summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/HACKING45
-rw-r--r--doc/WritingTests.txt167
-rw-r--r--doc/include.am4
-rw-r--r--doc/tor.1.txt106
4 files changed, 291 insertions, 31 deletions
diff --git a/doc/HACKING b/doc/HACKING
index 5c71b74bd1..d94e0a90d7 100644
--- a/doc/HACKING
+++ b/doc/HACKING
@@ -61,9 +61,10 @@ it's a bugfix, mention what bug it fixes and when the bug was
introduced. To find out which Git tag the change was introduced in,
you can use "git describe --contains <sha1 of commit>".
-If at all possible, try to create this file in the same commit where
-you are making the change. Please give it a distinctive name that no
-other branch will use for the lifetime of your change.
+If at all possible, try to create this file in the same commit where you are
+making the change. Please give it a distinctive name that no other branch will
+use for the lifetime of your change. To verify the format of the changes file,
+you can use "make check-changes".
When we go to make a release, we will concatenate all the entries
in changes to make a draft changelog, and clear the directory. We'll
@@ -114,6 +115,32 @@ valgrind --leak-check=yes --error-limit=no --show-reachable=yes src/or/tor
pass --undef-value-errors=no to valgrind, or rebuild your openssl
with -DPURIFY.)
+Coverity
+~~~~~~~~
+
+Nick regularly runs the coverity static analyzer on the Tor codebase.
+
+The preprocessor define __COVERITY__ is used to work around instances
+where coverity picks up behavior that we wish to permit.
+
+clang Static Analyzer
+~~~~~~~~~~~~~~~~~~~~~
+
+The clang static analyzer can be run on the Tor codebase using Xcode (WIP)
+or a command-line build.
+
+The preprocessor define __clang_analyzer__ is used to work around instances
+where clang picks up behavior that we wish to permit.
+
+clang Runtime Sanitizers
+~~~~~~~~~~~~~~~~
+
+To build the Tor codebase with the clang Address and Undefined Behavior
+sanitizers, see the file contrib/clang/sanitize_blacklist.txt.
+
+Preprocessor workarounds for instances where clang picks up behavior that
+we wish to permit are also documented in the blacklist file.
+
Running lcov for unit test coverage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -373,7 +400,7 @@ do your own profiling to determine otherwise.
Log conventions
~~~~~~~~~~~~~~~
-https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#loglevel
+https://www.torproject.org/docs/faq#LogLevel
No error or warning messages should be expected during normal OR or OP
operation.
@@ -541,7 +568,9 @@ a stable release, add it to the ReleaseNotes file too. If we're adding
to a release-0.2.x branch, manually commit the changelogs to the later
git branches too.
-4) Bump the version number in configure.ac and rebuild.
+4) In maint-0.2.x, bump the version number in configure.ac and run
+ scripts/maint/updateVersions.pl to update version numbers in other
+ places, and commit. Then merge maint-0.2.x into release-0.2.x.
5) Make dist, put the tarball up somewhere, and tell #tor about it. Wait
a while to see if anybody has problems building it. Try to get Sebastian
@@ -563,6 +592,12 @@ on dist-master.
8b) Edit "include/versions.wmi" and "Makefile" to note the new version.
9) Email the packagers (cc'ing tor-assistants) that a new tarball is up.
+ The current list of packagers is:
+ {weasel,gk,mikeperry} at torproject dot org
+ {blueness} at gentoo dot org
+ {paul} at invizbox dot io
+ {ondrej.mikle} at gmail dot com
+ {lfleischer} at archlinux dot org
10) Add the version number to Trac. To do this, go to Trac, log in,
select "Admin" near the top of the screen, then select "Versions" from
diff --git a/doc/WritingTests.txt b/doc/WritingTests.txt
new file mode 100644
index 0000000000..b0f8722163
--- /dev/null
+++ b/doc/WritingTests.txt
@@ -0,0 +1,167 @@
+
+Writing tests for Tor: an incomplete guide
+==========================================
+
+Tor uses a variety of testing frameworks and methodologies to try to
+keep from introducing bugs. The major ones are:
+
+ 1. Unit tests written in C and shipped with the Tor distribution.
+
+ 2. Integration tests written in Python and shipped with the Tor
+ distribution.
+
+ 3. Integration tests written in Python and shipped with the Stem
+ library. Some of these use the Tor controller protocol.
+
+ 4. System tests written in Python and SH, and shipped with the
+ Chutney package. These work by running many instances of Tor
+ locally, and sending traffic through them.
+
+ 5. The Shadow network simulator.
+
+How to run these tests
+----------------------
+
+=== The easy version
+
+To run all the tests that come bundled with Tor, run "make check"
+
+To run the Stem tests as well, fetch stem from the git repository,
+set STEM_SOURCE_DIR to the checkout, and run "make test-stem".
+
+To run the Chutney tests as well, fetch chutney from the git repository,
+set CHUTNEY_PATH to the checkout, and run "make test-network".
+
+=== Running particular subtests
+
+XXXX WRITEME
+
+=== Finding test coverage
+
+When you configure Tor with the --enable-coverage option, it should
+build with support for coverage in the unit tests, and in a special
+"tor-cov" binary. If you launch
+
+XXXX "make test-network" doesn't know about "tor-cov"; you don't get
+XXXX coverage from that yet, unless you do "cp src/or/tor-cov
+XXXX src/or/tor" before you run it.
+
+What kinds of test should I write?
+----------------------------------
+
+XXXX writeme.
+
+
+Unit and regression tests: Does this function do what it's supposed to?
+-----------------------------------------------------------------------
+
+Most of Tor's unit tests are made using the "tinytest" testing framework.
+You can see a guide to using it in the tinytest manual at
+
+ https://github.com/nmathewson/tinytest/blob/master/tinytest-manual.md
+
+To add a new test of this kind, either edit an existing C file in src/test/,
+or create a new C file there. Each test is a single function that must
+be indexed in the table at the end of the file. We use the label "done:" as
+a cleanup point for all test functions.
+
+(Make sure you read tinytest-manual.md before proceeding.)
+
+I use the term "unit test" and "regression tests" very sloppily here.
+
+=== A simple example
+
+Here's an example of a test function for a simple function in util.c:
+
+ static void
+ test_util_writepid(void *arg)
+ {
+ (void) arg;
+
+ char *contents = NULL;
+ const char *fname = get_fname("tmp_pid");
+ unsigned long pid;
+ char c;
+
+ write_pidfile(fname);
+
+ contents = read_file_to_str(fname, 0, NULL);
+ tt_assert(contents);
+
+ int n = sscanf(contents, "%lu\n%c", &pid, &c);
+ tt_int_op(n, OP_EQ, 1);
+ tt_int_op(pid, OP_EQ, getpid());
+
+ done:
+ tor_free(contents);
+ }
+
+This should look pretty familiar to you if you've read the tinytest
+manual. One thing to note here is that we use the testing-specific
+function "get_fname" to generate a file with respect to a temporary
+directory that the tests use. You don't need to delete the file;
+it will get removed when the tests are done.
+
+Also note our use of OP_EQ instead of == in the tt_int_op() calls.
+We define OP_* macros to use instead of the binary comparison
+operators so that analysis tools can more easily parse our code.
+(Coccinelle really hates to see == used as a macro argument.)
+
+Finally, remember that by convention, all *_free() functions that
+Tor defines are defined to accept NULL harmlessly. Thus, you don't
+need to say "if (contents)" in the cleanup block.
+
+=== Exposing static functions for testing
+
+Sometimes you need to test a function, but you don't want to expose
+it outside its usual module.
+
+To support this, Tor's build system compiles a testing version of
+teach module, with extra identifiers exposed. If you want to
+declare a function as static but available for testing, use the
+macro "STATIC" instead of "static". Then, make sure there's a
+macro-protected declaration of the function in the module's header.
+
+For example, crypto_curve25519.h contains:
+
+#ifdef CRYPTO_CURVE25519_PRIVATE
+STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret,
+ const uint8_t *basepoint);
+#endif
+
+The crypto_curve25519.c file and the test_crypto.c file both define
+CRYPTO_CURVE25519_PRIVATE, so they can see this declaration.
+
+=== Mock functions for testing in isolation
+
+Often we want to test that a function works right, but the function depends
+on other functions whose behavior is hard to observe, or whose
+
+XXXX WRITEME
+
+=== Advanced techniques: Namespaces
+
+
+XXXX write this. danah boyd made us some really awesome stuff here.
+
+
+Integration tests: Calling Tor from the outside
+-----------------------------------------------
+
+XXXX WRITEME
+
+Writing integration tests with Stem
+-----------------------------------
+
+XXXX WRITEME
+
+System testing with Chutney
+---------------------------
+
+XXXX WRITEME
+
+Who knows what evil lurks in the timings of networks? The Shadow knows!
+-----------------------------------------------------------------------
+
+XXXX WRITEME
+
diff --git a/doc/include.am b/doc/include.am
index 30d3e20d83..783aa95c4e 100644
--- a/doc/include.am
+++ b/doc/include.am
@@ -64,14 +64,14 @@ doc/tor-gencert.html.in: doc/tor-gencert.1.txt
doc/tor-resolve.html.in: doc/tor-resolve.1.txt
doc/tor-fw-helper.html.in: doc/tor-fw-helper.1.txt
-# use ../config.status to swap all machine-specific magic strings
+# use config.status to swap all machine-specific magic strings
# in the asciidoc with their replacements.
$(asciidoc_product) :
$(AM_V_GEN)$(MKDIR_P) $(@D)
$(AM_V_at)if test -e $(top_srcdir)/$@.in && ! test -e $@.in ; then \
cp $(top_srcdir)/$@.in $@; \
fi
- $(AM_V_at)./config.status -q --file=$@;
+ $(AM_V_at)$(top_builddir)/config.status -q --file=$@;
doc/tor.html: doc/tor.html.in
doc/tor-gencert.html: doc/tor-gencert.html.in
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index b2ee84837a..ca686281b8 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -379,12 +379,6 @@ GENERAL OPTIONS
chosen with their regular weights, multiplied by this number, which
should be 1.0 or less. (Default: 1.0)
-[[DynamicDHGroups]] **DynamicDHGroups** **0**|**1**::
- If this option is set to 1, when running as a server, generate our
- own Diffie-Hellman group instead of using the one from Apache's mod_ssl.
- This option may help circumvent censorship based on static
- Diffie-Hellman parameters. (Default: 0)
-
[[AlternateDirAuthority]] **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
[[AlternateBridgeAuthority]] **AlternateBridgeAuthority** [__nickname__] [**flags**] __address__:__port__ __ fingerprint__::
@@ -1325,7 +1319,7 @@ The following options are useful only for clients (that is, if
[[DownloadExtraInfo]] **DownloadExtraInfo** **0**|**1**::
If true, Tor downloads and caches "extra-info" documents. These documents
contain information about servers other than the information in their
- regular router descriptors. Tor does not use this information for anything
+ regular server descriptors. Tor does not use this information for anything
itself; to save bandwidth, leave this option turned off. (Default: 0)
[[WarnPlaintextPorts]] **WarnPlaintextPorts** __port__,__port__,__...__::
@@ -1504,8 +1498,8 @@ is non-zero):
[[BridgeRelay]] **BridgeRelay** **0**|**1**::
Sets the relay to act as a "bridge" with respect to relaying connections
from bridge users to the Tor network. It mainly causes Tor to publish a
- server descriptor to the bridge database, rather than publishing a relay
- descriptor to the public directory authorities.
+ server descriptor to the bridge database, rather than
+ to the public directory authorities.
[[ContactInfo]] **ContactInfo** __email_address__::
Administrative contact information for this relay or bridge. This line
@@ -1804,27 +1798,53 @@ is non-zero):
(Default: P256)
[[CellStatistics]] **CellStatistics** **0**|**1**::
- When this option is enabled, Tor writes statistics on the mean time that
- cells spend in circuit queues to disk every 24 hours. (Default: 0)
+ Relays only.
+ When this option is enabled, Tor collects statistics about cell
+ processing (i.e. mean time a cell is spending in a queue, mean
+ number of cells in a queue and mean number of processed cells per
+ circuit) and writes them into disk every 24 hours. Onion router
+ operators may use the statistics for performance monitoring.
+ If ExtraInfoStatistics is enabled, it will published as part of
+ extra-info document. (Default: 0)
[[DirReqStatistics]] **DirReqStatistics** **0**|**1**::
+ Relays and bridges only.
