config.c 300 KB
Newer Older
1

2
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
3
 * Copyright (c) 2001-2004, Roger Dingledine.
4
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
5
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
6
/* See LICENSE for licensing information */
7

Nick Mathewson's avatar
Nick Mathewson committed
8
/**
9
 * \file config.c
10
11
12
13
14
15
16
17
18
19
20
21
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
22
 * <h3>How to add new options</h3>
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
60
61
 **/

62
#define CONFIG_PRIVATE
63
64
65
66
67
68
69
70
71
#include "core/or/or.h"
#include "feature/client/bridges.h"
#include "feature/client/addressmap.h"
#include "core/or/channel.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuitmux.h"
#include "core/or/circuitmux_ewma.h"
#include "core/or/circuitstats.h"
72
#include "lib/compress/compress.h"
73
#include "app/config/config.h"
74
#include "lib/encoding/confline.h"
75
76
77
78
79
80
81
#include "core/mainloop/connection.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
#include "feature/dircache/consdiffmgr.h"
#include "feature/control/control.h"
#include "app/config/confparse.h"
#include "core/mainloop/cpuworker.h"
82
83
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#include "feature/dircache/dirserv.h"
#include "feature/relay/dns.h"
#include "core/or/dos.h"
#include "feature/client/entrynodes.h"
#include "core/or/git_revision.h"
#include "feature/stats/geoip.h"
#include "feature/hibernate/hibernate.h"
#include "core/mainloop/main.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "core/or/policies.h"
#include "core/or/relay.h"
#include "feature/rend/rendclient.h"
#include "feature/rend/rendservice.h"
#include "feature/hs/hs_config.h"
#include "feature/stats/rephist.h"
#include "feature/relay/router.h"
101
#include "lib/sandbox/sandbox.h"
102
103
104
105
106
107
108
#include "feature/nodelist/routerlist.h"
#include "feature/nodelist/routerset.h"
#include "core/or/scheduler.h"
#include "app/config/statefile.h"
#include "feature/client/transports.h"
#include "feature/relay/ext_orport.h"
#include "feature/dircommon/voting_schedule.h"
109
#ifdef _WIN32
110
111
#include <shlobj.h>
#endif
112
113
114
115
116
117
118
119
120
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
121

122
#include "lib/meminfo/meminfo.h"
123
#include "lib/osinfo/uname.h"
124
125
126
127
128
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
129
#include "lib/net/gethostname.h"
130
#include "lib/thread/numcpus.h"
131

132
#include "lib/encoding/keyval.h"
133
#include "lib/fs/conffile.h"
134
#include "lib/evloop/procmon.h"
135

136
137
#include "feature/dirauth/dirvote.h"
#include "feature/dirauth/mode.h"
138

139
140
#include "core/or/connection_st.h"
#include "core/or/port_cfg_st.h"
141

142
143
144
145
146
147
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
148
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
149
#include <systemd/sd-daemon.h>
150
#endif /* defined(HAVE_SYSTEMD) */
151

152
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
153
static const char unix_socket_prefix[] = "unix:";
154
155
156
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
157

158
159
160
161
/* limits for TCP send and recv buffer size used for constrained sockets */
#define MIN_CONSTRAINED_TCP_BUFFER 2048
#define MAX_CONSTRAINED_TCP_BUFFER 262144  /* 256k */

162
163
164
165
166
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

167
168
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
169
static config_abbrev_t option_abbrevs_[] = {
170
171
172
173
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
174
  PLURAL(EntryNode),
175
  PLURAL(ExcludeNode),
176
  PLURAL(Tor2webRendezvousPoint),
177
  PLURAL(FirewallPort),
178
  PLURAL(LongLivedPort),
179
180
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
181
  PLURAL(NumCPU),
182
  PLURAL(RendNode),
183
  PLURAL(RecommendedPackage),
184
  PLURAL(RendExcludeNode),
185
186
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
187
  PLURAL(StrictNode),
188
  { "l", "Log", 1, 0},
189
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
190
191
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
192
193
194
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
195
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
196
  { "MaxConn", "ConnLimit", 0, 1},
197
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
198
199
200
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
201
202
203
204
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
205
206
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
207
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
208
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
209
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
210
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
211
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
212
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
213
214
215
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

216
217
218
219
220
221
222
223
224
225
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

226
227
  { NULL, NULL, 0, 0},
};
228

229
230
231
232
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
233
234
235
236
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
237
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
238
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
239
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
240
241
242
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
243
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
244
245
246
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
247
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
248
#endif
249

250
251
252
253
254
255
256
257
258
259
260
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
261

Nick Mathewson's avatar
Nick Mathewson committed
262
263
264
265
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
266
static config_var_t option_vars_[] = {
267
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
268
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
269
270
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
271
  OBSOLETE("AllowDotExit"),
272
  OBSOLETE("AllowInvalidNodes"),
273
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
274
  OBSOLETE("AllowSingleHopCircuits"),
275
  OBSOLETE("AllowSingleHopExits"),
276
277
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
278
  OBSOLETE("AlternateHSAuthority"),
279
  V(AssumeReachable,             BOOL,     "0"),
280
281
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
282
  V(AuthDirBadExit,              LINELIST, NULL),
283
  V(AuthDirBadExitCCs,           CSV,      ""),
284
  V(AuthDirInvalid,              LINELIST, NULL),
285
  V(AuthDirInvalidCCs,           CSV,      ""),
286
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
287
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
288
  V(AuthDirPinKeys,              BOOL,     "1"),
289
  V(AuthDirReject,               LINELIST, NULL),
290
  V(AuthDirRejectCCs,            CSV,      ""),
291
  OBSOLETE("AuthDirRejectUnlisted"),
292
  OBSOLETE("AuthDirListBadDirs"),
293
  V(AuthDirListBadExits,         BOOL,     "0"),
294
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
295
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
296
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
297
298
299
300
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
301
302
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
303
304
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
305
  V(BridgePassword,              STRING,   NULL),
306
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
307
  V(BridgeRelay,                 BOOL,     "0"),
308
  V(BridgeDistribution,          STRING,   NULL),
309
310
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
  V(CacheDirectoryGroupReadable, BOOL,     "0"),
311
  V(CellStatistics,              BOOL,     "0"),
312
  V(PaddingStatistics,           BOOL,     "1"),
313
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
314
  V(CircuitBuildTimeout,         INTERVAL, "0"),
315
316
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
317
  V(CircuitStreamTimeout,        INTERVAL, "0"),
318
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
319
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
320
  V(ClientOnly,                  BOOL,     "0"),
321
322
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
323
  V(ClientRejectInternalAddresses, BOOL,   "1"),
324
  V(ClientTransportPlugin,       LINELIST, NULL),
325
  V(ClientUseIPv6,               BOOL,     "0"),
326
  V(ClientUseIPv4,               BOOL,     "1"),
327
  V(ConsensusParams,             STRING,   NULL),
328
  V(ConnLimit,                   UINT,     "1000"),
329
  V(ConnDirectionStatistics,     BOOL,     "0"),
330
331
332
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
333
  OBSOLETE("ControlListenAddress"),
334
  VPORT(ControlPort),
335
  V(ControlPortFileGroupReadable,BOOL,     "0"),
336
  V(ControlPortWriteToFile,      FILENAME, NULL),
337
  V(ControlSocket,               LINELIST, NULL),
338
  V(ControlSocketsGroupWritable, BOOL,     "0"),
339
  V(UnixSocksGroupWritable,    BOOL,     "0"),
340
341
342
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
343
  V(CountPrivateBandwidth,       BOOL,     "0"),
344
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
345
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
346
  V(DisableOOSCheck,             BOOL,     "1"),
347
  V(DisableNetwork,              BOOL,     "0"),
348
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
349
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
350
  OBSOLETE("DirListenAddress"),
351
  V(DirPolicy,                   LINELIST, NULL),
352
  VPORT(DirPort),
353
  V(DirPortFrontPage,            FILENAME, NULL),
354
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
355
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
356
  V(DirCache,                    BOOL,     "1"),
357
358
359
360
361
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
362
363
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
364
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
365
  V(DisableAllSwap,              BOOL,     "0"),
366
  V(DisableDebuggerAttachment,   BOOL,     "1"),
367
  OBSOLETE("DisableIOCP"),
368
  OBSOLETE("DisableV2DirectoryInfo_"),
369
  OBSOLETE("DynamicDHGroups"),
370
  VPORT(DNSPort),
371
  OBSOLETE("DNSListenAddress"),
372
373
374
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
375
  V(DoSCircuitCreationRate,      UINT,     "0"),
376
377
378
379
380
381
382
383
384
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
385
  V(DownloadExtraInfo,           BOOL,     "0"),
386
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
387
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
388
  OBSOLETE("TestingEnableTbEmptyEvent"),
389
  V(EnforceDistinctSubnets,      BOOL,     "1"),
390
  V(EntryNodes,                  ROUTERSET,   NULL),
391
  V(EntryStatistics,             BOOL,     "0"),
392
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
393
394
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
395
  OBSOLETE("ExcludeSingleHopRelays"),
396
  V(ExitNodes,                   ROUTERSET, NULL),
397
398
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
399
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
400
  V(ExitPortStatistics,          BOOL,     "0"),
401
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
402
  V(ExitRelay,                   AUTOBOOL, "auto"),
403
  VPORT(ExtORPort),
404
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
405
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
406
  V(ExtraInfoStatistics,         BOOL,     "1"),
407
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
408
  V(FallbackDir,                 LINELIST, NULL),
409

