refactor: merge psiphonx and torx into tunnel (#287)

* refactor: merge psiphonx and torx into tunnel This is a case where it seems that merging these three packages into a single package will enable us to better the implementation. The goal is still https://github.com/ooni/probe/issues/985. The roadblock I'm trying to overcome is https://github.com/ooni/probe-cli/pull/286#pullrequestreview-627460104. * avoid duplicating logger for now
2021-04-03 19:57:21 +02:00
parent d7cd1ebcaf
commit ecb2aae1e8
13 changed files with 256 additions and 270 deletions
@@ -0,0 +1,62 @@
+package tunnel_test
+
+import (
+	"context"
+	"errors"
+	"testing"
+
+	"github.com/apex/log"
+	"github.com/ooni/probe-cli/v3/internal/engine"
+	"github.com/ooni/probe-cli/v3/internal/engine/tunnel"
+)
+
+func TestPsiphonStartWithCancelledContext(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	cancel()
+	sess, err := engine.NewSession(engine.SessionConfig{
+		Logger:          log.Log,
+		SoftwareName:    "ooniprobe-engine",
+		SoftwareVersion: "0.0.1",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	tunnel, err := tunnel.Start(ctx, tunnel.Config{
+		Name:    "psiphon",
+		Session: sess,
+	})
+	if !errors.Is(err, context.Canceled) {
+		t.Fatal("not the error we expected")
+	}
+	if tunnel != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestPsiphonStartStop(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skip test in short mode")
+	}
+	sess, err := engine.NewSession(engine.SessionConfig{
+		Logger:          log.Log,
+		SoftwareName:    "ooniprobe-engine",
+		SoftwareVersion: "0.0.1",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	tunnel, err := tunnel.Start(context.Background(), tunnel.Config{
+		Name:    "psiphon",
+		Session: sess,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if tunnel.SOCKS5ProxyURL() == nil {
+		t.Fatal("expected non nil URL here")
+	}
+	if tunnel.BootstrapTime() <= 0 {
+		t.Fatal("expected positive bootstrap time here")
+	}
+	tunnel.Stop()
+}
@@ -0,0 +1,124 @@
+package tunnel
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/url"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/ooni/psiphon/oopsi/github.com/Psiphon-Labs/psiphon-tunnel-core/ClientLibrary/clientlib"
+)
+
+// psiphonDependencies contains dependencies for psiphonStart
+type psiphonDependencies interface {
+	MkdirAll(path string, perm os.FileMode) error
+	RemoveAll(path string) error
+	Start(ctx context.Context, config []byte,
+		workdir string) (*clientlib.PsiphonTunnel, error)
+}
+
+type defaultDependencies struct{}
+
+func (defaultDependencies) MkdirAll(path string, perm os.FileMode) error {
+	return os.MkdirAll(path, perm)
+}
+
+func (defaultDependencies) RemoveAll(path string) error {
+	return os.RemoveAll(path)
+}
+
+func (defaultDependencies) Start(
+	ctx context.Context, config []byte, workdir string) (*clientlib.PsiphonTunnel, error) {
+	return clientlib.StartTunnel(ctx, config, "", clientlib.Parameters{
+		DataRootDirectory: &workdir}, nil, nil)
+}
+
+// psiphonConfig contains the settings for psiphonStart. The empty config object implies
+// that we will be using default settings for starting the tunnel.
+type psiphonConfig struct {
+	// Dependencies contains dependencies for Start.
+	Dependencies psiphonDependencies
+
+	// WorkDir is the directory where Psiphon should store
+	// its configuration database.
+	WorkDir string
+}
+
+// psiphonTunnel is a psiphon tunnel
+type psiphonTunnel struct {
+	tunnel   *clientlib.PsiphonTunnel
+	duration time.Duration
+}
+
+func makeworkingdir(config psiphonConfig) (string, error) {
+	const testdirname = "oonipsiphon"
+	workdir := filepath.Join(config.WorkDir, testdirname)
+	if err := config.Dependencies.RemoveAll(workdir); err != nil {
+		return "", err
+	}
+	if err := config.Dependencies.MkdirAll(workdir, 0700); err != nil {
+		return "", err
+	}
+	return workdir, nil
+}
+
+// psiphonStart starts the psiphon tunnel.
+func psiphonStart(
+	ctx context.Context, sess Session, config psiphonConfig) (Tunnel, error) {
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err() // simplifies unit testing this code
+	default:
+	}
+	if config.Dependencies == nil {
+		config.Dependencies = defaultDependencies{}
+	}
+	if config.WorkDir == "" {
+		config.WorkDir = sess.TempDir()
+	}
+	configJSON, err := sess.FetchPsiphonConfig(ctx)
+	if err != nil {
+		return nil, err
+	}
+	workdir, err := makeworkingdir(config)
+	if err != nil {
+		return nil, err
+	}
+	start := time.Now()
+	tunnel, err := config.Dependencies.Start(ctx, configJSON, workdir)
+	if err != nil {
+		return nil, err
+	}
+	stop := time.Now()
+	return &psiphonTunnel{tunnel: tunnel, duration: stop.Sub(start)}, nil
+}
+
+// Stop is an idempotent method that shuts down the tunnel
+func (t *psiphonTunnel) Stop() {
+	if t != nil {
+		t.tunnel.Stop()
+	}
+}
+
+// SOCKS5ProxyURL returns the SOCKS5 proxy URL.
+func (t *psiphonTunnel) SOCKS5ProxyURL() (proxyURL *url.URL) {
+	if t != nil {
+		proxyURL = &url.URL{
+			Scheme: "socks5",
+			Host: net.JoinHostPort(
+				"127.0.0.1", fmt.Sprintf("%d", t.tunnel.SOCKSProxyPort)),
+		}
+	}
+	return
+}
+
+// BootstrapTime returns the bootstrap time
+func (t *psiphonTunnel) BootstrapTime() (duration time.Duration) {
+	if t != nil {
+		duration = t.duration
+	}
+	return
+}
@@ -0,0 +1,112 @@
+package tunnel
+
+import (
+	"context"
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/ooni/probe-cli/v3/internal/engine/internal/mockable"
+	"github.com/ooni/psiphon/oopsi/github.com/Psiphon-Labs/psiphon-tunnel-core/ClientLibrary/clientlib"
+)
+
+func TestPsiphonFetchPsiphonConfigFailure(t *testing.T) {
+	expected := errors.New("mocked error")
+	sess := &mockable.Session{
+		MockableFetchPsiphonConfigErr: expected,
+	}
+	tunnel, err := psiphonStart(context.Background(), sess, psiphonConfig{})
+	if !errors.Is(err, expected) {
+		t.Fatal("not the error we expected")
+	}
+	if tunnel != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestPsiphonMakeMkdirAllFailure(t *testing.T) {
+	expected := errors.New("mocked error")
+	dependencies := psiphonFakeDependencies{
+		MkdirAllErr: expected,
+	}
+	sess := &mockable.Session{
+		MockableFetchPsiphonConfigResult: []byte(`{}`),
+	}
+	tunnel, err := psiphonStart(context.Background(), sess, psiphonConfig{
+		Dependencies: dependencies,
+	})
+	if !errors.Is(err, expected) {
+		t.Fatal("not the error we expected")
+	}
+	if tunnel != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestPsiphonMakeRemoveAllFailure(t *testing.T) {
+	expected := errors.New("mocked error")
+	dependencies := psiphonFakeDependencies{
+		RemoveAllErr: expected,
+	}
+	sess := &mockable.Session{
+		MockableFetchPsiphonConfigResult: []byte(`{}`),
+	}
+	tunnel, err := psiphonStart(context.Background(), sess, psiphonConfig{
+		Dependencies: dependencies,
+	})
+	if !errors.Is(err, expected) {
+		t.Fatal("not the error we expected")
+	}
+	if tunnel != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestPsiphonMakeStartFailure(t *testing.T) {
+	expected := errors.New("mocked error")
+	dependencies := psiphonFakeDependencies{
+		StartErr: expected,
+	}
+	sess := &mockable.Session{