When this option is enabled, a Tor directory writes statistics on the
number and response time of network status requests to disk every 24
- hours. (Default: 1)
+ hours. Enables relay and bridge operators to monitor how much their
+ server is being used by clients to learn about Tor network.
+ If ExtraInfoStatistics is enabled, it will published as part of
+ extra-info document. (Default: 1)
[[EntryStatistics]] **EntryStatistics** **0**|**1**::
+ Relays only.
When this option is enabled, Tor writes statistics on the number of
- directly connecting clients to disk every 24 hours. (Default: 0)
+ directly connecting clients to disk every 24 hours. Enables relay
+ operators to monitor how much inbound traffic that originates from
+ Tor clients passes through their server to go further down the
+ Tor network. If ExtraInfoStatistics is enabled, it will be published
+ as part of extra-info document. (Default: 0)
[[ExitPortStatistics]] **ExitPortStatistics** **0**|**1**::
- When this option is enabled, Tor writes statistics on the number of relayed
- bytes and opened stream per exit port to disk every 24 hours. (Default: 0)
+ Exit relays only.
+ When this option is enabled, Tor writes statistics on the number of
+ relayed bytes and opened stream per exit port to disk every 24 hours.
+ Enables exit relay operators to measure and monitor amounts of traffic
+ that leaves Tor network through their exit node. If ExtraInfoStatistics
+ is enabled, it will be published as part of extra-info document.
+ (Default: 0)
[[ConnDirectionStatistics]] **ConnDirectionStatistics** **0**|**1**::
- When this option is enabled, Tor writes statistics on the bidirectional use
- of connections to disk every 24 hours. (Default: 0)
+ Relays only.
+ When this option is enabled, Tor writes statistics on the amounts of
+ traffic it passes between itself and other relays to disk every 24
+ hours. Enables relay operators to monitor how much their relay is
+ being used as middle node in the circuit. If ExtraInfoStatistics is
+ enabled, it will be published as part of extra-info document.
+ (Default: 0)
[[HiddenServiceStatistics]] **HiddenServiceStatistics** **0**|**1**::
+ Relays only.
When this option is enabled, a Tor relay writes obfuscated
statistics on its role as hidden-service directory, introduction
point, or rendezvous point to disk every 24 hours. If
@@ -1851,6 +1871,13 @@ is non-zero):
this. If this option is set to 0, Tor will try to pick a reasonable
default based on your system's physical memory. (Default: 0)
+[[SigningKeyLifetime]] **SigningKeyLifetime** __N__ **days**|**weeks**|**months**::
+ For how long should each Ed25519 signing key be valid? Tor uses a
+ permanent master identity key that can be kept offline, and periodically
+ generates new "signing" keys that it uses online. This option
+ configures their lifetime.
+ (Default: 30 days)
+
DIRECTORY SERVER OPTIONS
------------------------
@@ -1943,7 +1970,7 @@ on the public Tor network.
[[BridgeAuthoritativeDir]] **BridgeAuthoritativeDir** **0**|**1**::
When this option is set in addition to **AuthoritativeDirectory**, Tor
- accepts and serves router descriptors, but it caches and serves the main
+ accepts and serves server descriptors, but it caches and serves the main
networkstatus documents rather than generating its own. (Default: 0)
[[MinUptimeHidServDirectoryV2]] **MinUptimeHidServDirectoryV2** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
@@ -1962,9 +1989,9 @@ on the public Tor network.
in the "params" line of its networkstatus vote.
[[DirAllowPrivateAddresses]] **DirAllowPrivateAddresses** **0**|**1**::
- If set to 1, Tor will accept router descriptors with arbitrary "Address"
+ If set to 1, Tor will accept server descriptors with arbitrary "Address"
elements. Otherwise, if the address is not an IP address or is a private IP
- address, it will reject the router descriptor. (Default: 0)
+ address, it will reject the server descriptor. (Default: 0)
[[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__::
Authoritative directories only. A set of address patterns for servers that
@@ -2143,6 +2170,16 @@ The following options are used to configure a hidden service.
