firewall_leaks.rb 1.84 KB
Newer Older
1
Then(/^the firewall leak detector has detected (.*?) leaks$/) do |type|
2
3
  leaks = FirewallLeakCheck.new(@sniffer.pcap_file,
                                :accepted_hosts => get_all_tor_nodes)
4
5
6
  case type.downcase
  when 'ipv4 tcp'
    if leaks.ipv4_tcp_leaks.empty?
7
      leaks.save_pcap_file
8
9
10
11
      raise "Couldn't detect any IPv4 TCP leaks"
    end
  when 'ipv4 non-tcp'
    if leaks.ipv4_nontcp_leaks.empty?
12
      leaks.save_pcap_file
13
14
15
16
      raise "Couldn't detect any IPv4 non-TCP leaks"
    end
  when 'ipv6'
    if leaks.ipv6_leaks.empty?
17
      leaks.save_pcap_file
18
19
20
21
      raise "Couldn't detect any IPv6 leaks"
    end
  when 'non-ip'
    if leaks.nonip_leaks.empty?
22
      leaks.save_pcap_file
23
24
25
26
27
28
29
30
      raise "Couldn't detect any non-IP leaks"
    end
  else
    raise "Incorrect packet type '#{type}'"
  end
end

Given(/^I disable Tails' firewall$/) do
31
  $vm.execute("/usr/local/lib/do_not_ever_run_me")
32
  iptables = $vm.execute("iptables -L -n -v").stdout.chomp.split("\n")
33
34
35
36
37
38
39
40
41
42
  for line in iptables do
    if !line[/Chain (INPUT|OUTPUT|FORWARD) \(policy ACCEPT/] and
       !line[/pkts[[:blank:]]+bytes[[:blank:]]+target/] and
       !line.empty?
      raise "The Tails firewall was not successfully disabled:\n#{iptables}"
    end
  end
end

When(/^I do a TCP DNS lookup of "(.*?)"$/) do |host|
43
  lookup = $vm.execute("host -T #{host} #{SOME_DNS_SERVER}", :user => LIVE_USER)
44
45
46
47
  assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}")
end

When(/^I do a UDP DNS lookup of "(.*?)"$/) do |host|
48
  lookup = $vm.execute("host #{host} #{SOME_DNS_SERVER}", :user => LIVE_USER)
49
50
51
52
53
  assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}")
end

When(/^I send some ICMP pings$/) do
  # We ping an IP address to avoid a DNS lookup
intrigeri's avatar
intrigeri committed
54
  ping = $vm.execute("ping -c 5 #{SOME_DNS_SERVER}")
55
  assert(ping.success?, "Failed to ping #{SOME_DNS_SERVER}:\n#{ping.stderr}")
56
end