features/step_definitions/firewall_leaks.rb

   1 Then(/^the firewall leak detector has detected (.*?) leaks$/) do |type|
   2   next if @skip_steps_while_restoring_background
   3   leaks = FirewallLeakCheck.new(@sniffer.pcap_file, get_tor_relays)
   4   case type.downcase
   5   when 'ipv4 tcp'
   6     if leaks.ipv4_tcp_leaks.empty?
   7       save_pcap_file
   8       raise "Couldn't detect any IPv4 TCP leaks"
   9     end
  10   when 'ipv4 non-tcp'
  11     if leaks.ipv4_nontcp_leaks.empty?
  12       save_pcap_file
  13       raise "Couldn't detect any IPv4 non-TCP leaks"
  14     end
  15   when 'ipv6'
  16     if leaks.ipv6_leaks.empty?
  17       save_pcap_file
  18       raise "Couldn't detect any IPv6 leaks"
  19     end
  20   when 'non-ip'
  21     if leaks.nonip_leaks.empty?
  22       save_pcap_file
  23       raise "Couldn't detect any non-IP leaks"
  24     end
  25   else
  26     raise "Incorrect packet type '#{type}'"
  27   end
  28 end
  29
  30 Given(/^I disable Tails' firewall$/) do
  31   next if @skip_steps_while_restoring_background
  32   @vm.execute("/usr/local/sbin/do_not_ever_run_me")
  33   iptables = @vm.execute("iptables -L -n -v").stdout.chomp.split("\n")
  34   for line in iptables do
  35     if !line[/Chain (INPUT|OUTPUT|FORWARD) \(policy ACCEPT/] and
  36        !line[/pkts[[:blank:]]+bytes[[:blank:]]+target/] and
  37        !line.empty?
  38       raise "The Tails firewall was not successfully disabled:\n#{iptables}"
  39     end
  40   end
  41 end
  42
  43 When(/^I do a TCP DNS lookup of "(.*?)"$/) do |host|
  44   next if @skip_steps_while_restoring_background
  45   lookup = @vm.execute("host -T #{host} #{$some_dns_server}", $live_user)
  46   assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}")
  47 end
  48
  49 When(/^I do a UDP DNS lookup of "(.*?)"$/) do |host|
  50   next if @skip_steps_while_restoring_background
  51   lookup = @vm.execute("host #{host} #{$some_dns_server}", $live_user)
  52   assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}")
  53 end
  54
  55 When(/^I send some ICMP pings$/) do
  56   next if @skip_steps_while_restoring_background
  57   # We ping an IP address to avoid a DNS lookup
  58   ping = @vm.execute("ping -c 5 #{$some_dns_server}", $live_user)
  59   assert(ping.success?, "Failed to ping #{$some_dns_server}:\n#{ping.stderr}")
  60 end