config.c 300 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
63
64
65
66
67
68
69
70
71
#include "core/or/or.h"
#include "feature/client/bridges.h"
#include "feature/client/addressmap.h"
#include "core/or/channel.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuitmux.h"
#include "core/or/circuitmux_ewma.h"
#include "core/or/circuitstats.h"
72
#include "lib/compress/compress.h"
73
#include "app/config/config.h"
74
#include "lib/encoding/confline.h"
75
76
77
78
79
80
81
#include "core/mainloop/connection.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
#include "feature/dircache/consdiffmgr.h"
#include "feature/control/control.h"
#include "app/config/confparse.h"
#include "core/mainloop/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
84
#include "lib/crypt_ops/crypto_init.h"
85
86
87
88
89
#ifdef ENABLE_NSS
#include "lib/crypt_ops/crypto_nss_mgt.h"
#else
#include "lib/crypt_ops/crypto_openssl_mgt.h"
#endif
90
91
92
93
#include "feature/dircache/dirserv.h"
#include "feature/relay/dns.h"
#include "core/or/dos.h"
#include "feature/client/entrynodes.h"
94
#include "lib/log/git_revision.h"
95
96
97
98
99
100
101
102
103
104
105
106
#include "feature/stats/geoip.h"
#include "feature/hibernate/hibernate.h"
#include "core/mainloop/main.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "core/or/policies.h"
#include "core/or/relay.h"
#include "feature/rend/rendclient.h"
#include "feature/rend/rendservice.h"
#include "feature/hs/hs_config.h"
#include "feature/stats/rephist.h"
#include "feature/relay/router.h"
107
#include "lib/sandbox/sandbox.h"
108
109
110
111
112
113
114
#include "feature/nodelist/routerlist.h"
#include "feature/nodelist/routerset.h"
#include "core/or/scheduler.h"
#include "app/config/statefile.h"
#include "feature/client/transports.h"
#include "feature/relay/ext_orport.h"
#include "feature/dircommon/voting_schedule.h"
115
#include "lib/net/resolve.h"
116
#ifdef _WIN32
117
118
#include <shlobj.h>
#endif
119
120
121
122
123
124
125
126
127
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
128

129
#include "lib/meminfo/meminfo.h"
130
#include "lib/osinfo/uname.h"
131
132
133
134
135
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
136
#include "lib/net/gethostname.h"
137
#include "lib/thread/numcpus.h"
138

139
#include "lib/encoding/keyval.h"
140
#include "lib/fs/conffile.h"
141
#include "lib/evloop/procmon.h"
142

143
144
#include "feature/dirauth/dirvote.h"
#include "feature/dirauth/mode.h"
145

146
147
#include "core/or/connection_st.h"
#include "core/or/port_cfg_st.h"
148

149
150
151
152
153
154
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
155
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
156
#include <systemd/sd-daemon.h>
157
#endif /* defined(HAVE_SYSTEMD) */
158

159
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
160
static const char unix_socket_prefix[] = "unix:";
161
162
163
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
164

165
166
167
168
/* limits for TCP send and recv buffer size used for constrained sockets */
#define MIN_CONSTRAINED_TCP_BUFFER 2048
#define MAX_CONSTRAINED_TCP_BUFFER 262144  /* 256k */

169
170
171
172
173
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

174
175
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
176
static config_abbrev_t option_abbrevs_[] = {
177
178
179
180
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
181
  PLURAL(EntryNode),
182
  PLURAL(ExcludeNode),
183
  PLURAL(Tor2webRendezvousPoint),
184
  PLURAL(FirewallPort),
185
  PLURAL(LongLivedPort),
186
187
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
188
  PLURAL(NumCPU),
189
  PLURAL(RendNode),
190
  PLURAL(RecommendedPackage),
191
  PLURAL(RendExcludeNode),
192
193
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
194
  PLURAL(StrictNode),
195
  { "l", "Log", 1, 0},
196
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
197
198
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
199
200
201
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
202
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
203
  { "MaxConn", "ConnLimit", 0, 1},
204
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
205
206
207
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
208
209
210
211
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
212
213
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
214
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
215
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
216
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
217
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
218
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
219
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
220
221
222
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

223
224
225
226
227
228
229
230
231
232
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

233
234
  { NULL, NULL, 0, 0},
};
235

236
237
238
239
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
240
241
242
243
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
244
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
245
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
246
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
247
248
249
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
250
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
251
252
253
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
254
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
255
#endif
256

