2024-01-06 01:57:28 +00:00
|
|
|
#!/bin/bash
|
|
|
|
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
|
|
|
|
|
|
|
. /usr/local/bin/usr_local_tput.bash || exit 2
|
|
|
|
PREFIX=/usr/local
|
|
|
|
ROLE=proxy
|
|
|
|
PYVER=3
|
|
|
|
|
|
|
|
# DEBUG=1
|
2024-01-06 03:08:22 +00:00
|
|
|
# TRACE=1
|
2024-01-06 01:57:28 +00:00
|
|
|
|
|
|
|
. /usr/local/bin/proxy_ping_lib.bash || \
|
|
|
|
{ ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 6; }
|
|
|
|
PL=/usr/local/bin/proxy_libvirt_lib.bash
|
|
|
|
declare -a tests
|
|
|
|
|
|
|
|
which traceroute 2>/dev/null >/dev/null && HAVE_TRACEROUTE=1 || HAVE_TRACEROUTE=0
|
|
|
|
which dig 2>/dev/null >/dev/null && HAVE_DIG=1 || HAVE_DIG=0
|
|
|
|
which nslookup 2>/dev/null >/dev/null && HAVE_NSLOOKUP=1 || HAVE_NSLOOKUP=0
|
|
|
|
which tor-resolve 2>/dev/null >/dev/null && HAVE_TOR_RESOLVE=1 || HAVE_TOR_RESOLVE=0
|
|
|
|
|
|
|
|
[ -z "$prog" ] || prog=proxy_ping_test
|
2024-01-06 03:08:22 +00:00
|
|
|
proxy_ping_get_socks >/dev/null
|
2024-01-06 01:57:28 +00:00
|
|
|
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1
|
|
|
|
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050
|
|
|
|
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
|
|
|
|
HTTPS_PORT=9128
|
|
|
|
HTTPS_HOST=127.0.0.1
|
2024-01-06 03:08:22 +00:00
|
|
|
proxy_ping_get_https >/dev/null
|
2024-01-06 01:57:28 +00:00
|
|
|
[ -z "$HTTPS_HOST" ] && HTTPS_HOST=127.0.0.1
|
|
|
|
HTTP_PORT=3128
|
|
|
|
HTTP_PROXY_HOST=127.0.0.1
|
2024-01-06 03:08:22 +00:00
|
|
|
proxy_ping_get_http >/dev/null
|
2024-01-06 01:57:28 +00:00
|
|
|
[ -z "$HTTP_HOST" ] && HTTP_HOST=127.0.0.1
|
|
|
|
|
|
|
|
[ -f $PREFIX/etc/testforge/testforge.bash ] && \
|
|
|
|
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
|
|
|
|
|
|
|
|
P="BASE_PYTHON${PYVER}_MINOR"
|
|
|
|
PYTHON_MINOR="$(eval echo \$$P)"
|
|
|
|
[ -n "$PYTHON_MINOR" ] || \
|
|
|
|
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
|
|
|
[ -n "$PYTHON_MINOR" ] || exit 4
|
|
|
|
|
|
|
|
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR ] ; then
|
|
|
|
LIB=lib
|
|
|
|
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR ] ; then
|
|
|
|
LIB=lib64
|
|
|
|
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR ] ; then
|
|
|
|
#? ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR
|
|
|
|
exit 5
|
|
|
|
fi
|
|
|
|
|
|
|
|
THOPS=40
|
|
|
|
NEEDED_BINS="ping traceroute nmap dig nslookup tor-resolve"
|
|
|
|
NEEDED_SCRIPTS="
|
|
|
|
/usr/local/bin/proxy_ping_lib.bash
|
|
|
|
/usr/local/bin/proxy_ping_test.bash
|
|
|
|
"
|
|
|
|
|
|
|
|
grep -q Debian /etc/os-release
|
|
|
|
DEBIAN=$?
|
|
|
|
TIMEOUT=30
|
|
|
|
[ -n "$GATEW_DOM" ] || GATEW_DOM="$( proxy_testforge_get_gateway_dom )"
|
|
|
|
[ -n "$GATEW_DOM" ] || GATEW_DOM="Whonix-Gateway"
|
|
|
|
|
|
|
|
DNS_HOST1="208.67.220.220"
|
|
|
|
DNS_HOST2="8.8.8.8"ggggg
|
|
|
|
[ -n "$DNS_TARGET" ] || DNS_TARGET=www.whatismypublicip.com # 108.160.151.39
|
|
|
|
[ -n "$HTTP_TARGET" ] || HTTP_TARGET=www.whatismypublicip.com # 108.160.151.39
|
|
|
|
HTTP_TARGET=www.whatismypublicip.com
|
|
|
|
|
|
|
|
# time.nist.gov 132.163.97.3
|
|
|
|
NTP_HOST1=132.163.97.3
|
|
|
|
# pool.ntp.org 78.46.53.2
|
|
|
|
NTP_HOST2=78.46.53.2
|
|
|
|
# --no-check-certificate
|
|
|
|
WGET="wget --tries=1 --max-redirect=0 --timeout=$TIMEOUT -O /dev/null"
|
|
|
|
CURL="curl -o /dev/null $CURL_ARGS"
|
|
|
|
SCURL="/usr/local/bin/scurl.bash --output /dev/null"
|
|
|
|
NSL='nslookup -querytype=A -debug'
|
|
|
|
NETS='netstat -nl4e'
|
|
|
|
ALL=""
|
2024-01-06 03:08:22 +00:00
|
|
|
USAGE="$prog without arguments tests the current MODE=$MODE,
|
|
|
|
or with 0 to list the tests by number,
|
|
|
|
or one or more of the groups:
|
|
|
|
|
|
|
|
"
|
2024-01-06 01:57:28 +00:00
|
|
|
|
|
|
|
[ -z "$USER" ] && USER=$(id -un )
|
2024-01-06 03:08:22 +00:00
|
|
|
[ $USER = root -a -n "$TRACE" -a "$TRACE" != '0' ] && DMESG_LINES=1 || DMESG_LINES=0
|
|
|
|
|
2024-01-06 01:57:28 +00:00
|
|
|
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_ping_get_wlan`
|
|
|
|
# fixme - required
|
|
|
|
PROXY_WLAN=$( echo $PROXY_WLAN | grep ^wlan |sed -e 's/:.*//' )
|
|
|
|
|
|
|
|
[ -n "$PROXY_WLAN_GW" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw`
|
|
|
|
# fixme - required
|
|
|
|
PROXY_WLAN_GW=$( echo $PROXY_WLAN_GW | grep ^wlan |sed -e 's/:.*//' )
|
|
|
|
MODE=$( proxy_ping_mode )
|
|
|
|
|
|
|
|
DNS_HOST=$SOCKS_HOST
|
|
|
|
[ -z "$PRIV_BIN_OWNER" ] && PRIV_BIN_OWNER=bin
|
|
|
|
[ -z "$PRIV_BIN_GID" ] && PRIV_BIN_GID=$( grep ^$PRIV_BIN_OWNER /etc/passwd|cut -d: -f 4 )
|
|
|
|
|
|
|
|
## proxy_test_netstat_dns
|
|
|
|
proxy_test_netstat_dns () { DBUG proxy_test_netstat_dns $* ;
|
|
|
|
$NETS | grep -q ":53"
|
|
|
|
retval=$?
|
|
|
|
[ $retval -eq 0 ] && return 0
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" dns not running
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
## proxy_test_traceroute_icmp_gw
|
|
|
|
proxy_test_traceroute_icmp_gw () { DBUG proxy_test_traceroute_icmp_gw $* ;
|
|
|
|
[ -n "$PROXY_WLAN_GW" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw` || return 1
|
|
|
|
traceroute --icmp $PROXY_WLAN_GW
|
|
|
|
retval=$?
|
|
|
|
[ $retval -eq 0 ] && return 0
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute --icmp $PROXY_WLAN_GW
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || return 1
|
|
|
|
# works
|
|
|
|
GREP="-i icmp"
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
## proxy_test_dig_direct
|
|
|
|
proxy_test_dig_direct () { DBUG proxy_test_dig_direct $* ;
|
|
|
|
|
|
|
|
dig @$DNS_HOST1 pool.ntp.org +timeout=$TIMEOUT >/dev/null
|
|
|
|
retval=$?
|
|
|
|
[ $retval -eq 0 ] && return 0
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @$DNS_HOST1
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || return 1
|
|
|
|
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}" dig @$DNS_HOST1
|
|
|
|
# works
|
|
|
|
GREP="53"
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
## proxy_test_curl_firewall_bin
|
|
|
|
proxy_test_curl_firewall_bin () { DBUG proxy_test_curl_firewall_bin $* ;
|
|
|
|
su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER >/dev/null
|
|
|
|
retval=$?
|
|
|
|
[ $retval -eq 0 ] && return 0
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval \
|
|
|
|
su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER
|
|
|
|
proxy_iptables_save|tail|grep PTABLES_filter_DROP-o
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || return $retval
|
|
|
|
}
|
|
|
|
|
|
|
|
## proxy_ping_curl
|
|
|
|
proxy_ping_curl () { DBUG proxy_ping_curl $* ;
|
|
|
|
local retval
|
|
|
|
timeout -k $TIMEOUT $TIMEOUT $CURL "$@"
|
|
|
|
retval=$?
|
|
|
|
# "DEBUG: wierd failure curl: (35) Encountered end of file"
|
|
|
|
[ $retval -eq 0 -o $retval -eq 35 ] && return 0
|
|
|
|
return $retval
|
|
|
|
}
|
|
|
|
|
|
|
|
## proxy_ping_make_help
|
|
|
|
proxy_ping_make_help () {
|
|
|
|
grep 'tests\[[0-9][0-9]*\]=' /usr/local/bin/proxy_ping_test.bash \
|
|
|
|
> /tmp/proxy_ping_test.hlp
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
## proxy_ping_test_virbr
|
|
|
|
proxy_ping_test_virbr () {
|
|
|
|
local n=$1
|
|
|
|
[ -z "$n" ] && n=1
|
|
|
|
[ -z "$CONN" ] || proxy_whonix_get_conn
|
|
|
|
[ "$CONN" = guest ] && return 0
|
|
|
|
[ -e /proc/sys/net/ipv4/conf/virbr$n ] || return 0
|
|
|
|
proxy_ifconfig virbr$n >/dev/null && return 0
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
## proxy_ping_broken
|
|
|
|
proxy_ping_broken () { DBUG proxy_ping_broken PROXY_WLAN=$PROXY_WLAN $* ;
|
|
|
|
# 0 is true
|
|
|
|
local a=$MODE
|
|
|
|
if [ "$a" = vda -o "$a" = ws ]; then
|
|
|
|
# grep 10.152.152.10 /etc/resolv.conf &&
|
|
|
|
PING_BROKEN=0
|
|
|
|
return 0
|
|
|
|
elif [ "$a" = gateway ]; then
|
|
|
|
PING_BROKEN=0
|
|
|
|
return 0
|
|
|
|
elif [ -z "$PROXY_WLAN_GW" ] ; then
|
|
|
|
PING_BROKEN=0
|
|
|
|
return 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
[ -n "$PING_BROKEN" ] && return $PING_BROKEN
|
|
|
|
|
|
|
|
DBUG $prog proxy_ping_mode=$a PROXY_WLAN=$PROXY_WLAN PROXY_WLAN_GW=$PROXY_WLAN_GW
|
|
|
|
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $PROXY_WLAN_GW # 10.16.238.1
|
|
|
|
if [ $? -ne 0 ] ; then
|
|
|
|
PING_BROKEN=0
|
|
|
|
else
|
|
|
|
PING_BROKEN=1
|
|
|
|
fi
|
|
|
|
return $PING_BROKEN
|
|
|
|
}
|
|
|
|
|
|
|
|
## proxy_do_ping
|
|
|
|
proxy_do_ping () { DBUG proxy_do_ping $* ;
|
|
|
|
proxy_route_check || { ERROR $prog route not connected ; return 1$? ; }
|
|
|
|
|
|
|
|
proxy_ping_broken && return 0
|
|
|
|
|
|
|
|
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_get_if` || {
|
|
|
|
ERROR $prog unable to get wlan $? ; return 2 ;
|
|
|
|
}
|
|
|
|
|
|
|
|
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $DNS_HOST2 >/tmp/P$$.log 2>&1
|
|
|
|
retval=$?
|
|
|
|
if [ $retval -eq 1 ] ; then
|
|
|
|
# false negatives
|
|
|
|
sleep 4
|
|
|
|
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $DNS_HOST2 >/tmp/P$$.log 2>&1
|
|
|
|
retval=$?
|
|
|
|
fi
|
|
|
|
[ $retval -lt 1 ] || {
|
|
|
|
ERROR $prog do_ping $PROXY_WLAN retval=$retval
|
|
|
|
rm /tmp/P$$.log
|
|
|
|
PING_BROKEN=0
|
|
|
|
return 3$retval
|
|
|
|
}
|
|
|
|
grep -q ' 0% ' /tmp/P$$.log || \
|
|
|
|
{ ERROR $prog retval=$? test=$1 ping retval=$retval ; rm /tmp/P$$.log ; return 4 ; }
|
|
|
|
PING=1
|
|
|
|
grep 'packet\|bytes from' /tmp/P$$.log
|
|
|
|
rm /tmp/P$$.log
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
proxy_run_as_root () { DBUG proxy_run_as_root $* ;
|
|
|
|
[ $( id -u ) -eq 0 ] && return 0
|
|
|
|
ERROR must be root
|
|
|
|
[ -z "$ALL" ] && exit 9
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
2024-01-06 03:08:22 +00:00
|
|
|
# could pull these out as tests and add them to
|
|
|
|
## proxy_test_pretest_exit
|
|
|
|
proxy_test_pretest_exit () {
|
|
|
|
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
|
|
|
|
if [ "$1" = panic -o "$1" = firewall ] ; then
|
2024-01-06 01:57:28 +00:00
|
|
|
: dont ping on panic
|
|
|
|
proxy_ping_broken || proxy_do_ping || \
|
|
|
|
{ WARN ping failed for panic so skipping ; exit 0 ; }
|
|
|
|
elif [ "$1" = direct -o "$1" = gateway -o "$1" = vda -o "$1" = kick ] ; then
|
|
|
|
proxy_ping_broken || proxy_do_ping || exit 3$?
|
|
|
|
proxy_ping_test_resolv $MODE ||\
|
|
|
|
{ WARN $prog proxy_ping_test_resolv=$? 'echo nameserver 127.0.0.1 > /etc/resolv.conf' ; exit 4 ; }
|
|
|
|
proxy_ping_firewall_start || { ERROR "proxy_ping_firewall_start ret=$?" ; exit 5 ; }
|
|
|
|
elif [ "$1" = nat ] ; then
|
2024-01-06 03:08:22 +00:00
|
|
|
: proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
|
2024-01-06 01:57:28 +00:00
|
|
|
else
|
|
|
|
proxy_do_ping || exit 4$?
|
|
|
|
proxy_ping_test_resolv $MODE || \
|
|
|
|
{ WARN "$prog proxy_ping_test_resolv=$? /etc/resolv.conf.$dire" MODE=$MODE
|
|
|
|
exit 4 ; }
|
|
|
|
|
|
|
|
fi
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
## proxy_test_help_args
|
|
|
|
proxy_test_help_args () {
|
2024-01-06 03:08:22 +00:00
|
|
|
declare -a elts=()
|
2024-01-06 01:57:28 +00:00
|
|
|
declare -a ret=()
|
2024-01-06 03:08:22 +00:00
|
|
|
local elt
|
|
|
|
if [ "$1" = selektor -o "$1" = whonix -o "$1" = torhost ] ; then
|
|
|
|
elts=($1 socks http dns https tordns firefail)
|
|
|
|
elif [ "$1" = torlibvirthost ] ; then
|
|
|
|
elts=($1 libvirthost socks http https tordns firefail)
|
|
|
|
elts+=($MODE)
|
|
|
|
elif [ "$1" = gateway ] ; then
|
|
|
|
elts=($1 libvirtguest socks dns http https firefail)
|
|
|
|
else
|
|
|
|
elts=($1)
|
|
|
|
fi
|
|
|
|
for elt in "${elts[@]}" ; do
|
|
|
|
# DBUG proxy_test_help_args $elt $1 >&2
|
|
|
|
ret+=( $(grep " -.* $elt " /tmp/proxy_ping_test.hlp | \
|
|
|
|
sed -e 's/.=.*//' -e 's/.*tests.//') )
|
|
|
|
done
|
|
|
|
DBUG proxy_test_help_args "${ret[@]}" >&2
|
2024-01-06 01:57:28 +00:00
|
|
|
echo "${ret[@]}"
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
ALL=0
|
|
|
|
## proxy_ping_test_set_args
|
|
|
|
proxy_ping_test_set_args () {
|
|
|
|
local args="$@"
|
|
|
|
local val="$@"
|
|
|
|
declare -a aret=()
|
|
|
|
rm -f /tmp/proxy_ping_test.hlp
|
|
|
|
[ -f /tmp/proxy_ping_test.hlp ] || proxy_ping_make_help
|
|
|
|
## to_tor - tor with the firewall host side client setup tor server - call tor,dns,ntp in addition
|
|
|
|
[ "$1" = to_tor -o "$1" = test_tor -o "$1" = test_to ] &&
|
|
|
|
aret=( 6 13 16 ) && \
|
|
|
|
! proxy_ping_test_env && WARN to_tor and no proxy in env - use noenv
|
|
|
|
|
|
|
|
## vda - through the Gateway with the firewall - also polipo,panic - uses env
|
|
|
|
[ "$1" = vda ] &&
|
|
|
|
aret=( 35 3 20 ) #
|
|
|
|
## kick - open firewall with tor running - call dns,polipo +tor in addition
|
|
|
|
[ "$1" = kick -o "$1" = host ] &&
|
|
|
|
aret=( 24 31 13 16 6 )# 30 24 31 6 13 16
|
|
|
|
## gateway - on the Gateway, trans firewall with tor running - call dns in addition
|
|
|
|
[ "$1" = gateway ] &&
|
|
|
|
aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16
|
|
|
|
|
|
|
|
# aliases
|
2024-01-06 03:08:22 +00:00
|
|
|
# socks defines http as the target of a user using socks
|
2024-01-06 01:57:28 +00:00
|
|
|
[ "$1" = "$SOCKS_PORT" ] && set -- socks
|
2024-01-06 03:08:22 +00:00
|
|
|
# http defines http as the target of a user using http
|
2024-01-06 01:57:28 +00:00
|
|
|
[ "$1" = "$HTTP_PORT" ] && set -- http
|
2024-01-06 03:08:22 +00:00
|
|
|
# https defines http as the target of a user using https
|
2024-01-06 01:57:28 +00:00
|
|
|
[ "$1" = "$HTTPS_PORT" ] && set -- https
|
2024-01-06 03:08:22 +00:00
|
|
|
# dns defines http as the target of a user using dns
|
2024-01-06 01:57:28 +00:00
|
|
|
[ "$1" = "53" ] && set -- dns
|
2024-01-06 03:08:22 +00:00
|
|
|
# tordns defines http as the target of a user using tordns
|
2024-01-06 01:57:28 +00:00
|
|
|
[ "$1" = "9053" ] && set -- tordns
|
|
|
|
|
|
|
|
[ "$1" = scan ] && set -- iwlist
|
|
|
|
[ "$1" = panic ] && set -- firewall
|
|
|
|
[ "$1" = to_gateway ] && set -- whonix
|
|
|
|
[ "$1" = from_tor ] && set -- whonix
|
|
|
|
[ "$1" = from_gateway ] && set -- gateway
|
|
|
|
[ "$1" = traceroute ] && set -- = trace
|
|
|
|
[ "$1" = connected ] && set -- wifi
|
|
|
|
[ "$1" = clear ] && set -- direct
|
|
|
|
|
|
|
|
# scenarios - modes: nat selektor
|
|
|
|
## nat - through the Gateway via the nat
|
|
|
|
[ "$1" = nat ] && \
|
|
|
|
set -- ping dns socks http https tordns firefail libvirtguest
|
|
|
|
# wifi?
|
|
|
|
[ "$1" = whonix ] && \
|
2024-01-06 03:08:22 +00:00
|
|
|
set -- ping tordns dns socks http https torhost tordns firefail gw
|
|
|
|
[ "$1" = tor -o "$1" = selektor ] && \
|
|
|
|
set -- ping tordns dns trace torhost nmap gw
|
|
|
|
## torhost implies -
|
|
|
|
#? tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition
|
2024-01-06 01:57:28 +00:00
|
|
|
[ "$1" = direct -o "$1" = '' ] && \
|
|
|
|
set -- ping dns trace nmap gw
|
|
|
|
|
|
|
|
## all - all tests not stopping on the first error
|
|
|
|
[ "$1" = all ] && ALL=1
|
|
|
|
# aret="${#tests[@]}"
|
|
|
|
|
|
|
|
## gw - test if we are connected to the gateway
|
|
|
|
## env - from the cmdline with a properly setup env
|
|
|
|
## firefail - test the proxy without env vars to expect failure
|
2024-01-06 03:08:22 +00:00
|
|
|
## torhost - running tor with the firewall
|
2024-01-06 01:57:28 +00:00
|
|
|
## http - assumes torhost or whonix and env setup
|
|
|
|
## https - assumes torhost or whonix and env setup
|
|
|
|
## socks - assumes torhost or whonix and env setup
|
2024-01-06 03:08:22 +00:00
|
|
|
## tordns - test 9053 for dns using tor-resolve
|
|
|
|
## dns - dns using tor or the gateway, with the firewall - does not assume env
|
2024-01-06 01:57:28 +00:00
|
|
|
## ping - connected routed test the ping to DNS hosts
|
|
|
|
## ntp - ntpdate through the firewall
|
|
|
|
## nmap - nmap sgid through the firewall - does not assume env
|
2024-01-06 03:08:22 +00:00
|
|
|
## iwlist - wlan scan of a wifi host
|
2024-01-06 01:57:28 +00:00
|
|
|
## firewall - test that the firewall blocks
|
2024-01-06 03:08:22 +00:00
|
|
|
## virbr1 - looks for virbr1 on a libvirt host torhost or whonix
|
|
|
|
## gateway - ssh to the whonix gateway from the torhost
|
2024-01-06 01:57:28 +00:00
|
|
|
## trace - traceroute to DNSHOST - icmp is allowed by the firewall, except on vda
|
|
|
|
## wifi - test if we are connected - call scan in addition
|
|
|
|
## libvirthost - hosting a libvirt container
|
|
|
|
## libvirtguest - in a libvirt container
|
2024-01-06 03:08:22 +00:00
|
|
|
## whonix - whonix torhost with libvirt container running gateway behind firewall - aliases: to_gateway from_tor
|
|
|
|
## direct - assume no firewall and no proxy - but may work depend on env
|
|
|
|
|
2024-01-06 01:57:28 +00:00
|
|
|
for elt in "$@" ; do
|
|
|
|
if [ "$elt" = gw -o "$elt" = '' -o "$elt" = env -o \
|
|
|
|
"$elt" = https -o "$elt" = http -o "$elt" = socks -o "$elt" = dns -o \
|
|
|
|
"$elt" = torhost -o "$elt" = tordns -o "$elt" = whonix -o \
|
2024-01-06 03:08:22 +00:00
|
|
|
"$elt" = libvirthost -o "$elt" = torlibvirthost -o \
|
|
|
|
"$elt" = libvirtguest -o "$elt" = virbr1 -o \
|
2024-01-06 01:57:28 +00:00
|
|
|
"$elt" = ping -o "$elt" = trace -o "$elt" = ntp -o "$elt" = nmap -o \
|
|
|
|
"$elt" = iwlist -o "$elt" = firefail -o "$elt" = direct -o \
|
|
|
|
"$elt" = trace -o "$elt" = wifi -o "$elt" = '' -o "$elt" = '' \
|
|
|
|
] ; then
|
|
|
|
aret+=( `proxy_test_help_args $elt` )
|
|
|
|
else
|
|
|
|
WARN unrecognized: $elt >&2
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
DBUG "${aret[@]}" >&2
|
|
|
|
echo "${aret[@]}"
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
# -I $PROXY_WLAN -c 1 $DNS_HOST2
|
|
|
|
if [ "$#" = 0 ] ; then
|
|
|
|
# default to mode
|
|
|
|
set -- $MODE
|
|
|
|
fi
|
|
|
|
if [ $1 = '-h' -o $1 = '--help' ] ; then
|
|
|
|
echo USAGE: $USAGE | sed -e 's/[0-9][0-9]*)/\n&/g'
|
|
|
|
grep '^## [a-oq-z]' $0 | sed -e 's/^## / /'
|
|
|
|
exit 0
|
|
|
|
elif [ "$1" = 0 ] ; then
|
|
|
|
INFO $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE
|
|
|
|
echo 0 help /tmp/proxy_ping_test.hlp
|
|
|
|
[ -f /tmp/proxy_ping_test.hlp ] || proxy_ping_make_help
|
|
|
|
. /tmp/proxy_ping_test.hlp
|
|
|
|
for elt in "${!tests[@]}" ; do
|
|
|
|
echo $elt "${tests[$elt]}"
|
|
|
|
done
|
|
|
|
exit 0
|
|
|
|
elif [[ $1 =~ ^[0-9] ]] ; then
|
|
|
|
: passthrough
|
|
|
|
else
|
|
|
|
set -- `proxy_ping_test_set_args "$@"`
|
|
|
|
DBUG running tests numbered "$@"
|
|
|
|
fi
|
|
|
|
|
2024-01-06 03:08:22 +00:00
|
|
|
proxy_test_pretest_exit "$1"
|
2024-01-06 01:57:28 +00:00
|
|
|
|
|
|
|
# https://stackoverflow.com/questions/8290046/icmp-sockets-linux/20105379#20105379
|
|
|
|
if [ $( id -u ) -eq 0 ] ; then
|
|
|
|
proxy_ping_chattr
|
|
|
|
fi
|
|
|
|
|
|
|
|
DBUG $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE $*
|
|
|
|
# $( sysctl net.ipv4.ping_group_range )
|
|
|
|
|
|
|
|
# proxy_iptables_save|grep 216
|
|
|
|
|
|
|
|
while [ "$#" -gt 0 ] ; do
|
|
|
|
# DBUG $prog $1
|
|
|
|
ARG=$1 ; shift
|
|
|
|
|
|
|
|
GREP=""
|
|
|
|
if [ -z "$ARG" ] ; then
|
|
|
|
continue
|
|
|
|
|
|
|
|
elif ! [ "$ARG" -ge 0 ] ; then
|
|
|
|
ERROR $prog called with an unrecognized argument $ARG from $0
|
|
|
|
exit 9
|
|
|
|
|
|
|
|
elif [ $ARG -le 0 ] ; then
|
|
|
|
# do the ping and resov.conf
|
|
|
|
true
|
|
|
|
|
|
|
|
elif [ $ARG -eq 1 ] ; then
|
|
|
|
tests[1]="wget_https_as_user wget ${HTTPS_PORT} - https "
|
|
|
|
[ -n "$https_proxy" ] && LARGS="" || \
|
|
|
|
LARGS="env https_proxy=https://${HTTPS_HOST}:${HTTPS_PORT}"
|
|
|
|
$LARGS $WGET https://$HTTP_TARGET
|
|
|
|
retval=$?
|
|
|
|
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
else
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval test=$ARG
|
|
|
|
[ -z "$ALL" ] && continue
|
|
|
|
fi
|
|
|
|
# works with fix
|
|
|
|
GREP="${HTTPS_PORT}"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 2 ] ; then
|
|
|
|
[ -n "$https_proxy" ] && LARGS="--proxy $https_proxy" || \
|
|
|
|
LARGS="--proxy https://${HTTPS_HOST}:${HTTPS_PORT}"
|
|
|
|
tests[2]="curl_https_as_user curl $LARGS https://$HTTP_TARGET - https "
|
|
|
|
proxy_ping_curl $LARGS https://$HTTP_TARGET >/dev/null || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $LARGS https://$HTTP_TARGET
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
# works with fix
|
|
|
|
GREP="${HTTPS_PORT}"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 3 ] ; then
|
|
|
|
tests[3]="curl_socks_virbr1_as_user $SOCKS_HOST $SOCKS_PORT - torhost "
|
|
|
|
# proxy_dest_port_wlan_config || { ERROR DEST=$DEST ; continue ; }
|
|
|
|
|
|
|
|
# curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision
|
|
|
|
[ $DEBIAN -eq 0 ] && continue
|
|
|
|
|
|
|
|
[ -z "$socks_proxy" ] && socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
|
2024-01-06 03:08:22 +00:00
|
|
|
# mode whonix implies torhost
|
2024-01-06 01:57:28 +00:00
|
|
|
if [ $MODE = whonix ] ; then
|
|
|
|
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e| grep 15:$SOCKS_PORT || {
|
|
|
|
retval=$?
|
|
|
|
ERROR ssh -o ForwardX11=no user@10.0.2.15 netstat
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue ;
|
|
|
|
}
|
|
|
|
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
|
|
|
|
proxy_ping_curl -x $socks_proxy \
|
|
|
|
--interface virbr1 n--dns-interface virbr1 https://$HTTP_TARGET >/dev/null || {
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl -x $socks_proxy --interface virbr1 --dns-interface virbr1 https://$HTTP_TARGET
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
else
|
|
|
|
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
|
|
|
|
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null \
|
|
|
|
|| { retval=$? ; ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${SOCKS_HOST} $SOCKS_PORT
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue ; }
|
|
|
|
fi
|
|
|
|
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
# works with user/pass
|
|
|
|
GREP="$SOCKS_PORT"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 4 ] ; then
|
2024-01-06 03:08:22 +00:00
|
|
|
tests[4]="dig_socks_through_as_user @${SOCKS_HOST} -p $SOCKS_DNS $DNS_TARGET - tordns "
|
2024-01-06 01:57:28 +00:00
|
|
|
[ $HAVE_DIG = 1 ] || continue
|
|
|
|
if [ $MODE = whonix ] ; then
|
2024-01-06 03:08:22 +00:00
|
|
|
# test ssh to the whonix_gateway libvirt container
|
|
|
|
# and make sure that the socks proxy is runninh
|
2024-01-06 01:57:28 +00:00
|
|
|
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e | grep 15:$SOCKS_DNS
|
|
|
|
fi
|
2024-01-06 03:08:22 +00:00
|
|
|
dig @${SOCKS_HOST} -p $SOCKS_DNS $DNS_TARGET +timeout=$TIMEOUT >/dev/null || { \
|
2024-01-06 01:57:28 +00:00
|
|
|
retval=$?
|
2024-01-06 03:08:22 +00:00
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @${SOCKS_HOST} -p $SOCKS_DNS $DNS_TARGET
|
2024-01-06 01:57:28 +00:00
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
# works with fix
|
|
|
|
GREP="$SOCKS_DNS"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 5 ] ; then
|
|
|
|
tests[5]="nslookup_socks_as_user - tordns "
|
|
|
|
[ $HAVE_NSLOOKUP = 1 ] || continue
|
2024-01-06 03:08:22 +00:00
|
|
|
desc="$NSL -port=$SOCKS_DNS $DNS_TARGET ${DNS_HOST}"
|
2024-01-06 01:57:28 +00:00
|
|
|
$desc >/dev/null || { \
|
|
|
|
retval=$?
|
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}" $desc
|
|
|
|
# works with fix
|
|
|
|
GREP="$SOCKS_DNS"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 6 ] ; then
|
|
|
|
proxy=`proxy_ping_get_https`
|
|
|
|
desc="curl --proxy http://${proxy}"
|
|
|
|
tests[6]="curl_https_as_user - https "
|
|
|
|
proxy_ping_curl --proxy http://${proxy} \
|
|
|
|
--proxy-insecure https://$HTTP_TARGET || { \
|
|
|
|
retval=$?
|
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}" $desc
|
|
|
|
# works
|
|
|
|
GREP="$HTTP_PORT"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 7 ] ; then
|
|
|
|
tests[8]="traceroute_icmp_dns_as_root --icmp - trace "
|
|
|
|
[ $USER = root ] || continue
|
|
|
|
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
|
|
|
|
[ $HAVE_TRACEROUTE = 1 ] || continue
|
|
|
|
traceroute -i $PROXY_WLAN --icmp $DNS_TARGET -m $THOPS || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $retval traceroute --icmp -m $THOPS
|
|
|
|
[ -z "$ALL" ] && exit 7$retval
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
GREP="-i icmp"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 8 ] ; then
|
|
|
|
tests[8]="traceroute_tcp_dns_as_root -i $PROXY_WLAN -p 53 -T4 - trace "
|
|
|
|
[ $USER = root ] || continue
|
|
|
|
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
|
|
|
|
[ $HAVE_TRACEROUTE = 1 ] || continue
|
|
|
|
traceroute -i $PROXY_WLAN -p 53 -T4 $DNS_TARGET -m $THOPS || { \
|
|
|
|
retval=$?
|
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute -T4 -p 53 -m $THOPS
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
GREP="53"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 9 ] ; then
|
|
|
|
tests[9]="traceroute_icmp_dns_as_user -p 53 - trace "
|
|
|
|
[ $USER = root ] || continue
|
|
|
|
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
|
|
|
|
[ $HAVE_TRACEROUTE = 1 ] || continue
|
|
|
|
traceroute -i $PROXY_WLAN --icmp $DNS_TARGET -p 53 -m $THOPS || { \
|
|
|
|
retval=$?
|
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute -i $PROXY_WLAN --icmp -m $THOPS
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
GREP="53"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 10 ] ; then
|
|
|
|
tests[10]="wget_http_as_user $HTTP_PORT - http "
|
|
|
|
proxy=`proxy_ping_get_http`
|
|
|
|
env http_proxy=http://${proxy} \
|
|
|
|
$WGET -S http://$HTTP_TARGET 2>/dev/null
|
|
|
|
retval=$?
|
|
|
|
# 8 is an oddball
|
|
|
|
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}" wget $HTTP_PORT
|
|
|
|
else
|
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval wget $HTTP_PORT
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
fi
|
|
|
|
GREP="$HTTP_PORT"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 11 ] ; then
|
|
|
|
tests[11]="curl_https_as_user - https "
|
|
|
|
proxy=`proxy_ping_get_https`
|
|
|
|
proxy_ping_curl --proxy http://${proxy} \
|
|
|
|
--proxy-insecure https://$HTTP_TARGET || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $HTTP_PORT
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
GREP="$HTTP_PORT"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 12 ] ; then
|
|
|
|
tests[12]="nmap_dns_as_root --privileged --send-eth -Pn -sU -p U:53 $DNS_HOST1 - nmap direct "
|
|
|
|
[ $USER = root ] || continue
|
|
|
|
which nmap 2>/dev/null >/dev/null || continue
|
|
|
|
[ -z "$DNS_HOST1" ] && DNS_HOST1="208.67.220.220"
|
|
|
|
nmap --privileged --send-eth -Pn -sU -p U:53 "$DNS_HOST1" || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmap 53
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
# works
|
|
|
|
GREP="53"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 13 ] ; then
|
|
|
|
tests[13]="curl_firewall_bin - wifi "
|
|
|
|
[ $USER = root ] || continue
|
|
|
|
proxy_test_curl_firewall_bin || continue
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}" curl bin
|
|
|
|
# works
|
|
|
|
GREP="443"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 14 ] ; then
|
|
|
|
tests[14]="traceroute_icmp_gw_as_root --icmp $PROXY_WLAN_GW - gw wifi "
|
|
|
|
[ $USER = root ] || continue
|
|
|
|
[ $HAVE_TRACEROUTE = 1 ] || continue
|
|
|
|
proxy_test_traceroute_icmp_gw || continue
|
|
|
|
# works
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
GREP="-i icmp"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 15 ] ; then
|
|
|
|
tests[15]="test_dig_direct - direct "
|
|
|
|
[ $HAVE_DIG = 1 ] || continue
|
|
|
|
proxy_test_dig_direct || continue
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}" proxy_test_dig_direct
|
|
|
|
|
|
|
|
elif [ $ARG -eq 16 ] ; then
|
|
|
|
tests[16]="nslookup_as_root nslookup $PRIV_BIN_OWNER - torhost "
|
|
|
|
[ $USER = root ] || continue
|
|
|
|
[ $HAVE_NSLOOKUP = 1 ] || continue
|
|
|
|
su -c "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
# works /fails but maybe a noop
|
|
|
|
GREP="53"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 17 ] ; then
|
|
|
|
tests[17]="ntpdate_as_root ntpdate without service - ntp "
|
|
|
|
proxy_run_as_root || exit 9
|
|
|
|
[ -x /usr/sbin/ntpdate ] || continue
|
|
|
|
# Curious: even though sgid 2755 ntp it fails as su ntp
|
|
|
|
# 12 Nov 23:28:35 ntpdate[17341]: bind() fails: Permission denied
|
|
|
|
/usr/sbin/ntpdate "$NTP_HOST1" || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ntpdate
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
GREP="123"
|
|
|
|
elif [ $ARG -eq 18 ] ; then
|
|
|
|
tests[18]="ntpdate_as_root ntpdate with servie - ntp "
|
|
|
|
proxy_run_as_root || exit 9
|
|
|
|
proxy_rc_service ntpd status >/dev/null && \
|
|
|
|
proxy_rc_service ntpd stop >/dev/null && sleep 2
|
|
|
|
/usr/sbin/ntpdate $NTP_HOST1 || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ntpdate
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
# works
|
|
|
|
proxy_rc_service ntpd status >/dev/null || proxy_rc_service ntpd start
|
|
|
|
GREP="123"
|
|
|
|
elif [ $ARG -eq 19 ] ; then
|
|
|
|
tests[19]="curl_noproxy_http_as_user curl raw noproxy - firefail "
|
|
|
|
proxy_ping_curl --noproxy "'*.*'" --connect-timeout $TIMEOUT \
|
|
|
|
http://$HTTP_TARGET >/dev/null && {
|
|
|
|
retval=$?
|
|
|
|
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" curl raw --noproxy
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
GREP=80
|
|
|
|
|
|
|
|
elif [ $ARG -eq 20 ] ; then
|
|
|
|
tests[20]="curl_socksproxy_as_user curl $SOCKS_PORT - socks "
|
|
|
|
# needs dns
|
|
|
|
[ $DEBIAN -eq 0 ] && continue
|
|
|
|
|
|
|
|
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
|
2024-01-06 03:08:22 +00:00
|
|
|
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null || {
|
|
|
|
retval=$? ;
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $SOCKS_PORT
|
2024-01-06 01:57:28 +00:00
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
# works with user/pass
|
|
|
|
GREP="$SOCKS_PORT"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 21 ] ; then
|
|
|
|
tests[21]="curl_httpsproxy_as_user - https "
|
|
|
|
[ -z "$https_proxy" ] && https_proxy=http://${HTTPS_PROXY_HOST}:${HTTPS_PORT}
|
|
|
|
proxy_ping_curl -x $https_proxy https://$HTTP_TARGET >/dev/null || { \
|
|
|
|
if [ "$MODE" = gateway ] ; then
|
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${HTTPS_HOST} ${HTTPS_PORT}
|
|
|
|
continue
|
|
|
|
else
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${HTTPS_HOST} HTTPS_PORT=${HTTPS_PORT}
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}" curl ${HTTPS_HOST} ${HTTPS_PORT}
|
|
|
|
GREP="${HTTPS_PORT}"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 22 ] ; then
|
|
|
|
tests[22]="iwlist_scan_as_user iwlist $PROXY_WLAN scan - iwlist "
|
|
|
|
[ $USER = root ] || continue
|
|
|
|
which iwlist 2>/dev/null || continue
|
|
|
|
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
|
|
|
|
iwlist $PROXY_WLAN scan >/dev/null || {
|
|
|
|
ERROR $prog retval=$? test=$ARG $PROXY_WLAN scan
|
|
|
|
[ -z "$ALL" ] && exit $ARG$1 || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
# works
|
|
|
|
|
|
|
|
elif [ $ARG -eq 23 ] ; then
|
|
|
|
tests[23]="curl_proxy_as_user - direct "
|
|
|
|
proxy_ping_curl --insecure https://$HTTP_TARGET >/dev/null || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl direct
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 24 ] ; then
|
2024-01-06 03:08:22 +00:00
|
|
|
tests[24]="dig_direct_or_dnsmasq dig -b $IP $DNS_TARGET - direct "
|
2024-01-06 01:57:28 +00:00
|
|
|
[ $HAVE_DIG = 1 ] || continue
|
|
|
|
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
|
|
|
|
[ -n "$IP" ] || continue
|
2024-01-06 03:08:22 +00:00
|
|
|
dig -b $IP $DNS_TARGET +timeout=$TIMEOUT >/dev/null || { \
|
2024-01-06 01:57:28 +00:00
|
|
|
retval=$?
|
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}" dig -b $IP
|
|
|
|
|
|
|
|
elif [ $ARG -eq 25 ] ; then
|
|
|
|
tests[25]="nslookup_as_user - direct "
|
|
|
|
[ $HAVE_NSLOOKUP = 1 ] || continue
|
|
|
|
# noenv with or without proxy
|
|
|
|
# @$DNS_HOST1 should fail for firewall unless dnsmasq is working
|
2024-01-06 03:08:22 +00:00
|
|
|
$NSL >/dev/null $DNS_TARGET || { \
|
2024-01-06 01:57:28 +00:00
|
|
|
retval=$?
|
2024-01-06 03:08:22 +00:00
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval nslookup $DNS_TARGET
|
2024-01-06 01:57:28 +00:00
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}" nslookup
|
|
|
|
|
|
|
|
elif [ $ARG -eq 26 ] ; then
|
|
|
|
tests[26]="route_connected_ping_scan - direct "
|
|
|
|
[ $HAVE_DIG = 1 ] || continue
|
2024-01-06 03:08:22 +00:00
|
|
|
#? done already in proxy_test_pretest_exit
|
2024-01-06 01:57:28 +00:00
|
|
|
proxy_do_ping && \
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP || \
|
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
|
|
|
|
|
|
|
|
elif [ $ARG -eq 27 ] ; then
|
|
|
|
tests[27]="dns_as_user dig -b 127.0.0.1 - direct "
|
|
|
|
[ $HAVE_DIG = 1 ] || continue
|
|
|
|
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
|
2024-01-06 03:08:22 +00:00
|
|
|
dig -b 127.0.0.1 $DNS_TARGET +timeout=$TIMEOUT >/dev/null || { \
|
2024-01-06 01:57:28 +00:00
|
|
|
retval=$?
|
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 28 ] ; then
|
|
|
|
tests[28]="wget_as_user - direct "
|
|
|
|
proxy_ping_test_env || { WARN $prog test=$ARG "${tests[$ARG]}" no proxy in env ; }
|
|
|
|
$WGET -S https://$HTTP_TARGET 2>/dev/null
|
|
|
|
retval=$?
|
|
|
|
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}" wget
|
|
|
|
else
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval wget
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
fi
|
|
|
|
|
|
|
|
elif [ $ARG -eq 29 ] ; then
|
|
|
|
tests[29]="curl_as_user - direct "
|
|
|
|
proxy_ping_test_env || { WARN $prog test=$ARG "${tests[$ARG]}" no proxy in env ; }
|
|
|
|
proxy_ping_curl https://$HTTP_TARGET >/dev/null || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 30 ] ; then
|
|
|
|
tests[30]="tor_bootstrap_check_as_root tor_bootstrap_check.py - torhost "
|
2024-01-06 03:08:22 +00:00
|
|
|
[ $MODE = tor -o $MODE = whonix -o $MODE = selektor ] || {
|
|
|
|
# are there other roles that run tor?
|
|
|
|
WARN $prog MODE != tor test=$ARG
|
2024-01-06 01:57:28 +00:00
|
|
|
}
|
|
|
|
port=$SOCKS_PORT
|
|
|
|
$NETS | grep -q :$port || {
|
|
|
|
ERROR $prog retval=$? test=$ARG tor not running on $port
|
|
|
|
[ -z "$ALL" ] && exit $ARG || continue
|
|
|
|
}
|
|
|
|
[ $USER = root ] || continue
|
|
|
|
|
|
|
|
# was /usr/local/bin/tor_bootstrap_check.bash
|
|
|
|
[ -f /usr/local/src/helper-scripts/tor_bootstrap_check.py ] || return 1
|
|
|
|
python3.sh /usr/local/src/helper-scripts/tor_bootstrap_check.py
|
|
|
|
# morons 100%
|
|
|
|
retval=$?
|
|
|
|
[ $retval -eq 0 -o $retval -eq 100 ] || { \
|
|
|
|
retval=$?
|
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor_bootstrap_check
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 31 ] ; then
|
|
|
|
tests[31]="curl_noproxy_as_root polipo http pages $HTTP_PORT - direct http "
|
|
|
|
proxy_ping_curl --noproxy http://${HTTP_HOST}:$HTTP_PORT && { \
|
|
|
|
retval=$?
|
2024-01-06 03:08:22 +00:00
|
|
|
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval http to $HTTP_PORT
|
2024-01-06 01:57:28 +00:00
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
# works
|
|
|
|
GREP="$HTTP_PORT"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 32 ] ; then
|
|
|
|
tests[32]="ping_nmap_direct_as_root nmap 53 - direct "
|
|
|
|
[ $USER = root ] || continue
|
|
|
|
which nmap 2>/dev/null >/dev/null || continue
|
|
|
|
[ -n "$PROXY_WLAN" -a -n "$PROXY_WLAN_GW" ] || proxy_ping_get_wlan_gw || continue
|
|
|
|
proxy_ping_nmap_direct $DNS_HOST1 "$PROXY_WLAN_GW" U:67 || {
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmapd 53
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
# works
|
|
|
|
GREP="53"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 33 ] ; then
|
|
|
|
tests[33]="host_virbr_as_user proxy_ping_test_virbr 1 - libvirthost "
|
|
|
|
proxy_ping_test_virbr 1 || {
|
|
|
|
retval=$?
|
|
|
|
ERROR $CONN virbr1 not running
|
|
|
|
[ -z "$ALL" ] && exit 1 || continue
|
|
|
|
}
|
|
|
|
# * Immediate connect fail for 10.0.2.15: Connection refused
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 34 ] ; then
|
|
|
|
tests[34]="python_ping_as_root traceroute --icmp $PROXY_WLAN_GW - wifi "
|
|
|
|
[ $USER = root ] || continue
|
|
|
|
[ -n "$PROXY_WLAN_GW" -a -n "$IP" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw` || continue
|
|
|
|
[ -f /usr/local/bin/ping2.py ] || continue
|
|
|
|
/usr/local/bin/ping2.py $IP $DNS_HOST1 $PROXY_WLAN_GW || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ping2.py $DNS_HOST1
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
# works
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
GREP="-i icmp"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 35 ] ; then
|
|
|
|
tests[35]="dig_as_root - firewall dig @$DNS_HOST1 - torhost dns "
|
|
|
|
[ $USER = root ] || continue
|
|
|
|
[ $HAVE_DIG = 1 ] || continue
|
|
|
|
# @$DNS_HOST1
|
|
|
|
su -c "dig pool.ntp.org +timeout=$TIMEOUT" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig pool.ntp.org $PRIV_BIN_OWNER
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
# works
|
|
|
|
GREP="53"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 36 ] ; then
|
|
|
|
tests[36]="tor_resolve_as_user tor-resolve pool.ntp.org - tordns "
|
|
|
|
[ $HAVE_TOR_RESOLVE = 1 ] || continue
|
|
|
|
tor-resolve pool.ntp.org >/dev/null || { \
|
|
|
|
retval=$?
|
|
|
|
# dunno Failed parsing SOCKS5 response conf?
|
|
|
|
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor-resolve pool.ntp.org
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
# works
|
|
|
|
GREP="9053"
|
|
|
|
|
|
|
|
elif [ $ARG -eq 37 ] ; then
|
|
|
|
tests[37]="qemu-guest-agent and ports - libvirtguest "
|
|
|
|
ser=qemu-guest-agent
|
|
|
|
proxy_rc_service $ser status >/dev/null || proxy_rc_service $ser start
|
|
|
|
proxy_rc_service $ser status >/dev/null || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval $ser status
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
[ -d /dev/virtio-ports ] || { \
|
|
|
|
retval=$?
|
|
|
|
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval /dev/virtio-ports
|
|
|
|
[ -z "$ALL" ] && exit $ARG$retval || continue
|
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
GREP=""
|
|
|
|
elif [ $ARG -eq 38 ] ; then
|
2024-01-06 03:08:22 +00:00
|
|
|
tests[38]="qemu-guest-agent and ports - libvirthost "
|
2024-01-06 01:57:28 +00:00
|
|
|
[ $USER = root ] || continue
|
|
|
|
$PL proxy_libvirt_list
|
|
|
|
aret=$?
|
|
|
|
if [ $aret -eq 10 ] ;then
|
|
|
|
WARN proxy_libvirt_status hung
|
|
|
|
elif [ $aret -ne 10 -a $aret -ne 0 ] ; then
|
|
|
|
DBUG proxy_libvirt_status aret=$aret
|
|
|
|
else
|
2024-01-06 03:08:22 +00:00
|
|
|
# was $GATEW_DOM but now can be gentoo_vm-2 etc
|
|
|
|
$PL proxy_libvirt_list 2>&1 | grep -q "running" || {
|
|
|
|
WARN MODE=$MODE and nothing libvirt running ;
|
|
|
|
continue
|
2024-01-06 01:57:28 +00:00
|
|
|
}
|
|
|
|
INFO $prog test=$ARG "${tests[$ARG]}"
|
|
|
|
fi
|
|
|
|
elif false ; then
|
|
|
|
if ! grep -q '10.152.152.10\|127.0.0.1' /etc/resolv.conf ; then
|
|
|
|
$NETS | grep -q :53 || {
|
|
|
|
ERROR $prog retval=$? test=$ARG local resolv.conf but :53 not running
|
|
|
|
[ -z "$ALL" ] && exit 1 || continue
|
|
|
|
}
|
|
|
|
fi
|
|
|
|
|
|
|
|
fi
|
|
|
|
[ -n "$GREP" ] && [ $DMESG_LINES -gt 0 ] && \
|
|
|
|
DBUG `dmesg|tail|grep $GREP|tail -$DMESG_LINES`
|
|
|
|
|
|
|
|
done
|
|
|
|
exit 0
|
|
|
|
|
|
|
|
1)
|
|
|
|
env https_proxy=http://${SOCKS_HOST}:${HTTPS_PORT} wget $D -O - --no-check-certificate
|
|
|
|
2)
|
|
|
|
curl $D -k --proxy
|
|
|
|
3)
|
|
|
|
curl $D -k --proxy socks5://${SOCKS_HOST}:$SOCKS_PORT --proxy-insecure
|
|
|
|
6)
|
|
|
|
curl -k --proxy $HTTP_PORT
|
|
|
|
16)
|
|
|
|
nslookup $PRIV_BIN_OWNER
|
|
|
|
18)
|
|
|
|
ntpdate as sroot
|
|
|
|
19)
|
|
|
|
curl raw noproxy
|
|
|
|
0)
|
|
|
|
usage
|
|
|
|
|