config.c 299 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
Nick Mathewson's avatar
Nick Mathewson committed
63
64
65
66
67
68
69
70
71
72
#include "or/or.h"
#include "or/bridges.h"
#include "common/compat.h"
#include "or/addressmap.h"
#include "or/channel.h"
#include "or/circuitbuild.h"
#include "or/circuitlist.h"
#include "or/circuitmux.h"
#include "or/circuitmux_ewma.h"
#include "or/circuitstats.h"
73
#include "lib/compress/compress.h"
Nick Mathewson's avatar
Nick Mathewson committed
74
75
76
77
78
79
80
81
#include "or/config.h"
#include "or/connection.h"
#include "or/connection_edge.h"
#include "or/connection_or.h"
#include "or/consdiffmgr.h"
#include "or/control.h"
#include "or/confparse.h"
#include "or/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
Nick Mathewson's avatar
Nick Mathewson committed
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#include "or/dirserv.h"
#include "or/dns.h"
#include "or/dos.h"
#include "or/entrynodes.h"
#include "or/git_revision.h"
#include "or/geoip.h"
#include "or/hibernate.h"
#include "or/main.h"
#include "or/networkstatus.h"
#include "or/nodelist.h"
#include "or/policies.h"
#include "or/relay.h"
#include "or/rendclient.h"
#include "or/rendservice.h"
#include "or/hs_config.h"
#include "or/rephist.h"
#include "or/router.h"
101
#include "lib/sandbox/sandbox.h"
Nick Mathewson's avatar
Nick Mathewson committed
102
103
104
105
106
107
108
109
#include "common/util.h"
#include "or/routerlist.h"
#include "or/routerset.h"
#include "or/scheduler.h"
#include "or/statefile.h"
#include "or/transports.h"
#include "or/ext_orport.h"
#include "or/voting_schedule.h"
110
#ifdef _WIN32
111
112
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
113

114
115
116
117
118
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
119
#include "lib/net/gethostname.h"
120
#include "lib/thread/numcpus.h"
121

122
#include "lib/encoding/keyval.h"
123
#include "lib/fs/conffile.h"
Nick Mathewson's avatar
Nick Mathewson committed
124
#include "common/procmon.h"
125

Nick Mathewson's avatar
Nick Mathewson committed
126
127
#include "or/dirauth/dirvote.h"
#include "or/dirauth/mode.h"
128

Nick Mathewson's avatar
Nick Mathewson committed
129
130
#include "or/connection_st.h"
#include "or/port_cfg_st.h"
131

132
133
134
135
136
137
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
138
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
139
#include <systemd/sd-daemon.h>
140
#endif /* defined(HAVE_SYSTEMD) */
141

142
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
143
static const char unix_socket_prefix[] = "unix:";
144
145
146
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
147

148
149
150
151
152
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

153
154
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
155
static config_abbrev_t option_abbrevs_[] = {
156
157
158
159
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
160
  PLURAL(EntryNode),
161
  PLURAL(ExcludeNode),
162
  PLURAL(Tor2webRendezvousPoint),
163
  PLURAL(FirewallPort),
164
  PLURAL(LongLivedPort),
165
166
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
167
  PLURAL(NumCPU),
168
  PLURAL(RendNode),
169
  PLURAL(RecommendedPackage),
170
  PLURAL(RendExcludeNode),
171
172
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
173
  PLURAL(StrictNode),
174
  { "l", "Log", 1, 0},
175
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
176
177
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
178
179
180
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
181
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
182
  { "MaxConn", "ConnLimit", 0, 1},
183
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
184
185
186
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
187
188
189
190
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
191
192
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
193
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
194
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
195
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
196
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
197
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
198
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
199
200
201
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

202
203
204
205
206
207
208
209
210
211
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

212
213
  { NULL, NULL, 0, 0},
};
214

215
216
217
218
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
219
220
221
222
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
223
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
224
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
225
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
226
227
228
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
229
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
230
231
232
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
233
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
234
#endif
235

236
237
238
239
240
241
242
243
244
245
246
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
247

