config.c 231 KB
Newer Older
1
 /* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
2
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2013, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
#define CONFIG_PRIVATE
Roger Dingledine's avatar
Roger Dingledine committed
13
#include "or.h"
14
#include "addressmap.h"
15
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
16
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitlist.h"
18
19
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
20
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection_edge.h"
23
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
24
#include "control.h"
25
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
26
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dns.h"
30
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
31
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "networkstatus.h"
35
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
36
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "router.h"
42
#include "sandbox.h"
43
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
44
#include "routerlist.h"
45
#include "routerset.h"
46
#include "statefile.h"
47
#include "transports.h"
48
#include "ext_orport.h"
49
#include "torgzip.h"
50
#ifdef _WIN32
51
52
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
53

54
55
56
57
58
#include "procmon.h"

/* From main.c */
extern int quiet_level;

59
60
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
61
static config_abbrev_t option_abbrevs_[] = {
62
63
64
65
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
66
  PLURAL(ExitNode),
67
  PLURAL(EntryNode),
68
69
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
70
  PLURAL(LongLivedPort),
71
72
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
73
  PLURAL(NumCPU),
74
75
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
76
77
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
78
  PLURAL(StrictNode),
79
  { "l", "Log", 1, 0},
80
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
81
82
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
83
84
85
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
86
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX024 later, make this warn? */
87
  { "MaxConn", "ConnLimit", 0, 1},
88
89
90
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
91
92
93
94
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
95
96
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
97
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
98
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
99
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
100
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
101
102
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
103
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
104
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
105
106
  { NULL, NULL, 0, 0},
};
107

Nick Mathewson's avatar
Nick Mathewson committed
108
109
110
111
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
112
113
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
114
      initvalue }
115
116
117
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
118
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
119
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
120

121
122
123
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
124
125
126
127
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
128
static config_var_t option_vars_[] = {
129
  OBSOLETE("AccountingMaxKB"),
130
131
132
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
133
  V(AllowDotExit,                BOOL,     "0"),
134
135
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
136
137
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
138
139
140
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
141
  V(AssumeReachable,             BOOL,     "0"),
142
  V(AuthDirBadDir,               LINELIST, NULL),
143
  V(AuthDirBadDirCCs,            CSV,      ""),
144
  V(AuthDirBadExit,              LINELIST, NULL),
145
  V(AuthDirBadExitCCs,           CSV,      ""),
146
  V(AuthDirInvalid,              LINELIST, NULL),
147
  V(AuthDirInvalidCCs,           CSV,      ""),
148
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
149
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
150
  V(AuthDirReject,               LINELIST, NULL),
151
  V(AuthDirRejectCCs,            CSV,      ""),
152
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
153
  V(AuthDirListBadDirs,          BOOL,     "0"),
154
  V(AuthDirListBadExits,         BOOL,     "0"),
155
156
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
157
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
158
159
160
161
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
162
163
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
164
165
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
166
  V(BridgePassword,              STRING,   NULL),
167
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
168
  V(BridgeRelay,                 BOOL,     "0"),
169
  V(CellStatistics,              BOOL,     "0"),
170
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
171
  V(CircuitBuildTimeout,         INTERVAL, "0"),
172
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
173
  V(CircuitStreamTimeout,        INTERVAL, "0"),
174
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
175
176
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
177
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
178
  V(ClientRejectInternalAddresses, BOOL,   "1"),
179
  V(ClientTransportPlugin,       LINELIST, NULL),
180
  V(ClientUseIPv6,               BOOL,     "0"),
181
  V(ConsensusParams,             STRING,   NULL),
182
  V(ConnLimit,                   UINT,     "1000"),
183
  V(ConnDirectionStatistics,     BOOL,     "0"),
184
185
186
187
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
188
  VPORT(ControlPort,                 LINELIST, NULL),
189
  V(ControlPortFileGroupReadable,BOOL,     "0"),
190
  V(ControlPortWriteToFile,      FILENAME, NULL),
191
  V(ControlSocket,               LINELIST, NULL),
192
  V(ControlSocketsGroupWritable, BOOL,     "0"),
193
194
195
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
196
  V(CountPrivateBandwidth,       BOOL,     "0"),
197
  V(DataDirectory,               FILENAME, NULL),
198
  OBSOLETE("DebugLogFile"),
199
  V(DisableNetwork,              BOOL,     "0"),
200
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
201
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
202
  V(DirListenAddress,            LINELIST, NULL),
203
  OBSOLETE("DirFetchPeriod"),
204
  V(DirPolicy,                   LINELIST, NULL),
205
  VPORT(DirPort,                     LINELIST, NULL),
206
  V(DirPortFrontPage,            FILENAME, NULL),
207
  OBSOLETE("DirPostPeriod"),
208
209
210
211
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
212
  V(DirReqStatistics,            BOOL,     "1"),
213
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
214
  V(DirAuthorityFallbackRate,    DOUBLE,   "1.0"),
215
  V(DisableAllSwap,              BOOL,     "0"),
216
  V(DisableDebuggerAttachment,   BOOL,     "1"),
217
  V(DisableIOCP,                 BOOL,     "1"),
218
  V(DisableV2DirectoryInfo_,     BOOL,     "0"),
219
  V(DynamicDHGroups,             BOOL,     "0"),
220
  VPORT(DNSPort,                     LINELIST, NULL),
221
222
223
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
224
  V(EntryNodes,                  ROUTERSET,   NULL),
225
  V(EntryStatistics,             BOOL,     "0"),
226
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
227
228
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
229
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
230
  V(ExitNodes,                   ROUTERSET, NULL),
231
232
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
233
  V(ExitPortStatistics,          BOOL,     "0"),
234
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
235
  VPORT(ExtORPort,               LINELIST, NULL),
236
  V(ExtraInfoStatistics,         BOOL,     "1"),
237
  V(FallbackDir,                 LINELIST, NULL),
238

239
  OBSOLETE("FallbackNetworkstatusFile"),
240
241
242
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
243
  V(FetchDirInfoEarly,           BOOL,     "0"),
244
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
245
246
247
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
248
  V(FetchV2Networkstatus,        BOOL,     "0"),
249
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
250
#ifdef _WIN32
251
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
252
  V(GeoIPv6File,                 FILENAME, "<default>"),
253
#else
254
255
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
256
257
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
258
#endif
259
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
260
  OBSOLETE("Group"),
261
  V(GuardLifetime,               INTERVAL, "0 minutes"),
262
  V(HardwareAccel,               BOOL,     "0"),
263
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
264
265
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
266
  V(HashedControlPassword,       LINELIST, NULL),
267
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
268
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
269
270
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
271
272
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
273
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
274
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
275
  V(HidServAuth,                 LINELIST, NULL),
276
  V(HSAuthoritativeDir,          BOOL,     "0"),
277
  OBSOLETE("HSAuthorityRecordStats"),
278
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
279
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
280
281
282
283
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
284
  V(IPv6Exit,                    BOOL,     "0"),
285
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
286
  V(ServerTransportListenAddr,   LINELIST, NULL),
287
  V(ServerTransportOptions,      LINELIST, NULL),
288
289
290
291
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
292
  OBSOLETE("IgnoreVersion"),
293
294
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
295
  V(LogMessageDomains,           BOOL,     "0"),
296
  OBSOLETE("LinkPadding"),
297
298
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
299
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
300
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
301
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
302
303
304
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
305
  V(MaxClientCircuitsPending,    UINT,     "32"),
306
  V(MaxMemInCellQueues,          MEMUNIT,  "8 GB"),
307
308
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
309
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
310
  OBSOLETE("MonthlyAccountingStart"),
311
312
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
313
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
314
  V(NATDListenAddress,           LINELIST, NULL),
315
  VPORT(NATDPort,                    LINELIST, NULL),
316
  V(Nickname,                    STRING,   NULL),
317
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
318
  OBSOLETE("NoPublish"),
319
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
320
  V(NumCPUs,                     UINT,     "0"),
321
  V(NumDirectoryGuards,          UINT,     "0"),
322
323
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
324
  VPORT(ORPort,                      LINELIST, NULL),
325
  V(OutboundBindAddress,         LINELIST,   NULL),
326

327
  OBSOLETE("PathBiasDisableRate"),
328
329
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
330
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
331
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
332
  V(PathBiasScaleThreshold,      INT,      "-1"),
333
334
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
335
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
336
337
338
339
340
341
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
342

343
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
344
  OBSOLETE("PathlenCoinWeight"),
345
346
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
347
  V(PidFile,                     STRING,   NULL),
348
  V(TestingTorNetwork,           BOOL,     "0"),
349
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
350
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
351
  V(OptimisticData,              AUTOBOOL, "auto"),
352
353
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
354
  V(PreferTunneledDirConns,      BOOL,     "1"),
355
  V(ProtocolWarnings,            BOOL,     "0"),
356
  V(PublishServerDescriptor,     CSV,      "1"),
357
358
359
360
361
362
363
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
364
  OBSOLETE("RedirectExit"),
365
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
366
  V(RejectPlaintextPorts,        CSV,      ""),
367
368
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
369
370
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
371
372
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
373
  OBSOLETE("RouterFile"),
374
  V(RunAsDaemon,                 BOOL,     "0"),
375
376
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
377
  V(Sandbox,                     BOOL,     "0"),
378
  V(SafeLogging,                 STRING,   "1"),
379
  V(SafeSocks,                   BOOL,     "0"),
380
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
381
382
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
383
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
384
385
386
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
387
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
388
389
390
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
391
  VPORT(SocksPort,                   LINELIST, NULL),
392
  V(SocksTimeout,                INTERVAL, "2 minutes"),
393
  V(SSLKeyLifetime,              INTERVAL, "0"),
394
  OBSOLETE("StatusFetchPeriod"),
395
  V(StrictNodes,                 BOOL,     "0"),
396
  OBSOLETE("SysLog"),
397
  V(TestSocks,                   BOOL,     "0"),
398
  OBSOLETE("TestVia"),
399
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
400
  V(Tor2webMode,                 BOOL,     "0"),
401
  V(TLSECGroup,                  STRING,   NULL),
402
403
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
404
  OBSOLETE("TrafficShaping"),
405
  V(TransListenAddress,          LINELIST, NULL),
406
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
407
  V(TunnelDirConns,              BOOL,     "1"),
408
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
409
  V(UseBridges,                  BOOL,     "0"),
410
  V(UseEntryGuards,              BOOL,     "1"),
411
  V(UseEntryGuardsAsDirGuards,   BOOL,     "1"),
412
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
413
  V(UseNTorHandshake,            AUTOBOOL, "1"),
414
  V(User,                        STRING,   NULL),
415
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
416
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
417
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
418
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
419
420
421
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
422
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
423
424
425
426
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
427
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
428
  V(V3BandwidthsFile,            FILENAME, NULL),
429
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
430
431
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
432
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
433
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
434
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
435
436
437
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
438
439
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
440
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
441
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
442
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
  V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 60, 60, 120, "
                                 "300, 900, 2147483647"),
  V(TestingClientDownloadSchedule, CSV_INTERVAL, "0, 0, 60, 300, 600, "
                                 "2147483647"),
  V(TestingServerConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 60, "
                                 "300, 600, 1800, 1800, 1800, 1800, "
                                 "1800, 3600, 7200"),
  V(TestingClientConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 60, "
                                 "300, 600, 1800, 3600, 3600, 3600, "
                                 "10800, 21600, 43200"),
  V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "3600, 900, 900, 3600"),
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
  V(TestingConsensusMaxDownloadTries, UINT, "8"),
  V(TestingDescriptorMaxDownloadTries, UINT, "8"),
  V(TestingMicrodescMaxDownloadTries, UINT, "8"),
  V(TestingCertMaxDownloadTries, UINT, "8"),
460
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
461

462
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
463
};
464

465
466
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
467
static const config_var_t testing_tor_network_defaults[] = {
468
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
469
470
471
472
473
474
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
475
  V(ClientRejectInternalAddresses, BOOL,   "0"),
476
  V(CountPrivateBandwidth,       BOOL,     "1"),
477
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
478
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
479
480
481
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
482
483
484
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
485
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
486
487
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
488
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
  V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 5, 10, 15, "
                                 "20, 30, 60"),
  V(TestingClientDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, 15, 20, "
                                 "30, 60"),
  V(TestingServerConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, "
                                 "15, 20, 30, 60"),
  V(TestingClientConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, "
                                 "15, 20, 30, 60"),
  V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "60, 30, 30, 60"),
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
  V(TestingConsensusMaxDownloadTries, UINT, "80"),
  V(TestingDescriptorMaxDownloadTries, UINT, "80"),
  V(TestingMicrodescMaxDownloadTries, UINT, "80"),
  V(TestingCertMaxDownloadTries, UINT, "80"),
504
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
505

506
507
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
508

509
#undef VAR
510
#undef V
511
512
#undef OBSOLETE

513
#ifdef _WIN32
514
515
static char *get_windows_conf_root(void);
#endif
516
517
518
519
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
520
                                      char **msg);
521
522
523
524
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
525
static int check_nickname_list(char **lst, const char *name, char **msg);
526