257
258
259
260
261
262
263
264
265
266
267
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
268

Nick Mathewson's avatar
Nick Mathewson committed
269
270
271
272
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
273
static config_var_t option_vars_[] = {
274
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
275
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
276
277
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
278
  OBSOLETE("AllowDotExit"),
279
  OBSOLETE("AllowInvalidNodes"),
280
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
281
  OBSOLETE("AllowSingleHopCircuits"),
282
  OBSOLETE("AllowSingleHopExits"),
283
284
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
285
  OBSOLETE("AlternateHSAuthority"),
286
  V(AssumeReachable,             BOOL,     "0"),
287
288
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
289
  V(AuthDirBadExit,              LINELIST, NULL),
290
  V(AuthDirBadExitCCs,           CSV,      ""),
291
  V(AuthDirInvalid,              LINELIST, NULL),
292
  V(AuthDirInvalidCCs,           CSV,      ""),
293
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
294
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
295
  V(AuthDirPinKeys,              BOOL,     "1"),
296
  V(AuthDirReject,               LINELIST, NULL),
297
  V(AuthDirRejectCCs,            CSV,      ""),
298
  OBSOLETE("AuthDirRejectUnlisted"),
299
  OBSOLETE("AuthDirListBadDirs"),
300
  V(AuthDirListBadExits,         BOOL,     "0"),
301
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
302
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
303
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
304
305
306
307
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
308
309
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
310
311
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
312
  V(BridgePassword,              STRING,   NULL),
313
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
314
  V(BridgeRelay,                 BOOL,     "0"),
315
  V(BridgeDistribution,          STRING,   NULL),
316
317
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
318
  V(CellStatistics,              BOOL,     "0"),
319
  V(PaddingStatistics,           BOOL,     "1"),
320
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
321
  V(CircuitBuildTimeout,         INTERVAL, "0"),
322
323
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
324
  V(CircuitStreamTimeout,        INTERVAL, "0"),
325
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
326
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
327
  V(ClientOnly,                  BOOL,     "0"),
328
329
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
330
  V(ClientRejectInternalAddresses, BOOL,   "1"),
331
  V(ClientTransportPlugin,       LINELIST, NULL),
332
  V(ClientUseIPv6,               BOOL,     "0"),
333
  V(ClientUseIPv4,               BOOL,     "1"),
334
  V(ConsensusParams,             STRING,   NULL),
335
  V(ConnLimit,                   UINT,     "1000"),
336
  V(ConnDirectionStatistics,     BOOL,     "0"),
337
338
339
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
340
  OBSOLETE("ControlListenAddress"),
341
  VPORT(ControlPort),
342
  V(ControlPortFileGroupReadable,BOOL,     "0"),
343
  V(ControlPortWriteToFile,      FILENAME, NULL),
344
  V(ControlSocket,               LINELIST, NULL),
345
  V(ControlSocketsGroupWritable, BOOL,     "0"),
346
  V(UnixSocksGroupWritable,    BOOL,     "0"),
347
348
349
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
350
  V(CountPrivateBandwidth,       BOOL,     "0"),
351
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
352
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
353
  V(DisableOOSCheck,             BOOL,     "1"),
354
  V(DisableNetwork,              BOOL,     "0"),
355
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
356
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
357
  OBSOLETE("DirListenAddress"),
358
  V(DirPolicy,                   LINELIST, NULL),
359
  VPORT(DirPort),
360
  V(DirPortFrontPage,            FILENAME, NULL),
361
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
362
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
363
  V(DirCache,                    BOOL,     "1"),
364
365
366
367
368
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
369
370
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
371
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
372
  V(DisableAllSwap,              BOOL,     "0"),
373
  V(DisableDebuggerAttachment,   BOOL,     "1"),
374
  OBSOLETE("DisableIOCP"),
375
  OBSOLETE("DisableV2DirectoryInfo_"),
376
  OBSOLETE("DynamicDHGroups"),
377
  VPORT(DNSPort),
378
  OBSOLETE("DNSListenAddress"),
379
380
381
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
382
  V(DoSCircuitCreationRate,      UINT,     "0"),
383
384
385
386
387
388
389
390
391
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
392
  V(DownloadExtraInfo,           BOOL,     "0"),
393
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
394
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
395
  OBSOLETE("TestingEnableTbEmptyEvent"),
396
  V(EnforceDistinctSubnets,      BOOL,     "1"),
397
  V(EntryNodes,                  ROUTERSET,   NULL),
398
  V(EntryStatistics,             BOOL,     "0"),
399
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
400
401
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
402
  OBSOLETE("ExcludeSingleHopRelays"),
403
  V(ExitNodes,                   ROUTERSET, NULL),
404
405
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
406
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
407
  V(ExitPortStatistics,          BOOL,     "0"),
408
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
409
  V(ExitRelay,                   AUTOBOOL, "auto"),
410
  VPORT(ExtORPort),
411
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
412
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
413
  V(ExtraInfoStatistics,         BOOL,     "1"),
414
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
415
  V(FallbackDir,                 LINELIST, NULL),
416

417
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
418

419
  OBSOLETE("FallbackNetworkstatusFile"),
420
421
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
422
  OBSOLETE("FastFirstHopPK"),
423
  V(FetchDirInfoEarly,           BOOL,     "0"),
424
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
425
426
427
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
428
  OBSOLETE("FetchV2Networkstatus"),
429
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
430
#ifdef _WIN32
431
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
432
  V(GeoIPv6File,                 FILENAME, "<default>"),
433
#else
434
435
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
436
437
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
438
#endif /* defined(_WIN32) */
439
  OBSOLETE("Group"),
440
  V(GuardLifetime,               INTERVAL, "0 minutes"),
441
  V(HardwareAccel,               BOOL,     "0"),
442
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
443
  V(MainloopStats,               BOOL,     "0"),
444
445
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
446
  V(HashedControlPassword,       LINELIST, NULL),
447
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
448
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
449
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
450
451
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
452
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
453
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
454
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
455
456
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
457
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
458
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
459
  V(HidServAuth,                 LINELIST, NULL),
460
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
461
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
462
463
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
464
465
466
467
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
468
  VPORT(HTTPTunnelPort),
469
  V(IPv6Exit,                    BOOL,     "0"),
470
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
471
  V(ServerTransportListenAddr,   LINELIST, NULL),
472
  V(ServerTransportOptions,      LINELIST, NULL),
473
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
474
475
476
477
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
478
479
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
480
481
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
482
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
483
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
484
  VAR("Log",                     LINELIST, Logs,             NULL),
485
  V(LogMessageDomains,           BOOL,     "0"),
486
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
487
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
488
  V(SyslogIdentityTag,           STRING,   NULL),
489
  V(AndroidIdentityTag,          STRING,   NULL),
490
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
491
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
492
493
494
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
495
  V(MaxClientCircuitsPending,    UINT,     "32"),
496
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
497
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
498
499
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
500
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
501
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
502
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
503
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
504
  OBSOLETE("NamingAuthoritativeDirectory"),
505
  OBSOLETE("NATDListenAddress"),
506
  VPORT(NATDPort),
507
  V(Nickname,                    STRING,   NULL),
508
  OBSOLETE("PredictedPortsRelevanceTime"),
509
  OBSOLETE("WarnUnsafeSocks"),
510
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
511
  V(NoExec,                      BOOL,     "0"),
512
  V(NumCPUs,                     UINT,     "0"),
513
  V(NumDirectoryGuards,          UINT,     "0"),
514
  V(NumEntryGuards,              UINT,     "0"),
515
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
516
  V(OfflineMasterKey,            BOOL,     "0"),
517
  OBSOLETE("ORListenAddress"),
518
  VPORT(ORPort),
519
  V(OutboundBindAddress,         LINELIST,   NULL),
520
521
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
522

523
  OBSOLETE("PathBiasDisableRate"),
524
525
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
526
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
527
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
528
  V(PathBiasScaleThreshold,      INT,      "-1"),
529
530
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
531
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
532
533
534
535
536
537
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
538

539
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
540
541
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
542
  V(PidFile,                     STRING,   NULL),
543
  V(TestingTorNetwork,           BOOL,     "0"),
544
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
545
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
546

547
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
548
549
550
551
552
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

