diff options
Diffstat (limited to 'cucumber/features/step_definitions/firewall_leaks.rb')
| -rw-r--r-- | cucumber/features/step_definitions/firewall_leaks.rb | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/cucumber/features/step_definitions/firewall_leaks.rb b/cucumber/features/step_definitions/firewall_leaks.rb new file mode 100644 index 00000000..942d00b8 --- /dev/null +++ b/cucumber/features/step_definitions/firewall_leaks.rb @@ -0,0 +1,56 @@ +Then(/^the firewall leak detector has detected (.*?) leaks$/) do |type| + leaks = FirewallLeakCheck.new(@sniffer.pcap_file, + :accepted_hosts => get_all_tor_nodes) + case type.downcase + when 'ipv4 tcp' + if leaks.ipv4_tcp_leaks.empty? + leaks.save_pcap_file + raise "Couldn't detect any IPv4 TCP leaks" + end + when 'ipv4 non-tcp' + if leaks.ipv4_nontcp_leaks.empty? + leaks.save_pcap_file + raise "Couldn't detect any IPv4 non-TCP leaks" + end + when 'ipv6' + if leaks.ipv6_leaks.empty? + leaks.save_pcap_file + raise "Couldn't detect any IPv6 leaks" + end + when 'non-ip' + if leaks.nonip_leaks.empty? + leaks.save_pcap_file + raise "Couldn't detect any non-IP leaks" + end + else + raise "Incorrect packet type '#{type}'" + end +end + +Given(/^I disable Tails' firewall$/) do + $vm.execute("/usr/local/lib/do_not_ever_run_me") + iptables = $vm.execute("iptables -L -n -v").stdout.chomp.split("\n") + for line in iptables do + if !line[/Chain (INPUT|OUTPUT|FORWARD) \(policy ACCEPT/] and + !line[/pkts[[:blank:]]+bytes[[:blank:]]+target/] and + !line.empty? + raise "The Tails firewall was not successfully disabled:\n#{iptables}" + end + end +end + +When(/^I do a TCP DNS lookup of "(.*?)"$/) do |host| + lookup = $vm.execute("host -T #{host} #{SOME_DNS_SERVER}", :user => LIVE_USER) + assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}") +end + +When(/^I do a UDP DNS lookup of "(.*?)"$/) do |host| + lookup = $vm.execute("host #{host} #{SOME_DNS_SERVER}", :user => LIVE_USER) + assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}") +end + +When(/^I send some ICMP pings$/) do + # We ping an IP address to avoid a DNS lookup + ping = $vm.execute("ping -c 5 #{SOME_DNS_SERVER}") + assert(ping.success?, "Failed to ping #{SOME_DNS_SERVER}:\n#{ping.stderr}") +end |