config.c 299 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
Nick Mathewson's avatar
Nick Mathewson committed
63
64
65
66
67
68
69
70
71
#include "or/or.h"
#include "or/bridges.h"
#include "or/addressmap.h"
#include "or/channel.h"
#include "or/circuitbuild.h"
#include "or/circuitlist.h"
#include "or/circuitmux.h"
#include "or/circuitmux_ewma.h"
#include "or/circuitstats.h"
72
#include "lib/compress/compress.h"
Nick Mathewson's avatar
Nick Mathewson committed
73
#include "or/config.h"
74
#include "lib/encoding/confline.h"
Nick Mathewson's avatar
Nick Mathewson committed
75
76
77
78
79
80
81
#include "or/connection.h"
#include "or/connection_edge.h"
#include "or/connection_or.h"
#include "or/consdiffmgr.h"
#include "or/control.h"
#include "or/confparse.h"
#include "or/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
Nick Mathewson's avatar
Nick Mathewson committed
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#include "or/dirserv.h"
#include "or/dns.h"
#include "or/dos.h"
#include "or/entrynodes.h"
#include "or/git_revision.h"
#include "or/geoip.h"
#include "or/hibernate.h"
#include "or/main.h"
#include "or/networkstatus.h"
#include "or/nodelist.h"
#include "or/policies.h"
#include "or/relay.h"
#include "or/rendclient.h"
#include "or/rendservice.h"
#include "or/hs_config.h"
#include "or/rephist.h"
#include "or/router.h"
101
#include "lib/sandbox/sandbox.h"
Nick Mathewson's avatar
Nick Mathewson committed
102
103
104
105
106
107
108
109
#include "common/util.h"
#include "or/routerlist.h"
#include "or/routerset.h"
#include "or/scheduler.h"
#include "or/statefile.h"
#include "or/transports.h"
#include "or/ext_orport.h"
#include "or/voting_schedule.h"
110
#ifdef _WIN32
111
112
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
113

114
#include "lib/meminfo/meminfo.h"
115
#include "lib/osinfo/uname.h"
116
117
118
119
120
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
121
#include "lib/net/gethostname.h"
122
#include "lib/thread/numcpus.h"
123

124
#include "lib/encoding/keyval.h"
125
#include "lib/fs/conffile.h"
Nick Mathewson's avatar
Nick Mathewson committed
126
#include "common/procmon.h"
127

Nick Mathewson's avatar
Nick Mathewson committed
128
129
#include "or/dirauth/dirvote.h"
#include "or/dirauth/mode.h"
130

Nick Mathewson's avatar
Nick Mathewson committed
131
132
#include "or/connection_st.h"
#include "or/port_cfg_st.h"
133

134
135
136
137
138
139
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
140
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
141
#include <systemd/sd-daemon.h>
142
#endif /* defined(HAVE_SYSTEMD) */
143

144
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
145
static const char unix_socket_prefix[] = "unix:";
146
147
148
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
149

150
151
152
153
/* limits for TCP send and recv buffer size used for constrained sockets */
#define MIN_CONSTRAINED_TCP_BUFFER 2048
#define MAX_CONSTRAINED_TCP_BUFFER 262144  /* 256k */

154
155
156
157
158
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

159
160
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
161
static config_abbrev_t option_abbrevs_[] = {
162
163
164
165
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
166
  PLURAL(EntryNode),
167
  PLURAL(ExcludeNode),
168
  PLURAL(Tor2webRendezvousPoint),
169
  PLURAL(FirewallPort),
170
  PLURAL(LongLivedPort),
171
172
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
173
  PLURAL(NumCPU),
174
  PLURAL(RendNode),
175
  PLURAL(RecommendedPackage),
176
  PLURAL(RendExcludeNode),
177
178
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
179
  PLURAL(StrictNode),
180
  { "l", "Log", 1, 0},
181
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
182
183
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
184
185
186
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
187
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
188
  { "MaxConn", "ConnLimit", 0, 1},
189
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
190
191
192
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
193
194
195
196
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
197
198
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
199
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
200
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
201
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
202
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
203
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
204
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
205
206
207
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

208
209
210
211
212
213
214
215
216
217
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

218
219
  { NULL, NULL, 0, 0},
};
220

221
222
223
224
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
225
226
227
228
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
229
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
230
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
231
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
232
233
234
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
235
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
236
237
238
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
239
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
240
#endif
241

242
243
244
245
246
247
248
249
250
251
252
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
253

Nick Mathewson's avatar
Nick Mathewson committed
254
255
256
257
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
258
static config_var_t option_vars_[] = {
259
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
260
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
261
262
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
263
  OBSOLETE("AllowDotExit"),
264
  OBSOLETE("AllowInvalidNodes"),
265
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
266
  OBSOLETE("AllowSingleHopCircuits"),
267
  OBSOLETE("AllowSingleHopExits"),
268
269
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
270
  OBSOLETE("AlternateHSAuthority"),
271
  V(AssumeReachable,             BOOL,     "0"),
272
273
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
274
  V(AuthDirBadExit,              LINELIST, NULL),
275
  V(AuthDirBadExitCCs,           CSV,      ""),
276
  V(AuthDirInvalid,              LINELIST, NULL),
277
  V(AuthDirInvalidCCs,           CSV,      ""),
278
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
279
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
280
  V(AuthDirPinKeys,              BOOL,     "1"),
281
  V(AuthDirReject,               LINELIST, NULL),
282
  V(AuthDirRejectCCs,            CSV,      ""),
283
  OBSOLETE("AuthDirRejectUnlisted"),
284
  OBSOLETE("AuthDirListBadDirs"),
285
  V(AuthDirListBadExits,         BOOL,     "0"),
286
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
287
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
288
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
289
290
291
292
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
293
294
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
295
296
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
297
  V(BridgePassword,              STRING,   NULL),
298
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
299
  V(BridgeRelay,                 BOOL,     "0"),
300
  V(BridgeDistribution,          STRING,   NULL),
301
302
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
303
  V(CellStatistics,              BOOL,     "0"),
304
  V(PaddingStatistics,           BOOL,     "1"),
305
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
306
  V(CircuitBuildTimeout,         INTERVAL, "0"),
307
308
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
309
  V(CircuitStreamTimeout,        INTERVAL, "0"),
310
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
311
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
312
  V(ClientOnly,                  BOOL,     "0"),
313
314
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
315
  V(ClientRejectInternalAddresses, BOOL,   "1"),
316
  V(ClientTransportPlugin,       LINELIST, NULL),
317
  V(ClientUseIPv6,               BOOL,     "0"),
318
  V(ClientUseIPv4,               BOOL,     "1"),
319
  V(ConsensusParams,             STRING,   NULL),
320
  V(ConnLimit,                   UINT,     "1000"),
321
  V(ConnDirectionStatistics,     BOOL,     "0"),
322
323
324
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
325
  OBSOLETE("ControlListenAddress"),
326
  VPORT(ControlPort),
327
  V(ControlPortFileGroupReadable,BOOL,     "0"),
328
  V(ControlPortWriteToFile,      FILENAME, NULL),
329
  V(ControlSocket,               LINELIST, NULL),
330
  V(ControlSocketsGroupWritable, BOOL,     "0"),
331
  V(UnixSocksGroupWritable,    BOOL,     "0"),
332
333
334
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
335
  V(CountPrivateBandwidth,       BOOL,     "0"),
336
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
337
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
338
  V(DisableOOSCheck,             BOOL,     "1"),
339
  V(DisableNetwork,              BOOL,     "0"),
340
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
341
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
342
  OBSOLETE("DirListenAddress"),
343
  V(DirPolicy,                   LINELIST, NULL),
344
  VPORT(DirPort),
345
  V(DirPortFrontPage,            FILENAME, NULL),
346
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
347
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
348
  V(DirCache,                    BOOL,     "1"),
349
350
351
352
353
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
354
355
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
356
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
357
  V(DisableAllSwap,              BOOL,     "0"),
358
  V(DisableDebuggerAttachment,   BOOL,     "1"),
359
  OBSOLETE("DisableIOCP"),
360
  OBSOLETE("DisableV2DirectoryInfo_"),
361
  OBSOLETE("DynamicDHGroups"),
362
  VPORT(DNSPort),
363
  OBSOLETE("DNSListenAddress"),
364
365
366
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
367
  V(DoSCircuitCreationRate,      UINT,     "0"),
368
369
370
371
372
373
374
375
376
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
377
  V(DownloadExtraInfo,           BOOL,     "0"),
378
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
379
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
380
  OBSOLETE("TestingEnableTbEmptyEvent"),
381
  V(EnforceDistinctSubnets,      BOOL,     "1"),
382
  V(EntryNodes,                  ROUTERSET,   NULL),
383
  V(EntryStatistics,             BOOL,     "0"),
384
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
385
386
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
387
  OBSOLETE("ExcludeSingleHopRelays"),
388
  V(ExitNodes,                   ROUTERSET, NULL),
389
390
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
391
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
392
  V(ExitPortStatistics,          BOOL,     "0"),
393
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
394
  V(ExitRelay,                   AUTOBOOL, "auto"),
395
  VPORT(ExtORPort),
396
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
397
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
398
  V(ExtraInfoStatistics,         BOOL,     "1"),
399
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
400
  V(FallbackDir,                 LINELIST, NULL),
401