553
  V(OptimisticData,              AUTOBOOL, "auto"),
554
555
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
556
  OBSOLETE("PreferTunneledDirConns"),
557
  V(ProtocolWarnings,            BOOL,     "0"),
558
  V(PublishServerDescriptor,     CSV,      "1"),
559
560
561
562
563
564
565
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
566
  V(RecommendedPackages,         LINELIST, NULL),
567
568
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
569
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
570
  V(RejectPlaintextPorts,        CSV,      ""),
571
572
573
574
575
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
576
  V(ReducedExitPolicy,           BOOL,     "0"),
577
  OBSOLETE("RunTesting"), // currently unused
578
  V(Sandbox,                     BOOL,     "0"),
579
  V(SafeLogging,                 STRING,   "1"),
580
  V(SafeSocks,                   BOOL,     "0"),
581
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
582
583
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
584
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
585
586
587
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
588
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
589
590
591
592
593
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
594
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
595
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
596
  OBSOLETE("SocksListenAddress"),
597
  V(SocksPolicy,                 LINELIST, NULL),
598
  VPORT(SocksPort),
599
  V(SocksTimeout,                INTERVAL, "2 minutes"),
600
  V(SSLKeyLifetime,              INTERVAL, "0"),
601
602
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
603
  V(StrictNodes,                 BOOL,     "0"),
604
  OBSOLETE("Support022HiddenServices"),
605
  V(TestSocks,                   BOOL,     "0"),
606
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
607
  V(Tor2webMode,                 BOOL,     "0"),
608
  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
609
  OBSOLETE("TLSECGroup"),
610
611
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
612
  OBSOLETE("TransListenAddress"),
613
  VPORT(TransPort),
614
  V(TransProxyType,              STRING,   "default"),
615
  OBSOLETE("TunnelDirConns"),
616
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
617
  V(UseBridges,                  BOOL,     "0"),
618
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
619
  OBSOLETE("UseEntryGuardsAsDirGuards"),
620
  V(UseGuardFraction,            AUTOBOOL, "auto"),
621
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
622
  OBSOLETE("UseNTorHandshake"),
623
  V(User,                        STRING,   NULL),
624
  OBSOLETE("UserspaceIOCPBuffers"),
625
  V(AuthDirSharedRandomness,     BOOL,     "1"),
626
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
627
  OBSOLETE("V1AuthoritativeDirectory"),
628
  OBSOLETE("V2AuthoritativeDirectory"),
629
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
630
631
632
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
633
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
634
635
636
637
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
638
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
639
  V(V3BandwidthsFile,            FILENAME, NULL),
640
  V(GuardfractionFile,           FILENAME, NULL),
641
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
642
  OBSOLETE("VoteOnHidServDirectoriesV2"),
643
644
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
645
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
646
647
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
648
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
649
650
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
651
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
652
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
653
654
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
655
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
656
  VAR("__OwningControllerFD",INT,OwningControllerFD, "-1"),
657
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
658
659
660
661
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
662
  /* With the ClientBootstrapConsensus*Download* below:
663
   * Clients with only authorities will try:
664
665
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
666
   * Clients with authorities and fallbacks will try:
667
668
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
669
   * Clients will also retry when an application request arrives.
670
   * After a number of failed requests, clients retry every 3 days + 1 hour.
671
672
673
674
675
676
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
677
678
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
679
  /* When clients only have authorities available, they use this schedule: */
680
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
681
    "0"),
682
683
684
685
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
686
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
687
688
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
689
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
690
691
692
693
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
694
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
695
696
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
697
698
699
700
701
702
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
703
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
704
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
705
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
706
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
707
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
708
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
709
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
710

711
  END_OF_CONFIG_VARS
712
};
713

714
715
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
716
static const config_var_t testing_tor_network_defaults[] = {
717
718
719
720
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
721
722
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
723
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
724
    "0"),
725
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
726
  V(ClientRejectInternalAddresses, BOOL,   "0"),
727
  V(CountPrivateBandwidth,       BOOL,     "1"),
728
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
729
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
730
731
732
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
733
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
734
735
736
737
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
738
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
739
740
741
742
743
744
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
745
746
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
747
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
748
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
749
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
750
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
751

752
  END_OF_CONFIG_VARS
753
};
754

755
#undef VAR
756
#undef V
757
758
#undef OBSOLETE

759
static const config_deprecation_t option_deprecation_notes_[] = {
760
  /* Deprecated since 0.3.2.0-alpha. */
761
762
763
764
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
765
766
767
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
768
769
770
771
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
772
  /* End of options deprecated since 0.3.2.2-alpha. */
773

774
775
776
  { NULL, NULL }
};

777
#ifdef _WIN32
778
779
static char *get_windows_conf_root(void);
#endif
780
781
782
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,