Commit a95482a9 authored by Tails developers's avatar Tails developers
Browse files

Capture network traffic based on source MAC address, rather than on source IPv4 address.

This may allow us to detect more kinds of leaks.
parent 303f9969
......@@ -108,7 +108,7 @@ Given /^I capture all network traffic$/ do
# Note: We don't want skip this particular stpe if
# @skip_steps_while_restoring_background is set since it starts
# something external to the VM state.
@sniffer = Sniffer.new("TestSniffer", @vm.net.bridge_name, @vm.ip)
@sniffer = Sniffer.new("TestSniffer", @vm.net.bridge_name, @vm.mac)
@sniffer.capture
end
......
......@@ -14,16 +14,16 @@ class Sniffer
attr_reader :name, :pcap_file, :pid
def initialize(name, bridge_name, ip)
def initialize(name, bridge_name, mac)
@name = name
@bridge_name = bridge_name
@ip = ip
@mac = mac
@pcap_file = "#{$tmp_dir}/#{name}.pcap"
end
# FIXME: Do we also want to keep "dst host #{@ip}"? We should if we
# FIXME: Do we also want to keep "ether dst host #{@mac}"? We should if we
# want to test the firewall's INPUT dropping.
def capture(filter="src host #{@ip}")
def capture(filter="ether src host #{@mac}")
job = IO.popen("/usr/sbin/tcpdump -n -i #{@bridge_name} -w #{@pcap_file} -U #{filter} >/dev/null 2>&1")
@pid = job.pid
end
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment