config.c 242 KB
Newer Older
1
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
2
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2015, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
#define CONFIG_PRIVATE
Roger Dingledine's avatar
Roger Dingledine committed
13
#include "or.h"
14
#include "compat.h"
15
#include "addressmap.h"
16
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
18
#include "circuitlist.h"
19
20
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
23
#include "connection_edge.h"
24
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "control.h"
26
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "dns.h"
31
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "networkstatus.h"
36
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
42
#include "router.h"
43
#include "sandbox.h"
44
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
45
#include "routerlist.h"
46
#include "routerset.h"
47
#include "scheduler.h"
48
#include "statefile.h"
49
#include "transports.h"
50
#include "ext_orport.h"
51
#include "torgzip.h"
52
#ifdef _WIN32
53
54
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
55

56
57
58
59
60
#include "procmon.h"

/* From main.c */
extern int quiet_level;

61
62
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
63
static config_abbrev_t option_abbrevs_[] = {
64
65
66
67
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
68
  PLURAL(ExitNode),
69
  PLURAL(EntryNode),
70
71
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
72
  PLURAL(LongLivedPort),
73
74
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
75
  PLURAL(NumCPU),
76
77
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
78
79
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
80
  PLURAL(StrictNode),
81
  { "l", "Log", 1, 0},
82
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
83
84
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
85
86
87
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
88
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX024 later, make this warn? */
89
  { "MaxConn", "ConnLimit", 0, 1},
90
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
91
92
93
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
94
95
96
97
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
98
99
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
100
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
101
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
102
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
103
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
104
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
105
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
106
107
  { NULL, NULL, 0, 0},
};
108

Nick Mathewson's avatar
Nick Mathewson committed
109
110
111
112
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
113
114
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
115
      initvalue }
116
117
118
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
119
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
120
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
121

122
123
124
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
125
126
127
128
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
129
static config_var_t option_vars_[] = {
130
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
131
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
132
133
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
134
  V(AllowDotExit,                BOOL,     "0"),
135
136
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
137
138
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
139
140
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
141
  OBSOLETE("AlternateHSAuthority"),
142
  V(AssumeReachable,             BOOL,     "0"),
143
144
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
145
  V(AuthDirBadExit,              LINELIST, NULL),
146
  V(AuthDirBadExitCCs,           CSV,      ""),
147
  V(AuthDirInvalid,              LINELIST, NULL),
148
  V(AuthDirInvalidCCs,           CSV,      ""),
149
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
150
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
151
  V(AuthDirReject,               LINELIST, NULL),
152
  V(AuthDirRejectCCs,            CSV,      ""),
153
  OBSOLETE("AuthDirRejectUnlisted"),
154
  OBSOLETE("AuthDirListBadDirs"),
155
  V(AuthDirListBadExits,         BOOL,     "0"),
156
157
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
158
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
159
160
161
162
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
163
164
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
165
166
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
167
  V(BridgePassword,              STRING,   NULL),
168
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
169
  V(BridgeRelay,                 BOOL,     "0"),
170
  V(CellStatistics,              BOOL,     "0"),
171
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
172
  V(CircuitBuildTimeout,         INTERVAL, "0"),
173
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
174
  V(CircuitStreamTimeout,        INTERVAL, "0"),
175
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
176
177
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
178
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
179
  V(ClientRejectInternalAddresses, BOOL,   "1"),
180
  V(ClientTransportPlugin,       LINELIST, NULL),
181
  V(ClientUseIPv6,               BOOL,     "0"),
182
  V(ConsensusParams,             STRING,   NULL),
183
  V(ConnLimit,                   UINT,     "1000"),
184
  V(ConnDirectionStatistics,     BOOL,     "0"),
185
186
187
188
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
189
  VPORT(ControlPort,                 LINELIST, NULL),
190
  V(ControlPortFileGroupReadable,BOOL,     "0"),
191
  V(ControlPortWriteToFile,      FILENAME, NULL),
192
  V(ControlSocket,               LINELIST, NULL),
193
  V(ControlSocketsGroupWritable, BOOL,     "0"),
194
195
196
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
197
  V(CountPrivateBandwidth,       BOOL,     "0"),
198
  V(DataDirectory,               FILENAME, NULL),
199
  V(DisableNetwork,              BOOL,     "0"),
200
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
201
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
202
203
  V(DirListenAddress,            LINELIST, NULL),
  V(DirPolicy,                   LINELIST, NULL),
204
  VPORT(DirPort,                     LINELIST, NULL),
205
  V(DirPortFrontPage,            FILENAME, NULL),
206
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
207
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
208
  V(DirAuthorityFallbackRate,    DOUBLE,   "1.0"),
209
  V(DisableAllSwap,              BOOL,     "0"),
210
  V(DisableDebuggerAttachment,   BOOL,     "1"),
211
  V(DisableIOCP,                 BOOL,     "1"),
212
  OBSOLETE("DisableV2DirectoryInfo_"),
213
  V(DynamicDHGroups,             BOOL,     "0"),
214
  VPORT(DNSPort,                     LINELIST, NULL),
215
216
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
217
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
218
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
219
  V(TestingEnableTbEmptyEvent,   BOOL,     "0"),
220
  V(EnforceDistinctSubnets,      BOOL,     "1"),
221
  V(EntryNodes,                  ROUTERSET,   NULL),
222
  V(EntryStatistics,             BOOL,     "0"),
223
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
224
225
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
226
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
227
  V(ExitNodes,                   ROUTERSET, NULL),
228
229
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
230
  V(ExitPortStatistics,          BOOL,     "0"),
231
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
232
  VPORT(ExtORPort,               LINELIST, NULL),
233
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
234
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
235
  V(ExtraInfoStatistics,         BOOL,     "1"),
236
  V(FallbackDir,                 LINELIST, NULL),
237

238
  OBSOLETE("FallbackNetworkstatusFile"),
239
240
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
241
  V(FastFirstHopPK,              AUTOBOOL, "auto"),
242
  V(FetchDirInfoEarly,           BOOL,     "0"),
243
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
244
245
246
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
247
  OBSOLETE("FetchV2Networkstatus"),
248
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
249
#ifdef _WIN32
250
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
251
  V(GeoIPv6File,                 FILENAME, "<default>"),
252
#else
253
254
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
255
256
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
257
#endif
258
  OBSOLETE("Group"),
259
  V(GuardLifetime,               INTERVAL, "0 minutes"),
260
  V(HardwareAccel,               BOOL,     "0"),
261
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
262
263
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
264
  V(HashedControlPassword,       LINELIST, NULL),
265
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
266
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
267
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
268
269
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
270
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
271
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
272
  V(HiddenServiceStatistics,     BOOL,     "0"),
273
  V(HidServAuth,                 LINELIST, NULL),
274
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
275
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
276
277
278
279
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
280
  V(IPv6Exit,                    BOOL,     "0"),
281
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
282
  V(ServerTransportListenAddr,   LINELIST, NULL),
283
  V(ServerTransportOptions,      LINELIST, NULL),
284
285
286
287
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
288
289
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
290
  V(LogMessageDomains,           BOOL,     "0"),
291
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
292
  V(TruncateLogFile,             BOOL,     "0"),
293
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
294
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
295
296
297
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
298
  V(MaxClientCircuitsPending,    UINT,     "32"),
299
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
300
301
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
302
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
303
304
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
305
  OBSOLETE("NamingAuthoritativeDirectory"),
306
  V(NATDListenAddress,           LINELIST, NULL),
307
  VPORT(NATDPort,                    LINELIST, NULL),
308
  V(Nickname,                    STRING,   NULL),
309
  V(PredictedPortsRelevanceTime,  INTERVAL, "1 hour"),
310
  V(WarnUnsafeSocks,              BOOL,     "1"),
311
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
312
  V(NumCPUs,                     UINT,     "0"),
313
  V(NumDirectoryGuards,          UINT,     "0"),
314
  V(NumEntryGuards,              UINT,     "0"),
315
  V(ORListenAddress,             LINELIST, NULL),
316
  VPORT(ORPort,                      LINELIST, NULL),
317
  V(OutboundBindAddress,         LINELIST,   NULL),
318

319
  OBSOLETE("PathBiasDisableRate"),
320
321
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
322
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
323
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
324
  V(PathBiasScaleThreshold,      INT,      "-1"),
325
326
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
327
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
328
329
330
331
332
333
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
334

335
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
336
337
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
338
  V(PidFile,                     STRING,   NULL),
339
  V(TestingTorNetwork,           BOOL,     "0"),
340
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
341
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
342
  V(OptimisticData,              AUTOBOOL, "auto"),
343
344
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
345
  OBSOLETE("PreferTunneledDirConns"),
346
  V(ProtocolWarnings,            BOOL,     "0"),
347
  V(PublishServerDescriptor,     CSV,      "1"),
348
349
350
351
352
353
354
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
355
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
356
  V(RejectPlaintextPorts,        CSV,      ""),
357
358
359
360
361
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
362
  OBSOLETE("RunTesting"), // currently unused
363
  V(Sandbox,                     BOOL,     "0"),
364
  V(SafeLogging,                 STRING,   "1"),
365
  V(SafeSocks,                   BOOL,     "0"),
366
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
367
368
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
369
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
370
371
372
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
373
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
374
375
376
  V(SchedulerLowWaterMark__,     MEMUNIT,  "100 MB"),
  V(SchedulerHighWaterMark__,    MEMUNIT,  "101 MB"),
  V(SchedulerMaxFlushCells__,    UINT,     "1000"),
377
378
379
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
380
  VPORT(SocksPort,                   LINELIST, NULL),
381
  V(SocksTimeout,                INTERVAL, "2 minutes"),
382
  V(SSLKeyLifetime,              INTERVAL, "0"),
383
384
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
385
  V(StrictNodes,                 BOOL,     "0"),
386
  OBSOLETE("Support022HiddenServices"),
387
  V(TestSocks,                   BOOL,     "0"),
388
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
389
  V(Tor2webMode,                 BOOL,     "0"),
390
  V(TLSECGroup,                  STRING,   NULL),
391
392
393
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
  V(TransListenAddress,          LINELIST, NULL),
394
  VPORT(TransPort,                   LINELIST, NULL),
395
  V(TransProxyType,              STRING,   "default"),
396
  OBSOLETE("TunnelDirConns"),
397
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
398
  V(UseBridges,                  BOOL,     "0"),
399
  V(UseEntryGuards,              BOOL,     "1"),
400
  V(UseEntryGuardsAsDirGuards,   BOOL,     "1"),
401
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
402
  V(UseNTorHandshake,            AUTOBOOL, "1"),
403
  V(User,                        STRING,   NULL),
404
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
405
  OBSOLETE("V1AuthoritativeDirectory"),
406
  OBSOLETE("V2AuthoritativeDirectory"),
407
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
408
409
410
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
411
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
412
413
414
415
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
416
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
417
  V(V3BandwidthsFile,            FILENAME, NULL),
418
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
419
420
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
421
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
422
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
423
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
424
425
426
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
427
428
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
429
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
430
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
431
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
  V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 60, 60, 120, "
                                 "300, 900, 2147483647"),
  V(TestingClientDownloadSchedule, CSV_INTERVAL, "0, 0, 60, 300, 600, "
                                 "2147483647"),
  V(TestingServerConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 60, "
                                 "300, 600, 1800, 1800, 1800, 1800, "
                                 "1800, 3600, 7200"),
  V(TestingClientConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 60, "
                                 "300, 600, 1800, 3600, 3600, 3600, "
                                 "10800, 21600, 43200"),
  V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "3600, 900, 900, 3600"),
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
  V(TestingConsensusMaxDownloadTries, UINT, "8"),
  V(TestingDescriptorMaxDownloadTries, UINT, "8"),
  V(TestingMicrodescMaxDownloadTries, UINT, "8"),
  V(TestingCertMaxDownloadTries, UINT, "8"),
449
  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
450
  V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
451
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
452

453
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
454
};
455

456
457
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
458
static const config_var_t testing_tor_network_defaults[] = {
459
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
460
461
462
463
464
465
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
466
  V(ClientRejectInternalAddresses, BOOL,   "0"),
467
  V(CountPrivateBandwidth,       BOOL,     "1"),
468
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
469
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
470
471
472
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
473
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
474
475
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
476
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
477
478
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
479
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
  V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 5, 10, 15, "
                                 "20, 30, 60"),
  V(TestingClientDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, 15, 20, "
                                 "30, 60"),
  V(TestingServerConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, "
                                 "15, 20, 30, 60"),
  V(TestingClientConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, "
                                 "15, 20, 30, 60"),
  V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "60, 30, 30, 60"),
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
  V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
  V(TestingConsensusMaxDownloadTries, UINT, "80"),
  V(TestingDescriptorMaxDownloadTries, UINT, "80"),
  V(TestingMicrodescMaxDownloadTries, UINT, "80"),
  V(TestingCertMaxDownloadTries, UINT, "80"),
495
  V(TestingEnableConnBwEvent,    BOOL,     "1"),
496
  V(TestingEnableCellStatsEvent, BOOL,     "1"),
497
  V(TestingEnableTbEmptyEvent,   BOOL,     "1"),
498
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
499

500
501
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
502

503
#undef VAR
504
#undef V
505
506
#undef OBSOLETE

507
#ifdef _WIN32
508
509
static char *get_windows_conf_root(void);
#endif
510
511
512
513
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
514
                                      char **msg);
515
516
517
518
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
519
static int check_nickname_list(char **lst, const char *name, char **msg);
520
521
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
522
static int parse_dir_authority_line(const char *line,
523
                                 dirinfo_type_t required_type,
524
                                 int validate_only);
525
526
static int parse_dir_fallback_line(const char *line,
                                   int validate_only);
527
static void port_cfg_free(port_cfg_t *port);
528
static int parse_ports(or_options_t *options, int validate_only,
529
                              char **msg_out, int *n_ports_out);
530
531
532
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

533
static int validate_data_directory(or_options_t *options);
534
535
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
Arlo Breault's avatar
Arlo Breault committed
536
537
static int options_init_logs(const or_options_t *old_options,
                             or_options_t *options, int validate_only);
538

539
static void init_libevent(const or_options_t *options);
540
static int opt_streq(const char *s1, const char *s2);
541
542
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
Linus Nordberg's avatar
Linus Nordberg committed
543
544
static void config_maybe_load_geoip_files_(const or_options_t *options,
                                           const or_options_t *old_options);
545
546
547
static int options_validate_cb(void *old_options, void *options,
                               void *default_options,
                               int from_setconf, char **msg);
548
549
static uint64_t compute_real_max_mem_in_queues(const uint64_t val,
                                               int log_guess);
550

551
/** Magic value for or_options_t. */
552
553
#define OR_OPTIONS_MAGIC 9090909

554
/** Configuration format for or_options_t. */
555
STATIC config_format_t options_format = {
556
557
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
558
559
560
  STRUCT_OFFSET(or_options_t, magic_),
  option_abbrevs_,
  option_vars_,
561
  options_validate_cb,
562
  NULL
563
564
};

565
566
567
568
569
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
570
static or_options_t *global_options = NULL;
571
572
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
573
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
574
/** Name of most recently read torrc file. */
575
static char *torrc_fname = NULL;
576
/** Name of the most recently read torrc-defaults file.*/
577
static char *torrc_defaults_fname;
578
/** Configuration options set by command line. */
579
static config_line_t *global_cmdline_options = NULL;
580
581
582
583
/** Non-configuration options set by the command line */
static config_line_t *global_cmdline_only_options = NULL;
/** Boolean: Have we parsed the command line? */
static int have_parsed_cmdline = 0;
Roger Dingledine's avatar
Roger Dingledine committed
584
/** Contents of most recently read DirPortFrontPage file. */
585
static char *global_dirfrontpagecontents = NULL;
586
587
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
588
589
590
591
592
593
594

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
595

596
597
/** Return the currently configured options. */
or_options_t *
598
get_options_mutable(void)
599
{
600
601
602
  tor_assert(global_options);
  return global_options;
}
603

604
/** Returns the currently configured options */
605
606
MOCK_IMPL(const or_options_t *,
get_options,(void))
607
608
609
610
{
  return get_options_mutable();
}

611
612
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
613
 * as necessary.  Returns 0 on success, -1 on failure.
614
 */
615
int
616
set_options(or_options_t *new_val, char **msg)
617
{
618
619
620
  int i;
  smartlist_t *elements;
  config_line_t *line;
621
  or_options_t *old_options = global_options;
622
  global_options = new_val;
623
624
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
625
626
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
627
628
629
    global_options = old_options;
    return -1;
  }
630
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
631
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
632
            "Acting on config options left us in a broken state. Dying.");
633
634
    exit(1);
  }
635
636
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
637
  if (old_options && old_options != global_options) {
638
    elements = smartlist_new();
639
    for (i=0; options_format.vars[i].name; ++i) {
640
641
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
642
643
644
645
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
646
647
648
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
649
650

        if (line) {
Nick Mathewson's avatar
Nick Mathewson committed
651
652
653
          config_line_t *next;
          for (; line; line = next) {
            next = line->next;
654
655
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
Nick Mathewson's avatar
Nick Mathewson committed
656
            tor_free(line);
657
658
          }
        } else {
659
          smartlist_add(elements, tor_strdup(options_format.vars[i].name));
660
          smartlist_add(elements, NULL);
661
662
663
        }
      }
    }
664
    control_event_conf_changed(elements);
665
    SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
666
667
    smartlist_free(elements);
  }
668
669
670

  if (old_options != global_options)
    config_free(&options_format, old_options);
671
672

  return 0;
673
674
}

675
extern const char tor_git_revision[]; /* from tor_main.c */
676

677
/** The version of this Tor process, as parsed. */
678
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
679
680
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
681
static char *the_short_tor_version = NULL;
682

683
/** Return the current Tor version. */
684
685
686
const char *
get_version(void)
{
687
  if (the_tor_version == NULL) {
688
    if (strlen(tor_git_revision)) {
689
690
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
691
    } else {
692
      the_tor_version = tor_strdup(get_short_version());
693
694
    }
  }
695
  return the_tor_version;
696
697
}

698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

713
714
/** Release additional memory allocated in options
 */
715
STATIC void
716
717
or_options_free(or_options_t *options)
{
718
719
720
  if (!options)
    return;

721
  routerset_free(options->ExcludeExitNodesUnion_);
722
723
724
725
726
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
727
  tor_free(options->BridgePassword_AuthDigest_);
728
  tor_free(options->command_arg);
729
730
731
  config_free(&options_format, options);
}

732
733
/** Release all memory and resources held by global configuration structures.
 */
734
735
736
void
config_free_all(void)
{
737
738
  or_options_free(global_options);
  global_options = NULL;