func runServer(t *testing.T, runConfig *runServerConfig) {
// create a server
var err error
serverIPaddress := ""
for _, interfaceName := range []string{"eth0", "en0"} {
serverIPaddress, err = psiphon.GetInterfaceIPAddress(interfaceName)
if err == nil {
break
}
}
if err != nil {
t.Fatalf("error getting server IP address: %s", err)
}
serverConfigJSON, _, encodedServerEntry, err := GenerateConfig(
&GenerateConfigParams{
ServerIPAddress: serverIPaddress,
EnableSSHAPIRequests: runConfig.enableSSHAPIRequests,
WebServerPort: 8000,
TunnelProtocolPorts: map[string]int{runConfig.tunnelProtocol: 4000},
})
if err != nil {
t.Fatalf("error generating server config: %s", err)
}
// customize server config
// Pave psinet with random values to test handshake homepages.
psinetFilename := "psinet.json"
sponsorID, expectedHomepageURL := pavePsinetDatabaseFile(t, psinetFilename)
// Pave traffic rules file which exercises handshake parameter filtering. Client
// must handshake with specified sponsor ID in order to allow ports for tunneled
// requests.
trafficRulesFilename := "traffic_rules.json"
paveTrafficRulesFile(t, trafficRulesFilename, sponsorID, runConfig.denyTrafficRules)
var serverConfig interface{}
json.Unmarshal(serverConfigJSON, &serverConfig)
serverConfig.(map[string]interface{})["GeoIPDatabaseFilename"] = ""
serverConfig.(map[string]interface{})["PsinetDatabaseFilename"] = psinetFilename
serverConfig.(map[string]interface{})["TrafficRulesFilename"] = trafficRulesFilename
serverConfig.(map[string]interface{})["LogLevel"] = "debug"
// 1 second is the minimum period; should be small enough to emit a log during the
// test run, but not guaranteed
serverConfig.(map[string]interface{})["LoadMonitorPeriodSeconds"] = 1
serverConfigJSON, _ = json.Marshal(serverConfig)
// run server
serverWaitGroup := new(sync.WaitGroup)
serverWaitGroup.Add(1)
go func() {
defer serverWaitGroup.Done()
err := RunServices(serverConfigJSON)
if err != nil {
// TODO: wrong goroutine for t.FatalNow()
t.Fatalf("error running server: %s", err)
}
}()
defer func() {
// Test: orderly server shutdown
p, _ := os.FindProcess(os.Getpid())
p.Signal(os.Interrupt)
shutdownTimeout := time.NewTimer(5 * time.Second)
shutdownOk := make(chan struct{}, 1)
go func() {
serverWaitGroup.Wait()
shutdownOk <- *new(struct{})
}()
select {
case <-shutdownOk:
case <-shutdownTimeout.C:
t.Fatalf("server shutdown timeout exceeded")
}
}()
// Test: hot reload (of psinet and traffic rules)
if runConfig.doHotReload {
// TODO: monitor logs for more robust wait-until-loaded
time.Sleep(1 * time.Second)
// Pave a new psinet and traffic rules with different random values.
sponsorID, expectedHomepageURL = pavePsinetDatabaseFile(t, psinetFilename)
paveTrafficRulesFile(t, trafficRulesFilename, sponsorID, runConfig.denyTrafficRules)
p, _ := os.FindProcess(os.Getpid())
p.Signal(syscall.SIGUSR1)
// TODO: monitor logs for more robust wait-until-reloaded
time.Sleep(1 * time.Second)
// After reloading psinet, the new sponsorID/expectedHomepageURL
// should be active, as tested in the client "Homepage" notice
// handler below.
}
// connect to server with client
// TODO: currently, TargetServerEntry only works with one tunnel
numTunnels := 1
localSOCKSProxyPort := 1081
localHTTPProxyPort := 8081
establishTunnelPausePeriodSeconds := 1
// Note: calling LoadConfig ensures all *int config fields are initialized
clientConfigJSON := `
{
"ClientPlatform" : "Android",
"ClientVersion" : "0",
"SponsorId" : "0",
"PropagationChannelId" : "0"
}`
clientConfig, _ := psiphon.LoadConfig([]byte(clientConfigJSON))
clientConfig.SponsorId = sponsorID
clientConfig.ConnectionWorkerPoolSize = numTunnels
clientConfig.TunnelPoolSize = numTunnels
clientConfig.DisableRemoteServerListFetcher = true
clientConfig.EstablishTunnelPausePeriodSeconds = &establishTunnelPausePeriodSeconds
clientConfig.TargetServerEntry = string(encodedServerEntry)
clientConfig.TunnelProtocol = runConfig.tunnelProtocol
clientConfig.LocalSocksProxyPort = localSOCKSProxyPort
clientConfig.LocalHttpProxyPort = localHTTPProxyPort
err = psiphon.InitDataStore(clientConfig)
if err != nil {
t.Fatalf("error initializing client datastore: %s", err)
}
controller, err := psiphon.NewController(clientConfig)
if err != nil {
t.Fatalf("error creating client controller: %s", err)
}
tunnelsEstablished := make(chan struct{}, 1)
homepageReceived := make(chan struct{}, 1)
verificationRequired := make(chan struct{}, 1)
verificationCompleted := make(chan struct{}, 1)
psiphon.SetNoticeOutput(psiphon.NewNoticeReceiver(
func(notice []byte) {
//fmt.Printf("%s\n", string(notice))
noticeType, payload, err := psiphon.GetNotice(notice)
if err != nil {
return
}
switch noticeType {
case "Tunnels":
// Do not set verification payload until tunnel is
// established. Otherwise will silently take no action.
controller.SetClientVerificationPayloadForActiveTunnels("")
count := int(payload["count"].(float64))
if count >= numTunnels {
sendNotificationReceived(tunnelsEstablished)
}
case "Homepage":
homepageURL := payload["url"].(string)
if homepageURL != expectedHomepageURL {
// TODO: wrong goroutine for t.FatalNow()
t.Fatalf("unexpected homepage: %s", homepageURL)
}
sendNotificationReceived(homepageReceived)
case "ClientVerificationRequired":
sendNotificationReceived(verificationRequired)
controller.SetClientVerificationPayloadForActiveTunnels(dummyClientVerificationPayload)
case "NoticeClientVerificationRequestCompleted":
sendNotificationReceived(verificationCompleted)
}
}))
controllerShutdownBroadcast := make(chan struct{})
controllerWaitGroup := new(sync.WaitGroup)
controllerWaitGroup.Add(1)
go func() {
defer controllerWaitGroup.Done()
controller.Run(controllerShutdownBroadcast)
}()
defer func() {
close(controllerShutdownBroadcast)
shutdownTimeout := time.NewTimer(20 * time.Second)
shutdownOk := make(chan struct{}, 1)
go func() {
controllerWaitGroup.Wait()
shutdownOk <- *new(struct{})
}()
select {
case <-shutdownOk:
case <-shutdownTimeout.C:
t.Fatalf("controller shutdown timeout exceeded")
}
}()
// Test: tunnels must be established, and correct homepage
// must be received, within 30 seconds
timeoutSignal := make(chan struct{})
go func() {
timer := time.NewTimer(30 * time.Second)
<-timer.C
close(timeoutSignal)
}()
waitOnNotification(t, tunnelsEstablished, timeoutSignal, "tunnel establish timeout exceeded")
waitOnNotification(t, homepageReceived, timeoutSignal, "homepage received timeout exceeded")
waitOnNotification(t, verificationRequired, timeoutSignal, "verification required timeout exceeded")
waitOnNotification(t, verificationCompleted, timeoutSignal, "verification completed timeout exceeded")
// Test: tunneled web site fetch
err = makeTunneledWebRequest(t, localHTTPProxyPort)
if err == nil {
if runConfig.denyTrafficRules {
t.Fatalf("unexpected tunneled web request success")
}
} else {
if !runConfig.denyTrafficRules {
t.Fatalf("tunneled web request failed: %s", err)
}
}
// Test: tunneled UDP packets
udpgwServerAddress := serverConfig.(map[string]interface{})["UDPInterceptUdpgwServerAddress"].(string)
err = makeTunneledNTPRequest(t, localSOCKSProxyPort, udpgwServerAddress)
if err == nil {
if runConfig.denyTrafficRules {
t.Fatalf("unexpected tunneled NTP request success")
}
} else {
if !runConfig.denyTrafficRules {
t.Fatalf("tunneled NTP request failed: %s", err)
}
}
}
func main() {
var generateTrafficRulesFilename string
var generateServerEntryFilename string
var generateLogFilename string
var generateServerIPaddress string
var generateServerNetworkInterface string
var generateWebServerPort int
var generateProtocolPorts stringListFlag
var configFilename string
flag.StringVar(
&generateTrafficRulesFilename,
"trafficRules",
server.SERVER_TRAFFIC_RULES_FILENAME,
"generate with this traffic rules `filename`")
flag.StringVar(
&generateServerEntryFilename,
"serverEntry",
server.SERVER_ENTRY_FILENAME,
"generate with this server entry `filename`")
flag.StringVar(
&generateLogFilename,
"logFilename",
"",
"set application log file name and path; blank for stderr")
flag.StringVar(
&generateServerIPaddress,
"ipaddress",
server.DEFAULT_SERVER_IP_ADDRESS,
"generate with this server `IP address`")
flag.StringVar(
&generateServerNetworkInterface,
"interface",
"",
"generate with server IP address from this `network-interface`")
flag.IntVar(
&generateWebServerPort,
"web",
0,
"generate with web server `port`; 0 for no web server")
flag.Var(
&generateProtocolPorts,
"protocol",
"generate with `protocol:port`; flag may be repeated to enable multiple protocols")
flag.StringVar(
&configFilename,
"config",
server.SERVER_CONFIG_FILENAME,
"run or generate with this config `filename`")
flag.Usage = func() {
fmt.Fprintf(os.Stderr,
"Usage:\n\n"+
"%s <flags> generate generates configuration files\n"+
"%s <flags> run runs configured services\n\n",
os.Args[0], os.Args[0])
flag.PrintDefaults()
}
flag.Parse()
args := flag.Args()
if len(args) < 1 {
flag.Usage()
os.Exit(1)
} else if args[0] == "generate" {
serverIPaddress := generateServerIPaddress
if generateServerNetworkInterface != "" {
var err error
serverIPaddress, err = psiphon.GetInterfaceIPAddress(generateServerNetworkInterface)
if err != nil {
fmt.Printf("generate failed: %s\n", err)
os.Exit(1)
}
}
tunnelProtocolPorts := make(map[string]int)
for _, protocolPort := range generateProtocolPorts {
parts := strings.Split(protocolPort, ":")
if len(parts) == 2 {
port, err := strconv.Atoi(parts[1])
if err != nil {
fmt.Printf("generate failed: %s\n", err)
os.Exit(1)
}
tunnelProtocolPorts[parts[0]] = port
}
}
configJSON, trafficRulesJSON, encodedServerEntry, err :=
server.GenerateConfig(
&server.GenerateConfigParams{
LogFilename: generateLogFilename,
ServerIPAddress: serverIPaddress,
EnableSSHAPIRequests: true,
WebServerPort: generateWebServerPort,
TunnelProtocolPorts: tunnelProtocolPorts,
TrafficRulesFilename: generateTrafficRulesFilename,
})
if err != nil {
fmt.Printf("generate failed: %s\n", err)
os.Exit(1)
}
err = ioutil.WriteFile(configFilename, configJSON, 0600)
if err != nil {
fmt.Printf("error writing configuration file: %s\n", err)
os.Exit(1)
}
err = ioutil.WriteFile(generateTrafficRulesFilename, trafficRulesJSON, 0600)
if err != nil {
fmt.Printf("error writing traffic rule configuration file: %s\n", err)
os.Exit(1)
}
err = ioutil.WriteFile(generateServerEntryFilename, encodedServerEntry, 0600)
if err != nil {
fmt.Printf("error writing server entry file: %s\n", err)
os.Exit(1)
}
} else if args[0] == "run" {
configJSON, err := ioutil.ReadFile(configFilename)
if err != nil {
fmt.Printf("error loading configuration file: %s\n", err)
os.Exit(1)
}
err = server.RunServices(configJSON)
if err != nil {
fmt.Printf("run failed: %s\n", err)
os.Exit(1)
}
}
}
