Test suite: always check for firewall leaks (#5644) · Issues · tails / tails

Test suite: always check for firewall leaks

Originally created by Tails on #5644 (Redmine)

Should we check for firewall leaks in every scenario, or at least, in every scenario that involves the Internet?

If we want to fully replace the manual leak check we’ve been doing until now, yes, we do want this. I don’t see why we would not want this. Feel free to re-add a todo/discuss tag (and perhaps raise the discussion on tails-dev) if there’s some good reason I’ve missed that makes it worth discussing this any further. —intrigeri

Actually, we don’t want to do it for all features/scenarios involving the Internet (think about e.g. unsafe_browser.feature). Instead we could:

add a tag @uses_tor (which is relevant for other things, like retrying when Tor fails (#5770 (closed))) to all features/scenarios that uses Tor.
add a Before('@uses_tor') hook that starts the sniffer, and a After('@uses_tor') hook that check for leaks.

Looks good. —intrigeri

We’d still keep the current firewall leak checker steps for the features and scenarios that need more control, like the firewall_leaks.feature:s anti-tests.

Implemented in branch test/firewall-check-tag (note: it depends on branch test/reorg being merged first). Once merged, please remove the following test (and sub-tests) from the manual test suite:

Verify that all destinations reached from an intensive Tails session are tor routers or authorities …

Feature Branch: test/7821-tor

Related issues

Related to #7821 (closed)

_Originally created by Tails on [#5644 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/5644)_

Should we check for firewall leaks in every scenario, or at least, in
every scenario that involves the Internet?

> If we want to fully replace the manual leak check we’ve been doing
> until now, yes, we do want this. I don’t see why we would *not* want
> this. Feel free to re-add a `todo/discuss` tag (and perhaps raise the
> discussion on tails-dev) if there’s some good reason I’ve missed that
> makes it worth discussing this any further. —intrigeri

Actually, we don’t want to do it for all features/scenarios involving
the Internet (think about e.g. `unsafe_browser.feature`). Instead we
could:

1.  add a tag `@uses_tor` (which is relevant for other things, like
    retrying when Tor fails (tails/tails#5770)) to all features/scenarios that
    uses Tor.
2.  add a `Before('@uses_tor')` hook that starts the sniffer, and a
    `After('@uses_tor')` hook that check for leaks.

> Looks good. —intrigeri

We’d still keep the current firewall leak checker steps for the features
and scenarios that need more control, like the
`firewall_leaks.feature`:s anti-tests.

Implemented in branch `test/firewall-check-tag` (note: it depends on
branch `test/reorg` being merged first). Once merged, please remove the
following test (and sub-tests) from the [manual test
suite](https://tails.boum.org/contribute/release_process/test/):

- Verify that all destinations reached from an intensive Tails session
    are tor routers or authorities …

Feature Branch: test/7821-tor

### Related issues

- **Related to** tails/tails#7821

Edited May 15, 2020 by import-from-Redmine

To upload designs, you'll need to enable LFS. More information