feat: port-filtering experiment (#891)

Part of https://github.com/ooni/probe/issues/2005
2022-09-14 23:24:43 +05:30 · 2022-09-14 23:24:43 +05:30 · d6a362d96f
commit d6a362d96f
parent cb632ea0f3
15 changed files with 452 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -14,8 +14,10 @@
 /miniooni.exe
 /oohelper
 /oohelperd
+/ooporthelper
 /oohelperd.exe
 /oohelper.exe
+/ooporthelper.exe
 /ooniprobe
 /ooniprobe_checksums.txt
 /ooniprobe_checksums.txt.asc
--- a/internal/cmd/ooporthelper/README.md
+++ b/internal/cmd/ooporthelper/README.md
@ -0,0 +1,4 @@
+# ooporthelper
+
+This directory contains the source code of the Port-
+Filtering test helper written in go
--- a/internal/cmd/ooporthelper/main.go
+++ b/internal/cmd/ooporthelper/main.go
@ -0,0 +1,79 @@
+// command ooporthelper implements the Port Filtering test helper
+package main
+
+import (
+	"context"
+	"flag"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/apex/log"
+	"github.com/ooni/probe-cli/v3/internal/engine/experiment/portfiltering"
+	"github.com/ooni/probe-cli/v3/internal/runtimex"
+)
+
+var (
+	srvCtx      context.Context
+	srvCancel   context.CancelFunc
+	srvWg       = new(sync.WaitGroup)
+	srvTestChan = make(chan string, len(TestPorts)) // buffered channel for testing
+	srvTest     bool
+)
+
+func init() {
+	srvCtx, srvCancel = context.WithCancel(context.Background())
+}
+
+func shutdown(ctx context.Context, l net.Listener) {
+	<-ctx.Done()
+	l.Close()
+}
+
+// TODO(DecFox): Add the ability of an echo service to generate some traffic
+func handleConnetion(ctx context.Context, conn net.Conn) {
+	defer conn.Close()
+	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
+	defer cancel()
+	<-ctx.Done()
+}
+
+func listenTCP(ctx context.Context, port string) {
+	defer srvWg.Done()
+	address := net.JoinHostPort("127.0.0.1", port)
+	listener, err := net.Listen("tcp", address)
+	runtimex.PanicOnError(err, "net.Listen failed")
+	go shutdown(ctx, listener)
+	srvTestChan <- port // send to channel to imply server will start listening on port
+	for {
+		conn, err := listener.Accept()
+		if err != nil {
+			log.Infof("listener unable to accept connections on port%s", port)
+			return
+		}
+		go handleConnetion(ctx, conn)
+	}
+}
+
+func main() {
+	logmap := map[bool]log.Level{
+		true:  log.DebugLevel,
+		false: log.InfoLevel,
+	}
+	debug := flag.Bool("debug", false, "Toggle debug mode")
+	flag.Parse()
+	log.SetLevel(logmap[*debug])
+	defer srvCancel()
+	ports := portfiltering.Ports
+	if srvTest {
+		ports = TestPorts
+	}
+	for _, port := range ports {
+		srvWg.Add(1)
+		ctx, cancel := context.WithCancel(srvCtx)
+		defer cancel()
+		go listenTCP(ctx, port)
+	}
+	<-srvCtx.Done()
+	srvWg.Wait() // wait for listeners on all ports to close
+}
--- a/internal/cmd/ooporthelper/main_test.go
+++ b/internal/cmd/ooporthelper/main_test.go
@ -0,0 +1,31 @@
+package main
+
+import (
+	"context"
+	"net"
+	"testing"
+
+	"github.com/ooni/probe-cli/v3/internal/model"
+	"github.com/ooni/probe-cli/v3/internal/netxlite"
+)
+
+func TestMainWorkingAsIntended(t *testing.T) {
+	srvTest = true // toggle to imply that we are running in test mode
+	go main()
+	dialer := netxlite.NewDialerWithoutResolver(model.DiscardLogger)
+	for _, port := range TestPorts {
+		<-srvTestChan
+		addr := net.JoinHostPort("127.0.0.1", port)
+		ctx := context.Background()
+		conn, err := dialer.DialContext(ctx, "tcp", addr)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if conn == nil {
+			t.Fatal("expected non-nil conn")
+		}
+		conn.Close()
+	}
+	srvCancel()  // shutdown server
+	srvWg.Wait() // wait for listeners on all ports to close
+}
--- a/internal/cmd/ooporthelper/ports.go
+++ b/internal/cmd/ooporthelper/ports.go
@ -0,0 +1,12 @@
+package main
+
+//
+// List of ports we want to use for running integration tests
+//
+
+// Ports for testing the testhelper
+// Note: we must only use unprivileged ports here to ensure tests run successfully
+var TestPorts = []string{
+	"8080", // tcp
+	"5050", // tcp
+}
--- a/internal/engine/experiment/portfiltering/config.go
+++ b/internal/engine/experiment/portfiltering/config.go
@ -0,0 +1,20 @@
+package portfiltering
+
+//
+// Config for the port-filtering experiment
+//
+
+import "time"
+
+// Config contains the experiment configuration.
