config.c 297 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
63
64
65
66
67
68
69
70
71
#include "core/or/or.h"
#include "feature/client/bridges.h"
#include "feature/client/addressmap.h"
#include "core/or/channel.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuitmux.h"
#include "core/or/circuitmux_ewma.h"
#include "core/or/circuitstats.h"
72
#include "lib/compress/compress.h"
73
#include "app/config/config.h"
74
#include "lib/encoding/confline.h"
75
76
77
78
79
80
81
#include "core/mainloop/connection.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
#include "feature/dircache/consdiffmgr.h"
#include "feature/control/control.h"
#include "app/config/confparse.h"
#include "core/mainloop/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
84
#include "lib/crypt_ops/crypto_init.h"
85
86
87
88
89
#ifdef ENABLE_NSS
#include "lib/crypt_ops/crypto_nss_mgt.h"
#else
#include "lib/crypt_ops/crypto_openssl_mgt.h"
#endif
90
91
92
93
#include "feature/dircache/dirserv.h"
#include "feature/relay/dns.h"
#include "core/or/dos.h"
#include "feature/client/entrynodes.h"
94
#include "lib/log/git_revision.h"
95
96
97
98
99
100
101
102
103
104
105
106
#include "feature/stats/geoip.h"
#include "feature/hibernate/hibernate.h"
#include "core/mainloop/main.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "core/or/policies.h"
#include "core/or/relay.h"
#include "feature/rend/rendclient.h"
#include "feature/rend/rendservice.h"
#include "feature/hs/hs_config.h"
#include "feature/stats/rephist.h"
#include "feature/relay/router.h"
107
#include "lib/sandbox/sandbox.h"
108
#include "feature/nodelist/dirlist.h"
109
110
111
112
113
114
#include "feature/nodelist/routerset.h"
#include "core/or/scheduler.h"
#include "app/config/statefile.h"
#include "feature/client/transports.h"
#include "feature/relay/ext_orport.h"
#include "feature/dircommon/voting_schedule.h"
115
#include "lib/net/resolve.h"
116
#ifdef _WIN32
117
118
#include <shlobj.h>
#endif
119
120
121
122
123
124
125
126
127
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
128

129
#include "lib/meminfo/meminfo.h"
130
#include "lib/osinfo/uname.h"
131
132
133
134
135
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
136
#include "lib/net/gethostname.h"
137
#include "lib/thread/numcpus.h"
138

139
#include "lib/encoding/keyval.h"
140
#include "lib/fs/conffile.h"
141
#include "lib/evloop/procmon.h"
142

143
144
#include "feature/dirauth/dirvote.h"
#include "feature/dirauth/mode.h"
145

146
147
#include "core/or/connection_st.h"
#include "core/or/port_cfg_st.h"
148

149
150
151
152
153
154
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
155
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
156
#include <systemd/sd-daemon.h>
157
#endif /* defined(HAVE_SYSTEMD) */
158

159
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
160
static const char unix_socket_prefix[] = "unix:";
161
162
163
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
164

165
166
167
168
/* limits for TCP send and recv buffer size used for constrained sockets */
#define MIN_CONSTRAINED_TCP_BUFFER 2048
#define MAX_CONSTRAINED_TCP_BUFFER 262144  /* 256k */

169
170
171
172
173
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

174
175
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
176
static config_abbrev_t option_abbrevs_[] = {
177
178
179
180
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
181
  PLURAL(EntryNode),
182
183
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
184
  PLURAL(LongLivedPort),
185
186
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
187
  PLURAL(NumCPU),
188
  PLURAL(RendNode),
189
  PLURAL(RecommendedPackage),
190
  PLURAL(RendExcludeNode),
191
192
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
193
  PLURAL(StrictNode),
194
  { "l", "Log", 1, 0},
195
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
196
197
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
198
199
200
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
201
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
202
  { "MaxConn", "ConnLimit", 0, 1},
203
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
204
205
206
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
207
208
209
210
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
211
212
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
213
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
214
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
215
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
216
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
217
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
218
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
219
220
221
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

222
223
224
225
226
227
228
229
230
231
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

232
233
  { NULL, NULL, 0, 0},
};
234

235
236
237
238
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
239
240
241
242
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
243
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
244
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
245
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
246
247
248
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
249
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
250
251
252
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
253
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
254
#endif
255

256
257
258
259
260
261
262
263
264
265
266
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
267

268
269
270
/** UINT64_MAX as a decimal string */
#define UINT64_MAX_STRING "18446744073709551615"

Nick Mathewson's avatar
Nick Mathewson committed
271
272
273
274
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
275
static config_var_t option_vars_[] = {
276
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
277
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
278
279
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
280
  OBSOLETE("AllowDotExit"),
281
  OBSOLETE("AllowInvalidNodes"),
282
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
283
  OBSOLETE("AllowSingleHopCircuits"),
284
  OBSOLETE("AllowSingleHopExits"),
285
286
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
287
  OBSOLETE("AlternateHSAuthority"),
288
  V(AssumeReachable,             BOOL,     "0"),
289
290
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
291
  V(AuthDirBadExit,              LINELIST, NULL),
292
  V(AuthDirBadExitCCs,           CSV,      ""),
293
  V(AuthDirInvalid,              LINELIST, NULL),
294
  V(AuthDirInvalidCCs,           CSV,      ""),
295
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
296
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
297
  V(AuthDirPinKeys,              BOOL,     "1"),
298
  V(AuthDirReject,               LINELIST, NULL),
299
  V(AuthDirRejectCCs,            CSV,      ""),
300
  OBSOLETE("AuthDirRejectUnlisted"),
301
  OBSOLETE("AuthDirListBadDirs"),
302
  V(AuthDirListBadExits,         BOOL,     "0"),
303
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
304
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
305
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
306
307
308
309
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
310
311
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
312
313
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
314
  V(BridgePassword,              STRING,   NULL),
315
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
316
  V(BridgeRelay,                 BOOL,     "0"),
317
  V(BridgeDistribution,          STRING,   NULL),
318
319
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
320
  V(CellStatistics,              BOOL,     "0"),
321
  V(PaddingStatistics,           BOOL,     "1"),
322
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
323
  V(CircuitBuildTimeout,         INTERVAL, "0"),
324
325
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
326
  V(CircuitStreamTimeout,        INTERVAL, "0"),
327
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
328
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
329
  V(ClientOnly,                  BOOL,     "0"),
330
331
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
332
  V(ClientRejectInternalAddresses, BOOL,   "1"),
333
  V(ClientTransportPlugin,       LINELIST, NULL),
334
  V(ClientUseIPv6,               BOOL,     "0"),
335
  V(ClientUseIPv4,               BOOL,     "1"),
336
  V(ConsensusParams,             STRING,   NULL),
337
  V(ConnLimit,                   UINT,     "1000"),
338
  V(ConnDirectionStatistics,     BOOL,     "0"),
339
340
341
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
342
  OBSOLETE("ControlListenAddress"),
343
  VPORT(ControlPort),
344
  V(ControlPortFileGroupReadable,BOOL,     "0"),
345
  V(ControlPortWriteToFile,      FILENAME, NULL),
346
  V(ControlSocket,               LINELIST, NULL),
347
  V(ControlSocketsGroupWritable, BOOL,     "0"),
348
  V(UnixSocksGroupWritable,    BOOL,     "0"),
349
350
351
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
352
  V(CountPrivateBandwidth,       BOOL,     "0"),
353
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
354
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
355
  V(DisableOOSCheck,             BOOL,     "1"),
356
  V(DisableNetwork,              BOOL,     "0"),
357
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
358
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
359
  OBSOLETE("DirListenAddress"),
360
  V(DirPolicy,                   LINELIST, NULL),
361
  VPORT(DirPort),
362
  V(DirPortFrontPage,            FILENAME, NULL),
363
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
364
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
365
  V(DirCache,                    BOOL,     "1"),
366
367
368
369
370
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
371
372
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
373
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
374
  V(DisableAllSwap,              BOOL,     "0"),
375
  V(DisableDebuggerAttachment,   BOOL,     "1"),
376
  OBSOLETE("DisableIOCP"),
377
  OBSOLETE("DisableV2DirectoryInfo_"),
378
  OBSOLETE("DynamicDHGroups"),
379
  VPORT(DNSPort),
380
  OBSOLETE("DNSListenAddress"),
381
382
383
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
384
  V(DoSCircuitCreationRate,      UINT,     "0"),
385
386
387
388
389
390
391
392
393
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
394
  V(DownloadExtraInfo,           BOOL,     "0"),
395
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
396
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
397
  OBSOLETE("TestingEnableTbEmptyEvent"),
398
  V(EnforceDistinctSubnets,      BOOL,     "1"),
399
  V(EntryNodes,                  ROUTERSET,   NULL),
400
  V(EntryStatistics,             BOOL,     "0"),
401
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
402
403
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
404
  OBSOLETE("ExcludeSingleHopRelays"),
405
  V(ExitNodes,                   ROUTERSET, NULL),
406
407
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
408
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
409
  V(ExitPortStatistics,          BOOL,     "0"),
410
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
411
  V(ExitRelay,                   AUTOBOOL, "auto"),
412
  VPORT(ExtORPort),
413
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
414
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
415
  V(ExtraInfoStatistics,         BOOL,     "1"),
416
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
417
  V(FallbackDir,                 LINELIST, NULL),
418