402
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
403

404
  OBSOLETE("FallbackNetworkstatusFile"),
405
406
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
407
  OBSOLETE("FastFirstHopPK"),
408
  V(FetchDirInfoEarly,           BOOL,     "0"),
409
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
410
411
412
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
413
  OBSOLETE("FetchV2Networkstatus"),
414
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
415
#ifdef _WIN32
416
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
417
  V(GeoIPv6File,                 FILENAME, "<default>"),
418
#else
419
420
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
421
422
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
423
#endif /* defined(_WIN32) */
424
  OBSOLETE("Group"),
425
  V(GuardLifetime,               INTERVAL, "0 minutes"),
426
  V(HardwareAccel,               BOOL,     "0"),
427
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
428
  V(MainloopStats,               BOOL,     "0"),
429
430
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
431
  V(HashedControlPassword,       LINELIST, NULL),
432
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
433
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
434
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
435
436
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
437
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
438
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
439
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
440
441
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
442
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
443
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
444
  V(HidServAuth,                 LINELIST, NULL),
445
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
446
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
447
448
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
449
450
451
452
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
453
  VPORT(HTTPTunnelPort),
454
  V(IPv6Exit,                    BOOL,     "0"),
455
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
456
  V(ServerTransportListenAddr,   LINELIST, NULL),
457
  V(ServerTransportOptions,      LINELIST, NULL),
458
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
459
460
461
462
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
463
464
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
465
466
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
467
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
468
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
469
  VAR("Log",                     LINELIST, Logs,             NULL),
470
  V(LogMessageDomains,           BOOL,     "0"),
471
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
472
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
473
  V(SyslogIdentityTag,           STRING,   NULL),
474
  V(AndroidIdentityTag,          STRING,   NULL),
475
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
476
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
477
478
479
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
480
  V(MaxClientCircuitsPending,    UINT,     "32"),
481
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
482
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
483
484
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
485
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
486
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
487
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
488
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
489
  OBSOLETE("NamingAuthoritativeDirectory"),
490
  OBSOLETE("NATDListenAddress"),
491
  VPORT(NATDPort),
492
  V(Nickname,                    STRING,   NULL),
493
  OBSOLETE("PredictedPortsRelevanceTime"),
494
  OBSOLETE("WarnUnsafeSocks"),
495
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
496
  V(NoExec,                      BOOL,     "0"),
497
  V(NumCPUs,                     UINT,     "0"),
498
  V(NumDirectoryGuards,          UINT,     "0"),
499
  V(NumEntryGuards,              UINT,     "0"),
500
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
501
  V(OfflineMasterKey,            BOOL,     "0"),
502
  OBSOLETE("ORListenAddress"),
503
  VPORT(ORPort),
504
  V(OutboundBindAddress,         LINELIST,   NULL),
505
506
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
507

508
  OBSOLETE("PathBiasDisableRate"),
509
510
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
511
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
512
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
513
  V(PathBiasScaleThreshold,      INT,      "-1"),
514
515
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
516
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
517
518
519
520
521
522
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
523

524
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
525
526
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
527
  V(PidFile,                     STRING,   NULL),
528
  V(TestingTorNetwork,           BOOL,     "0"),
529
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
530
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
531

532
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
533
534
535
536
537
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

