config.c 299 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
Nick Mathewson's avatar
Nick Mathewson committed
63
64
65
66
67
68
69
70
71
72
#include "or/or.h"
#include "or/bridges.h"
#include "common/compat.h"
#include "or/addressmap.h"
#include "or/channel.h"
#include "or/circuitbuild.h"
#include "or/circuitlist.h"
#include "or/circuitmux.h"
#include "or/circuitmux_ewma.h"
#include "or/circuitstats.h"
73
#include "lib/compress/compress.h"
Nick Mathewson's avatar
Nick Mathewson committed
74
75
76
77
78
79
80
81
#include "or/config.h"
#include "or/connection.h"
#include "or/connection_edge.h"
#include "or/connection_or.h"
#include "or/consdiffmgr.h"
#include "or/control.h"
#include "or/confparse.h"
#include "or/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
Nick Mathewson's avatar
Nick Mathewson committed
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#include "or/dirserv.h"
#include "or/dns.h"
#include "or/dos.h"
#include "or/entrynodes.h"
#include "or/git_revision.h"
#include "or/geoip.h"
#include "or/hibernate.h"
#include "or/main.h"
#include "or/networkstatus.h"
#include "or/nodelist.h"
#include "or/policies.h"
#include "or/relay.h"
#include "or/rendclient.h"
#include "or/rendservice.h"
#include "or/hs_config.h"
#include "or/rephist.h"
#include "or/router.h"
101
#include "lib/sandbox/sandbox.h"
Nick Mathewson's avatar
Nick Mathewson committed
102
103
104
105
106
107
108
109
#include "common/util.h"
#include "or/routerlist.h"
#include "or/routerset.h"
#include "or/scheduler.h"
#include "or/statefile.h"
#include "or/transports.h"
#include "or/ext_orport.h"
#include "or/voting_schedule.h"
110
#ifdef _WIN32
111
112
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
113

114
115
116
117
118
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
119
#include "lib/net/gethostname.h"
120

121
#include "lib/encoding/keyval.h"
122
#include "lib/fs/conffile.h"
Nick Mathewson's avatar
Nick Mathewson committed
123
#include "common/procmon.h"
124

Nick Mathewson's avatar
Nick Mathewson committed
125
126
#include "or/dirauth/dirvote.h"
#include "or/dirauth/mode.h"
127

Nick Mathewson's avatar
Nick Mathewson committed
128
129
#include "or/connection_st.h"
#include "or/port_cfg_st.h"
130

131
132
133
134
135
136
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
137
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
138
#include <systemd/sd-daemon.h>
139
#endif /* defined(HAVE_SYSTEMD) */
140

141
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
142
static const char unix_socket_prefix[] = "unix:";
143
144
145
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
146

147
148
149
150
151
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

152
153
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
154
static config_abbrev_t option_abbrevs_[] = {
155
156
157
158
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
159
  PLURAL(EntryNode),
160
  PLURAL(ExcludeNode),
161
  PLURAL(Tor2webRendezvousPoint),
162
  PLURAL(FirewallPort),
163
  PLURAL(LongLivedPort),
164
165
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
166
  PLURAL(NumCPU),
167
  PLURAL(RendNode),
168
  PLURAL(RecommendedPackage),
169
  PLURAL(RendExcludeNode),
170
171
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
172
  PLURAL(StrictNode),
173
  { "l", "Log", 1, 0},
174
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
175
176
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
177
178
179
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
180
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
181
  { "MaxConn", "ConnLimit", 0, 1},
182
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
183
184
185
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
186
187
188
189
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
190
191
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
192
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
193
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
194
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
195
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
196
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
197
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
198
199
200
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

201
202
203
204
205
206
207
208
209
210
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

211
212
  { NULL, NULL, 0, 0},
};
213

214
215
216
217
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
218
219
220
221
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
222
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
223
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
224
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
225
226
227
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
228
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
229
230
231
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
232
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
233
#endif
234

235
236
237
238
239
240
241
242
243
244
245
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
246

Nick Mathewson's avatar
Nick Mathewson committed
247
248
249
250
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
251
static config_var_t option_vars_[] = {
252
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
253
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
254
255
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
256
  OBSOLETE("AllowDotExit"),
257
  OBSOLETE("AllowInvalidNodes"),
258
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
259
  OBSOLETE("AllowSingleHopCircuits"),
260
  OBSOLETE("AllowSingleHopExits"),
261
262
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
263
  OBSOLETE("AlternateHSAuthority"),
264
  V(AssumeReachable,             BOOL,     "0"),
265
266
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
267
  V(AuthDirBadExit,              LINELIST, NULL),
268
  V(AuthDirBadExitCCs,           CSV,      ""),
269
  V(AuthDirInvalid,              LINELIST, NULL),
270
  V(AuthDirInvalidCCs,           CSV,      ""),
271
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
272
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
273
  V(AuthDirPinKeys,              BOOL,     "1"),
274
  V(AuthDirReject,               LINELIST, NULL),
275
  V(AuthDirRejectCCs,            CSV,      ""),
276
  OBSOLETE("AuthDirRejectUnlisted"),
277
  OBSOLETE("AuthDirListBadDirs"),
278
  V(AuthDirListBadExits,         BOOL,     "0"),
279
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
280
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
281
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
282
283
284
285
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
286
287
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
288
289
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
290
  V(BridgePassword,              STRING,   NULL),
291
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
292
  V(BridgeRelay,                 BOOL,     "0"),
293
  V(BridgeDistribution,          STRING,   NULL),
294
295
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
296
  V(CellStatistics,              BOOL,     "0"),
297
  V(PaddingStatistics,           BOOL,     "1"),
298
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
299
  V(CircuitBuildTimeout,         INTERVAL, "0"),
300
301
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
302
  V(CircuitStreamTimeout,        INTERVAL, "0"),
303
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
304
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
305
  V(ClientOnly,                  BOOL,     "0"),
306
307
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
308
  V(ClientRejectInternalAddresses, BOOL,   "1"),
309
  V(ClientTransportPlugin,       LINELIST, NULL),
310
  V(ClientUseIPv6,               BOOL,     "0"),
311
  V(ClientUseIPv4,               BOOL,     "1"),
312
  V(ConsensusParams,             STRING,   NULL),
313
  V(ConnLimit,                   UINT,     "1000"),
314
  V(ConnDirectionStatistics,     BOOL,     "0"),
315
316
317
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
318
  OBSOLETE("ControlListenAddress"),
319
  VPORT(ControlPort),
320
  V(ControlPortFileGroupReadable,BOOL,     "0"),
321
  V(ControlPortWriteToFile,      FILENAME, NULL),
322
  V(ControlSocket,               LINELIST, NULL),
323
  V(ControlSocketsGroupWritable, BOOL,     "0"),
324
  V(UnixSocksGroupWritable,    BOOL,     "0"),
325
326
327
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
328
  V(CountPrivateBandwidth,       BOOL,     "0"),
329
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
330
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
331
  V(DisableOOSCheck,             BOOL,     "1"),
332
  V(DisableNetwork,              BOOL,     "0"),
333
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
334
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
335
  OBSOLETE("DirListenAddress"),
336
  V(DirPolicy,                   LINELIST, NULL),
337
  VPORT(DirPort),
338
  V(DirPortFrontPage,            FILENAME, NULL),
339
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
340
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
341
  V(DirCache,                    BOOL,     "1"),
342
343
344
345
346
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
347
348
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
349
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
350
  V(DisableAllSwap,              BOOL,     "0"),
351
  V(DisableDebuggerAttachment,   BOOL,     "1"),
352
  OBSOLETE("DisableIOCP"),
353
  OBSOLETE("DisableV2DirectoryInfo_"),
354
  OBSOLETE("DynamicDHGroups"),
355
  VPORT(DNSPort),
356
  OBSOLETE("DNSListenAddress"),
357
358
359
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
360
  V(DoSCircuitCreationRate,      UINT,     "0"),
361
362
363
364
365
366
367
368
369
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
370
  V(DownloadExtraInfo,           BOOL,     "0"),
371
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
372
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
373
  OBSOLETE("TestingEnableTbEmptyEvent"),
374
  V(EnforceDistinctSubnets,      BOOL,     "1"),
375
  V(EntryNodes,                  ROUTERSET,   NULL),
376
  V(EntryStatistics,             BOOL,     "0"),
377
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
378
379
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
380
  OBSOLETE("ExcludeSingleHopRelays"),
381
  V(ExitNodes,                   ROUTERSET, NULL),
382
383
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
384
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
385
  V(ExitPortStatistics,          BOOL,     "0"),
386
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
387
  V(ExitRelay,                   AUTOBOOL, "auto"),
388
  VPORT(ExtORPort),
389
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
390
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
391
  V(ExtraInfoStatistics,         BOOL,     "1"),
392
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
393
  V(FallbackDir,                 LINELIST, NULL),
394

