config.c 299 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
Nick Mathewson's avatar
Nick Mathewson committed
63
64
65
66
67
68
69
70
71
72
#include "or/or.h"
#include "or/bridges.h"
#include "common/compat.h"
#include "or/addressmap.h"
#include "or/channel.h"
#include "or/circuitbuild.h"
#include "or/circuitlist.h"
#include "or/circuitmux.h"
#include "or/circuitmux_ewma.h"
#include "or/circuitstats.h"
73
#include "lib/compress/compress.h"
Nick Mathewson's avatar
Nick Mathewson committed
74
75
76
77
78
79
80
81
#include "or/config.h"
#include "or/connection.h"
#include "or/connection_edge.h"
#include "or/connection_or.h"
#include "or/consdiffmgr.h"
#include "or/control.h"
#include "or/confparse.h"
#include "or/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
Nick Mathewson's avatar
Nick Mathewson committed
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#include "or/dirserv.h"
#include "or/dns.h"
#include "or/dos.h"
#include "or/entrynodes.h"
#include "or/git_revision.h"
#include "or/geoip.h"
#include "or/hibernate.h"
#include "or/main.h"
#include "or/networkstatus.h"
#include "or/nodelist.h"
#include "or/policies.h"
#include "or/relay.h"
#include "or/rendclient.h"
#include "or/rendservice.h"
#include "or/hs_config.h"
#include "or/rephist.h"
#include "or/router.h"
101
#include "lib/sandbox/sandbox.h"
Nick Mathewson's avatar
Nick Mathewson committed
102
103
104
105
106
107
108
109
#include "common/util.h"
#include "or/routerlist.h"
#include "or/routerset.h"
#include "or/scheduler.h"
#include "or/statefile.h"
#include "or/transports.h"
#include "or/ext_orport.h"
#include "or/voting_schedule.h"
110
#ifdef _WIN32
111
112
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
113

114
#include "lib/meminfo/meminfo.h"
115
116
117
118
119
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
120
#include "lib/net/gethostname.h"
121
#include "lib/thread/numcpus.h"
122

123
#include "lib/encoding/keyval.h"
124
#include "lib/fs/conffile.h"
Nick Mathewson's avatar
Nick Mathewson committed
125
#include "common/procmon.h"
126

Nick Mathewson's avatar
Nick Mathewson committed
127
128
#include "or/dirauth/dirvote.h"
#include "or/dirauth/mode.h"
129

Nick Mathewson's avatar
Nick Mathewson committed
130
131
#include "or/connection_st.h"
#include "or/port_cfg_st.h"
132

133
134
135
136
137
138
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
139
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
140
#include <systemd/sd-daemon.h>
141
#endif /* defined(HAVE_SYSTEMD) */
142

143
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
144
static const char unix_socket_prefix[] = "unix:";
145
146
147
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
148

149
150
151
152
153
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

154
155
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
156
static config_abbrev_t option_abbrevs_[] = {
157
158
159
160
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
161
  PLURAL(EntryNode),
162
  PLURAL(ExcludeNode),
163
  PLURAL(Tor2webRendezvousPoint),
164
  PLURAL(FirewallPort),
165
  PLURAL(LongLivedPort),
166
167
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
168
  PLURAL(NumCPU),
169
  PLURAL(RendNode),
170
  PLURAL(RecommendedPackage),
171
  PLURAL(RendExcludeNode),
172
173
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
174
  PLURAL(StrictNode),
175
  { "l", "Log", 1, 0},
176
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
177
178
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
179
180
181
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
182
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
183
  { "MaxConn", "ConnLimit", 0, 1},
184
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
185
186
187
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
188
189
190
191
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
192
193
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
194
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
195
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
196
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
197
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
198
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
199
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
200
201
202
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

203
204
205
206
207
208
209
210
211
212
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

213
214
  { NULL, NULL, 0, 0},
};
215

216
217
218
219
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
220
221
222
223
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
224
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
225
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
226
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
227
228
229
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
230
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
231
232
233
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
234
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
235
#endif
236

237
238
239
240
241
242
243
244
245
246
247
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
248

Nick Mathewson's avatar
Nick Mathewson committed
249
250
251
252
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
253
static config_var_t option_vars_[] = {
254
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
255
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
256
257
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
258
  OBSOLETE("AllowDotExit"),
259
  OBSOLETE("AllowInvalidNodes"),
260
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
261
  OBSOLETE("AllowSingleHopCircuits"),
262
  OBSOLETE("AllowSingleHopExits"),
263
264
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
265
  OBSOLETE("AlternateHSAuthority"),
266
  V(AssumeReachable,             BOOL,     "0"),
267
268
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
269
  V(AuthDirBadExit,              LINELIST, NULL),
270
  V(AuthDirBadExitCCs,           CSV,      ""),
271
  V(AuthDirInvalid,              LINELIST, NULL),
272
  V(AuthDirInvalidCCs,           CSV,      ""),
273
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
274
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
275
  V(AuthDirPinKeys,              BOOL,     "1"),
276
  V(AuthDirReject,               LINELIST, NULL),
277
  V(AuthDirRejectCCs,            CSV,      ""),
278
  OBSOLETE("AuthDirRejectUnlisted"),
279
  OBSOLETE("AuthDirListBadDirs"),
280
  V(AuthDirListBadExits,         BOOL,     "0"),
281
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
282
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
283
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
284
285
286
287
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
288
289
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
290
291
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
292
  V(BridgePassword,              STRING,   NULL),
293
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
294
  V(BridgeRelay,                 BOOL,     "0"),
295
  V(BridgeDistribution,          STRING,   NULL),
296
297
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
298
  V(CellStatistics,              BOOL,     "0"),
299
  V(PaddingStatistics,           BOOL,     "1"),
300
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
301
  V(CircuitBuildTimeout,         INTERVAL, "0"),
302
303
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
304
  V(CircuitStreamTimeout,        INTERVAL, "0"),
305
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
306
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
307
  V(ClientOnly,                  BOOL,     "0"),
308
309
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
310
  V(ClientRejectInternalAddresses, BOOL,   "1"),
311
  V(ClientTransportPlugin,       LINELIST, NULL),
312
  V(ClientUseIPv6,               BOOL,     "0"),
313
  V(ClientUseIPv4,               BOOL,     "1"),
314
  V(ConsensusParams,             STRING,   NULL),
315
  V(ConnLimit,                   UINT,     "1000"),
316
  V(ConnDirectionStatistics,     BOOL,     "0"),
317
318
319
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
320
  OBSOLETE("ControlListenAddress"),
321
  VPORT(ControlPort),
322
  V(ControlPortFileGroupReadable,BOOL,     "0"),
323
  V(ControlPortWriteToFile,      FILENAME, NULL),
324
  V(ControlSocket,               LINELIST, NULL),
325
  V(ControlSocketsGroupWritable, BOOL,     "0"),
326
  V(UnixSocksGroupWritable,    BOOL,     "0"),
327
328
329
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
330
  V(CountPrivateBandwidth,       BOOL,     "0"),
331
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
332
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
333
  V(DisableOOSCheck,             BOOL,     "1"),
334
  V(DisableNetwork,              BOOL,     "0"),
335
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
336
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
337
  OBSOLETE("DirListenAddress"),
338
  V(DirPolicy,                   LINELIST, NULL),
339
  VPORT(DirPort),
340
  V(DirPortFrontPage,            FILENAME, NULL),
341
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
342
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
343
  V(DirCache,                    BOOL,     "1"),
344
345
346
347
348
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
349
350
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
351
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
352
  V(DisableAllSwap,              BOOL,     "0"),
353
  V(DisableDebuggerAttachment,   BOOL,     "1"),
354
  OBSOLETE("DisableIOCP"),
355
  OBSOLETE("DisableV2DirectoryInfo_"),
356
  OBSOLETE("DynamicDHGroups"),
357
  VPORT(DNSPort),
358
  OBSOLETE("DNSListenAddress"),
359
360
361
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
362
  V(DoSCircuitCreationRate,      UINT,     "0"),
363
364
365
366
367
368
369
370
371
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
372
  V(DownloadExtraInfo,           BOOL,     "0"),
373
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
374
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
375
  OBSOLETE("TestingEnableTbEmptyEvent"),
376
  V(EnforceDistinctSubnets,      BOOL,     "1"),
377
  V(EntryNodes,                  ROUTERSET,   NULL),
378
  V(EntryStatistics,             BOOL,     "0"),
379
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
380
381
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
382
  OBSOLETE("ExcludeSingleHopRelays"),
383
  V(ExitNodes,                   ROUTERSET, NULL),
384
385
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
386
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
387
  V(ExitPortStatistics,          BOOL,     "0"),
388
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
389
  V(ExitRelay,                   AUTOBOOL, "auto"),
390
  VPORT(ExtORPort),
391
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
392
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
393
  V(ExtraInfoStatistics,         BOOL,     "1"),
394
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
395
  V(FallbackDir,                 LINELIST, NULL),
396

397
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
398

399
  OBSOLETE("FallbackNetworkstatusFile"),
400
401
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
402
  OBSOLETE("FastFirstHopPK"),
403
  V(FetchDirInfoEarly,           BOOL,     "0"),
404
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
405
406
407
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
408
  OBSOLETE("FetchV2Networkstatus"),
409
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
410
#ifdef _WIN32
411
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
412
  V(GeoIPv6File,                 FILENAME, "<default>"),
413
#else
414
415
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
416
417
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
418
#endif /* defined(_WIN32) */
419
  OBSOLETE("Group"),
420
  V(GuardLifetime,               INTERVAL, "0 minutes"),
421
  V(HardwareAccel,               BOOL,     "0"),
422
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
423
  V(MainloopStats,               BOOL,     "0"),
424
425
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
426
  V(HashedControlPassword,       LINELIST, NULL),
427
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
428
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
429
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
430
431
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
432
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
433
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
434
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
435
436
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
437
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
438
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
439
  V(HidServAuth,                 LINELIST, NULL),
440
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
441
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
442
443
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
444
445
446
447
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
448
  VPORT(HTTPTunnelPort),
449
  V(IPv6Exit,                    BOOL,     "0"),
450
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
451
  V(ServerTransportListenAddr,   LINELIST, NULL),
452
  V(ServerTransportOptions,      LINELIST, NULL),
453
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
454
455
456
457
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
458
459
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
460
461
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
462
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
463
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
464
  VAR("Log",                     LINELIST, Logs,             NULL),
465
  V(LogMessageDomains,           BOOL,     "0"),
466
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
467
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
468
  V(SyslogIdentityTag,           STRING,   NULL),
469
  V(AndroidIdentityTag,          STRING,   NULL),
470
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
471
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
472
473
474
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
475
  V(MaxClientCircuitsPending,    UINT,     "32"),
476
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
477
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
478
479
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
480
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
481
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
482
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
483
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
484
  OBSOLETE("NamingAuthoritativeDirectory"),
485
  OBSOLETE("NATDListenAddress"),
486
  VPORT(NATDPort),
487
  V(Nickname,                    STRING,   NULL),
488
  OBSOLETE("PredictedPortsRelevanceTime"),
489
  OBSOLETE("WarnUnsafeSocks"),
490
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
491
  V(NoExec,                      BOOL,     "0"),
492
  V(NumCPUs,                     UINT,     "0"),
493
  V(NumDirectoryGuards,          UINT,     "0"),
494
  V(NumEntryGuards,              UINT,     "0"),
495
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
496
  V(OfflineMasterKey,            BOOL,     "0"),
497
  OBSOLETE("ORListenAddress"),
498
  VPORT(ORPort),
499
  V(OutboundBindAddress,         LINELIST,   NULL),
500
501
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
502

503
  OBSOLETE("PathBiasDisableRate"),
504
505
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
506
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
507
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
508
  V(PathBiasScaleThreshold,      INT,      "-1"),
509
510
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
511
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
512
513
514
515
516
517
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
518

519
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
520
521
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
522
  V(PidFile,                     STRING,   NULL),
523
  V(TestingTorNetwork,           BOOL,     "0"),
524
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
525
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
526

527
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
528
529
530
531
532
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