419
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
420

421
  OBSOLETE("FallbackNetworkstatusFile"),
422
423
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
424
  OBSOLETE("FastFirstHopPK"),
425
  V(FetchDirInfoEarly,           BOOL,     "0"),
426
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
427
428
429
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
430
  OBSOLETE("FetchV2Networkstatus"),
431
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
432
#ifdef _WIN32
433
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
434
  V(GeoIPv6File,                 FILENAME, "<default>"),
435
#else
436
437
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
438
439
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
440
#endif /* defined(_WIN32) */
441
  OBSOLETE("Group"),
442
  V(GuardLifetime,               INTERVAL, "0 minutes"),
443
  V(HardwareAccel,               BOOL,     "0"),
444
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
445
  V(MainloopStats,               BOOL,     "0"),
446
447
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
448
  V(HashedControlPassword,       LINELIST, NULL),
449
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
450
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
451
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
452
453
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
454
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
455
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
456
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
457
458
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
459
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
460
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
461
  V(HidServAuth,                 LINELIST, NULL),
462
  V(ClientOnionAuthDir,          FILENAME, NULL),
463
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
464
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
465
466
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
467
468
469
470
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
471
  VPORT(HTTPTunnelPort),
472
  V(IPv6Exit,                    BOOL,     "0"),
473
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
474
  V(ServerTransportListenAddr,   LINELIST, NULL),
475
  V(ServerTransportOptions,      LINELIST, NULL),
476
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
477
478
479
480
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
481
482
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
483
484
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
485
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
486
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
487
  VAR("Log",                     LINELIST, Logs,             NULL),
488
  V(LogMessageDomains,           BOOL,     "0"),
489
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
490
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
491
  V(SyslogIdentityTag,           STRING,   NULL),
492
  V(AndroidIdentityTag,          STRING,   NULL),
493
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
494
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
495
496
497
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
498
  V(MaxClientCircuitsPending,    UINT,     "32"),
499
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
500
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
501
502
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
503
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
504
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
505
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
506
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
507
  OBSOLETE("NamingAuthoritativeDirectory"),
508
  OBSOLETE("NATDListenAddress"),
509
  VPORT(NATDPort),
510
  V(Nickname,                    STRING,   NULL),
511
  OBSOLETE("PredictedPortsRelevanceTime"),
512
  OBSOLETE("WarnUnsafeSocks"),
513
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
514
  V(NoExec,                      BOOL,     "0"),
515
  V(NumCPUs,                     UINT,     "0"),
516
  V(NumDirectoryGuards,          UINT,     "0"),
517
  V(NumEntryGuards,              UINT,     "0"),
518
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
519
  V(OfflineMasterKey,            BOOL,     "0"),
520
  OBSOLETE("ORListenAddress"),
521
  VPORT(ORPort),
522
  V(OutboundBindAddress,         LINELIST,   NULL),
523
524
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
525

526
  OBSOLETE("PathBiasDisableRate"),
527
528
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
529
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
530
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
531
  V(PathBiasScaleThreshold,      INT,      "-1"),
532
533
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
534
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
535
536
537
538
539
540
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
541

542
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
543
544
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
545
  V(PidFile,                     STRING,   NULL),
546
  V(TestingTorNetwork,           BOOL,     "0"),
547
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
548
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
549

550
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
551
552
553
554
555
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

