Test suite: always check for firewall leaks

Should we check for firewall leaks in every scenario, or at least, in every scenario that involves the Internet?

If we want to fully replace the manual leak check we’ve been doing until now, yes, we do want this. I don’t see why we would not want this. Feel free to re-add a todo/discuss tag (and perhaps raise the discussion on tails-dev) if there’s some good reason I’ve missed that makes it worth discussing this any further. —intrigeri

Actually, we don’t want to do it for all features/scenarios involving the Internet (think about e.g. unsafe_browser.feature). Instead we could:

1. add a tag @uses_tor (which is relevant for other things, like retrying when Tor fails (#5770 (closed))) to all features/scenarios that uses Tor.
2. add a Before('@uses_tor') hook that starts the sniffer, and a After('@uses_tor') hook that check for leaks.

Looks good. —intrigeri

We’d still keep the current firewall leak checker steps for the features and scenarios that need more control, like the firewall_leaks.feature:s anti-tests.

Implemented in branch test/firewall-check-tag (note: it depends on branch test/reorg being merged first). Once merged, please remove the following test (and sub-tests) from the manual test suite:

• Verify that all destinations reached from an intensive Tails session are tor routers or authorities …

Feature Branch: test/7821-tor

Related issues

• Related to #7821 (closed)

Original created by @tails on 5644 (Redmine)