wiki:doc/NewGuardAlgorithmTesting

Version 5 (modified by asn, 22 months ago) (diff)

--

A few prop271 scenarios that must be tested:

Make iptables rule that emulates fascist firewall, then try algorithm with FascistFirewall turned on and off. Note performance difference

prop271 seems to work pretty well if you turn on FascistFirewall and join a fascist network: iptables -A OUTPUT -p tcp --match multiport ! --dport 80,443 -j DROP

Make iptables rule that disables outgoing connections. Make sure that the sampled guards set size limit works.

Test hardcoded entry guards (EntryNodes)

prop271 will not work at all with EntryNodes. It will fill up the sampled guards list, and then fail to find the right node.

Test bridges support

Basic bridge test with 1 bridge seems to work fine. SIGHUP also works fine transitioning between bridges and non-bridges.

Test transition between modes using SIGHUP

Basic testing seems to work. Managed to switch from "default" to "bridge" to "restricted" just with SIGHUP without any visible problems or leaks.

Switch between guard selections on the fly. Test flappiness

Test circuit state machine (?)

Test guard retry schedule

Test guard priority logic

Test guard lifetime

Test state loading / state saving

Test internet-is-down heuristic