config.c 298 KB
Newer Older
1
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
2
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
4
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
 * \file config.c
9
10
11
12
13
14
15
16
17
18
19
20
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
21
 * <h3>How to add new options</h3>
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
59
60
 **/

61
#define CONFIG_PRIVATE
62
63
64
65
66
67
68
69
70
#include "core/or/or.h"
#include "feature/client/bridges.h"
#include "feature/client/addressmap.h"
#include "core/or/channel.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuitmux.h"
#include "core/or/circuitmux_ewma.h"
#include "core/or/circuitstats.h"
71
#include "lib/compress/compress.h"
72
#include "app/config/config.h"
73
#include "lib/encoding/confline.h"
74
75
76
77
78
79
80
#include "core/mainloop/connection.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
#include "feature/dircache/consdiffmgr.h"
#include "feature/control/control.h"
#include "app/config/confparse.h"
#include "core/mainloop/cpuworker.h"
81
82
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
83
#include "lib/crypt_ops/crypto_init.h"
84
85
86
87
88
#ifdef ENABLE_NSS
#include "lib/crypt_ops/crypto_nss_mgt.h"
#else
#include "lib/crypt_ops/crypto_openssl_mgt.h"
#endif
89
#include "feature/dirauth/bwauth.h"
90
#include "feature/dircache/dirserv.h"
91
#include "feature/dirauth/guardfraction.h"
92
93
94
#include "feature/relay/dns.h"
#include "core/or/dos.h"
#include "feature/client/entrynodes.h"
95
#include "lib/log/git_revision.h"
96
97
#include "feature/stats/geoip.h"
#include "feature/hibernate/hibernate.h"
98
99
#include "app/main/main.h"
#include "core/mainloop/mainloop.h"
100
101
102
103
104
105
106
107
108
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "core/or/policies.h"
#include "core/or/relay.h"
#include "feature/rend/rendclient.h"
#include "feature/rend/rendservice.h"
#include "feature/hs/hs_config.h"
#include "feature/stats/rephist.h"
#include "feature/relay/router.h"
109
#include "feature/relay/routermode.h"
110
#include "lib/sandbox/sandbox.h"
111
#include "feature/nodelist/dirlist.h"
112
113
114
115
116
117
#include "feature/nodelist/routerset.h"
#include "core/or/scheduler.h"
#include "app/config/statefile.h"
#include "feature/client/transports.h"
#include "feature/relay/ext_orport.h"
#include "feature/dircommon/voting_schedule.h"
118
#include "lib/net/resolve.h"
119
#ifdef _WIN32
120
121
#include <shlobj.h>
#endif
122
123
124
125
126
127
128
129
130
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
131

132
#include "lib/meminfo/meminfo.h"
133
#include "lib/osinfo/uname.h"
134
135
136
137
138
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
139
#include "lib/net/gethostname.h"
140
#include "lib/thread/numcpus.h"
141

142
#include "lib/encoding/keyval.h"
143
#include "lib/fs/conffile.h"
144
#include "lib/evloop/procmon.h"
145

146
#include "feature/dirauth/dirvote.h"
147
#include "feature/dirauth/recommend_pkg.h"
148
#include "feature/dirauth/authmode.h"
149

150
151
#include "core/or/connection_st.h"
#include "core/or/port_cfg_st.h"
152

153
154
155
156
157
158
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
159
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
160
#include <systemd/sd-daemon.h>
161
#endif /* defined(HAVE_SYSTEMD) */
162

163
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
164
static const char unix_socket_prefix[] = "unix:";
165
166
167
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
168

169
170
171
172
/* limits for TCP send and recv buffer size used for constrained sockets */
#define MIN_CONSTRAINED_TCP_BUFFER 2048
#define MAX_CONSTRAINED_TCP_BUFFER 262144  /* 256k */

173
174
175
176
177
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

178
179
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
180
static config_abbrev_t option_abbrevs_[] = {
181
182
183
184
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
185
  PLURAL(EntryNode),
186
187
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
188
  PLURAL(LongLivedPort),
189
190
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
191
  PLURAL(NumCPU),
192
  PLURAL(RendNode),
193
  PLURAL(RecommendedPackage),
194
  PLURAL(RendExcludeNode),
195
196
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
197
  PLURAL(StrictNode),
198
  { "l", "Log", 1, 0},
199
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
200
201
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
202
203
204
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
205
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
206
  { "MaxConn", "ConnLimit", 0, 1},
207
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
208
209
210
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
211
212
213
214
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
215
216
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
217
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
218
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
219
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
220
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
221
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
222
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
223
224
225
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

