GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

config.c 300 KB
Newer Older
1
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
2
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
4
 * Copyright (c) 2007-2019, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
 * \file config.c
9 10 11 12 13 14 15 16 17 18 19 20
 * \brief Code to interpret the user's configuration of Tor.
 *
 * This module handles torrc configuration file, including parsing it,
 * combining it with torrc.defaults and the command line, allowing
 * user changes to it (via editing and SIGHUP or via the control port),
 * writing it back to disk (because of SAVECONF from the control port),
 * and -- most importantly, acting on it.
 *
 * The module additionally has some tools for manipulating and
 * inspecting values that are calculated as a result of the
 * configured options.
 *
21
 * <h3>How to add new options</h3>
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
 *
 * To add new items to the torrc, there are a minimum of three places to edit:
 * <ul>
 *   <li>The or_options_t structure in or.h, where the options are stored.
 *   <li>The option_vars_ array below in this module, which configures
 *       the names of the torrc options, their types, their multiplicities,
 *       and their mappings to fields in or_options_t.
 *   <li>The manual in doc/tor.1.txt, to document what the new option
 *       is, and how it works.
 * </ul>
 *
 * Additionally, you might need to edit these places too:
 * <ul>
 *   <li>options_validate() below, in case you want to reject some possible
 *       values of the new configuration option.
 *   <li>options_transition_allowed() below, in case you need to
 *       forbid some or all changes in the option while Tor is
 *       running.
 *   <li>options_transition_affects_workers(), in case changes in the option
 *       might require Tor to relaunch or reconfigure its worker threads.
 *   <li>options_transition_affects_descriptor(), in case changes in the
 *       option might require a Tor relay to build and publish a new server
 *       descriptor.
 *   <li>options_act() and/or options_act_reversible(), in case there's some
 *       action that needs to be taken immediately based on the option's
 *       value.
 * </ul>
 *
 * <h3>Changing the value of an option</h3>
 *
 * Because of the SAVECONF command from the control port, it's a bad
 * idea to change the value of any user-configured option in the
 * or_options_t.  If you want to sometimes do this anyway, we recommend
 * that you create a secondary field in or_options_t; that you have the
 * user option linked only to the secondary field; that you use the
 * secondary field to initialize the one that Tor actually looks at; and that
 * you use the one Tor looks as the one that you modify.
Nick Mathewson's avatar
Nick Mathewson committed
59 60
 **/

61
#define CONFIG_PRIVATE
62
#include "core/or/or.h"
63 64 65 66 67 68 69 70
#include "app/config/config.h"
#include "app/config/confparse.h"
#include "app/config/statefile.h"
#include "app/main/main.h"
#include "core/mainloop/connection.h"
#include "core/mainloop/cpuworker.h"
#include "core/mainloop/mainloop.h"
#include "core/mainloop/netstatus.h"
71 72 73 74 75 76 77 78
#include "core/or/channel.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuitmux.h"
#include "core/or/circuitmux_ewma.h"
#include "core/or/circuitstats.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
79 80 81 82 83 84 85 86
#include "core/or/dos.h"
#include "core/or/policies.h"
#include "core/or/relay.h"
#include "core/or/scheduler.h"
#include "feature/client/addressmap.h"
#include "feature/client/bridges.h"
#include "feature/client/entrynodes.h"
#include "feature/client/transports.h"
87
#include "feature/control/control.h"
88 89
#include "feature/dirauth/bwauth.h"
#include "feature/dirauth/guardfraction.h"
90 91 92
#include "feature/dircache/consdiffmgr.h"
#include "feature/dircache/dirserv.h"
#include "feature/dircommon/voting_schedule.h"
93
#include "feature/hibernate/hibernate.h"
94 95
#include "feature/hs/hs_config.h"
#include "feature/nodelist/dirlist.h"
96
#include "feature/nodelist/networkstatus.h"
97
#include "feature/nodelist/nickname.h"
98
#include "feature/nodelist/nodelist.h"
99
#include "feature/nodelist/routerlist.h"
100 101 102 103
#include "feature/nodelist/routerset.h"
#include "feature/relay/dns.h"
#include "feature/relay/ext_orport.h"
#include "feature/relay/routermode.h"
104 105
#include "feature/rend/rendclient.h"
#include "feature/rend/rendservice.h"
106
#include "lib/geoip/geoip.h"
107
#include "feature/stats/geoip_stats.h"
108
#include "feature/stats/predict_ports.h"
109
#include "feature/stats/rephist.h"
110 111 112 113 114 115
#include "lib/compress/compress.h"
#include "lib/crypt_ops/crypto_init.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/encoding/confline.h"
#include "lib/log/git_revision.h"
116
#include "lib/net/resolve.h"
117 118 119 120 121 122 123 124
#include "lib/sandbox/sandbox.h"

