Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T tails
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 937
    • Issues 937
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 27
    • Merge requests 27
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • tails
  • tails
  • Issues
  • #5644

Test suite: always check for firewall leaks

Originally created by Tails on #5644 (Redmine)

Should we check for firewall leaks in every scenario, or at least, in every scenario that involves the Internet?

If we want to fully replace the manual leak check we’ve been doing until now, yes, we do want this. I don’t see why we would not want this. Feel free to re-add a todo/discuss tag (and perhaps raise the discussion on tails-dev) if there’s some good reason I’ve missed that makes it worth discussing this any further. —intrigeri

Actually, we don’t want to do it for all features/scenarios involving the Internet (think about e.g. unsafe_browser.feature). Instead we could:

  1. add a tag @uses_tor (which is relevant for other things, like retrying when Tor fails (#5770 (closed))) to all features/scenarios that uses Tor.
  2. add a Before('@uses_tor') hook that starts the sniffer, and a After('@uses_tor') hook that check for leaks.

Looks good. —intrigeri

We’d still keep the current firewall leak checker steps for the features and scenarios that need more control, like the firewall_leaks.feature:s anti-tests.

Implemented in branch test/firewall-check-tag (note: it depends on branch test/reorg being merged first). Once merged, please remove the following test (and sub-tests) from the manual test suite:

  • Verify that all destinations reached from an intensive Tails session are tor routers or authorities …

Feature Branch: test/7821-tor

Related issues

  • Related to #7821 (closed)
Edited May 15, 2020 by import-from-Redmine
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking