nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-22 22:14:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,383 Commits 53 Branches 629 Tags 108 MiB
b6c8a14bf3
Commit Graph

2689 Commits

Author SHA1 Message Date
Nick Mathewson
84458b79a7 Log more OpenSSL engine statuses at startup. 
Fixes ticket 10043; patch from Joshua Datko.
 2013-11-18 11:12:24 -05:00
Nick Mathewson
fbc20294aa Merge branch 'backtrace_squashed' 
Conflicts:
	src/common/sandbox.c
	src/common/sandbox.h
	src/common/util.c
	src/or/main.c
	src/test/include.am
	src/test/test.c
 2013-11-18 11:00:16 -05:00
Nick Mathewson
c2dfae78d3 Refactor format_*_number_sigsafe to have a common implementation 2013-11-18 10:43:16 -05:00
Nick Mathewson
c3ea946839 Reseolve DOCDOC and XXXXs in backtrace.c 2013-11-18 10:43:15 -05:00
Nick Mathewson
d631ddfb59 Make backtrace handler handle signals correctly. 
This meant moving a fair bit of code around, and writing a signal
cleanup function.  Still pretty nice from what I can tell, though.
 2013-11-18 10:43:15 -05:00
Nick Mathewson
ce8ae49c94 Improve new assertion message logging 
Don't report that a failure happened in the assertion_failed function just
because we logged it from there.
 2013-11-18 10:43:15 -05:00
Nick Mathewson
bd8ad674b9 Add a sighandler-safe logging mechanism 
We had accidentially grown two fake ones: one for backtrace.c, and one
for sandbox.c.  Let's do this properly instead.

Now, when we configure logs, we keep track of fds that should get told
about bad stuff happening from signal handlers.  There's another entry
point for these that avoids using non-signal-handler-safe functions.
 2013-11-18 10:43:15 -05:00
Nick Mathewson
063bea58bc Basic backtrace ability 
On platforms with the backtrace/backtrace_symbols_fd interface, Tor
can now dump stack traces on assertion failure.  By default, I log
them to DataDir/stack_dump and to stderr.
 2013-11-18 10:43:14 -05:00
Nick Mathewson
7a2b30fe16 Merge remote-tracking branch 'origin/maint-0.2.4' 
Conflicts:
	src/or/relay.c

Conflict changes were easy; compilation fixes required were using
using TOR_SIMPLEQ_FIRST to get head of cell queue.
 2013-11-15 15:35:00 -05:00
Nick Mathewson
59f50c80d4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 
Conflicts:
	src/or/or.h
	src/or/relay.c

Conflicts were simple to resolve.  More fixes were needed for
compilation, including: reinstating the tv_to_msec function, and renaming
*_conn_cells to *_chan_cells.
 2013-11-15 15:29:24 -05:00
Nick Mathewson
61029d6926 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-31 14:03:01 -04:00
Nick Mathewson
1b312f7b55 Merge remote-tracking branch 'public/bug9780_024_v2' into maint-0.2.4 2013-10-31 14:02:28 -04:00
Nick Mathewson
0e8ee795d9 Merge remote-tracking branch 'public/bug6055_v2_024' into maint-0.2.4 2013-10-31 13:14:39 -04:00
Nick Mathewson
0546edde66 Merge branch 'bug1376' 2013-10-11 12:51:15 -04:00
Nick Mathewson
7ef9ecf6b3 Fix some whitespace; tighten the tests. 2013-10-11 12:51:07 -04:00
Nick Mathewson
3d817fa29c Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-10 11:18:17 -04:00
Nick Mathewson
7b1b8c3694 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-10-10 11:18:07 -04:00
Nick Mathewson
004a9c6dd1 Fix unit test for format_helper_exit_status 
Fix format_helper_exit_status to allow full HEX_ERRNO_SIZE answers,
*and* increase the buffer length again.
 2013-10-10 11:15:35 -04:00
Nick Mathewson
97285bc465 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-10 10:55:58 -04:00
Nick Mathewson
1137817319 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-10-10 10:55:24 -04:00
Nick Mathewson
9de456a303 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-08 16:47:49 -04:00
Nick Mathewson
b8abadedd3 When examining interfaces to find an address, discard non-up ones. 
Patch from "hantwister" on trac. Fixes bug #9904; bugfix on
0.2.3.11-alpha.
 2013-10-08 16:46:29 -04:00
Nick Mathewson
72c1e5acfe Switch ECDHE group default logic for bridge/relay TLS 
According to the manpage, bridges use P256 for conformity and relays
use P224 for speed. But skruffy points out that we've gotten it
backwards in the code.

In this patch, we make the default P256 for everybody.

Fixes bug 9780; bugfix on 0.2.4.8-alpha.
 2013-10-08 16:32:07 -04:00
Nick Mathewson
17bcfb2604 Raise buffer size, fix checks for format_exit_helper_status. 
This is probably not an exploitable bug, since you would need to have
errno be a large negative value in the unix pluggable-transport launcher
case.  Still, best avoided.

Fixes bug 9928; bugfix on 0.2.3.18-rc.
 2013-10-08 11:13:21 -04:00
Nick Mathewson
090bff2dca Merge remote-tracking branch 'public/bug6055_v2_024' 2013-09-25 14:35:18 -04:00
Nick Mathewson
ad763a336c Re-enable TLS 1.[12] when building with OpenSSL >= 1.0.1e 
To fix #6033, we disabled TLS 1.1 and 1.2.  Eventually, OpenSSL fixed
the bug behind #6033.

I've considered alternate implementations that do more testing to see
if there's secretly an OpenSSL 1.0.1c or something that secretly has a
backport of the OpenSSL 1.0.1e fix, and decided against it on the
grounds of complexity.
 2013-09-25 14:34:24 -04:00
Nick Mathewson
1825674bd3 Fix a memory leak on getaddrinfo in sandbox. Found by coverity 2013-09-16 22:38:02 -04:00
Nick Mathewson
4ea9fbcdb1 Clean up malloc issues in sandbox.c 
tor_malloc returns void *; in C, it is not necessary to cast a
void* to another pointer type before assigning it.