+		MockableFetchPsiphonConfigResult: []byte(`{}`),
+	}
+	tunnel, err := psiphonStart(context.Background(), sess, psiphonConfig{
+		Dependencies: dependencies,
+	})
+	if !errors.Is(err, expected) {
+		t.Fatal("not the error we expected")
+	}
+	if tunnel != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestPsiphonNilTunnel(t *testing.T) {
+	var tunnel *psiphonTunnel
+	if tunnel.BootstrapTime() != 0 {
+		t.Fatal("expected zero bootstrap time")
+	}
+	if tunnel.SOCKS5ProxyURL() != nil {
+		t.Fatal("expected nil SOCKS Proxy URL")
+	}
+	tunnel.Stop() // must not crash
+}
+
+type psiphonFakeDependencies struct {
+	MkdirAllErr  error
+	RemoveAllErr error
+	StartErr     error
+}
+
+func (fd psiphonFakeDependencies) MkdirAll(path string, perm os.FileMode) error {
+	return fd.MkdirAllErr
+}
+
+func (fd psiphonFakeDependencies) RemoveAll(path string) error {
+	return fd.RemoveAllErr
+}
+
+func (fd psiphonFakeDependencies) Start(
+	ctx context.Context, config []byte, workdir string) (*clientlib.PsiphonTunnel, error) {
+	return nil, fd.StartErr
+}
@@ -0,0 +1,138 @@
+package tunnel
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"path"
+	"strings"
+	"time"
+
+	"github.com/cretz/bine/control"
+	"github.com/cretz/bine/tor"
+)
+
+// torProcess is a running tor process
+type torProcess interface {
+	Close() error
+}
+
+// torTunnel is the Tor tunnel
+type torTunnel struct {
+	bootstrapTime time.Duration
+	instance      torProcess
+	proxy         *url.URL
+}
+
+// BootstrapTime is the bootstrsap time
+func (tt *torTunnel) BootstrapTime() (duration time.Duration) {
+	if tt != nil {
+		duration = tt.bootstrapTime
+	}
+	return
+}
+
+// SOCKS5ProxyURL returns the URL of the SOCKS5 proxy
+func (tt *torTunnel) SOCKS5ProxyURL() (url *url.URL) {
+	if tt != nil {
+		url = tt.proxy
+	}
+	return
+}
+
+// Stop stops the Tor tunnel
+func (tt *torTunnel) Stop() {
+	if tt != nil {
+		tt.instance.Close()
+	}
+}
+
+// torStartConfig contains the configuration for StartWithConfig
+type torStartConfig struct {
+	Sess          Session
+	Start         func(ctx context.Context, conf *tor.StartConf) (*tor.Tor, error)
+	EnableNetwork func(ctx context.Context, tor *tor.Tor, wait bool) error
+	GetInfo       func(ctrl *control.Conn, keys ...string) ([]*control.KeyVal, error)
+}
+
+// torStart starts the tor tunnel
+func torStart(ctx context.Context, sess Session) (Tunnel, error) {
+	return torStartWithConfig(ctx, torStartConfig{
+		Sess: sess,
+		Start: func(ctx context.Context, conf *tor.StartConf) (*tor.Tor, error) {
+			return tor.Start(ctx, conf)
+		},
+		EnableNetwork: func(ctx context.Context, tor *tor.Tor, wait bool) error {
+			return tor.EnableNetwork(ctx, wait)
+		},
+		GetInfo: func(ctrl *control.Conn, keys ...string) ([]*control.KeyVal, error) {
+			return ctrl.GetInfo(keys...)
+		},
+	})
+}
+
+// torStartWithConfig is a configurable torStart for testing
+func torStartWithConfig(ctx context.Context, config torStartConfig) (Tunnel, error) {
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err() // allows to write unit tests using this code
+	default:
+	}
+	logfile := LogFile(config.Sess)
+	extraArgs := append([]string{}, config.Sess.TorArgs()...)
