config.c 300 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
63
64
65
66
67
68
69
70
71
#include "core/or/or.h"
#include "feature/client/bridges.h"
#include "feature/client/addressmap.h"
#include "core/or/channel.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuitmux.h"
#include "core/or/circuitmux_ewma.h"
#include "core/or/circuitstats.h"
72
#include "lib/compress/compress.h"
73
#include "app/config/config.h"
74
#include "lib/encoding/confline.h"
75
76
77
78
79
80
81
#include "core/mainloop/connection.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
#include "feature/dircache/consdiffmgr.h"
#include "feature/control/control.h"
#include "app/config/confparse.h"
#include "core/mainloop/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#include "feature/dircache/dirserv.h"
#include "feature/relay/dns.h"
#include "core/or/dos.h"
#include "feature/client/entrynodes.h"
#include "core/or/git_revision.h"
#include "feature/stats/geoip.h"
#include "feature/hibernate/hibernate.h"
#include "core/mainloop/main.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "core/or/policies.h"
#include "core/or/relay.h"
#include "feature/rend/rendclient.h"
#include "feature/rend/rendservice.h"
#include "feature/hs/hs_config.h"
#include "feature/stats/rephist.h"
#include "feature/relay/router.h"
101
#include "lib/sandbox/sandbox.h"
102
103
104
105
106
107
108
#include "feature/nodelist/routerlist.h"
#include "feature/nodelist/routerset.h"
#include "core/or/scheduler.h"
#include "app/config/statefile.h"
#include "feature/client/transports.h"
#include "feature/relay/ext_orport.h"
#include "feature/dircommon/voting_schedule.h"
109
#include "lib/net/resolve.h"
110
#ifdef _WIN32
111
112
#include <shlobj.h>
#endif
113
114
115
116
117
118
119
120
121
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
122

123
#include "lib/meminfo/meminfo.h"
124
#include "lib/osinfo/uname.h"
125
126
127
128
129
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
130
#include "lib/net/gethostname.h"
131
#include "lib/thread/numcpus.h"
132

133
#include "lib/encoding/keyval.h"
134
#include "lib/fs/conffile.h"
135
#include "lib/evloop/procmon.h"
136

137
138
#include "feature/dirauth/dirvote.h"
#include "feature/dirauth/mode.h"
139

140
141
#include "core/or/connection_st.h"
#include "core/or/port_cfg_st.h"
142

143
144
145
146
147
148
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
149
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
150
#include <systemd/sd-daemon.h>
151
#endif /* defined(HAVE_SYSTEMD) */
152

153
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
154
static const char unix_socket_prefix[] = "unix:";
155
156
157
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
158

159
160
161
162
/* limits for TCP send and recv buffer size used for constrained sockets */
#define MIN_CONSTRAINED_TCP_BUFFER 2048
#define MAX_CONSTRAINED_TCP_BUFFER 262144  /* 256k */

163
164
165
166
167
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

168
169
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
170
static config_abbrev_t option_abbrevs_[] = {
171
172
173
174
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
175
  PLURAL(EntryNode),
176
  PLURAL(ExcludeNode),
177
  PLURAL(Tor2webRendezvousPoint),
178
  PLURAL(FirewallPort),
179
  PLURAL(LongLivedPort),
180
181
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
182
  PLURAL(NumCPU),
183
  PLURAL(RendNode),
184
  PLURAL(RecommendedPackage),
185
  PLURAL(RendExcludeNode),
186
187
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
188
  PLURAL(StrictNode),
189
  { "l", "Log", 1, 0},
190
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
191
192
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
193
194
195
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
196
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
197
  { "MaxConn", "ConnLimit", 0, 1},
198
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
199
200
201
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
202
203
204
205
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
206
207
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
208
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
209
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
210
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
211
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
212
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
213
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
214
215
216
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

217
218
219
220
221
222
223
224
225
226
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

227
228
  { NULL, NULL, 0, 0},
};
229

230
231
232
233
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
234
235
236
237
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
238
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
239
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
240
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
241
242
243
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
244
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
245
246
247
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
248
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
249
#endif
250

251
252
253
254
255
256
257
258
259
260
261
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
262

