config.c 231 KB
Newer Older
1
 /* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
2
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2013, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
#define CONFIG_PRIVATE
Roger Dingledine's avatar
Roger Dingledine committed
13
#include "or.h"
14
#include "addressmap.h"
15
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
16
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitlist.h"
18
19
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
20
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection_edge.h"
23
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
24
#include "control.h"
25
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
26
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dns.h"
30
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
31
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "networkstatus.h"
35
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
36
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "router.h"
42
#include "sandbox.h"
43
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
44
#include "routerlist.h"
45
#include "routerset.h"
46
#include "statefile.h"
47
#include "transports.h"
48
#include "ext_orport.h"
49
#include "torgzip.h"
50
#ifdef _WIN32
51
52
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
53

54
55
56
57
58
#include "procmon.h"

/* From main.c */
extern int quiet_level;

59
60
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
61
static config_abbrev_t option_abbrevs_[] = {
62
63
64
65
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
66
  PLURAL(ExitNode),
67
  PLURAL(EntryNode),
68
69
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
70
  PLURAL(LongLivedPort),
71
72
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
73
  PLURAL(NumCPU),
74
75
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
76
77
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
78
  PLURAL(StrictNode),
79
  { "l", "Log", 1, 0},
80
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
81
82
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
83
84
85
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
86
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX024 later, make this warn? */
87
  { "MaxConn", "ConnLimit", 0, 1},
88
89
90
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
91
92
93
94
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
95
96
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
97
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
98
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
99
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
100
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
101
102
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
103
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
104
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
105
106
  { NULL, NULL, 0, 0},
};
107

Nick Mathewson's avatar
Nick Mathewson committed
108
109
110
111
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
112
113
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
114
      initvalue }
115
116
117
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
118
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
119
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
120

121
122
123
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
124
125
126
127
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
128
static config_var_t option_vars_[] = {
129
  OBSOLETE("AccountingMaxKB"),
130
131
132
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
133
  V(AllowDotExit,                BOOL,     "0"),
134
135
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
136
137
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
138
139
140
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
141
  V(AssumeReachable,             BOOL,     "0"),
142
  V(AuthDirBadDir,               LINELIST, NULL),
143
  V(AuthDirBadDirCCs,            CSV,      ""),
144
  V(AuthDirBadExit,              LINELIST, NULL),
145
  V(AuthDirBadExitCCs,           CSV,      ""),
146
  V(AuthDirInvalid,              LINELIST, NULL),
147
  V(AuthDirInvalidCCs,           CSV,      ""),
148
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
149
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
150
  V(AuthDirReject,               LINELIST, NULL),
151
  V(AuthDirRejectCCs,            CSV,      ""),
152
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
153
  V(AuthDirListBadDirs,          BOOL,     "0"),
154
  V(AuthDirListBadExits,         BOOL,     "0"),
155
156
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
157
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
158
159
160
161
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
162
163
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
164
165
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
166
  V(BridgePassword,              STRING,   NULL),
167
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
168
  V(BridgeRelay,                 BOOL,     "0"),
169
  V(CellStatistics,              BOOL,     "0"),
170
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
171
  V(CircuitBuildTimeout,         INTERVAL, "0"),
172
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
173
  V(CircuitStreamTimeout,        INTERVAL, "0"),
174
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
175
176
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
177
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
178
  V(ClientRejectInternalAddresses, BOOL,   "1"),
179
  V(ClientTransportPlugin,       LINELIST, NULL),
180
  V(ClientUseIPv6,               BOOL,     "0"),
181
  V(ConsensusParams,             STRING,   NULL),
182
  V(ConnLimit,                   UINT,     "1000"),
183
  V(ConnDirectionStatistics,     BOOL,     "0"),
184
185
186
187
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
188
  VPORT(ControlPort,                 LINELIST, NULL),
189
  V(ControlPortFileGroupReadable,BOOL,     "0"),
190
  V(ControlPortWriteToFile,      FILENAME, NULL),
191
  V(ControlSocket,               LINELIST, NULL),
192
  V(ControlSocketsGroupWritable, BOOL,     "0"),
193
194
195
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
196
  V(CountPrivateBandwidth,       BOOL,     "0"),
197
  V(DataDirectory,               FILENAME, NULL),
198
  OBSOLETE("DebugLogFile"),
199
  V(DisableNetwork,              BOOL,     "0"),
200
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
201
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
202
  V(DirListenAddress,            LINELIST, NULL),
203
  OBSOLETE("DirFetchPeriod"),
204
  V(DirPolicy,                   LINELIST, NULL),
205
  VPORT(DirPort,                     LINELIST, NULL),
206
  V(DirPortFrontPage,            FILENAME, NULL),
207
  OBSOLETE("DirPostPeriod"),
208
209
210
211
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
212
  V(DirReqStatistics,            BOOL,     "1"),
213
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
214
  V(DirAuthorityFallbackRate,    DOUBLE,   "1.0"),
215
  V(DisableAllSwap,              BOOL,     "0"),
216
  V(DisableDebuggerAttachment,   BOOL,     "1"),
217
  V(DisableIOCP,                 BOOL,     "1"),
218
  V(DisableV2DirectoryInfo_,     BOOL,     "0"),
219
  V(DynamicDHGroups,             BOOL,     "0"),
220
  VPORT(DNSPort,                     LINELIST, NULL),
221
222
223
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
224
  V(EntryNodes,                  ROUTERSET,   NULL),
225
  V(EntryStatistics,             BOOL,     "0"),
226
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
227
228
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
229
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
230
  V(ExitNodes,                   ROUTERSET, NULL),
231
232
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
233
  V(ExitPortStatistics,          BOOL,     "0"),
234
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
235
  VPORT(ExtORPort,               LINELIST, NULL),
236
  V(ExtraInfoStatistics,         BOOL,     "1"),
237
  V(FallbackDir,                 LINELIST, NULL),
238

239
  OBSOLETE("FallbackNetworkstatusFile"),
240
241
242
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
243
  V(FetchDirInfoEarly,           BOOL,     "0"),
244
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
245
246
247
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
248
  V(FetchV2Networkstatus,        BOOL,     "0"),
249
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
250
#ifdef _WIN32
251
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
252
  V(GeoIPv6File,                 FILENAME, "<default>"),
253
#else
254
255
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
256
257
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
258
#endif
259
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
260
  OBSOLETE("Group"),
261
  V(GuardLifetime,               INTERVAL, "0 minutes"),
262
  V(HardwareAccel,               BOOL,     "0"),
263
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
264
265
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
266
  V(HashedControlPassword,       LINELIST, NULL),
267
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
268
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
269
270
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
271
272
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
273
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
274
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
275
  V(HidServAuth,                 LINELIST, NULL),
276
  V(HSAuthoritativeDir,          BOOL,     "0"),
277
  OBSOLETE("HSAuthorityRecordStats"),
278
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
279
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
280
281
282
283
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
284
  V(IPv6Exit,                    BOOL,     "0"),
285
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
286
  V(ServerTransportListenAddr,   LINELIST, NULL),
287
  V(ServerTransportOptions,      LINELIST, NULL),
288
289
290
291
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
292
  OBSOLETE("IgnoreVersion"),
293
294
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
295
  V(LogMessageDomains,           BOOL,     "0"),
296
  OBSOLETE("LinkPadding"),
297
298
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
299
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
300
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
301
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
302
303
304
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
305
  V(MaxClientCircuitsPending,    UINT,     "32"),
306
  V(MaxMemInCellQueues,          MEMUNIT,  "8 GB"),
307
308
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
309
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
310
  OBSOLETE("MonthlyAccountingStart"),
311
312
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
313
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
314
  V(NATDListenAddress,           LINELIST, NULL),
315
  VPORT(NATDPort,                    LINELIST, NULL),
316
  V(Nickname,                    STRING,   NULL),
317
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
318
  OBSOLETE("NoPublish"),
319
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
320
  V(NumCPUs,                     UINT,     "0"),
321
  V(NumDirectoryGuards,          UINT,     "0"),
322
323
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
324
  VPORT(ORPort,                      LINELIST, NULL),
325
  V(OutboundBindAddress,         LINELIST,   NULL),
326

327
  OBSOLETE("PathBiasDisableRate"),
328
329
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
330
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
331
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
332
  V(PathBiasScaleThreshold,      INT,      "-1"),
333
334
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
335
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
336
337
338
339
340
341
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
342

343
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
344
  OBSOLETE("PathlenCoinWeight"),
345
346
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
347
  V(PidFile,                     STRING,   NULL),
348
  V(TestingTorNetwork,           BOOL,     "0"),
349
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
350
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
351
  V(OptimisticData,              AUTOBOOL, "auto"),
352
353
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
354
  V(PreferTunneledDirConns,      BOOL,     "1"),
355
  V(ProtocolWarnings,            BOOL,     "0"),
356
  V(PublishServerDescriptor,     CSV,      "1"),
357
358
359
360
361
362
363
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
364
  OBSOLETE("RedirectExit"),
365
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
366
  V(RejectPlaintextPorts,        CSV,      ""),
367
368
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
369
370
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
371
372
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
373
  OBSOLETE("RouterFile"),
374
  V(RunAsDaemon,                 BOOL,     "0"),
375
376
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
377
  V(Sandbox,                     BOOL,     "0"),
378
  V(SafeLogging,                 STRING,   "1"),
379
  V(SafeSocks,                   BOOL,     "0"),
380
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
381
382
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
383
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
384
385
386
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
387
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
388
389
390
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
391
  VPORT(SocksPort,                   LINELIST, NULL),
392
  V(SocksTimeout,                INTERVAL, "2 minutes"),
393
  V(SSLKeyLifetime,              INTERVAL, "0"),
394
  OBSOLETE("StatusFetchPeriod"),
395
  V(StrictNodes,                 BOOL,     "0"),
396
  V(Support022HiddenServices,    AUTOBOOL, "auto"),
397
  OBSOLETE("SysLog"),
398
  V(TestSocks,                   BOOL,     "0"),
399
  OBSOLETE("TestVia"),
400
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
401
  V(Tor2webMode,                 BOOL,     "0"),
402
  V(TLSECGroup,                  STRING,   NULL),
403
404
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
405
  OBSOLETE("TrafficShaping"),
406
  V(TransListenAddress,          LINELIST, NULL),
407
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
408
  V(TunnelDirConns,              BOOL,     "1"),
409
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
410
  V(UseBridges,                  BOOL,     "0"),
411
  V(UseEntryGuards,              BOOL,     "1"),
412
  V(UseEntryGuardsAsDirGuards,   BOOL,     "1"),
413
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
414
  V(UseNTorHandshake,            AUTOBOOL, "1"),
415
  V(User,                        STRING,   NULL),
416
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
417
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
418
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
419
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
420
421
422
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
423
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
424
425
426
427
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
428
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
429
  V(V3BandwidthsFile,            FILENAME, NULL),
430
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
431
432
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
433
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
434
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
435
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
436
437
438
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
439
440
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
441
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
442
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
443
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
  V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 60, 60, 120, "
                                 "300, 900, 2147483647"),
  V(TestingClientDownloadSchedule, CSV_INTERVAL, "0, 0, 60, 300, 600, "
                                 "2147483647"),
  V(TestingServerConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 60, "
                                 "300, 600, 1800, 1800, 1800, 1800, "
                                 "1800, 3600, 7200"),
  V(TestingClientConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 60, "
                                 "300, 600, 1800, 3600, 3600, 3600, "
                                 "10800, 21600, 43200"),
  V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "3600, 900, 900, 3600"),
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
  V(TestingConsensusMaxDownloadTries, UINT, "8"),
  V(TestingDescriptorMaxDownloadTries, UINT, "8"),
  V(TestingMicrodescMaxDownloadTries, UINT, "8"),
  V(TestingCertMaxDownloadTries, UINT, "8"),
461
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
462

463
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
464
};
465

466
467
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
468
static const config_var_t testing_tor_network_defaults[] = {
469
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
470
471
472
473
474
475
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
476
  V(ClientRejectInternalAddresses, BOOL,   "0"),
477
  V(CountPrivateBandwidth,       BOOL,     "1"),
478
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
479
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
480
481
482
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
483
484
485
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
486
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
487
488
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
489
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
  V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 5, 10, 15, "
                                 "20, 30, 60"),
  V(TestingClientDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, 15, 20, "
                                 "30, 60"),
  V(TestingServerConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, "
                                 "15, 20, 30, 60"),
  V(TestingClientConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, "
                                 "15, 20, 30, 60"),
  V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "60, 30, 30, 60"),
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
  V(TestingConsensusMaxDownloadTries, UINT, "80"),
  V(TestingDescriptorMaxDownloadTries, UINT, "80"),
  V(TestingMicrodescMaxDownloadTries, UINT, "80"),
  V(TestingCertMaxDownloadTries, UINT, "80"),
505
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
506

507
508
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
509

510
#undef VAR
511
#undef V
512
513
#undef OBSOLETE

514
#ifdef _WIN32
515
516
static char *get_windows_conf_root(void);
#endif
517
518
519
520
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
521
                                      char **msg);
522
523
524
525
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
526
static int check_nickname_list(char **lst, const char *name, char **msg);
527

George Kadianakis's avatar
George Kadianakis committed
528
static int parse_client_transport_line(const char *line, int validate_only);
529
530

static int parse_server_transport_line(const char *line, int validate_only);
531
532
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
533
static int parse_dir_authority_line(const char *line,
534
                                 dirinfo_type_t required_type,
535
                                 int validate_only);
536
537
static int parse_dir_fallback_line(const char *line,
                                   int validate_only);
538
static void port_cfg_free(port_cfg_t *port);
539
static int parse_ports(or_options_t *options, int validate_only,
540
                              char **msg_out, int *n_ports_out);
541
542
543
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

