config.c 298 KB
Newer Older
1
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
2
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
4
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
 * \file config.c
9
10
11
12
13
14
15
16
17
18
19
20
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
21
 * <h3>How to add new options</h3>
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
59
60
 **/

61
#define CONFIG_PRIVATE
62
#include "core/or/or.h"
63
64
65
66
67
68
69
70
#include "app/config/config.h"
#include "app/config/confparse.h"
#include "app/config/statefile.h"
#include "app/main/main.h"
#include "core/mainloop/connection.h"
#include "core/mainloop/cpuworker.h"
#include "core/mainloop/mainloop.h"
#include "core/mainloop/netstatus.h"
71
72
73
74
75
76
77
78
#include "core/or/channel.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuitmux.h"
#include "core/or/circuitmux_ewma.h"
#include "core/or/circuitstats.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
79
80
81
82
83
84
85
86
#include "core/or/dos.h"
#include "core/or/policies.h"
#include "core/or/relay.h"
#include "core/or/scheduler.h"
#include "feature/client/addressmap.h"
#include "feature/client/bridges.h"
#include "feature/client/entrynodes.h"
#include "feature/client/transports.h"
87
#include "feature/control/control.h"
88
89
#include "feature/dirauth/bwauth.h"
#include "feature/dirauth/guardfraction.h"
90
91
92
#include "feature/dircache/consdiffmgr.h"
#include "feature/dircache/dirserv.h"
#include "feature/dircommon/voting_schedule.h"
93
#include "feature/hibernate/hibernate.h"
94
95
#include "feature/hs/hs_config.h"
#include "feature/nodelist/dirlist.h"
96
#include "feature/nodelist/networkstatus.h"
97
#include "feature/nodelist/nickname.h"
98
#include "feature/nodelist/nodelist.h"
99
100
101
102
#include "feature/nodelist/routerset.h"
#include "feature/relay/dns.h"
#include "feature/relay/ext_orport.h"
#include "feature/relay/routermode.h"
103
104
#include "feature/rend/rendclient.h"
#include "feature/rend/rendservice.h"
105
#include "feature/stats/geoip.h"
106
#include "feature/stats/geoip_stats.h"
107
#include "feature/stats/predict_ports.h"
108
#include "feature/stats/rephist.h"
109
110
111
112
113
114
#include "lib/compress/compress.h"
#include "lib/crypt_ops/crypto_init.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/encoding/confline.h"
#include "lib/log/git_revision.h"
115
#include "lib/net/resolve.h"
116
117
118
119
120
121
122
123
#include "lib/sandbox/sandbox.h"

#ifdef ENABLE_NSS
#include "lib/crypt_ops/crypto_nss_mgt.h"
#else
#include "lib/crypt_ops/crypto_openssl_mgt.h"
#endif

124
#ifdef _WIN32
125
126
#include <shlobj.h>
#endif
127
128
129
130
131
132
133
134
135
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
136

137
#include "lib/meminfo/meminfo.h"
138
#include "lib/osinfo/uname.h"
139
140
141
142
143
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
144
#include "lib/net/gethostname.h"
145
#include "lib/thread/numcpus.h"
146

147
#include "lib/encoding/keyval.h"
148
#include "lib/fs/conffile.h"
149
#include "lib/evloop/procmon.h"
150

151
#include "feature/dirauth/dirvote.h"
152
#include "feature/dirauth/recommend_pkg.h"
153
#include "feature/dirauth/authmode.h"
154

155
156
#include "core/or/connection_st.h"
#include "core/or/port_cfg_st.h"
157

158
159
160
161
162
163
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
164
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
165
#include <systemd/sd-daemon.h>
166
#endif /* defined(HAVE_SYSTEMD) */
167

168
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
169
static const char unix_socket_prefix[] = "unix:";
170
171
172
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
173

174
175
176
177
/* limits for TCP send and recv buffer size used for constrained sockets */
#define MIN_CONSTRAINED_TCP_BUFFER 2048
#define MAX_CONSTRAINED_TCP_BUFFER 262144  /* 256k */

178
179
180
181
182
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

183
184
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
185
static config_abbrev_t option_abbrevs_[] = {
186
187
188
189
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
190
  PLURAL(EntryNode),
191
192
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
193
  PLURAL(LongLivedPort),
194
195
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
196
  PLURAL(NumCPU),
197
  PLURAL(RendNode),
198
  PLURAL(RecommendedPackage),
199
  PLURAL(RendExcludeNode),
200
201
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
202
  PLURAL(StrictNode),
203
  { "l", "Log", 1, 0},
204
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
205
206
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
207
208
209
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
210
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
211
  { "MaxConn", "ConnLimit", 0, 1},
212
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
213
214
215
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
216
217
218
219
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
220
221
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
222
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
223
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
224
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
225
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
226
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
227
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
228
229
230
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

