wiki:doc/NewGuardAlgorithmTesting

Version 2 (modified by asn, 2 years ago) (diff)

--

A few prop271 scenarios that must be tested:

  • Make iptables rule that emulates fascist firewall, then try algorithm with FascistFirewall turned on and off. Note performance difference.

iptables -A OUTPUT -p tcp --match multiport ! --dport 80,443 -j DROP

  • Make iptables rule that disables outgoing connections. Make sure that the sampled guards set size limit works.
  • Test bridges support
  • Test transition between modes using SIGHUP.
  • Switch between guard selections on the fly. Test flappiness.
  • Test circuit state machine (?)
  • Test guard retry schedule.
  • Test guard priority logic.
  • Test guard lifetime.
  • Test state loading / state saving.
  • Test internet-is-down heuristic.