+	extraArgs = append(extraArgs, "Log")
+	extraArgs = append(extraArgs, "notice stderr")
+	extraArgs = append(extraArgs, "Log")
+	extraArgs = append(extraArgs, fmt.Sprintf(`notice file %s`, logfile))
+	instance, err := config.Start(ctx, &tor.StartConf{
+		DataDir:   path.Join(config.Sess.TempDir(), "tor"),
+		ExtraArgs: extraArgs,
+		ExePath:   config.Sess.TorBinary(),
+		NoHush:    true,
+	})
+	if err != nil {
+		return nil, err
+	}
+	instance.StopProcessOnClose = true
+	start := time.Now()
+	if err := config.EnableNetwork(ctx, instance, true); err != nil {
+		instance.Close()
+		return nil, err
+	}
+	stop := time.Now()
+	// Adapted from <https://git.io/Jfc7N>
+	info, err := config.GetInfo(instance.Control, "net/listeners/socks")
+	if err != nil {
+		instance.Close()
+		return nil, err
+	}
+	if len(info) != 1 || info[0].Key != "net/listeners/socks" {
+		instance.Close()
+		return nil, fmt.Errorf("unable to get socks proxy address")
+	}
+	proxyAddress := info[0].Val
+	if strings.HasPrefix(proxyAddress, "unix:") {
+		instance.Close()
+		return nil, fmt.Errorf("tor returned unsupported proxy")
+	}
+	return &torTunnel{
+		bootstrapTime: stop.Sub(start),
+		instance:      instance,
+		proxy:         &url.URL{Scheme: "socks5", Host: proxyAddress},
+	}, nil
+}
+
+// LogFile returns the name of tor logs given a specific session. The file
+// is always located somewhere inside the sess.TempDir() directory.
+func LogFile(sess Session) string {
+	return path.Join(sess.TempDir(), "tor.log")
+}
+
+// newTorTunnel creates a new torTunnel
+func newTorTunnel(bootstrapTime time.Duration, instance torProcess, proxy *url.URL) *torTunnel {
+	return &torTunnel{
+		bootstrapTime: bootstrapTime,
+		instance:      instance,
+		proxy:         proxy,
+	}
+}
@@ -0,0 +1,208 @@
+package tunnel
+
+import (
+	"context"
+	"errors"
+	"net/url"
+	"testing"
+
+	"github.com/cretz/bine/control"
+	"github.com/cretz/bine/tor"
+	"github.com/ooni/probe-cli/v3/internal/engine/internal/mockable"
+)
+
+type Closer struct {
+	counter int
+}
+
+func (c *Closer) Close() error {
+	c.counter++
+	return errors.New("mocked mocked mocked")
+}
+
+func TestTorTunnelNonNil(t *testing.T) {
+	closer := new(Closer)
+	proxy := &url.URL{Scheme: "x", Host: "10.0.0.1:443"}
+	tun := newTorTunnel(128, closer, proxy)
+	if tun.BootstrapTime() != 128 {
+		t.Fatal("not the bootstrap time we expected")
+	}
+	if tun.SOCKS5ProxyURL() != proxy {
+		t.Fatal("not the url we expected")
+	}
+	tun.Stop()
+	if closer.counter != 1 {
+		t.Fatal("something went wrong while stopping the tunnel")
+	}
+}
+
+func TestTorTunnelNil(t *testing.T) {
+	var tun *torTunnel
+	if tun.BootstrapTime() != 0 {
+		t.Fatal("not the bootstrap time we expected")
+	}
+	if tun.SOCKS5ProxyURL() != nil {
+		t.Fatal("not the url we expected")
+	}
+	tun.Stop() // ensure we don't crash
+}
+
+func TestTorStartWithCancelledContext(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	cancel()
+	tun, err := torStart(ctx, &mockable.Session{})
+	if !errors.Is(err, context.Canceled) {
+		t.Fatal("not the error we expected")
+	}
+	if tun != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestTorStartWithConfigStartFailure(t *testing.T) {
+	expected := errors.New("mocked error")
+	ctx := context.Background()
+	tun, err := torStartWithConfig(ctx, torStartConfig{
+		Sess: &mockable.Session{},
+		Start: func(ctx context.Context, conf *tor.StartConf) (*tor.Tor, error) {
+			return nil, expected
+		},
+	})
+	if !errors.Is(err, expected) {
+		t.Fatal("not the error we expected")
+	}
+	if tun != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestTorStartWithConfigEnableNetworkFailure(t *testing.T) {
+	expected := errors.New("mocked error")
+	ctx := context.Background()
+	tun, err := torStartWithConfig(ctx, torStartConfig{
+		Sess: &mockable.Session{},
+		Start: func(ctx context.Context, conf *tor.StartConf) (*tor.Tor, error) {
+			return &tor.Tor{}, nil
+		},
+		EnableNetwork: func(ctx context.Context, tor *tor.Tor, wait bool) error {
+			return expected
+		},
+	})
+	if !errors.Is(err, expected) {
+		t.Fatal("not the error we expected")
+	}
+	if tun != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestTorStartWithConfigGetInfoFailure(t *testing.T) {
+	expected := errors.New("mocked error")
+	ctx := context.Background()
+	tun, err := torStartWithConfig(ctx, torStartConfig{
+		Sess: &mockable.Session{},
+		Start: func(ctx context.Context, conf *tor.StartConf) (*tor.Tor, error) {
+			return &tor.Tor{}, nil
+		},
+		EnableNetwork: func(ctx context.Context, tor *tor.Tor, wait bool) error {
+			return nil
+		},
+		GetInfo: func(ctrl *control.Conn, keys ...string) ([]*control.KeyVal, error) {
+			return nil, expected
+		},
+	})
+	if !errors.Is(err, expected) {
+		t.Fatal("not the error we expected")
+	}
+	if tun != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestTorStartWithConfigGetInfoInvalidNumberOfKeys(t *testing.T) {
+	ctx := context.Background()
+	tun, err := torStartWithConfig(ctx, torStartConfig{
+		Sess: &mockable.Session{},
+		Start: func(ctx context.Context, conf *tor.StartConf) (*tor.Tor, error) {
+			return &tor.Tor{}, nil
+		},
+		EnableNetwork: func(ctx context.Context, tor *tor.Tor, wait bool) error {
+			return nil
+		},
+		GetInfo: func(ctrl *control.Conn, keys ...string) ([]*control.KeyVal, error) {
+			return nil, nil
+		},
+	})
+	if err.Error() != "unable to get socks proxy address" {
+		t.Fatal("not the error we expected")
+	}
+	if tun != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestTorStartWithConfigGetInfoInvalidKey(t *testing.T) {
+	ctx := context.Background()
+	tun, err := torStartWithConfig(ctx, torStartConfig{
+		Sess: &mockable.Session{},
+		Start: func(ctx context.Context, conf *tor.StartConf) (*tor.Tor, error) {
+			return &tor.Tor{}, nil
+		},
+		EnableNetwork: func(ctx context.Context, tor *tor.Tor, wait bool) error {
+			return nil
+		},
+		GetInfo: func(ctrl *control.Conn, keys ...string) ([]*control.KeyVal, error) {
+			return []*control.KeyVal{{}}, nil
+		},
+	})
+	if err.Error() != "unable to get socks proxy address" {
+		t.Fatal("not the error we expected")
+	}
+	if tun != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestTorStartWithConfigGetInfoInvalidProxyType(t *testing.T) {
+	ctx := context.Background()
+	tun, err := torStartWithConfig(ctx, torStartConfig{
+		Sess: &mockable.Session{},
+		Start: func(ctx context.Context, conf *tor.StartConf) (*tor.Tor, error) {
+			return &tor.Tor{}, nil
+		},
+		EnableNetwork: func(ctx context.Context, tor *tor.Tor, wait bool) error {
+			return nil
+		},
+		GetInfo: func(ctrl *control.Conn, keys ...string) ([]*control.KeyVal, error) {
+			return []*control.KeyVal{{Key: "net/listeners/socks", Val: "127.0.0.1:9050"}}, nil
+		},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if tun == nil {
+		t.Fatal("expected non-nil tunnel here")
+	}
+}
+
+func TestTorStartWithConfigSuccess(t *testing.T) {
+	ctx := context.Background()
+	tun, err := torStartWithConfig(ctx, torStartConfig{
+		Sess: &mockable.Session{},
+		Start: func(ctx context.Context, conf *tor.StartConf) (*tor.Tor, error) {
+			return &tor.Tor{}, nil
+		},
+		EnableNetwork: func(ctx context.Context, tor *tor.Tor, wait bool) error {
+			return nil
+		},
+		GetInfo: func(ctrl *control.Conn, keys ...string) ([]*control.KeyVal, error) {
+			return []*control.KeyVal{{Key: "net/listeners/socks", Val: "unix:/foo/bar"}}, nil
+		},
+	})
+	if err.Error() != "tor returned unsupported proxy" {
+		t.Fatal("not the error we expected")
+	}
+	if tun != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
@@ -0,0 +1,65 @@
+// Package tunnel allows to create tunnels to speak
+// with OONI backends and other services.
+package tunnel
+
+import (
+	"context"
+	"errors"
+	"net/url"
+	"time"
+
+	"github.com/ooni/probe-cli/v3/internal/engine/model"
+)
+
+// Session is the way in which this package sees a Session.
+type Session interface {
+	FetchPsiphonConfig(ctx context.Context) ([]byte, error)
+	TempDir() string
+	TorArgs() []string
+	TorBinary() string
+	Logger() model.Logger
+}
+
+// Tunnel is a tunnel used by the session
+type Tunnel interface {
+	BootstrapTime() time.Duration
+	SOCKS5ProxyURL() *url.URL
+	Stop()
+}
+
+// Config contains config for the session tunnel.
+type Config struct {
+	Name    string
+	Session Session
+	WorkDir string
+}
+
+// Start starts a new tunnel by name or returns an error. Note that if you
+// pass to this function the "" tunnel, you get back nil, nil.
+func Start(ctx context.Context, config Config) (Tunnel, error) {
+	logger := config.Session.Logger()
+	switch config.Name {
+	case "":
+		logger.Debugf("no tunnel has been requested")
+		return enforceNilContract(nil, nil)
+	case "psiphon":
+		logger.Infof("starting %s tunnel; please be patient...", config.Name)
+		tun, err := psiphonStart(ctx, config.Session, psiphonConfig{
+			WorkDir: config.WorkDir,
+		})
+		return enforceNilContract(tun, err)
+	case "tor":
+		logger.Infof("starting %s tunnel; please be patient...", config.Name)
+		tun, err := torStart(ctx, config.Session)
+		return enforceNilContract(tun, err)
+	default:
+		return nil, errors.New("unsupported tunnel")
+	}
+}
+
+func enforceNilContract(tun Tunnel, err error) (Tunnel, error) {
+	if err != nil {
+		return nil, err
+	}
+	return tun, nil
+}
@@ -0,0 +1,79 @@
+package tunnel
+
+import (
+	"context"
+	"errors"
+	"testing"
+
+	"github.com/apex/log"
+	"github.com/ooni/probe-cli/v3/internal/engine/internal/mockable"
+)
+
+func TestStartNoTunnel(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	cancel()
+	tunnel, err := Start(ctx, Config{
+		Name: "",
+		Session: &mockable.Session{
+			MockableLogger: log.Log,
+		},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if tunnel != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestStartPsiphonTunnel(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	cancel()
+	tunnel, err := Start(ctx, Config{
+		Name: "psiphon",
+		Session: &mockable.Session{
+			MockableLogger: log.Log,
+		},
+	})
+	if !errors.Is(err, context.Canceled) {
+		t.Fatal("not the error we expected")
+	}
+	if tunnel != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestStartTorTunnel(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	cancel()
+	tunnel, err := Start(ctx, Config{
+		Name: "tor",
+		Session: &mockable.Session{
+			MockableLogger: log.Log,
+		},
+	})
+	if !errors.Is(err, context.Canceled) {
+		t.Fatal("not the error we expected")
+	}
+	if tunnel != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}
+
+func TestStartInvalidTunnel(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	cancel()
+	tunnel, err := Start(ctx, Config{
+		Name: "antani",
+		Session: &mockable.Session{
+			MockableLogger: log.Log,
+		},
+	})
+	if err == nil || err.Error() != "unsupported tunnel" {
+		t.Fatal("not the error we expected")
+	}
+	t.Log(tunnel)
+	if tunnel != nil {
+		t.Fatal("expected nil tunnel here")
+	}
+}