231
232
233
234
235
236
237
238
239
240
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

241
242
  { NULL, NULL, 0, 0},
};
243

244
245
246
247
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
248
249
250
251
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
252
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
253
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
254
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
255
256
257
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
258
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
259
260
261
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
262
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
263
#endif
264

265
266
267
268
269
270
271
272
273
274
275
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
276

277
278
279
/** UINT64_MAX as a decimal string */
#define UINT64_MAX_STRING "18446744073709551615"

Nick Mathewson's avatar
Nick Mathewson committed
280
281
282
283
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
284
static config_var_t option_vars_[] = {
285
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
286
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
287
288
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
289
  OBSOLETE("AllowDotExit"),
290
  OBSOLETE("AllowInvalidNodes"),
291
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
292
  OBSOLETE("AllowSingleHopCircuits"),
293
  OBSOLETE("AllowSingleHopExits"),
294
295
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
296
  OBSOLETE("AlternateHSAuthority"),
297
  V(AssumeReachable,             BOOL,     "0"),
298
299
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
300
  V(AuthDirBadExit,              LINELIST, NULL),
301
  V(AuthDirBadExitCCs,           CSV,      ""),
302
  V(AuthDirInvalid,              LINELIST, NULL),
303
  V(AuthDirInvalidCCs,           CSV,      ""),
304
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
305
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
306
  V(AuthDirPinKeys,              BOOL,     "1"),
307
  V(AuthDirReject,               LINELIST, NULL),
308
  V(AuthDirRejectCCs,            CSV,      ""),
309
  OBSOLETE("AuthDirRejectUnlisted"),
310
  OBSOLETE("AuthDirListBadDirs"),
311
  V(AuthDirListBadExits,         BOOL,     "0"),
312
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
313
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
314
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
315
316
317
318
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
319
320
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
321
322
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
323
  V(BridgePassword,              STRING,   NULL),
324
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
325
  V(BridgeRelay,                 BOOL,     "0"),
326
  V(BridgeDistribution,          STRING,   NULL),
327
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
328
  V(CacheDirectoryGroupReadable, AUTOBOOL,     "auto"),
329
  V(CellStatistics,              BOOL,     "0"),
330
  V(PaddingStatistics,           BOOL,     "1"),
331
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
332
  V(CircuitBuildTimeout,         INTERVAL, "0"),
333
334
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
335
  V(CircuitStreamTimeout,        INTERVAL, "0"),
336
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
337
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
338
  V(ClientOnly,                  BOOL,     "0"),
339
340
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
341
  V(ClientRejectInternalAddresses, BOOL,   "1"),
342
  V(ClientTransportPlugin,       LINELIST, NULL),
343
  V(ClientUseIPv6,               BOOL,     "0"),
344
  V(ClientUseIPv4,               BOOL,     "1"),
345
  V(ConsensusParams,             STRING,   NULL),
346
  V(ConnLimit,                   UINT,     "1000"),
347
  V(ConnDirectionStatistics,     BOOL,     "0"),
348
349
350
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
351
  OBSOLETE("ControlListenAddress"),
352
  VPORT(ControlPort),
353
  V(ControlPortFileGroupReadable,BOOL,     "0"),
354
  V(ControlPortWriteToFile,      FILENAME, NULL),
355
  V(ControlSocket,               LINELIST, NULL),
356
  V(ControlSocketsGroupWritable, BOOL,     "0"),
357
  V(UnixSocksGroupWritable,    BOOL,     "0"),
358
359
360
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
361
  V(CountPrivateBandwidth,       BOOL,     "0"),
362
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
363
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
364
  V(DisableOOSCheck,             BOOL,     "1"),
365
  V(DisableNetwork,              BOOL,     "0"),
366
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
367
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
368
  OBSOLETE("DirListenAddress"),
369
  V(DirPolicy,                   LINELIST, NULL),
370
  VPORT(DirPort),
371
  V(DirPortFrontPage,            FILENAME, NULL),
372
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
373
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
374
  V(DirCache,                    BOOL,     "1"),
375
376
377
378
379
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
380
381
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
382
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
383
  V(DisableAllSwap,              BOOL,     "0"),
384
  V(DisableDebuggerAttachment,   BOOL,     "1"),
385
  OBSOLETE("DisableIOCP"),
386
  OBSOLETE("DisableV2DirectoryInfo_"),
387
  OBSOLETE("DynamicDHGroups"),
388
  VPORT(DNSPort),
389
  OBSOLETE("DNSListenAddress"),
390
391
392
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
393
  V(DoSCircuitCreationRate,      UINT,     "0"),
394
395
396
397
398
399
400
401
402
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
403
  V(DownloadExtraInfo,           BOOL,     "0"),
404
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
405
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
406
  OBSOLETE("TestingEnableTbEmptyEvent"),
407
  V(EnforceDistinctSubnets,      BOOL,     "1"),
408
  V(EntryNodes,                  ROUTERSET,   NULL),
409
  V(EntryStatistics,             BOOL,     "0"),
410
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
411
412
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
413
  OBSOLETE("ExcludeSingleHopRelays"),
414
  V(ExitNodes,                   ROUTERSET, NULL),
415
416
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
417
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
418
  V(ExitPortStatistics,          BOOL,     "0"),
419
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
420
  V(ExitRelay,                   AUTOBOOL, "auto"),
421
  VPORT(ExtORPort),
422
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
423
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
424
  V(ExtraInfoStatistics,         BOOL,     "1"),
425
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
426
  V(FallbackDir,                 LINELIST, NULL),
427

428
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
429

430
  OBSOLETE("FallbackNetworkstatusFile"),
431
432
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
433
  OBSOLETE("FastFirstHopPK"),
434
  V(FetchDirInfoEarly,           BOOL,     "0"),
435
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
436
437
438
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
439
  OBSOLETE("FetchV2Networkstatus"),
440
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
441
#ifdef _WIN32
442
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
443
  V(GeoIPv6File,                 FILENAME, "<default>"),
444
#else
445
446
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
447
448
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
449
#endif /* defined(_WIN32) */
450
  OBSOLETE("Group"),
451
  V(GuardLifetime,               INTERVAL, "0 minutes"),
452
  V(HardwareAccel,               BOOL,     "0"),
453
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
454
  V(MainloopStats,               BOOL,     "0"),
455
456
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
457
  V(HashedControlPassword,       LINELIST, NULL),
458
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
459
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
460
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
461
462
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
463
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
464
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
465
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
466
467
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
468
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
469
  VAR("HiddenServiceExportCircuitID", LINELIST_S,  RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
470
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
471
  V(HidServAuth,                 LINELIST, NULL),
472
  V(ClientOnionAuthDir,          FILENAME, NULL),
473
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
474
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
475
476
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
477
478
479
480
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
481
  VPORT(HTTPTunnelPort),
482
  V(IPv6Exit,                    BOOL,     "0"),
483
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
484
  V(ServerTransportListenAddr,   LINELIST, NULL),
485
  V(ServerTransportOptions,      LINELIST, NULL),
486
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
487
488
489
490
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
491
492
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
493
494
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
495
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
496
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
497
  VAR("Log",                     LINELIST, Logs,             NULL),
498
  V(LogMessageDomains,           BOOL,     "0"),
499
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
500
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
501
  V(SyslogIdentityTag,           STRING,   NULL),
502
  V(AndroidIdentityTag,          STRING,   NULL),
503
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
504
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
505
506
507
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
508
  V(MaxClientCircuitsPending,    UINT,     "32"),
509
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
510
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
511
512
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
513
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
514
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
515
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
516
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
517
  OBSOLETE("NamingAuthoritativeDirectory"),
518
  OBSOLETE("NATDListenAddress"),
519
  VPORT(NATDPort),
520
  V(Nickname,                    STRING,   NULL),
521
  OBSOLETE("PredictedPortsRelevanceTime"),
522
  OBSOLETE("WarnUnsafeSocks"),
523
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
524
  V(NoExec,                      BOOL,     "0"),
525
  V(NumCPUs,                     UINT,     "0"),
526
  V(NumDirectoryGuards,          UINT,     "0"),
527
  V(NumEntryGuards,              UINT,     "0"),
528
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
529
  V(OfflineMasterKey,            BOOL,     "0"),
530
  OBSOLETE("ORListenAddress"),
531
  VPORT(ORPort),
532
  V(OutboundBindAddress,         LINELIST,   NULL),
533
534
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
535

536
  OBSOLETE("PathBiasDisableRate"),
537
538
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
539
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
540
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
541
  V(PathBiasScaleThreshold,      INT,      "-1"),
542
543
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
544
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
545
546
547
548
549
550
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
551

552
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
553
554
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
555
  V(PidFile,                     STRING,   NULL),
556
  V(TestingTorNetwork,           BOOL,     "0"),
557
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
558
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
559

560
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
561
562
563
564
565
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

