miniooni: add --remote=REMOTE functionality #2340
Assignees
Labels
enhancement
improving existing code or new feature
methodology
issues related to the testing methodology
ooni/probe-engine
priority/medium
research prototype
Comments
bassosimone
added
enhancement
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
Oct 12, 2022
This functionality has slightly changed since when we removed it in ooni/probe#2224. Nevertheless, in #969, we determined that something like the previous TProxy, with small changes, was required to support ooni/probe#2340.
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
Oct 12, 2022
We originally removed the TProxy in ooni/probe#2224. Nevertheless, in #969, we determined that something like the previous TProxy, with small changes, was required to support ooni/probe#2340. So, this pull request reintroduces a slightly-modified TProxy functionality that better adapts to the `--remote=REMOTE` use case.
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
Oct 12, 2022
This change ensures that, in turn, we're able to remote all the traffic generated by geolocate, rather than missing some bits of it that were still using the standard library. Extracted from #969. Closes ooni/probe#1383. Part of ooni/probe#2340.
bassosimone
added a commit
to ooni/probe-cli
that referenced
this issue
Oct 12, 2022
This change ensures that, in turn, we're able to "remote" all the traffic generated by the `geolocate` package, rather than missing some bits of it that were still using the standard library and caused _some_ geolocations to geolocate as the local host rather than as the remote host. Extracted from #969, where we tested this functionality. Closes ooni/probe#1383 (which was long overdue). Part of ooni/probe#2340, because it allows us to make progress with that.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This functionality has been discussed with @ainghazal for quite some time now. The general idea is that we are able to capture all the traffic generated by a miniooni instance and "remote" the traffic to a remote endpoint using a transport.
The main use case for this functionality seems to run integration testing inside a network where we implement censorship.
An additional use case could be to use a remote endpoint as the "exit node" for miniooni measurements.
We cannot easily implement this functionality with an all encompassing socks5 proxy because we also include QUIC and we would like to preserve the fact that QUIC is over UDP. More generally, we would like to preserve the property that miniooni is using a network stack and gets real network stack errors. To make this possible, we will use an userspace network stack such as gvisor, and we'll inject the packets arriving on the remote host using a TUN device.
A prototype of this functionality is available at ooni/probe-cli#969.
This design seems the best candidate for some sort of "Jafar 2.0" functionality (see #1803).
The text was updated successfully, but these errors were encountered: