arti/tests/shadow/run.sh

#!/usr/bin/env bash

set -xeuo pipefail

# Remove output of previous run
rm -rf shadow.data

export RUST_BACKTRACE=1

# Fix permissions on hidden service dir to prevent tor from bailing.
# TODO: isn't there a way to set the permissions in the git repo? Tried `git
# update-index --chmod`, but it refuses to set permissions on a directory.
chmod 700 shadow.data.template/hosts/fileserver-onion/hs

# Run the simulation
shadow \
  --model-unblocked-syscall-latency=true \
  --log-level=debug \
  --strace-logging-mode=standard \
  --template-directory=./shadow.data.template \
  --progress=true \
  --use-memory-manager=false \
  --use-worker-spinning=false \
  shadow.yaml \
  > shadow.log

# Check whether file transfers via arti inside the simulation succeeded
for HOST in articlient articlient-bridge articlient-onion; do
  successes="$(grep -c stream-success shadow.data/hosts/$HOST/tgen.*.stdout || true)"
  if [ "$successes" = 10 ]
  then
    echo "Simulation successful"
  else
    echo "Failed. Only got $successes successful streams."
    exit 1
  fi
done

pushd shadow.data/hosts/articlient-bridge/
for PCAP in *.pcap; do
	# verify all connection are either from/to the bridge, or local.
	LEAK=$(tshark -r "$PCAP" 'ip.src != 100.0.0.2 && ip.dst != 100.0.0.2 && ip.dst != 127.0.0.0/8')
	if [ "$LEAK" ]; then
		echo "Found tcp leaks in PCAP: $PCAP"
	        echo "$LEAK"
		exit 1
	fi
done

DNS_LEAK=$(grep -l shadow_hostname_to_addr_ipv4 arti.*.strace || true)
if [ "$DNS_LEAK" ]; then
	echo "Found DNS leaks in $DNS_LEAK"
	exit 1
fi
popd
shell: use /usr/bin/env instead of absolute paths This commit changes the shebang in all shell scripts from absolute paths (such as `/bin/bash` or `/usr/bin/python3`) to the `/usr/bin/env` binary with the accompanying interpreter as it's argument. The reason for this are as follows: - NixOS cannot work with absolute paths - BSD systems install their packages in /usr/local/bin 2023-01-25 17:35:53 +00:00			`#!/usr/bin/env bash`
Create a shadow-based integration test Fixes https://gitlab.torproject.org/tpo/core/arti/-/issues/174 2022-08-30 19:45:12 +01:00
verify leakage and run shadow with less shm 2022-11-30 17:40:59 +00:00			`set -xeuo pipefail`
Create a shadow-based integration test Fixes https://gitlab.torproject.org/tpo/core/arti/-/issues/174 2022-08-30 19:45:12 +01:00
			`# Remove output of previous run`
			`rm -rf shadow.data`

shadow ci: bump shadow 2023-05-08 16:56:47 +01:00			`export RUST_BACKTRACE=1`

shadow test: fix hidden service dir permissions 2023-06-22 22:55:29 +01:00			`# Fix permissions on hidden service dir to prevent tor from bailing.`
			# TODO: isn't there a way to set the permissions in the git repo? Tried `git
			# update-index --chmod`, but it refuses to set permissions on a directory.
			`chmod 700 shadow.data.template/hosts/fileserver-onion/hs`

Create a shadow-based integration test Fixes https://gitlab.torproject.org/tpo/core/arti/-/issues/174 2022-08-30 19:45:12 +01:00			`# Run the simulation`
			`shadow \`
			`--model-unblocked-syscall-latency=true \`
			`--log-level=debug \`
			`--strace-logging-mode=standard \`
			`--template-directory=./shadow.data.template \`
			`--progress=true \`
verify leakage and run shadow with less shm 2022-11-30 17:40:59 +00:00			`--use-memory-manager=false \`
shadow test: disable worker spinning This optimization doesn't seem to help much for this test; disable it to avoid burning CI runner CPU. 2023-06-26 20:41:41 +01:00			`--use-worker-spinning=false \`
Create a shadow-based integration test Fixes https://gitlab.torproject.org/tpo/core/arti/-/issues/174 2022-08-30 19:45:12 +01:00			`shadow.yaml \`
			`> shadow.log`

			`# Check whether file transfers via arti inside the simulation succeeded`
shadow test: add and validate arti onion client 2023-06-22 21:23:12 +01:00			`for HOST in articlient articlient-bridge articlient-onion; do`
shadow-ci: check for successful transfers on bridge-client as well 2023-05-08 21:12:45 +01:00			`successes="$(grep -c stream-success shadow.data/hosts/$HOST/tgen.*.stdout \|\| true)"`
			`if [ "$successes" = 10 ]`
			`then`
			`echo "Simulation successful"`
			`else`
			`echo "Failed. Only got $successes successful streams."`
shadow test: fail the test if streams didn't succeed 2023-06-22 21:27:09 +01:00			`exit 1`
shadow-ci: check for successful transfers on bridge-client as well 2023-05-08 21:12:45 +01:00			`fi`
			`done`
verify leakage and run shadow with less shm 2022-11-30 17:40:59 +00:00
shadow ci: bump shadow 2023-05-08 16:56:47 +01:00			`pushd shadow.data/hosts/articlient-bridge/`
verify leakage and run shadow with less shm 2022-11-30 17:40:59 +00:00			`for PCAP in *.pcap; do`
			`# verify all connection are either from/to the bridge, or local.`
			`LEAK=$(tshark -r "$PCAP" 'ip.src != 100.0.0.2 && ip.dst != 100.0.0.2 && ip.dst != 127.0.0.0/8')`
			`if [ "$LEAK" ]; then`
			`echo "Found tcp leaks in PCAP: $PCAP"`
			`echo "$LEAK"`
			`exit 1`
			`fi`
			`done`

shadow ci: bump shadow 2023-05-08 16:56:47 +01:00			`DNS_LEAK=$(grep -l shadow_hostname_to_addr_ipv4 arti.*.strace \|\| true)`
verify leakage and run shadow with less shm 2022-11-30 17:40:59 +00:00			`if [ "$DNS_LEAK" ]; then`
			`echo "Found DNS leaks in $DNS_LEAK"`
			`exit 1`
			`fi`
			`popd`