[tor-commits] [tor/master] Merge branch 'backtrace_squashed'
nickm at torproject.org
nickm at torproject.org
Mon Nov 18 16:04:37 UTC 2013
commit fbc20294aaf67f9434d5b1e107b8e1c43e42a3a4
Merge: 7a2b30f c81f64a
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Nov 18 11:00:16 2013 -0500
Merge branch 'backtrace_squashed'
Conflicts:
src/common/sandbox.c
src/common/sandbox.h
src/common/util.c
src/or/main.c
src/test/include.am
src/test/test.c
.gitignore | 2 +
LICENSE | 33 ++++++++
changes/stack_trace | 8 ++
configure.ac | 9 +++
m4/pc_from_ucontext.m4 | 131 ++++++++++++++++++++++++++++++
src/common/backtrace.c | 202 +++++++++++++++++++++++++++++++++++++++++++++++
src/common/backtrace.h | 12 +++
src/common/include.am | 2 +
src/common/log.c | 140 +++++++++++++++++++++++++++-----
src/common/sandbox.c | 47 ++---------
src/common/sandbox.h | 3 -
src/common/torlog.h | 8 +-
src/common/util.c | 111 +++++++++++++++++---------
src/common/util.h | 17 ++--
src/or/config.c | 3 +-
src/or/main.c | 10 ++-
src/test/bt_test.py | 42 ++++++++++
src/test/include.am | 12 +++
src/test/test.c | 3 +
src/test/test_bt_cl.c | 110 ++++++++++++++++++++++++++
src/test/test_logging.c | 135 +++++++++++++++++++++++++++++++
src/test/test_util.c | 51 ++++++++++++
22 files changed, 977 insertions(+), 114 deletions(-)
diff --cc src/common/sandbox.c
index aaba9c7,a37c74e..7ef577d
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@@ -373,1154 -265,34 +373,1121 @@@ sb_openat(scmp_filter_ctx ctx, sandbox_
return 0;
}
-#endif // USE_LIBSECCOMP
+/**
+ * Function responsible for setting up the socket syscall for
+ * the seccomp filter sandbox.
+ */
+static int
+sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+ (void) filter;
+
+#ifdef __i386__
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 0);
+ if (rc)
+ return rc;
+#endif
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 3,
+ SCMP_CMP(0, SCMP_CMP_EQ, PF_FILE),
+ SCMP_CMP(1, SCMP_CMP_EQ, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK),
+ SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_IP));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 3,
+ SCMP_CMP(0, SCMP_CMP_EQ, PF_INET),
+ SCMP_CMP(1, SCMP_CMP_EQ, SOCK_STREAM|SOCK_CLOEXEC),
+ SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_TCP));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 3,
+ SCMP_CMP(0, SCMP_CMP_EQ, PF_INET),
+ SCMP_CMP(1, SCMP_CMP_EQ, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK),
+ SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_IP));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 3,
+ SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
+ SCMP_CMP(1, SCMP_CMP_EQ, SOCK_RAW),
+ SCMP_CMP(2, SCMP_CMP_EQ, 0));
+ if (rc)
+ return rc;
+
+ return 0;
+}
/**
- * Enables the stage 1 general sandbox. It applies a syscall filter which does
- * not restrict any Tor features. The filter is representative for the whole
- * application.
+ * Function responsible for setting up the socketpair syscall for
+ * the seccomp filter sandbox.
*/
-int
-tor_global_sandbox(void)
+static int
+sb_socketpair(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
+ int rc = 0;
+ (void) filter;
-#if defined(USE_LIBSECCOMP)
- return initialise_libseccomp_sandbox();
+#ifdef __i386__
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketpair), 0);
+ if (rc)
+ return rc;
+#endif
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketpair), 2,
+ SCMP_CMP(0, SCMP_CMP_EQ, PF_FILE),
+ SCMP_CMP(1, SCMP_CMP_EQ, SOCK_STREAM|SOCK_CLOEXEC));
+ if (rc)
+ return rc;
-#elif defined(_WIN32)
- log_warn(LD_BUG,"Windows sandboxing is not implemented. The feature is "
- "currently disabled.");
return 0;
+}
+
+/**
+ * Function responsible for setting up the setsockopt syscall for
+ * the seccomp filter sandbox.
+ */
+static int
+sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+ (void) filter;
+
+#ifdef __i386__
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt), 0);
+ if (rc)
+ return rc;
+#endif
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt), 2,
+ SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET),
+ SCMP_CMP(2, SCMP_CMP_EQ, SO_REUSEADDR));
+ if (rc)
+ return rc;
-#elif defined(TARGET_OS_MAC)
- log_warn(LD_BUG,"Mac OSX sandboxing is not implemented. The feature is "
- "currently disabled");
return 0;
-#else
- log_warn(LD_BUG,"Sandboxing is not implemented for your platform. The "
- "feature is currently disabled");
+}
+
+/**
+ * Function responsible for setting up the getsockopt syscall for
+ * the seccomp filter sandbox.
+ */
+static int
+sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+ (void) filter;
+
+#ifdef __i386__
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt), 0);
+ if (rc)
+ return rc;
+#endif
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt), 2,
+ SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET),
+ SCMP_CMP(2, SCMP_CMP_EQ, SO_ERROR));
+ if (rc)
+ return rc;
+
+ return 0;
+}
+
+#ifdef __NR_fcntl64
+/**
+ * Function responsible for setting up the fcntl64 syscall for
+ * the seccomp filter sandbox.
+ */
+static int
+sb_fcntl64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl64), 1,
+ SCMP_CMP(1, SCMP_CMP_EQ, F_GETFL));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl64), 2,
+ SCMP_CMP(1, SCMP_CMP_EQ, F_SETFL),
+ SCMP_CMP(2, SCMP_CMP_EQ, O_RDWR|O_NONBLOCK));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl64), 1,
+ SCMP_CMP(1, SCMP_CMP_EQ, F_GETFD));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl64), 2,
+ SCMP_CMP(1, SCMP_CMP_EQ, F_SETFD),
+ SCMP_CMP(2, SCMP_CMP_EQ, FD_CLOEXEC));
+ if (rc)
+ return rc;
+
return 0;
+}
#endif
+
+/**
+ * Function responsible for setting up the epoll_ctl syscall for
+ * the seccomp filter sandbox.
+ *
+ * Note: basically allows everything but will keep for now..
+ */
+static int
+sb_epoll_ctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+ (void) filter;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(epoll_ctl), 1,
+ SCMP_CMP(1, SCMP_CMP_EQ, EPOLL_CTL_ADD));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(epoll_ctl), 1,
+ SCMP_CMP(1, SCMP_CMP_EQ, EPOLL_CTL_MOD));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(epoll_ctl), 1,
+ SCMP_CMP(1, SCMP_CMP_EQ, EPOLL_CTL_DEL));
+ if (rc)
+ return rc;
+
+ return 0;
+}
+
+/**
+ * Function responsible for setting up the fcntl64 syscall for
+ * the seccomp filter sandbox.
+ *
+ * NOTE: if multiple filters need to be added, the PR_SECCOMP parameter needs
+ * to be whitelisted in this function.
+ */
+static int
+sb_prctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+ (void) filter;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_DUMPABLE));
+ if (rc)
+ return rc;
+
+ return 0;
+}
+
+/**
+ * Function responsible for setting up the fcntl64 syscall for
+ * the seccomp filter sandbox.
+ *
+ * NOTE: does not NEED to be here.. currently only occurs before filter; will
+ * keep just in case for the future.
+ */
+static int
+sb_mprotect(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+ (void) filter;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 1,
+ SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 1,
+ SCMP_CMP(2, SCMP_CMP_EQ, PROT_NONE));
+ if (rc)
+ return rc;
+
+ return 0;
+}
+
+/**
+ * Function responsible for setting up the rt_sigprocmask syscall for
+ * the seccomp filter sandbox.
+ */
+static int
+sb_rt_sigprocmask(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+ (void) filter;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, SIG_UNBLOCK));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, SIG_SETMASK));
+ if (rc)
+ return rc;
+
+ return 0;
}
+/**
+ * Function responsible for setting up the flock syscall for
+ * the seccomp filter sandbox.
+ *
+ * NOTE: does not need to be here, occurs before filter is applied.
+ */
+static int
+sb_flock(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+ (void) filter;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(flock), 1,
+ SCMP_CMP(1, SCMP_CMP_EQ, LOCK_EX|LOCK_NB));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(flock), 1,
+ SCMP_CMP(1, SCMP_CMP_EQ, LOCK_UN));
+ if (rc)
+ return rc;
+
+ return 0;
+}
+
+/**
+ * Function responsible for setting up the futex syscall for
+ * the seccomp filter sandbox.
+ */
+static int
+sb_futex(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+ (void) filter;
+
+ // can remove
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(futex), 1,
+ SCMP_CMP(1, SCMP_CMP_EQ,
+ FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(futex), 1,
+ SCMP_CMP(1, SCMP_CMP_EQ, FUTEX_WAKE_PRIVATE));
+ if (rc)
+ return rc;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(futex), 1,
+ SCMP_CMP(1, SCMP_CMP_EQ, FUTEX_WAIT_PRIVATE));
+ if (rc)
+ return rc;
+
+ return 0;
+}
+
+/**
+ * Function responsible for setting up the mremap syscall for
+ * the seccomp filter sandbox.
+ *
+ * NOTE: so far only occurs before filter is applied.
+ */
+static int
+sb_mremap(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+ (void) filter;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mremap), 1,
+ SCMP_CMP(3, SCMP_CMP_EQ, MREMAP_MAYMOVE));
+ if (rc)
+ return rc;
+
+ return 0;
+}
+
+/**
+ * Function responsible for setting up the poll syscall for
+ * the seccomp filter sandbox.
+ */
+static int
+sb_poll(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+ (void) filter;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(poll), 2,
+ SCMP_CMP(1, SCMP_CMP_EQ, 1),
+ SCMP_CMP(2, SCMP_CMP_EQ, 10));
+ if (rc)
+ return rc;
+
+ return 0;
+}
+
+#ifdef __NR_stat64
+/**
+ * Function responsible for setting up the stat64 syscall for
+ * the seccomp filter sandbox.
