Tutorial

This section provides a step-by-step guide to using NoPASARAN, including various scenarios and the setup of an end-to-end control channel.

Scenarios

Here are some example scenarios that demonstrate the basic usage of NoPASARAN.

• Introduction to Scenarios
• Introduction to Primitives
• Introduction to Variables
• Introduction to Guards
• Introduction to Nested State Machines
• Introduction to the Establishment of Control Channels
• Introduction to Sync Messages

Control Channel

To establish an end-to-end control channel in NoPASARAN, you can follow the steps outlined in the “TLS Mutual Authenticated End-to-End Tunnel” tutorial:

• TLS Mutual Authenticated End-to-End Tunnel

Node Certificates

SSH authentication are used to enhance security through mutual authentication. These certificates are issued by a certification authority for key management.

• SSH Certificates & Node Authentication

Temporary Section: Unaddressed Problems

This section deals with problems that have not been addressed yet.

Handling Kernel Packets After Receiving Raw Packets

When using raw packets in NoPASARAN, the kernel might still send certain packets that are not intended to be part of the scenarios. To prevent these unwanted packets from affecting the testing environment, we can drop specific types of packets using iptables:

1. Drop output ICMP packets for UDP with “host unreachable” message:

iptables -A OUTPUT -p icmp --icmp-type destination-unreachable -j DROP

2. Drop output TCP packets with the “RST” (reset) flag set:

iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP

These rules ensure that the kernel does not send unwanted packets, maintaining the integrity and predictability of the scenarios involving raw packets.