410
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
411

412
  OBSOLETE("FallbackNetworkstatusFile"),
413
414
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
415
  OBSOLETE("FastFirstHopPK"),
416
  V(FetchDirInfoEarly,           BOOL,     "0"),
417
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
418
419
420
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
421
  OBSOLETE("FetchV2Networkstatus"),
422
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
423
#ifdef _WIN32
424
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
425
  V(GeoIPv6File,                 FILENAME, "<default>"),
426
#else
427
428
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
429
430
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
431
#endif /* defined(_WIN32) */
432
  OBSOLETE("Group"),
433
  V(GuardLifetime,               INTERVAL, "0 minutes"),
434
  V(HardwareAccel,               BOOL,     "0"),
435
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
436
  V(MainloopStats,               BOOL,     "0"),
437
438
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
439
  V(HashedControlPassword,       LINELIST, NULL),
440
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
441
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
442
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
443
444
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
445
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
446
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
447
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
448
449
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
450
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
451
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
452
  V(HidServAuth,                 LINELIST, NULL),
453
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
454
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
455
456
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
457
458
459
460
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
461
  VPORT(HTTPTunnelPort),
462
  V(IPv6Exit,                    BOOL,     "0"),
463
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
464
  V(ServerTransportListenAddr,   LINELIST, NULL),
465
  V(ServerTransportOptions,      LINELIST, NULL),
466
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
467
468
469
470
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
471
472
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
473
474
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
475
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
476
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
477
  VAR("Log",                     LINELIST, Logs,             NULL),
478
  V(LogMessageDomains,           BOOL,     "0"),
479
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
480
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
481
  V(SyslogIdentityTag,           STRING,   NULL),
482
  V(AndroidIdentityTag,          STRING,   NULL),
483
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
484
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
485
486
487
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
488
  V(MaxClientCircuitsPending,    UINT,     "32"),
489
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
490
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
491
492
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
493
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
494
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
495
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
496
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
497
  OBSOLETE("NamingAuthoritativeDirectory"),
498
  OBSOLETE("NATDListenAddress"),
499
  VPORT(NATDPort),
500
  V(Nickname,                    STRING,   NULL),
501
  OBSOLETE("PredictedPortsRelevanceTime"),
502
  OBSOLETE("WarnUnsafeSocks"),
503
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
504
  V(NoExec,                      BOOL,     "0"),
505
  V(NumCPUs,                     UINT,     "0"),
506
  V(NumDirectoryGuards,          UINT,     "0"),
507
  V(NumEntryGuards,              UINT,     "0"),
508
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
509
  V(OfflineMasterKey,            BOOL,     "0"),
510
  OBSOLETE("ORListenAddress"),
511
  VPORT(ORPort),
512
  V(OutboundBindAddress,         LINELIST,   NULL),
513
514
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
515

516
  OBSOLETE("PathBiasDisableRate"),
517
518
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
519
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
520
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
521
  V(PathBiasScaleThreshold,      INT,      "-1"),
522
523
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
524
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
525
526
527
528
529
530
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
531

532
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
533
534
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
535
  V(PidFile,                     STRING,   NULL),
536
  V(TestingTorNetwork,           BOOL,     "0"),
537
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
538
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
539

540
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
541
542
543
544
545
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

546
  V(OptimisticData,              AUTOBOOL, "auto"),
547
548
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
549
  OBSOLETE("PreferTunneledDirConns"),
550
  V(ProtocolWarnings,            BOOL,     "0"),
551
  V(PublishServerDescriptor,     CSV,      "1"),
552
553
554
555
556
557
558
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
559
  V(RecommendedPackages,         LINELIST, NULL),
560
561
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
562
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
563
  V(RejectPlaintextPorts,        CSV,      ""),
564
565
566
567
568
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
569
  V(ReducedExitPolicy,           BOOL,     "0"),
570
  OBSOLETE("RunTesting"), // currently unused
571
  V(Sandbox,                     BOOL,     "0"),
572
  V(SafeLogging,                 STRING,   "1"),
573
  V(SafeSocks,                   BOOL,     "0"),
574
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
575
576
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
577
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
578
579
580
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
581
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
582
583
584
585
586
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
587
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
588
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
589
  OBSOLETE("SocksListenAddress"),
590
  V(SocksPolicy,                 LINELIST, NULL),
591
  VPORT(SocksPort),
592
  V(SocksTimeout,                INTERVAL, "2 minutes"),
593
  V(SSLKeyLifetime,              INTERVAL, "0"),
594
595
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
596
  V(StrictNodes,                 BOOL,     "0"),
597
  OBSOLETE("Support022HiddenServices"),
598
  V(TestSocks,                   BOOL,     "0"),
599
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
600
  V(Tor2webMode,                 BOOL,     "0"),
601
  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
602
  OBSOLETE("TLSECGroup"),
603
604
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
605
  OBSOLETE("TransListenAddress"),
606
  VPORT(TransPort),
607
  V(TransProxyType,              STRING,   "default"),
608
  OBSOLETE("TunnelDirConns"),
609
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
610
  V(UseBridges,                  BOOL,     "0"),
611
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
612
  OBSOLETE("UseEntryGuardsAsDirGuards"),
613
  V(UseGuardFraction,            AUTOBOOL, "auto"),
614
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
615
  OBSOLETE("UseNTorHandshake"),
616
  V(User,                        STRING,   NULL),
617
  OBSOLETE("UserspaceIOCPBuffers"),
618
  V(AuthDirSharedRandomness,     BOOL,     "1"),
619
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
620
  OBSOLETE("V1AuthoritativeDirectory"),
621
  OBSOLETE("V2AuthoritativeDirectory"),
622
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
623
624
625
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
626
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
627
628
629
630
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
631
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
632
  V(V3BandwidthsFile,            FILENAME, NULL),
633
  V(GuardfractionFile,           FILENAME, NULL),
634
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
635
  OBSOLETE("VoteOnHidServDirectoriesV2"),
636
637
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
638
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
639
640
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
641
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
642
643
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
644
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
645
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
646
647
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
648
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
649
  VAR("__OwningControllerFD",INT,OwningControllerFD, "-1"),
650
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
651
652
653
654
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
655
  /* With the ClientBootstrapConsensus*Download* below:
656
   * Clients with only authorities will try:
657
658
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
659
   * Clients with authorities and fallbacks will try:
660
661
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
662
   * Clients will also retry when an application request arrives.
663
   * After a number of failed requests, clients retry every 3 days + 1 hour.
664
665
666
667
668
669
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
670
671
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
672
  /* When clients only have authorities available, they use this schedule: */
673
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
674
    "0"),
675
676
677
678
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
679
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
680
681
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
682
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
683
684
685
686
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
687
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
688
689
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
690
691
692
693
694
695
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),
696
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
697
  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
698
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
699
  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
700
  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
701
  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
702
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
703

704
  END_OF_CONFIG_VARS
705
};
706

707
708
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
709
static const config_var_t testing_tor_network_defaults[] = {
710
711
712
713
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
714
715
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
716
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
717
    "0"),
718
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
719
  V(ClientRejectInternalAddresses, BOOL,   "0"),
720
  V(CountPrivateBandwidth,       BOOL,     "1"),
721
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
722
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
723
724
725
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
726
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
727
728
729
730
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
731
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
732
733
734
735
736
737
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL, "10"),
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
738
739
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
740
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
741
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
742
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
743
  V(RendPostPeriod,              INTERVAL, "2 minutes"),
744

745
  END_OF_CONFIG_VARS
746
};
747

748
#undef VAR
749
#undef V
750
751
#undef OBSOLETE

752
static const config_deprecation_t option_deprecation_notes_[] = {
753
  /* Deprecated since 0.3.2.0-alpha. */
754
755
756
757
  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
    "to your directory server, which your Tor probably wasn't using." },
  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
    "which should be used with HTTPSProxyAuthenticator." },
758
759
760
  /* End of options deprecated since 0.3.2.1-alpha */

  /* Options deprecated since 0.3.2.2-alpha */
761
762
763
764
  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
    "effect on clients since 0.2.8." },
765
  /* End of options deprecated since 0.3.2.2-alpha. */
766

767
768
769
  { NULL, NULL }
};

770
#ifdef _WIN32
771
772
static char *get_windows_conf_root(void);
#endif
773
774
775
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
776
                                      char **msg);
777
778
779
780
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
781
782
static int options_transition_affects_dirauth_timing(
      const or_options_t *old_options, const or_options_t *new_options);
783
784
785
static int normalize_nickname_list(config_line_t **normalized_out,
                                   const config_line_t *lst, const char *name,
                                   char **msg);
786
787
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
788
static int parse_ports(or_options_t *options, int validate_only,