config.c 299 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
Nick Mathewson's avatar
Nick Mathewson committed
63
64
65
66
67
68
69
70
71
72
#include "or/or.h"
#include "or/bridges.h"
#include "common/compat.h"
#include "or/addressmap.h"
#include "or/channel.h"
#include "or/circuitbuild.h"
#include "or/circuitlist.h"
#include "or/circuitmux.h"
#include "or/circuitmux_ewma.h"
#include "or/circuitstats.h"
73
#include "lib/compress/compress.h"
Nick Mathewson's avatar
Nick Mathewson committed
74
75
76
77
78
79
80
81
#include "or/config.h"
#include "or/connection.h"
#include "or/connection_edge.h"
#include "or/connection_or.h"
#include "or/consdiffmgr.h"
#include "or/control.h"
#include "or/confparse.h"
#include "or/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
Nick Mathewson's avatar
Nick Mathewson committed
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#include "or/dirserv.h"
#include "or/dns.h"
#include "or/dos.h"
#include "or/entrynodes.h"
#include "or/git_revision.h"
#include "or/geoip.h"
#include "or/hibernate.h"
#include "or/main.h"
#include "or/networkstatus.h"
#include "or/nodelist.h"
#include "or/policies.h"
#include "or/relay.h"
#include "or/rendclient.h"
#include "or/rendservice.h"
#include "or/hs_config.h"
#include "or/rephist.h"
#include "or/router.h"
101
#include "lib/sandbox/sandbox.h"
Nick Mathewson's avatar
Nick Mathewson committed
102
103
104
105
106
107
108
109
#include "common/util.h"
#include "or/routerlist.h"
#include "or/routerset.h"
#include "or/scheduler.h"
#include "or/statefile.h"
#include "or/transports.h"
#include "or/ext_orport.h"
#include "or/voting_schedule.h"
110
#ifdef _WIN32
111
112
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
113

114
115
116
117
118
119
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"

120
#include "lib/fs/conffile.h"
Nick Mathewson's avatar
Nick Mathewson committed
121
#include "common/procmon.h"
122

Nick Mathewson's avatar
Nick Mathewson committed
123
124
#include "or/dirauth/dirvote.h"
#include "or/dirauth/mode.h"
125

Nick Mathewson's avatar
Nick Mathewson committed
126
127
#include "or/connection_st.h"
#include "or/port_cfg_st.h"
128

129
130
131
132
133
134
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
135
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
136
#include <systemd/sd-daemon.h>
137
#endif /* defined(HAVE_SYSTEMD) */
138

139
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
140
static const char unix_socket_prefix[] = "unix:";
141
142
143
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
144

145
146
147
148
149
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

150
151
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
152
static config_abbrev_t option_abbrevs_[] = {
153
154
155
156
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
157
  PLURAL(EntryNode),
158
  PLURAL(ExcludeNode),
159
  PLURAL(Tor2webRendezvousPoint),
160
  PLURAL(FirewallPort),
161
  PLURAL(LongLivedPort),
162
163
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
164
  PLURAL(NumCPU),
165
  PLURAL(RendNode),
166
  PLURAL(RecommendedPackage),
167
  PLURAL(RendExcludeNode),
168
169
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
170
  PLURAL(StrictNode),
171
  { "l", "Log", 1, 0},
172
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
173
174
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
175
176
177
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
178
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
179
  { "MaxConn", "ConnLimit", 0, 1},
180
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
181
182
183
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
184
185
186
187
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
188
189
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
190
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
191
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
192
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
193
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
194
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
195
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
196
197
198
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

199
200
201
202
203
204
205
206
207
208
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

209
210
  { NULL, NULL, 0, 0},
};
211

212
213
214
215
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
216
217
218
219
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
220
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
221
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
222
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
223
224
225
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
226
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
227
228
229
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
230
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
231
#endif
232

233
234
235
236
237
238
239
240
241
242
243
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
244

Nick Mathewson's avatar
Nick Mathewson committed
245
246
247
248
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
249
static config_var_t option_vars_[] = {
250
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
251
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
252
253
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
254
  OBSOLETE("AllowDotExit"),
255
  OBSOLETE("AllowInvalidNodes"),
256
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
257
  OBSOLETE("AllowSingleHopCircuits"),
258
  OBSOLETE("AllowSingleHopExits"),
259
260
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
261
  OBSOLETE("AlternateHSAuthority"),
262
  V(AssumeReachable,             BOOL,     "0"),
263
264
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
265
  V(AuthDirBadExit,              LINELIST, NULL),
266
  V(AuthDirBadExitCCs,           CSV,      ""),
267
  V(AuthDirInvalid,              LINELIST, NULL),
268
  V(AuthDirInvalidCCs,           CSV,      ""),
269
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
270
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
271
  V(AuthDirPinKeys,              BOOL,     "1"),
272
  V(AuthDirReject,               LINELIST, NULL),
273
  V(AuthDirRejectCCs,            CSV,      ""),
274
  OBSOLETE("AuthDirRejectUnlisted"),
275
  OBSOLETE("AuthDirListBadDirs"),
276
  V(AuthDirListBadExits,         BOOL,     "0"),
277
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
278
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
279
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
280
281
282
283
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
284
285
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
286
287
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
288
  V(BridgePassword,              STRING,   NULL),
289
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
290
  V(BridgeRelay,                 BOOL,     "0"),
291
  V(BridgeDistribution,          STRING,   NULL),
292
293
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
294
  V(CellStatistics,              BOOL,     "0"),
295
  V(PaddingStatistics,           BOOL,     "1"),
296
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
297
  V(CircuitBuildTimeout,         INTERVAL, "0"),
298
299
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
300
  V(CircuitStreamTimeout,        INTERVAL, "0"),
301
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
302
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
303
  V(ClientOnly,                  BOOL,     "0"),
304
305
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
306
  V(ClientRejectInternalAddresses, BOOL,   "1"),
307
  V(ClientTransportPlugin,       LINELIST, NULL),
308
  V(ClientUseIPv6,               BOOL,     "0"),
309
  V(ClientUseIPv4,               BOOL,     "1"),
310
  V(ConsensusParams,             STRING,   NULL),
311
  V(ConnLimit,                   UINT,     "1000"),
312
  V(ConnDirectionStatistics,     BOOL,     "0"),
313
314
315
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
316
  OBSOLETE("ControlListenAddress"),
317
  VPORT(ControlPort),
318
  V(ControlPortFileGroupReadable,BOOL,     "0"),
319
  V(ControlPortWriteToFile,      FILENAME, NULL),
320
  V(ControlSocket,               LINELIST, NULL),
321
  V(ControlSocketsGroupWritable, BOOL,     "0"),
322
  V(UnixSocksGroupWritable,    BOOL,     "0"),
323
324
325
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
326
  V(CountPrivateBandwidth,       BOOL,     "0"),
327
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
328
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
329
  V(DisableOOSCheck,             BOOL,     "1"),
330
  V(DisableNetwork,              BOOL,     "0"),
331
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
332
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
333
  OBSOLETE("DirListenAddress"),
334
  V(DirPolicy,                   LINELIST, NULL),
335
  VPORT(DirPort),
336
  V(DirPortFrontPage,            FILENAME, NULL),
337
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
338
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
339
  V(DirCache,                    BOOL,     "1"),
340
341
342
343
344
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
345
346
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
347
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
348
  V(DisableAllSwap,              BOOL,     "0"),
349
  V(DisableDebuggerAttachment,   BOOL,     "1"),
350
  OBSOLETE("DisableIOCP"),
351
  OBSOLETE("DisableV2DirectoryInfo_"),
352
  OBSOLETE("DynamicDHGroups"),
353
  VPORT(DNSPort),
354
  OBSOLETE("DNSListenAddress"),
355
356
357
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
358
  V(DoSCircuitCreationRate,      UINT,     "0"),
359
360
361
362
363
364
365
366
367
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
368
  V(DownloadExtraInfo,           BOOL,     "0"),
369
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
370
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
371
  OBSOLETE("TestingEnableTbEmptyEvent"),
372
  V(EnforceDistinctSubnets,      BOOL,     "1"),
373
  V(EntryNodes,                  ROUTERSET,   NULL),
374
  V(EntryStatistics,             BOOL,     "0"),
375
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
376
377
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
378
  OBSOLETE("ExcludeSingleHopRelays"),
379
  V(ExitNodes,                   ROUTERSET, NULL),
380
381
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
382
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
383
  V(ExitPortStatistics,          BOOL,     "0"),
384
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
385
  V(ExitRelay,                   AUTOBOOL, "auto"),
386
  VPORT(ExtORPort),
387
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
388
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
389
  V(ExtraInfoStatistics,         BOOL,     "1"),
390
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
391
  V(FallbackDir,                 LINELIST, NULL),
392

393
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
394

395
  OBSOLETE("FallbackNetworkstatusFile"),
396
397
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
398
  OBSOLETE("FastFirstHopPK"),
399
  V(FetchDirInfoEarly,           BOOL,     "0"),
400
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
401
402
403
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
404
  OBSOLETE("FetchV2Networkstatus"),
405
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
406
#ifdef _WIN32
407
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
408
  V(GeoIPv6File,                 FILENAME, "<default>"),
409
#else
410
411
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
412
413
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
414
#endif /* defined(_WIN32) */
415
  OBSOLETE("Group"),
416
  V(GuardLifetime,               INTERVAL, "0 minutes"),
417
  V(HardwareAccel,               BOOL,     "0"),
418
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
419
  V(MainloopStats,               BOOL,     "0"),
420
421
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
422
  V(HashedControlPassword,       LINELIST, NULL),
423
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
424
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
425
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
426
427
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
428
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
429
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
430
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
431
432
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
433
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
434
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
435
  V(HidServAuth,                 LINELIST, NULL),
436
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
437
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
438
439
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
440
441
442
443
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
444
  VPORT(HTTPTunnelPort),
445
  V(IPv6Exit,                    BOOL,     "0"),
446
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
447
  V(ServerTransportListenAddr,   LINELIST, NULL),
448
  V(ServerTransportOptions,      LINELIST, NULL),
449
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
450
451
452
453
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
454
455
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
456
457
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
458
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
459
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
460
  VAR("Log",                     LINELIST, Logs,             NULL),
461
  V(LogMessageDomains,           BOOL,     "0"),
462
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
463
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
464
  V(SyslogIdentityTag,           STRING,   NULL),
465
  V(AndroidIdentityTag,          STRING,   NULL),
466
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
467
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
468
469
470
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
471
  V(MaxClientCircuitsPending,    UINT,     "32"),
472
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
473
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
474
475
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
476
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
477
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
478
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
479
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
480
  OBSOLETE("NamingAuthoritativeDirectory"),
481
  OBSOLETE("NATDListenAddress"),
482
  VPORT(NATDPort),
483
  V(Nickname,                    STRING,   NULL),
484
  OBSOLETE("PredictedPortsRelevanceTime"),
485
  OBSOLETE("WarnUnsafeSocks"),
486
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
487
  V(NoExec,                      BOOL,     "0"),
488
  V(NumCPUs,                     UINT,     "0"),
489
  V(NumDirectoryGuards,          UINT,     "0"),
490
  V(NumEntryGuards,              UINT,     "0"),
491
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
492
  V(OfflineMasterKey,            BOOL,     "0"),
493
  OBSOLETE("ORListenAddress"),
494
  VPORT(ORPort),
495
  V(OutboundBindAddress,         LINELIST,   NULL),
496
497
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
498

499
  OBSOLETE("PathBiasDisableRate"),
500
501
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
502
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
503
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
504
  V(PathBiasScaleThreshold,      INT,      "-1"),
505
506
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
507
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
508
509
510
511
512
513
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
514

515
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
516
517
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
518
  V(PidFile,                     STRING,   NULL),
519
  V(TestingTorNetwork,           BOOL,     "0"),
520
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
521
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
522

523
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
524
525
526
527
528
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

529
  V(OptimisticData,              AUTOBOOL, "auto"),
530
531
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
532
  OBSOLETE("PreferTunneledDirConns"),
533
  V(ProtocolWarnings,            BOOL,     "0"),
534
  V(PublishServerDescriptor,     CSV,      "1"),
535
536
537
538
539
540
541
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
542
  V(RecommendedPackages,         LINELIST, NULL),
543
544
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
545
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
546
  V(RejectPlaintextPorts,        CSV,      ""),
547
548
549
550
551
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
552
  V(ReducedExitPolicy,           BOOL,     "0"),
553
  OBSOLETE("RunTesting"), // currently unused
554
  V(Sandbox,                     BOOL,     "0"),
555
  V(SafeLogging,                 STRING,   "1"),
556
  V(SafeSocks,                   BOOL,     "0"),
557
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
558
559
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
560
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
561
562
563
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
564
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
565
566
567
568
569
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
570
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
571
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
572
  OBSOLETE("SocksListenAddress"),
573
  V(SocksPolicy,                 LINELIST, NULL),
574
  VPORT(SocksPort),
575
  V(SocksTimeout,                INTERVAL, "2 minutes"),
576
  V(SSLKeyLifetime,              INTERVAL, "0"),
577
578
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
579
  V(StrictNodes,                 BOOL,     "0"),
580
  OBSOLETE("Support022HiddenServices"),
581
  V(TestSocks,                   BOOL,     "0"),
582
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
583
  V(Tor2webMode,                 BOOL,     "0"),
584
  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
585
  OBSOLETE("TLSECGroup"),
586
587
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
588
  OBSOLETE("TransListenAddress"),
589
  VPORT(TransPort),
590
  V(TransProxyType,              STRING,   "default"),
591
  OBSOLETE("TunnelDirConns"),
592
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
593
  V(UseBridges,                  BOOL,     "0"),
594
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
595
  OBSOLETE("UseEntryGuardsAsDirGuards"),
596
  V(UseGuardFraction,            AUTOBOOL, "auto"),
597
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
598
  OBSOLETE("UseNTorHandshake"),
599
  V(User,                        STRING,   NULL),
600
  OBSOLETE("UserspaceIOCPBuffers"),
601
  V(AuthDirSharedRandomness,     BOOL,     "1"),
602
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
603
  OBSOLETE("V1AuthoritativeDirectory"),
604
  OBSOLETE("V2AuthoritativeDirectory"),
605
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
606
607
608
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
609
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
610
611
612
613
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
614
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
615
  V(V3BandwidthsFile,            FILENAME, NULL),
616
  V(GuardfractionFile,           FILENAME, NULL),
617
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
618
  OBSOLETE("VoteOnHidServDirectoriesV2"),
619
620
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
621
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
622
623
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
624
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
625
626
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
627
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
628
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
629
630
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
631
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
632
  VAR("__OwningControllerFD",INT,OwningControllerFD, "-1"),
633
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
634
635
636
637
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
638
  /* With the ClientBootstrapConsensus*Download* below:
639
   * Clients with only authorities will try:
640
641
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
642
   * Clients with authorities and fallbacks will try:
643
644
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
645
   * Clients will also retry when an application request arrives.
646
   * After a number of failed requests, clients retry every 3 days + 1 hour.
647
648
649
650
651
652
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
653
654
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
655
  /* When clients only have authorities available, they use this schedule: */
656
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
657
    "0"),
658
659
660
661
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
662
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
663
664
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
665
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
666
667
668
669
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
670
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
671
672
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
673
674
675
676
677
678
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
679
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
680
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
681
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
682
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
683
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
684
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
685
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
686

687
  END_OF_CONFIG_VARS
688
};
689

690
691
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
692
static const config_var_t testing_tor_network_defaults[] = {
693
694
695
696
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
697
698
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
699
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
700
    "0"),
701
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
702
  V(ClientRejectInternalAddresses, BOOL,   "0"),
703
  V(CountPrivateBandwidth,       BOOL,     "1"),
704
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
705
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
706
707
708
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
709
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
710
711
712
713
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
714
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
715
716
717
718
719
720
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
721
722
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
723
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
724
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
725
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
726
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
727

728
  END_OF_CONFIG_VARS
729
};
730

731
#undef VAR
732
#undef V
733
734
#undef OBSOLETE

735
static const config_deprecation_t option_deprecation_notes_[] = {
736
  /* Deprecated since 0.3.2.0-alpha. */
737
738
739
740
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
741
742
743
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
744
745
746
747
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
748
  /* End of options deprecated since 0.3.2.2-alpha. */
749

750
751
752
  { NULL, NULL }
};

753
#ifdef _WIN32
754
755
static char *get_windows_conf_root(void);
#endif
756
757
758
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
759
                                      char **msg);
760
761
762
763
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
764
765
static int options_transition_affects_dirauth_timing(
      const or_options_t *old_options, const or_options_t *new_options);
766
767
768
static int normalize_nickname_list(config_line_t **normalized_out,
                                   const config_line_t *lst, const char *name,
                                   char **msg);
769
770
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
771
static int parse_ports(or_options_t *options, int validate_only,
772
773
                              char **msg_out, int *n_ports_out,
                              int *world_writable_control_socket);
774
static int check_server_ports(const smartlist_t *ports,
775
776
                              const or_options_t *options,
                              int *num_low_ports_out);
777
static int validate_data_directories(or_options_t *options);
778
779
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
Arlo Breault's avatar
Arlo Breault committed
780
781
static int options_init_logs(const or_options_t *old_options,
                             or_options_t *options, int validate_only);
782

783
static void init_libevent(const or_options_t *options);
784
static int opt_streq(const char *s1, const char *s2);
785