update
This commit is contained in:
parent
b50fd16591
commit
6b4fca0353
2
Makefile
2
Makefile
@ -20,3 +20,5 @@ lint::
|
|||||||
test::
|
test::
|
||||||
sudo -u ${USER} /var/local/src/var_local_$(ROLE).bash $@
|
sudo -u ${USER} /var/local/src/var_local_$(ROLE).bash $@
|
||||||
|
|
||||||
|
up::
|
||||||
|
sh .rsync.sh
|
||||||
|
13
README.md
13
README.md
@ -1,3 +1,12 @@
|
|||||||
|
|
||||||
This base role is from https://github.com/gentoo-ansible/role-base/
|
This role was from https://github.com/gentoo-ansible/role-base/
|
||||||
and is just a starting point.
|
and is a starting point that lays down the basics for subsequent roles.
|
||||||
|
It is required to be run before ../proxy_role Also look at the variables
|
||||||
|
in defaults/main.yml to customize the role, and double-check the settings
|
||||||
|
in vars/*.yml.
|
||||||
|
|
||||||
|
It is multi-target and should run on Gentoo2, Debian4, Devuan5, Ubuntu18
|
||||||
|
athough only tested on Gentoo. To bring it up to date, just copy the
|
||||||
|
existing files in vars and maybe tasks to the new name and edit to suit,
|
||||||
|
but be advised that it is systemd-challenged, like its author.
|
||||||
|
|
||||||
|
@ -7,6 +7,7 @@ ROLE=proxy
|
|||||||
PYVER=3
|
PYVER=3
|
||||||
|
|
||||||
# DEBUG=1
|
# DEBUG=1
|
||||||
|
# TRACE=1
|
||||||
|
|
||||||
. /usr/local/bin/proxy_ping_lib.bash || \
|
. /usr/local/bin/proxy_ping_lib.bash || \
|
||||||
{ ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 6; }
|
{ ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 6; }
|
||||||
@ -19,17 +20,17 @@ which nslookup 2>/dev/null >/dev/null && HAVE_NSLOOKUP=1 || HAVE_NSLOOKUP=0
|
|||||||
which tor-resolve 2>/dev/null >/dev/null && HAVE_TOR_RESOLVE=1 || HAVE_TOR_RESOLVE=0
|
which tor-resolve 2>/dev/null >/dev/null && HAVE_TOR_RESOLVE=1 || HAVE_TOR_RESOLVE=0
|
||||||
|
|
||||||
[ -z "$prog" ] || prog=proxy_ping_test
|
[ -z "$prog" ] || prog=proxy_ping_test
|
||||||
proxy_ping_get_socks
|
proxy_ping_get_socks >/dev/null
|
||||||
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1
|
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1
|
||||||
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050
|
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050
|
||||||
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
|
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
|
||||||
HTTPS_PORT=9128
|
HTTPS_PORT=9128
|
||||||
HTTPS_HOST=127.0.0.1
|
HTTPS_HOST=127.0.0.1
|
||||||
proxy_ping_get_https
|
proxy_ping_get_https >/dev/null
|
||||||
[ -z "$HTTPS_HOST" ] && HTTPS_HOST=127.0.0.1
|
[ -z "$HTTPS_HOST" ] && HTTPS_HOST=127.0.0.1
|
||||||
HTTP_PORT=3128
|
HTTP_PORT=3128
|
||||||
HTTP_PROXY_HOST=127.0.0.1
|
HTTP_PROXY_HOST=127.0.0.1
|
||||||
proxy_ping_get_http
|
proxy_ping_get_http >/dev/null
|
||||||
[ -z "$HTTP_HOST" ] && HTTP_HOST=127.0.0.1
|
[ -z "$HTTP_HOST" ] && HTTP_HOST=127.0.0.1
|
||||||
|
|
||||||
[ -f $PREFIX/etc/testforge/testforge.bash ] && \
|
[ -f $PREFIX/etc/testforge/testforge.bash ] && \
|
||||||
@ -80,9 +81,15 @@ SCURL="/usr/local/bin/scurl.bash --output /dev/null"
|
|||||||
NSL='nslookup -querytype=A -debug'
|
NSL='nslookup -querytype=A -debug'
|
||||||
NETS='netstat -nl4e'
|
NETS='netstat -nl4e'
|
||||||
ALL=""
|
ALL=""
|
||||||
|
USAGE="$prog without arguments tests the current MODE=$MODE,
|
||||||
|
or with 0 to list the tests by number,
|
||||||
|
or one or more of the groups:
|
||||||
|
|
||||||
|
"
|
||||||
|
|
||||||
[ -z "$USER" ] && USER=$(id -un )
|
[ -z "$USER" ] && USER=$(id -un )
|
||||||
[ $USER = root ] && DMESG_LINES=1 || DMESG_LINES=0
|
[ $USER = root -a -n "$TRACE" -a "$TRACE" != '0' ] && DMESG_LINES=1 || DMESG_LINES=0
|
||||||
|
|
||||||
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_ping_get_wlan`
|
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_ping_get_wlan`
|
||||||
# fixme - required
|
# fixme - required
|
||||||
PROXY_WLAN=$( echo $PROXY_WLAN | grep ^wlan |sed -e 's/:.*//' )
|
PROXY_WLAN=$( echo $PROXY_WLAN | grep ^wlan |sed -e 's/:.*//' )
|
||||||
@ -91,11 +98,6 @@ PROXY_WLAN=$( echo $PROXY_WLAN | grep ^wlan |sed -e 's/:.*//' )
|
|||||||
# fixme - required
|
# fixme - required
|
||||||
PROXY_WLAN_GW=$( echo $PROXY_WLAN_GW | grep ^wlan |sed -e 's/:.*//' )
|
PROXY_WLAN_GW=$( echo $PROXY_WLAN_GW | grep ^wlan |sed -e 's/:.*//' )
|
||||||
MODE=$( proxy_ping_mode )
|
MODE=$( proxy_ping_mode )
|
||||||
USAGE="$prog without arguments tests the current MODE=$MODE,
|
|
||||||
or 0 to list the tests by number,
|
|
||||||
or one or more of the groups:
|
|
||||||
|
|
||||||
"
|
|
||||||
|
|
||||||
DNS_HOST=$SOCKS_HOST
|
DNS_HOST=$SOCKS_HOST
|
||||||
[ -z "$PRIV_BIN_OWNER" ] && PRIV_BIN_OWNER=bin
|
[ -z "$PRIV_BIN_OWNER" ] && PRIV_BIN_OWNER=bin
|
||||||
@ -244,20 +246,21 @@ proxy_run_as_root () { DBUG proxy_run_as_root $* ;
|
|||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
## proxy_test_pretests
|
# could pull these out as tests and add them to
|
||||||
proxy_test_pretests () {
|
## proxy_test_pretest_exit
|
||||||
if [ "$1" = panic ] ; then
|
proxy_test_pretest_exit () {
|
||||||
|
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
|
||||||
|
if [ "$1" = panic -o "$1" = firewall ] ; then
|
||||||
: dont ping on panic
|
: dont ping on panic
|
||||||
proxy_ping_broken || proxy_do_ping || \
|
proxy_ping_broken || proxy_do_ping || \
|
||||||
{ WARN ping failed for panic so skipping ; exit 0 ; }
|
{ WARN ping failed for panic so skipping ; exit 0 ; }
|
||||||
elif [ "$1" = direct -o "$1" = gateway -o "$1" = vda -o "$1" = kick ] ; then
|
elif [ "$1" = direct -o "$1" = gateway -o "$1" = vda -o "$1" = kick ] ; then
|
||||||
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
|
|
||||||
proxy_ping_broken || proxy_do_ping || exit 3$?
|
proxy_ping_broken || proxy_do_ping || exit 3$?
|
||||||
proxy_ping_test_resolv $MODE ||\
|
proxy_ping_test_resolv $MODE ||\
|
||||||
{ WARN $prog proxy_ping_test_resolv=$? 'echo nameserver 127.0.0.1 > /etc/resolv.conf' ; exit 4 ; }
|
{ WARN $prog proxy_ping_test_resolv=$? 'echo nameserver 127.0.0.1 > /etc/resolv.conf' ; exit 4 ; }
|
||||||
proxy_ping_firewall_start || { ERROR "proxy_ping_firewall_start ret=$?" ; exit 5 ; }
|
proxy_ping_firewall_start || { ERROR "proxy_ping_firewall_start ret=$?" ; exit 5 ; }
|
||||||
elif [ "$1" = nat ] ; then
|
elif [ "$1" = nat ] ; then
|
||||||
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
|
: proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
|
||||||
else
|
else
|
||||||
proxy_do_ping || exit 4$?
|
proxy_do_ping || exit 4$?
|
||||||
proxy_ping_test_resolv $MODE || \
|
proxy_ping_test_resolv $MODE || \
|
||||||
@ -270,9 +273,25 @@ proxy_test_pretests () {
|
|||||||
|
|
||||||
## proxy_test_help_args
|
## proxy_test_help_args
|
||||||
proxy_test_help_args () {
|
proxy_test_help_args () {
|
||||||
|
declare -a elts=()
|
||||||
declare -a ret=()
|
declare -a ret=()
|
||||||
ret=( $(grep " -.* $1 " /tmp/proxy_ping_test.hlp | \
|
local elt
|
||||||
sed -e 's/.=.*//' -e 's/.*tests.//') )
|
if [ "$1" = selektor -o "$1" = whonix -o "$1" = torhost ] ; then
|
||||||
|
elts=($1 socks http dns https tordns firefail)
|
||||||
|
elif [ "$1" = torlibvirthost ] ; then
|
||||||
|
elts=($1 libvirthost socks http https tordns firefail)
|
||||||
|
elts+=($MODE)
|
||||||
|
elif [ "$1" = gateway ] ; then
|
||||||
|
elts=($1 libvirtguest socks dns http https firefail)
|
||||||
|
else
|
||||||
|
elts=($1)
|
||||||
|
fi
|
||||||
|
for elt in "${elts[@]}" ; do
|
||||||
|
# DBUG proxy_test_help_args $elt $1 >&2
|
||||||
|
ret+=( $(grep " -.* $elt " /tmp/proxy_ping_test.hlp | \
|
||||||
|
sed -e 's/.=.*//' -e 's/.*tests.//') )
|
||||||
|
done
|
||||||
|
DBUG proxy_test_help_args "${ret[@]}" >&2
|
||||||
echo "${ret[@]}"
|
echo "${ret[@]}"
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@ -293,9 +312,6 @@ proxy_ping_test_set_args () {
|
|||||||
## vda - through the Gateway with the firewall - also polipo,panic - uses env
|
## vda - through the Gateway with the firewall - also polipo,panic - uses env
|
||||||
[ "$1" = vda ] &&
|
[ "$1" = vda ] &&
|
||||||
aret=( 35 3 20 ) #
|
aret=( 35 3 20 ) #
|
||||||
## tor - tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition
|
|
||||||
[ "$1" = tor ] &&
|
|
||||||
aret=( 21 30 20 4 5 36 3 )
|
|
||||||
## kick - open firewall with tor running - call dns,polipo +tor in addition
|
## kick - open firewall with tor running - call dns,polipo +tor in addition
|
||||||
[ "$1" = kick -o "$1" = host ] &&
|
[ "$1" = kick -o "$1" = host ] &&
|
||||||
aret=( 24 31 13 16 6 )# 30 24 31 6 13 16
|
aret=( 24 31 13 16 6 )# 30 24 31 6 13 16
|
||||||
@ -304,15 +320,19 @@ proxy_ping_test_set_args () {
|
|||||||
aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16
|
aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16
|
||||||
|
|
||||||
# aliases
|
# aliases
|
||||||
|
# socks defines http as the target of a user using socks
|
||||||
[ "$1" = "$SOCKS_PORT" ] && set -- socks
|
[ "$1" = "$SOCKS_PORT" ] && set -- socks
|
||||||
|
# http defines http as the target of a user using http
|
||||||
[ "$1" = "$HTTP_PORT" ] && set -- http
|
[ "$1" = "$HTTP_PORT" ] && set -- http
|
||||||
|
# https defines http as the target of a user using https
|
||||||
[ "$1" = "$HTTPS_PORT" ] && set -- https
|
[ "$1" = "$HTTPS_PORT" ] && set -- https
|
