tinyjafar

command

v0.27.0 Latest Latest Go to latest Published: Dec 13, 2023 License: GPL-3.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ooni/probe-engine

Links

Open Source Insights

README ¶

internal/cmd/tinyjafar

This directory builds a program you can use to provoke simple network interference conditions, as described in detail below.

To build, use:

go build -v ./internal/cmd/tinyjafar

Any requirement that applies to building OONI Probe also applies to building this small helper program, since they use the same base library.

The command line interface is backwards compatible with the one implemented by the original jafar except that tinyjafar only supports iptables flags.

To use this tool, you must be on Linux and have iptables installed. We do not use this tool for QA, but it is mentioned in tutorials.

Drop traffic towards a given IP address

In one console, run:

./tinyjafar -iptables-drop-ip 130.192.16.171

The program will run some iptables commands showing each command it runs. These commands configure iptables to block some internet traffic and the blocking will stay in place until you interrupt tinyjafar using Ctrl-C. When existing, tinyjafar will undo all the commands it executed when starting up.

While tinyjafar is running, in another console try this command:

curl -v https://nexa.polito.it/

If the IP address has not changed since writing this README, the curl command should eventually timeout when connecting.

Drop packets containing an hex sequence

./tinyjafar -iptables-drop-keyword-hex "|07 65 78 61 6d 70 6c 65 03 63 6f 6d|"

and

dig @8.8.8.8 www.example.com

The tinyjafar invocation drops DNS queries for www.example.com.

Drop packets containing a string

./tinyjafar -iptables-drop-keyword ooni.org

and

curl -v https://ooni.org/

We expect cURL to timeout during the TLS handshake since we're blocking the string that appears in the SNI field.

Preventing TCP-connecting to a host

./tinyjafar -iptables-reset-ip 130.192.16.171

and

curl -v https://nexa.polito.it/

This should fail with "connection refused".

Resetting a TCP connection containing an hex pattern

./tinyjafar -iptables-reset-keyword-hex "|6F 6F 6E 69|"

and

curl -v https://ooni.org/

This should reset the TCP connection because the TLS Client Hello contains "ooni" (6F 6F 6E 69 in hex).

Resetting a TCP connection containing a string pattern

`console ./tinyjafar -iptables-reset-keyword ooni


and

```console
curl -v https://ooni.org/

Documentation ¶

Overview ¶

Command tinyjafar implements a subset of the CLI flags of the original jafar tool. Because several tutorials mention some jafar commands, we want to have a tiny tool to support exploration.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL