diff options
Diffstat (limited to 'features/tor_enforcement.feature')
| -rw-r--r-- | features/tor_enforcement.feature | 76 |
1 files changed, 0 insertions, 76 deletions
diff --git a/features/tor_enforcement.feature b/features/tor_enforcement.feature deleted file mode 100644 index 164220a2..00000000 --- a/features/tor_enforcement.feature +++ /dev/null @@ -1,76 +0,0 @@ -#10497: wait_until_tor_is_working -@product @fragile -Feature: The Tor enforcement is effective - As a Tails user - I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked - And as a Tails developer - I want to ensure that the automated test suite detects firewall leaks reliably - - Scenario: Tails' Tor binary is configured to use the expected Tor authorities - Given I have started Tails from DVD and logged in and the network is connected - Then the Tor binary is configured to use the expected Tor authorities - - Scenario: The firewall configuration is very restrictive - Given I have started Tails from DVD and logged in and the network is connected - Then the firewall's policy is to drop all IPv4 traffic - And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 - And the firewall's NAT rules only redirect traffic for Tor's TransPort and DNSPort - And the firewall is configured to block all external IPv6 traffic - - @fragile - Scenario: Anti test: Detecting IPv4 TCP leaks from the Unsafe Browser with the firewall leak detector - Given I have started Tails from DVD and logged in and the network is connected - And I capture all network traffic - When I successfully start the Unsafe Browser - And I open the address "https://check.torproject.org" in the Unsafe Browser - And I see "UnsafeBrowserTorCheckFail.png" after at most 60 seconds - Then the firewall leak detector has detected IPv4 TCP leaks - - Scenario: Anti test: Detecting IPv4 TCP leaks of TCP DNS lookups with the firewall leak detector - Given I have started Tails from DVD and logged in and the network is connected - And I capture all network traffic - And I disable Tails' firewall - When I do a TCP DNS lookup of "torproject.org" - Then the firewall leak detector has detected IPv4 TCP leaks - - Scenario: Anti test: Detecting IPv4 non-TCP leaks (UDP) of UDP DNS lookups with the firewall leak detector - Given I have started Tails from DVD and logged in and the network is connected - And I capture all network traffic - And I disable Tails' firewall - When I do a UDP DNS lookup of "torproject.org" - Then the firewall leak detector has detected IPv4 non-TCP leaks - - Scenario: Anti test: Detecting IPv4 non-TCP (ICMP) leaks of ping with the firewall leak detector - Given I have started Tails from DVD and logged in and the network is connected - And I capture all network traffic - And I disable Tails' firewall - When I send some ICMP pings - Then the firewall leak detector has detected IPv4 non-TCP leaks - - @check_tor_leaks - Scenario: The Tor enforcement is effective at blocking untorified TCP connection attempts - Given I have started Tails from DVD and logged in and the network is connected - When I open an untorified TCP connections to 1.2.3.4 on port 42 that is expected to fail - Then the untorified connection fails - And the untorified connection is logged as dropped by the firewall - - @check_tor_leaks - Scenario: The Tor enforcement is effective at blocking untorified UDP connection attempts - Given I have started Tails from DVD and logged in and the network is connected - When I open an untorified UDP connections to 1.2.3.4 on port 42 that is expected to fail - Then the untorified connection fails - And the untorified connection is logged as dropped by the firewall - - @check_tor_leaks @fragile - Scenario: The Tor enforcement is effective at blocking untorified ICMP connection attempts - Given I have started Tails from DVD and logged in and the network is connected - When I open an untorified ICMP connections to 1.2.3.4 that is expected to fail - Then the untorified connection fails - And the untorified connection is logged as dropped by the firewall - - Scenario: The system DNS is always set up to use Tor's DNSPort - Given I have started Tails from DVD without network and logged in - And the system DNS is using the local DNS resolver - And the network is plugged - And Tor is ready - Then the system DNS is still using the local DNS resolver |