprefix.2:9050"
|
||||
append config {
|
||||
DataDirectory /tor
|
||||
</inline></dir>
|
||||
</content>
|
||||
<policy label_prefix="tor -> data" root="/data" writeable="yes"/>
|
||||
<policy label_prefix="tor -> conf" root="/conf" writeable="no"/>
|
||||
</config>
|
||||
</start>
|
||||
|
||||
<start name="tor">
|
||||
<resource name="RAM" quantum="30M"/>
|
||||
<config ld_verbose="yes">
|
||||
<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc"}
|
||||
append config " ip_addr=\"$netprefix.2\" netmask=\"255.255.255.0\" gateway=\"$netprefix.1\"/>"
|
||||
append config {
|
||||
<vfs>
|
||||
<dir name="dev">
|
||||
<jitterentropy name="random"/>
|
||||
<jitterentropy name="urandom"/>
|
||||
<log/> <rtc/>
|
||||
</dir>
|
||||
<dir name="etc">
|
||||
<dir name="tor"><fs label="conf" /></dir>
|
||||
</dir>
|
||||
<dir name="tor"> <fs label="data"/> </dir>
|
||||
</vfs>
|
||||
</config>
|
||||
</start>}
|
||||
|
||||
append_platform_drv_config
|
||||
|
||||
append config {
|
||||
<start name="linux_nic_drv">
|
||||
<resource name="RAM" quantum="4M"/>
|
||||
<provides><service name="Nic"/></provides>
|
||||
</start>
|
||||
</config>
|
||||
}
|
||||
|
||||
install_config $config
|
||||
|
||||
#
|
||||
# Boot modules
|
||||
#
|
||||
|
||||
# generic modules
|
||||
set boot_modules {
|
||||
core init timer rtc_drv
|
||||
ld.lib.so libc.lib.so vfs.lib.so libm.lib.so zlib.lib.so posix.lib.so
|
||||
libcrypto.lib.so libevent.lib.so libssl.lib.so pthread.lib.so
|
||||
vfs_jitterentropy.lib.solwip_legacy.lib.so
|
||||
linux_nic_drv ram_fs tor
|
||||
}
|
||||
|
||||
# platform-specific modules
|
||||
append_platform_drv_boot_modules
|
||||
|
||||
build_boot_image $boot_modules
|
||||
|
||||
|
||||
#
|
||||
# Prepare network environment
|
||||
#
|
||||
|
||||
exec sudo tunctl -u $username -t $tapdev
|
||||
exec sudo ifconfig $tapdev up
|
||||
exec sudo ifconfig $tapdev $netprefix.1 netmask 255.255.255.0
|
||||
exec sudo iptables -t nat -A POSTROUTING -o $netdev -j MASQUERADE
|
||||
exec sudo iptables -A FORWARD -i $tapdev -o $netdev -j ACCEPT
|
||||
exec sudo iptables -A FORWARD -i $netdev -o tapdev -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
exec sudo sysctl -w net.ipv4.ip_forward=1
|
||||
|
||||
|
||||
#
|
||||
# Execute test case
|
||||
#
|
||||
|
||||
run_genode_until {.* Bootstrapped 100%: Done.*\n} 200
|
||||
set serial_id [output_spawn_id]
|
||||
set core_pid [exp_pid -i $serial_id]
|
||||
spawn curl --socks5-hostname $netprefix.2:9050 https://check.torproject.org/
|
||||
set curl_id $spawn_id
|
||||
sleep 5
|
||||
exec kill -9 $core_pid
|
||||
|
||||
|
||||
#
|
||||
# Reset network environment again
|
||||
#
|
||||
|
||||
exec sudo sysctl -w net.ipv4.ip_forward=0
|
||||
exec sudo iptables -F
|
||||
exec sudo iptables -t nat -F
|
||||
exec sudo ifconfig $tapdev down
|
||||
exec sudo tunctl -d $tapdev
|
||||
|
||||
run_genode_until {.*Congratulations. This browser is configured to use Tor.*/n} 5 $curl_id
|
||||
|
||||
# vi: set ft=tcl :
|
||||
Reference in New Issue
Block a user