not an authorization mechanism; it is instead meant to be a mild
inconvenience to port-scanners.) (Default: 0)
+[[HiddenServiceMaxStreams]] **HiddenServiceMaxStreams** __N__::
+ The maximum number of simultaneous streams (connections) per rendezvous
+ circuit. (Setting this to 0 will allow an unlimited number of simultanous
+ streams.) (Default: 0)
+
+[[HiddenServiceMaxStreamsCloseCircuit]] **HiddenServiceMaxStreamsCloseCircuit** **0**|**1**::
+ If set to 1, then exceeding **HiddenServiceMaxStreams** will cause the
+ offending rendezvous circuit to be torn down, as opposed to stream creation
+ requests that exceed the limit being silently ignored. (Default: 0)
+
[[RendPostPeriod]] **RendPostPeriod** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
Every time the specified period elapses, Tor uploads any rendezvous
service descriptors to the directory servers. This information is also
@@ -2154,6 +2191,10 @@ The following options are used to configure a hidden service.
only owner is able to read the hidden service directory. (Default: 0)
Has no effect on Windows.
+[[HiddenServiceNumIntroductionPoints]] **HiddenServiceNumIntroductionPoints** __NUM__::
+ Number of introduction points the hidden service will have. You can't
+ have more than 10. (Default: 3)
+
TESTING NETWORK OPTIONS
-----------------------
@@ -2226,7 +2267,7 @@ The following options are used for running a testing Tor network.
that **TestingTorNetwork** is set. (Default: 30 minutes)
[[TestingEstimatedDescriptorPropagationTime]] **TestingEstimatedDescriptorPropagationTime** __N__ **minutes**|**hours**::
- Clients try downloading router descriptors from directory caches after this
+ Clients try downloading server descriptors from directory caches after this
time. Changing this requires that **TestingTorNetwork** is set. (Default:
10 minutes)
@@ -2274,7 +2315,7 @@ The following options are used for running a testing Tor network.
this requires that **TestingTorNetwork** is set. (Default: 8)
[[TestingDescriptorMaxDownloadTries]] **TestingDescriptorMaxDownloadTries** __NUM__::
- Try this often to download a router descriptor before giving up.
+ Try this often to download a server descriptor before giving up.
Changing this requires that **TestingTorNetwork** is set. (Default: 8)
[[TestingMicrodescMaxDownloadTries]] **TestingMicrodescMaxDownloadTries** __NUM__::
@@ -2333,6 +2374,23 @@ The following options are used for running a testing Tor network.
authority on a testing network. Overrides the usual default lower bound
of 4 KB. (Default: 0)
+[[TestingLinkCertLifetime]] **TestingLinkCertifetime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**|**months**::
+ Overrides the default lifetime for the certificates used to authenticate
+ our X509 link cert with our ed25519 signing key.
+ (Default: 2 days)
+
+[[TestingAuthKeyLifetime]] **TestingAuthKeyLifetime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**|**months**::
+ Overrides the default lifetime for a signing Ed25519 TLS Link authentication
+ key.
+ (Default: 2 days)
+
+[[TestingLinkKeySlop]] **TestingLinkKeySlop** __N__ **seconds**|**minutes**|**hours**::
+[[TestingAuthKeySlop]] **TestingAuthKeySlop** __N__ **seconds**|**minutes**|**hours**::
+[[TestingSigningKeySlop]] **TestingSigningKeySlop** __N__ **seconds**|**minutes**|**hours**::
+ How early before the official expiration of a an Ed25519 signing key do
+ we replace it and issue a new key?
+ (Default: 3 hours for link and auth; 1 day for signing.)
+
SIGNALS
-------
@@ -2416,7 +2474,7 @@ __DataDirectory__**/state**::
below).
- When the file was last written
- What version of Tor generated the state file
- - A short history of bandwidth usage, as produced in the router
+ - A short history of bandwidth usage, as produced in the server
descriptors.
__DataDirectory__**/bw_accounting**::
@@ -2461,7 +2519,7 @@ __DataDirectory__**/unverified-microdesc-consensus**::
to check yet.
__DataDirectory__**/unparseable-desc**::
- Onion router descriptors that Tor was unable to parse are dumped to this
+ Onion server descriptors that Tor was unable to parse are dumped to this
file. Only used for debugging.
__DataDirectory__**/router-stability**::
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion