-
Notifications
You must be signed in to change notification settings - Fork 3
Test support matrix
Sam Burnett edited this page Dec 5, 2013
·
15 revisions
Summary of OONI tests, which are in https://github.com/TheTorProject/ooni-probe/tree/master/ooni/nettests:
-
blocking/tcp_connect.py: Whether we can establish a TCP connection to a given host:port -
blocking/dnsconsistency.py: Whether sending the same DNS query to multiple resolvers yields any common results. -
blocking/http_requests.py: Compare response headers and response body lengths to the same URL over two channels. -
experimental/tls_handshake.py: Negotiate a TLS handshake by emulating OpenSSL's handshake state machine. -
experimental/dns_injection.py: Send DNS requests to an invalid DNS resolver. -
experimental/http_keyword_filtering.py: Send HTTP requests with keywords in the request body, for GET and POST requests. -
experimental/squid.py: Various techniques for checking for transparent Squid proxying. -
experimental/parasitictraceroute.py: Traceroute over TCP. -
experimental/bridge_reachability/echo.py: Simple echo test; not sure why it's here. -
experimental/bridge_reachability/bridget.py: Connect to a list of Tor relays and bridges using Tor. -
experimental/http_uk_mobile_networks.py: Check URLs for redirection to known block pages by UK ISPs. -
experimental/chinatrigger.py: Port of Philipp Winter's test for Chinese active Tor bridge scanning. -
experimental/domclass_collector.py: Compute Eigenvalues of DOM contents (?) -
experimental/keyword_filtering.py: Put keywords in raw TCP streams. -
experimental/http_trix.py: More Squid testing. -
experimental/http_filtering_bypassing.py: Various tricks for bypassing HTTP filters. -
manipulation/traceroute.py: ICMP, UDP, and TCP traceroutes. -
manipulation/captiveportal.py: Various tests for presence of captive portals. -
manipulation/http_header_field_manipulation.py: Check whether there's a middlebox that modifies HTTP header capitalization. -
manipulation/http_host.py: Check for transparent HTTP proxy using a backend helper and comparison to known block pages. -
manipulation/daphne.py: Given a PCAP trace of a censored connection, replay the trace many times, each time twiddling a few bits until the connection succeeds. -
manipulation/http_invalid_request_line.py: See what happens when we send slightly invalid HTTP requests. -
manipulation/dnsspoof.py: Test whether DNS lookups to two resolvers match. -
third_party/netalyzr.py: Run Netalyzr inside OONI. -
scanning/http_url_list.py: Performs GET, POST and PUT HTTP requests and checks if the result exactly matches a known block page.
This table summarizes which tests will be supported using Censorscope's sandboxed API. The current censorscope API supports basic DNS, TCP and HTTP primitives. Among other features, the future censorscope API anticipates adding raw packet generation and capture support that require root access (e.g., using raw sockets and libpcap). Some platforms cannot support these features because of lack of root access.
Note that this matrix only indicates whether the censorscope API is capable of supporting these tests. We haven't yet implemented many of the tests supported by the current API.
Many tests require OONI backend infrastructure, which might be operational for quite some time. (We could set up our own instances, though.)
| Test | Current Censorscope API | Future Censorscope API | Future Censorscope API w/o root |
|---|---|---|---|
| OONI | |||
| blocking/tcp_connect.py | ✔ | ✔ | ✔ |
| blocking/dnsconsistency.py | ✘ | ✔ | ✔ |
| blocking/http_requests.py | ✘ | ✔ | ✔ |
| experimental/tls_handshake.py | ✘ | ✔ | ✔ |
| experimental/dns_injection.py | ✔ | ✔ | ✔ |
| experimental/http_keyword_filtering.py | ✘ | ✔ | ✔ |
| experimental/squid.py | ✘ | ✔ | ✔ |
| experimental/parasitictraceroute.py | ✘ | ✔ | ✘ |
| experimental/bridge_reachability/echo.py | ✘ | ✔ | ✔ |
| experimental/bridge_reachability/bridget.py | ✘ | ✔ | ✔ |
| experimental/http_uk_mobile_networks.py | ✔ | ✔ | ✔ |
| experimental/chinatrigger.py | ✘ | ✔ | ✘ |
| experimental/domclass_collector.py | ✔ | ✔ | ✔ |
| experimental/keyword_filtering.py | ✘ | ✔ | ✔ |
| experimental/http_trix.py | ✘ | ✔ | ✔ |
| experimental/http_filtering_bypassing.py | ✘ | ✔ | ✔ |
| manipulation/traceroute.py | ✘ | ✔ | ✘ |
| manipulation/captiveportal.py | ✔ | ✔ | ✔ |
| manipulation/http_header_field_manipulation.py | ✘ | ✔ | ✔ |
| manipulation/http_host.py | ✘ | ✔ | ✔ |
| manipulation/daphne.py | ✘ | ✔ | ✘ |
| manipulation/http_invalid_request_line.py | ✘ | ✔ | ✔ |
| manipulation/dnsspoof.py | ✔ | ✔ | ✔ |
| third_party/netalyzr.py | ✘ | ✘ | ✔ |
| scanning/http_url_list.py | ✘ | ✔ | ✔ |
| Internet Censorship Lab (Python) | |||
| fieldClient/ponyfunctions.py:pony_ping | ✘ | ✔ | ✘ |
| fieldClient/ponyfunctions.py:pony_traceroute | ✘ | ✔ | ✘ |
| fieldClient/ponyfunctions.py:pony_fasttraceroute | ✘ | ✔ | ✘ |
| fieldClient/ponyfunctions.py:pony_dns | ✔ | ✔ | ✔ |
| fieldClient/ponyfunctions.py:pony_gethttp | ✔ | ✔ | ✔ |
| RIPE Atlas | |||
| ping | ✘ | ✔ | ✘ |
| traceroute | ✘ | ✔ | ✘ |
| dns | ✔ | ✔ | ✔ |
| sslcert | ✘ | ✔ | ✔ |
| Dasu | |||
| ping | ✘ | ✔ | ✘ |
| traceroute | ✘ | ✔ | ✘ |
| ndt | ✘ | ✘ | ✘ |
| dns | ✔ | ✔ | ✔ |
| http | ✔ | ✔ | ✔ |