Documentation
¶
Overview ¶
Package selfcensor contains code that triggers censorship. We use this functionality to implement integration tests.
The self censoring functionality is disabled by default. To enable it, call Enable with a JSON-serialized Spec structure as its argument.
The following example causes NXDOMAIN to be returned for `dns.google`:
selfcensor.Enable(`{"PoisonSystemDNS":{"dns.google":["NXDOMAIN"]}}`)
The following example blocks connecting to `8.8.8.8:443`:
selfcensor.Enable(`{"BlockedEndpoints":{"8.8.8.8:443":"REJECT"}}`)
The following example blocks packets containing dns.google:
selfcensor.Enable(`{"BlockedFingerprints":{"dns.google":"RST"}}`)
The documentation of the Spec structure contains further information on how to populate the JSON. Miniooni uses the `--self-censor-spec flag` to which you are supposed to pass a serialized JSON.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultDialer = SystemDialer{}
DefaultDialer is the dialer you should use in code that wants to take advantage of selfcensor capabilities.
Functions ¶
func Attempts ¶
func Attempts() int64
Attempts returns the number of self censorship attempts so far. A self censorship attempt is defined as the code entering into the branch that _may_ perform self censorship. We expected to see this counter being equal to zero when Enabled() returns false.
func Enable ¶
Enable turns on the self censorship engine. This function returns an error if we cannot parse a Spec from the serialized JSON inside data. Each time you call Enable you overwrite the previous spec.
func MaybeEnable ¶
MaybeEnable is like enable except that it does nothing in case the string provided as argument is an empty string.
Types ¶
type Spec ¶
type Spec struct {
// PoisonSystemDNS allows you to change the behaviour of the system
// DNS regarding specific domains. They keys are the domains and the
// values are the IP addresses to return. If you set the values for
// a domain to `[]string{"NXDOMAIN"}`, the system resolver will return
// an NXDOMAIN response. If you set the values for a domain to
// `[]string{"TIMEOUT"}` the system resolver will return "i/o timeout".
PoisonSystemDNS map[string][]string
// BlockedEndpoints allows you to block specific IP endpoints. The key is
// `IP:port` to block. The format is the same of net.JoinHostPort. If
// the value is "REJECT", then the connection attempt will fail with
// ECONNREFUSED. If the value is "TIMEOUT", then the connector will return
// claiming "i/o timeout". If the value is anything else, we will
// perform a "REJECT".
BlockedEndpoints map[string]string
// BlockedFingerprints allows you to block packets whose body contains
// specific fingerprints. Of course, the key is the fingerprint. If
// the value is "RST", then the connection will be reset. If the value
// is "TIMEOUT", then the code will return claiming "i/o timeout". If
// the value is anything else, we will perform a "RST".
BlockedFingerprints map[string]string
}
Spec indicates what self censorship techniques to implement.
type SystemDialer ¶
type SystemDialer struct{}
SystemDialer is a self-censoring system dialer. This dialer does not censor anything unless you call selfcensor.Enable().
func (SystemDialer) DialContext ¶
DialContext implements Dialer.DialContext
type SystemResolver ¶
type SystemResolver struct{}
SystemResolver is a self-censoring system resolver. This resolver does not censor anything unless you call selfcensor.Enable().
func (SystemResolver) Address ¶
func (r SystemResolver) Address() string
Address implements Resolver.Address
func (SystemResolver) LookupHost ¶
LookupHost implements Resolver.LookupHost
func (SystemResolver) Network ¶
func (r SystemResolver) Network() string
Network implements Resolver.Network
Source Files