George Kadianakis's avatar
George Kadianakis committed
527
static int parse_client_transport_line(const char *line, int validate_only);
528
529

static int parse_server_transport_line(const char *line, int validate_only);
530
531
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
532
static int parse_dir_authority_line(const char *line,
533
                                 dirinfo_type_t required_type,
534
                                 int validate_only);
535
536
static int parse_dir_fallback_line(const char *line,
                                   int validate_only);
537
static void port_cfg_free(port_cfg_t *port);
538
static int parse_ports(or_options_t *options, int validate_only,
539
                              char **msg_out, int *n_ports_out);
540
541
542
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

543
static int validate_data_directory(or_options_t *options);
544
545
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
546
static int options_init_logs(or_options_t *options, int validate_only);
547

548
static void init_libevent(const or_options_t *options);
549
static int opt_streq(const char *s1, const char *s2);
550
551
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
Linus Nordberg's avatar
Linus Nordberg committed
552
553
static void config_maybe_load_geoip_files_(const or_options_t *options,
                                           const or_options_t *old_options);
554
555
556
static int options_validate_cb(void *old_options, void *options,
                               void *default_options,
                               int from_setconf, char **msg);
557

558
/** Magic value for or_options_t. */
559
560
#define OR_OPTIONS_MAGIC 9090909

561
/** Configuration format for or_options_t. */
562
STATIC config_format_t options_format = {
563
564
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
565
566
567
  STRUCT_OFFSET(or_options_t, magic_),
  option_abbrevs_,
  option_vars_,
568
  options_validate_cb,
569
  NULL
570
571
};

572
573
574
575
576
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
577
static or_options_t *global_options = NULL;
578
579
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
580
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
581
/** Name of most recently read torrc file. */
582
static char *torrc_fname = NULL;
583
/** Name of the most recently read torrc-defaults file.*/
584
static char *torrc_defaults_fname;
585
586
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
587
/** Contents of most recently read DirPortFrontPage file. */
588
static char *global_dirfrontpagecontents = NULL;
589
590
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
591
592
593
594
595
596
597

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
598

599
600
/** Return the currently configured options. */
or_options_t *
601
get_options_mutable(void)
602
{
603
604
605
  tor_assert(global_options);
  return global_options;
}
606

607
608
609
610
611
612
613
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

614
615
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
616
 * as necessary.  Returns 0 on success, -1 on failure.
617
 */
618
int
619
set_options(or_options_t *new_val, char **msg)
620
{
621
622
623
  int i;
  smartlist_t *elements;
  config_line_t *line;
624
  or_options_t *old_options = global_options;
625
  global_options = new_val;
626
627
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
628
629
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
630
631
632
    global_options = old_options;
    return -1;
  }
633
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
634
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
635
            "Acting on config options left us in a broken state. Dying.");
636
637
    exit(1);
  }
638
639
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
640
  if (old_options && old_options != global_options) {
641
    elements = smartlist_new();
642
    for (i=0; options_format.vars[i].name; ++i) {
643
644
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
645
646
647
648
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
649
650
651
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
652
653

        if (line) {
Nick Mathewson's avatar
Nick Mathewson committed
654
655
656
          config_line_t *next;
          for (; line; line = next) {
            next = line->next;
657
658
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
Nick Mathewson's avatar
Nick Mathewson committed
659
            tor_free(line);
660
661
          }
        } else {
662
          smartlist_add(elements, tor_strdup(options_format.vars[i].name));
663
          smartlist_add(elements, NULL);
664
665
666
        }
      }
    }
667
    control_event_conf_changed(elements);
668
    SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
669
670
    smartlist_free(elements);
  }
671
672
673

  if (old_options != global_options)
    config_free(&options_format, old_options);
674
675

  return 0;
676
677
}

678
extern const char tor_git_revision[]; /* from tor_main.c */
679

680
/** The version of this Tor process, as parsed. */
681
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
682
683
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
684
static char *the_short_tor_version = NULL;
685

686
/** Return the current Tor version. */
687
688
689
const char *
get_version(void)
{
690
  if (the_tor_version == NULL) {
691
    if (strlen(tor_git_revision)) {
692
693
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
694
    } else {
695
      the_tor_version = tor_strdup(get_short_version());
696
697
    }
  }
698
  return the_tor_version;
699
700
}

701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

716
717
/** Release additional memory allocated in options
 */
718
STATIC void
719
720
or_options_free(or_options_t *options)
{
721
722
723
  if (!options)
    return;

724
  routerset_free(options->ExcludeExitNodesUnion_);
725
726
727
728
729
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
730
  tor_free(options->BridgePassword_AuthDigest_);
731
  tor_free(options->command_arg);
732
733
734
  config_free(&options_format, options);
}

735
736
/** Release all memory and resources held by global configuration structures.
 */
737
738
739
void
config_free_all(void)
{