proxy_role/overlay/Linux/usr/local/bin/proxy_ping_test.bash

1141 lines
39 KiB
Bash
Raw Normal View History

2024-01-06 01:57:28 +00:00
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
ROLE=proxy
PYVER=3
# DEBUG=1
2024-01-06 03:08:22 +00:00
# TRACE=1
2024-01-06 01:57:28 +00:00
. /usr/local/bin/proxy_ping_lib.bash || \
{ ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 6; }
2024-01-09 15:35:38 +00:00
[ -f $PREFIX/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
2024-01-06 01:57:28 +00:00
PL=/usr/local/bin/proxy_libvirt_lib.bash
2024-01-09 15:35:38 +00:00
2024-01-06 01:57:28 +00:00
declare -a tests
which traceroute 2>/dev/null >/dev/null && HAVE_TRACEROUTE=1 || HAVE_TRACEROUTE=0
which dig 2>/dev/null >/dev/null && HAVE_DIG=1 || HAVE_DIG=0
which nslookup 2>/dev/null >/dev/null && HAVE_NSLOOKUP=1 || HAVE_NSLOOKUP=0
which tor-resolve 2>/dev/null >/dev/null && HAVE_TOR_RESOLVE=1 || HAVE_TOR_RESOLVE=0
[ -z "$prog" ] || prog=proxy_ping_test
2024-01-09 15:35:38 +00:00
SOCKS_PAIR=`proxy_ping_get_socks`
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=`echo $SOCKS_PAIR|sed -e 's/:.*//'`
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=`echo $SOCKS_PAIR|sed -e 's/.*://'`
2024-01-06 01:57:28 +00:00
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
2024-01-09 15:35:38 +00:00
HTTPS_PORT=`echo $HTTPS_PAIR|sed -e 's/.*://'`
HTTPS_HOST=`echo $HTTPS_PAIR|sed -e 's/:.*//'`
HTTPS_PAIR=`proxy_ping_get_https`
2024-01-06 01:57:28 +00:00
[ -z "$HTTPS_HOST" ] && HTTPS_HOST=127.0.0.1
2024-01-09 15:35:38 +00:00
HTTP_PAIR=`proxy_ping_get_http`
HTTP_PORT=`echo $HTTP_PAIR|sed -e 's/.*://'`
HTTP_HOST=`echo $HTTP_PAIR|sed -e 's/:.*//'`
2024-01-06 01:57:28 +00:00
[ -z "$HTTP_HOST" ] && HTTP_HOST=127.0.0.1
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -n "$PYTHON_MINOR" ] || exit 4
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR ] ; then
#? ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR
exit 5
fi
THOPS=40
NEEDED_BINS="ping traceroute nmap dig nslookup tor-resolve"
NEEDED_SCRIPTS="
/usr/local/bin/proxy_ping_lib.bash
/usr/local/bin/proxy_ping_test.bash
"
grep -q Debian /etc/os-release
DEBIAN=$?
TIMEOUT=30
[ -n "$GATEW_DOM" ] || GATEW_DOM="$( proxy_testforge_get_gateway_dom )"
[ -n "$GATEW_DOM" ] || GATEW_DOM="Whonix-Gateway"
DNS_HOST1="208.67.220.220"
2024-01-09 15:35:38 +00:00
DNS_HOST2="1.1.1.1"
2024-01-06 01:57:28 +00:00
[ -n "$DNS_TARGET" ] || DNS_TARGET=www.whatismypublicip.com # 108.160.151.39
[ -n "$HTTP_TARGET" ] || HTTP_TARGET=www.whatismypublicip.com # 108.160.151.39
HTTP_TARGET=www.whatismypublicip.com
# time.nist.gov 132.163.97.3
NTP_HOST1=132.163.97.3
2024-01-09 15:35:38 +00:00
# pool.ntp.org 78.46.53.2 205.206.70.7
2024-01-06 01:57:28 +00:00
NTP_HOST2=78.46.53.2
# --no-check-certificate
WGET="wget --tries=1 --max-redirect=0 --timeout=$TIMEOUT -O /dev/null"
CURL="curl -o /dev/null $CURL_ARGS"
SCURL="/usr/local/bin/scurl.bash --output /dev/null"
NSL='nslookup -querytype=A -debug'
NETS='netstat -nl4e'
ALL=""
2024-01-06 03:08:22 +00:00
USAGE="$prog without arguments tests the current MODE=$MODE,
or with 0 to list the tests by number,
or one or more of the groups:
"
2024-01-06 01:57:28 +00:00
[ -z "$USER" ] && USER=$(id -un )
2024-01-06 03:08:22 +00:00
[ $USER = root -a -n "$TRACE" -a "$TRACE" != '0' ] && DMESG_LINES=1 || DMESG_LINES=0
2024-01-06 01:57:28 +00:00
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_ping_get_wlan`
# fixme - required
PROXY_WLAN=$( echo $PROXY_WLAN | grep ^wlan |sed -e 's/:.*//' )
[ -n "$PROXY_WLAN_GW" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw`
# fixme - required
PROXY_WLAN_GW=$( echo $PROXY_WLAN_GW | grep ^wlan |sed -e 's/:.*//' )
MODE=$( proxy_ping_mode )
DNS_HOST=$SOCKS_HOST
[ -z "$PRIV_BIN_OWNER" ] && PRIV_BIN_OWNER=bin
[ -z "$PRIV_BIN_GID" ] && PRIV_BIN_GID=$( grep ^$PRIV_BIN_OWNER /etc/passwd|cut -d: -f 4 )
2024-01-09 15:35:38 +00:00
PROXY_GPG_KEYSERVER=keys.openpgp.org
declare -a GPG_KEYSERVERS=(
hkp://$PROXY_GPG_KEYSERVER
hkp://gpg.mit.edu
hkp://keys.gnupg.net
)
## proxy_test_dirmngr
proxy_test_dirmngr () {
[ $# -eq 0 ] && set -- "${GPG_KEYSERVERS[@]}"
DBUG proxy_test_dirmngr MODE=$MODE $* ;
# shellcheck disable=SC2154
[ -z "$ELOG" ] && ELOG=/tmp/proxy_test_dirmngr$$.err
# shellcheck disable=SC2154
[ -z "$WLOG" ] && WLOG=/tmp/proxy_test_dirmngr$$.log
[ -h /usr/bin/dirmngr ] || {
WARN /usr/bin/dirmngr not a symlink
#fixed? return 2
}
grep ^hkp-cacert /etc/dirmngr/dirmngr.conf | while read a b; do
[ -f $b ] || WARN file not found $b in /etc/dirmngr/dirmngr.conf
done
/usr/bin/dirmngr --version </dev/null >/dev/null && \
INFO /usr/bin/dirmngr working --version || {
ERROR /usr/bin/dirmngr not working --version
return 3
}
# grep ^OK
DM=`grep ' keyserver ' /etc/dirmngr/dirmngr.conf | head -1 | sed -e 's/.* //'`
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || {
DBUG not connected
return 0
}
echo 'loadswdb --force' /bye | \
gpg-connect-agent --dirmngr \
>/tmp/GpgL$$.tmp 2>&1
retval=$?
[ $retval -ne 0 ] && \
WARN gpg-connect-agent --dirmngr 'loadswdb --force' /bye /tmp/GpgL$$.tmp && \
cat /tmp/GpgL$$.tmp && \
# return 5$retval
! grep -q OK /tmp/GpgL$$.tmp && \
WARN gpg-connect-agent --dirmngr 'loadswdb --force' /bye OK not found /tmp/GpgL$$.tmp && \
# return 6$retval
INFO elt=gpg-connect-agent --dirmngr 'loadswdb --force' OK
rm -f /tmp/GpgL$$.tmp
# gpg-connect-agent --dirmngr 'help keyserver' /bye
echo 'keyserver --resolve' /bye | \
gpg-connect-agent --dirmngr \
>/tmp/GpgG$$.tmp 2>&1
retval=$?
grep 'ERR\|failed:' /tmp/GpgG$$.tmp >> $ELOG && \
ERROR gpg-connect-agent $elt `tail -1 $ELOG` && \
return 10
grep -q ^S /tmp/GpgG$$.tmp || { \
WARN gpg-connect-agent 'keyserver' no S /tmp/GpgG$$.tmp && \
return 8$retval
}
INFO elt=gpg-connect-agent 'keyserver --resolve' S
cat /tmp/GpgG$$.tmp
rm -f /tmp/GpgG$$.tmp
if [ ! -d /root/.emacs.d/elpa/gnupg ] || \
! ps ax | grep -q -e '--homedir /root/.emacs.d/elpa/gnupg' ; then
WARN no running /root/.emacs.d/elpa/gnupg agent
else
INFO running /root/.emacs.d/elpa/gnupg agent
echo keyserver --resolve | \
gpg-connect-agent --dirmngr \
--homedir /root/.emacs.d/elpa/gnupg \
>/tmp/GpgC$$.tmp 2>&1
retval=$?
if grep 'ERR\|failed:' /tmp/GpgC$$.tmp >> $ELOG ; then
WARN /root/.emacs.d/elpa/gnupg gpg-connect-agent `tail -1 $ELOG` && \
cat /tmp/GpgC$$.tmp
else
INFO elt=gpg-connect-agent
cat /tmp/GpgC$$.tmp
rm -f /tmp/GpgC$$.tmp
fi
fi
return 0
}
## proxy_test_privoxy_test
proxy_test_privoxy_test () { DBUG proxy_test_privoxy_test $* ;
return 0
/etc/init.d/privoxy status || /etc/init.d/privoxy start
/etc/init.d/privoxy status && \
DBUG /etc/init.d/privoxy running || {
WARN /etc/init.d/privoxy not running $PROXY_HTTP_PROXY_PORT
}
# /usr/local/bin/proxy_ping_test.bash 3128
netstat -nlpe4 | grep -q :$PROXY_HTTP_PROXY_PORT || {
ERROR /etc/init.d/privoxy not working $PROXY_HTTP_PROXY_PORT
return 4
}
INFO elt=/etc/init.d/privoxy working $PROXY_HTTP_PROXY_PORT
return 0
}
2024-01-06 01:57:28 +00:00
## proxy_test_netstat_dns
proxy_test_netstat_dns () { DBUG proxy_test_netstat_dns $* ;
$NETS | grep -q ":53"
retval=$?
[ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" dns not running
[ -z "$ALL" ] && exit $ARG$retval || return 1
}
## proxy_test_traceroute_icmp_gw
proxy_test_traceroute_icmp_gw () { DBUG proxy_test_traceroute_icmp_gw $* ;
[ -n "$PROXY_WLAN_GW" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw` || return 1
traceroute --icmp $PROXY_WLAN_GW
retval=$?
[ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute --icmp $PROXY_WLAN_GW
2024-01-09 15:35:38 +00:00
[ -z "$ALL" ] && exit "$ARG$retval" || return 1
2024-01-06 01:57:28 +00:00
# works
GREP="-i icmp"
return 0
}
## proxy_test_dig_direct
proxy_test_dig_direct () { DBUG proxy_test_dig_direct $* ;
2024-01-09 15:35:38 +00:00
dig @$DNS_HOST1 $NTP_HOST2 +timeout=$TIMEOUT >/dev/null
2024-01-06 01:57:28 +00:00
retval=$?
[ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @$DNS_HOST1
[ -z "$ALL" ] && exit $ARG$retval || return 1
INFO $prog test=$ARG "${tests[$ARG]}" dig @$DNS_HOST1
# works
GREP="53"
return 0
}
2024-01-09 15:35:38 +00:00
## proxy_test_curl_firewall_asbin
proxy_test_curl_firewall_asbin () { DBUG proxy_test_curl_firewall_asbin $* ;
2024-01-06 01:57:28 +00:00
su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER >/dev/null
retval=$?
[ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval \
su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER
proxy_iptables_save|tail|grep PTABLES_filter_DROP-o
[ -z "$ALL" ] && exit $ARG$retval || return $retval
}
## proxy_ping_curl
proxy_ping_curl () { DBUG proxy_ping_curl $* ;
local retval
2024-01-09 15:35:38 +00:00
timeout -k $TIMEOUT $TIMEOUT $CURL "$@"
2024-01-06 01:57:28 +00:00
retval=$?
# "DEBUG: wierd failure curl: (35) Encountered end of file"
[ $retval -eq 0 -o $retval -eq 35 ] && return 0
return $retval
}
## proxy_ping_make_help
proxy_ping_make_help () {
grep 'tests\[[0-9][0-9]*\]=' /usr/local/bin/proxy_ping_test.bash \
2024-01-09 15:35:38 +00:00
> /tmp/proxy_ping_test-$USER.hlp
2024-01-06 01:57:28 +00:00
return 0
}
## proxy_ping_test_virbr
proxy_ping_test_virbr () {
local n=$1
[ -z "$n" ] && n=1
[ -z "$CONN" ] || proxy_whonix_get_conn
[ "$CONN" = guest ] && return 0
[ -e /proc/sys/net/ipv4/conf/virbr$n ] || return 0
proxy_ifconfig virbr$n >/dev/null && return 0
return 0
}
## proxy_ping_broken
proxy_ping_broken () { DBUG proxy_ping_broken PROXY_WLAN=$PROXY_WLAN $* ;
# 0 is true
local a=$MODE
if [ "$a" = vda -o "$a" = ws ]; then
# grep 10.152.152.10 /etc/resolv.conf &&
PING_BROKEN=0
return 0
elif [ "$a" = gateway ]; then
PING_BROKEN=0
return 0
elif [ -z "$PROXY_WLAN_GW" ] ; then
PING_BROKEN=0
return 0
fi
[ -n "$PING_BROKEN" ] && return $PING_BROKEN
DBUG $prog proxy_ping_mode=$a PROXY_WLAN=$PROXY_WLAN PROXY_WLAN_GW=$PROXY_WLAN_GW
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $PROXY_WLAN_GW # 10.16.238.1
if [ $? -ne 0 ] ; then
PING_BROKEN=0
else
PING_BROKEN=1
fi
return $PING_BROKEN
}
## proxy_do_ping
proxy_do_ping () { DBUG proxy_do_ping $* ;
proxy_route_check || { ERROR $prog route not connected ; return 1$? ; }
proxy_ping_broken && return 0
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_get_if` || {
ERROR $prog unable to get wlan $? ; return 2 ;
}
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $DNS_HOST2 >/tmp/P$$.log 2>&1
retval=$?
if [ $retval -eq 1 ] ; then
# false negatives
sleep 4
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $DNS_HOST2 >/tmp/P$$.log 2>&1
retval=$?
fi
[ $retval -lt 1 ] || {
ERROR $prog do_ping $PROXY_WLAN retval=$retval
rm /tmp/P$$.log
PING_BROKEN=0
return 3$retval
}
grep -q ' 0% ' /tmp/P$$.log || \
{ ERROR $prog retval=$? test=$1 ping retval=$retval ; rm /tmp/P$$.log ; return 4 ; }
PING=1
grep 'packet\|bytes from' /tmp/P$$.log
rm /tmp/P$$.log
return 0
}
proxy_run_as_root () { DBUG proxy_run_as_root $* ;
[ $( id -u ) -eq 0 ] && return 0
ERROR must be root
[ -z "$ALL" ] && exit 9
return 1
}
2024-01-06 03:08:22 +00:00
# could pull these out as tests and add them to
## proxy_test_pretest_exit
proxy_test_pretest_exit () {
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
if [ "$1" = panic -o "$1" = firewall ] ; then
2024-01-06 01:57:28 +00:00
: dont ping on panic
proxy_ping_broken || proxy_do_ping || \
{ WARN ping failed for panic so skipping ; exit 0 ; }
elif [ "$1" = direct -o "$1" = gateway -o "$1" = vda -o "$1" = kick ] ; then
proxy_ping_broken || proxy_do_ping || exit 3$?
proxy_ping_test_resolv $MODE ||\
{ WARN $prog proxy_ping_test_resolv=$? 'echo nameserver 127.0.0.1 > /etc/resolv.conf' ; exit 4 ; }
proxy_ping_firewall_start || { ERROR "proxy_ping_firewall_start ret=$?" ; exit 5 ; }
elif [ "$1" = nat ] ; then
2024-01-09 15:35:38 +00:00
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
2024-01-06 01:57:28 +00:00
else
proxy_do_ping || exit 4$?
proxy_ping_test_resolv $MODE || \
{ WARN "$prog proxy_ping_test_resolv=$? /etc/resolv.conf.$dire" MODE=$MODE
exit 4 ; }
fi
return 0
}
## proxy_test_help_args
proxy_test_help_args () {
2024-01-06 03:08:22 +00:00
declare -a elts=()
2024-01-06 01:57:28 +00:00
declare -a ret=()
2024-01-06 03:08:22 +00:00
local elt
2024-01-09 15:35:38 +00:00
if [ "$1" = selektor -o "$1" = torhost ] ; then
elts=($1 socks dns http https dirmngr tordns firefail)
elif [ "$1" = torlibvirthost -o "$1" = whonix ] ; then
elts=(libvirthost socks http https dirmngr tordns firefail)
2024-01-06 03:08:22 +00:00
elts+=($MODE)
2024-01-09 15:35:38 +00:00
elif [ "$1" = gateway -o "$1" = nat ] ; then
elts=($1 libvirtguest socks dns http https dirmngr firefail)
2024-01-06 03:08:22 +00:00
else
elts=($1)
fi
for elt in "${elts[@]}" ; do
# DBUG proxy_test_help_args $elt $1 >&2
2024-01-09 15:35:38 +00:00
ret+=( $(grep " -.* $elt " /tmp/proxy_ping_test-$USER.hlp | \
2024-01-06 03:08:22 +00:00
sed -e 's/.=.*//' -e 's/.*tests.//') )
done
DBUG proxy_test_help_args "${ret[@]}" >&2
2024-01-06 01:57:28 +00:00
echo "${ret[@]}"
return 0
}
ALL=0
## proxy_ping_test_set_args
proxy_ping_test_set_args () {
local args="$@"
local val="$@"
declare -a aret=()
2024-01-09 15:35:38 +00:00
rm -f /tmp/proxy_ping_test-$USER.hlp
[ -f /tmp/proxy_ping_test-$USER.hlp ] || proxy_ping_make_help
## to_tor - tor with the firewall host side client setup tor server - gateway
2024-01-06 01:57:28 +00:00
[ "$1" = to_tor -o "$1" = test_tor -o "$1" = test_to ] &&
aret=( 6 13 16 ) && \
! proxy_ping_test_env && WARN to_tor and no proxy in env - use noenv
## kick - open firewall with tor running - call dns,polipo +tor in addition
[ "$1" = kick -o "$1" = host ] &&
aret=( 24 31 13 16 6 )# 30 24 31 6 13 16
2024-01-09 15:35:38 +00:00
# aliases
# socks defines http as the target of a user using socks
[ "$1" = "$SOCKS_PORT" ] && set -- socks
# http defines http as the target of a user using http
[ "$1" = "$HTTP_PORT" ] && set -- http
# https defines http as the target of a user using https
[ "$1" = "$HTTPS_PORT" ] && set -- https
# dns defines http as the target of a user using dns
[ "$1" = "53" ] && set -- dns
# tordns defines http as the target of a user using tordns
[ "$1" = "9053" ] && set -- tordns
# old aliases
[ "$1" = scan ] && set -- iwlist
[ "$1" = panic ] && set -- firewall
[ "$1" = asbin ] && set -- firewall
[ "$1" = to_gateway ] && set -- whonix
[ "$1" = from_tor ] && set -- whonix
[ "$1" = from_gateway ] && set -- gateway
[ "$1" = to_tor ] && set -- gateway
[ "$1" = workstation ] && set -- ws
[ "$1" = traceroute ] && set -- = trace
[ "$1" = connected ] && set -- wifi
[ "$1" = clear ] && set -- direct
[ "$1" = tor ] && set -- torhost
# scenarios - modes: nat selektor
# wifi?
## nat - through the Gateway via the nat
if [ "$1" = nat ] ; then
set -- $1 ping dns socks http https dirmngr tordns firefail libvirtguest
[ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT"
## vda - through the Gateway with the firewall - also polipo,panic - uses env
## ws - through the Gateway with the firewall - it is a vda
[ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT"
elif [ "$1" = vda -o "$1" = ws ] ; then
# Fixme - guessing
# was aret=( 35 3 20 )
set -- ping dns socks http https dirmngr tordns firefail libvirtguest
## gateway - ssh to the whonix gateway from the torhost
elif [ "$1" = gateway ] ; then
## gateway - on the Gateway, trans firewall with tor running -
#? looks like it had direct in gateway;
#? aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16
set -- ping dns socks http https dirmngr tordns firefail libvirtguest
[ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT"
## whonix - whonix torhost with libvirt container running gateway behind firewa
elif [ "$1" = whonix ] ; then
set -- ping libvirtguest tordns dns socks http https dirmngr torhost tordns firefail gw
[ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT"
## torhost - running tor with the firewall
[ "$1" = torhost -o "$1" = selektor ] && \
set -- ping torhost tordns dns trace nmap gw
[ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT"
#? tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition
## direct - assume no firewall and no proxy - but may work depend on env
elif [ "$1" = direct -o "$1" = '' ] ; then
set -- ping dns trace nmap gw
## all - all tests not stopping on the first error
elif [ "$1" = all ] ; then
ALL=1
# aret="${#tests[@]}"
fi
2024-01-06 01:57:28 +00:00
## gw - test if we are connected to the gateway
## env - from the cmdline with a properly setup env
## firefail - test the proxy without env vars to expect failure
## http - assumes torhost or whonix and env setup
## https - assumes torhost or whonix and env setup
## socks - assumes torhost or whonix and env setup
2024-01-06 03:08:22 +00:00
## tordns - test 9053 for dns using tor-resolve
## dns - dns using tor or the gateway, with the firewall - does not assume env
2024-01-06 01:57:28 +00:00
## ping - connected routed test the ping to DNS hosts
## ntp - ntpdate through the firewall
## nmap - nmap sgid through the firewall - does not assume env
2024-01-06 03:08:22 +00:00
## iwlist - wlan scan of a wifi host
2024-01-06 01:57:28 +00:00
## firewall - test that the firewall blocks
2024-01-06 03:08:22 +00:00
## virbr1 - looks for virbr1 on a libvirt host torhost or whonix
2024-01-06 01:57:28 +00:00
## trace - traceroute to DNSHOST - icmp is allowed by the firewall, except on vda
## wifi - test if we are connected - call scan in addition
## libvirthost - hosting a libvirt container
## libvirtguest - in a libvirt container
2024-01-09 15:35:38 +00:00
2024-01-06 01:57:28 +00:00
for elt in "$@" ; do
2024-01-09 15:35:38 +00:00
if [ "$elt" = gw -o "$elt" = env -o \
2024-01-06 01:57:28 +00:00
"$elt" = https -o "$elt" = http -o "$elt" = socks -o "$elt" = dns -o \
2024-01-09 15:35:38 +00:00
"$elt" = torhost -o "$elt" = 'nat' -o "$elt" = whonix -o "$elt" = selektor -o \
"$elt" = tordns -o \
2024-01-06 03:08:22 +00:00
"$elt" = libvirthost -o "$elt" = torlibvirthost -o \
"$elt" = libvirtguest -o "$elt" = virbr1 -o \
2024-01-06 01:57:28 +00:00
"$elt" = ping -o "$elt" = trace -o "$elt" = ntp -o "$elt" = nmap -o \
"$elt" = iwlist -o "$elt" = firefail -o "$elt" = direct -o \
2024-01-09 15:35:38 +00:00
"$elt" = trace -o "$elt" = wifi -o "$elt" = 'dirmngr' -o "$elt" = 'test' \
2024-01-06 01:57:28 +00:00
] ; then
aret+=( `proxy_test_help_args $elt` )
else
WARN unrecognized: $elt >&2
fi
done
DBUG "${aret[@]}" >&2
echo "${aret[@]}"
return 0
}
# -I $PROXY_WLAN -c 1 $DNS_HOST2
if [ "$#" = 0 ] ; then
# default to mode
set -- $MODE
fi
2024-01-09 15:35:38 +00:00
if [ "$1" = '-h' -o $1 = '--help' ] ; then
2024-01-06 01:57:28 +00:00
echo USAGE: $USAGE | sed -e 's/[0-9][0-9]*)/\n&/g'
grep '^## [a-oq-z]' $0 | sed -e 's/^## / /'
exit 0
elif [ "$1" = 0 ] ; then
INFO $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE
2024-01-09 15:35:38 +00:00
echo 0 help /tmp/proxy_ping_test-$USER.hlp
[ -f /tmp/proxy_ping_test-$USER.hlp ] || proxy_ping_make_help
. /tmp/proxy_ping_test-$USER.hlp
2024-01-06 01:57:28 +00:00
for elt in "${!tests[@]}" ; do
echo $elt "${tests[$elt]}"
done
exit 0
elif [[ $1 =~ ^[0-9] ]] ; then
: passthrough
2024-01-09 15:35:38 +00:00
elif [ $1 = 'test' -o $1 = '--test' ] ; then
set -- 99
2024-01-06 01:57:28 +00:00
else
set -- `proxy_ping_test_set_args "$@"`
DBUG running tests numbered "$@"
fi
2024-01-06 03:08:22 +00:00
proxy_test_pretest_exit "$1"
2024-01-06 01:57:28 +00:00
# https://stackoverflow.com/questions/8290046/icmp-sockets-linux/20105379#20105379
if [ $( id -u ) -eq 0 ] ; then
proxy_ping_chattr
fi
DBUG $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE $*
# $( sysctl net.ipv4.ping_group_range )
# proxy_iptables_save|grep 216
while [ "$#" -gt 0 ] ; do
# DBUG $prog $1
ARG=$1 ; shift
GREP=""
if [ -z "$ARG" ] ; then
continue
elif ! [ "$ARG" -ge 0 ] ; then
ERROR $prog called with an unrecognized argument $ARG from $0
exit 9
elif [ $ARG -le 0 ] ; then
# do the ping and resov.conf
true
elif [ $ARG -eq 1 ] ; then
tests[1]="wget_https_as_user wget ${HTTPS_PORT} - https "
[ -n "$https_proxy" ] && LARGS="" || \
LARGS="env https_proxy=https://${HTTPS_HOST}:${HTTPS_PORT}"
2024-01-09 15:35:38 +00:00
$LARGS $WGET https://$HTTP_TARGET 2>/dev/null
2024-01-06 01:57:28 +00:00
retval=$?
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
INFO $prog test=$ARG "${tests[$ARG]}"
else
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval test=$ARG
[ -z "$ALL" ] && continue
fi
# works with fix
GREP="${HTTPS_PORT}"
elif [ $ARG -eq 2 ] ; then
[ -n "$https_proxy" ] && LARGS="--proxy $https_proxy" || \
LARGS="--proxy https://${HTTPS_HOST}:${HTTPS_PORT}"
tests[2]="curl_https_as_user curl $LARGS https://$HTTP_TARGET - https "
proxy_ping_curl $LARGS https://$HTTP_TARGET >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $LARGS https://$HTTP_TARGET
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works with fix
GREP="${HTTPS_PORT}"
elif [ $ARG -eq 3 ] ; then
tests[3]="curl_socks_virbr1_as_user $SOCKS_HOST $SOCKS_PORT - torhost "
# proxy_dest_port_wlan_config || { ERROR DEST=$DEST ; continue ; }
# curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision
[ $DEBIAN -eq 0 ] && continue
[ -z "$socks_proxy" ] && socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
2024-01-06 03:08:22 +00:00
# mode whonix implies torhost
2024-01-06 01:57:28 +00:00
if [ $MODE = whonix ] ; then
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e| grep 15:$SOCKS_PORT || {
retval=$?
ERROR ssh -o ForwardX11=no user@10.0.2.15 netstat
[ -z "$ALL" ] && exit $ARG$retval || continue ;
}
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
proxy_ping_curl -x $socks_proxy \
--interface virbr1 n--dns-interface virbr1 https://$HTTP_TARGET >/dev/null || {
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl -x $socks_proxy --interface virbr1 --dns-interface virbr1 https://$HTTP_TARGET
[ -z "$ALL" ] && exit $ARG$retval || continue
}
else
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null \
|| { retval=$? ; ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${SOCKS_HOST} $SOCKS_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue ; }
fi
INFO $prog test=$ARG "${tests[$ARG]}"
# works with user/pass
GREP="$SOCKS_PORT"
elif [ $ARG -eq 4 ] ; then
2024-01-06 03:08:22 +00:00
tests[4]="dig_socks_through_as_user @${SOCKS_HOST} -p $SOCKS_DNS $DNS_TARGET - tordns "
2024-01-06 01:57:28 +00:00
[ $HAVE_DIG = 1 ] || continue
if [ $MODE = whonix ] ; then
2024-01-06 03:08:22 +00:00
# test ssh to the whonix_gateway libvirt container
# and make sure that the socks proxy is runninh
2024-01-06 01:57:28 +00:00
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e | grep 15:$SOCKS_DNS
fi
2024-01-06 03:08:22 +00:00
dig @${SOCKS_HOST} -p $SOCKS_DNS $DNS_TARGET +timeout=$TIMEOUT >/dev/null || { \
2024-01-06 01:57:28 +00:00
retval=$?
2024-01-06 03:08:22 +00:00
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @${SOCKS_HOST} -p $SOCKS_DNS $DNS_TARGET
2024-01-06 01:57:28 +00:00
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works with fix
GREP="$SOCKS_DNS"
elif [ $ARG -eq 5 ] ; then
tests[5]="nslookup_socks_as_user - tordns "
[ $HAVE_NSLOOKUP = 1 ] || continue
2024-01-06 03:08:22 +00:00
desc="$NSL -port=$SOCKS_DNS $DNS_TARGET ${DNS_HOST}"
2024-01-06 01:57:28 +00:00
$desc >/dev/null || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}" $desc
# works with fix
GREP="$SOCKS_DNS"
elif [ $ARG -eq 6 ] ; then
2024-01-09 15:35:38 +00:00
tests[6]="curl_https_as_user - https "
2024-01-06 01:57:28 +00:00
proxy=`proxy_ping_get_https`
desc="curl --proxy http://${proxy}"
proxy_ping_curl --proxy http://${proxy} \
--proxy-insecure https://$HTTP_TARGET || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}" $desc
# works
GREP="$HTTP_PORT"
elif [ $ARG -eq 7 ] ; then
tests[8]="traceroute_icmp_dns_as_root --icmp - trace "
[ $USER = root ] || continue
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
[ $HAVE_TRACEROUTE = 1 ] || continue
traceroute -i $PROXY_WLAN --icmp $DNS_TARGET -m $THOPS || { \
retval=$?
ERROR $retval traceroute --icmp -m $THOPS
[ -z "$ALL" ] && exit 7$retval
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="-i icmp"
elif [ $ARG -eq 8 ] ; then
tests[8]="traceroute_tcp_dns_as_root -i $PROXY_WLAN -p 53 -T4 - trace "
[ $USER = root ] || continue
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
[ $HAVE_TRACEROUTE = 1 ] || continue
traceroute -i $PROXY_WLAN -p 53 -T4 $DNS_TARGET -m $THOPS || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute -T4 -p 53 -m $THOPS
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="53"
elif [ $ARG -eq 9 ] ; then
tests[9]="traceroute_icmp_dns_as_user -p 53 - trace "
[ $USER = root ] || continue
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
[ $HAVE_TRACEROUTE = 1 ] || continue
traceroute -i $PROXY_WLAN --icmp $DNS_TARGET -p 53 -m $THOPS || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute -i $PROXY_WLAN --icmp -m $THOPS
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="53"
elif [ $ARG -eq 10 ] ; then
tests[10]="wget_http_as_user $HTTP_PORT - http "
proxy=`proxy_ping_get_http`
env http_proxy=http://${proxy} \
$WGET -S http://$HTTP_TARGET 2>/dev/null
retval=$?
# 8 is an oddball
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
INFO $prog test=$ARG "${tests[$ARG]}" wget $HTTP_PORT
else
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval wget $HTTP_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue
fi
GREP="$HTTP_PORT"
elif [ $ARG -eq 11 ] ; then
tests[11]="curl_https_as_user - https "
proxy=`proxy_ping_get_https`
proxy_ping_curl --proxy http://${proxy} \
--proxy-insecure https://$HTTP_TARGET || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $HTTP_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="$HTTP_PORT"
elif [ $ARG -eq 12 ] ; then
tests[12]="nmap_dns_as_root --privileged --send-eth -Pn -sU -p U:53 $DNS_HOST1 - nmap direct "
[ $USER = root ] || continue
which nmap 2>/dev/null >/dev/null || continue
nmap --privileged --send-eth -Pn -sU -p U:53 "$DNS_HOST1" || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmap 53
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="53"
elif [ $ARG -eq 13 ] ; then
2024-01-09 15:35:38 +00:00
tests[13]="curl_firewall_bin - firewall "
2024-01-06 01:57:28 +00:00
[ $USER = root ] || continue
2024-01-09 15:35:38 +00:00
proxy_test_curl_firewall_asbin || continue
2024-01-06 01:57:28 +00:00
INFO $prog test=$ARG "${tests[$ARG]}" curl bin
# works
GREP="443"
elif [ $ARG -eq 14 ] ; then
tests[14]="traceroute_icmp_gw_as_root --icmp $PROXY_WLAN_GW - gw wifi "
[ $USER = root ] || continue
[ $HAVE_TRACEROUTE = 1 ] || continue
proxy_test_traceroute_icmp_gw || continue
# works
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="-i icmp"
elif [ $ARG -eq 15 ] ; then
tests[15]="test_dig_direct - direct "
[ $HAVE_DIG = 1 ] || continue
proxy_test_dig_direct || continue
INFO $prog test=$ARG "${tests[$ARG]}" proxy_test_dig_direct
elif [ $ARG -eq 16 ] ; then
2024-01-09 15:35:38 +00:00
tests[16]="nslookup_as_root nslookup ${DNS_HOST1} $PRIV_BIN_OWNER - firewall "
2024-01-06 01:57:28 +00:00
[ $USER = root ] || continue
[ $HAVE_NSLOOKUP = 1 ] || continue
su -c "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works /fails but maybe a noop
GREP="53"
elif [ $ARG -eq 17 ] ; then
tests[17]="ntpdate_as_root ntpdate without service - ntp "
proxy_run_as_root || exit 9
[ -x /usr/sbin/ntpdate ] || continue
# Curious: even though sgid 2755 ntp it fails as su ntp
# 12 Nov 23:28:35 ntpdate[17341]: bind() fails: Permission denied
/usr/sbin/ntpdate "$NTP_HOST1" || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ntpdate
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="123"
elif [ $ARG -eq 18 ] ; then
tests[18]="ntpdate_as_root ntpdate with servie - ntp "
proxy_run_as_root || exit 9
proxy_rc_service ntpd status >/dev/null && \
proxy_rc_service ntpd stop >/dev/null && sleep 2
/usr/sbin/ntpdate $NTP_HOST1 || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ntpdate
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
proxy_rc_service ntpd status >/dev/null || proxy_rc_service ntpd start
GREP="123"
elif [ $ARG -eq 19 ] ; then
tests[19]="curl_noproxy_http_as_user curl raw noproxy - firefail "
2024-01-09 15:35:38 +00:00
timeout -k $TIMEOUT $TIMEOUT env - $CURL \
--noproxy "'*.*'" --connect-timeout $TIMEOUT \
2024-01-06 01:57:28 +00:00
http://$HTTP_TARGET >/dev/null && {
retval=$?
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" curl raw --noproxy
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP=80
elif [ $ARG -eq 20 ] ; then
tests[20]="curl_socksproxy_as_user curl $SOCKS_PORT - socks "
# needs dns
[ $DEBIAN -eq 0 ] && continue
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
2024-01-06 03:08:22 +00:00
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null || {
retval=$? ;
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $SOCKS_PORT
2024-01-06 01:57:28 +00:00
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works with user/pass
GREP="$SOCKS_PORT"
elif [ $ARG -eq 21 ] ; then
tests[21]="curl_httpsproxy_as_user - https "
[ -z "$https_proxy" ] && https_proxy=http://${HTTPS_PROXY_HOST}:${HTTPS_PORT}
proxy_ping_curl -x $https_proxy https://$HTTP_TARGET >/dev/null || { \
if [ "$MODE" = gateway ] ; then
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${HTTPS_HOST} ${HTTPS_PORT}
continue
else
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${HTTPS_HOST} HTTPS_PORT=${HTTPS_PORT}
[ -z "$ALL" ] && exit $ARG$retval || continue
fi
}
INFO $prog test=$ARG "${tests[$ARG]}" curl ${HTTPS_HOST} ${HTTPS_PORT}
GREP="${HTTPS_PORT}"
elif [ $ARG -eq 22 ] ; then
tests[22]="iwlist_scan_as_user iwlist $PROXY_WLAN scan - iwlist "
[ $USER = root ] || continue
which iwlist 2>/dev/null || continue
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
iwlist $PROXY_WLAN scan >/dev/null || {
ERROR $prog retval=$? test=$ARG $PROXY_WLAN scan
[ -z "$ALL" ] && exit $ARG$1 || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
elif [ $ARG -eq 23 ] ; then
tests[23]="curl_proxy_as_user - direct "
proxy_ping_curl --insecure https://$HTTP_TARGET >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl direct
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 24 ] ; then
2024-01-06 03:08:22 +00:00
tests[24]="dig_direct_or_dnsmasq dig -b $IP $DNS_TARGET - direct "
2024-01-06 01:57:28 +00:00
[ $HAVE_DIG = 1 ] || continue
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
[ -n "$IP" ] || continue
2024-01-06 03:08:22 +00:00
dig -b $IP $DNS_TARGET +timeout=$TIMEOUT >/dev/null || { \
2024-01-06 01:57:28 +00:00
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}" dig -b $IP
elif [ $ARG -eq 25 ] ; then
tests[25]="nslookup_as_user - direct "
[ $HAVE_NSLOOKUP = 1 ] || continue
# noenv with or without proxy
# @$DNS_HOST1 should fail for firewall unless dnsmasq is working
2024-01-09 15:35:38 +00:00
$NSL >/dev/null $DNS_TARGET ${DNS_HOST} || { \
2024-01-06 01:57:28 +00:00
retval=$?
2024-01-06 03:08:22 +00:00
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval nslookup $DNS_TARGET
2024-01-06 01:57:28 +00:00
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}" nslookup
elif [ $ARG -eq 26 ] ; then
tests[26]="route_connected_ping_scan - direct "
[ $HAVE_DIG = 1 ] || continue
2024-01-06 03:08:22 +00:00
#? done already in proxy_test_pretest_exit
2024-01-06 01:57:28 +00:00
proxy_do_ping && \
INFO $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP || \
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
elif [ $ARG -eq 27 ] ; then
tests[27]="dns_as_user dig -b 127.0.0.1 - direct "
[ $HAVE_DIG = 1 ] || continue
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
2024-01-06 03:08:22 +00:00
dig -b 127.0.0.1 $DNS_TARGET +timeout=$TIMEOUT >/dev/null || { \
2024-01-06 01:57:28 +00:00
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 28 ] ; then
tests[28]="wget_as_user - direct "
proxy_ping_test_env || { WARN $prog test=$ARG "${tests[$ARG]}" no proxy in env ; }
$WGET -S https://$HTTP_TARGET 2>/dev/null
retval=$?
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
INFO $prog test=$ARG "${tests[$ARG]}" wget
else
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval wget
[ -z "$ALL" ] && exit $ARG$retval || continue
fi
elif [ $ARG -eq 29 ] ; then
tests[29]="curl_as_user - direct "
proxy_ping_test_env || { WARN $prog test=$ARG "${tests[$ARG]}" no proxy in env ; }
proxy_ping_curl https://$HTTP_TARGET >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 30 ] ; then
tests[30]="tor_bootstrap_check_as_root tor_bootstrap_check.py - torhost "
2024-01-09 15:35:38 +00:00
[ $MODE = tor -o $MODE = whonix -o $MODE = gateway -o $MODE = selektor ] || {
2024-01-06 03:08:22 +00:00
# are there other roles that run tor?
WARN $prog MODE != tor test=$ARG
2024-01-06 01:57:28 +00:00
}
port=$SOCKS_PORT
$NETS | grep -q :$port || {
ERROR $prog retval=$? test=$ARG tor not running on $port
[ -z "$ALL" ] && exit $ARG || continue
}
[ $USER = root ] || continue
# was /usr/local/bin/tor_bootstrap_check.bash
[ -f /usr/local/src/helper-scripts/tor_bootstrap_check.py ] || return 1
python3.sh /usr/local/src/helper-scripts/tor_bootstrap_check.py
# morons 100%
retval=$?
[ $retval -eq 0 -o $retval -eq 100 ] || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor_bootstrap_check
}
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 31 ] ; then
tests[31]="curl_noproxy_as_root polipo http pages $HTTP_PORT - direct http "
2024-01-09 15:35:38 +00:00
timeout -k $TIMEOUT $TIMEOUT env - $CURL \
--noproxy '*' http://${HTTP_TARGET} && { \
2024-01-06 01:57:28 +00:00
retval=$?
2024-01-09 15:35:38 +00:00
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval $HTTP_TARGET
2024-01-06 01:57:28 +00:00
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="$HTTP_PORT"
elif [ $ARG -eq 32 ] ; then
tests[32]="ping_nmap_direct_as_root nmap 53 - direct "
[ $USER = root ] || continue
which nmap 2>/dev/null >/dev/null || continue
[ -n "$PROXY_WLAN" -a -n "$PROXY_WLAN_GW" ] || proxy_ping_get_wlan_gw || continue
proxy_ping_nmap_direct $DNS_HOST1 "$PROXY_WLAN_GW" U:67 || {
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmapd 53
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="53"
elif [ $ARG -eq 33 ] ; then
tests[33]="host_virbr_as_user proxy_ping_test_virbr 1 - libvirthost "
proxy_ping_test_virbr 1 || {
retval=$?
ERROR $CONN virbr1 not running
[ -z "$ALL" ] && exit 1 || continue
}
# * Immediate connect fail for 10.0.2.15: Connection refused
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 34 ] ; then
tests[34]="python_ping_as_root traceroute --icmp $PROXY_WLAN_GW - wifi "
[ $USER = root ] || continue
[ -n "$PROXY_WLAN_GW" -a -n "$IP" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw` || continue
[ -f /usr/local/bin/ping2.py ] || continue
/usr/local/bin/ping2.py $IP $DNS_HOST1 $PROXY_WLAN_GW || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ping2.py $DNS_HOST1
[ -z "$ALL" ] && exit $ARG$retval || continue
}
# works
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="-i icmp"
elif [ $ARG -eq 35 ] ; then
tests[35]="dig_as_root - firewall dig @$DNS_HOST1 - torhost dns "
[ $USER = root ] || continue
[ $HAVE_DIG = 1 ] || continue
# @$DNS_HOST1
2024-01-09 15:35:38 +00:00
su -c "dig $NTP_HOST2 +timeout=$TIMEOUT" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \
2024-01-06 01:57:28 +00:00
retval=$?
2024-01-09 15:35:38 +00:00
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig $NTP_HOST2 $PRIV_BIN_OWNER
2024-01-06 01:57:28 +00:00
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="53"
elif [ $ARG -eq 36 ] ; then
2024-01-09 15:35:38 +00:00
tests[36]="tor_resolve_as_user tor-resolve $NTP_HOST2 - tordns "
2024-01-06 01:57:28 +00:00
[ $HAVE_TOR_RESOLVE = 1 ] || continue
2024-01-09 15:35:38 +00:00
tor-resolve $NTP_HOST2 >/dev/null || { \
2024-01-06 01:57:28 +00:00
retval=$?
# dunno Failed parsing SOCKS5 response conf?
2024-01-09 15:35:38 +00:00
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor-resolve $NTP_HOST2
2024-01-06 01:57:28 +00:00
continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="9053"
elif [ $ARG -eq 37 ] ; then
2024-01-09 15:35:38 +00:00
tests[37]="qemu_guest_agent_ports - libvirtguest "
2024-01-06 01:57:28 +00:00
ser=qemu-guest-agent
proxy_rc_service $ser status >/dev/null || proxy_rc_service $ser start
proxy_rc_service $ser status >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval $ser status
[ -z "$ALL" ] && exit $ARG$retval || continue
}
[ -d /dev/virtio-ports ] || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval /dev/virtio-ports
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP=""
2024-01-09 15:35:38 +00:00
2024-01-06 01:57:28 +00:00
elif [ $ARG -eq 38 ] ; then
2024-01-09 15:35:38 +00:00
tests[38]="check_libvirt_running - libvirthost "
2024-01-06 01:57:28 +00:00
[ $USER = root ] || continue
$PL proxy_libvirt_list
aret=$?
if [ $aret -eq 10 ] ;then
WARN proxy_libvirt_status hung
elif [ $aret -ne 10 -a $aret -ne 0 ] ; then
DBUG proxy_libvirt_status aret=$aret
else
2024-01-06 03:08:22 +00:00
# was $GATEW_DOM but now can be gentoo_vm-2 etc
2024-01-09 15:35:38 +00:00
$PL proxy_libvirt_list 2>&1| grep -q "running" || {
WARN MODE=$MODE and nothing libvirt running
2024-01-06 03:08:22 +00:00
continue
2024-01-06 01:57:28 +00:00
}
INFO $prog test=$ARG "${tests[$ARG]}"
fi
2024-01-09 15:35:38 +00:00
elif [ $ARG -eq 39 ] ; then
tests[39]="proxy_test_dirmngr - dirmngr "
[ $USER = root ] || continue
proxy_test_dirmngr
elif [ $ARG -eq 99 ] ; then
tests[99]="test_all_modes unfinished not sure"
[ $USER = root ] || continue
for elt in vda selektor ws gateway nat tor whonix; do
INFO testing $elt
if [ "$MODE" = vda ] ; then
: vda
elif [ "$MODE" = selektor ] ; then
: selektor
elif [ "$MODE" = ws ] ; then
: ws
elif [ "$MODE" = gateway ] ; then
: gateway
elif [ "$MODE" = nat ] ; then
: nat
elif [ "$MODE" = tor ] ; then
: tor
elif [ "$MODE" = whonix ] ; then
: whonix
else
WARN unrecognized mode MODE=$elt
fi
done
2024-01-06 01:57:28 +00:00
elif false ; then
if ! grep -q '10.152.152.10\|127.0.0.1' /etc/resolv.conf ; then
$NETS | grep -q :53 || {
ERROR $prog retval=$? test=$ARG local resolv.conf but :53 not running
[ -z "$ALL" ] && exit 1 || continue
}
fi
fi
[ -n "$GREP" ] && [ $DMESG_LINES -gt 0 ] && \
DBUG `dmesg|tail|grep $GREP|tail -$DMESG_LINES`
done
exit 0