Nick Mathewson's avatar
Nick Mathewson committed
248
249
250
251
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
252
static config_var_t option_vars_[] = {
253
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
254
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
255
256
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
257
  OBSOLETE("AllowDotExit"),
258
  OBSOLETE("AllowInvalidNodes"),
259
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
260
  OBSOLETE("AllowSingleHopCircuits"),
261
  OBSOLETE("AllowSingleHopExits"),
262
263
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
264
  OBSOLETE("AlternateHSAuthority"),
265
  V(AssumeReachable,             BOOL,     "0"),
266
267
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
268
  V(AuthDirBadExit,              LINELIST, NULL),
269
  V(AuthDirBadExitCCs,           CSV,      ""),
270
  V(AuthDirInvalid,              LINELIST, NULL),
271
  V(AuthDirInvalidCCs,           CSV,      ""),
272
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
273
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
274
  V(AuthDirPinKeys,              BOOL,     "1"),
275
  V(AuthDirReject,               LINELIST, NULL),
276
  V(AuthDirRejectCCs,            CSV,      ""),
277
  OBSOLETE("AuthDirRejectUnlisted"),
278
  OBSOLETE("AuthDirListBadDirs"),
279
  V(AuthDirListBadExits,         BOOL,     "0"),
280
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
281
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
282
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
283
284
285
286
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
287
288
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
289
290
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
291
  V(BridgePassword,              STRING,   NULL),
292
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
293
  V(BridgeRelay,                 BOOL,     "0"),
294
  V(BridgeDistribution,          STRING,   NULL),
295
296
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
297
  V(CellStatistics,              BOOL,     "0"),
298
  V(PaddingStatistics,           BOOL,     "1"),
299
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
300
  V(CircuitBuildTimeout,         INTERVAL, "0"),
301
302
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
303
  V(CircuitStreamTimeout,        INTERVAL, "0"),
304
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
305
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
306
  V(ClientOnly,                  BOOL,     "0"),
307
308
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
309
  V(ClientRejectInternalAddresses, BOOL,   "1"),
310
  V(ClientTransportPlugin,       LINELIST, NULL),
311
  V(ClientUseIPv6,               BOOL,     "0"),
312
  V(ClientUseIPv4,               BOOL,     "1"),
313
  V(ConsensusParams,             STRING,   NULL),
314
  V(ConnLimit,                   UINT,     "1000"),
315
  V(ConnDirectionStatistics,     BOOL,     "0"),
316
317
318
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
319
  OBSOLETE("ControlListenAddress"),
320
  VPORT(ControlPort),
321
  V(ControlPortFileGroupReadable,BOOL,     "0"),
322
  V(ControlPortWriteToFile,      FILENAME, NULL),
323
  V(ControlSocket,               LINELIST, NULL),
324
  V(ControlSocketsGroupWritable, BOOL,     "0"),
325
  V(UnixSocksGroupWritable,    BOOL,     "0"),
326
327
328
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
329
  V(CountPrivateBandwidth,       BOOL,     "0"),
330
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
331
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
332
  V(DisableOOSCheck,             BOOL,     "1"),
333
  V(DisableNetwork,              BOOL,     "0"),
334
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
335
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
336
  OBSOLETE("DirListenAddress"),
337
  V(DirPolicy,                   LINELIST, NULL),
338
  VPORT(DirPort),
339
  V(DirPortFrontPage,            FILENAME, NULL),
340
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
341
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
342
  V(DirCache,                    BOOL,     "1"),
343
344
345
346
347
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
348
349
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
350
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
351
  V(DisableAllSwap,              BOOL,     "0"),
352
  V(DisableDebuggerAttachment,   BOOL,     "1"),
353
  OBSOLETE("DisableIOCP"),
354
  OBSOLETE("DisableV2DirectoryInfo_"),
355
  OBSOLETE("DynamicDHGroups"),
356
  VPORT(DNSPort),
357
  OBSOLETE("DNSListenAddress"),
358
359
360
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
361
  V(DoSCircuitCreationRate,      UINT,     "0"),
362
363
364
365
366
367
368
369
370
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
371
  V(DownloadExtraInfo,           BOOL,     "0"),
372
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
373
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
374
  OBSOLETE("TestingEnableTbEmptyEvent"),
375
  V(EnforceDistinctSubnets,      BOOL,     "1"),
376
  V(EntryNodes,                  ROUTERSET,   NULL),
377
  V(EntryStatistics,             BOOL,     "0"),
378
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
379
380
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
381
  OBSOLETE("ExcludeSingleHopRelays"),
382
  V(ExitNodes,                   ROUTERSET, NULL),
383
384
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
385
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
386
  V(ExitPortStatistics,          BOOL,     "0"),
387
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
388
  V(ExitRelay,                   AUTOBOOL, "auto"),
389
  VPORT(ExtORPort),
390
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
391
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
392
  V(ExtraInfoStatistics,         BOOL,     "1"),
393
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
394
  V(FallbackDir,                 LINELIST, NULL),
395