Nick Mathewson's avatar
Nick Mathewson committed
263
264
265
266
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
267
static config_var_t option_vars_[] = {
268
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
269
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
270
271
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
272
  OBSOLETE("AllowDotExit"),
273
  OBSOLETE("AllowInvalidNodes"),
274
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
275
  OBSOLETE("AllowSingleHopCircuits"),
276
  OBSOLETE("AllowSingleHopExits"),
277
278
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
279
  OBSOLETE("AlternateHSAuthority"),
280
  V(AssumeReachable,             BOOL,     "0"),
281
282
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
283
  V(AuthDirBadExit,              LINELIST, NULL),
284
  V(AuthDirBadExitCCs,           CSV,      ""),
285
  V(AuthDirInvalid,              LINELIST, NULL),
286
  V(AuthDirInvalidCCs,           CSV,      ""),
287
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
288
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
289
  V(AuthDirPinKeys,              BOOL,     "1"),
290
  V(AuthDirReject,               LINELIST, NULL),
291
  V(AuthDirRejectCCs,            CSV,      ""),
292
  OBSOLETE("AuthDirRejectUnlisted"),
293
  OBSOLETE("AuthDirListBadDirs"),
294
  V(AuthDirListBadExits,         BOOL,     "0"),
295
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
296
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
297
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
298
299
300
301
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
302
303
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
304
305
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
306
  V(BridgePassword,              STRING,   NULL),
307
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
308
  V(BridgeRelay,                 BOOL,     "0"),
309
  V(BridgeDistribution,          STRING,   NULL),
310
311
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
312
  V(CellStatistics,              BOOL,     "0"),
313
  V(PaddingStatistics,           BOOL,     "1"),
314
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
315
  V(CircuitBuildTimeout,         INTERVAL, "0"),
316
317
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
318
  V(CircuitStreamTimeout,        INTERVAL, "0"),
319
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
320
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
321
  V(ClientOnly,                  BOOL,     "0"),
322
323
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
324
  V(ClientRejectInternalAddresses, BOOL,   "1"),
325
  V(ClientTransportPlugin,       LINELIST, NULL),
326
  V(ClientUseIPv6,               BOOL,     "0"),
327
  V(ClientUseIPv4,               BOOL,     "1"),
328
  V(ConsensusParams,             STRING,   NULL),
329
  V(ConnLimit,                   UINT,     "1000"),
330
  V(ConnDirectionStatistics,     BOOL,     "0"),
331
332
333
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
334
  OBSOLETE("ControlListenAddress"),
335
  VPORT(ControlPort),
336
  V(ControlPortFileGroupReadable,BOOL,     "0"),
337
  V(ControlPortWriteToFile,      FILENAME, NULL),
338
  V(ControlSocket,               LINELIST, NULL),
339
  V(ControlSocketsGroupWritable, BOOL,     "0"),
340
  V(UnixSocksGroupWritable,    BOOL,     "0"),
341
342
343
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
344
  V(CountPrivateBandwidth,       BOOL,     "0"),
345
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
346
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
347
  V(DisableOOSCheck,             BOOL,     "1"),
348
  V(DisableNetwork,              BOOL,     "0"),
349
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
350
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
351
  OBSOLETE("DirListenAddress"),
352
  V(DirPolicy,                   LINELIST, NULL),
353
  VPORT(DirPort),
354
  V(DirPortFrontPage,            FILENAME, NULL),
355
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
356
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
357
  V(DirCache,                    BOOL,     "1"),
358
359
360
361
362
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
363
364
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
365
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
366
  V(DisableAllSwap,              BOOL,     "0"),
367
  V(DisableDebuggerAttachment,   BOOL,     "1"),
368
  OBSOLETE("DisableIOCP"),
369
  OBSOLETE("DisableV2DirectoryInfo_"),
370
  OBSOLETE("DynamicDHGroups"),
371
  VPORT(DNSPort),
372
  OBSOLETE("DNSListenAddress"),
373
374
375
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
376
  V(DoSCircuitCreationRate,      UINT,     "0"),
377
378
379
380
381
382
383
384
385
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
386
  V(DownloadExtraInfo,           BOOL,     "0"),
387
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
388
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
389
  OBSOLETE("TestingEnableTbEmptyEvent"),
390
  V(EnforceDistinctSubnets,      BOOL,     "1"),
391
  V(EntryNodes,                  ROUTERSET,   NULL),
392
  V(EntryStatistics,             BOOL,     "0"),
393
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
394
395
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
396
  OBSOLETE("ExcludeSingleHopRelays"),
397
  V(ExitNodes,                   ROUTERSET, NULL),
398
399
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
400
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
401
  V(ExitPortStatistics,          BOOL,     "0"),
402
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
403
  V(ExitRelay,                   AUTOBOOL, "auto"),
404
  VPORT(ExtORPort),
405
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
406
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
407
  V(ExtraInfoStatistics,         BOOL,     "1"),
408
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
409
  V(FallbackDir,                 LINELIST, NULL),
410

411
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
412

413
  OBSOLETE("FallbackNetworkstatusFile"),
414
415
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
416
  OBSOLETE("FastFirstHopPK"),
417
  V(FetchDirInfoEarly,           BOOL,     "0"),
418
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
419
420
421
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
422
  OBSOLETE("FetchV2Networkstatus"),
423
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
424
#ifdef _WIN32
425
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
426
  V(GeoIPv6File,                 FILENAME, "<default>"),
427
#else
428
429
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
430
431
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
432
#endif /* defined(_WIN32) */
433
  OBSOLETE("Group"),
434
  V(GuardLifetime,               INTERVAL, "0 minutes"),
435
  V(HardwareAccel,               BOOL,     "0"),
436
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
437
  V(MainloopStats,               BOOL,     "0"),
438
439
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
440
  V(HashedControlPassword,       LINELIST, NULL),
441
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
442
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
443
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
444
445
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
446
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
447
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
448
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
449
450
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
451
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
452
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
453
  V(HidServAuth,                 LINELIST, NULL),
454
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
455
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
456
457
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
458
459
460
461
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
462
  VPORT(HTTPTunnelPort),
463
  V(IPv6Exit,                    BOOL,     "0"),
464
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
465
  V(ServerTransportListenAddr,   LINELIST, NULL),
466
  V(ServerTransportOptions,      LINELIST, NULL),
467
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
468
469
470
471
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
472
473
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
474
475
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
476
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
477
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
478
  VAR("Log",                     LINELIST, Logs,             NULL),
479
  V(LogMessageDomains,           BOOL,     "0"),
480
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
481
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
482
  V(SyslogIdentityTag,           STRING,   NULL),
483
  V(AndroidIdentityTag,          STRING,   NULL),
484
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
485
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
486
487
488
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
489
  V(MaxClientCircuitsPending,    UINT,     "32"),
490
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
491
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
492
493
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
494
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
495
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
496
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
497
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
498
  OBSOLETE("NamingAuthoritativeDirectory"),
499
  OBSOLETE("NATDListenAddress"),
500
  VPORT(NATDPort),
501
  V(Nickname,                    STRING,   NULL),
502
  OBSOLETE("PredictedPortsRelevanceTime"),
503
  OBSOLETE("WarnUnsafeSocks"),
504
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
505
  V(NoExec,                      BOOL,     "0"),
506
  V(NumCPUs,                     UINT,     "0"),
507
  V(NumDirectoryGuards,          UINT,     "0"),
508
  V(NumEntryGuards,              UINT,     "0"),
509
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
510
  V(OfflineMasterKey,            BOOL,     "0"),
511
  OBSOLETE("ORListenAddress"),
512
  VPORT(ORPort),
513
  V(OutboundBindAddress,         LINELIST,   NULL),
514
515
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
516

517
  OBSOLETE("PathBiasDisableRate"),
518
519
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
520
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
521
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
522
  V(PathBiasScaleThreshold,      INT,      "-1"),
523
524
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
525
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
526
527
528
529
530
531
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
532

533
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
534
535
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
536
  V(PidFile,                     STRING,   NULL),
537
  V(TestingTorNetwork,           BOOL,     "0"),
538
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
539
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
540

541
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
542
543
544
545
546
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

547
  V(OptimisticData,              AUTOBOOL, "auto"),
548
549
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
550
  OBSOLETE("PreferTunneledDirConns"),
551
  V(ProtocolWarnings,            BOOL,     "0"),
552
  V(PublishServerDescriptor,     CSV,      "1"),
553
554
555
556
557
558
559
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
560
  V(RecommendedPackages,         LINELIST, NULL),
561
562
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
563
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
564
  V(RejectPlaintextPorts,        CSV,      ""),
565
566
567
568
569
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
570
  V(ReducedExitPolicy,           BOOL,     "0"),
571
  OBSOLETE("RunTesting"), // currently unused
572
  V(Sandbox,                     BOOL,     "0"),
573
  V(SafeLogging,                 STRING,   "1"),
574
  V(SafeSocks,                   BOOL,     "0"),
575
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
576
577
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
578
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
579
580
581
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
582
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
583
584
585
586
587
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
588
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
589
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
590
  OBSOLETE("SocksListenAddress"),
591
  V(SocksPolicy,                 LINELIST, NULL),
592
  VPORT(SocksPort),
593
  V(SocksTimeout,                INTERVAL, "2 minutes"),
594
  V(SSLKeyLifetime,              INTERVAL, "0"),
595
596
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
597
  V(StrictNodes,                 BOOL,     "0"),
598
  OBSOLETE("Support022HiddenServices"),
599
  V(TestSocks,                   BOOL,     "0"),
600
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
601
  V(Tor2webMode,                 BOOL,     "0"),
602
  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
603
  OBSOLETE("TLSECGroup"),
604
605
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
606
  OBSOLETE("TransListenAddress"),
607
  VPORT(TransPort),
608
  V(TransProxyType,              STRING,   "default"),
609
  OBSOLETE("TunnelDirConns"),
610
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
611
  V(UseBridges,                  BOOL,     "0"),
612
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
613
  OBSOLETE("UseEntryGuardsAsDirGuards"),
614
  V(UseGuardFraction,            AUTOBOOL, "auto"),
615
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
616
  OBSOLETE("UseNTorHandshake"),
617
  V(User,                        STRING,   NULL),
618
  OBSOLETE("UserspaceIOCPBuffers"),
619
  V(AuthDirSharedRandomness,     BOOL,     "1"),
620
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
621
  OBSOLETE("V1AuthoritativeDirectory"),
622
  OBSOLETE("V2AuthoritativeDirectory"),
623
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
624
625
626
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
627
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
628
629
630
631
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
632
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
633
  V(V3BandwidthsFile,            FILENAME, NULL),
634
  V(GuardfractionFile,           FILENAME, NULL),
635
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
636
  OBSOLETE("VoteOnHidServDirectoriesV2"),
637
638
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
639
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
640
641
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
642
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
643
644
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
645
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
646
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
647
648
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
649
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
650
  VAR("__OwningControllerFD",INT,OwningControllerFD, "-1"),
651
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
652
653
654
655
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
656
  /* With the ClientBootstrapConsensus*Download* below:
657
   * Clients with only authorities will try:
658
659
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
660
   * Clients with authorities and fallbacks will try:
661
662
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
663
   * Clients will also retry when an application request arrives.
664
   * After a number of failed requests, clients retry every 3 days + 1 hour.
665
666
667
668
669
670
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
671
672
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
673
  /* When clients only have authorities available, they use this schedule: */
674
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
675
    "0"),
676
677
678
679
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
680
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
681
682
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
683
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
684
685
686
687
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
688
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
689
690
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
691
692
693
694
695
696
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
697
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
698
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
699
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
700
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
701
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
702
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
703
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
704

705
  END_OF_CONFIG_VARS
706
};
707

708
709
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
710
static const config_var_t testing_tor_network_defaults[] = {
711
712
713
714
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
715
716
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
717
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
718
    "0"),
719
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
720
  V(ClientRejectInternalAddresses, BOOL,   "0"),
721
  V(CountPrivateBandwidth,       BOOL,     "1"),
722
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
723
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
724
725
726
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
727
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
728
729
730
731
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
732
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
733
734
735
736
737
738
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
739
740
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
741
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
742
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
743
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
744
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
745

746
  END_OF_CONFIG_VARS
747
};
748

749
#undef VAR
750
#undef V
751
752
#undef OBSOLETE

753
static const config_deprecation_t option_deprecation_notes_[] = {
754
  /* Deprecated since 0.3.2.0-alpha. */
755
756
757
758
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
759
760
761
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
762
763
764
765
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
766
  /* End of options deprecated since 0.3.2.2-alpha. */
767

768
769
770
  { NULL, NULL }
};

771
#ifdef _WIN32
772
773
static char *get_windows_conf_root(void);
#endif
774
775
776
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
777
                                      char **msg);
778
779
780
781
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
782
783
static int options_transition_affects_dirauth_timing(
      const or_options_t *old_options, const or_options_t *new_options);
784