556
  V(OptimisticData,              AUTOBOOL, "auto"),
557
558
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
559
  OBSOLETE("PreferTunneledDirConns"),
560
  V(ProtocolWarnings,            BOOL,     "0"),
561
  V(PublishServerDescriptor,     CSV,      "1"),
562
563
564
565
566
567
568
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
569
  V(RecommendedPackages,         LINELIST, NULL),
570
571
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
572
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
573
  V(RejectPlaintextPorts,        CSV,      ""),
574
575
576
577
578
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
579
  V(ReducedExitPolicy,           BOOL,     "0"),
580
  OBSOLETE("RunTesting"), // currently unused
581
  V(Sandbox,                     BOOL,     "0"),
582
  V(SafeLogging,                 STRING,   "1"),
583
  V(SafeSocks,                   BOOL,     "0"),
584
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
585
586
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
587
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
588
589
590
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
591
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
592
593
594
595
596
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
597
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
598
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
599
  OBSOLETE("SocksListenAddress"),
600
  V(SocksPolicy,                 LINELIST, NULL),
601
  VPORT(SocksPort),
602
  V(SocksTimeout,                INTERVAL, "2 minutes"),
603
  V(SSLKeyLifetime,              INTERVAL, "0"),
604
605
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
606
  V(StrictNodes,                 BOOL,     "0"),
607
  OBSOLETE("Support022HiddenServices"),
608
  V(TestSocks,                   BOOL,     "0"),
609
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
David Goulet's avatar
David Goulet committed
610
611
  OBSOLETE("Tor2webMode"),
  OBSOLETE("Tor2webRendezvousPoints"),
612
  OBSOLETE("TLSECGroup"),
613
614
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
615
  OBSOLETE("TransListenAddress"),
616
  VPORT(TransPort),
617
  V(TransProxyType,              STRING,   "default"),
618
  OBSOLETE("TunnelDirConns"),
619
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
620
  V(UseBridges,                  BOOL,     "0"),
621
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
622
  OBSOLETE("UseEntryGuardsAsDirGuards"),
623
  V(UseGuardFraction,            AUTOBOOL, "auto"),
624
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
625
  OBSOLETE("UseNTorHandshake"),
626
  V(User,                        STRING,   NULL),
627
  OBSOLETE("UserspaceIOCPBuffers"),
628
  V(AuthDirSharedRandomness,     BOOL,     "1"),
629
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
630
  OBSOLETE("V1AuthoritativeDirectory"),
631
  OBSOLETE("V2AuthoritativeDirectory"),
632
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
633
634
635
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
636
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
637
638
639
640
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
641
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
642
  V(V3BandwidthsFile,            FILENAME, NULL),
643
  V(GuardfractionFile,           FILENAME, NULL),
644
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
645
  OBSOLETE("VoteOnHidServDirectoriesV2"),
646
647
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
648
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
649
650
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
651
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
652
653
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
654
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
655
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
656
657
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
658
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
659
  VAR("__OwningControllerFD", UINT64, OwningControllerFD, UINT64_MAX_STRING),
660
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
661
662
663
664
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
665
  /* With the ClientBootstrapConsensus*Download* below:
666
   * Clients with only authorities will try:
667
668
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
669
   * Clients with authorities and fallbacks will try:
670
671
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
672
   * Clients will also retry when an application request arrives.
673
   * After a number of failed requests, clients retry every 3 days + 1 hour.
674
675
676
677
678
679
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
680
681
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
682
  /* When clients only have authorities available, they use this schedule: */
683
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
684
    "0"),
685
686
687
688
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
689
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
690
691
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
692
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
693
694
695
696
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
697
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
698
699
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
700
701
702
703
704
705
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
706
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
707
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
708
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
709
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
710
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
711
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
712
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
713

714
  END_OF_CONFIG_VARS
715
};
716

717
718
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
719
static const config_var_t testing_tor_network_defaults[] = {
720
721
722
723
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
724
725
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
726
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
727
    "0"),
728
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
729
  V(ClientRejectInternalAddresses, BOOL,   "0"),
730
  V(CountPrivateBandwidth,       BOOL,     "1"),
731
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
732
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
733
734
735
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
736
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
737
738
739
740
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
741
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
742
743
744
745
746
747
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
748
749
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
750
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
751
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
752
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
753
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
754

755
  END_OF_CONFIG_VARS
756
};
757

758
#undef VAR
759
#undef V
760
761
#undef OBSOLETE

762
static const config_deprecation_t option_deprecation_notes_[] = {
763
  /* Deprecated since 0.3.2.0-alpha. */
764
765
766
767
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
768
769
770
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
771
772
773
774
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
775
  /* End of options deprecated since 0.3.2.2-alpha. */
776

777
778
779
  { NULL, NULL }
};

780
#ifdef _WIN32
781
782
static char *get_windows_conf_root(void);
#endif
783
784
785
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
786
                                      char **msg);
787
788
789
790
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);