||||||
|
# dns defines http as the target of a user using dns
|
||||||
[ "$1" = "53" ] && set -- dns
|
[ "$1" = "53" ] && set -- dns
|
||||||
|
# tordns defines http as the target of a user using tordns
|
||||||
[ "$1" = "9053" ] && set -- tordns
|
[ "$1" = "9053" ] && set -- tordns
|
||||||
|
|
||||||
[ "$1" = scan ] && set -- iwlist
|
[ "$1" = scan ] && set -- iwlist
|
||||||
[ "$1" = panic ] && set -- firewall
|
[ "$1" = panic ] && set -- firewall
|
||||||
[ "$1" = tor ] && set -- torhost
|
|
||||||
[ "$1" = to_gateway ] && set -- whonix
|
[ "$1" = to_gateway ] && set -- whonix
|
||||||
[ "$1" = from_tor ] && set -- whonix
|
[ "$1" = from_tor ] && set -- whonix
|
||||||
[ "$1" = from_gateway ] && set -- gateway
|
[ "$1" = from_gateway ] && set -- gateway
|
||||||
@ -326,11 +346,11 @@ proxy_ping_test_set_args () {
|
|||||||
set -- ping dns socks http https tordns firefail libvirtguest
|
set -- ping dns socks http https tordns firefail libvirtguest
|
||||||
# wifi?
|
# wifi?
|
||||||
[ "$1" = whonix ] && \
|
[ "$1" = whonix ] && \
|
||||||
set -- ping tordns dns socks http https torhost tordns firefail gw
|
set -- ping tordns dns socks http https torhost tordns firefail gw
|
||||||
[ "$1" = tor ] && \
|
[ "$1" = tor -o "$1" = selektor ] && \
|
||||||
set -- ping tordns dns trace socks http https torhost tordns firefail nmap gw
|
set -- ping tordns dns trace torhost nmap gw
|
||||||
[ "$1" = selektor ] && \
|
## torhost implies -
|
||||||
set -- ping tordns dns trace socks http https torhost tordns firefail nmap gw
|
#? tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition
|
||||||
[ "$1" = direct -o "$1" = '' ] && \
|
[ "$1" = direct -o "$1" = '' ] && \
|
||||||
set -- ping dns trace nmap gw
|
set -- ping dns trace nmap gw
|
||||||
|
|
||||||
@ -339,33 +359,34 @@ proxy_ping_test_set_args () {
|
|||||||
# aret="${#tests[@]}"
|
# aret="${#tests[@]}"
|
||||||
|
|
||||||
## gw - test if we are connected to the gateway
|
## gw - test if we are connected to the gateway
|
||||||
## torhost - running tor with the firewall
|
|
||||||
## env - from the cmdline with a properly setup env
|
## env - from the cmdline with a properly setup env
|
||||||
## firefail - test the proxy without env vars to expect failure
|
## firefail - test the proxy without env vars to expect failure
|
||||||
|
## torhost - running tor with the firewall
|
||||||
## http - assumes torhost or whonix and env setup
|
## http - assumes torhost or whonix and env setup
|
||||||
## https - assumes torhost or whonix and env setup
|
## https - assumes torhost or whonix and env setup
|
||||||
## socks - assumes torhost or whonix and env setup
|
## socks - assumes torhost or whonix and env setup
|
||||||
|
## tordns - test 9053 for dns using tor-resolve
|
||||||
|
## dns - dns using tor or the gateway, with the firewall - does not assume env
|
||||||
## ping - connected routed test the ping to DNS hosts
|
## ping - connected routed test the ping to DNS hosts
|
||||||
## ntp - ntpdate through the firewall
|
## ntp - ntpdate through the firewall
|
||||||
## nmap - nmap sgid through the firewall - does not assume env
|
## nmap - nmap sgid through the firewall - does not assume env
|
||||||
## iwlist - wlan scan
|
## iwlist - wlan scan of a wifi host
|
||||||
## firewall - test that the firewall blocks
|
## firewall - test that the firewall blocks
|
||||||
## virbr1 - assumes tor or whonix
|
## virbr1 - looks for virbr1 on a libvirt host torhost or whonix
|
||||||
## gateway - ssh to the whonix gateway
|
## gateway - ssh to the whonix gateway from the torhost
|
||||||
## trace - traceroute to DNSHOST - icmp is allowed by the firewall, except on vda
|
## trace - traceroute to DNSHOST - icmp is allowed by the firewall, except on vda
|
||||||
## wifi - test if we are connected - call scan in addition
|
## wifi - test if we are connected - call scan in addition
|
||||||
## libvirthost - hosting a libvirt container
|
## libvirthost - hosting a libvirt container
|
||||||
## libvirtguest - in a libvirt container
|
## libvirtguest - in a libvirt container
|
||||||
## tordns - test 9053 for dns using tor-resolve
|
## whonix - whonix torhost with libvirt container running gateway behind firewall - aliases: to_gateway from_tor
|
||||||
## dns - dns using tor or the gateway, with the firewall - does not assume env
|
## direct - assume no firewall and no proxy - but may work depend on env
|
||||||
## whonix - whonix to the Gateway with the firewall - also panic - not assume env
|
|
||||||
## whonix - whonix gateway host side client setup with the firewall was from_to## direct - assume no firewall and no proxy - but may work depend on env
|
|
||||||
r
|
|
||||||
for elt in "$@" ; do
|
for elt in "$@" ; do
|
||||||
if [ "$elt" = gw -o "$elt" = '' -o "$elt" = env -o \
|
if [ "$elt" = gw -o "$elt" = '' -o "$elt" = env -o \
|
||||||
"$elt" = https -o "$elt" = http -o "$elt" = socks -o "$elt" = dns -o \
|
"$elt" = https -o "$elt" = http -o "$elt" = socks -o "$elt" = dns -o \
|
||||||
"$elt" = torhost -o "$elt" = tordns -o "$elt" = whonix -o \
|
"$elt" = torhost -o "$elt" = tordns -o "$elt" = whonix -o \
|
||||||
"$elt" = libvirthost -o "$elt" = libvirtguest -o "$elt" = virbr1 -o \
|
"$elt" = libvirthost -o "$elt" = torlibvirthost -o \
|
||||||
|
"$elt" = libvirtguest -o "$elt" = virbr1 -o \
|
||||||
"$elt" = ping -o "$elt" = trace -o "$elt" = ntp -o "$elt" = nmap -o \
|
"$elt" = ping -o "$elt" = trace -o "$elt" = ntp -o "$elt" = nmap -o \
|
||||||
"$elt" = iwlist -o "$elt" = firefail -o "$elt" = direct -o \
|
"$elt" = iwlist -o "$elt" = firefail -o "$elt" = direct -o \
|
||||||
"$elt" = trace -o "$elt" = wifi -o "$elt" = '' -o "$elt" = '' \
|
"$elt" = trace -o "$elt" = wifi -o "$elt" = '' -o "$elt" = '' \
|
||||||
@ -405,9 +426,8 @@ if [ $1 = '-h' -o $1 = '--help' ] ; then
|
|||||||
set -- `proxy_ping_test_set_args "$@"`
|
set -- `proxy_ping_test_set_args "$@"`
|
||||||
DBUG running tests numbered "$@"
|
DBUG running tests numbered "$@"
|
||||||
fi
|
fi
|
||||||
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
|
|
||||||
|
|
||||||
proxy_test_pretests "$1"
|
proxy_test_pretest_exit "$1"
|
||||||
|
|
||||||
# https://stackoverflow.com/questions/8290046/icmp-sockets-linux/20105379#20105379
|
# https://stackoverflow.com/questions/8290046/icmp-sockets-linux/20105379#20105379
|
||||||
if [ $( id -u ) -eq 0 ] ; then
|
if [ $( id -u ) -eq 0 ] ; then
|
||||||
@ -471,6 +491,7 @@ while [ "$#" -gt 0 ] ; do
|
|||||||
[ $DEBIAN -eq 0 ] && continue
|
[ $DEBIAN -eq 0 ] && continue
|
||||||
|
|
||||||
[ -z "$socks_proxy" ] && socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
|
[ -z "$socks_proxy" ] && socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
|
||||||
|
# mode whonix implies torhost
|
||||||
if [ $MODE = whonix ] ; then
|
if [ $MODE = whonix ] ; then
|
||||||
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e| grep 15:$SOCKS_PORT || {
|
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e| grep 15:$SOCKS_PORT || {
|
||||||
retval=$?
|
retval=$?
|
||||||
@ -496,14 +517,16 @@ while [ "$#" -gt 0 ] ; do
|
|||||||
GREP="$SOCKS_PORT"
|
GREP="$SOCKS_PORT"
|
||||||
|
|
||||||
elif [ $ARG -eq 4 ] ; then
|
elif [ $ARG -eq 4 ] ; then
|
||||||
tests[4]="dig_socks_through_as_user @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com - tordns "
|
tests[4]="dig_socks_through_as_user @${SOCKS_HOST} -p $SOCKS_DNS $DNS_TARGET - tordns "
|
||||||
[ $HAVE_DIG = 1 ] || continue
|
[ $HAVE_DIG = 1 ] || continue
|
||||||
if [ $MODE = whonix ] ; then
|
if [ $MODE = whonix ] ; then
|
||||||
|
# test ssh to the whonix_gateway libvirt container
|
||||||
|
# and make sure that the socks proxy is runninh
|
||||||
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e | grep 15:$SOCKS_DNS
|
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e | grep 15:$SOCKS_DNS
|
||||||
fi
|
fi
|
||||||
dig @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \
|
dig @${SOCKS_HOST} -p $SOCKS_DNS $DNS_TARGET +timeout=$TIMEOUT >/dev/null || { \
|
||||||
retval=$?
|
retval=$?
|
||||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @${SOCKS_HOST} -p $SOCKS_DNS $DNS_TARGET
|
||||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||||
}
|
}
|
||||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||||
@ -513,7 +536,7 @@ while [ "$#" -gt 0 ] ; do
|
|||||||
elif [ $ARG -eq 5 ] ; then
|
elif [ $ARG -eq 5 ] ; then
|
||||||
tests[5]="nslookup_socks_as_user - tordns "
|
tests[5]="nslookup_socks_as_user - tordns "
|
||||||
[ $HAVE_NSLOOKUP = 1 ] || continue
|
[ $HAVE_NSLOOKUP = 1 ] || continue
|
||||||
desc="$NSL -port=$SOCKS_DNS www.whatismypublicip.com ${DNS_HOST}"
|
desc="$NSL -port=$SOCKS_DNS $DNS_TARGET ${DNS_HOST}"
|
||||||
$desc >/dev/null || { \
|
$desc >/dev/null || { \
|
||||||
retval=$?
|
retval=$?
|
||||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
|
||||||
@ -697,8 +720,9 @@ while [ "$#" -gt 0 ] ; do
|
|||||||
[ $DEBIAN -eq 0 ] && continue
|
[ $DEBIAN -eq 0 ] && continue
|
||||||
|
|
||||||
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
|
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
|
||||||
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null \
|
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null || {
|
||||||
|| { retval=$? ; ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $SOCKS_PORT
|
retval=$? ;
|
||||||
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $SOCKS_PORT
|
||||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||||
}
|
}
|
||||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||||
@ -742,11 +766,11 @@ while [ "$#" -gt 0 ] ; do
|
|||||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||||
|
|
||||||
elif [ $ARG -eq 24 ] ; then
|
elif [ $ARG -eq 24 ] ; then
|
||||||
tests[24]="dig_direct_or_dnsmasq dig -b $IP www.whatismypublicip.com - direct "
|
tests[24]="dig_direct_or_dnsmasq dig -b $IP $DNS_TARGET - direct "
|
||||||
[ $HAVE_DIG = 1 ] || continue
|
[ $HAVE_DIG = 1 ] || continue
|
||||||
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
|
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
|
||||||
[ -n "$IP" ] || continue
|
[ -n "$IP" ] || continue
|
||||||
dig -b $IP www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \
|
dig -b $IP $DNS_TARGET +timeout=$TIMEOUT >/dev/null || { \
|
||||||
retval=$?
|
retval=$?
|
||||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
|
||||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||||
@ -758,9 +782,9 @@ while [ "$#" -gt 0 ] ; do
|
|||||||
[ $HAVE_NSLOOKUP = 1 ] || continue
|
[ $HAVE_NSLOOKUP = 1 ] || continue
|
||||||
# noenv with or without proxy
|
# noenv with or without proxy
|
||||||
# @$DNS_HOST1 should fail for firewall unless dnsmasq is working
|
# @$DNS_HOST1 should fail for firewall unless dnsmasq is working
|
||||||
$NSL >/dev/null www.whatismypublicip.com || { \
|
$NSL >/dev/null $DNS_TARGET || { \
|
||||||
retval=$?
|
retval=$?
|
||||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval nslookup www.whatismypublicip.com
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval nslookup $DNS_TARGET
|
||||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||||
}
|
}
|
||||||
INFO $prog test=$ARG "${tests[$ARG]}" nslookup
|
INFO $prog test=$ARG "${tests[$ARG]}" nslookup
|
||||||
@ -768,7 +792,7 @@ while [ "$#" -gt 0 ] ; do
|
|||||||
elif [ $ARG -eq 26 ] ; then
|
elif [ $ARG -eq 26 ] ; then
|
||||||
tests[26]="route_connected_ping_scan - direct "
|
tests[26]="route_connected_ping_scan - direct "
|
||||||
[ $HAVE_DIG = 1 ] || continue
|
[ $HAVE_DIG = 1 ] || continue
|
||||||
#? proxy_test_pretests
|
#? done already in proxy_test_pretest_exit
|
||||||
proxy_do_ping && \
|
proxy_do_ping && \
|
||||||
INFO $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP || \
|
INFO $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP || \
|
||||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
|
||||||
@ -777,7 +801,7 @@ while [ "$#" -gt 0 ] ; do
|
|||||||
tests[27]="dns_as_user dig -b 127.0.0.1 - direct "
|
tests[27]="dns_as_user dig -b 127.0.0.1 - direct "
|
||||||
[ $HAVE_DIG = 1 ] || continue
|
[ $HAVE_DIG = 1 ] || continue
|
||||||
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
|
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
|
||||||
dig -b 127.0.0.1 www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \
|
dig -b 127.0.0.1 $DNS_TARGET +timeout=$TIMEOUT >/dev/null || { \
|
||||||
retval=$?
|
retval=$?
|
||||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
|
||||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||||
@ -808,9 +832,9 @@ while [ "$#" -gt 0 ] ; do
|
|||||||
|
|
||||||
elif [ $ARG -eq 30 ] ; then
|
elif [ $ARG -eq 30 ] ; then
|
||||||
tests[30]="tor_bootstrap_check_as_root tor_bootstrap_check.py - torhost "
|
tests[30]="tor_bootstrap_check_as_root tor_bootstrap_check.py - torhost "
|
||||||
[ $MODE = tor -o $MODE = selektor ] || {
|
[ $MODE = tor -o $MODE = whonix -o $MODE = selektor ] || {
|
||||||
ERROR $prog MODE != tor test=$ARG
|
# are there other roles that run tor?
|
||||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
WARN $prog MODE != tor test=$ARG
|
||||||
}
|
}
|
||||||
port=$SOCKS_PORT
|
port=$SOCKS_PORT
|
||||||
$NETS | grep -q :$port || {
|
$NETS | grep -q :$port || {
|
||||||
@ -834,7 +858,7 @@ while [ "$#" -gt 0 ] ; do
|
|||||||
tests[31]="curl_noproxy_as_root polipo http pages $HTTP_PORT - direct http "
|
tests[31]="curl_noproxy_as_root polipo http pages $HTTP_PORT - direct http "
|
||||||
proxy_ping_curl --noproxy http://${HTTP_HOST}:$HTTP_PORT && { \
|
proxy_ping_curl --noproxy http://${HTTP_HOST}:$HTTP_PORT && { \
|
||||||
retval=$?
|
retval=$?
|
||||||
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval polipo http pages $HTTP_PORT
|
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval http to $HTTP_PORT
|
||||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||||
}
|
}
|
||||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||||
@ -923,7 +947,7 @@ while [ "$#" -gt 0 ] ; do
|
|||||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||||
GREP=""
|
GREP=""
|
||||||
elif [ $ARG -eq 38 ] ; then
|
elif [ $ARG -eq 38 ] ; then
|
||||||
tests[38]="qemu-guest-agent and ports - libvirthost whonix "
|
tests[38]="qemu-guest-agent and ports - libvirthost "
|
||||||
[ $USER = root ] || continue
|
[ $USER = root ] || continue
|
||||||
$PL proxy_libvirt_list
|
$PL proxy_libvirt_list
|
||||||
aret=$?
|
aret=$?
|
||||||
@ -932,9 +956,10 @@ while [ "$#" -gt 0 ] ; do
|
|||||||
elif [ $aret -ne 10 -a $aret -ne 0 ] ; then
|
elif [ $aret -ne 10 -a $aret -ne 0 ] ; then
|
||||||
DBUG proxy_libvirt_status aret=$aret
|
DBUG proxy_libvirt_status aret=$aret
|
||||||
else
|
else
|
||||||
$PL proxy_libvirt_list | grep -q "$GATEW_DOM" || {
|
# was $GATEW_DOM but now can be gentoo_vm-2 etc
|
||||||
ERROR MODE=$MODE and $GATEW_DOM not running ;
|
$PL proxy_libvirt_list 2>&1 | grep -q "running" || {
|
||||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
WARN MODE=$MODE and nothing libvirt running ;
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||||
fi
|
fi
|
||||||
@ -959,8 +984,6 @@ exit 0
|
|||||||
curl $D -k --proxy
|
curl $D -k --proxy
|
||||||
3)
|
3)
|
||||||
curl $D -k --proxy socks5://${SOCKS_HOST}:$SOCKS_PORT --proxy-insecure
|
curl $D -k --proxy socks5://${SOCKS_HOST}:$SOCKS_PORT --proxy-insecure
|
||||||
5)
|
|
||||||
nslookup -port=$SOCKS_DNS www.whatismypublicip.com ${SOCKS_HOST} \
|
|
||||||
6)
|
6)
|
||||||
curl -k --proxy $HTTP_PORT
|
curl -k --proxy $HTTP_PORT
|
||||||
16)
|
16)
|
||||||
|
@ -24,10 +24,11 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
FATL () {
|
FATL () {
|
||||||
|
local code=0
|
||||||
[ $# -eq 1 ] && code=1
|
[ $# -eq 1 ] && code=1
|
||||||
[ $# -gt 1 ] && code=$1 && shift
|
[ $# -gt 1 ] && code=$1 && shift
|
||||||
echo ${red}FATL:${normal} $*
|
echo ${red}FATL:${normal} $*
|
||||||
exit 1
|
exit $code
|
||||||
}
|
}
|
||||||
ftal () { FATL >&2 "$@" ; }
|
ftal () { FATL >&2 "$@" ; }
|
||||||
panic () { FATL >&2 "$@" ; }
|
panic () { FATL >&2 "$@" ; }
|
||||||
|
Loading…
Reference in New Issue
Block a user