config.c 297 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
63
64
65
66
67
68
69
70
71
#include "core/or/or.h"
#include "feature/client/bridges.h"
#include "feature/client/addressmap.h"
#include "core/or/channel.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuitmux.h"
#include "core/or/circuitmux_ewma.h"
#include "core/or/circuitstats.h"
72
#include "lib/compress/compress.h"
73
#include "app/config/config.h"
74
#include "lib/encoding/confline.h"
75
76
77
78
79
80
81
#include "core/mainloop/connection.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
#include "feature/dircache/consdiffmgr.h"
#include "feature/control/control.h"
#include "app/config/confparse.h"
#include "core/mainloop/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
84
#include "lib/crypt_ops/crypto_init.h"
85
86
87
88
89
#ifdef ENABLE_NSS
#include "lib/crypt_ops/crypto_nss_mgt.h"
#else
#include "lib/crypt_ops/crypto_openssl_mgt.h"
#endif
90
#include "feature/dirauth/bwauth.h"
91
#include "feature/dircache/dirserv.h"
92
#include "feature/dirauth/guardfraction.h"
93
94
95
#include "feature/relay/dns.h"
#include "core/or/dos.h"
#include "feature/client/entrynodes.h"
96
#include "lib/log/git_revision.h"
97
98
99
100
101
102
103
104
105
106
107
108
#include "feature/stats/geoip.h"
#include "feature/hibernate/hibernate.h"
#include "core/mainloop/main.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "core/or/policies.h"
#include "core/or/relay.h"
#include "feature/rend/rendclient.h"
#include "feature/rend/rendservice.h"
#include "feature/hs/hs_config.h"
#include "feature/stats/rephist.h"
#include "feature/relay/router.h"
109
#include "lib/sandbox/sandbox.h"
110
#include "feature/nodelist/dirlist.h"
111
112
113
114
115
116
#include "feature/nodelist/routerset.h"
#include "core/or/scheduler.h"
#include "app/config/statefile.h"
#include "feature/client/transports.h"
#include "feature/relay/ext_orport.h"
#include "feature/dircommon/voting_schedule.h"
117
#include "lib/net/resolve.h"
118
#ifdef _WIN32
119
120
#include <shlobj.h>
#endif
121
122
123
124
125
126
127
128
129
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
130

131
#include "lib/meminfo/meminfo.h"
132
#include "lib/osinfo/uname.h"
133
134
135
136
137
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
138
#include "lib/net/gethostname.h"
139
#include "lib/thread/numcpus.h"
140

141
#include "lib/encoding/keyval.h"
142
#include "lib/fs/conffile.h"
143
#include "lib/evloop/procmon.h"
144

145
#include "feature/dirauth/dirvote.h"
146
#include "feature/dirauth/recommend_pkg.h"
147
#include "feature/dirauth/mode.h"
148

149
150
#include "core/or/connection_st.h"
#include "core/or/port_cfg_st.h"
151

152
153
154
155
156
157
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
158
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
159
#include <systemd/sd-daemon.h>
160
#endif /* defined(HAVE_SYSTEMD) */
161

162
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
163
static const char unix_socket_prefix[] = "unix:";
164
165
166
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
167

168
169
170
171
/* limits for TCP send and recv buffer size used for constrained sockets */
#define MIN_CONSTRAINED_TCP_BUFFER 2048
#define MAX_CONSTRAINED_TCP_BUFFER 262144  /* 256k */

172
173
174
175
176
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

177
178
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
179
static config_abbrev_t option_abbrevs_[] = {
180
181
182
183
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
184
  PLURAL(EntryNode),
185
186
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
187
  PLURAL(LongLivedPort),
188
189
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
190
  PLURAL(NumCPU),
191
  PLURAL(RendNode),
192
  PLURAL(RecommendedPackage),
193
  PLURAL(RendExcludeNode),
194
195
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
196
  PLURAL(StrictNode),
197
  { "l", "Log", 1, 0},
198
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
199
200
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
201
202
203
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
204
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
205
  { "MaxConn", "ConnLimit", 0, 1},
206
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
207
208
209
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
210
211
212
213
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
214
215
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
216
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
217
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
218
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
219
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
220
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
221
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
222
223
224
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

225
226
227
228
229
230
231
232
233
234
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

235
236
  { NULL, NULL, 0, 0},
};
237

238
239
240
241
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
242
243
244
245
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
246
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
247
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
248
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
249
250
251
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
252
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
253
254
255
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
256
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
257
#endif
258