tor_malloc fails with an error rather than returning NULL; it's not
necessary to check its output. (In one case, doing so annoyed Coverity.)
 2013-09-16 22:34:42 -04:00
Nick Mathewson
25a3ae922f Merge remote-tracking branch 'Ryman/bug6384' 
Conflicts:
	src/or/config.c
	src/or/main.c
 2013-09-13 12:55:53 -04:00
Nick Mathewson
f4db0f429a Fix a windows compilation warning from sandboxing branch 2013-09-13 12:43:18 -04:00
Nick Mathewson
e0b2cd061b Merge remote-tracking branch 'ctoader/gsoc-cap-stage2' 
Conflicts:
	src/common/sandbox.c
 2013-09-13 12:31:41 -04:00
Cristian Toader
7cf1b9cc33 fixed compilation bug on i386 due to previous fix 2013-09-12 15:38:14 +03:00
Cristian Toader
d2836c8780 bug fix: syscalls send and recv not supported for x86_64 with libseccomp 1.0.1 2013-09-12 15:30:28 +03:00
Cristian Toader
0a3d1685ae remove debugging code 2013-09-12 14:12:56 +03:00
Cristian Toader
4702cdc99d added extra buffer and limit to mprotect not to exceed the length of that buffer 2013-09-12 13:43:06 +03:00
Nick Mathewson
6a11b6f97d Fix osx compilation again, hopefully better this time. 2013-09-11 13:53:33 -04:00
Cristian Toader
79f94e236b added filter protection for string parameter memory 2013-09-10 14:35:11 +03:00
Cristian Toader
8e003b1c69 fixed socket syscall bug 2013-09-10 00:42:36 +03:00
Cristian Toader
3802cae959 fixed compilation error on i386 linux by moving sandbox_cfg_t definition 2013-09-10 00:04:43 +03:00
Nick Mathewson
d91c776f61 Fix check-spaces 2013-09-09 16:00:40 -04:00
Nick Mathewson
49f9c4924e Fix compilation on OSX 2013-09-09 15:59:41 -04:00
Nick Mathewson
e9ec0cb550 Do not try to add non-existent syscalls. 2013-09-09 15:37:45 -04:00
Nick Mathewson
a6ada1a50c Fix a warning related to SCMP_CMP definition in header. 
SCMP_CMP(a,b,c) leaves the fourth field of the structure undefined,
giving a missing-initializer error.  All of our uses are
three-argument, so I'm overriding the default.
 2013-09-09 15:16:30 -04:00
Nick Mathewson
cc35d8be84 Fix most of the --enable-gcc-warnings warnings in the sandbox code 2013-09-09 15:14:50 -04:00
Nick Mathewson
42e6ab0e14 Remove a usage of free() 2013-09-09 14:58:15 -04:00
Nick Mathewson
00fd0cc5f9 Basic compilation fixes. 2013-09-09 14:55:47 -04:00
Cristian Toader
340cca524f added missing documentation for sandbox functions 2013-09-06 21:41:45 +03:00
Cristian Toader
6a22b29641 passing hints as a const pointer to sandbox_getaddrinfo(), also one tor_free macro fails to compile.. 2013-09-06 12:39:56 +03:00
Cristian Toader
839ff0063d replaced strdup with tor_strdup 2013-09-06 12:30:01 +03:00
Cristian Toader
2a6c34750d replaced malloc/free with tor_malloc/tor_free 2013-09-06 12:29:15 +03:00
Cristian Toader
42f5737c81 switched string lengths from int to size_t in prot_strings() 2013-09-06 12:26:50 +03:00
Kevin Butler
0f070e7858 Added test for new write_chunks_to_file behaviour in #1376. 2013-09-04 23:25:41 +01:00
Kevin Butler
b539b37205 Fixed leak and added minor documentation for #6384. 2013-09-04 02:56:06 +01:00
Nick Mathewson
9b2a0f5c75 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-03 15:41:50 -04:00
Nick Mathewson
d819663b66 Avoid a double-close on one failing case of the socketpair replacement code 
Fix for bug 9400, spotted by coverity. Bug introduced in revision 2cb4f7a4
(subversion revision r389).
 2013-09-03 15:38:25 -04:00
Cristian Toader
55d8b8e578 fixed bug where sandbox_getaddrinfo() would fail when -Sandbox is 0 2013-09-03 16:37:12 +03:00
Cristian Toader
b4b0eddd29 switched to a more generic way of handling the sandbox configuration 2013-09-02 13:54:43 +03:00
Cristian Toader
fe6e2733ab added contingency message to test for sandbox_getaddrinfo 2013-09-02 12:16:02 +03:00
Cristian Toader
c584537a03 make check-spaces fix 2013-09-02 11:45:09 +03:00
Cristian Toader
1ef0b2e1a3 changed how sb getaddrinfo works such that it supports storing multiple results 2013-09-02 11:44:04 +03:00
Kevin Butler
6e17fa6d7b Added --library-versions flag to print the compile time and runtime versions of libevent, openssl and zlib. Partially implements #6384. 2013-09-01 17:38:01 +01:00
Kevin Butler
1bdb391ed0 Added no_tempfile parameter to write_chunks_to_file to do non-atomic writes. Implements #1376. 2013-09-01 00:24:07 +01:00
Cristian Toader
3e803a1f18 make check-spaces fix 2013-08-29 16:53:12 +03:00
Cristian Toader
1118bd9910 switched from multiple mmap to one 2013-08-29 16:51:05 +03:00
Cristian Toader
f93ba9a2ef documentation update for _array functions 2013-08-29 15:44:01 +03:00
Cristian Toader
d5f43b5254 _array filter functions now rely on final NULL parameter 2013-08-29 15:42:30 +03:00
Cristian Toader
ce04d2a622 replaced boolean char with int 2013-08-29 15:19:49 +03:00
Cristian Toader
8e2b9d2844 small fixes in documentation and sandbox_getaddrinfo() 2013-08-29 12:41:17 +03:00
Cristian Toader
6cae5d706c Added doxygen struct doc and replaced func() with funct(void) 2013-08-28 20:01:52 +03:00
Cristian Toader
8b8f87a06a removed PARAM_LEN 2013-08-28 19:56:42 +03:00
Cristian Toader
b121ca581d make check-spaces fix 2013-08-26 21:28:30 +03:00
Cristian Toader
15d420b564 fix: accept4 for 64 bit 2013-08-26 20:06:46 +03:00
Cristian Toader
b10472f92b small open syscall modification (just in case) 2013-08-21 19:01:01 +03:00
Cristian Toader
bc19ea100c make check-spaces fixes 2013-08-21 17:57:15 +03:00
Cristian Toader
ed4968315e fix: sandbox_intern_string log clean up 2013-08-21 13:43:44 +03:00
Cristian Toader
8aa5517ff6 fix: flock filter update 2013-08-21 13:38:00 +03:00
Cristian Toader
71612f00ae fixed openssl open syscall, fixed sandbox_getaddrinfo 2013-08-20 13:10:07 +03:00
Cristian Toader
36aeca0ecf fix for getaddrinfo open syscall 2013-08-19 13:56:50 +03:00
Cristian Toader
a9910d89f1 finalised fix on libevent open string issue 2013-08-19 11:41:46 +03:00
Cristian Toader
c09b11b6d8 updated filters 2013-08-16 01:43:09 +03:00
Nick Mathewson
74262f1571 Merge branch 'bug5040_4773_rebase_3' 2013-08-15 12:04:56 -04:00
George Kadianakis
c5269a59b0 Test ExtORPort cookie initialization when file writing is broken. 2013-08-15 12:03:38 -04:00
Nick Mathewson
fd6749203e More unit tests for handle_client_auth_nonce 
Incidentally, this business here where I make crypto_rand mockable:
this is exactly the kind of thing that would make me never want to
include test-support stuff in production builds.
 2013-08-15 12:03:37 -04:00
Cristian Toader
863dd4d4b3 received feedback and fixed (partly) the socket filters 2013-08-15 00:23:51 +03:00
Cristian Toader
372e0f91fd added comments for sandbox.h 2013-08-15 00:09:07 +03:00
Cristian Toader
e2a7b484f4 partial libevent open fix 2013-08-14 23:03:38 +03:00
Cristian Toader
8a85a48b9d attempt to add stat64 filename filters; failed due to getaddrinfo.. 2013-08-12 21:14:43 +03:00
Cristian Toader
44a4464cf6 fixed memory leak, added array filter support 2013-08-10 18:04:48 +03:00
Cristian Toader
89b39db003 updated filters to work with orport 2013-08-09 19:07:20 +03:00
Cristian Toader
b3a8c08a92 orport progress (not functional), nickm suggested fixes 2013-08-07 13:13:12 +03:00
Nick Mathewson
031e695aa5 Use SOCKET_OK/TOR_INVALID_SOCKET in socketpair replacement code 2013-08-06 16:41:53 -04:00
Cristian Toader
a960e56c68 multi-configuration support using sandbox_t struct 2013-08-05 16:01:31 +03:00
Cristian Toader
356b646976 added execve and multi-configuration support 2013-08-05 15:40:23 +03:00
Cristian Toader
d897690fc7 fixes suggested by nickm 2013-08-05 14:17:46 +03:00
Andrea Shepard
468e44a0ef Fix tor_get_lines_from_handle() for make check-spaces 2013-08-02 18:49:57 -07:00
Nick Mathewson
48a4ef3f6a Fixed "unused parameter cloexec" warnings on windows 2013-08-02 10:52:57 -04:00
Nick Mathewson
d6adf05582 Split the socketpair replacement code into its own function for testing 2013-08-02 10:36:01 -04:00
Nick Mathewson
e25eb35f11 Actually use the cloexec argument in the !defined(SOCK_CLOEXEC) case 2013-08-02 10:04:21 -04:00
Peter Retzlaff
ebd4ab1506 Prepare patch for ticket 5129 for merging. 
- Preserve old eventdns code.
- Add function to close sockets cross-platform, without accounting.
- Add changes/ file.
 2013-08-02 09:35:24 -04:00
Nick Mathewson
5405688223 Fix compilation on Windows 
(Bugfix on tests for #9288 fix; bug not in any released Tor)
 2013-07-31 14:19:29 -04:00
Nick Mathewson
904a58d10f Merge branch 'bug9288_rebased' 
Conflicts:
	src/test/test_pt.c
 2013-07-31 13:51:15 -04:00
George Kadianakis
2e7c531fdc Prepare some mock functions to test #9288. 2013-07-31 13:34:16 -04:00
Cristian Toader
dde3ed385b removed access, set_robust_list, set_thread_area, set_tid_address, uname; added sb_poll 2013-07-31 12:05:10 +03:00
Cristian Toader
313cbe6e24 sigprocmask, epoll_ctl, prctl, mprotect, flock, futex, mremap 2013-07-31 11:35:25 +03:00
Cristian Toader
f0840ed4c9 epoll_ctl 2013-07-31 00:27:14 +03:00
Cristian Toader
5fc0e13db8 fcntl64 2013-07-30 23:52:54 +03:00
Cristian Toader
686cf4c0ff clean stable version 2013-07-30 23:43:42 +03:00
Cristian Toader
c1f5f1842e fully switched to function pointers; problems with socketcall parameters 2013-07-30 23:20:08 +03:00
Cristian Toader
442f256f25 switched to a design using filters as function pointer arrays 2013-07-30 21:23:30 +03:00
Cristian Toader
5baea85189 removed open flags (postponed), added mmap2 flags 2013-07-30 19:37:28 +03:00
Cristian Toader
871e5b35a8 small filter changes; openat as separate function 2013-07-30 19:25:56 +03:00
Cristian Toader
8022def6f0 added openat parameter filter 2013-07-29 16:30:39 +03:00
Cristian Toader
6d5b0367f6 Changes as suggested by nickm 
- char* to const char* and name refactoring
- workaround for accept4 syscall
 2013-07-29 14:46:47 +03:00
Cristian Toader
8f9d3da194 Investigated access4 syscall problem, small changes to filter. 2013-07-26 19:53:05 +03:00
Cristian Toader
626a2b23de integrated context for dynamic filters 2013-07-25 14:08:02 +03:00
Cristian Toader
3dfe1c0639 initia stages of runtime dynamic filters 2013-07-25 13:25:20 +03:00
Cristian Toader
abe082e7d0 dynamic parameter filter bug fixes 2013-07-24 17:15:57 +03:00
Cristian Toader
962d814e52 dynamic parameter filter (prototype, not tested) 2013-07-24 17:06:06 +03:00
Cristian Toader
e1410f20d7 added support for multiple parameters 2013-07-23 14:22:31 +03:00
Cristian Toader
c15d09293b added experimental support for open syscall path param 2013-07-23 14:01:53 +03:00
Cristian Toader
8b12170f23 added support for numeric parameters, tested with rt_sigaction 2013-07-23 10:49:56 +03:00
Cristian Toader
7cf1dbfd51 changed paramfilter type to intptr_t 2013-07-23 10:14:25 +03:00
Nick Mathewson
f6d8bc9389 Refactor the assertion-failure code into a function 2013-07-19 13:40:20 -04:00
Nick Mathewson
5343ee1a06 Add a signal-safe decimal formatting function 2013-07-19 13:26:25 -04:00
Cristian Toader
8dfa5772e7 (undo) git test.. 2013-07-18 18:28:55 +03:00
Cristian Toader
b0725c964b git test.. 2013-07-18 18:28:10 +03:00
Cristian Toader
e7e2efb717 Added getter for protected parameter 2013-07-18 18:21:37 +03:00
Cristian Toader
673349c42e Repair of some of the lost parameter filters history 2013-07-18 18:03:10 +03:00
Nick Mathewson
b551988ef4 Merge branch 'bug8929_rebase_2' 2013-07-18 08:45:13 -04:00
Nick Mathewson
713ff2f5ef Document what "escape" means in tor_escape_str_for_pt_args 2013-07-18 08:45:03 -04:00
George Kadianakis
1a0cf08841 Rename tor_escape_str_for_socks_arg() to something more generic. 
Since we are going to be using that function to also escape parameters
passed to transport proxies using environment variables.
 2013-07-18 08:45:03 -04:00
George Kadianakis
ea72958f25 Pass characters to be escaped to tor_escape_str_for_socks_arg(). 
This is in preparation for using tor_escape_str_for_socks_arg() to
escape server-side pluggable transport parameters.
 2013-07-18 08:45:02 -04:00
Nick Mathewson
85178e2e93 Use format_hex_number_sigsafe to format syscalls in sandbox.c 
This way, we don't have to use snprintf, which is not guaranteed to
be signal-safe.

(Technically speaking, strlen() and strlcpy() are not guaranteed to
be signal-safe by the POSIX standard. But I claim that they are on
every platform that supports libseccomp2, which is what matters
here.)
 2013-07-15 13:07:09 -04:00
Nick Mathewson
9fda7e8cd1 Lightly refactor and test format_hex_number_sigsafe 
Better tests for upper bounds, and for failing cases.

Also, change the function's interface to take a buffer length rather
than a maximum length, and then NUL-terminate: functions that don't
NUL-terminate are trouble waiting to happen.
 2013-07-15 12:52:29 -04:00
Nick Mathewson
22977b7c1d Expose format_hex_number_..., and rename it to ..._sigsafe(). 
There are some other places in the code that will want a signal-safe
way to format numbers, so it shouldn't be static to util.c.
 2013-07-15 12:26:55 -04:00
Nick Mathewson
449b2b7c58 Don't build format_helper_exit_status on win32 
The only thing that used format_helper_exit_status on win32 was the
unit tests. This caused an error when we tried to leave a static
format_helper_exit_status lying around in a production object file.

The easiest solution is to admit that this way of dealing with process
exit status is Unix-only.
 2013-07-15 12:17:23 -04:00
Nick Mathewson
c0391bae75 Merge remote-tracking branch 'public/fancy_test_tricks' 
Conflicts:
	src/common/include.am

Conflict was from adding testsupport.h near where sandbox.h had
already been added.
 2013-07-15 12:02:18 -04:00
Peter Palfrader
2cb59be999 Fix two pre-coffee typos 2013-07-15 09:43:37 -04:00
Peter Palfrader
5cc52b242e Document get_parent_directory more 2013-07-15 09:04:17 -04:00
Roger Dingledine
6848e29307 cosmetic cleanups 2013-07-14 02:49:34 -04:00
Roger Dingledine
de7cdc0d94 put sandbox.h in the tarball, so the tarball builds 2013-07-13 20:31:18 -04:00
Nick Mathewson
aac732322a Merge remote-tracking branch 'public/gsoc-ctoader-cap-phase1-squashed' 2013-07-12 17:12:43 -04:00
Cristian Toader
f9c1ba6493 Add a basic seccomp2 syscall filter on Linux 
It's controlled by the new Sandbox argument.  Right now, it's rather
coarse-grained, it's Linux-only, and it may break some features.
 2013-07-11 09:13:13 -04:00
Nick Mathewson
b6e8c74667 Add rudimentary test mocking support. 
This is not the most beautiful possible implementation (it requires
decorating mockable functions with ugly macros), but it actually
works, and is portable across multiple compilers and architectures.
 2013-07-10 15:22:16 -04:00
Nick Mathewson
17e9fc09c3 Coverage support: build with --enable-coverage to have tests run with gcov 
If you pass the --enable-coverage flag on the command line, we build
our testing binaries with appropriate options eo enable coverage
testing.  We also build a "tor-cov" binary that has coverage enabled,
for integration tests.

On recent OSX versions, test coverage only works with clang, not gcc.
So we warn about that.

Also add a contrib/coverage script to actually run gcov with the
appropriate options to generate useful .gcov files.  (Thanks to
automake, the .o files will not have the names that gcov expects to
find.)

Also, remove generated gcda and gcno files on clean.
 2013-07-10 15:22:16 -04:00
Nick Mathewson
a3e0a87d95 Completely refactor how FILENAME_PRIVATE works 
We previously used FILENAME_PRIVATE identifiers mostly for
identifiers exposed only to the unit tests... but also for
identifiers exposed to the benchmarker, and sometimes for
identifiers exposed to a similar module, and occasionally for no
really good reason at all.

Now, we use FILENAME_PRIVATE identifiers for identifiers shared by
Tor and the unit tests.  They should be defined static when we
aren't building the unit test, and globally visible otherwise. (The
STATIC macro will keep us honest here.)

For identifiers used only by the unit tests and never by Tor at all,
on the other hand, we wrap them in #ifdef TOR_UNIT_TESTS.

This is not the motivating use case for the split test/non-test
build system; it's just a test example to see how it works, and to
take a chance to clean up the code a little.
 2013-07-10 15:20:10 -04:00
Nick Mathewson
f7d654b81e Start work on fancy compiler tricks to expose extra stuff to our tests 
This is mainly a matter of automake trickery: we build each static
library in two versions now: one with the TOR_UNIT_TESTS macro
defined, and one without.  When TOR_UNIT_TESTS is defined, we can
enable mocking and expose more functions. When it's not defined, we
can lock the binary down more.

The alternatives would be to have alternate build modes: a "testing
configuration" for building the libraries with test support, and a
"production configuration" for building them without.  I don't favor
that approach, since I think it would mean more people runnning
binaries build for testing, or more people not running unit tests.
 2013-07-10 15:20:09 -04:00
Nick Mathewson
b5d1fded3d Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-18 10:25:30 -04:00
Nick Mathewson
d3063da691 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 
Conflicts:
	src/or/config.c
	src/or/relay.c
 2013-06-18 10:23:03 -04:00
Nick Mathewson
2e1fe1fcf9 Implement a real OOM-killer for too-long circuit queues. 
This implements "algorithm 1" from my discussion of bug #9072: on OOM,
find the circuits with the longest queues, and kill them.  It's also a
fix for #9063 -- without the side-effects of bug #9072.

The memory bounds aren't perfect here, and you need to be sure to
allow some slack for the rest of Tor's usage.

This isn't a perfect fix; the rest of the solutions I describe on
codeable.
 2013-06-18 10:15:16 -04:00