config.c 299 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
Nick Mathewson's avatar
Nick Mathewson committed
63
64
65
66
67
68
69
70
71
72
#include "or/or.h"
#include "or/bridges.h"
#include "common/compat.h"
#include "or/addressmap.h"
#include "or/channel.h"
#include "or/circuitbuild.h"
#include "or/circuitlist.h"
#include "or/circuitmux.h"
#include "or/circuitmux_ewma.h"
#include "or/circuitstats.h"
73
#include "lib/compress/compress.h"
Nick Mathewson's avatar
Nick Mathewson committed
74
75
76
77
78
79
80
81
#include "or/config.h"
#include "or/connection.h"
#include "or/connection_edge.h"
#include "or/connection_or.h"
#include "or/consdiffmgr.h"
#include "or/control.h"
#include "or/confparse.h"
#include "or/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
Nick Mathewson's avatar
Nick Mathewson committed
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#include "or/dirserv.h"
#include "or/dns.h"
#include "or/dos.h"
#include "or/entrynodes.h"
#include "or/git_revision.h"
#include "or/geoip.h"
#include "or/hibernate.h"
#include "or/main.h"
#include "or/networkstatus.h"
#include "or/nodelist.h"
#include "or/policies.h"
#include "or/relay.h"
#include "or/rendclient.h"
#include "or/rendservice.h"
#include "or/hs_config.h"
#include "or/rephist.h"
#include "or/router.h"
101
#include "lib/sandbox/sandbox.h"
Nick Mathewson's avatar
Nick Mathewson committed
102
103
104
105
106
107
108
109
#include "common/util.h"
#include "or/routerlist.h"
#include "or/routerset.h"
#include "or/scheduler.h"
#include "or/statefile.h"
#include "or/transports.h"
#include "or/ext_orport.h"
#include "or/voting_schedule.h"
110
#ifdef _WIN32
111
112
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
113

114
115
116
117
118
119
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"

120
#include "lib/encoding/keyval.h"
121
#include "lib/fs/conffile.h"
Nick Mathewson's avatar
Nick Mathewson committed
122
#include "common/procmon.h"
123

Nick Mathewson's avatar
Nick Mathewson committed
124
125
#include "or/dirauth/dirvote.h"
#include "or/dirauth/mode.h"
126

Nick Mathewson's avatar
Nick Mathewson committed
127
128
#include "or/connection_st.h"
#include "or/port_cfg_st.h"
129

130
131
132
133
134
135
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
136
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
137
#include <systemd/sd-daemon.h>
138
#endif /* defined(HAVE_SYSTEMD) */
139

140
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
141
static const char unix_socket_prefix[] = "unix:";
142
143
144
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
145

146
147
148
149
150
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

151
152
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
153
static config_abbrev_t option_abbrevs_[] = {
154
155
156
157
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
158
  PLURAL(EntryNode),
159
  PLURAL(ExcludeNode),
160
  PLURAL(Tor2webRendezvousPoint),
161
  PLURAL(FirewallPort),
162
  PLURAL(LongLivedPort),
163
164
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
165
  PLURAL(NumCPU),
166
  PLURAL(RendNode),
167
  PLURAL(RecommendedPackage),
168
  PLURAL(RendExcludeNode),
169
170
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
171
  PLURAL(StrictNode),
172
  { "l", "Log", 1, 0},
173
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
174
175
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
176
177
178
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
179
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
180
  { "MaxConn", "ConnLimit", 0, 1},
181
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
182
183
184
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
185
186
187
188
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
189
190
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
191
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
192
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
193
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
194
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
195
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
196
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
197
198
199
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

200
201
202
203
204
205
206
207
208
209
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

210
211
  { NULL, NULL, 0, 0},
};
212

213
214
215
216
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
217
218
219
220
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
221
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
222
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
223
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
224
225
226
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
227
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
228
229
230
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
231
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
232
#endif
233

234
235
236
237
238
239
240
241
242
243
244
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
245

Nick Mathewson's avatar
Nick Mathewson committed
246
247
248
249
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
250
static config_var_t option_vars_[] = {
251
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
252
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
253
254
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
255
  OBSOLETE("AllowDotExit"),
256
  OBSOLETE("AllowInvalidNodes"),
257
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
258
  OBSOLETE("AllowSingleHopCircuits"),
259
  OBSOLETE("AllowSingleHopExits"),
260
261
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
262
  OBSOLETE("AlternateHSAuthority"),
263
  V(AssumeReachable,             BOOL,     "0"),
264
265
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
266
  V(AuthDirBadExit,              LINELIST, NULL),
267
  V(AuthDirBadExitCCs,           CSV,      ""),
268
  V(AuthDirInvalid,              LINELIST, NULL),
269
  V(AuthDirInvalidCCs,           CSV,      ""),
270
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
271
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
272
  V(AuthDirPinKeys,              BOOL,     "1"),
273
  V(AuthDirReject,               LINELIST, NULL),
274
  V(AuthDirRejectCCs,            CSV,      ""),
275
  OBSOLETE("AuthDirRejectUnlisted"),
276
  OBSOLETE("AuthDirListBadDirs"),
277
  V(AuthDirListBadExits,         BOOL,     "0"),
278
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
279
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
280
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
281
282
283
284
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
285
286
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
287
288
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
289
  V(BridgePassword,              STRING,   NULL),
290
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
291
  V(BridgeRelay,                 BOOL,     "0"),
292
  V(BridgeDistribution,          STRING,   NULL),
293
294
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
295
  V(CellStatistics,              BOOL,     "0"),
296
  V(PaddingStatistics,           BOOL,     "1"),
297
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
298
  V(CircuitBuildTimeout,         INTERVAL, "0"),
299
300
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
301
  V(CircuitStreamTimeout,        INTERVAL, "0"),
302
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
303
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
304
  V(ClientOnly,                  BOOL,     "0"),
305
306
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
307
  V(ClientRejectInternalAddresses, BOOL,   "1"),
308
  V(ClientTransportPlugin,       LINELIST, NULL),
309
  V(ClientUseIPv6,               BOOL,     "0"),
310
  V(ClientUseIPv4,               BOOL,     "1"),
311
  V(ConsensusParams,             STRING,   NULL),
312
  V(ConnLimit,                   UINT,     "1000"),
313
  V(ConnDirectionStatistics,     BOOL,     "0"),
314
315
316
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
317
  OBSOLETE("ControlListenAddress"),
318
  VPORT(ControlPort),
319
  V(ControlPortFileGroupReadable,BOOL,     "0"),
320
  V(ControlPortWriteToFile,      FILENAME, NULL),
321
  V(ControlSocket,               LINELIST, NULL),
322
  V(ControlSocketsGroupWritable, BOOL,     "0"),
323
  V(UnixSocksGroupWritable,    BOOL,     "0"),
324
325
326
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
327
  V(CountPrivateBandwidth,       BOOL,     "0"),
328
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
329
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
330
  V(DisableOOSCheck,             BOOL,     "1"),
331
  V(DisableNetwork,              BOOL,     "0"),
332
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
333
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
334
  OBSOLETE("DirListenAddress"),
335
  V(DirPolicy,                   LINELIST, NULL),
336
  VPORT(DirPort),
337
  V(DirPortFrontPage,            FILENAME, NULL),
338
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
339
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
340
  V(DirCache,                    BOOL,     "1"),
341
342
343
344
345
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
346
347
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
348
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
349
  V(DisableAllSwap,              BOOL,     "0"),
350
  V(DisableDebuggerAttachment,   BOOL,     "1"),
351
  OBSOLETE("DisableIOCP"),
352
  OBSOLETE("DisableV2DirectoryInfo_"),
353
  OBSOLETE("DynamicDHGroups"),
354
  VPORT(DNSPort),
355
  OBSOLETE("DNSListenAddress"),
356
357
358
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
359
  V(DoSCircuitCreationRate,      UINT,     "0"),
360
361
362
363
364
365
366
367
368
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
369
  V(DownloadExtraInfo,           BOOL,     "0"),
370
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
371
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
372
  OBSOLETE("TestingEnableTbEmptyEvent"),
373
  V(EnforceDistinctSubnets,      BOOL,     "1"),
374
  V(EntryNodes,                  ROUTERSET,   NULL),
375
  V(EntryStatistics,             BOOL,     "0"),
376
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
377
378
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
379
  OBSOLETE("ExcludeSingleHopRelays"),
380
  V(ExitNodes,                   ROUTERSET, NULL),
381
382
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
383
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
384
  V(ExitPortStatistics,          BOOL,     "0"),
385
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
386
  V(ExitRelay,                   AUTOBOOL, "auto"),
387
  VPORT(ExtORPort),
388
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
389
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
390
  V(ExtraInfoStatistics,         BOOL,     "1"),
391
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
392
  V(FallbackDir,                 LINELIST, NULL),
393

