2 $vm.execute_successfully(
3 "get_all_ethernet_nics", :libs => 'hardware'
7 When /^I disable MAC spoofing in Tails Greeter$/ do
8 open_greeter_additional_settings()
9 @screen.wait_and_click("TailsGreeterMACSpoofing.png", 30)
10 @screen.wait_and_click("TailsGreeterDisableMACSpoofing.png", 10)
11 @screen.wait_and_click("TailsGreeterAdditionalSettingsAdd.png", 10)
14 Then /^the (\d+)(?:st|nd|rd|th) network device has (its real|a spoofed) MAC address configured$/ do |dev_nr, mode|
15 is_spoofed = (mode == "a spoofed")
16 alias_name = "net#{dev_nr.to_i - 1}"
17 nic_real_mac = $vm.real_mac(alias_name)
18 nic = "eth#{dev_nr.to_i - 1}"
19 nic_current_mac = $vm.execute_successfully(
20 "get_current_mac_of_nic #{nic}", :libs => 'hardware'
24 if nic_real_mac == nic_current_mac
25 raise "The MAC address was expected to be spoofed but wasn't"
28 if nic_real_mac != nic_current_mac
29 raise "The MAC address is spoofed but was expected to not be"
33 save_failure_artifact("Network capture", @sniffer.pcap_file)
38 Then /^no network device leaked the real MAC address$/ do
39 macs = $vm.all_real_macs
40 assert_all_connections(@sniffer.pcap_file) do |c|
42 not [c.mac_saddr, c.mac_daddr].include?(mac)
47 Then /^some network device leaked the real MAC address$/ do
48 assert_raise(FirewallAssertionFailedError) do
49 step 'no network device leaked the real MAC address'
53 Given /^macchanger will fail by not spoofing and always returns ([\S]+)$/ do |mode|
54 $vm.execute_successfully("mv /usr/bin/macchanger /usr/bin/macchanger.orig")
55 $vm.execute_successfully("ln -s /bin/#{mode} /usr/bin/macchanger")
58 Given /^no network interface modules can be unloaded$/ do
59 # Note that the real /sbin/modprobe is a symlink to /bin/kmod, and
60 # for it to run in modprobe compatibility mode the name must be
61 # exactly "modprobe", so we just move it somewhere our of the path
62 # instead of renaming it ".real" or whatever we usuablly do when
63 # diverting executables for wrappers.
64 modprobe_divert = "/usr/local/lib/modprobe"
65 $vm.execute_successfully(
66 "dpkg-divert --add --rename --divert '#{modprobe_divert}' /sbin/modprobe"
68 fake_modprobe_wrapper = <<EOF
70 if echo "${@}" | grep -q -- -r; then
73 exec '#{modprobe_divert}' "${@}"
75 $vm.file_append('/sbin/modprobe', fake_modprobe_wrapper)
76 $vm.execute_successfully("chmod a+rx /sbin/modprobe")
79 Then /^(\d+|no) network interface(?:s)? (?:is|are) enabled$/ do |expected_nr_nics|
80 # note that "no".to_i => 0 in Ruby.
81 expected_nr_nics = expected_nr_nics.to_i
82 nr_nics = all_ethernet_nics.size
83 assert_equal(expected_nr_nics, nr_nics)
86 Then /^the MAC spoofing panic mode disabled networking$/ do
87 nm_state = $vm.execute_successfully('systemctl show NetworkManager').stdout
88 nm_is_disabled = $vm.pidof('NetworkManager').empty? &&
89 nm_state[/^LoadState=masked$/] &&
90 nm_state[/^ActiveState=inactive$/]
91 assert(nm_is_disabled, "NetworkManager was not disabled")
92 all_ethernet_nics.each do |nic|
93 ["nic_ipv4_addr", "nic_ipv6_addr"].each do |function|
94 addr = $vm.execute_successfully(
95 "#{function} #{nic}", :libs => 'hardware'
97 assert_equal("", addr, "NIC #{nic} was assigned address #{addr}")
102 When /^I hotplug a network device( and wait for it to be initialized)?$/ do |wait|
103 initial_nr_nics = wait ? all_ethernet_nics.size : nil
104 # XXX:Buster: when we stop supporting the test suite on Stretch
105 # hosts, let's remove this workaround related to #14819 and just
106 # settle on a device that works on all supported platforms.
107 if cmd_helper('lsb_release --short --codename').chomp == 'stretch'
112 debug_log("Hotplugging a '#{device}' network device")
114 <interface type='network'>
116 <mac address='52:54:00:11:22:33'/>
117 <source network='TailsToasterNet'/>
118 <model type='#{device}'/>
125 all_ethernet_nics.size >= initial_nr_nics + 1