226
227
228
229
230
231
232
233
234
235
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

236
237
  { NULL, NULL, 0, 0},
};
238

239
240
241
242
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
243
244
245
246
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
247
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
248
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
249
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
250
251
252
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
253
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
254
255
256
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
257
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
258
#endif
259

260
261
262
263
264
265
266
267
268
269
270
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
271

272
273
274
/** UINT64_MAX as a decimal string */
#define UINT64_MAX_STRING "18446744073709551615"

Nick Mathewson's avatar
Nick Mathewson committed
275
276
277
278
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
279
static config_var_t option_vars_[] = {
280
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
281
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
282
283
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
284
  OBSOLETE("AllowDotExit"),
285
  OBSOLETE("AllowInvalidNodes"),
286
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
287
  OBSOLETE("AllowSingleHopCircuits"),
288
  OBSOLETE("AllowSingleHopExits"),
289
290
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
291
  OBSOLETE("AlternateHSAuthority"),
292
  V(AssumeReachable,             BOOL,     "0"),
293
294
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
295
  V(AuthDirBadExit,              LINELIST, NULL),
296
  V(AuthDirBadExitCCs,           CSV,      ""),
297
  V(AuthDirInvalid,              LINELIST, NULL),
298
  V(AuthDirInvalidCCs,           CSV,      ""),
299
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
300
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
301
  V(AuthDirPinKeys,              BOOL,     "1"),
302
  V(AuthDirReject,               LINELIST, NULL),
303
  V(AuthDirRejectCCs,            CSV,      ""),
304
  OBSOLETE("AuthDirRejectUnlisted"),
305
  OBSOLETE("AuthDirListBadDirs"),
306
  V(AuthDirListBadExits,         BOOL,     "0"),
307
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
308
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
309
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
310
311
312
313
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
314
315
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
316
317
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
318
  V(BridgePassword,              STRING,   NULL),
319
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
320
  V(BridgeRelay,                 BOOL,     "0"),
321
  V(BridgeDistribution,          STRING,   NULL),
322
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
323
  V(CacheDirectoryGroupReadable, AUTOBOOL,     "auto"),
324
  V(CellStatistics,              BOOL,     "0"),
325
  V(PaddingStatistics,           BOOL,     "1"),
326
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
327
  V(CircuitBuildTimeout,         INTERVAL, "0"),
328
329
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
330
  V(CircuitStreamTimeout,        INTERVAL, "0"),
331
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
332
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
333
  V(ClientOnly,                  BOOL,     "0"),
334
335
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
336
  V(ClientRejectInternalAddresses, BOOL,   "1"),
337
  V(ClientTransportPlugin,       LINELIST, NULL),
338
  V(ClientUseIPv6,               BOOL,     "0"),
339
  V(ClientUseIPv4,               BOOL,     "1"),
340
  V(ConsensusParams,             STRING,   NULL),
341
  V(ConnLimit,                   UINT,     "1000"),
342
  V(ConnDirectionStatistics,     BOOL,     "0"),
343
344
345
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
346
  OBSOLETE("ControlListenAddress"),
347
  VPORT(ControlPort),
348
  V(ControlPortFileGroupReadable,BOOL,     "0"),
349
  V(ControlPortWriteToFile,      FILENAME, NULL),
350
  V(ControlSocket,               LINELIST, NULL),
351
  V(ControlSocketsGroupWritable, BOOL,     "0"),
352
  V(UnixSocksGroupWritable,    BOOL,     "0"),
353
354
355
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
356
  V(CountPrivateBandwidth,       BOOL,     "0"),
357
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
358
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
359
  V(DisableOOSCheck,             BOOL,     "1"),
360
  V(DisableNetwork,              BOOL,     "0"),
361
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
362
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
363
  OBSOLETE("DirListenAddress"),
364
  V(DirPolicy,                   LINELIST, NULL),
365
  VPORT(DirPort),
366
  V(DirPortFrontPage,            FILENAME, NULL),
367
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
368
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
369
  V(DirCache,                    BOOL,     "1"),
370
371
372
373
374
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
375
376
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
377
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
378
  V(DisableAllSwap,              BOOL,     "0"),
379
  V(DisableDebuggerAttachment,   BOOL,     "1"),
380
  OBSOLETE("DisableIOCP"),
381
  OBSOLETE("DisableV2DirectoryInfo_"),
382
  OBSOLETE("DynamicDHGroups"),
383
  VPORT(DNSPort),
384
  OBSOLETE("DNSListenAddress"),
385
386
387
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
388
  V(DoSCircuitCreationRate,      UINT,     "0"),
389
390
391
392
393
394
395
396
397
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
398
  V(DownloadExtraInfo,           BOOL,     "0"),
399
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
400
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
401
  OBSOLETE("TestingEnableTbEmptyEvent"),
402
  V(EnforceDistinctSubnets,      BOOL,     "1"),
403
  V(EntryNodes,                  ROUTERSET,   NULL),
404
  V(EntryStatistics,             BOOL,     "0"),
405
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
406
407
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
408
  OBSOLETE("ExcludeSingleHopRelays"),
409
  V(ExitNodes,                   ROUTERSET, NULL),
410
411
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
412
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
413
  V(ExitPortStatistics,          BOOL,     "0"),
414
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
415
  V(ExitRelay,                   AUTOBOOL, "auto"),
416
  VPORT(ExtORPort),
417
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
418
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
419
  V(ExtraInfoStatistics,         BOOL,     "1"),
420
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
421
  V(FallbackDir,                 LINELIST, NULL),
422

423
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
424

425
  OBSOLETE("FallbackNetworkstatusFile"),
426
427
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
428
  OBSOLETE("FastFirstHopPK"),
429
  V(FetchDirInfoEarly,           BOOL,     "0"),
430
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
431
432
433
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
434
  OBSOLETE("FetchV2Networkstatus"),
435
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
436
#ifdef _WIN32
437
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
438
  V(GeoIPv6File,                 FILENAME, "<default>"),
439
#else
440
441
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
442
443
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
444
#endif /* defined(_WIN32) */
445
  OBSOLETE("Group"),
446
  V(GuardLifetime,               INTERVAL, "0 minutes"),
447
  V(HardwareAccel,               BOOL,     "0"),
448
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
449
  V(MainloopStats,               BOOL,     "0"),
450
451
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
452
  V(HashedControlPassword,       LINELIST, NULL),
453
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
454
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
455
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
456
457
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
458
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
459
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
460
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
461
462
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
463
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
464
  VAR("HiddenServiceExportCircuitID", LINELIST_S,  RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
465
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
466
  V(HidServAuth,                 LINELIST, NULL),
467
  V(ClientOnionAuthDir,          FILENAME, NULL),
468
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
469
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
470
471
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
472
473
474
475
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
476
  VPORT(HTTPTunnelPort),
477
  V(IPv6Exit,                    BOOL,     "0"),
478
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
479
  V(ServerTransportListenAddr,   LINELIST, NULL),
480
  V(ServerTransportOptions,      LINELIST, NULL),
481
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
482
483
484
485
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
486
487
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
488
489
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
490
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
491
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
492
  VAR("Log",                     LINELIST, Logs,             NULL),
493
  V(LogMessageDomains,           BOOL,     "0"),
494
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
495
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
496
  V(SyslogIdentityTag,           STRING,   NULL),
497
  V(AndroidIdentityTag,          STRING,   NULL),
498
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
499
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
500
501
502
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
503
  V(MaxClientCircuitsPending,    UINT,     "32"),
504
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
505
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
506
507
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
508
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
509
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
510
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
511
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
512
  OBSOLETE("NamingAuthoritativeDirectory"),
513
  OBSOLETE("NATDListenAddress"),
514
  VPORT(NATDPort),
515
  V(Nickname,                    STRING,   NULL),
516
  OBSOLETE("PredictedPortsRelevanceTime"),
517
  OBSOLETE("WarnUnsafeSocks"),
518
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
519
  V(NoExec,                      BOOL,     "0"),
520
  V(NumCPUs,                     UINT,     "0"),
521
  V(NumDirectoryGuards,          UINT,     "0"),
522
  V(NumEntryGuards,              UINT,     "0"),
523
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
524
  V(OfflineMasterKey,            BOOL,     "0"),
525
  OBSOLETE("ORListenAddress"),
526
  VPORT(ORPort),
527
  V(OutboundBindAddress,         LINELIST,   NULL),
528
529
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
530

531
  OBSOLETE("PathBiasDisableRate"),
532
533
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
534
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
535
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
536
  V(PathBiasScaleThreshold,      INT,      "-1"),
537
538
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
539
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
540
541
542
543
544
545
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
546

547
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
548
549
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
550
  V(PidFile,                     STRING,   NULL),
551
  V(TestingTorNetwork,           BOOL,     "0"),
552
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
553
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
554

555
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
556
557
558
559
560
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

561
  V(OptimisticData,              AUTOBOOL, "auto"),
562
563
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
564
  OBSOLETE("PreferTunneledDirConns"),
565
  V(ProtocolWarnings,            BOOL,     "0"),
566
  V(PublishServerDescriptor,     CSV,      "1"),
567
568
569
570
571
572
573
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
574
  V(RecommendedPackages,         LINELIST, NULL),
575
576
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
577
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
578
  V(RejectPlaintextPorts,        CSV,      ""),
579
580
581
582
583
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
584
  V(ReducedExitPolicy,           BOOL,     "0"),
585
  OBSOLETE("RunTesting"), // currently unused
586
  V(Sandbox,                     BOOL,     "0"),
587
  V(SafeLogging,                 STRING,   "1"),
588
  V(SafeSocks,                   BOOL,     "0"),
589
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
590
591
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
592
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
593
594
595
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
596
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
597
598
599
600
601
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
602
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
603
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
604
  OBSOLETE("SocksListenAddress"),
605
  V(SocksPolicy,                 LINELIST, NULL),
606
  VPORT(SocksPort),
607
  V(SocksTimeout,                INTERVAL, "2 minutes"),
608
  V(SSLKeyLifetime,              INTERVAL, "0"),
609
610
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
611
  V(StrictNodes,                 BOOL,     "0"),
612
  OBSOLETE("Support022HiddenServices"),
613
  V(TestSocks,                   BOOL,     "0"),
614
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
David Goulet's avatar
David Goulet committed
615
616
  OBSOLETE("Tor2webMode"),
  OBSOLETE("Tor2webRendezvousPoints"),
617
  OBSOLETE("TLSECGroup"),
618
619
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
620
  OBSOLETE("TransListenAddress"),
621
  VPORT(TransPort),
622
  V(TransProxyType,              STRING,   "default"),
623
  OBSOLETE("TunnelDirConns"),
624
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
625
  V(UseBridges,                  BOOL,     "0"),
626
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
627
  OBSOLETE("UseEntryGuardsAsDirGuards"),
628
  V(UseGuardFraction,            AUTOBOOL, "auto"),
629
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
630
  OBSOLETE("UseNTorHandshake"),
631
  V(User,                        STRING,   NULL),
632
  OBSOLETE("UserspaceIOCPBuffers"),
633
  V(AuthDirSharedRandomness,     BOOL,     "1"),
634
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
635
  OBSOLETE("V1AuthoritativeDirectory"),
636
  OBSOLETE("V2AuthoritativeDirectory"),
637
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
638
639
640
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
641
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
642
643
644
645
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
646
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
647
  V(V3BandwidthsFile,            FILENAME, NULL),
648
  V(GuardfractionFile,           FILENAME, NULL),
649
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
650
  OBSOLETE("VoteOnHidServDirectoriesV2"),
651
652
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
653
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
654
655
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
656
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
657
658
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
659
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
660
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
661
662
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
663
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
664
  VAR("__OwningControllerFD", UINT64, OwningControllerFD, UINT64_MAX_STRING),
665
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
666
667
668
669
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
670
  /* With the ClientBootstrapConsensus*Download* below:
671
   * Clients with only authorities will try:
672
673
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
674
   * Clients with authorities and fallbacks will try:
675
676
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
677
   * Clients will also retry when an application request arrives.
678
   * After a number of failed requests, clients retry every 3 days + 1 hour.
679
680
681
682
683
684
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
685
686
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
687
  /* When clients only have authorities available, they use this schedule: */
688
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
689
    "0"),
690
691
692
693
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
694
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
695
696
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
697
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
698
699
700
701
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
702
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
703
704
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
705
706
707
708
709
710
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
711
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
712
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
713
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
714
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
715
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
716
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
717
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
718

719
  END_OF_CONFIG_VARS
720
};
721

722
723
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
724
static const config_var_t testing_tor_network_defaults[] = {
725
726
727
728
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
729
730
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
731
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
732
    "0"),
733
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
734
  V(ClientRejectInternalAddresses, BOOL,   "0"),
735
  V(CountPrivateBandwidth,       BOOL,     "1"),
736
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
737
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
738
739
740
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
741
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
742
743
744
745
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
746
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
747
748
749
750
751
752
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
753
754
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
755
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
756
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
757
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
758
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
759

760
  END_OF_CONFIG_VARS
761
};
762

763
#undef VAR
764
#undef V
765
766
#undef OBSOLETE

767
static const config_deprecation_t option_deprecation_notes_[] = {
768
  /* Deprecated since 0.3.2.0-alpha. */
769
770
771
772
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
773
774
775
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
776
777
778
779
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
780
  /* End of options deprecated since 0.3.2.2-alpha. */
David Goulet's avatar