544
static int validate_data_directory(or_options_t *options);
545
546
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
547
static int options_init_logs(or_options_t *options, int validate_only);
548

549
static void init_libevent(const or_options_t *options);
550
static int opt_streq(const char *s1, const char *s2);
551
552
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
Linus Nordberg's avatar
Linus Nordberg committed
553
554
static void config_maybe_load_geoip_files_(const or_options_t *options,
                                           const or_options_t *old_options);
555
556
557
static int options_validate_cb(void *old_options, void *options,
                               void *default_options,
                               int from_setconf, char **msg);
558

559
/** Magic value for or_options_t. */
560
561
#define OR_OPTIONS_MAGIC 9090909

562
/** Configuration format for or_options_t. */
563
STATIC config_format_t options_format = {
564
565
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
566
567
568
  STRUCT_OFFSET(or_options_t, magic_),
  option_abbrevs_,
  option_vars_,
569
  options_validate_cb,
570
  NULL
571
572
};

573
574
575
576
577
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
578
static or_options_t *global_options = NULL;
579
580
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
581
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
582
/** Name of most recently read torrc file. */
583
static char *torrc_fname = NULL;
584
/** Name of the most recently read torrc-defaults file.*/
585
static char *torrc_defaults_fname;
586
/** Configuration options set by command line. */
587
static config_line_t *global_cmdline_options = NULL;
588
589
590
591
/** Non-configuration options set by the command line */
static config_line_t *global_cmdline_only_options = NULL;
/** Boolean: Have we parsed the command line? */
static int have_parsed_cmdline = 0;
Roger Dingledine's avatar
Roger Dingledine committed
592
/** Contents of most recently read DirPortFrontPage file. */
593
static char *global_dirfrontpagecontents = NULL;
594
595
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
596
597
598
599
600
601
602

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
603

604
605
/** Return the currently configured options. */
or_options_t *
606
get_options_mutable(void)
607
{
608
609
610
  tor_assert(global_options);
  return global_options;
}
611

612
613
614
615
616
617
618
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

619
620
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
621
 * as necessary.  Returns 0 on success, -1 on failure.
622
 */
623
int
624
set_options(or_options_t *new_val, char **msg)
625
{
626
627
628
  int i;
  smartlist_t *elements;
  config_line_t *line;
629
  or_options_t *old_options = global_options;
630
  global_options = new_val;
631
632
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
633
634
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
635
636
637
    global_options = old_options;
    return -1;
  }
638
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
639
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
640
            "Acting on config options left us in a broken state. Dying.");
641
642
    exit(1);
  }
643
644
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
645
  if (old_options && old_options != global_options) {
646
    elements = smartlist_new();
647
    for (i=0; options_format.vars[i].name; ++i) {
648
649
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
650
651
652
653
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
654
655
656
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
657
658

        if (line) {
Nick Mathewson's avatar
Nick Mathewson committed
659
660
661
          config_line_t *next;
          for (; line; line = next) {
            next = line->next;
662
663
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
Nick Mathewson's avatar
Nick Mathewson committed
664
            tor_free(line);
665
666
          }
        } else {
667
          smartlist_add(elements, tor_strdup(options_format.vars[i].name));
668
          smartlist_add(elements, NULL);
669
670
671
        }
      }
    }
672
    control_event_conf_changed(elements);
673
    SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
674
675
    smartlist_free(elements);
  }
676
677
678

  if (old_options != global_options)
    config_free(&options_format, old_options);
679
680

  return 0;
681
682
}

683
extern const char tor_git_revision[]; /* from tor_main.c */
684

685
/** The version of this Tor process, as parsed. */
686
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
687
688
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
689
static char *the_short_tor_version = NULL;
690

691
/** Return the current Tor version. */
692
693
694
const char *
get_version(void)
{
695
  if (the_tor_version == NULL) {
696
    if (strlen(tor_git_revision)) {
697
698
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
699
    } else {
700
      the_tor_version = tor_strdup(get_short_version());
701
702
    }
  }
703
  return the_tor_version;
704
705
}

706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

721
722
/** Release additional memory allocated in options
 */
723
STATIC void
724
725
or_options_free(or_options_t *options)
{
726
727
728
  if (!options)
    return;

729
  routerset_free(options->ExcludeExitNodesUnion_);
730
731
732
733
734
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
735
  tor_free(options->BridgePassword_AuthDigest_);
736
  tor_free(options->command_arg);
737
738
739
  config_free(&options_format, options);
}

740
741
/** Release all memory and resources held by global configuration structures.
 */