genode-world/run/eigentor.run

#
# \brief  Test for TOR
# \author Stefan Kalkowski
# \date   2016-06-24
#

#
# Currently this scenario needs static network settings,
# which we can only anticipate under QEMU
#
assert_spec x86
if {![have_include power_on/qemu]} {
	puts "\n Run script is not supported on this platform. \n"; exit 0 }

set build_components {
	app/fetchurl
	app/tor
	core
	drivers/nic
	drivers/rtc
	drivers/timer
	init
	lib/vfs/jitterentropy
	server/dynamic_rom
	server/nic_router
	server/ram_fs
}

source ${genode_dir}/repos/base/run/platform_drv.inc
append_platform_drv_build_components
build $build_components
create_boot_directory

set config {
<config>
	<parent-provides>
		<service name="ROM"/>
		<service name="RAM"/>
		<service name="IRQ"/>
		<service name="IO_MEM"/>
		<service name="IO_PORT"/>
		<service name="PD"/>
		<service name="RM"/>
		<service name="CPU"/>
		<service name="LOG"/>
	</parent-provides>
	<default-route>
		<any-service> <parent/> <any-child/> </any-service>
	</default-route>

	<start name="timer">
		<resource name="RAM" quantum="1M"/>
		<provides> <service name="Timer"/> </provides>
	</start>

	<start name="rtc_drv">
		<resource name="RAM" quantum="1M"/>
		<provides> <service name="Rtc"/> </provides>
	</start>}

append_platform_drv_config

append config {
	<start name="nic_drv">
		<resource name="RAM" quantum="4M"/>
		<provides><service name="Nic"/></provides>
	</start>

	<start name="nic_router">
		<resource name="RAM" quantum="10M"/>
		<provides><service name="Nic"/></provides>
		<config rtt_sec="3">
			<policy label="uplink" src="10.1.1.2"/>

			<policy label="tor" src="10.1.2.1" nat="yes" nat-tcp-ports="100">
				<ip dst="0.0.0.0/0" label="uplink" via="10.1.1.1"/>
			</policy>

			<policy label="web-client -> fetchurl" src="10.1.3.1" nat="yes" nat-tcp-ports="100">
				<ip dst="10.1.3.1/32">
					<tcp dst="9050" label="tor" to="10.1.2.2"/>
				</ip>
			</policy>
		</config>
		<route>
			<service name="Nic"> <child name="nic_drv"/> </service>
			<any-service> <parent/> <any-child/> </any-service>
		</route>
	</start>

	<start name="config_fs">
		<binary name="ram_fs"/>
		<resource name="RAM" quantum="48M"/>
		<provides> <service name="File_system"/> </provides>
		<config>
			<content>
			<dir name="data"/>
			<dir name="conf">
				<inline name="torrc">
SOCKSPort 10.1.2.2:9050
DataDirectory /tor
			</inline></dir>
			</content>
		<policy label="tor -> data" root="/data" writeable="yes"/>
		<policy label="tor -> conf" root="/conf" writeable="no"/>
		</config>
	</start>

	<start name="tor">
		<resource name="RAM" quantum="20M"/>
		<config ld_verbose="yes">
			<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc"
			      ip_addr="10.1.2.2" gateway="10.1.2.1" netmask="255.255.255.0">
				<vfs>
					<dir name="dev">
						<jitterentropy name="random"/>
						<jitterentropy name="urandom"/>
						<log/> <rtc/>
					</dir>
					<dir name="etc">
						<dir name="tor"><fs label="conf" /></dir>
					</dir>
					<dir name="tor"> <fs label="data"/> </dir>
				</vfs>
			</libc>
		</config>
		<route>
			<any-service> <child name="nic_router"/> <parent/> <any-child/> </any-service>
		</route>
	</start>

	<start name="dynamic_rom">
		<resource name="RAM" quantum="4M"/>
		<provides><service name="ROM"/></provides>
		<config>
			<rom name="init.config">
				<inline description="initial state">
					<config />
				</inline>
				<sleep milliseconds="10000" />
				<inline description="start web client">
<config>
	<parent-provides>
		<service name="ROM"/>
		<service name="RAM"/>
		<service name="PD"/>
		<service name="RM"/>
		<service name="CPU"/>
		<service name="LOG"/>
		<service name="Nic"/>
		<service name="Timer"/>
	</parent-provides>
	<start name="fetchurl">
		<resource name="RAM" quantum="8M"/>
		<config>
			<libc stdout="/dev/log" stderr="/dev/log"
			      ip_addr="10.1.3.2" gateway="10.1.3.1" netmask="255.255.255.0">
				<vfs> <dir name="dev"> <log/> <null/> </dir> </vfs>
			</libc>
			<fetch url="https://check.torproject.org/" path="/dev/log"
			       proxy="socks5h://10.1.3.1:9050"/>
		</config>
		<route> <any-service> <parent/> </any-service> </route>
	</start>
</config>
				</inline>
				<sleep milliseconds="30000" />
			</rom>
		</config>

	</start>

	<start name="web-client">
		<binary name="init"/>
		<resource name="RAM" quantum="40M"/>
		<configfile name="init.config"/>
		<route>
			<service name="ROM" label="init.config"> <child name="dynamic_rom"/> </service>
			<service name="Nic"> <child name="nic_router"/> </service>
			<any-service> <parent/> <any-child/> </any-service>
		</route>
	</start>
</config>
}

install_config $config

set boot_modules {
	core
	curl.lib.so
	dynamic_rom
	fetchurl
	init
	ld.lib.so
	libc.lib.so
	libcrypto.lib.so
	libevent.lib.so
	libm.lib.so
	libssh.lib.so
	libssl.lib.so
	lwip.lib.so
	nic_drv
	nic_router
	pthread.lib.so
	ram_fs
	rtc_drv
	timer
	tor
	vfs_jitterentropy.lib.so
	zlib.lib.so
}
append_platform_drv_boot_modules
build_boot_image $boot_modules


#
# Prepare network environment
#

set tapdev tap0
set netdev eth0
set username $tcl_platform(user)

if {[have_include power_on/qemu]} {
	if { [info exists ::env(TAP) ] } {
		set tapdev $::env(TAP) }
	if { [info exists ::env(ETH) ] } {
		set netdev $::env(ETH) }
	
	exec sudo tunctl -u $username -t $tapdev > /dev/null
	exec sudo ifconfig $tapdev up
	exec sudo ifconfig $tapdev 10.1.1.1 netmask 255.255.255.0
	exec sudo iptables -t nat -A POSTROUTING -o $netdev -j MASQUERADE
	exec sudo iptables -A FORWARD -i $tapdev -o $netdev -j ACCEPT
	exec sudo iptables -A FORWARD -i $netdev -o $tapdev -m state --state RELATED,ESTABLISHED -j ACCEPT
	exec sudo sysctl -w net.ipv4.ip_forward=1

	append qemu_args " -m 256 -nographic -net nic,model=e1000 -net tap,ifname=tap0,downscript=no,script=no "
}


#
# Execute test case
#

run_genode_until {.*Congratulations. This browser is configured to use Tor.*/n} 200
set serial_id [output_spawn_id]
set core_pid [exp_pid -i $serial_id]
exec kill -9 $core_pid

#
# Reset network environment again
#

if {[have_include power_on/qemu]} {
	exec sudo sysctl -w net.ipv4.ip_forward=0 >/dev/null
	exec sudo iptables -F
	exec sudo iptables -t nat -F
	exec sudo ifconfig $tapdev down
	exec sudo tunctl -d $tapdev >/dev/null
}

# vi: set ft=tcl :