config.c 298 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
Nick Mathewson's avatar
Nick Mathewson committed
63
64
65
66
67
68
69
70
71
72
#include "or/or.h"
#include "or/bridges.h"
#include "common/compat.h"
#include "or/addressmap.h"
#include "or/channel.h"
#include "or/circuitbuild.h"
#include "or/circuitlist.h"
#include "or/circuitmux.h"
#include "or/circuitmux_ewma.h"
#include "or/circuitstats.h"
73
#include "lib/compress/compress.h"
Nick Mathewson's avatar
Nick Mathewson committed
74
75
76
77
78
79
80
81
#include "or/config.h"
#include "or/connection.h"
#include "or/connection_edge.h"
#include "or/connection_or.h"
#include "or/consdiffmgr.h"
#include "or/control.h"
#include "or/confparse.h"
#include "or/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
Nick Mathewson's avatar
Nick Mathewson committed
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#include "or/dirserv.h"
#include "or/dns.h"
#include "or/dos.h"
#include "or/entrynodes.h"
#include "or/git_revision.h"
#include "or/geoip.h"
#include "or/hibernate.h"
#include "or/main.h"
#include "or/networkstatus.h"
#include "or/nodelist.h"
#include "or/policies.h"
#include "or/relay.h"
#include "or/rendclient.h"
#include "or/rendservice.h"
#include "or/hs_config.h"
#include "or/rephist.h"
#include "or/router.h"
101
#include "lib/sandbox/sandbox.h"
Nick Mathewson's avatar
Nick Mathewson committed
102
103
104
105
106
107
108
109
#include "common/util.h"
#include "or/routerlist.h"
#include "or/routerset.h"
#include "or/scheduler.h"
#include "or/statefile.h"
#include "or/transports.h"
#include "or/ext_orport.h"
#include "or/voting_schedule.h"
110
#ifdef _WIN32
111
112
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
113

114
#include "common/conffile.h"
Nick Mathewson's avatar
Nick Mathewson committed
115
#include "common/procmon.h"
116

Nick Mathewson's avatar
Nick Mathewson committed
117
118
#include "or/dirauth/dirvote.h"
#include "or/dirauth/mode.h"
119

Nick Mathewson's avatar
Nick Mathewson committed
120
121
#include "or/connection_st.h"
#include "or/port_cfg_st.h"
122

123
124
125
126
127
128
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
129
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
130
#include <systemd/sd-daemon.h>
131
#endif /* defined(HAVE_SYSTEMD) */
132

133
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
134
static const char unix_socket_prefix[] = "unix:";
135
136
137
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
138

139
140
141
142
143
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

144
145
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
146
static config_abbrev_t option_abbrevs_[] = {
147
148
149
150
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
151
  PLURAL(EntryNode),
152
  PLURAL(ExcludeNode),
153
  PLURAL(Tor2webRendezvousPoint),
154
  PLURAL(FirewallPort),
155
  PLURAL(LongLivedPort),
156
157
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
158
  PLURAL(NumCPU),
159
  PLURAL(RendNode),
160
  PLURAL(RecommendedPackage),
161
  PLURAL(RendExcludeNode),
162
163
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
164
  PLURAL(StrictNode),
165
  { "l", "Log", 1, 0},
166
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
167
168
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
169
170
171
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
172
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
173
  { "MaxConn", "ConnLimit", 0, 1},
174
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
175
176
177
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
178
179
180
181
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
182
183
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
184
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
185
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
186
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
187
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
188
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
189
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
190
191
192
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

193
194
195
196
197
198
199
200
201
202
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

203
204
  { NULL, NULL, 0, 0},
};
205

206
207
208
209
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
210
211
212
213
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
214
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
215
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
216
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
217
218
219
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
220
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
221
222
223
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
224
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
225
#endif
226

227
228
229
230
231
232
233
234
235
236
237
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
238

Nick Mathewson's avatar
Nick Mathewson committed
239
240
241
242
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
243
static config_var_t option_vars_[] = {
244
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
245
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
246
247
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
248
  OBSOLETE("AllowDotExit"),
249
  OBSOLETE("AllowInvalidNodes"),
250
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
251
  OBSOLETE("AllowSingleHopCircuits"),
252
  OBSOLETE("AllowSingleHopExits"),
253
254
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
255
  OBSOLETE("AlternateHSAuthority"),
256
  V(AssumeReachable,             BOOL,     "0"),
257
258
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
259
  V(AuthDirBadExit,              LINELIST, NULL),
260
  V(AuthDirBadExitCCs,           CSV,      ""),
261
  V(AuthDirInvalid,              LINELIST, NULL),
262
  V(AuthDirInvalidCCs,           CSV,      ""),
263
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
264
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
265
  V(AuthDirPinKeys,              BOOL,     "1"),
266
  V(AuthDirReject,               LINELIST, NULL),
267
  V(AuthDirRejectCCs,            CSV,      ""),
268
  OBSOLETE("AuthDirRejectUnlisted"),
269
  OBSOLETE("AuthDirListBadDirs"),
270
  V(AuthDirListBadExits,         BOOL,     "0"),
271
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
272
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
273
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
274
275
276
277
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
278
279
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
280
281
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
282
  V(BridgePassword,              STRING,   NULL),
283
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
284
  V(BridgeRelay,                 BOOL,     "0"),
285
  V(BridgeDistribution,          STRING,   NULL),
286
287
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
288
  V(CellStatistics,              BOOL,     "0"),
289
  V(PaddingStatistics,           BOOL,     "1"),
290
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
291
  V(CircuitBuildTimeout,         INTERVAL, "0"),
292
293
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
294
  V(CircuitStreamTimeout,        INTERVAL, "0"),
295
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
296
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
297
  V(ClientOnly,                  BOOL,     "0"),
298
299
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
300
  V(ClientRejectInternalAddresses, BOOL,   "1"),
301
  V(ClientTransportPlugin,       LINELIST, NULL),
302
  V(ClientUseIPv6,               BOOL,     "0"),
303
  V(ClientUseIPv4,               BOOL,     "1"),
304
  V(ConsensusParams,             STRING,   NULL),
305
  V(ConnLimit,                   UINT,     "1000"),
306
  V(ConnDirectionStatistics,     BOOL,     "0"),
307
308
309
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
310
  OBSOLETE("ControlListenAddress"),
311
  VPORT(ControlPort),
312
  V(ControlPortFileGroupReadable,BOOL,     "0"),
313
  V(ControlPortWriteToFile,      FILENAME, NULL),
314
  V(ControlSocket,               LINELIST, NULL),
315
  V(ControlSocketsGroupWritable, BOOL,     "0"),
316
  V(UnixSocksGroupWritable,    BOOL,     "0"),
317
318
319
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
320
  V(CountPrivateBandwidth,       BOOL,     "0"),
321
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
322
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
323
  V(DisableOOSCheck,             BOOL,     "1"),
324
  V(DisableNetwork,              BOOL,     "0"),
325
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
326
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
327
  OBSOLETE("DirListenAddress"),
328
  V(DirPolicy,                   LINELIST, NULL),
329
  VPORT(DirPort),
330
  V(DirPortFrontPage,            FILENAME, NULL),
331
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
332
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
333
  V(DirCache,                    BOOL,     "1"),
334
335
336
337
338
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
339
340
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
341
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
342
  V(DisableAllSwap,              BOOL,     "0"),
343
  V(DisableDebuggerAttachment,   BOOL,     "1"),
344
  OBSOLETE("DisableIOCP"),
345
  OBSOLETE("DisableV2DirectoryInfo_"),
346
  OBSOLETE("DynamicDHGroups"),
347
  VPORT(DNSPort),
348
  OBSOLETE("DNSListenAddress"),
349
350
351
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
352
  V(DoSCircuitCreationRate,      UINT,     "0"),
353
354
355
356
357
358
359
360
361
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
362
  V(DownloadExtraInfo,           BOOL,     "0"),
363
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
364
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
365
  OBSOLETE("TestingEnableTbEmptyEvent"),
366
  V(EnforceDistinctSubnets,      BOOL,     "1"),
367
  V(EntryNodes,                  ROUTERSET,   NULL),
368
  V(EntryStatistics,             BOOL,     "0"),
369
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
370
371
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
372
  OBSOLETE("ExcludeSingleHopRelays"),
373
  V(ExitNodes,                   ROUTERSET, NULL),
374
375
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
376
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
377
  V(ExitPortStatistics,          BOOL,     "0"),
378
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
379
  V(ExitRelay,                   AUTOBOOL, "auto"),
380
  VPORT(ExtORPort),
381
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
382
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
383
  V(ExtraInfoStatistics,         BOOL,     "1"),
384
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
385
  V(FallbackDir,                 LINELIST, NULL),
386

387
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
388

389
  OBSOLETE("FallbackNetworkstatusFile"),
390
391
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
392
  OBSOLETE("FastFirstHopPK"),
393
  V(FetchDirInfoEarly,           BOOL,     "0"),
394
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
395
396
397
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
398
  OBSOLETE("FetchV2Networkstatus"),
399
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
400
#ifdef _WIN32
401
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
402
  V(GeoIPv6File,                 FILENAME, "<default>"),
403
#else
404
405
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
406
407
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
408
#endif /* defined(_WIN32) */
409
  OBSOLETE("Group"),
410
  V(GuardLifetime,               INTERVAL, "0 minutes"),
411
  V(HardwareAccel,               BOOL,     "0"),
412
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
413
  V(MainloopStats,               BOOL,     "0"),
414
415
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
416
  V(HashedControlPassword,       LINELIST, NULL),
417
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
418
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
419
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
420
421
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
422
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
423
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
424
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
425
426
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
427
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
428
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
429
  V(HidServAuth,                 LINELIST, NULL),
430
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
431
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
432
433
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
434
435
436
437
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
438
  VPORT(HTTPTunnelPort),
439
  V(IPv6Exit,                    BOOL,     "0"),
440
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
441
  V(ServerTransportListenAddr,   LINELIST, NULL),
442
  V(ServerTransportOptions,      LINELIST, NULL),
443
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
444
445
446
447
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
448
449
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
450
451
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
452
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
453
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
454
  VAR("Log",                     LINELIST, Logs,             NULL),
455
  V(LogMessageDomains,           BOOL,     "0"),
456
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
457
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
458
  V(SyslogIdentityTag,           STRING,   NULL),
459
  V(AndroidIdentityTag,          STRING,   NULL),
460
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
461
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
462
463
464
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
465
  V(MaxClientCircuitsPending,    UINT,     "32"),
466
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
467
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
468
469
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
470
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
471
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
472
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
473
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
474
  OBSOLETE("NamingAuthoritativeDirectory"),
475
  OBSOLETE("NATDListenAddress"),
476
  VPORT(NATDPort),
477
  V(Nickname,                    STRING,   NULL),
478
  OBSOLETE("PredictedPortsRelevanceTime"),
479
  OBSOLETE("WarnUnsafeSocks"),
480
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
481
  V(NoExec,                      BOOL,     "0"),
482
  V(NumCPUs,                     UINT,     "0"),
483
  V(NumDirectoryGuards,          UINT,     "0"),
484
  V(NumEntryGuards,              UINT,     "0"),
485
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
486
  V(OfflineMasterKey,            BOOL,     "0"),
487
  OBSOLETE("ORListenAddress"),
488
  VPORT(ORPort),
489
  V(OutboundBindAddress,         LINELIST,   NULL),
490
491
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
492

493
  OBSOLETE("PathBiasDisableRate"),
494
495
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
496
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
497
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
498
  V(PathBiasScaleThreshold,      INT,      "-1"),
499
500
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
501
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
502
503
504
505
506
507
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
508

509
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
510
511
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
512
  V(PidFile,                     STRING,   NULL),
513
  V(TestingTorNetwork,           BOOL,     "0"),
514
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
515
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
516

517
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
518
519
520
521
522
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