566
  V(OptimisticData,              AUTOBOOL, "auto"),
567
568
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
569
  OBSOLETE("PreferTunneledDirConns"),
570
  V(ProtocolWarnings,            BOOL,     "0"),
571
  V(PublishServerDescriptor,     CSV,      "1"),
572
573
574
575
576
577
578
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
579
  V(RecommendedPackages,         LINELIST, NULL),
580
581
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
582
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
583
  V(RejectPlaintextPorts,        CSV,      ""),
584
585
586
587
588
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
589
  V(ReducedExitPolicy,           BOOL,     "0"),
590
  OBSOLETE("RunTesting"), // currently unused
591
  V(Sandbox,                     BOOL,     "0"),
592
  V(SafeLogging,                 STRING,   "1"),
593
  V(SafeSocks,                   BOOL,     "0"),
594
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
595
596
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
597
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
598
599
600
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
601
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
602
603
604
605
606
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
607
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
608
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
609
  OBSOLETE("SocksListenAddress"),
610
  V(SocksPolicy,                 LINELIST, NULL),
611
  VPORT(SocksPort),
612
  V(SocksTimeout,                INTERVAL, "2 minutes"),
613
  V(SSLKeyLifetime,              INTERVAL, "0"),
614
615
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
616
  V(StrictNodes,                 BOOL,     "0"),
617
  OBSOLETE("Support022HiddenServices"),
618
  V(TestSocks,                   BOOL,     "0"),
619
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
David Goulet's avatar
David Goulet committed
620
621
  OBSOLETE("Tor2webMode"),
  OBSOLETE("Tor2webRendezvousPoints"),
622
  OBSOLETE("TLSECGroup"),
623
624
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
625
  OBSOLETE("TransListenAddress"),
626
  VPORT(TransPort),
627
  V(TransProxyType,              STRING,   "default"),
628
  OBSOLETE("TunnelDirConns"),
629
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
630
  V(UseBridges,                  BOOL,     "0"),
631
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
632
  OBSOLETE("UseEntryGuardsAsDirGuards"),
633
  V(UseGuardFraction,            AUTOBOOL, "auto"),
634
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
635
  OBSOLETE("UseNTorHandshake"),
636
  V(User,                        STRING,   NULL),
637
  OBSOLETE("UserspaceIOCPBuffers"),
638
  V(AuthDirSharedRandomness,     BOOL,     "1"),
639
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
640
  OBSOLETE("V1AuthoritativeDirectory"),
641
  OBSOLETE("V2AuthoritativeDirectory"),
642
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
643
644
645
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
646
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
647
648
649
650
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
651
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
652
  V(V3BandwidthsFile,            FILENAME, NULL),
653
  V(GuardfractionFile,           FILENAME, NULL),
654
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
655
  OBSOLETE("VoteOnHidServDirectoriesV2"),
656
657
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
658
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
659
660
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
661
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
662
663
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
664
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
665
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
666
667
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
668
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
669
  VAR("__OwningControllerFD", UINT64, OwningControllerFD, UINT64_MAX_STRING),
670
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
671
672
673
674
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
675
  /* With the ClientBootstrapConsensus*Download* below:
676
   * Clients with only authorities will try:
677
678
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
679
   * Clients with authorities and fallbacks will try:
680
681
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
682
   * Clients will also retry when an application request arrives.
683
   * After a number of failed requests, clients retry every 3 days + 1 hour.
684
685
686
687
688
689
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
690
691
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
692
  /* When clients only have authorities available, they use this schedule: */
693
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
694
    "0"),
695
696
697
698
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
699
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
700
701
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
702
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
703
704
705
706
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
707
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
708
709
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
710
711
712
713
714
715
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
716
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
717
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
718
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
719
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
720
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
721
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
722
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
723

724
  END_OF_CONFIG_VARS
725
};
726

727
728
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
729
static const config_var_t testing_tor_network_defaults[] = {
730
731
732
733
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
734
735
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
736
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
737
    "0"),
738
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
739
  V(ClientRejectInternalAddresses, BOOL,   "0"),
740
  V(CountPrivateBandwidth,       BOOL,     "1"),
741
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
742
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
743
744
745
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
746
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
747
748
749
750
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
751
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
752
753
754
755
756
757
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
758
759
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
760
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
761
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
762
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
763
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
764

765
  END_OF_CONFIG_VARS
766
};
767

768
#undef VAR
769
#undef V
770
771
#undef OBSOLETE

772
static const config_deprecation_t option_deprecation_notes_[] = {
773
  /* Deprecated since 0.3.2.0-alpha. */
774
775
776
777
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
778
779
780
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
781
782
783
784
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },