config.c 299 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
Nick Mathewson's avatar
Nick Mathewson committed
63
64
65
66
67
68
69
70
71
#include "or/or.h"
#include "or/bridges.h"
#include "or/addressmap.h"
#include "or/channel.h"
#include "or/circuitbuild.h"
#include "or/circuitlist.h"
#include "or/circuitmux.h"
#include "or/circuitmux_ewma.h"
#include "or/circuitstats.h"
72
#include "lib/compress/compress.h"
Nick Mathewson's avatar
Nick Mathewson committed
73
#include "or/config.h"
74
#include "lib/encoding/confline.h"
Nick Mathewson's avatar
Nick Mathewson committed
75
76
77
78
79
80
81
#include "or/connection.h"
#include "or/connection_edge.h"
#include "or/connection_or.h"
#include "or/consdiffmgr.h"
#include "or/control.h"
#include "or/confparse.h"
#include "or/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
Nick Mathewson's avatar
Nick Mathewson committed
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#include "or/dirserv.h"
#include "or/dns.h"
#include "or/dos.h"
#include "or/entrynodes.h"
#include "or/git_revision.h"
#include "or/geoip.h"
#include "or/hibernate.h"
#include "or/main.h"
#include "or/networkstatus.h"
#include "or/nodelist.h"
#include "or/policies.h"
#include "or/relay.h"
#include "or/rendclient.h"
#include "or/rendservice.h"
#include "or/hs_config.h"
#include "or/rephist.h"
#include "or/router.h"
101
#include "lib/sandbox/sandbox.h"
Nick Mathewson's avatar
Nick Mathewson committed
102
103
104
105
106
107
108
109
#include "common/util.h"
#include "or/routerlist.h"
#include "or/routerset.h"
#include "or/scheduler.h"
#include "or/statefile.h"
#include "or/transports.h"
#include "or/ext_orport.h"
#include "or/voting_schedule.h"
110
#ifdef _WIN32
111
112
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
113

114
#include "lib/meminfo/meminfo.h"
115
#include "lib/osinfo/uname.h"
116
117
118
119
120
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
121
#include "lib/net/gethostname.h"
122
#include "lib/thread/numcpus.h"
123

124
#include "lib/encoding/keyval.h"
125
#include "lib/fs/conffile.h"
Nick Mathewson's avatar
Nick Mathewson committed
126
#include "common/procmon.h"
127

Nick Mathewson's avatar
Nick Mathewson committed
128
129
#include "or/dirauth/dirvote.h"
#include "or/dirauth/mode.h"
130

Nick Mathewson's avatar
Nick Mathewson committed
131
132
#include "or/connection_st.h"
#include "or/port_cfg_st.h"
133

134
135
136
137
138
139
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
140
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
141
#include <systemd/sd-daemon.h>
142
#endif /* defined(HAVE_SYSTEMD) */
143

144
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
145
static const char unix_socket_prefix[] = "unix:";
146
147
148
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
149

150
151
152
153
154
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

155
156
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
157
static config_abbrev_t option_abbrevs_[] = {
158
159
160
161
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
162
  PLURAL(EntryNode),
163
  PLURAL(ExcludeNode),
164
  PLURAL(Tor2webRendezvousPoint),
165
  PLURAL(FirewallPort),
166
  PLURAL(LongLivedPort),
167
168
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
169
  PLURAL(NumCPU),
170
  PLURAL(RendNode),
171
  PLURAL(RecommendedPackage),
172
  PLURAL(RendExcludeNode),
173
174
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
175
  PLURAL(StrictNode),
176
  { "l", "Log", 1, 0},
177
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
178
179
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
180
181
182
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
183
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
184
  { "MaxConn", "ConnLimit", 0, 1},
185
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
186
187
188
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
189
190
191
192
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
193
194
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
195
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
196
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
197
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
198
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
199
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
200
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
201
202
203
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

204
205
206
207
208
209
210
211
212
213
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

214
215
  { NULL, NULL, 0, 0},
};
216

217
218
219
220
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
221
222
223
224
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
225
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
226
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
227
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
228
229
230
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
231
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
232
233
234
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
235
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
236
#endif
237

238
239
240
241
242
243
244
245
246
247
248
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
249