259
260
261
262
263
264
265
266
267
268
269
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
270

271
272
273
/** UINT64_MAX as a decimal string */
#define UINT64_MAX_STRING "18446744073709551615"

Nick Mathewson's avatar
Nick Mathewson committed
274
275
276
277
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
278
static config_var_t option_vars_[] = {
279
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
280
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
281
282
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
283
  OBSOLETE("AllowDotExit"),
284
  OBSOLETE("AllowInvalidNodes"),
285
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
286
  OBSOLETE("AllowSingleHopCircuits"),
287
  OBSOLETE("AllowSingleHopExits"),
288
289
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
290
  OBSOLETE("AlternateHSAuthority"),
291
  V(AssumeReachable,             BOOL,     "0"),
292
293
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
294
  V(AuthDirBadExit,              LINELIST, NULL),
295
  V(AuthDirBadExitCCs,           CSV,      ""),
296
  V(AuthDirInvalid,              LINELIST, NULL),
297
  V(AuthDirInvalidCCs,           CSV,      ""),
298
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
299
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
300
  V(AuthDirPinKeys,              BOOL,     "1"),
301
  V(AuthDirReject,               LINELIST, NULL),
302
  V(AuthDirRejectCCs,            CSV,      ""),
303
  OBSOLETE("AuthDirRejectUnlisted"),
304
  OBSOLETE("AuthDirListBadDirs"),
305
  V(AuthDirListBadExits,         BOOL,     "0"),
306
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
307
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
308
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
309
310
311
312
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
313
314
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
315
316
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
317
  V(BridgePassword,              STRING,   NULL),
318
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
319
  V(BridgeRelay,                 BOOL,     "0"),
320
  V(BridgeDistribution,          STRING,   NULL),
321
322
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
323
  V(CellStatistics,              BOOL,     "0"),
324
  V(PaddingStatistics,           BOOL,     "1"),
325
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
326
  V(CircuitBuildTimeout,         INTERVAL, "0"),
327
328
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
329
  V(CircuitStreamTimeout,        INTERVAL, "0"),
330
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
331
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
332
  V(ClientOnly,                  BOOL,     "0"),
333
334
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
335
  V(ClientRejectInternalAddresses, BOOL,   "1"),
336
  V(ClientTransportPlugin,       LINELIST, NULL),
337
  V(ClientUseIPv6,               BOOL,     "0"),
338
  V(ClientUseIPv4,               BOOL,     "1"),
339
  V(ConsensusParams,             STRING,   NULL),
340
  V(ConnLimit,                   UINT,     "1000"),
341
  V(ConnDirectionStatistics,     BOOL,     "0"),
342
343
344
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
345
  OBSOLETE("ControlListenAddress"),
346
  VPORT(ControlPort),
347
  V(ControlPortFileGroupReadable,BOOL,     "0"),
348
  V(ControlPortWriteToFile,      FILENAME, NULL),
349
  V(ControlSocket,               LINELIST, NULL),
350
  V(ControlSocketsGroupWritable, BOOL,     "0"),
351
  V(UnixSocksGroupWritable,    BOOL,     "0"),
352
353
354
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
355
  V(CountPrivateBandwidth,       BOOL,     "0"),
356
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
357
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
358
  V(DisableOOSCheck,             BOOL,     "1"),
359
  V(DisableNetwork,              BOOL,     "0"),
360
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
361
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
362
  OBSOLETE("DirListenAddress"),
363
  V(DirPolicy,                   LINELIST, NULL),
364
  VPORT(DirPort),
365
  V(DirPortFrontPage,            FILENAME, NULL),
366
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
367
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
368
  V(DirCache,                    BOOL,     "1"),
369
370
371
372
373
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
374
375
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
376
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
377
  V(DisableAllSwap,              BOOL,     "0"),
378
  V(DisableDebuggerAttachment,   BOOL,     "1"),
379
  OBSOLETE("DisableIOCP"),
380
  OBSOLETE("DisableV2DirectoryInfo_"),
381
  OBSOLETE("DynamicDHGroups"),
382
  VPORT(DNSPort),
383
  OBSOLETE("DNSListenAddress"),
384
385
386
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
387
  V(DoSCircuitCreationRate,      UINT,     "0"),
388
389
390
391
392
393
394
395
396
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
397
  V(DownloadExtraInfo,           BOOL,     "0"),
398
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
399
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
400
  OBSOLETE("TestingEnableTbEmptyEvent"),
401
  V(EnforceDistinctSubnets,      BOOL,     "1"),
402
  V(EntryNodes,                  ROUTERSET,   NULL),
403
  V(EntryStatistics,             BOOL,     "0"),
404
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
405
406
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
407
  OBSOLETE("ExcludeSingleHopRelays"),
408
  V(ExitNodes,                   ROUTERSET, NULL),
409
410
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
411
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
412
  V(ExitPortStatistics,          BOOL,     "0"),
413
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
414
  V(ExitRelay,                   AUTOBOOL, "auto"),
415
  VPORT(ExtORPort),
416
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
417
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
418
  V(ExtraInfoStatistics,         BOOL,     "1"),
419
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
420
  V(FallbackDir,                 LINELIST, NULL),
421