395
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
396

397
  OBSOLETE("FallbackNetworkstatusFile"),
398
399
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
400
  OBSOLETE("FastFirstHopPK"),
401
  V(FetchDirInfoEarly,           BOOL,     "0"),
402
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
403
404
405
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
406
  OBSOLETE("FetchV2Networkstatus"),
407
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
408
#ifdef _WIN32
409
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
410
  V(GeoIPv6File,                 FILENAME, "<default>"),
411
#else
412
413
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
414
415
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
416
#endif /* defined(_WIN32) */
417
  OBSOLETE("Group"),
418
  V(GuardLifetime,               INTERVAL, "0 minutes"),
419
  V(HardwareAccel,               BOOL,     "0"),
420
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
421
  V(MainloopStats,               BOOL,     "0"),
422
423
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
424
  V(HashedControlPassword,       LINELIST, NULL),
425
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
426
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
427
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
428
429
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
430
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
431
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
432
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
433
434
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
435
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
436
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
437
  V(HidServAuth,                 LINELIST, NULL),
438
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
439
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
440
441
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
442
443
444
445
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
446
  VPORT(HTTPTunnelPort),
447
  V(IPv6Exit,                    BOOL,     "0"),
448
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
449
  V(ServerTransportListenAddr,   LINELIST, NULL),
450
  V(ServerTransportOptions,      LINELIST, NULL),
451
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
452
453
454
455
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
456
457
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
458
459
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
460
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
461
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
462
  VAR("Log",                     LINELIST, Logs,             NULL),
463
  V(LogMessageDomains,           BOOL,     "0"),
464
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
465
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
466
  V(SyslogIdentityTag,           STRING,   NULL),
467
  V(AndroidIdentityTag,          STRING,   NULL),
468
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
469
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
470
471
472
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
473
  V(MaxClientCircuitsPending,    UINT,     "32"),
474
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
475
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
476
477
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
478
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
479
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
480
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
481
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
482
  OBSOLETE("NamingAuthoritativeDirectory"),
483
  OBSOLETE("NATDListenAddress"),
484
  VPORT(NATDPort),
485
  V(Nickname,                    STRING,   NULL),
486
  OBSOLETE("PredictedPortsRelevanceTime"),
487
  OBSOLETE("WarnUnsafeSocks"),
488
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
489
  V(NoExec,                      BOOL,     "0"),
490
  V(NumCPUs,                     UINT,     "0"),
491
  V(NumDirectoryGuards,          UINT,     "0"),
492
  V(NumEntryGuards,              UINT,     "0"),
493
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
494
  V(OfflineMasterKey,            BOOL,     "0"),
495
  OBSOLETE("ORListenAddress"),
496
  VPORT(ORPort),
497
  V(OutboundBindAddress,         LINELIST,   NULL),
498
499
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
500

501
  OBSOLETE("PathBiasDisableRate"),
502
503
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
504
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
505
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
506
  V(PathBiasScaleThreshold,      INT,      "-1"),
507
508
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
509
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
510
511
512
513
514
515
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
516

517
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
518
519
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
520
  V(PidFile,                     STRING,   NULL),
521
  V(TestingTorNetwork,           BOOL,     "0"),
522
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
523
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
524

525
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
526
527
528
529
530
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

531
  V(OptimisticData,              AUTOBOOL, "auto"),
532
533
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
534
  OBSOLETE("PreferTunneledDirConns"),
535
  V(ProtocolWarnings,            BOOL,     "0"),
536
  V(PublishServerDescriptor,     CSV,      "1"),
537
538
539
540
541
542
543
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
544
  V(RecommendedPackages,         LINELIST, NULL),
545
546
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
547
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
548
  V(RejectPlaintextPorts,        CSV,      ""),
549
550
551
552
553
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
554
  V(ReducedExitPolicy,           BOOL,     "0"),
555
  OBSOLETE("RunTesting"), // currently unused
556
  V(Sandbox,                     BOOL,     "0"),
557
  V(SafeLogging,                 STRING,   "1"),
558
  V(SafeSocks,                   BOOL,     "0"),
559
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
560
561
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
562
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
563
564
565
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
566
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
567
568
569
570
571
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
572
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
573
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
574
  OBSOLETE("SocksListenAddress"),
575
  V(SocksPolicy,                 LINELIST, NULL),
576
  VPORT(SocksPort),
577
  V(SocksTimeout,                INTERVAL, "2 minutes"),
578
  V(SSLKeyLifetime,              INTERVAL, "0"),
579
580
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
581
  V(StrictNodes,                 BOOL,     "0"),
582
  OBSOLETE("Support022HiddenServices"),
583
  V(TestSocks,                   BOOL,     "0"),
584
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
585
  V(Tor2webMode,                 BOOL,     "0"),
586
  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
587
  OBSOLETE("TLSECGroup"),
588
589
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
590
  OBSOLETE("TransListenAddress"),
591
  VPORT(TransPort),
592
  V(TransProxyType,              STRING,   "default"),
593
  OBSOLETE("TunnelDirConns"),
594
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
595
  V(UseBridges,                  BOOL,     "0"),
596
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
597
  OBSOLETE("UseEntryGuardsAsDirGuards"),
598
  V(UseGuardFraction,            AUTOBOOL, "auto"),
599
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
600
  OBSOLETE("UseNTorHandshake"),
601
  V(User,                        STRING,   NULL),
602
  OBSOLETE("UserspaceIOCPBuffers"),
603
  V(AuthDirSharedRandomness,     BOOL,     "1"),
604
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
605
  OBSOLETE("V1AuthoritativeDirectory"),
606
  OBSOLETE("V2AuthoritativeDirectory"),
607
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
608
609
610
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
611
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
612
613
614
615
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
616
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
617
  V(V3BandwidthsFile,            FILENAME, NULL),
618
  V(GuardfractionFile,           FILENAME, NULL),
619
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
620
  OBSOLETE("VoteOnHidServDirectoriesV2"),
621
622
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
623
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
624
625
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
626
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
627
628
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
629
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
630
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
631
632
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
633
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
634
  VAR("__OwningControllerFD",INT,OwningControllerFD, "-1"),
635
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
636
637
638
639
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
640
  /* With the ClientBootstrapConsensus*Download* below:
641
   * Clients with only authorities will try:
642
643
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
644
   * Clients with authorities and fallbacks will try:
645
646
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
647
   * Clients will also retry when an application request arrives.
648
   * After a number of failed requests, clients retry every 3 days + 1 hour.
649
650
651
652
653
654
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
655
656
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
657
  /* When clients only have authorities available, they use this schedule: */
658
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
659
    "0"),
660
661
662
663
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
664
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
665
666
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
667
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
668
669
670
671
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
672
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
673
674
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
675
676
677
678
679
680
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
681
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
682
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
683
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
684
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
685
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
686
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
687
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
688

689
  END_OF_CONFIG_VARS
690
};
691

692
693
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
694
static const config_var_t testing_tor_network_defaults[] = {
695
696
697
698
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
699
700
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
701
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
702
    "0"),
703
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
704
  V(ClientRejectInternalAddresses, BOOL,   "0"),
705
  V(CountPrivateBandwidth,       BOOL,     "1"),
706
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
707
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
708
709
710
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
711
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
712
713
714
715
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
716
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
717
718
719
720
721
722
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
723
724
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
725
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
726
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
727
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
728
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
729

730
  END_OF_CONFIG_VARS
731
};
732

733
#undef VAR
734
#undef V
735
736
#undef OBSOLETE

737
static const config_deprecation_t option_deprecation_notes_[] = {
738
  /* Deprecated since 0.3.2.0-alpha. */
739
740
741
742
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
743
744
745
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
746
747
748
749
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
750
  /* End of options deprecated since 0.3.2.2-alpha. */
751

752
753
754
  { NULL, NULL }
};

755
#ifdef _WIN32
756
757
static char *get_windows_conf_root(void);
#endif
758
759
760
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
761
                                      char **msg);
762
763
764
765
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
766
767
static int options_transition_affects_dirauth_timing(
      const or_options_t *old_options, const or_options_t *new_options);
768
769
770
static int normalize_nickname_list(config_line_t **normalized_out,
                                   const config_line_t *lst, const char *name,
                                   char **msg);
771
772
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
773
static int parse_ports(or_options_t *options, int validate_only,
774
775
                              char **msg_out, int *n_ports_out,
                              int *world_writable_control_socket);
776
static int check_server_ports(const smartlist_t *ports,
777
778
                              const or_options_t *options,
                              int *num_low_ports_out);
779
static int validate_data_directories(or_options_t *options);
780
781
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
Arlo Breault's avatar
Arlo Breault committed
782
783
static int options_init_logs(const or_options_t *old_options,
                             or_options_t *options, int validate_only);
784