+ */
+static int
+sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc = 0;
+ sandbox_cfg_t *elem = NULL;
+
+ // for each dynamic parameter filters
+ for (elem = filter; elem != NULL; elem = elem->next) {
+ smp_param_t *param = elem->param;
+
+ if (param != NULL && param->prot == 1 && (param->syscall == SCMP_SYS(open)
+ || param->syscall == SCMP_SYS(stat64))) {
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(stat64), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, param->value));
+ if (rc != 0) {
+ log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
+ "libseccomp error %d", rc);
+ return rc;
+ }
+ }
+ }
+
+ return 0;
+}
+#endif
+
+/**
+ * Array of function pointers responsible for filtering different syscalls at
+ * a parameter level.
+ */
+static sandbox_filter_func_t filter_func[] = {
+ sb_rt_sigaction,
+ sb_rt_sigprocmask,
+ sb_execve,
+ sb_time,
+ sb_accept4,
+#ifdef __NR_mmap2
+ sb_mmap2,
+#endif
+ sb_open,
+ sb_openat,
+#ifdef __NR_fcntl64
+ sb_fcntl64,
+#endif
+ sb_epoll_ctl,
+ sb_prctl,
+ sb_mprotect,
+ sb_flock,
+ sb_futex,
+ sb_mremap,
+ sb_poll,
+#ifdef __NR_stat64
+ sb_stat64,
+#endif
+
+ sb_socket,
+ sb_setsockopt,
+ sb_getsockopt,
+ sb_socketpair
+};
+
+const char*
+sandbox_intern_string(const char *str)
+{
+ sandbox_cfg_t *elem;
+
+ if (str == NULL)
+ return NULL;
+
+ for (elem = filter_dynamic; elem != NULL; elem = elem->next) {
+ smp_param_t *param = elem->param;
+
+ if (param->prot && !strcmp(str, (char*)(param->value))) {
+ return (char*)(param->value);
+ }
+ }
+
+ log_info(LD_GENERAL, "(Sandbox) Parameter %s not found", str);
+ return str;
+}
+
+/**
+ * Protects all the strings in the sandbox's parameter list configuration. It
+ * works by calculating the total amount of memory required by the parameter
+ * list, allocating the memory using mmap, and protecting it from writes with
+ * mprotect().
+ */
+static int
+prot_strings(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
+{
+ int ret = 0;
+ size_t pr_mem_size = 0, pr_mem_left = 0;
+ char *pr_mem_next = NULL, *pr_mem_base;
+ sandbox_cfg_t *el = NULL;
+
+ // get total number of bytes required to mmap
+ for (el = cfg; el != NULL; el = el->next) {
+ pr_mem_size += strlen((char*) ((smp_param_t*)el->param)->value) + 1;
+ }
+
+ // allocate protected memory with MALLOC_MP_LIM canary
+ pr_mem_base = (char*) mmap(NULL, MALLOC_MP_LIM + pr_mem_size,
+ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
+ if (pr_mem_base == MAP_FAILED) {
+ log_err(LD_BUG,"(Sandbox) failed allocate protected memory! mmap: %s",
+ strerror(errno));
+ ret = -1;
+ goto out;
+ }
+
+ pr_mem_next = pr_mem_base + MALLOC_MP_LIM;
+ pr_mem_left = pr_mem_size;
+
+ // change el value pointer to protected
+ for (el = cfg; el != NULL; el = el->next) {
+ char *param_val = (char*)((smp_param_t *)el->param)->value;
+ size_t param_size = strlen(param_val) + 1;
+
+ if (pr_mem_left >= param_size) {
+ // copy to protected
+ memcpy(pr_mem_next, param_val, param_size);
+
+ // re-point el parameter to protected
+ {
+ void *old_val = (void *) ((smp_param_t*)el->param)->value;
+ tor_free(old_val);
+ }
+ ((smp_param_t*)el->param)->value = (intptr_t) pr_mem_next;
+ ((smp_param_t*)el->param)->prot = 1;
+
+ // move next available protected memory
+ pr_mem_next += param_size;
+ pr_mem_left -= param_size;
+ } else {
+ log_err(LD_BUG,"(Sandbox) insufficient protected memory!");
+ ret = -2;
+ goto out;
+ }
+ }
+
+ // protecting from writes
+ if (mprotect(pr_mem_base, MALLOC_MP_LIM + pr_mem_size, PROT_READ)) {
+ log_err(LD_BUG,"(Sandbox) failed to protect memory! mprotect: %s",
+ strerror(errno));
+ ret = -3;
+ goto out;
+ }
+
+ /*
+ * Setting sandbox restrictions so the string memory cannot be tampered with
+ */
+ // no mremap of the protected base address
+ ret = seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(mremap), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, (intptr_t) pr_mem_base));
+ if (ret) {
+ log_err(LD_BUG,"(Sandbox) mremap protected memory filter fail!");
+ return ret;
+ }
+
+ // no munmap of the protected base address
+ ret = seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(munmap), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, (intptr_t) pr_mem_base));
+ if (ret) {
+ log_err(LD_BUG,"(Sandbox) munmap protected memory filter fail!");
+ return ret;
+ }
+
+ /*
+ * Allow mprotect with PROT_READ|PROT_WRITE because openssl uses it, but
+ * never over the memory region used by the protected strings.
+ *
+ * PROT_READ|PROT_WRITE was originally fully allowed in sb_mprotect(), but
+ * had to be removed due to limitation of libseccomp regarding intervals.
+ *
+ * There is a restriction on how much you can mprotect with R|W up to the
+ * size of the canary.
+ */
+ ret = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 2,
+ SCMP_CMP(0, SCMP_CMP_LT, (intptr_t) pr_mem_base),
+ SCMP_CMP(1, SCMP_CMP_LE, MALLOC_MP_LIM),
+ SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ|PROT_WRITE));
+ if (ret) {
+ log_err(LD_BUG,"(Sandbox) mprotect protected memory filter fail (LT)!");
+ return ret;
+ }
+
+ ret = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 2,
+ SCMP_CMP(0, SCMP_CMP_GT, (intptr_t) pr_mem_base + pr_mem_size +
+ MALLOC_MP_LIM),
+ SCMP_CMP(1, SCMP_CMP_LE, MALLOC_MP_LIM),
+ SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ|PROT_WRITE));
+ if (ret) {
+ log_err(LD_BUG,"(Sandbox) mprotect protected memory filter fail (GT)!");
+ return ret;
+ }
+
+ out:
+ return ret;
+}
+
+/**
+ * Auxiliary function used in order to allocate a sandbox_cfg_t element and set
+ * it's values according the the parameter list. All elements are initialised
+ * with the 'prot' field set to false, as the pointer is not protected at this
+ * point.
+ */
+static sandbox_cfg_t*
+new_element(int syscall, int index, intptr_t value)
+{
+ smp_param_t *param = NULL;
+
+ sandbox_cfg_t *elem = tor_malloc(sizeof(sandbox_cfg_t));
+ elem->param = tor_malloc(sizeof(smp_param_t));
+
+ param = elem->param;
+ param->syscall = syscall;
+ param->pindex = index;
+ param->value = value;
+ param->prot = 0;
+
+ return elem;
+}
+
+#ifdef __NR_stat64
+#define SCMP_stat SCMP_SYS(stat64)
+#else
+#define SCMP_stat SCMP_SYS(stat)
+#endif
+
+int
+sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file, int fr)
+{
+ sandbox_cfg_t *elem = NULL;
+
+ elem = new_element(SCMP_stat, 0, (intptr_t)(void*) tor_strdup(file));
+ if (!elem) {
+ log_err(LD_BUG,"(Sandbox) failed to register parameter!");
+ return -1;
+ }
+
+ elem->next = *cfg;
+ *cfg = elem;
+
+ if (fr) tor_free(file);
+ return 0;
+}
+
+int
+sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...)
+{
+ int rc = 0;
+ char *fn = NULL;
+
+ va_list ap;
+ va_start(ap, cfg);
+
+ while ((fn = va_arg(ap, char*)) != NULL) {
+ int fr = va_arg(ap, int);
+
+ rc = sandbox_cfg_allow_stat_filename(cfg, fn, fr);
+ if (rc) {
+ log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_stat_filename_array fail");
+ goto end;
+ }
+ }
+
+ end:
+ va_end(ap);
+ return 0;
+}
+
+int
+sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file, int fr)
+{
+ sandbox_cfg_t *elem = NULL;
+
+ elem = new_element(SCMP_SYS(open), 0, (intptr_t)(void *)tor_strdup(file));
+ if (!elem) {
+ log_err(LD_BUG,"(Sandbox) failed to register parameter!");
+ return -1;
+ }
+
+ elem->next = *cfg;
+ *cfg = elem;
+
+ if (fr) tor_free(file);
+
+ return 0;
+}
+
+int
+sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...)
+{
+ int rc = 0;
+ char *fn = NULL;
+
+ va_list ap;
+ va_start(ap, cfg);
+
+ while ((fn = va_arg(ap, char*)) != NULL) {
+ int fr = va_arg(ap, int);
+
+ rc = sandbox_cfg_allow_open_filename(cfg, fn, fr);
+ if (rc) {
+ log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_open_filename_array fail");
+ goto end;
+ }
+ }
+
+ end:
+ va_end(ap);
+ return 0;
+}
+
+int
+sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file, int fr)
+{
+ sandbox_cfg_t *elem = NULL;
+
+ elem = new_element(SCMP_SYS(openat), 1, (intptr_t)(void *)tor_strdup(file));
+ if (!elem) {
+ log_err(LD_BUG,"(Sandbox) failed to register parameter!");
+ return -1;
+ }
+
+ elem->next = *cfg;
+ *cfg = elem;
+
+ if (fr) tor_free(file);
+
+ return 0;
+}
+
+int
+sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...)
+{
+ int rc = 0;
+ char *fn = NULL;
+
+ va_list ap;
+ va_start(ap, cfg);
+
+ while ((fn = va_arg(ap, char*)) != NULL) {
+ int fr = va_arg(ap, int);
+
+ rc = sandbox_cfg_allow_openat_filename(cfg, fn, fr);
+ if (rc) {
+ log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_openat_filename_array fail");
+ goto end;
+ }
+ }
+
+ end:
+ va_end(ap);
+ return 0;
+}
+
+int
+sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
+{
+ sandbox_cfg_t *elem = NULL;
+
+ elem = new_element(SCMP_SYS(execve), 1, (intptr_t)(void *)tor_strdup(com));
+ if (!elem) {
+ log_err(LD_BUG,"(Sandbox) failed to register parameter!");
+ return -1;
+ }
+
+ elem->next = *cfg;
+ *cfg = elem;
+
+ return 0;
+}
+
+int
+sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
+{
+ int rc = 0;
+ char *fn = NULL;
+
+ va_list ap;
+ va_start(ap, cfg);
+
+ while ((fn = va_arg(ap, char*)) != NULL) {
+
+ rc = sandbox_cfg_allow_execve(cfg, fn);
+ if (rc) {
+ log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_execve_array failed");
+ goto end;
+ }
+ }
+
+ end:
+ va_end(ap);
+ return 0;
+}
+
+int
+sandbox_getaddrinfo(const char *name, const char *servname,
+ const struct addrinfo *hints,
+ struct addrinfo **res)
+{
+ sb_addr_info_t *el;
+
+ if (servname != NULL)
+ return -1;
+
+ *res = NULL;
+
+ for (el = sb_addr_info; el; el = el->next) {
+ if (!strcmp(el->name, name)) {
+ *res = tor_malloc(sizeof(struct addrinfo));
+
+ memcpy(*res, el->info, sizeof(struct addrinfo));
+ /* XXXX What if there are multiple items in the list? */
+ return 0;
+ }
+ }
+
+ if (!sandbox_active) {
+ if (getaddrinfo(name, NULL, hints, res)) {
+ log_err(LD_BUG,"(Sandbox) getaddrinfo failed!");
+ return -1;
+ }
+
+ return 0;
+ }
+
+ // getting here means something went wrong
+ log_err(LD_BUG,"(Sandbox) failed to get address %s!", name);
+ if (*res) {
+ tor_free(*res);
+ res = NULL;
+ }
+ return -1;
+}
+
+int
+sandbox_add_addrinfo(const char* name)
+{
+ int ret;
+ struct addrinfo hints;
+ sb_addr_info_t *el = NULL;
+
+ el = tor_malloc(sizeof(sb_addr_info_t));
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = AF_INET;
+ hints.ai_socktype = SOCK_STREAM;
+
+ ret = getaddrinfo(name, NULL, &hints, &(el->info));
+ if (ret) {
+ log_err(LD_BUG,"(Sandbox) failed to getaddrinfo");
+ ret = -2;
+ tor_free(el);
+ goto out;
+ }
+
+ el->name = tor_strdup(name);
+ el->next = sb_addr_info;
+ sb_addr_info = el;
+
+ out:
+ return ret;
+}
+
+/**
+ * Function responsible for going through the parameter syscall filters and
+ * call each function pointer in the list.
+ */
+static int
+add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
+{
+ unsigned i;
+ int rc = 0;
+
+ // function pointer
+ for (i = 0; i < ARRAY_LENGTH(filter_func); i++) {
+ if ((filter_func[i])(ctx, cfg)) {
+ log_err(LD_BUG,"(Sandbox) failed to add syscall %d, received libseccomp "
+ "error %d", i, rc);
+ return rc;
+ }
+ }
+
+ return 0;
+}
+
+/**
+ * Function responsible of loading the libseccomp syscall filters which do not
+ * have parameter filtering.
+ */
+static int
+add_noparam_filter(scmp_filter_ctx ctx)
+{
+ unsigned i;
+ int rc = 0;
+
+ // add general filters
+ for (i = 0; i < ARRAY_LENGTH(filter_nopar_gen); i++) {
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, filter_nopar_gen[i], 0);
+ if (rc != 0) {
+ log_err(LD_BUG,"(Sandbox) failed to add syscall index %d (NR=%d), "
+ "received libseccomp error %d", i, filter_nopar_gen[i], rc);
+ return rc;
+ }
+ }
+
+ return 0;
+}
+
+/**
+ * Function responsible for setting up and enabling a global syscall filter.
+ * The function is a prototype developed for stage 1 of sandboxing Tor.
+ * Returns 0 on success.
+ */
+static int
+install_syscall_filter(sandbox_cfg_t* cfg)
+{
+ int rc = 0;
+ scmp_filter_ctx ctx;
+
+ ctx = seccomp_init(SCMP_ACT_TRAP);
+ if (ctx == NULL) {
+ log_err(LD_BUG,"(Sandbox) failed to initialise libseccomp context");
+ rc = -1;
+ goto end;
+ }
+
+ // protectign sandbox parameter strings
+ if ((rc = prot_strings(ctx, cfg))) {
+ goto end;
+ }
+
+ // add parameter filters
+ if ((rc = add_param_filter(ctx, cfg))) {
+ log_err(LD_BUG, "(Sandbox) failed to add param filters!");
+ goto end;
+ }
+
+ // adding filters with no parameters
+ if ((rc = add_noparam_filter(ctx))) {
+ log_err(LD_BUG, "(Sandbox) failed to add param filters!");
+ goto end;
+ }
+
+ // loading the seccomp2 filter
+ if ((rc = seccomp_load(ctx))) {
+ log_err(LD_BUG, "(Sandbox) failed to load!");
+ goto end;
+ }
+
+ // marking the sandbox as active
+ sandbox_active = 1;
+
+ end:
+ seccomp_release(ctx);
+ return (rc < 0 ? -rc : rc);
+}
+
- /** Additional file descriptor to use when logging seccomp2 failures */
- static int sigsys_debugging_fd = -1;
-
- /** Use the file descriptor <b>fd</b> to log seccomp2 failures. */
- static void
- sigsys_set_debugging_fd(int fd)
- {
- sigsys_debugging_fd = fd;
- }
-
+/**
+ * Function called when a SIGSYS is caught by the application. It notifies the
+ * user that an error has occurred and either terminates or allows the
+ * application to continue execution, based on the DEBUGGING_CLOSE symbol.