422
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
423

424
  OBSOLETE("FallbackNetworkstatusFile"),
425
426
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
427
  OBSOLETE("FastFirstHopPK"),
428
  V(FetchDirInfoEarly,           BOOL,     "0"),
429
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
430
431
432
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
433
  OBSOLETE("FetchV2Networkstatus"),
434
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
435
#ifdef _WIN32
436
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
437
  V(GeoIPv6File,                 FILENAME, "<default>"),
438
#else
439
440
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
441
442
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
443
#endif /* defined(_WIN32) */
444
  OBSOLETE("Group"),
445
  V(GuardLifetime,               INTERVAL, "0 minutes"),
446
  V(HardwareAccel,               BOOL,     "0"),
447
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
448
  V(MainloopStats,               BOOL,     "0"),
449
450
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
451
  V(HashedControlPassword,       LINELIST, NULL),
452
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
453
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
454
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
455
456
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
457
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
458
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
459
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
460
461
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
462
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
463
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
464
  V(HidServAuth,                 LINELIST, NULL),
465
  V(ClientOnionAuthDir,          FILENAME, NULL),
466
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
467
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
468
469
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
470
471
472
473
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
474
  VPORT(HTTPTunnelPort),
475
  V(IPv6Exit,                    BOOL,     "0"),
476
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
477
  V(ServerTransportListenAddr,   LINELIST, NULL),
478
  V(ServerTransportOptions,      LINELIST, NULL),
479
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
480
481
482
483
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
484
485
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
486
487
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
488
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
489
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
490
  VAR("Log",                     LINELIST, Logs,             NULL),
491
  V(LogMessageDomains,           BOOL,     "0"),
492
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
493
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
494
  V(SyslogIdentityTag,           STRING,   NULL),
495
  V(AndroidIdentityTag,          STRING,   NULL),
496
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
497
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
498
499
500
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
501
  V(MaxClientCircuitsPending,    UINT,     "32"),
502
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
503
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
504
505
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
506
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
507
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
508
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
509
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
510
  OBSOLETE("NamingAuthoritativeDirectory"),
511
  OBSOLETE("NATDListenAddress"),
512
  VPORT(NATDPort),
513
  V(Nickname,                    STRING,   NULL),
514
  OBSOLETE("PredictedPortsRelevanceTime"),
515
  OBSOLETE("WarnUnsafeSocks"),
516
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
517
  V(NoExec,                      BOOL,     "0"),
518
  V(NumCPUs,                     UINT,     "0"),
519
  V(NumDirectoryGuards,          UINT,     "0"),
520
  V(NumEntryGuards,              UINT,     "0"),
521
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
522
  V(OfflineMasterKey,            BOOL,     "0"),
523
  OBSOLETE("ORListenAddress"),
524
  VPORT(ORPort),
525
  V(OutboundBindAddress,         LINELIST,   NULL),
526
527
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
528

529
  OBSOLETE("PathBiasDisableRate"),
530
531
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
532
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
533
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
534
  V(PathBiasScaleThreshold,      INT,      "-1"),
535
536
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
537
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
538
539
540
541
542
543
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
544

545
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
546
547
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
548
  V(PidFile,                     STRING,   NULL),
549
  V(TestingTorNetwork,           BOOL,     "0"),
550
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
551
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
552

553
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
554
555
556
557
558
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

559
  V(OptimisticData,              AUTOBOOL, "auto"),
560
561
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
562
  OBSOLETE("PreferTunneledDirConns"),
563
  V(ProtocolWarnings,            BOOL,     "0"),
564
  V(PublishServerDescriptor,     CSV,      "1"),
565
566
567
568
569
570
571
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
572
  V(RecommendedPackages,         LINELIST, NULL),
573
574
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
575
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
576
  V(RejectPlaintextPorts,        CSV,      ""),
577
578
579
580
581
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
582
  V(ReducedExitPolicy,           BOOL,     "0"),
583
  OBSOLETE("RunTesting"), // currently unused
584
  V(Sandbox,                     BOOL,     "0"),
585
  V(SafeLogging,                 STRING,   "1"),
586
  V(SafeSocks,                   BOOL,     "0"),
587
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
588
589
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
590
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
591
592
593
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
594
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
595
596
597
598
599
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
600
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
601
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
602
  OBSOLETE("SocksListenAddress"),
603
  V(SocksPolicy,                 LINELIST, NULL),
604
  VPORT(SocksPort),
605
  V(SocksTimeout,                INTERVAL, "2 minutes"),
606
  V(SSLKeyLifetime,              INTERVAL, "0"),
607
608
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
609
  V(StrictNodes,                 BOOL,     "0"),
610
  OBSOLETE("Support022HiddenServices"),
611
  V(TestSocks,                   BOOL,     "0"),
612
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
David Goulet's avatar
David Goulet committed
613
614
  OBSOLETE("Tor2webMode"),
  OBSOLETE("Tor2webRendezvousPoints"),
615
  OBSOLETE("TLSECGroup"),
616
617
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
618
  OBSOLETE("TransListenAddress"),
619
  VPORT(TransPort),
620
  V(TransProxyType,              STRING,   "default"),
621
  OBSOLETE("TunnelDirConns"),
622
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
623
  V(UseBridges,                  BOOL,     "0"),
624
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
625
  OBSOLETE("UseEntryGuardsAsDirGuards"),
626
  V(UseGuardFraction,            AUTOBOOL, "auto"),
627
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
628
  OBSOLETE("UseNTorHandshake"),
629
  V(User,                        STRING,   NULL),
630
  OBSOLETE("UserspaceIOCPBuffers"),
631
  V(AuthDirSharedRandomness,     BOOL,     "1"),
632
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
633
  OBSOLETE("V1AuthoritativeDirectory"),
634
  OBSOLETE("V2AuthoritativeDirectory"),
635
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
636
637
638
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
639
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
640
641
642
643
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
644
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
645
  V(V3BandwidthsFile,            FILENAME, NULL),
646
  V(GuardfractionFile,           FILENAME, NULL),
647
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
648
  OBSOLETE("VoteOnHidServDirectoriesV2"),
649
650
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
651
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
652
653
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
654
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
655
656
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
657
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
658
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
659
660
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
661
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
662
  VAR("__OwningControllerFD", UINT64, OwningControllerFD, UINT64_MAX_STRING),
663
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
664
665
666
667
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
668
  /* With the ClientBootstrapConsensus*Download* below:
669
   * Clients with only authorities will try:
670
671
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
672
   * Clients with authorities and fallbacks will try:
673
674
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
675
   * Clients will also retry when an application request arrives.
676
   * After a number of failed requests, clients retry every 3 days + 1 hour.
677
678
679
680
681
682
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
683
684
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
685
  /* When clients only have authorities available, they use this schedule: */
686
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
687
    "0"),
688
689
690
691
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
692
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
693
694
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
695
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
696
697
698
699
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
700
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
701
702
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
703
704
705
706
707
708
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
709
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
710
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
711
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
712
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
713
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
714
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
715
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
716

717
  END_OF_CONFIG_VARS
718
};
719

720
721
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
722
static const config_var_t testing_tor_network_defaults[] = {
723
724
725
726
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
727
728
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
729
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
730
    "0"),
731
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
732
  V(ClientRejectInternalAddresses, BOOL,   "0"),
733
  V(CountPrivateBandwidth,       BOOL,     "1"),
734
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
735
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
736
737
738
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
739
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
740
741
742
743
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
744
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
745
746
747
748
749
750
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
751
752
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
753
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
754
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
755
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
756
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
757

758
  END_OF_CONFIG_VARS
759
};
760

761
#undef VAR
762
#undef V
763
764
#undef OBSOLETE

765
static const config_deprecation_t option_deprecation_notes_[] = {
766
  /* Deprecated since 0.3.2.0-alpha. */
767
768
769
770
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
771
772
773
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
774
775
776
777
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
778
  /* End of options deprecated since 0.3.2.2-alpha. */
779

780
781
782