Nick Mathewson's avatar
Nick Mathewson committed
250
251
252
253
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
254
static config_var_t option_vars_[] = {
255
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
256
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
257
258
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
259
  OBSOLETE("AllowDotExit"),
260
  OBSOLETE("AllowInvalidNodes"),
261
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
262
  OBSOLETE("AllowSingleHopCircuits"),
263
  OBSOLETE("AllowSingleHopExits"),
264
265
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
266
  OBSOLETE("AlternateHSAuthority"),
267
  V(AssumeReachable,             BOOL,     "0"),
268
269
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
270
  V(AuthDirBadExit,              LINELIST, NULL),
271
  V(AuthDirBadExitCCs,           CSV,      ""),
272
  V(AuthDirInvalid,              LINELIST, NULL),
273
  V(AuthDirInvalidCCs,           CSV,      ""),
274
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
275
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
276
  V(AuthDirPinKeys,              BOOL,     "1"),
277
  V(AuthDirReject,               LINELIST, NULL),
278
  V(AuthDirRejectCCs,            CSV,      ""),
279
  OBSOLETE("AuthDirRejectUnlisted"),
280
  OBSOLETE("AuthDirListBadDirs"),
281
  V(AuthDirListBadExits,         BOOL,     "0"),
282
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
283
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
284
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
285
286
287
288
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
289
290
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
291
292
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
293
  V(BridgePassword,              STRING,   NULL),
294
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
295
  V(BridgeRelay,                 BOOL,     "0"),
296
  V(BridgeDistribution,          STRING,   NULL),
297
298
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
299
  V(CellStatistics,              BOOL,     "0"),
300
  V(PaddingStatistics,           BOOL,     "1"),
301
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
302
  V(CircuitBuildTimeout,         INTERVAL, "0"),
303
304
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
305
  V(CircuitStreamTimeout,        INTERVAL, "0"),
306
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
307
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
308
  V(ClientOnly,                  BOOL,     "0"),
309
310
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
311
  V(ClientRejectInternalAddresses, BOOL,   "1"),
312
  V(ClientTransportPlugin,       LINELIST, NULL),
313
  V(ClientUseIPv6,               BOOL,     "0"),
314
  V(ClientUseIPv4,               BOOL,     "1"),
315
  V(ConsensusParams,             STRING,   NULL),
316
  V(ConnLimit,                   UINT,     "1000"),
317
  V(ConnDirectionStatistics,     BOOL,     "0"),
318
319
320
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
321
  OBSOLETE("ControlListenAddress"),
322
  VPORT(ControlPort),
323
  V(ControlPortFileGroupReadable,BOOL,     "0"),
324
  V(ControlPortWriteToFile,      FILENAME, NULL),
325
  V(ControlSocket,               LINELIST, NULL),
326
  V(ControlSocketsGroupWritable, BOOL,     "0"),
327
  V(UnixSocksGroupWritable,    BOOL,     "0"),
328
329
330
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
331
  V(CountPrivateBandwidth,       BOOL,     "0"),
332
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
333
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
334
  V(DisableOOSCheck,             BOOL,     "1"),
335
  V(DisableNetwork,              BOOL,     "0"),
336
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
337
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
338
  OBSOLETE("DirListenAddress"),
339
  V(DirPolicy,                   LINELIST, NULL),
340
  VPORT(DirPort),
341
  V(DirPortFrontPage,            FILENAME, NULL),
342
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
343
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
344
  V(DirCache,                    BOOL,     "1"),
345
346
347
348
349
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
350
351
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
352
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
353
  V(DisableAllSwap,              BOOL,     "0"),
354
  V(DisableDebuggerAttachment,   BOOL,     "1"),
355
  OBSOLETE("DisableIOCP"),
356
  OBSOLETE("DisableV2DirectoryInfo_"),
357
  OBSOLETE("DynamicDHGroups"),
358
  VPORT(DNSPort),
359
  OBSOLETE("DNSListenAddress"),
360
361
362
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
363
  V(DoSCircuitCreationRate,      UINT,     "0"),
364
365
366
367
368
369
370
371
372
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
373
  V(DownloadExtraInfo,           BOOL,     "0"),
374
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
375
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
376
  OBSOLETE("TestingEnableTbEmptyEvent"),
377
  V(EnforceDistinctSubnets,      BOOL,     "1"),
378
  V(EntryNodes,                  ROUTERSET,   NULL),
379
  V(EntryStatistics,             BOOL,     "0"),
380
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
381
382
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
383
  OBSOLETE("ExcludeSingleHopRelays"),
384
  V(ExitNodes,                   ROUTERSET, NULL),
385
386
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
387
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
388
  V(ExitPortStatistics,          BOOL,     "0"),
389
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
390
  V(ExitRelay,                   AUTOBOOL, "auto"),
391
  VPORT(ExtORPort),
392
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
393
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
394
  V(ExtraInfoStatistics,         BOOL,     "1"),
395
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
396
  V(FallbackDir,                 LINELIST, NULL),
397

398
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
399

400
  OBSOLETE("FallbackNetworkstatusFile"),
401
402
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
403
  OBSOLETE("FastFirstHopPK"),
404
  V(FetchDirInfoEarly,           BOOL,     "0"),
405
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
406
407
408
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
409
  OBSOLETE("FetchV2Networkstatus"),
410
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
411
#ifdef _WIN32
412
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
413
  V(GeoIPv6File,                 FILENAME, "<default>"),
414
#else
415
416
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
417
418
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
419
#endif /* defined(_WIN32) */
420
  OBSOLETE("Group"),
421
  V(GuardLifetime,               INTERVAL, "0 minutes"),
422
  V(HardwareAccel,               BOOL,     "0"),
423
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
424
  V(MainloopStats,               BOOL,     "0"),
425
426
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
427
  V(HashedControlPassword,       LINELIST, NULL),
428
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
429
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
430
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
431
432
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
433
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
434
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
435
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
436
437
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
438
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
439
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
440
  V(HidServAuth,                 LINELIST, NULL),
441
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
442
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
443
444
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
445
446
447
448
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
449
  VPORT(HTTPTunnelPort),
450
  V(IPv6Exit,                    BOOL,     "0"),
451
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
452
  V(ServerTransportListenAddr,   LINELIST, NULL),
453
  V(ServerTransportOptions,      LINELIST, NULL),
454
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
455
456
457
458
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
459
460
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
461
462
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
463
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
464
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
465
  VAR("Log",                     LINELIST, Logs,             NULL),
466
  V(LogMessageDomains,           BOOL,     "0"),
467
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
468
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
469
  V(SyslogIdentityTag,           STRING,   NULL),
470
  V(AndroidIdentityTag,          STRING,   NULL),
471
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
472
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
473
474
475
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
476
  V(MaxClientCircuitsPending,    UINT,     "32"),
477
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
478
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
479
480
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
481
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
482
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
483
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
484
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
485
  OBSOLETE("NamingAuthoritativeDirectory"),
486
  OBSOLETE("NATDListenAddress"),
487
  VPORT(NATDPort),
488
  V(Nickname,                    STRING,   NULL),
489
  OBSOLETE("PredictedPortsRelevanceTime"),
490
  OBSOLETE("WarnUnsafeSocks"),
491
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
492
  V(NoExec,                      BOOL,     "0"),
493
  V(NumCPUs,                     UINT,     "0"),
494
  V(NumDirectoryGuards,          UINT,     "0"),
495
  V(NumEntryGuards,              UINT,     "0"),
496
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
497
  V(OfflineMasterKey,            BOOL,     "0"),
498
  OBSOLETE("ORListenAddress"),
499
  VPORT(ORPort),
500
  V(OutboundBindAddress,         LINELIST,   NULL),
501
502
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
503

504
  OBSOLETE("PathBiasDisableRate"),
505
506
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
507
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
508
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
509
  V(PathBiasScaleThreshold,      INT,      "-1"),
510
511
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
512
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
513
514
515
516
517
518
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
519

520
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
521
522
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
523
  V(PidFile,                     STRING,   NULL),
524
  V(TestingTorNetwork,           BOOL,     "0"),
525
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
526
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
527

528
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
529
530
531
532
533
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

534
  V(OptimisticData,              AUTOBOOL, "auto"),
535
536
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
537
  OBSOLETE("PreferTunneledDirConns"),
538
  V(ProtocolWarnings,            BOOL,     "0"),
539
  V(PublishServerDescriptor,     CSV,      "1"),
540
541
542
543
544
545
546
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
547
  V(RecommendedPackages,         LINELIST, NULL),
548
549
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
550
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
551
  V(RejectPlaintextPorts,        CSV,      ""),
552
553
554
555
556
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
557
  V(ReducedExitPolicy,           BOOL,     "0"),
558
  OBSOLETE("RunTesting"), // currently unused
559
  V(Sandbox,                     BOOL,     "0"),
560
  V(SafeLogging,                 STRING,   "1"),
561
  V(SafeSocks,                   BOOL,     "0"),
562
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
563
564
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
565
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
566
567
568
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
569
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
570
571
572
573
574
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
575
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
576
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
577
  OBSOLETE("SocksListenAddress"),
578
  V(SocksPolicy,                 LINELIST, NULL),
579
  VPORT(SocksPort),
580
  V(SocksTimeout,                INTERVAL, "2 minutes"),
581
  V(SSLKeyLifetime,              INTERVAL, "0"),
582
583
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
584
  V(StrictNodes,                 BOOL,     "0"),
585
  OBSOLETE("Support022HiddenServices"),
586
  V(TestSocks,                   BOOL,     "0"),
587
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
588
  V(Tor2webMode,                 BOOL,     "0"),
589
  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
590
  OBSOLETE("TLSECGroup"),
591
592
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
593
  OBSOLETE("TransListenAddress"),
594
  VPORT(TransPort),
595
  V(TransProxyType,              STRING,   "default"),
596
  OBSOLETE("TunnelDirConns"),
597
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
598
  V(UseBridges,                  BOOL,     "0"),
599
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
600
  OBSOLETE("UseEntryGuardsAsDirGuards"),
601
  V(UseGuardFraction,            AUTOBOOL, "auto"),
602
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
603
  OBSOLETE("UseNTorHandshake"),
604
  V(User,                        STRING,   NULL),
605
  OBSOLETE("UserspaceIOCPBuffers"),
606
  V(AuthDirSharedRandomness,     BOOL,     "1"),
607
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
608
  OBSOLETE("V1AuthoritativeDirectory"),
609
  OBSOLETE("V2AuthoritativeDirectory"),
610
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
611
612
613
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
614
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
615
616
617
618
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
619
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
620
  V(V3BandwidthsFile,            FILENAME, NULL),
621
  V(GuardfractionFile,           FILENAME, NULL),
622
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
623
  OBSOLETE("VoteOnHidServDirectoriesV2"),
624
625
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
626
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
627
628
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
629
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
630
631
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
632
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
633
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
634
635
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
636
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
637
  VAR("__OwningControllerFD",INT,OwningControllerFD, "-1"),
638
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
639
640
641
642
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
643
  /* With the ClientBootstrapConsensus*Download* below:
644
   * Clients with only authorities will try:
645
646
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
647
   * Clients with authorities and fallbacks will try:
648
649
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
650
   * Clients will also retry when an application request arrives.
651
   * After a number of failed requests, clients retry every 3 days + 1 hour.
652
653
654
655
656
657
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
658
659
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
660
  /* When clients only have authorities available, they use this schedule: */
661
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
662
    "0"),
663
664
665
666
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
667
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
668
669
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
670
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
671
672
673
674
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
675
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
676
677
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
678
679
680
681
682
683
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
684
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
685
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
686
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
687
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
688
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
689
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
690
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
691

692
  END_OF_CONFIG_VARS
693
};
694

695
696
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
697
static const config_var_t testing_tor_network_defaults[] = {
698
699
700
701
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
702
703
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
704
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
705
    "0"),
706
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
707
  V(ClientRejectInternalAddresses, BOOL,   "0"),
708
  V(CountPrivateBandwidth,       BOOL,     "1"),
709
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
710
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
711
712
713
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
714
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
715
716
717
718
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
719
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
720
721
722
723
724
725
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
726
727
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
728
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
729
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
730
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
731
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
732

733
  END_OF_CONFIG_VARS
734
};
735

736
#undef VAR
737
#undef V
738
739
#undef OBSOLETE

740
static const config_deprecation_t option_deprecation_notes_[] = {
741
  /* Deprecated since 0.3.2.0-alpha. */
742
743
744
745
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
746
747
748
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
749
750
751
752
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
753
  /* End of options deprecated since 0.3.2.2-alpha. */
754

755
756
757
  { NULL, NULL }
};

758
#ifdef _WIN32
759
760
static char *get_windows_conf_root(void);
#endif
761
762
763
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
764
                                      char **msg);
765
766
767
768
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
769
770
static int options_transition_affects_dirauth_timing(
      const or_options_t *old_options, const or_options_t *new_options);
771
772
773
static int normalize_nickname_list(config_line_t **normalized_out,
                                   const config_line_t *lst, const char *name,
                                   char **msg);
774
775
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
776
static int parse_ports(or_options_t *options, int validate_only,
777
778
                              char **msg_out, int *n_ports_out,
                              int *world_writable_control_socket);
779
static int check_server_ports(const smartlist_t *ports,
780
781
                              const or_options_t *options,
                              int *num_low_ports_out);