This commit is contained in:
emdee 2024-01-06 03:03:10 +00:00
parent b50fd16591
commit 6b4fca0353
4 changed files with 97 additions and 62 deletions

View File

@ -20,3 +20,5 @@ lint::
test:: test::
sudo -u ${USER} /var/local/src/var_local_$(ROLE).bash $@ sudo -u ${USER} /var/local/src/var_local_$(ROLE).bash $@
up::
sh .rsync.sh

View File

@ -1,3 +1,12 @@
This base role is from https://github.com/gentoo-ansible/role-base/ This role was from https://github.com/gentoo-ansible/role-base/
and is just a starting point. and is a starting point that lays down the basics for subsequent roles.
It is required to be run before ../proxy_role Also look at the variables
in defaults/main.yml to customize the role, and double-check the settings
in vars/*.yml.
It is multi-target and should run on Gentoo2, Debian4, Devuan5, Ubuntu18
athough only tested on Gentoo. To bring it up to date, just copy the
existing files in vars and maybe tasks to the new name and edit to suit,
but be advised that it is systemd-challenged, like its author.

View File

@ -7,6 +7,7 @@ ROLE=proxy
PYVER=3 PYVER=3
# DEBUG=1 # DEBUG=1
# TRACE=1
. /usr/local/bin/proxy_ping_lib.bash || \ . /usr/local/bin/proxy_ping_lib.bash || \
{ ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 6; } { ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 6; }
@ -19,17 +20,17 @@ which nslookup 2>/dev/null >/dev/null && HAVE_NSLOOKUP=1 || HAVE_NSLOOKUP=0
which tor-resolve 2>/dev/null >/dev/null && HAVE_TOR_RESOLVE=1 || HAVE_TOR_RESOLVE=0 which tor-resolve 2>/dev/null >/dev/null && HAVE_TOR_RESOLVE=1 || HAVE_TOR_RESOLVE=0
[ -z "$prog" ] || prog=proxy_ping_test [ -z "$prog" ] || prog=proxy_ping_test
proxy_ping_get_socks proxy_ping_get_socks >/dev/null
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1 [ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050 [ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053 [ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
HTTPS_PORT=9128 HTTPS_PORT=9128
HTTPS_HOST=127.0.0.1 HTTPS_HOST=127.0.0.1
proxy_ping_get_https proxy_ping_get_https >/dev/null
[ -z "$HTTPS_HOST" ] && HTTPS_HOST=127.0.0.1 [ -z "$HTTPS_HOST" ] && HTTPS_HOST=127.0.0.1
HTTP_PORT=3128 HTTP_PORT=3128
HTTP_PROXY_HOST=127.0.0.1 HTTP_PROXY_HOST=127.0.0.1
proxy_ping_get_http proxy_ping_get_http >/dev/null
[ -z "$HTTP_HOST" ] && HTTP_HOST=127.0.0.1 [ -z "$HTTP_HOST" ] && HTTP_HOST=127.0.0.1
[ -f $PREFIX/etc/testforge/testforge.bash ] && \ [ -f $PREFIX/etc/testforge/testforge.bash ] && \
@ -80,9 +81,15 @@ SCURL="/usr/local/bin/scurl.bash --output /dev/null"
NSL='nslookup -querytype=A -debug' NSL='nslookup -querytype=A -debug'
NETS='netstat -nl4e' NETS='netstat -nl4e'
ALL="" ALL=""
USAGE="$prog without arguments tests the current MODE=$MODE,
or with 0 to list the tests by number,
or one or more of the groups:
"
[ -z "$USER" ] && USER=$(id -un ) [ -z "$USER" ] && USER=$(id -un )
[ $USER = root ] && DMESG_LINES=1 || DMESG_LINES=0 [ $USER = root -a -n "$TRACE" -a "$TRACE" != '0' ] && DMESG_LINES=1 || DMESG_LINES=0
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_ping_get_wlan` [ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_ping_get_wlan`
# fixme - required # fixme - required
PROXY_WLAN=$( echo $PROXY_WLAN | grep ^wlan |sed -e 's/:.*//' ) PROXY_WLAN=$( echo $PROXY_WLAN | grep ^wlan |sed -e 's/:.*//' )
@ -91,11 +98,6 @@ PROXY_WLAN=$( echo $PROXY_WLAN | grep ^wlan |sed -e 's/:.*//' )
# fixme - required # fixme - required
PROXY_WLAN_GW=$( echo $PROXY_WLAN_GW | grep ^wlan |sed -e 's/:.*//' ) PROXY_WLAN_GW=$( echo $PROXY_WLAN_GW | grep ^wlan |sed -e 's/:.*//' )
MODE=$( proxy_ping_mode ) MODE=$( proxy_ping_mode )
USAGE="$prog without arguments tests the current MODE=$MODE,
or 0 to list the tests by number,
or one or more of the groups:
"
DNS_HOST=$SOCKS_HOST DNS_HOST=$SOCKS_HOST
[ -z "$PRIV_BIN_OWNER" ] && PRIV_BIN_OWNER=bin [ -z "$PRIV_BIN_OWNER" ] && PRIV_BIN_OWNER=bin
@ -244,20 +246,21 @@ proxy_run_as_root () { DBUG proxy_run_as_root $* ;
return 1 return 1
} }
## proxy_test_pretests # could pull these out as tests and add them to
proxy_test_pretests () { ## proxy_test_pretest_exit
if [ "$1" = panic ] ; then proxy_test_pretest_exit () {
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
if [ "$1" = panic -o "$1" = firewall ] ; then
: dont ping on panic : dont ping on panic
proxy_ping_broken || proxy_do_ping || \ proxy_ping_broken || proxy_do_ping || \
{ WARN ping failed for panic so skipping ; exit 0 ; } { WARN ping failed for panic so skipping ; exit 0 ; }
elif [ "$1" = direct -o "$1" = gateway -o "$1" = vda -o "$1" = kick ] ; then elif [ "$1" = direct -o "$1" = gateway -o "$1" = vda -o "$1" = kick ] ; then
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
proxy_ping_broken || proxy_do_ping || exit 3$? proxy_ping_broken || proxy_do_ping || exit 3$?
proxy_ping_test_resolv $MODE ||\ proxy_ping_test_resolv $MODE ||\
{ WARN $prog proxy_ping_test_resolv=$? 'echo nameserver 127.0.0.1 > /etc/resolv.conf' ; exit 4 ; } { WARN $prog proxy_ping_test_resolv=$? 'echo nameserver 127.0.0.1 > /etc/resolv.conf' ; exit 4 ; }
proxy_ping_firewall_start || { ERROR "proxy_ping_firewall_start ret=$?" ; exit 5 ; } proxy_ping_firewall_start || { ERROR "proxy_ping_firewall_start ret=$?" ; exit 5 ; }
elif [ "$1" = nat ] ; then elif [ "$1" = nat ] ; then
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; } : proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
else else
proxy_do_ping || exit 4$? proxy_do_ping || exit 4$?
proxy_ping_test_resolv $MODE || \ proxy_ping_test_resolv $MODE || \
@ -270,9 +273,25 @@ proxy_test_pretests () {
## proxy_test_help_args ## proxy_test_help_args
proxy_test_help_args () { proxy_test_help_args () {
declare -a elts=()
declare -a ret=() declare -a ret=()
ret=( $(grep " -.* $1 " /tmp/proxy_ping_test.hlp | \ local elt
sed -e 's/.=.*//' -e 's/.*tests.//') ) if [ "$1" = selektor -o "$1" = whonix -o "$1" = torhost ] ; then
elts=($1 socks http dns https tordns firefail)
elif [ "$1" = torlibvirthost ] ; then
elts=($1 libvirthost socks http https tordns firefail)
elts+=($MODE)
elif [ "$1" = gateway ] ; then
elts=($1 libvirtguest socks dns http https firefail)
else
elts=($1)
fi
for elt in "${elts[@]}" ; do
# DBUG proxy_test_help_args $elt $1 >&2
ret+=( $(grep " -.* $elt " /tmp/proxy_ping_test.hlp | \
sed -e 's/.=.*//' -e 's/.*tests.//') )
done
DBUG proxy_test_help_args "${ret[@]}" >&2
echo "${ret[@]}" echo "${ret[@]}"
return 0 return 0
} }
@ -293,9 +312,6 @@ proxy_ping_test_set_args () {
## vda - through the Gateway with the firewall - also polipo,panic - uses env ## vda - through the Gateway with the firewall - also polipo,panic - uses env
[ "$1" = vda ] && [ "$1" = vda ] &&
aret=( 35 3 20 ) # aret=( 35 3 20 ) #
## tor - tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition
[ "$1" = tor ] &&
aret=( 21 30 20 4 5 36 3 )
## kick - open firewall with tor running - call dns,polipo +tor in addition ## kick - open firewall with tor running - call dns,polipo +tor in addition
[ "$1" = kick -o "$1" = host ] && [ "$1" = kick -o "$1" = host ] &&
aret=( 24 31 13 16 6 )# 30 24 31 6 13 16 aret=( 24 31 13 16 6 )# 30 24 31 6 13 16
@ -304,15 +320,19 @@ proxy_ping_test_set_args () {
aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16 aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16
# aliases # aliases
# socks defines http as the target of a user using socks
[ "$1" = "$SOCKS_PORT" ] && set -- socks [ "$1" = "$SOCKS_PORT" ] && set -- socks
# http defines http as the target of a user using http
[ "$1" = "$HTTP_PORT" ] && set -- http [ "$1" = "$HTTP_PORT" ] && set -- http
# https defines http as the target of a user using https
[ "$1" = "$HTTPS_PORT" ] && set -- https [ "$1" = "$HTTPS_PORT" ] && set -- https
# dns defines http as the target of a user using dns
[ "$1" = "53" ] && set -- dns [ "$1" = "53" ] && set -- dns
# tordns defines http as the target of a user using tordns
[ "$1" = "9053" ] && set -- tordns [ "$1" = "9053" ] && set -- tordns
[ "$1" = scan ] && set -- iwlist [ "$1" = scan ] && set -- iwlist
[ "$1" = panic ] && set -- firewall [ "$1" = panic ] && set -- firewall
[ "$1" = tor ] && set -- torhost
[ "$1" = to_gateway ] && set -- whonix [ "$1" = to_gateway ] && set -- whonix
[ "$1" = from_tor ] && set -- whonix [ "$1" = from_tor ] && set -- whonix
[ "$1" = from_gateway ] && set -- gateway [ "$1" = from_gateway ] && set -- gateway
@ -326,11 +346,11 @@ proxy_ping_test_set_args () {
set -- ping dns socks http https tordns firefail libvirtguest set -- ping dns socks http https tordns firefail libvirtguest
# wifi? # wifi?
[ "$1" = whonix ] && \ [ "$1" = whonix ] && \
set -- ping tordns dns socks http https torhost tordns firefail gw set -- ping tordns dns socks http https torhost tordns firefail gw
[ "$1" = tor ] && \ [ "$1" = tor -o "$1" = selektor ] && \
set -- ping tordns dns trace socks http https torhost tordns firefail nmap gw set -- ping tordns dns trace torhost nmap gw
[ "$1" = selektor ] && \ ## torhost implies -
set -- ping tordns dns trace socks http https torhost tordns firefail nmap gw #? tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition
[ "$1" = direct -o "$1" = '' ] && \ [ "$1" = direct -o "$1" = '' ] && \
set -- ping dns trace nmap gw set -- ping dns trace nmap gw
@ -339,33 +359,34 @@ proxy_ping_test_set_args () {
# aret="${#tests[@]}" # aret="${#tests[@]}"
## gw - test if we are connected to the gateway ## gw - test if we are connected to the gateway
## torhost - running tor with the firewall
## env - from the cmdline with a properly setup env ## env - from the cmdline with a properly setup env
## firefail - test the proxy without env vars to expect failure ## firefail - test the proxy without env vars to expect failure
## torhost - running tor with the firewall
## http - assumes torhost or whonix and env setup ## http - assumes torhost or whonix and env setup
## https - assumes torhost or whonix and env setup ## https - assumes torhost or whonix and env setup
## socks - assumes torhost or whonix and env setup ## socks - assumes torhost or whonix and env setup
## tordns - test 9053 for dns using tor-resolve
## dns - dns using tor or the gateway, with the firewall - does not assume env
## ping - connected routed test the ping to DNS hosts ## ping - connected routed test the ping to DNS hosts
## ntp - ntpdate through the firewall ## ntp - ntpdate through the firewall
## nmap - nmap sgid through the firewall - does not assume env ## nmap - nmap sgid through the firewall - does not assume env
## iwlist - wlan scan ## iwlist - wlan scan of a wifi host
## firewall - test that the firewall blocks ## firewall - test that the firewall blocks
## virbr1 - assumes tor or whonix ## virbr1 - looks for virbr1 on a libvirt host torhost or whonix
## gateway - ssh to the whonix gateway ## gateway - ssh to the whonix gateway from the torhost
## trace - traceroute to DNSHOST - icmp is allowed by the firewall, except on vda ## trace - traceroute to DNSHOST - icmp is allowed by the firewall, except on vda
## wifi - test if we are connected - call scan in addition ## wifi - test if we are connected - call scan in addition
## libvirthost - hosting a libvirt container ## libvirthost - hosting a libvirt container
## libvirtguest - in a libvirt container ## libvirtguest - in a libvirt container
## tordns - test 9053 for dns using tor-resolve ## whonix - whonix torhost with libvirt container running gateway behind firewall - aliases: to_gateway from_tor
## dns - dns using tor or the gateway, with the firewall - does not assume env ## direct - assume no firewall and no proxy - but may work depend on env
## whonix - whonix to the Gateway with the firewall - also panic - not assume env
## whonix - whonix gateway host side client setup with the firewall was from_to## direct - assume no firewall and no proxy - but may work depend on env
r
for elt in "$@" ; do for elt in "$@" ; do
if [ "$elt" = gw -o "$elt" = '' -o "$elt" = env -o \ if [ "$elt" = gw -o "$elt" = '' -o "$elt" = env -o \
"$elt" = https -o "$elt" = http -o "$elt" = socks -o "$elt" = dns -o \ "$elt" = https -o "$elt" = http -o "$elt" = socks -o "$elt" = dns -o \
"$elt" = torhost -o "$elt" = tordns -o "$elt" = whonix -o \ "$elt" = torhost -o "$elt" = tordns -o "$elt" = whonix -o \
"$elt" = libvirthost -o "$elt" = libvirtguest -o "$elt" = virbr1 -o \ "$elt" = libvirthost -o "$elt" = torlibvirthost -o \
"$elt" = libvirtguest -o "$elt" = virbr1 -o \
"$elt" = ping -o "$elt" = trace -o "$elt" = ntp -o "$elt" = nmap -o \ "$elt" = ping -o "$elt" = trace -o "$elt" = ntp -o "$elt" = nmap -o \
"$elt" = iwlist -o "$elt" = firefail -o "$elt" = direct -o \ "$elt" = iwlist -o "$elt" = firefail -o "$elt" = direct -o \
"$elt" = trace -o "$elt" = wifi -o "$elt" = '' -o "$elt" = '' \ "$elt" = trace -o "$elt" = wifi -o "$elt" = '' -o "$elt" = '' \
@ -405,9 +426,8 @@ if [ $1 = '-h' -o $1 = '--help' ] ; then
set -- `proxy_ping_test_set_args "$@"` set -- `proxy_ping_test_set_args "$@"`
DBUG running tests numbered "$@" DBUG running tests numbered "$@"
fi fi
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
proxy_test_pretests "$1" proxy_test_pretest_exit "$1"
# https://stackoverflow.com/questions/8290046/icmp-sockets-linux/20105379#20105379 # https://stackoverflow.com/questions/8290046/icmp-sockets-linux/20105379#20105379
if [ $( id -u ) -eq 0 ] ; then if [ $( id -u ) -eq 0 ] ; then
@ -471,6 +491,7 @@ while [ "$#" -gt 0 ] ; do
[ $DEBIAN -eq 0 ] && continue [ $DEBIAN -eq 0 ] && continue
[ -z "$socks_proxy" ] && socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT [ -z "$socks_proxy" ] && socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
# mode whonix implies torhost
if [ $MODE = whonix ] ; then if [ $MODE = whonix ] ; then
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e| grep 15:$SOCKS_PORT || { ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e| grep 15:$SOCKS_PORT || {
retval=$? retval=$?
@ -496,14 +517,16 @@ while [ "$#" -gt 0 ] ; do
GREP="$SOCKS_PORT" GREP="$SOCKS_PORT"
elif [ $ARG -eq 4 ] ; then elif [ $ARG -eq 4 ] ; then
tests[4]="dig_socks_through_as_user @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com - tordns " tests[4]="dig_socks_through_as_user @${SOCKS_HOST} -p $SOCKS_DNS $DNS_TARGET - tordns "
[ $HAVE_DIG = 1 ] || continue [ $HAVE_DIG = 1 ] || continue
if [ $MODE = whonix ] ; then if [ $MODE = whonix ] ; then
# test ssh to the whonix_gateway libvirt container
# and make sure that the socks proxy is runninh
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e | grep 15:$SOCKS_DNS ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e | grep 15:$SOCKS_DNS
fi fi
dig @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \ dig @${SOCKS_HOST} -p $SOCKS_DNS $DNS_TARGET +timeout=$TIMEOUT >/dev/null || { \
retval=$? retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @${SOCKS_HOST} -p $SOCKS_DNS $DNS_TARGET
[ -z "$ALL" ] && exit $ARG$retval || continue [ -z "$ALL" ] && exit $ARG$retval || continue
} }
INFO $prog test=$ARG "${tests[$ARG]}" INFO $prog test=$ARG "${tests[$ARG]}"
@ -513,7 +536,7 @@ while [ "$#" -gt 0 ] ; do
elif [ $ARG -eq 5 ] ; then elif [ $ARG -eq 5 ] ; then
tests[5]="nslookup_socks_as_user - tordns " tests[5]="nslookup_socks_as_user - tordns "
[ $HAVE_NSLOOKUP = 1 ] || continue [ $HAVE_NSLOOKUP = 1 ] || continue
desc="$NSL -port=$SOCKS_DNS www.whatismypublicip.com ${DNS_HOST}" desc="$NSL -port=$SOCKS_DNS $DNS_TARGET ${DNS_HOST}"
$desc >/dev/null || { \ $desc >/dev/null || { \
retval=$? retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
@ -697,8 +720,9 @@ while [ "$#" -gt 0 ] ; do
[ $DEBIAN -eq 0 ] && continue [ $DEBIAN -eq 0 ] && continue
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null \ proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null || {
|| { retval=$? ; ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $SOCKS_PORT retval=$? ;
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $SOCKS_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue [ -z "$ALL" ] && exit $ARG$retval || continue
} }
INFO $prog test=$ARG "${tests[$ARG]}" INFO $prog test=$ARG "${tests[$ARG]}"
@ -742,11 +766,11 @@ while [ "$#" -gt 0 ] ; do
INFO $prog test=$ARG "${tests[$ARG]}" INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 24 ] ; then elif [ $ARG -eq 24 ] ; then
tests[24]="dig_direct_or_dnsmasq dig -b $IP www.whatismypublicip.com - direct " tests[24]="dig_direct_or_dnsmasq dig -b $IP $DNS_TARGET - direct "
[ $HAVE_DIG = 1 ] || continue [ $HAVE_DIG = 1 ] || continue
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue [ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
[ -n "$IP" ] || continue [ -n "$IP" ] || continue
dig -b $IP www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \ dig -b $IP $DNS_TARGET +timeout=$TIMEOUT >/dev/null || { \
retval=$? retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
[ -z "$ALL" ] && exit $ARG$retval || continue [ -z "$ALL" ] && exit $ARG$retval || continue
@ -758,9 +782,9 @@ while [ "$#" -gt 0 ] ; do
[ $HAVE_NSLOOKUP = 1 ] || continue [ $HAVE_NSLOOKUP = 1 ] || continue
# noenv with or without proxy # noenv with or without proxy
# @$DNS_HOST1 should fail for firewall unless dnsmasq is working # @$DNS_HOST1 should fail for firewall unless dnsmasq is working
$NSL >/dev/null www.whatismypublicip.com || { \ $NSL >/dev/null $DNS_TARGET || { \
retval=$? retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval nslookup www.whatismypublicip.com WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval nslookup $DNS_TARGET
[ -z "$ALL" ] && exit $ARG$retval || continue [ -z "$ALL" ] && exit $ARG$retval || continue
} }
INFO $prog test=$ARG "${tests[$ARG]}" nslookup INFO $prog test=$ARG "${tests[$ARG]}" nslookup
@ -768,7 +792,7 @@ while [ "$#" -gt 0 ] ; do
elif [ $ARG -eq 26 ] ; then elif [ $ARG -eq 26 ] ; then
tests[26]="route_connected_ping_scan - direct " tests[26]="route_connected_ping_scan - direct "
[ $HAVE_DIG = 1 ] || continue [ $HAVE_DIG = 1 ] || continue
#? proxy_test_pretests #? done already in proxy_test_pretest_exit
proxy_do_ping && \ proxy_do_ping && \
INFO $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP || \ INFO $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP || \
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
@ -777,7 +801,7 @@ while [ "$#" -gt 0 ] ; do
tests[27]="dns_as_user dig -b 127.0.0.1 - direct " tests[27]="dns_as_user dig -b 127.0.0.1 - direct "
[ $HAVE_DIG = 1 ] || continue [ $HAVE_DIG = 1 ] || continue
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue [ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
dig -b 127.0.0.1 www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \ dig -b 127.0.0.1 $DNS_TARGET +timeout=$TIMEOUT >/dev/null || { \
retval=$? retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
[ -z "$ALL" ] && exit $ARG$retval || continue [ -z "$ALL" ] && exit $ARG$retval || continue
@ -808,9 +832,9 @@ while [ "$#" -gt 0 ] ; do
elif [ $ARG -eq 30 ] ; then elif [ $ARG -eq 30 ] ; then
tests[30]="tor_bootstrap_check_as_root tor_bootstrap_check.py - torhost " tests[30]="tor_bootstrap_check_as_root tor_bootstrap_check.py - torhost "
[ $MODE = tor -o $MODE = selektor ] || { [ $MODE = tor -o $MODE = whonix -o $MODE = selektor ] || {
ERROR $prog MODE != tor test=$ARG # are there other roles that run tor?
[ -z "$ALL" ] && exit $ARG$retval || continue WARN $prog MODE != tor test=$ARG
} }
port=$SOCKS_PORT port=$SOCKS_PORT
$NETS | grep -q :$port || { $NETS | grep -q :$port || {
@ -834,7 +858,7 @@ while [ "$#" -gt 0 ] ; do
tests[31]="curl_noproxy_as_root polipo http pages $HTTP_PORT - direct http " tests[31]="curl_noproxy_as_root polipo http pages $HTTP_PORT - direct http "
proxy_ping_curl --noproxy http://${HTTP_HOST}:$HTTP_PORT && { \ proxy_ping_curl --noproxy http://${HTTP_HOST}:$HTTP_PORT && { \
retval=$? retval=$?
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval polipo http pages $HTTP_PORT ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval http to $HTTP_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue [ -z "$ALL" ] && exit $ARG$retval || continue
} }
INFO $prog test=$ARG "${tests[$ARG]}" INFO $prog test=$ARG "${tests[$ARG]}"
@ -923,7 +947,7 @@ while [ "$#" -gt 0 ] ; do
INFO $prog test=$ARG "${tests[$ARG]}" INFO $prog test=$ARG "${tests[$ARG]}"
GREP="" GREP=""
elif [ $ARG -eq 38 ] ; then elif [ $ARG -eq 38 ] ; then
tests[38]="qemu-guest-agent and ports - libvirthost whonix " tests[38]="qemu-guest-agent and ports - libvirthost "
[ $USER = root ] || continue [ $USER = root ] || continue
$PL proxy_libvirt_list $PL proxy_libvirt_list
aret=$? aret=$?
@ -932,9 +956,10 @@ while [ "$#" -gt 0 ] ; do
elif [ $aret -ne 10 -a $aret -ne 0 ] ; then elif [ $aret -ne 10 -a $aret -ne 0 ] ; then
DBUG proxy_libvirt_status aret=$aret DBUG proxy_libvirt_status aret=$aret
else else
$PL proxy_libvirt_list | grep -q "$GATEW_DOM" || { # was $GATEW_DOM but now can be gentoo_vm-2 etc
ERROR MODE=$MODE and $GATEW_DOM not running ; $PL proxy_libvirt_list 2>&1 | grep -q "running" || {
[ -z "$ALL" ] && exit $ARG$retval || continue WARN MODE=$MODE and nothing libvirt running ;
continue
} }
INFO $prog test=$ARG "${tests[$ARG]}" INFO $prog test=$ARG "${tests[$ARG]}"
fi fi
@ -959,8 +984,6 @@ exit 0
curl $D -k --proxy curl $D -k --proxy
3) 3)
curl $D -k --proxy socks5://${SOCKS_HOST}:$SOCKS_PORT --proxy-insecure curl $D -k --proxy socks5://${SOCKS_HOST}:$SOCKS_PORT --proxy-insecure
5)
nslookup -port=$SOCKS_DNS www.whatismypublicip.com ${SOCKS_HOST} \
6) 6)
curl -k --proxy $HTTP_PORT curl -k --proxy $HTTP_PORT
16) 16)

View File

@ -24,10 +24,11 @@ else
fi fi
FATL () { FATL () {
local code=0
[ $# -eq 1 ] && code=1 [ $# -eq 1 ] && code=1
[ $# -gt 1 ] && code=$1 && shift [ $# -gt 1 ] && code=$1 && shift
echo ${red}FATL:${normal} $* echo ${red}FATL:${normal} $*
exit 1 exit $code
} }
ftal () { FATL >&2 "$@" ; } ftal () { FATL >&2 "$@" ; }
panic () { FATL >&2 "$@" ; } panic () { FATL >&2 "$@" ; }