538
  V(OptimisticData,              AUTOBOOL, "auto"),
539
540
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
541
  OBSOLETE("PreferTunneledDirConns"),
542
  V(ProtocolWarnings,            BOOL,     "0"),
543
  V(PublishServerDescriptor,     CSV,      "1"),
544
545
546
547
548
549
550
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
551
  V(RecommendedPackages,         LINELIST, NULL),
552
553
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
554
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
555
  V(RejectPlaintextPorts,        CSV,      ""),
556
557
558
559
560
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
561
  V(ReducedExitPolicy,           BOOL,     "0"),
562
  OBSOLETE("RunTesting"), // currently unused
563
  V(Sandbox,                     BOOL,     "0"),
564
  V(SafeLogging,                 STRING,   "1"),
565
  V(SafeSocks,                   BOOL,     "0"),
566
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
567
568
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
569
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
570
571
572
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
573
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
574
575
576
577
578
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
579
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
580
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
581
  OBSOLETE("SocksListenAddress"),
582
  V(SocksPolicy,                 LINELIST, NULL),
583
  VPORT(SocksPort),
584
  V(SocksTimeout,                INTERVAL, "2 minutes"),
585
  V(SSLKeyLifetime,              INTERVAL, "0"),
586
587
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
588
  V(StrictNodes,                 BOOL,     "0"),
589
  OBSOLETE("Support022HiddenServices"),
590
  V(TestSocks,                   BOOL,     "0"),
591
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
592
  V(Tor2webMode,                 BOOL,     "0"),
593
  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
594
  OBSOLETE("TLSECGroup"),
595
596
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
597
  OBSOLETE("TransListenAddress"),
598
  VPORT(TransPort),
599
  V(TransProxyType,              STRING,   "default"),
600
  OBSOLETE("TunnelDirConns"),
601
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
602
  V(UseBridges,                  BOOL,     "0"),
603
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
604
  OBSOLETE("UseEntryGuardsAsDirGuards"),
605
  V(UseGuardFraction,            AUTOBOOL, "auto"),
606
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
607
  OBSOLETE("UseNTorHandshake"),
608
  V(User,                        STRING,   NULL),
609
  OBSOLETE("UserspaceIOCPBuffers"),
610
  V(AuthDirSharedRandomness,     BOOL,     "1"),
611
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
612
  OBSOLETE("V1AuthoritativeDirectory"),
613
  OBSOLETE("V2AuthoritativeDirectory"),
614
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
615
616
617
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
618
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
619
620
621
622
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
623
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
624
  V(V3BandwidthsFile,            FILENAME, NULL),
625
  V(GuardfractionFile,           FILENAME, NULL),
626
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
627
  OBSOLETE("VoteOnHidServDirectoriesV2"),
628
629
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
630
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
631
632
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
633
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
634
635
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
636
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
637
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
638
639
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
640
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
641
  VAR("__OwningControllerFD",INT,OwningControllerFD, "-1"),
642
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
643
644
645
646
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
647
  /* With the ClientBootstrapConsensus*Download* below:
648
   * Clients with only authorities will try:
649
650
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
651
   * Clients with authorities and fallbacks will try:
652
653
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
654
   * Clients will also retry when an application request arrives.
655
   * After a number of failed requests, clients retry every 3 days + 1 hour.
656
657
658
659
660
661
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
662
663
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
664
  /* When clients only have authorities available, they use this schedule: */
665
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
666
    "0"),
667
668
669
670
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
671
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
672
673
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
674
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
675
676
677
678
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
679
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
680
681
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
682
683
684
685
686
687
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
688
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
689
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
690
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
691
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
692
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
693
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
694
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
695

696
  END_OF_CONFIG_VARS
697
};
698

699
700
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
701
static const config_var_t testing_tor_network_defaults[] = {
702
703
704
705
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
706
707
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
708
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
709
    "0"),
710
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
711
  V(ClientRejectInternalAddresses, BOOL,   "0"),
712
  V(CountPrivateBandwidth,       BOOL,     "1"),
713
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
714
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
715
716
717
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
718
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
719
720
721
722
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
723
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
724
725
726
727
728
729
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
730
731
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
732
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
733
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
734
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
735
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
736

737
  END_OF_CONFIG_VARS
738
};
739

740
#undef VAR
741
#undef V
742
743
#undef OBSOLETE

744
static const config_deprecation_t option_deprecation_notes_[] = {
745
  /* Deprecated since 0.3.2.0-alpha. */
746
747
748
749
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
750
751
752
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
753
754
755
756
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
757
  /* End of options deprecated since 0.3.2.2-alpha. */
758

759
760
761
  { NULL, NULL }
};

762
#ifdef _WIN32
763
764
static char *get_windows_conf_root(void);
#endif
765
766
767
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
768
                                      char **msg);
769
770
771
772
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
773
774
static int options_transition_affects_dirauth_timing(
      const or_options_t *old_options, const or_options_t *new_options);
775
776
777
static int normalize_nickname_list(config_line_t **normalized_out,
                                   const config_line_t *lst, const char *name,
                                   char **msg);
778
779
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
780
static int parse_ports(or_options_t *options, int validate_only,
781
782
                              char **msg_out, int *n_ports_out,
                              int *world_writable_control_socket);
783
static int check_server_ports(const smartlist_t *ports,
Nick Mathewson's avatar