+type Config struct {
+	// Delay is the delay between each repetition (in milliseconds).
+	Delay int64 `ooni:"number of milliseconds to wait before testing each port"`
+}
+
+func (c *Config) delay() time.Duration {
+	if c.Delay > 0 {
+		return time.Duration(c.Delay) * time.Millisecond
+	}
+	return 100 * time.Millisecond
+}
--- a/internal/engine/experiment/portfiltering/config_test.go
+++ b/internal/engine/experiment/portfiltering/config_test.go
@ -0,0 +1,13 @@
+package portfiltering
+
+import (
+	"testing"
+	"time"
+)
+
+func TestConfig_delay(t *testing.T) {
+	c := Config{}
+	if c.delay() != 100*time.Millisecond {
+		t.Fatal("invalid default delay")
+	}
+}
--- a/internal/engine/experiment/portfiltering/doc.go
+++ b/internal/engine/experiment/portfiltering/doc.go
@ -0,0 +1,4 @@
+// Package portfiltering implements the portfiltering experiment
+//
+// Spec: https://github.com/ooni/spec/blob/master/nettests/ts-038-port-filtering.md.
+package portfiltering
--- a/internal/engine/experiment/portfiltering/measurer.go
+++ b/internal/engine/experiment/portfiltering/measurer.go
@ -0,0 +1,67 @@
+package portfiltering
+
+//
+// Measurer for the port-filtering experiment
+//
+
+import (
+	"context"
+	"errors"
+	"net/url"
+
+	"github.com/ooni/probe-cli/v3/internal/model"
+)
+
+const (
+	testName    = "portfiltering"
+	testVersion = "0.1.0"
+)
+
+// Measurer performs the measurement.
+type Measurer struct {
+	config Config
+}
+
+// ExperimentName implements ExperimentMeasurer.ExperiExperimentName.
+func (m *Measurer) ExperimentName() string {
+	return testName
+}
+
+// ExperimentVersion implements ExperimentMeasurer.ExperimentVersion.
+func (m *Measurer) ExperimentVersion() string {
+	return testVersion
+}
+
+var (
+	// errInvalidTestHelper indicates that the given test helper is not an URL
+	errInvalidTestHelper = errors.New("testhelper is not an URL")
+)
+
+// Run implements ExperimentMeasurer.Run.
+func (m *Measurer) Run(
+	ctx context.Context,
+	sess model.ExperimentSession,
+	measurement *model.Measurement,
+	callbacks model.ExperimentCallbacks,
+) error {
+	// TODO(DecFox): Replace the localhost deployment with an OONI testhelper
+	// Ensure that we only do this once we have a deployed testhelper
+	testhelper := "http://127.0.0.1"
+	parsed, err := url.Parse(testhelper)
+	if err != nil {
+		return errInvalidTestHelper
+	}
+	tk := new(TestKeys)
+	measurement.TestKeys = tk
+	out := make(chan *model.ArchivalTCPConnectResult)
+	go m.tcpConnectLoop(ctx, measurement.MeasurementStartTimeSaved, sess.Logger(), parsed.Host, out)
+	for len(tk.TCPConnect) < len(Ports) {
+		tk.TCPConnect = append(tk.TCPConnect, <-out)
+	}
+	return nil // return nil so we always submit the measurement
+}
+
+// NewExperimentMeasurer creates a new ExperimentMeasurer.
+func NewExperimentMeasurer(config Config) model.ExperimentMeasurer {
+	return &Measurer{config: config}
+}
--- a/internal/engine/experiment/portfiltering/measurer_test.go
+++ b/internal/engine/experiment/portfiltering/measurer_test.go
@ -0,0 +1,48 @@
+package portfiltering
+
+import (
+	"context"
+	"testing"
+
+	"github.com/ooni/probe-cli/v3/internal/model"
+	"github.com/ooni/probe-cli/v3/internal/model/mocks"
+)
+
+func TestMeasurerExperimentNameVersion(t *testing.T) {
+	measurer := NewExperimentMeasurer(Config{})
+	if measurer.ExperimentName() != "portfiltering" {
+		t.Fatal("unexpected ExperimentName")
+	}
+	if measurer.ExperimentVersion() != "0.1.0" {
+		t.Fatal("unexpected ExperimentVersion")
+	}
+}
+
+// TODO(DecFox): Skip this test with -short in a future iteration.
+func TestMeasurer_run(t *testing.T) {
+	m := NewExperimentMeasurer(Config{})
+	meas := &model.Measurement{}
+	sess := &mocks.Session{
+		MockLogger: func() model.Logger {
+			return model.DiscardLogger
+		},
+	}
+	callbacks := model.NewPrinterCallbacks(model.DiscardLogger)
+	ctx := context.Background()
+	err := m.Run(ctx, sess, meas, callbacks)
+	if err != nil {
+		t.Fatal(err)
+	}
+	tk := meas.TestKeys.(*TestKeys)
+	if len(tk.TCPConnect) != len(Ports) {
+		t.Fatal("unexpected number of ports")
+	}
+	ask, err := m.GetSummaryKeys(meas)
+	if err != nil {
+		t.Fatal("cannot obtain summary")
+	}
+	summary := ask.(SummaryKeys)
+	if summary.IsAnomaly {
+		t.Fatal("expected no anomaly")
+	}
+}
--- a/internal/engine/experiment/portfiltering/ports.go
+++ b/internal/engine/experiment/portfiltering/ports.go
@ -0,0 +1,73 @@
+package portfiltering
+
+//
+// List of ports we want to measure
+//
+
+// List generated from nmap-services: https://github.com/nmap/nmap/blob/master/nmap-services
+// Note: Using privileged ports like :80 requires elevated permissions
+var Ports = []string{
+	"80",    // tcp - World Wide Web HTTP
+	"631",   // udp - Internet Printing Protocol
+	"161",   // udp - Simple Net Mgmt Proto
+	"137",   // udp - NETBIOS Name Service
+	"123",   // udp - Network Time Protocol
+	"138",   // udp - NETBIOS Datagram Service
+	"1434",  // udp - Microsoft-SQL-Monitor
+	"135",   // udp, tcp - epmap | Microsoft RPC services | DCE endpoint resolution
+	"67",    // udp - DHCP/Bootstrap Protocol Server
+	"23",    // tcp
+	"53",    // udp, tcp - Domain Name Server
+	"443",   // tcp - secure http (SSL)
+	"21",    // tcp - File Transfer [Control]
+	"22",    // tcp - Secure Shell Login
+	"500",   // udp
+	"68",    // udp - DHCP/Bootstrap Protocol Client
+	"520",   // udp - router routed -- RIP
+	"1900",  // udp - Universal PnP
+	"25",    // tcp - Simple Mail Transfer
+	"4500",  // udp - IKE Nat Traversal negotiation (RFC3947)
+	"514",   // udp - BSD syslogd(8)
+	"49152", // udp
+	"162",   // udp - snmp-trap
+	"69",    // udp - Trivial File Transfer
+	"5353",  // udp - Mac OS X Bonjour/Zeroconf port
+	"49154", // udp
+	"3389",  // tcp - Microsoft Remote Display Protocol (aka ms-term-serv, microsoft-rdp) | MS WBT Server
+	"110",   // tcp - PostOffice V.3 | Post Office Protocol - Version 3
+	"1701",  // udp
+	"998",   // udp
+	"996",   // udp
+	"997",   // udp
+	"999",   // udp - Applix ac
+	"3283",  // udp - Apple Remote Desktop Net Assistant reporting feature
+	"49153", // udp
+	"445",   // tcp - SMB directly over IP
+	"1812",  // udp - RADIUS authentication protocol (RFC 2138)
+	"136",   // udp - PROFILE Naming System
+	"139",   // tcp, udp - NETBIOS Session Service
+	"143",   // tcp - Interim Mail Access Protocol v2 | Internet Message Access Protocol
+	"2222",  // udp - Microsoft Office OS X antipiracy network monitor
+	"3306",  // tcp
+	"2049",  // udp - networked file system
+	"32768", // udp - OpenMosix Autodiscovery Daemon
+	"5060",  // udp - Session Initiation Protocol (SIP)
+	"8080",  // tcp - http-alt | Common HTTP proxy/second web server port | HTTP Alternate (see port 80)
+	"1433",  // udp - Microsoft-SQL-Server
+	"3456",  // udp - also VAT default data
+	"1723",  // tcp - Point-to-point tunnelling protocol
+	"111",   // tcp, udp - sunrpc | portmapper, rpcbind | SUN Remote Procedure Call
+	"995",   // tcp - POP3 protocol over TLS/SSL | pop3 protocol over TLS/SSL (was spop3) | POP3 over TLS protocol
+	"993",   // tcp - imap4 protocol over TLS/SSL | IMAP over TLS protocol
+	"20031", // udp - BakBone NetVault primary communications port
+	"1026",  // udp - Commonly used to send MS Messenger spam
+	"7",     // udp
+	"5900",  // tcp - rfb | Virtual Network Computer display 0 | Remote Framebuffer
+	"1646",  // udp - radius accounting
+	"1645",  // udp - radius authentication
+	"593",   // udp # HTTP RPC Ep Map
+	"1025",  // tcp, udp - blackjack | IIS, NFS, or listener RFS remote_file_sharing | network blackjack
+	"518",   // udp - (talkd)
+	"2048",  // udp
+	"626",   // udp - Mac OS X Server serial number (licensing) daemon
+}
--- a/internal/engine/experiment/portfiltering/summary.go
+++ b/internal/engine/experiment/portfiltering/summary.go
@ -0,0 +1,20 @@
+package portfiltering
+
+//
+// Summary
+//
+
+import "github.com/ooni/probe-cli/v3/internal/model"
+
+// SummaryKeys contains summary keys for this experiment.