+ */
+static void
+sigsys_debugging(int nr, siginfo_t *info, void *void_context)
+{
+ ucontext_t *ctx = (ucontext_t *) (void_context);
- char message[256];
- int rv = 0, syscall, length, err;
++ char number[32];
++ int syscall;
+ (void) nr;
+
+ if (info->si_code != SYS_SECCOMP)
+ return;
+
+ if (!ctx)
+ return;
+
+ syscall = ctx->uc_mcontext.gregs[REG_SYSCALL];
+
- strlcpy(message, "\n\n(Sandbox) Caught a bad syscall attempt (syscall 0x",
- sizeof(message));
- (void) format_hex_number_sigsafe(syscall, message+strlen(message),
- sizeof(message)-strlen(message));
- strlcat(message, ")\n", sizeof(message));
- length = strlen(message);
-
- err = 0;
- if (sigsys_debugging_fd >= 0) {
- rv = write(sigsys_debugging_fd, message, length);
- err += rv != length;
- }
-
- rv = write(STDOUT_FILENO, message, length);
- err += rv != length;
-
- if (err)
- _exit(2);
++ format_dec_number_sigsafe(syscall, number, sizeof(number));
++ tor_log_err_sigsafe("(Sandbox) Caught a bad syscall attempt (syscall ",
++ number,
++ ")\n",
++ NULL);
+
+#if defined(DEBUGGING_CLOSE)
+ _exit(1);
+#endif // DEBUGGING_CLOSE
+}
+
+/**
+ * Function that adds a handler for SIGSYS, which is the signal thrown
+ * when the application is issuing a syscall which is not allowed. The
+ * main purpose of this function is to help with debugging by identifying
+ * filtered syscalls.
+ */
+static int
+install_sigsys_debugging(void)
+{
+ struct sigaction act;
+ sigset_t mask;
+
+ memset(&act, 0, sizeof(act));
+ sigemptyset(&mask);
+ sigaddset(&mask, SIGSYS);
+
+ act.sa_sigaction = &sigsys_debugging;
+ act.sa_flags = SA_SIGINFO;
+ if (sigaction(SIGSYS, &act, NULL) < 0) {
+ log_err(LD_BUG,"(Sandbox) Failed to register SIGSYS signal handler");
+ return -1;
+ }
+
+ if (sigprocmask(SIG_UNBLOCK, &mask, NULL)) {
+ log_err(LD_BUG,"(Sandbox) Failed call to sigprocmask()");
+ return -2;
+ }
+
+ return 0;
+}
+
+/**
+ * Function responsible of registering the sandbox_cfg_t list of parameter
+ * syscall filters to the existing parameter list. This is used for incipient
+ * multiple-sandbox support.
+ */
+static int
+register_cfg(sandbox_cfg_t* cfg)
+{
+ sandbox_cfg_t *elem = NULL;
+
+ if (filter_dynamic == NULL) {
+ filter_dynamic = cfg;
+ return 0;
+ }
+
+ for (elem = filter_dynamic; elem->next != NULL; elem = elem->next);
+
+ elem->next = cfg;
+
+ return 0;
+}
+
+#endif // USE_LIBSECCOMP
+
+#ifdef USE_LIBSECCOMP
+/**
+ * Initialises the syscall sandbox filter for any linux architecture, taking
+ * into account various available features for different linux flavours.
+ */
+static int
+initialise_libseccomp_sandbox(sandbox_cfg_t* cfg)
+{
+ if (install_sigsys_debugging())
+ return -1;
+
+ if (install_syscall_filter(cfg))
+ return -2;
+
+ if (register_cfg(cfg))
+ return -3;
+
+ return 0;
+}
+
+#endif // USE_LIBSECCOMP
+
+sandbox_cfg_t*
+sandbox_cfg_new(void)
+{
+ return NULL;
+}
+
+int
+sandbox_init(sandbox_cfg_t *cfg)
+{
+#if defined(USE_LIBSECCOMP)
+ return initialise_libseccomp_sandbox(cfg);
+
+#elif defined(_WIN32)
+ (void)cfg;
+ log_warn(LD_BUG,"Windows sandboxing is not implemented. The feature is "
+ "currently disabled.");
+ return 0;
+
+#elif defined(TARGET_OS_MAC)
+ (void)cfg;
+ log_warn(LD_BUG,"Mac OSX sandboxing is not implemented. The feature is "
+ "currently disabled");
+ return 0;
+#else
+ (void)cfg;
+ log_warn(LD_BUG,"Sandboxing is not implemented for your platform. The "
+ "feature is currently disabled");
+ return 0;
- #endif
- }
-
- void
- sandbox_set_debugging_fd(int fd)
- {
- #ifdef USE_LIBSECCOMP
- sigsys_set_debugging_fd(fd);
- #else
- (void)fd;
+#endif
+}
+
+#ifndef USE_LIBSECCOMP
+int
+sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file,
+ int fr)
+{
+ (void)cfg; (void)file; (void)fr;
+ return 0;
+}
+
+int
+sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...)
+{
+ (void)cfg;
+ return 0;
+}
+
+int
+sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file,
+ int fr)
+{
+ (void)cfg; (void)file; (void)fr;
+ return 0;
+}
+
+int
+sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...)
+{
+ (void)cfg;
+ return 0;
+}
+
+int
+sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
+{
+ (void)cfg; (void)com;
+ return 0;
+}
+
+int
+sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
+{
+ (void)cfg;
+ return 0;
+}
+
+int
+sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file,
+ int fr)
+{
+ (void)cfg; (void)file; (void)fr;
+ return 0;
+}
+
+int
+sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...)
+{
+ (void)cfg;
+ return 0;
+}
+#endif
diff --cc src/common/sandbox.h
index 1d39be4,54f16ec..d64d427
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@@ -135,116 -46,9 +135,113 @@@ typedef struct
#endif
-#endif // __linux__
+#endif // USE_LIBSECCOMP
+
+#ifdef USE_LIBSECCOMP
+/** Pre-calls getaddrinfo in order to pre-record result. */
+int sandbox_add_addrinfo(const char *addr);
+
+struct addrinfo;
+/** Replacement for getaddrinfo(), using pre-recorded results. */
+int sandbox_getaddrinfo(const char *name, const char *servname,
+ const struct addrinfo *hints,
+ struct addrinfo **res);
+#else
+#define sandbox_getaddrinfo(name, servname, hints, res) \
+ getaddrinfo((name),(servname), (hints),(res))
+#define sandbox_add_addrinfo(name) \
+ ((void)(name))
+#endif
+
- /** Use <b>fd</b> to log non-survivable sandbox violations. */
- void sandbox_set_debugging_fd(int fd);
-
+#ifdef USE_LIBSECCOMP
+/** Returns a registered protected string used with the sandbox, given that
+ * it matches the parameter.
+ */
+const char* sandbox_intern_string(const char *param);
+#else
+#define sandbox_intern_string(s) (s)
+#endif
+
+/** Creates an empty sandbox configuration file.*/
+sandbox_cfg_t * sandbox_cfg_new(void);
+
+/**
+ * Function used to add a open allowed filename to a supplied configuration.
+ * The (char*) specifies the path to the allowed file, fr = 1 tells the
+ * function that the char* needs to be free-ed, 0 means the pointer does not
+ * need to be free-ed.
+ */
+int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file,
+ int fr);
+
+/** Function used to add a series of open allowed filenames to a supplied
+ * configuration.
+ * @param cfg sandbox configuration.
+ * @param ... all future parameters are specified as pairs of <(char*), 1 / 0>
+ * the char* specifies the path to the allowed file, 1 tells the function
+ * that the char* needs to be free-ed, 0 means the pointer does not need to
+ * be free-ed; the final parameter needs to be <NULL, 0>.
+ */
+int sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...);
+
+/**
+ * Function used to add a openat allowed filename to a supplied configuration.
+ * The (char*) specifies the path to the allowed file, fr = 1 tells the
+ * function that the char* needs to be free-ed, 0 means the pointer does not
+ * need to be free-ed.
+ */
+int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file,
+ int fr);
+
+/** Function used to add a series of openat allowed filenames to a supplied
+ * configuration.
+ * @param cfg sandbox configuration.
+ * @param ... all future parameters are specified as pairs of <(char*), 1 / 0>
+ * the char* specifies the path to the allowed file, 1 tells the function
+ * that the char* needs to be free-ed, 0 means the pointer does not need to
+ * be free-ed; the final parameter needs to be <NULL, 0>.
+ */
+int sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...);
+
+/**
+ * Function used to add a execve allowed filename to a supplied configuration.
+ * The (char*) specifies the path to the allowed file, fr = 1 tells the
+ * function that the char* needs to be free-ed, 0 means the pointer does not
+ * need to be free-ed.
+ */
+int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com);
+
+/** Function used to add a series of execve allowed filenames to a supplied
+ * configuration.
+ * @param cfg sandbox configuration.
+ * @param ... all future parameters are specified as pairs of <(char*), 1 / 0>
+ * the char* specifies the path to the allowed file, 1 tells the function
+ * that the char* needs to be free-ed, 0 means the pointer does not need to
+ * be free-ed; the final parameter needs to be <NULL, 0>.
+ */
+int sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...);
+
+/**
+ * Function used to add a stat/stat64 allowed filename to a configuration.
+ * The (char*) specifies the path to the allowed file, fr = 1 tells the
+ * function that the char* needs to be free-ed, 0 means the pointer does not
+ * need to be free-ed.
+ */
+int sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file,
+ int fr);
+
+/** Function used to add a series of stat64 allowed filenames to a supplied
+ * configuration.
+ * @param cfg sandbox configuration.
+ * @param ... all future parameters are specified as pairs of <(char*), 1 / 0>
+ * the char* specifies the path to the allowed file, 1 tells the function
+ * that the char* needs to be free-ed, 0 means the pointer does not need to
+ * be free-ed; the final parameter needs to be <NULL, 0>.
+ */
+int sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...);
-int tor_global_sandbox(void);
+/** Function used to initialise a sandbox configuration.*/
+int sandbox_init(sandbox_cfg_t* cfg);
#endif /* SANDBOX_H_ */
diff --cc src/common/util.c
index 0771c94,cb23e7e..17d6c22
--- a/src/common/util.c
+++ b/src/common/util.c
@@@ -24,7 -24,7 +24,8 @@@
#include "torint.h"
#include "container.h"
#include "address.h"
- #include "../common/sandbox.h"
++#include "sandbox.h"
+ #include "backtrace.h"
#ifdef _WIN32
#include <io.h>
diff --cc src/or/main.c
index aa56425,a8f1c23..e14001f
--- a/src/or/main.c
+++ b/src/or/main.c
@@@ -10,9 -10,9 +10,10 @@@
* connections, implements main loop, and drives scheduled events.
**/
+#define MAIN_PRIVATE
#include "or.h"
#include "addressmap.h"
+ #include "backtrace.h"
#include "buffers.h"
#include "channel.h"
#include "channeltls.h"
@@@ -2330,13 -2305,18 +2331,14 @@@ handle_signals(int is_parent
int
tor_init(int argc, char *argv[])
{
- char buf[256];
+ char progname[256];
- int i, quiet = 0;
+ int quiet = 0;
++
time_of_process_start = time(NULL);
- if (!connection_array)
- connection_array = smartlist_new();
- if (!closeable_connection_lst)
- closeable_connection_lst = smartlist_new();
- if (!active_linked_connection_lst)
- active_linked_connection_lst = smartlist_new();
+ init_connection_lists();
/* Have the log set up with our application name. */
- tor_snprintf(buf, sizeof(buf), "Tor %s", get_version());
- log_set_application_name(buf);
+ tor_snprintf(progname, sizeof(progname), "Tor %s", get_version());
+ log_set_application_name(progname);
/* Initialize the history structures. */
rep_hist_init();
/* Initialize the service cache. */
diff --cc src/test/include.am
index 5510293,e879c20..c16dd14
--- a/src/test/include.am
+++ b/src/test/include.am
@@@ -28,8 -26,8 +28,9 @@@ src_test_test_SOURCES =
src/test/test_cell_queue.c \
src/test/test_data.c \
src/test/test_dir.c \
+ src/test/test_extorport.c \
src/test/test_introduce.c \
+ src/test/test_logging.c \
src/test/test_microdesc.c \
src/test/test_options.c \
src/test/test_pt.c \
@@@ -75,22 -74,14 +76,33 @@@ src_test_test_ntor_cl_LDADD = src/or/li
@TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
src_test_test_ntor_cl_AM_CPPFLAGS = \
-I"$(top_srcdir)/src/or"
+NTOR_TEST_DEPS=src/test/test-ntor-cl
+else
+NTOR_TEST_DEPS=
+endif
+if COVERAGE_ENABLED
+CMDLINE_TEST_TOR = ./src/or/tor-cov
+else
+CMDLINE_TEST_TOR = ./src/or/tor
endif
+ noinst_PROGRAMS += src/test/test-bt-cl
+ src_test_test_bt_cl_SOURCES = src/test/test_bt_cl.c
+ src_test_test_bt_cl_LDADD = src/common/libor-testing.a \
+ @TOR_LIB_MATH@ \
+ @TOR_LIB_WS32@ @TOR_LIB_GDI@
+ src_test_test_bt_cl_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+ src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS)
+
++
+check-local: $(NTOR_TEST_DEPS) $(CMDLINE_TEST_TOR)
+if USEPYTHON
+ $(PYTHON) $(top_srcdir)/src/test/test_cmdline_args.py $(CMDLINE_TEST_TOR) "${top_srcdir}"
+if CURVE25519_ENABLED
+ $(PYTHON) $(top_srcdir)/src/test/ntor_ref.py test-tor
+ $(PYTHON) $(top_srcdir)/src/test/ntor_ref.py self-test
+endif
++ ./src/test/test-bt-cl assert | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
++ ./src/test/test-bt-cl crash | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
+endif
diff --cc src/test/test.c
index 562de48,ae4ab44..752f8d7
--- a/src/test/test.c
+++ b/src/test/test.c
@@@ -1618,9 -2136,8 +1618,11 @@@ extern struct testcase_t circuitlist_te
extern struct testcase_t circuitmux_tests[];
extern struct testcase_t cell_queue_tests[];
extern struct testcase_t options_tests[];
+extern struct testcase_t socks_tests[];
+extern struct testcase_t extorport_tests[];
+extern struct testcase_t controller_event_tests[];
+ extern struct testcase_t logging_tests[];
+ extern struct testcase_t backtrace_tests[];
static struct testgroup_t testgroups[] = {
{ "", test_array },
More information about the tor-commits
mailing list