Version 7 (modified by 2 years ago) (diff) | ,
---|
A few prop271 scenarios that must be tested:
Make iptables rule that simulates FascistFirewall, then try connecting with FascistFirewall. See if it works.
prop271 seems to work pretty well if you turn on FascistFirewall and join a fascist network:
iptables -A OUTPUT -p tcp --match multiport ! --dport 80,443 -j DROP
Make iptables rule that simulates FascistFirewall, then try connecting without FascistFirewall. Note differences between old and new algo.
prop271 will not work well in a fascist firewall environment, if FascistFirewall is not turned on. It will basically get stuck on the first primary guard for a long time. Need to check whether old code was behaving better.
Make iptables rule that disables outgoing connections. Make sure that the sampled guards set size limit works.
Test hardcoded entry guards (EntryNodes
)
prop271 will not work at all with
EntryNodes
. It will fill up the sampled guards list, and then fail to find the right node.
Test bridges support
Basic bridge test with 1 bridge seems to work fine. SIGHUP also works fine transitioning between bridges and non-bridges.
Test transition between modes using SIGHUP
Basic testing seems to work. Managed to switch from "default" to "bridge" to "restricted" just with SIGHUP without any visible problems or leaks.