533
  V(OptimisticData,              AUTOBOOL, "auto"),
534
535
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
536
  OBSOLETE("PreferTunneledDirConns"),
537
  V(ProtocolWarnings,            BOOL,     "0"),
538
  V(PublishServerDescriptor,     CSV,      "1"),
539
540
541
542
543
544
545
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
546
  V(RecommendedPackages,         LINELIST, NULL),
547
548
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
549
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
550
  V(RejectPlaintextPorts,        CSV,      ""),
551
552
553
554
555
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
556
  V(ReducedExitPolicy,           BOOL,     "0"),
557
  OBSOLETE("RunTesting"), // currently unused
558
  V(Sandbox,                     BOOL,     "0"),
559
  V(SafeLogging,                 STRING,   "1"),
560
  V(SafeSocks,                   BOOL,     "0"),
561
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
562
563
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
564
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
565
566
567
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
568
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
569
570
571
572
573
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
574
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
575
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
576
  OBSOLETE("SocksListenAddress"),
577
  V(SocksPolicy,                 LINELIST, NULL),
578
  VPORT(SocksPort),
579
  V(SocksTimeout,                INTERVAL, "2 minutes"),
580
  V(SSLKeyLifetime,              INTERVAL, "0"),
581
582
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
583
  V(StrictNodes,                 BOOL,     "0"),
584
  OBSOLETE("Support022HiddenServices"),
585
  V(TestSocks,                   BOOL,     "0"),
586
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
587
  V(Tor2webMode,                 BOOL,     "0"),
588
  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
589
  OBSOLETE("TLSECGroup"),
590
591
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
592
  OBSOLETE("TransListenAddress"),
593
  VPORT(TransPort),
594
  V(TransProxyType,              STRING,   "default"),
595
  OBSOLETE("TunnelDirConns"),
596
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
597
  V(UseBridges,                  BOOL,     "0"),
598
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
599
  OBSOLETE("UseEntryGuardsAsDirGuards"),
600
  V(UseGuardFraction,            AUTOBOOL, "auto"),
601
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
602
  OBSOLETE("UseNTorHandshake"),
603
  V(User,                        STRING,   NULL),
604
  OBSOLETE("UserspaceIOCPBuffers"),
605
  V(AuthDirSharedRandomness,     BOOL,     "1"),
606
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
607
  OBSOLETE("V1AuthoritativeDirectory"),
608
  OBSOLETE("V2AuthoritativeDirectory"),
609
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
610
611
612
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
613
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
614
615
616
617
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
618
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
619
  V(V3BandwidthsFile,            FILENAME, NULL),
620
  V(GuardfractionFile,           FILENAME, NULL),
621
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
622
  OBSOLETE("VoteOnHidServDirectoriesV2"),
623
624
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
625
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
626
627
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
628
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
629
630
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
631
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
632
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
633
634
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
635
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
636
  VAR("__OwningControllerFD",INT,OwningControllerFD, "-1"),
637
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
638
639
640
641
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
642
  /* With the ClientBootstrapConsensus*Download* below:
643
   * Clients with only authorities will try:
644
645
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
646
   * Clients with authorities and fallbacks will try:
647
648
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
649
   * Clients will also retry when an application request arrives.
650
   * After a number of failed requests, clients retry every 3 days + 1 hour.
651
652
653
654
655
656
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
657
658
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
659
  /* When clients only have authorities available, they use this schedule: */
660
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
661
    "0"),
662
663
664
665
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
666
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
667
668
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
669
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
670
671
672
673
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
674
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
675
676
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
677
678
679
680
681
682
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
683
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
684
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
685
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
686
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
687
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
688
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
689
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
690

691
  END_OF_CONFIG_VARS
692
};
693

694
695
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
696
static const config_var_t testing_tor_network_defaults[] = {
697
698
699
700
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
701
702
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
703
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
704
    "0"),
705
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
706
  V(ClientRejectInternalAddresses, BOOL,   "0"),
707
  V(CountPrivateBandwidth,       BOOL,     "1"),
708
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
709
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
710
711
712
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
713
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
714
715
716
717
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
718
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
719
720
721
722
723
724
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
725
726
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
727
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
728
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
729
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
730
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
731

732
  END_OF_CONFIG_VARS
733
};
734

735
#undef VAR
736
#undef V
737
738
#undef OBSOLETE

739
static const config_deprecation_t option_deprecation_notes_[] = {
740
  /* Deprecated since 0.3.2.0-alpha. */
741
742
743
744
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
745
746
747
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
748
749
750
751
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
752
  /* End of options deprecated since 0.3.2.2-alpha. */
753

754
755
756
  { NULL, NULL }
};

757
#ifdef _WIN32
758
759
static char *get_windows_conf_root(void);
#endif
760
761
762
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
763
                                      char **msg);
764
765
766
767
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
768
769
static int options_transition_affects_dirauth_timing(
      const or_options_t *old_options, const or_options_t *new_options);
770
771
772
static int normalize_nickname_list(config_line_t **normalized_out,
                                   const config_line_t *lst, const char *name,
                                   char **msg);
773
774
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
775
static int parse_ports(or_options_t *options, int validate_only,
776
777
                              char **msg_out, int *n_ports_out,
                              int *world_writable_control_socket);
778
static int check_server_ports(const smartlist_t *ports,
779
780
                              const or_options_t *options,
                              int *num_low_ports_out);
781
static int validate_data_directories(or_options_t *options);
782
783
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
Arlo Breault's avatar
Arlo Breault committed </