396
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
397

398
  OBSOLETE("FallbackNetworkstatusFile"),
399
400
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
401
  OBSOLETE("FastFirstHopPK"),
402
  V(FetchDirInfoEarly,           BOOL,     "0"),
403
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
404
405
406
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
407
  OBSOLETE("FetchV2Networkstatus"),
408
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
409
#ifdef _WIN32
410
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
411
  V(GeoIPv6File,                 FILENAME, "<default>"),
412
#else
413
414
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
415
416
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
417
#endif /* defined(_WIN32) */
418
  OBSOLETE("Group"),
419
  V(GuardLifetime,               INTERVAL, "0 minutes"),
420
  V(HardwareAccel,               BOOL,     "0"),
421
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
422
  V(MainloopStats,               BOOL,     "0"),
423
424
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
425
  V(HashedControlPassword,       LINELIST, NULL),
426
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
427
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
428
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
429
430
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
431
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
432
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
433
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
434
435
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
436
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
437
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
438
  V(HidServAuth,                 LINELIST, NULL),
439
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
440
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
441
442
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
443
444
445
446
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
447
  VPORT(HTTPTunnelPort),
448
  V(IPv6Exit,                    BOOL,     "0"),
449
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
450
  V(ServerTransportListenAddr,   LINELIST, NULL),
451
  V(ServerTransportOptions,      LINELIST, NULL),
452
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
453
454
455
456
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
457
458
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
459
460
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
461
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
462
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
463
  VAR("Log",                     LINELIST, Logs,             NULL),
464
  V(LogMessageDomains,           BOOL,     "0"),
465
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
466
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
467
  V(SyslogIdentityTag,           STRING,   NULL),
468
  V(AndroidIdentityTag,          STRING,   NULL),
469
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
470
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
471
472
473
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
474
  V(MaxClientCircuitsPending,    UINT,     "32"),
475
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
476
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
477
478
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
479
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
480
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
481
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
482
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
483
  OBSOLETE("NamingAuthoritativeDirectory"),
484
  OBSOLETE("NATDListenAddress"),
485
  VPORT(NATDPort),
486
  V(Nickname,                    STRING,   NULL),
487
  OBSOLETE("PredictedPortsRelevanceTime"),
488
  OBSOLETE("WarnUnsafeSocks"),
489
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
490
  V(NoExec,                      BOOL,     "0"),
491
  V(NumCPUs,                     UINT,     "0"),
492
  V(NumDirectoryGuards,          UINT,     "0"),
493
  V(NumEntryGuards,              UINT,     "0"),
494
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
495
  V(OfflineMasterKey,            BOOL,     "0"),
496
  OBSOLETE("ORListenAddress"),
497
  VPORT(ORPort),
498
  V(OutboundBindAddress,         LINELIST,   NULL),
499
500
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
501

502
  OBSOLETE("PathBiasDisableRate"),
503
504
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
505
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
506
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
507
  V(PathBiasScaleThreshold,      INT,      "-1"),
508
509
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
510
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
511
512
513
514
515
516
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
517

518
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
519
520
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
521
  V(PidFile,                     STRING,   NULL),
522
  V(TestingTorNetwork,           BOOL,     "0"),
523
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
524
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
525

526
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
527
528
529
530
531
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

532
  V(OptimisticData,              AUTOBOOL, "auto"),
533
534
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
535
  OBSOLETE("PreferTunneledDirConns"),
536
  V(ProtocolWarnings,            BOOL,     "0"),
537
  V(PublishServerDescriptor,     CSV,      "1"),
538
539
540
541
542
543
544
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
545
  V(RecommendedPackages,         LINELIST, NULL),
546
547
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
548
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
549
  V(RejectPlaintextPorts,        CSV,      ""),
550
551
552
553
554
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
555
  V(ReducedExitPolicy,           BOOL,     "0"),
556
  OBSOLETE("RunTesting"), // currently unused
557
  V(Sandbox,                     BOOL,     "0"),
558
  V(SafeLogging,                 STRING,   "1"),
559
  V(SafeSocks,                   BOOL,     "0"),
560
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
561
562
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
563
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
564
565
566
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
567
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
568
569
570
571
572
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
573
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
574
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
575
  OBSOLETE("SocksListenAddress"),
576
  V(SocksPolicy,                 LINELIST, NULL),
577
  VPORT(SocksPort),
578
  V(SocksTimeout,                INTERVAL, "2 minutes"),
579
  V(SSLKeyLifetime,              INTERVAL, "0"),
580
581
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
582
  V(StrictNodes,                 BOOL,     "0"),
583
  OBSOLETE("Support022HiddenServices"),
584
  V(TestSocks,                   BOOL,     "0"),
585
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
586
  V(Tor2webMode,                 BOOL,     "0"),
587
  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
588
  OBSOLETE("TLSECGroup"),
589
590
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
591
  OBSOLETE("TransListenAddress"),
592
  VPORT(TransPort),
593
  V(TransProxyType,              STRING,   "default"),
594
  OBSOLETE("TunnelDirConns"),
595
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
596
  V(UseBridges,                  BOOL,     "0"),
597
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
598
  OBSOLETE("UseEntryGuardsAsDirGuards"),
599
  V(UseGuardFraction,            AUTOBOOL, "auto"),
600
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
601
  OBSOLETE("UseNTorHandshake"),
602
  V(User,                        STRING,   NULL),
603
  OBSOLETE("UserspaceIOCPBuffers"),
604
  V(AuthDirSharedRandomness,     BOOL,     "1"),
605
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
606
  OBSOLETE("V1AuthoritativeDirectory"),
607
  OBSOLETE("V2AuthoritativeDirectory"),
608
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
609
610
611
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
612
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
613
614
615
616
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
617
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
618
  V(V3BandwidthsFile,            FILENAME, NULL),
619
  V(GuardfractionFile,           FILENAME, NULL),
620
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
621
  OBSOLETE("VoteOnHidServDirectoriesV2"),
622
623
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
624
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
625
626
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
627
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
628
629
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
630
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
631
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
632
633
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
634
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
635
  VAR("__OwningControllerFD",INT,OwningControllerFD, "-1"),
636
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
637
638
639
640
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
641
  /* With the ClientBootstrapConsensus*Download* below:
642
   * Clients with only authorities will try:
643
644
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
645
   * Clients with authorities and fallbacks will try:
646
647
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
648
   * Clients will also retry when an application request arrives.
649
   * After a number of failed requests, clients retry every 3 days + 1 hour.
650
651
652
653
654
655
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
656
657
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
658
  /* When clients only have authorities available, they use this schedule: */
659
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
660
    "0"),
661
662
663
664
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
665
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
666
667
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
668
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
669
670
671
672
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
673
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
674
675
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
676
677
678
679
680
681
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
682
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
683
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
684
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
685
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
686
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
687
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
688
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
689

690
  END_OF_CONFIG_VARS
691
};
692

693
694
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
695
static const config_var_t testing_tor_network_defaults[] = {
696
697
698
699
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
700
701
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
702
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
703
    "0"),
704
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
705
  V(ClientRejectInternalAddresses, BOOL,   "0"),
706
  V(CountPrivateBandwidth,       BOOL,     "1"),
707
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
708
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
709
710
711
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
712
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
713
714
715
716
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
717
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
718
719
720
721
722
723
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
724
725
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
726
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
727
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
728
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
729
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
730

731
  END_OF_CONFIG_VARS
732
};
733

734
#undef VAR
735
#undef V
736
737
#undef OBSOLETE

738
static const config_deprecation_t option_deprecation_notes_[] = {
739
  /* Deprecated since 0.3.2.0-alpha. */
740
741
742
743
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
744
745
746
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
747
748
749
750
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
751
  /* End of options deprecated since 0.3.2.2-alpha. */
752

753
754
755
  { NULL, NULL }
};

756
#ifdef _WIN32
757
758
static char *get_windows_conf_root(void);
#endif
759
760
761
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
762
                                      char **msg);
763
764
765
766
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
767
768
static int options_transition_affects_dirauth_timing(
      const or_options_t *old_options, const or_options_t *new_options);
769
770
771
static int normalize_nickname_list(config_line_t **normalized_out,
                                   const config_line_t *lst, const char *name,
                                   char **msg);
772
773
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
774
static int parse_ports(or_options_t *options, int validate_only,
775
776
                              char **msg_out, int *n_ports_out,
                              int *world_writable_control_socket);
777
static int check_server_ports(const smartlist_t *ports,
778
779
                              const or_options_t *options,
                              int *num_low_ports_out);
780
static int validate_data_directories(or_options_t *options);
781
782
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
Arlo Breault's avatar
Arlo Breault committed
783
784
static int options_init_logs(const or_options_t *old_options,
                             or_options_t *options, int validate_only);