523
  V(OptimisticData,              AUTOBOOL, "auto"),
524
525
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
526
  OBSOLETE("PreferTunneledDirConns"),
527
  V(ProtocolWarnings,            BOOL,     "0"),
528
  V(PublishServerDescriptor,     CSV,      "1"),
529
530
531
532
533
534
535
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
536
  V(RecommendedPackages,         LINELIST, NULL),
537
538
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
539
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
540
  V(RejectPlaintextPorts,        CSV,      ""),
541
542
543
544
545
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
546
  V(ReducedExitPolicy,           BOOL,     "0"),
547
  OBSOLETE("RunTesting"), // currently unused
548
  V(Sandbox,                     BOOL,     "0"),
549
  V(SafeLogging,                 STRING,   "1"),
550
  V(SafeSocks,                   BOOL,     "0"),
551
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
552
553
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
554
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
555
556
557
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
558
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
559
560
561
562
563
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
564
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
565
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
566
  OBSOLETE("SocksListenAddress"),
567
  V(SocksPolicy,                 LINELIST, NULL),
568
  VPORT(SocksPort),
569
  V(SocksTimeout,                INTERVAL, "2 minutes"),
570
  V(SSLKeyLifetime,              INTERVAL, "0"),
571
572
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
573
  V(StrictNodes,                 BOOL,     "0"),
574
  OBSOLETE("Support022HiddenServices"),
575
  V(TestSocks,                   BOOL,     "0"),
576
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
577
  V(Tor2webMode,                 BOOL,     "0"),
578
  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
579
  OBSOLETE("TLSECGroup"),
580
581
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
582
  OBSOLETE("TransListenAddress"),
583
  VPORT(TransPort),
584
  V(TransProxyType,              STRING,   "default"),
585
  OBSOLETE("TunnelDirConns"),
586
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
587
  V(UseBridges,                  BOOL,     "0"),
588
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
589
  OBSOLETE("UseEntryGuardsAsDirGuards"),
590
  V(UseGuardFraction,            AUTOBOOL, "auto"),
591
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
592
  OBSOLETE("UseNTorHandshake"),
593
  V(User,                        STRING,   NULL),
594
  OBSOLETE("UserspaceIOCPBuffers"),
595
  V(AuthDirSharedRandomness,     BOOL,     "1"),
596
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
597
  OBSOLETE("V1AuthoritativeDirectory"),
598
  OBSOLETE("V2AuthoritativeDirectory"),
599
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
600
601
602
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
603
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
604
605
606
607
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
608
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
609
  V(V3BandwidthsFile,            FILENAME, NULL),
610
  V(GuardfractionFile,           FILENAME, NULL),
611
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
612
  OBSOLETE("VoteOnHidServDirectoriesV2"),
613
614
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
615
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
616
617
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
618
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
619
620
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
621
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
622
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
623
624
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
625
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
626
  VAR("__OwningControllerFD",INT,OwningControllerFD, "-1"),
627
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
628
629
630
631
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
632
  /* With the ClientBootstrapConsensus*Download* below:
633
   * Clients with only authorities will try:
634
635
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
636
   * Clients with authorities and fallbacks will try:
637
638
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
639
   * Clients will also retry when an application request arrives.
640
   * After a number of failed requests, clients retry every 3 days + 1 hour.
641
642
643
644
645
646
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
647
648
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
649
  /* When clients only have authorities available, they use this schedule: */
650
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
651
    "0"),
652
653
654
655
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
656
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
657
658
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
659
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
660
661
662
663
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
664
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
665
666
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
667
668
669
670
671
672
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
673
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
674
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
675
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
676
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
677
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
678
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
679
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
680

681
  END_OF_CONFIG_VARS
682
};
683

684
685
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
686
static const config_var_t testing_tor_network_defaults[] = {
687
688
689
690
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
691
692
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
693
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
694
    "0"),
695
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
696
  V(ClientRejectInternalAddresses, BOOL,   "0"),
697
  V(CountPrivateBandwidth,       BOOL,     "1"),
698
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
699
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
700
701
702
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
703
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
704
705
706
707
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
708
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
709
710
711
712
713
714
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
715
716
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
717
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
718
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
719
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
720
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
721

722
  END_OF_CONFIG_VARS
723
};
724

725
#undef VAR
726
#undef V
727
728
#undef OBSOLETE

729
static const config_deprecation_t option_deprecation_notes_[] = {
730
  /* Deprecated since 0.3.2.0-alpha. */
731
732
733
734
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
735
736
737
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
738
739
740
741
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
742
  /* End of options deprecated since 0.3.2.2-alpha. */
743

744
745
746
  { NULL, NULL }
};

747
#ifdef _WIN32
748
749
static char *get_windows_conf_root(void);
#endif
750
751
752
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
753
                                      char **msg);
754
755
756
757
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
758
759
static int options_transition_affects_dirauth_timing(
      const or_options_t *old_options, const or_options_t *new_options);
760
761
762
static int normalize_nickname_list(config_line_t **normalized_out,
                                   const config_line_t *lst, const char *name,
                                   char **msg);
763
764
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
765
static int parse_ports(or_options_t *options, int validate_only,
766
767
                              char **msg_out, int *n_ports_out,
                              int *world_writable_control_socket);
768
static int check_server_ports(const smartlist_t *ports,
769
770
                              const or_options_t *options,
                              int *num_low_ports_out);
771
static int validate_data_directories(or_options_t *options);
772
773
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
Arlo Breault's avatar
Arlo Breault committed
774
775
static int options_init_logs(const or_options_t *old_options,
                             or_options_t *options, int validate_only);
776

777
static void init_libevent(const or_options_t *options);
778
static int opt_streq(const char *s1, const char *s2);
779
780
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
Linus Nordberg's avatar
Linus Nordberg committed
781
782
static void config_maybe_load_geoip_files_(const or_options_t *options,
                                           const or_options_t *old_options);