#
# \brief  Test for TOR
# \author Stefan Kalkowski
# \date   2016-06-24
#

#
# Currently this scenario needs static network settings,
# which we can only anticipate under QEMU
#
assert_spec x86
if {![have_include power_on/qemu]} {
	puts "\n Run script is not supported on this platform. \n"; exit 0 }

create_boot_directory
import_from_depot [depot_user]/src/[base_src] \
                  [depot_user]/pkg/[drivers_nic_pkg] \
                  [depot_user]/src/init \
                  [depot_user]/src/curl \
                  [depot_user]/src/dynamic_rom \
                  [depot_user]/src/fetchurl \
                  [depot_user]/src/libc \
                  [depot_user]/src/libcrypto \
                  [depot_user]/src/libssl \
                  [depot_user]/src/libssh \
                  [depot_user]/src/nic_router \
                  [depot_user]/src/posix \
                  [depot_user]/src/ram_fs \
                  [depot_user]/src/report_rom \
                  [depot_user]/src/rtc_drv \
                  [depot_user]/src/vfs_jitterentropy \
                  [depot_user]/src/vfs_lxip \
                  [depot_user]/src/vfs \
                  [depot_user]/src/zlib
build { app/tor }

install_config {
<config>
	<parent-provides>
		<service name="ROM"/>
		<service name="RAM"/>
		<service name="IRQ"/>
		<service name="IO_MEM"/>
		<service name="IO_PORT"/>
		<service name="PD"/>
		<service name="RM"/>
		<service name="CPU"/>
		<service name="LOG"/>
	</parent-provides>
	<default-route>
		<any-service> <parent/> <any-child/> </any-service>
	</default-route>
	<default caps="200"/>

	<start name="timer">
		<resource name="RAM" quantum="1M"/>
		<provides> <service name="Timer"/> </provides>
	</start>

	<start name="rtc_drv">
		<resource name="RAM" quantum="1M"/>
		<provides> <service name="Rtc"/> </provides>
	</start>

	<start name="drivers" caps="1000">
		<resource name="RAM" quantum="32M" constrain_phys="yes"/>
		<binary name="init"/>
		<route>
			<service name="ROM" label="config"> <parent label="drivers.config"/> </service>
			<service name="Timer"> <child name="timer"/> </service>
			<any-service> <parent/> </any-service>
		</route>
		<provides> <service name="Nic"/> </provides>
	</start>

	<start name="nic_router" caps="200">
		<resource name="RAM" quantum="10M"/>
		<provides><service name="Nic"/></provides>
		<config>

			<policy label_prefix="tor"                    domain="tor"      />
			<policy label_prefix="web-client -> fetchurl" domain="fetchurl" />

			<domain name="uplink" interface="10.1.1.2/24" gateway="10.1.1.1">
				<nat domain="tor" tcp-ports="100" />
			</domain>

			<domain name="tor" interface="10.1.2.1/24">
				<tcp dst="0.0.0.0/0">
					<permit-any domain="uplink" />
				</tcp>
			</domain>

			<domain name="fetchurl" interface="10.1.3.1/24">
				<tcp-forward port="9050" domain="tor" to="10.1.2.2" />
			</domain>

		</config>
		<route>
			<service name="Nic"> <child name="drivers"/> </service>
			<any-service> <parent/> <any-child/> </any-service>
		</route>
	</start>

	<start name="config_fs">
		<binary name="ram_fs"/>
		<resource name="RAM" quantum="48M"/>
		<provides> <service name="File_system"/> </provides>
		<config>
			<content>
			<dir name="data"/>
			<dir name="conf">
				<inline name="torrc">
SOCKSPort 10.1.2.2:9050
DataDirectory /tor
			</inline></dir>
			</content>
		<policy label_prefix="tor -> data" root="/data" writeable="yes"/>
		<policy label_prefix="tor -> conf" root="/conf" writeable="no"/>
		</config>
	</start>

	<start name="tor" caps="300">
		<resource name="RAM" quantum="30M"/>
		<config ld_verbose="yes">
			<vfs>
				<dir name="dev">
					<jitterentropy name="random"/>
					<jitterentropy name="urandom"/>
					<log/> <rtc/>
				</dir>
				<dir name="etc">
					<dir name="tor"><fs label="conf" /></dir>
				</dir>
				<dir name="tor"> <fs label="data"/> </dir>
			</vfs>
			<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc"
			      ip_addr="10.1.2.2" gateway="10.1.2.1" netmask="255.255.255.0"/>
		</config>
		<route>
			<any-service> <child name="nic_router"/> <parent/> <any-child/> </any-service>
		</route>
	</start>

	<start name="dynamic_rom">
		<resource name="RAM" quantum="4M"/>
		<provides><service name="ROM"/></provides>
		<config>
			<rom name="init.config">
				<inline description="initial state">
					<config />
				</inline>
				<sleep milliseconds="5000" />
				<inline description="start web client">
<config>
	<parent-provides>
		<service name="ROM"/>
		<service name="RAM"/>
		<service name="PD"/>
		<service name="RM"/>
		<service name="CPU"/>
		<service name="LOG"/>
		<service name="Nic"/>
		<service name="Timer"/>
	</parent-provides>
	<start name="fetchurl" caps="500">
		<resource name="RAM" quantum="40M"/>
		<config>
			<vfs>
				<dir name="dev">
					<log/> <null/> <inline name="rtc">2000-01-01 00:00</inline>
					<inline name="random">01234567890123456789</inline>
				</dir>
				<dir name="socket">
					<lxip ip_addr="10.1.3.2" gateway="10.1.3.1" netmask="255.255.255.0"/>
				</dir>
			</vfs>
			<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc" socket="/socket"/>
			<fetch url="https://check.torproject.org/" path="/dev/log"
			       proxy="socks5h://10.1.3.1:9050"/>
		</config>
		<route> <any-service> <parent/> </any-service> </route>
	</start>
</config>
				</inline>
				<sleep milliseconds="40000" />
			</rom>
		</config>

	</start>

	<start name="web-client" caps="600">
		<binary name="init"/>
		<resource name="RAM" quantum="40M"/>
		<configfile name="init.config"/>
		<route>
			<service name="ROM" label="init.config"> <child name="dynamic_rom"/> </service>
			<service name="Nic"> <child name="nic_router"/> </service>
			<any-service> <parent/> <any-child/> </any-service>
		</route>
	</start>
</config>
}

build_boot_image { libevent.lib.so tor }

#
# Prepare network environment
#

set tapdev tap0
set netdev eth0
set username $tcl_platform(user)

if {[have_include power_on/qemu]} {
	if { [info exists ::env(TAP) ] } {
		set tapdev $::env(TAP) }
	if { [info exists ::env(ETH) ] } {
		set netdev $::env(ETH) }
	
	exec sudo ip tuntap add dev $tapdev mode tap user $username
	exec sudo ip address flush dev $tapdev
	exec sudo ip address add 10.1.1.1/24 dev $tapdev
	exec sudo iptables -t nat -A POSTROUTING -o $netdev -j MASQUERADE
	exec sudo iptables -A FORWARD -i $tapdev -o $netdev -j ACCEPT
	exec sudo iptables -A FORWARD -i $netdev -o $tapdev -m state --state RELATED,ESTABLISHED -j ACCEPT
	exec sudo sysctl -w net.ipv4.ip_forward=1

	append qemu_args " -nographic -net nic,model=e1000 -net tap,ifname=tap0,downscript=no,script=no "
}

#
# Execute test case
#

run_genode_until {.*Congratulations. This browser is configured to use Tor.*/n} 300
set serial_id [output_spawn_id]
set core_pid [exp_pid -i $serial_id]
exec kill -9 $core_pid

#
# Reset network environment again
#

if {[have_include power_on/qemu]} {
	exec sudo sysctl -w net.ipv4.ip_forward=0 >/dev/null
	exec sudo iptables -F
	exec sudo iptables -t nat -F
	exec sudo ip link set $tapdev down
	exec sudo ip address flush dev $tapdev
	exec sudo ip tuntap del dev $tapdev mode tap
}

# vi: set ft=tcl :