394
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
395

396
  OBSOLETE("FallbackNetworkstatusFile"),
397
398
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
399
  OBSOLETE("FastFirstHopPK"),
400
  V(FetchDirInfoEarly,           BOOL,     "0"),
401
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
402
403
404
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
405
  OBSOLETE("FetchV2Networkstatus"),
406
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
407
#ifdef _WIN32
408
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
409
  V(GeoIPv6File,                 FILENAME, "<default>"),
410
#else
411
412
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
413
414
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
415
#endif /* defined(_WIN32) */
416
  OBSOLETE("Group"),
417
  V(GuardLifetime,               INTERVAL, "0 minutes"),
418
  V(HardwareAccel,               BOOL,     "0"),
419
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
420
  V(MainloopStats,               BOOL,     "0"),
421
422
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
423
  V(HashedControlPassword,       LINELIST, NULL),
424
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
425
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
426
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
427
428
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
429
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
430
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
431
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
432
433
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
434
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
435
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
436
  V(HidServAuth,                 LINELIST, NULL),
437
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
438
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
439
440
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
441
442
443
444
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
445
  VPORT(HTTPTunnelPort),
446
  V(IPv6Exit,                    BOOL,     "0"),
447
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
448
  V(ServerTransportListenAddr,   LINELIST, NULL),
449
  V(ServerTransportOptions,      LINELIST, NULL),
450
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
451
452
453
454
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
455
456
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
457
458
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
459
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
460
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
461
  VAR("Log",                     LINELIST, Logs,             NULL),
462
  V(LogMessageDomains,           BOOL,     "0"),
463
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
464
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
465
  V(SyslogIdentityTag,           STRING,   NULL),
466
  V(AndroidIdentityTag,          STRING,   NULL),
467
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
468
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
469
470
471
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
472
  V(MaxClientCircuitsPending,    UINT,     "32"),
473
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
474
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
475
476
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
477
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
478
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
479
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
480
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
481
  OBSOLETE("NamingAuthoritativeDirectory"),
482
  OBSOLETE("NATDListenAddress"),
483
  VPORT(NATDPort),
484
  V(Nickname,                    STRING,   NULL),
485
  OBSOLETE("PredictedPortsRelevanceTime"),
486
  OBSOLETE("WarnUnsafeSocks"),
487
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
488
  V(NoExec,                      BOOL,     "0"),
489
  V(NumCPUs,                     UINT,     "0"),
490
  V(NumDirectoryGuards,          UINT,     "0"),
491
  V(NumEntryGuards,              UINT,     "0"),
492
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
493
  V(OfflineMasterKey,            BOOL,     "0"),
494
  OBSOLETE("ORListenAddress"),
495
  VPORT(ORPort),
496
  V(OutboundBindAddress,         LINELIST,   NULL),
497
498
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
499

500
  OBSOLETE("PathBiasDisableRate"),
501
502
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
503
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
504
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
505
  V(PathBiasScaleThreshold,      INT,      "-1"),
506
507
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
508
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
509
510
511
512
513
514
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
515

516
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
517
518
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
519
  V(PidFile,                     STRING,   NULL),
520
  V(TestingTorNetwork,           BOOL,     "0"),
521
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
522
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
523

524
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
525
526
527
528
529
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

530
  V(OptimisticData,              AUTOBOOL, "auto"),
531
532
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
533
  OBSOLETE("PreferTunneledDirConns"),
534
  V(ProtocolWarnings,            BOOL,     "0"),
535
  V(PublishServerDescriptor,     CSV,      "1"),
536
537
538
539
540
541
542
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
543
  V(RecommendedPackages,         LINELIST, NULL),
544
545
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
546
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
547
  V(RejectPlaintextPorts,        CSV,      ""),
548
549
550
551
552
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
553
  V(ReducedExitPolicy,           BOOL,     "0"),
554
  OBSOLETE("RunTesting"), // currently unused
555
  V(Sandbox,                     BOOL,     "0"),
556
  V(SafeLogging,                 STRING,   "1"),
557
  V(SafeSocks,                   BOOL,     "0"),
558
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
559
560
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
561
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
562
563
564
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
565
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
566
567
568
569
570
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
571
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
572
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
573
  OBSOLETE("SocksListenAddress"),
574
  V(SocksPolicy,                 LINELIST, NULL),
575
  VPORT(SocksPort),
576
  V(SocksTimeout,                INTERVAL, "2 minutes"),
577
  V(SSLKeyLifetime,              INTERVAL, "0"),
578
579
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
580
  V(StrictNodes,                 BOOL,     "0"),
581
  OBSOLETE("Support022HiddenServices"),
582
  V(TestSocks,                   BOOL,     "0"),
583
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
584
  V(Tor2webMode,                 BOOL,     "0"),
585
  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
586
  OBSOLETE("TLSECGroup"),
587
588
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
589
  OBSOLETE("TransListenAddress"),
590
  VPORT(TransPort),
591
  V(TransProxyType,              STRING,   "default"),
592
  OBSOLETE("TunnelDirConns"),
593
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
594
  V(UseBridges,                  BOOL,     "0"),
595
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
596
  OBSOLETE("UseEntryGuardsAsDirGuards"),
597
  V(UseGuardFraction,            AUTOBOOL, "auto"),
598
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
599
  OBSOLETE("UseNTorHandshake"),
600
  V(User,                        STRING,   NULL),
601
  OBSOLETE("UserspaceIOCPBuffers"),
602
  V(AuthDirSharedRandomness,     BOOL,     "1"),
603
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
604
  OBSOLETE("V1AuthoritativeDirectory"),
605
  OBSOLETE("V2AuthoritativeDirectory"),
606
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
607
608
609
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
610
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
611
612
613
614
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
615
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
616
  V(V3BandwidthsFile,            FILENAME, NULL),
617
  V(GuardfractionFile,           FILENAME, NULL),
618
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
619
  OBSOLETE("VoteOnHidServDirectoriesV2"),
620
621
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
622
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
623
624
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
625
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
626
627
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
628
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
629
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
630
631
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
632
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
633
  VAR("__OwningControllerFD",INT,OwningControllerFD, "-1"),
634
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
635
636
637
638
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
639
  /* With the ClientBootstrapConsensus*Download* below:
640
   * Clients with only authorities will try:
641
642
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
643
   * Clients with authorities and fallbacks will try:
644
645
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
646
   * Clients will also retry when an application request arrives.
647
   * After a number of failed requests, clients retry every 3 days + 1 hour.
648
649
650
651
652
653
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
654
655
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
656
  /* When clients only have authorities available, they use this schedule: */
657
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
658
    "0"),
659
660
661
662
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
663
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
664
665
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
666
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
667
668
669
670
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
671
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
672
673
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
674
675
676
677
678
679
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
680
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
681
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
682
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
683
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
684
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
685
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
686
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
687

688
  END_OF_CONFIG_VARS
689
};
690

691
692
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
693
static const config_var_t testing_tor_network_defaults[] = {
694
695
696
697
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
698
699
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
700
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
701
    "0"),
702
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
703
  V(ClientRejectInternalAddresses, BOOL,   "0"),
704
  V(CountPrivateBandwidth,       BOOL,     "1"),
705
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
706
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
707
708
709
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
710
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
711
712
713
714
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
715
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
716
717
718
719
720
721
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
722
723
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
724
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
725
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
726
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
727
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
728

729
  END_OF_CONFIG_VARS
730
};
731

732
#undef VAR
733
#undef V
734
735
#undef OBSOLETE

736
static const config_deprecation_t option_deprecation_notes_[] = {
737
  /* Deprecated since 0.3.2.0-alpha. */
738
739
740
741
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
742
743
744
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
745
746
747
748
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
749
  /* End of options deprecated since 0.3.2.2-alpha. */
750

751
752
753
  { NULL, NULL }
};

754
#ifdef _WIN32
755
756
static char *get_windows_conf_root(void);
#endif
757
758
759
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
760
                                      char **msg);
761
762
763
764
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
765
766
static int options_transition_affects_dirauth_timing(
      const or_options_t *old_options, const or_options_t *new_options);
767
768
769
static int normalize_nickname_list(config_line_t **normalized_out,
                                   const config_line_t *lst, const char *name,
                                   char **msg);
770
771
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
772
static int parse_ports(or_options_t *options, int validate_only,
773
774
                              char **msg_out, int *n_ports_out,
                              int *world_writable_control_socket);
775
static int check_server_ports(const smartlist_t *ports,
776
777
                              const or_options_t *options,
                              int *num_low_ports_out);
778
static int validate_data_directories(or_options_t *options);
779
780
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
Arlo Breault's avatar
Arlo Breault committed
781
782
static int options_init_logs(const or_options_t *old_options,
                             or_options_t *options, int validate_only);
783

784
static void init_libevent(const or_options_t *options);
785
static int opt_streq(const char *s1, const