#ifdef ENABLE_NSS
#include "lib/crypt_ops/crypto_nss_mgt.h"
#else
#include "lib/crypt_ops/crypto_openssl_mgt.h"
#endif

125
#ifdef _WIN32
126 127
#include <shlobj.h>
#endif
128 129 130 131 132 133
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
134 135 136
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
137 138 139
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
140

141
#include "lib/meminfo/meminfo.h"
142
#include "lib/osinfo/uname.h"
143 144 145 146 147
#include "lib/process/daemon.h"
#include "lib/process/pidfile.h"
#include "lib/process/restrict.h"
#include "lib/process/setuid.h"
#include "lib/process/subprocess.h"
148
#include "lib/net/gethostname.h"
149
#include "lib/thread/numcpus.h"
150

151
#include "lib/encoding/keyval.h"
152
#include "lib/fs/conffile.h"
153
#include "lib/evloop/procmon.h"
154

155
#include "feature/dirauth/dirvote.h"
156
#include "feature/dirauth/recommend_pkg.h"
157
#include "feature/dirauth/authmode.h"
158

159 160
#include "core/or/connection_st.h"
#include "core/or/port_cfg_st.h"
161

162 163 164 165 166 167
#ifdef HAVE_SYSTEMD
#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
 * Coverity. Here's a kludge to unconfuse it.
 */
#   define __INCLUDE_LEVEL__ 2
168
#endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
169
#include <systemd/sd-daemon.h>
170
#endif /* defined(HAVE_SYSTEMD) */
171

172
/* Prefix used to indicate a Unix socket in a FooPort configuration. */
173
static const char unix_socket_prefix[] = "unix:";
174 175 176
/* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
 * configuration. */
static const char unix_q_socket_prefix[] = "unix:\"";
177

178 179 180 181
/* limits for TCP send and recv buffer size used for constrained sockets */
#define MIN_CONSTRAINED_TCP_BUFFER 2048
#define MAX_CONSTRAINED_TCP_BUFFER 262144  /* 256k */

182 183 184 185 186
/** macro to help with the bulk rename of *DownloadSchedule to
 * *DowloadInitialDelay . */
#define DOWNLOAD_SCHEDULE(name) \
  { #name "DownloadSchedule", #name "DownloadInitialDelay", 0, 1 }

187 188
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
189
static config_abbrev_t option_abbrevs_[] = {
190 191 192 193
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
194
  PLURAL(EntryNode),
195 196
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
197
  PLURAL(LongLivedPort),
198 199
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
200
  PLURAL(NumCPU),
201
  PLURAL(RendNode),
202
  PLURAL(RecommendedPackage),
203
  PLURAL(RendExcludeNode),
204 205
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
206
  PLURAL(StrictNode),
207
  { "l", "Log", 1, 0},
208
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
209 210
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
211 212 213
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
214
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
215
  { "MaxConn", "ConnLimit", 0, 1},
216
  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
217 218 219
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
220 221 222 223
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
224 225
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
226
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
227
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
228
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
229
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
230
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
231
  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
232 233 234
  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },

235 236 237 238 239 240 241 242 243 244
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
  DOWNLOAD_SCHEDULE(TestingBridge),
  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
  DOWNLOAD_SCHEDULE(TestingClient),
  DOWNLOAD_SCHEDULE(TestingClientConsensus),
  DOWNLOAD_SCHEDULE(TestingServer),
  DOWNLOAD_SCHEDULE(TestingServerConsensus),

245 246
  { NULL, NULL, 0, 0},
};
247

248 249 250 251
/** dummy instance of or_options_t, used for type-checking its
 * members with CONF_CHECK_VAR_TYPE. */
DUMMY_TYPECHECK_INSTANCE(or_options_t);

Nick Mathewson's avatar
Nick Mathewson committed
252 253 254 255
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
256
#define VAR(name,conftype,member,initvalue)                             \
Neel Chauhan's avatar
Neel Chauhan committed
257
  { name, CONFIG_TYPE_ ## conftype, offsetof(or_options_t, member),     \
258
      initvalue CONF_TEST_MEMBERS(or_options_t, conftype, member) }
259 260 261
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
262
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
263 264 265
#ifdef TOR_UNIT_TESTS
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL, {.INT=NULL} }
#else
266
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
267
#endif
268

269 270 271 272 273 274 275 276 277 278 279
/**
 * Macro to declare *Port options.  Each one comes in three entries.
 * For example, most users should use "SocksPort" to configure the
 * socks port, but TorBrowser wants to use __SocksPort so that it
 * isn't stored by SAVECONF.  The SocksPortLines virtual option is
 * used to query both options from the controller.
 */
#define VPORT(member)                                           \
  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL),     \
  VAR(#member, LINELIST_S, member ## _lines, NULL),             \
  VAR("__" #member, LINELIST_S, member ## _lines, NULL)
280

281 282 283
/** UINT64_MAX as a decimal string */
#define UINT64_MAX_STRING "18446744073709551615"

Nick Mathewson's avatar
Nick Mathewson committed
284 285 286 287
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
288
static config_var_t option_vars_[] = {
289
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
290
  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
291 292
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
Nick Mathewson's avatar
Nick Mathewson committed
293
  OBSOLETE("AllowDotExit"),
294
  OBSOLETE("AllowInvalidNodes"),
295
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
296
  OBSOLETE("AllowSingleHopCircuits"),
297
  OBSOLETE("AllowSingleHopExits"),
298 299
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
300
  OBSOLETE("AlternateHSAuthority"),
301
  V(AssumeReachable,             BOOL,     "0"),
302 303
  OBSOLETE("AuthDirBadDir"),
  OBSOLETE("AuthDirBadDirCCs"),
304
  V(AuthDirBadExit,              LINELIST, NULL),
305
  V(AuthDirBadExitCCs,           CSV,      ""),
306
  V(AuthDirInvalid,              LINELIST, NULL),
307
  V(AuthDirInvalidCCs,           CSV,      ""),
308
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
309
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
310
  V(AuthDirPinKeys,              BOOL,     "1"),
311
  V(AuthDirReject,               LINELIST, NULL),
312
  V(AuthDirRejectCCs,            CSV,      ""),
313
  OBSOLETE("AuthDirRejectUnlisted"),
314
  OBSOLETE("AuthDirListBadDirs"),
315
  V(AuthDirListBadExits,         BOOL,     "0"),
316
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
317
  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
318
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
319 320 321 322
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
323 324
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
325 326
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
327
  V(BridgePassword,              STRING,   NULL),
328
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
329
  V(BridgeRelay,                 BOOL,     "0"),
330
  V(BridgeDistribution,          STRING,   NULL),
331
  VAR("CacheDirectory",          FILENAME, CacheDirectory_option, NULL),
332
  V(CacheDirectoryGroupReadable, AUTOBOOL,     "auto"),
333
  V(CellStatistics,              BOOL,     "0"),
334
  V(PaddingStatistics,           BOOL,     "1"),
335
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
336
  V(CircuitBuildTimeout,         INTERVAL, "0"),
337 338
  OBSOLETE("CircuitIdleTimeout"),
  V(CircuitsAvailableTimeout,    INTERVAL, "0"),
339
  V(CircuitStreamTimeout,        INTERVAL, "0"),
340
  V(CircuitPriorityHalflife,     DOUBLE,  "-1.0"), /*negative:'Use default'*/
341
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
342
  V(ClientOnly,                  BOOL,     "0"),
343 344
  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
345
  V(ClientRejectInternalAddresses, BOOL,   "1"),
346
  V(ClientTransportPlugin,       LINELIST, NULL),
347
  V(ClientUseIPv6,               BOOL,     "0"),
348
  V(ClientUseIPv4,               BOOL,     "1"),
349
  V(ConsensusParams,             STRING,   NULL),
350
  V(ConnLimit,                   UINT,     "1000"),
351
  V(ConnDirectionStatistics,     BOOL,     "0"),
352 353 354
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
355
  OBSOLETE("ControlListenAddress"),
356
  VPORT(ControlPort),
357
  V(ControlPortFileGroupReadable,BOOL,     "0"),
358
  V(ControlPortWriteToFile,      FILENAME, NULL),
359
  V(ControlSocket,               LINELIST, NULL),
360
  V(ControlSocketsGroupWritable, BOOL,     "0"),
361
  V(UnixSocksGroupWritable,    BOOL,     "0"),
362 363 364
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
365
  V(CountPrivateBandwidth,       BOOL,     "0"),
366
  VAR("DataDirectory",           FILENAME, DataDirectory_option, NULL),
367
  V(DataDirectoryGroupReadable,  BOOL,     "0"),
368
  V(DisableOOSCheck,             BOOL,     "1"),
369
  V(DisableNetwork,              BOOL,     "0"),
370
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
371
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
372
  OBSOLETE("DirListenAddress"),
373
  V(DirPolicy,                   LINELIST, NULL),
374
  VPORT(DirPort),
375
  V(DirPortFrontPage,            FILENAME, NULL),
376
  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
377
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
378
  V(DirCache,                    BOOL,     "1"),
379 380 381 382 383
  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
   * authority when all fallbacks are up, and 2% try an authority when 25% of
   * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
   *
   * We want to reduce load on authorities, but keep these two figures within
Nick Mathewson's avatar
Nick Mathewson committed
384 385
   * an order of magnitude, so there isn't too much load shifting to
   * authorities when fallbacks go down. */
386
  V(DirAuthorityFallbackRate,    DOUBLE,   "0.1"),
387
  V(DisableAllSwap,              BOOL,     "0"),
388
  V(DisableDebuggerAttachment,   BOOL,     "1"),
389
  OBSOLETE("DisableIOCP"),
390
  OBSOLETE("DisableV2DirectoryInfo_"),
391
  OBSOLETE("DynamicDHGroups"),
392
  VPORT(DNSPort),
393
  OBSOLETE("DNSListenAddress"),
394 395 396
  /* DoS circuit creation options. */
  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
  V(DoSCircuitCreationMinConnections,      UINT, "0"),
397
  V(DoSCircuitCreationRate,      UINT,     "0"),
398 399 400 401 402 403 404 405 406
  V(DoSCircuitCreationBurst,     UINT,     "0"),
  V(DoSCircuitCreationDefenseType,         INT,  "0"),
  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
  /* DoS connection options. */
  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
  V(DoSConnectionMaxConcurrentCount,       UINT, "0"),
  V(DoSConnectionDefenseType,    INT,      "0"),
  /* DoS single hop client options. */
  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
407
  V(DownloadExtraInfo,           BOOL,     "0"),
408
  V(TestingEnableConnBwEvent,    BOOL,     "0"),
409
  V(TestingEnableCellStatsEvent, BOOL,     "0"),
410
  OBSOLETE("TestingEnableTbEmptyEvent"),
411
  V(EnforceDistinctSubnets,      BOOL,     "1"),
412
  V(EntryNodes,                  ROUTERSET,   NULL),
413
  V(EntryStatistics,             BOOL,     "0"),
414
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
415 416
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
417
  OBSOLETE("ExcludeSingleHopRelays"),
418
  V(ExitNodes,                   ROUTERSET, NULL),
419 420
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
421
  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
422
  V(ExitPortStatistics,          BOOL,     "0"),
423
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
424
  V(ExitRelay,                   AUTOBOOL, "auto"),
425
  VPORT(ExtORPort),
426
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
427
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
428
  V(ExtraInfoStatistics,         BOOL,     "1"),
429
  V(ExtendByEd25519ID,           AUTOBOOL, "auto"),
430
  V(FallbackDir,                 LINELIST, NULL),
431

432
  V(UseDefaultFallbackDirs,      BOOL,     "1"),
433

434
  OBSOLETE("FallbackNetworkstatusFile"),
435 436
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
437
  OBSOLETE("FastFirstHopPK"),
438
  V(FetchDirInfoEarly,           BOOL,     "0"),
439
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
440 441 442
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
443
  OBSOLETE("FetchV2Networkstatus"),
444
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
445
#ifdef _WIN32
446
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
447
  V(GeoIPv6File,                 FILENAME, "<default>"),
448
#else
449 450
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
451 452
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
453
#endif /* defined(_WIN32) */
454
  OBSOLETE("Group"),
455
  V(GuardLifetime,               INTERVAL, "0 minutes"),
456
  V(HardwareAccel,               BOOL,     "0"),
457
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
Alexander Færøy's avatar
Alexander Færøy committed
458
  V(MainloopStats,               BOOL,     "0"),
459 460
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
461
  V(HashedControlPassword,       LINELIST, NULL),
462
  OBSOLETE("HidServDirectoryV2"),
Nick Mathewson's avatar
Nick Mathewson committed
463
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
464
  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
465 466
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
467
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
468
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
469
  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
470 471
  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
472
  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
473
  VAR("HiddenServiceExportCircuitID", LINELIST_S,  RendConfigLines, NULL),
Nick Mathewson's avatar
Nick Mathewson committed
474
  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
475
  V(HidServAuth,                 LINELIST, NULL),
476
  V(ClientOnionAuthDir,          FILENAME, NULL),
477
  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
478
  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
479 480
  V(HiddenServiceSingleHopMode,  BOOL,     "0"),
  V(HiddenServiceNonAnonymousMode,BOOL,    "0"),
481 482 483 484
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
485
  VPORT(HTTPTunnelPort),
486
  V(IPv6Exit,                    BOOL,     "0"),
487
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
488
  V(ServerTransportListenAddr,   LINELIST, NULL),
489
  V(ServerTransportOptions,      LINELIST, NULL),
490
  V(SigningKeyLifetime,          INTERVAL, "30 days"),
491 492 493 494
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
495 496
  VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
  V(KeyDirectoryGroupReadable,   BOOL,     "0"),
497 498
  VAR("HSLayer2Nodes",           ROUTERSET,  HSLayer2Nodes,  NULL),
  VAR("HSLayer3Nodes",           ROUTERSET,  HSLayer3Nodes,  NULL),
499
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
500
  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
501
  VAR("Log",                     LINELIST, Logs,             NULL),
502
  V(LogMessageDomains,           BOOL,     "0"),
503
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
Arlo Breault's avatar
Arlo Breault committed
504
  V(TruncateLogFile,             BOOL,     "0"),
Peter Palfrader's avatar
Peter Palfrader committed
505
  V(SyslogIdentityTag,           STRING,   NULL),
506
  V(AndroidIdentityTag,          STRING,   NULL),
507
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
508
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
509 510 511
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
512
  V(MaxClientCircuitsPending,    UINT,     "32"),
513
  V(MaxConsensusAgeForDiffs,     INTERVAL, "0 seconds"),
514
  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
515 516
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
517
  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
518
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
519
  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
520
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
521
  OBSOLETE("NamingAuthoritativeDirectory"),
522
  OBSOLETE("NATDListenAddress"),
523
  VPORT(NATDPort),
524
  V(Nickname,                    STRING,   NULL),
525
  OBSOLETE("PredictedPortsRelevanceTime"),
526
  OBSOLETE("WarnUnsafeSocks"),
527
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
528
  V(NoExec,                      BOOL,     "0"),
529
  V(NumCPUs,                     UINT,     "0"),
530
  V(NumDirectoryGuards,          UINT,     "0"),
531
  V(NumEntryGuards,              UINT,     "0"),
532
  V(NumPrimaryGuards,            UINT,     "0"),
Nick Mathewson's avatar
Nick Mathewson committed
533
  V(OfflineMasterKey,            BOOL,     "0"),
534
  OBSOLETE("ORListenAddress"),
535
  VPORT(ORPort),
536
  V(OutboundBindAddress,         LINELIST,   NULL),
537 538
  V(OutboundBindAddressOR,       LINELIST,   NULL),
  V(OutboundBindAddressExit,     LINELIST,   NULL),
539

540
  OBSOLETE("PathBiasDisableRate"),
541 542
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
543
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
544
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
545
  V(PathBiasScaleThreshold,      INT,      "-1"),
546 547
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
548
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
549 550 551 552 553 554
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
555

556
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
557 558
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
559
  V(PidFile,                     STRING,   NULL),
560
  V(TestingTorNetwork,           BOOL,     "0"),
561
  V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
562
  V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
563

564
  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
565 566 567 568 569
  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
  V(TestingSigningKeySlop,           INTERVAL, "1 day"),

570
  V(OptimisticData,              AUTOBOOL, "auto"),
571 572
  OBSOLETE("PortForwarding"),
  OBSOLETE("PortForwardingHelper"),
573
  OBSOLETE("PreferTunneledDirConns"),
574
  V(ProtocolWarnings,            BOOL,     "0"),
575
  V(PublishServerDescriptor,     CSV,      "1"),
576 577 578 579 580 581 582
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
583
  V(RecommendedPackages,         LINELIST, NULL),
584 585
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
586
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
587
  V(RejectPlaintextPorts,        CSV,      ""),
588 589 590 591 592
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
593
  V(ReducedExitPolicy,           BOOL,     "0"),
594
  OBSOLETE("RunTesting"), // currently unused
595
  V(Sandbox,                     BOOL,     "0"),
596
  V(SafeLogging,                 STRING,   "1"),
597
  V(SafeSocks,                   BOOL,     "0"),
598
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
599 600
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
601
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
602 603 604
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
605
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
606 607 608 609 610
  OBSOLETE("SchedulerLowWaterMark__"),
  OBSOLETE("SchedulerHighWaterMark__"),
  OBSOLETE("SchedulerMaxFlushCells__"),
  V(KISTSchedRunInterval,        MSEC_INTERVAL, "0 msec"),
  V(KISTSockBufSizeFactor,       DOUBLE,   "1.0"),
611
  V(Schedulers,                  CSV,      "KIST,KISTLite,Vanilla"),
612
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
613
  OBSOLETE("SocksListenAddress"),
614
  V(SocksPolicy,                 LINELIST, NULL),
615
  VPORT(SocksPort),
616
  V(SocksTimeout,                INTERVAL, "2 minutes"),
617
  V(SSLKeyLifetime,              INTERVAL, "0"),
618 619
  OBSOLETE("StrictEntryNodes"),
  OBSOLETE("StrictExitNodes"),
620
  V(StrictNodes,                 BOOL,     "0"),
621
  OBSOLETE("Support022HiddenServices"),
622
  V(TestSocks,                   BOOL,     "0"),
623
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
David Goulet's avatar
David Goulet committed
624 625
  OBSOLETE("Tor2webMode"),
  OBSOLETE("Tor2webRendezvousPoints"),
626
  OBSOLETE("TLSECGroup"),
627 628
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
629
  OBSOLETE("TransListenAddress"),
630
  VPORT(TransPort),
631
  V(TransProxyType,              STRING,   "default"),
632
  OBSOLETE("TunnelDirConns"),
633
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
634
  V(UseBridges,                  BOOL,     "0"),
635
  VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
Nick Mathewson's avatar
Nick Mathewson committed
636
  OBSOLETE("UseEntryGuardsAsDirGuards"),
637
  V(UseGuardFraction,            AUTOBOOL, "auto"),
638
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
639
  OBSOLETE("UseNTorHandshake"),
640
  V(User,                        STRING,   NULL),
641
  OBSOLETE("UserspaceIOCPBuffers"),
642
  V(AuthDirSharedRandomness,     BOOL,     "1"),
643
  V(AuthDirTestEd25519LinkKeys,  BOOL,     "1"),
644
  OBSOLETE("V1AuthoritativeDirectory"),
645
  OBSOLETE("V2AuthoritativeDirectory"),
646
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
647 648 649
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
650
  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
651 652 653 654
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
655
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
656
  V(V3BandwidthsFile,            FILENAME, NULL),
657
  V(GuardfractionFile,           FILENAME, NULL),
658
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
659
  OBSOLETE("VoteOnHidServDirectoriesV2"),
660 661
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
662
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
663 664
  OBSOLETE("UseFilteringSSLBufferevents"),
  OBSOLETE("__UseFilteringSSLBufferevents"),
665
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
666 667
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
668
  VAR("__DisableSignalHandlers", BOOL,  DisableSignalHandlers,    "0"),
669
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
670 671
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
672
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
673
  VAR("__OwningControllerFD", UINT64, OwningControllerFD, UINT64_MAX_STRING),
674
  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
675 676 677 678
  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
679
  /* With the ClientBootstrapConsensus*Download* below:
680
   * Clients with only authorities will try:
681 682
   *  - at least 3 authorities over 10 seconds, then exponentially backoff,
   *    with the next attempt 3-21 seconds later,
683
   * Clients with authorities and fallbacks will try:
684 685
   *  - at least 2 authorities and 4 fallbacks over 21 seconds, then
   *    exponentially backoff, with the next attempts 4-33 seconds later,
686
   * Clients will also retry when an application request arrives.
687
   * After a number of failed requests, clients retry every 3 days + 1 hour.
688 689 690 691 692 693
   *
   * Clients used to try 2 authorities over 10 seconds, then wait for
   * 60 minutes or an application request.
   *
   * When clients have authorities and fallbacks available, they use these
   * schedules: (we stagger the times to avoid thundering herds) */
694 695
  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
696
  /* When clients only have authorities available, they use this schedule: */
697
  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
698
    "0"),
699 700 701 702
  /* We don't want to overwhelm slow networks (or mirrors whose replies are
   * blocked), but we also don't want to fail if only some mirrors are
   * blackholed. Clients will try 3 directories simultaneously.
   * (Relays never use simultaneous connections.) */
703
  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
704 705
  /* When a client has any running bridges, check each bridge occasionally,
    * whether or not that bridge is actually up. */
706
  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
707 708 709 710
  /* When a client is just starting, or has no running bridges, check each
   * bridge a few times quickly, and then try again later. These schedules
   * are much longer than the other schedules, because we try each and every
   * configured bridge with this schedule. */
711
  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
712 713
  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
714 715 716 717 718 719
  OBSOLETE("TestingConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
  OBSOLETE("TestingDescriptorMaxDownloadTries"),
  OBSOLETE("TestingMicrodescMaxDownloadTries"),
  OBSOLETE("TestingCertMaxDownloadTries"),