+//
+// Note that this structure is part of the ABI contract with ooniprobe
+// therefore we should be careful when changing it.
+type SummaryKeys struct {
+	IsAnomaly bool `json:"-"`
+}
+
+// GetSummaryKeys implements model.ExperimentMeasurer.GetSummaryKeys.
+func (m Measurer) GetSummaryKeys(measurement *model.Measurement) (interface{}, error) {
+	return SummaryKeys{IsAnomaly: false}, nil
+}
--- a/internal/engine/experiment/portfiltering/tcpconnect.go
+++ b/internal/engine/experiment/portfiltering/tcpconnect.go
@ -0,0 +1,48 @@
+package portfiltering
+
+//
+// TCPConnect for portfiltering
+//
+
+import (
+	"context"
+	"math/rand"
+	"net"
+	"time"
+
+	"github.com/ooni/probe-cli/v3/internal/measurexlite"
+	"github.com/ooni/probe-cli/v3/internal/model"
+)
+
+// tcpPingLoop sends the TCP Connect requests to all ports and emits the results onto the out channel
+func (m *Measurer) tcpConnectLoop(ctx context.Context, zeroTime time.Time,
+	logger model.Logger, address string, out chan<- *model.ArchivalTCPConnectResult) {
+	ticker := time.NewTicker(m.config.delay())
+	defer ticker.Stop()
+	rand.Shuffle(len(Ports), func(i, j int) {
+		Ports[i], Ports[j] = Ports[j], Ports[i]
+	})
+	for i, port := range Ports {
+		addr := net.JoinHostPort(address, port)
+		go m.tcpConnectAsync(ctx, int64(i), zeroTime, logger, addr, out)
+		<-ticker.C
+	}
+}
+
+// tcpPingAsync performs a TCP Connect and emits the result onto the out channel.
+func (m *Measurer) tcpConnectAsync(ctx context.Context, index int64,
+	zeroTime time.Time, logger model.Logger, address string, out chan<- *model.ArchivalTCPConnectResult) {
+	out <- m.tcpConnect(ctx, index, zeroTime, logger, address)
+}
+
+// tcpConnect performs a TCP connect and returns the result to the caller.
+func (m *Measurer) tcpConnect(ctx context.Context, index int64,
+	zeroTime time.Time, logger model.Logger, address string) *model.ArchivalTCPConnectResult {
+	trace := measurexlite.NewTrace(index, zeroTime)
+	ol := measurexlite.NewOperationLogger(logger, "TCPConnect #%d %s", index, address)
+	dialer := trace.NewDialerWithoutResolver(logger)
+	conn, err := dialer.DialContext(ctx, "tcp", address)
+	ol.Stop(err)
+	measurexlite.MaybeClose(conn)
+	return trace.FirstTCPConnectOrNil()
+}
--- a/internal/engine/experiment/portfiltering/testkeys.go
+++ b/internal/engine/experiment/portfiltering/testkeys.go
@ -0,0 +1,8 @@
+package portfiltering
+
+import "github.com/ooni/probe-cli/v3/internal/model"
+
+// TestKeys contains the experiment results.
+type TestKeys struct {
+	TCPConnect []*model.ArchivalTCPConnectResult `json:"tcp_connect"`
+}
--- a/internal/registry/portfiltering.go
+++ b/internal/registry/portfiltering.go
@ -0,0 +1,23 @@
+package registry
+
+//
+// Registers the 'portfiltering' experiment
+//
+
+import (
+	"github.com/ooni/probe-cli/v3/internal/engine/experiment/portfiltering"
+	"github.com/ooni/probe-cli/v3/internal/model"
+)
+
+func init() {
+	AllExperiments["portfiltering"] = &Factory{
+		build: func(config any) model.ExperimentMeasurer {
+			return portfiltering.NewExperimentMeasurer(
+				config.(portfiltering.Config),
+			)
+		},
+		config:        portfiltering.Config{},
+		interruptible: false,
+		inputPolicy:   model.InputNone,
+	}
+}