Mark a big pile of options as deprecated.

66e610da · Nick Mathewson · e6220ccb · 66e610da · 66e610da · 66e610da
Commit 66e610da authored Aug 03, 2016 by Nick Mathewson 👁
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -588,6 +588,44 @@ static const config_var_t testing_tor_network_defaults[] = {
 #undef V
 #undef OBSOLETE

+static const config_deprecation_t option_deprecation_notes_[] = {
+  { "AllowDotExit", "Unrestricted use of the .exit notation can be used for "
+    "a wide variety of application-level attacks." },
+  { "AllowInvalidNodes", "There is no reason to enable this option; at best "
+    "it will make you easier to track." },
+  { "AllowSingleHopCircuits", "Almost no relays actually allow single-hop "
+    "exits, making this option pointless." },
+  { "AllowSingleHopExits", "Turning this on will make your relay easier "
+    "to abuse." },
+  { "ClientDNSRejectInternalAddresses", "Turning this on makes your client "
+    "easier to fingerprint, and may open you to esoteric attacks." },
+  { "ExcludeSingleHopRelays", "Turning it on makes your client easier to "
+    "fingerprint." },
+  { "FastFirstHopPK", "Changing this option does not make your client more "
+    "secure, but does make it easier to fingerprint." },
+  { "CloseHSClientCircutisImmediatelyOnTimeout", "This option makes your "
+    "client easier to fingerprint." },
+  { "CloseHSServiceRendircutisImmediatelyOnTimeout", "This option makes "
+    "your hidden services easier to fingerprint." },
+  { "WarnUnsafeSocks", "Changing this option makes it easier for you "
+    "to accidentally lose your anonymity by leaking DNS information" },
+  { "TLSECGroup", "The default is a nice secure choice; the other option "
+    "is less secure." },
+  { "UseNTorHandshake", "The ntor handshake should always be used." },
+
+  { "ControlListenAddress", "Use ControlPort instead." },
+  { "DirListenAddress", "Use DirPort instead, possibly with the "
+    "NoAdvertise sub-option" },
+  { "DNSListenAddress", "Use DNSPort instead." },
+  { "SocksListenAddress", "Use SocksPort instead." },
+  { "TransListenAddress", "Use TransPort instead." },
+  { "NATDListenAddress", "Use NATDPort instead." },
+  { "ORListenAddress", "Use ORPort instead, possibly with the "
+    "NoAdvertise sub-option" },
+
+  { NULL, NULL }
+};
+
 #ifdef _WIN32
 static char *get_windows_conf_root(void);
 #endif
@@ -636,7 +674,7 @@ STATIC config_format_t options_format = {
  OR_OPTIONS_MAGIC,
  STRUCT_OFFSET(or_options_t, magic_),
  option_abbrevs_,
-  NULL,
+  option_deprecation_notes_,
  option_vars_,
  options_validate_cb,
  NULL

--- a/src/or/confparse.c
+++ b/src/or/confparse.c
@@ -192,7 +192,7 @@ config_find_deprecation(const config_format_t *fmt, const char *key)
  if (fmt->deprecations == NULL)
    return NULL;

-  config_deprecation_t *d;
+  const config_deprecation_t *d;
  for (d = fmt->deprecations; d->name; ++d) {
    if (!strcasecmp(d->name, key)) {
      return d->why_deprecated ? d->why_deprecated : "";
@@ -486,10 +486,11 @@ config_mark_lists_fragile(const config_format_t *fmt, void *options)
 void
 warn_deprecated_option(const char *what, const char *why)
 {
+  const char *space = (why && strlen(why)) ? " " : "";
  log_warn(LD_CONFIG, "The %s option is deprecated, and will most likely "
-           "be removed in a future version of Tor.%s (If you think this is "
+           "be removed in a future version of Tor.%s%s (If you think this is "
           "a mistake, please let us know!)",
-           what, why);
+           what, space, why);
 }

 /** If <b>c</b> is a syntactically valid configuration line, update

--- a/src/or/confparse.h
+++ b/src/or/confparse.h
@@ -81,7 +81,7 @@ typedef struct config_format_t {
  off_t magic_offset; /**< Offset of the magic value within the struct. */
  config_abbrev_t *abbrevs; /**< List of abbreviations that we expand when
                             * parsing this format. */
-  config_deprecation_t *deprecations; /** List of deprecated options */
+  const config_deprecation_t *deprecations; /** List of deprecated options */
  config_var_t *vars; /**< List of variables we recognize, their default
                       * values, and where we stick them in the structure. */
  validate_fn_t validate_fn; /**< Function to validate config. */
@@ -133,6 +133,5 @@ const char *config_expand_abbrev(const config_format_t *fmt,
                                 int command_line, int warn_obsolete);
 void warn_deprecated_option(const char *what, const char *why);

-
 #endif