80#include "trunnel/conflux.h"
81#include "core/or/dos.h"
133#ifdef HAVE_SYS_STAT_H
136#ifdef HAVE_SYS_PARAM_H
137#include <sys/param.h>
165# if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
169# define __INCLUDE_LEVEL__ 2
171#include <systemd/sd-daemon.h>
175static const char unix_socket_prefix[] =
"unix:";
178static const char unix_q_socket_prefix[] =
"unix:\"";
181#define MIN_CONSTRAINED_TCP_BUFFER 2048
182#define MAX_CONSTRAINED_TCP_BUFFER 262144
187#define DOWNLOAD_SCHEDULE(name) \
188 { (#name "DownloadSchedule"), (#name "DownloadInitialDelay"), 0, 1 }
190#define DOWNLOAD_SCHEDULE(name) { NULL, NULL, 0, 1 }
199 PLURAL(AuthDirMiddleOnlyCC),
205 PLURAL(HiddenServiceNode),
206 PLURAL(HiddenServiceExcludeNode),
209 PLURAL(RecommendedPackage),
215 {
"AllowUnverifiedNodes",
"AllowInvalidNodes", 0, 0},
216 {
"AutomapHostSuffixes",
"AutomapHostsSuffixes", 0, 0},
217 {
"AutomapHostOnResolve",
"AutomapHostsOnResolve", 0, 0},
218 {
"BandwidthRateBytes",
"BandwidthRate", 0, 0},
219 {
"BandwidthBurstBytes",
"BandwidthBurst", 0, 0},
220 {
"DirFetchPostPeriod",
"StatusFetchPeriod", 0, 0},
221 {
"DirServer",
"DirAuthority", 0, 0},
222 {
"MaxConn",
"ConnLimit", 0, 1},
223 {
"MaxMemInCellQueues",
"MaxMemInQueues", 0, 0},
224 {
"ORBindAddress",
"ORListenAddress", 0, 0},
225 {
"DirBindAddress",
"DirListenAddress", 0, 0},
226 {
"SocksBindAddress",
"SocksListenAddress", 0, 0},
227 {
"UseHelperNodes",
"UseEntryGuards", 0, 0},
228 {
"NumHelperNodes",
"NumEntryGuards", 0, 0},
229 {
"UseEntryNodes",
"UseEntryGuards", 0, 0},
230 {
"NumEntryNodes",
"NumEntryGuards", 0, 0},
231 {
"ResolvConf",
"ServerDNSResolvConfFile", 0, 1},
232 {
"SearchDomains",
"ServerDNSSearchDomains", 0, 1},
233 {
"ServerDNSAllowBrokenResolvConf",
"ServerDNSAllowBrokenConfig", 0, 0},
234 {
"PreferTunnelledDirConns",
"PreferTunneledDirConns", 0, 0},
235 {
"BridgeAuthoritativeDirectory",
"BridgeAuthoritativeDir", 0, 0},
236 {
"HashedControlPassword",
"__HashedControlSessionPassword", 1, 0},
237 {
"VirtualAddrNetwork",
"VirtualAddrNetworkIPv4", 0, 0},
238 {
"SocksSocketsGroupWritable",
"UnixSocksGroupWritable", 0, 1},
239 {
"_HSLayer2Nodes",
"HSLayer2Nodes", 0, 1 },
240 {
"_HSLayer3Nodes",
"HSLayer3Nodes", 0, 1 },
263#define VAR(varname,conftype,member,initvalue) \
264 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, 0, initvalue)
267#define VAR_D(varname,conftype,member,initvalue) \
268 CONFIG_VAR_DEFN(or_options_t, varname, conftype, member, 0, initvalue)
270#define VAR_NODUMP(varname,conftype,member,initvalue) \
271 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
272 CFLG_NODUMP, initvalue)
273#define VAR_NODUMP_IMMUTABLE(varname,conftype,member,initvalue) \
274 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
275 CFLG_NODUMP | CFLG_IMMUTABLE, initvalue)
276#define VAR_INVIS(varname,conftype,member,initvalue) \
277 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
278 CFLG_NODUMP | CFLG_NOSET | CFLG_NOLIST, initvalue)
280#define V(member,conftype,initvalue) \
281 VAR(#member, conftype, member, initvalue)
283#define VAR_IMMUTABLE(varname, conftype, member, initvalue) \
284 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
285 CFLG_IMMUTABLE, initvalue)
287#define V_IMMUTABLE(member,conftype,initvalue) \
288 VAR_IMMUTABLE(#member, conftype, member, initvalue)
291#define V_D(member,type,initvalue) \
292 VAR_D(#member, type, member, initvalue)
295#define OBSOLETE(varname) CONFIG_VAR_OBSOLETE(varname)
304#define VPORT(member) \
305 VAR(#member "Lines", LINELIST_V, member ## _lines, NULL), \
306 VAR(#member, LINELIST_S, member ## _lines, NULL), \
307 VAR_NODUMP("__" #member, LINELIST_S, member ## _lines, NULL)
310#define UINT64_MAX_STRING "18446744073709551615"
317 V(AccountingMax, MEMUNIT,
"0 bytes"),
318 VAR(
"AccountingRule", STRING, AccountingRule_option,
"max"),
319 V(AccountingStart, STRING, NULL),
320 V(Address, LINELIST, NULL),
321 V(AddressDisableIPv6, BOOL,
"0"),
324 V(AllowNonRFC953Hostnames, BOOL,
"0"),
327 V(AlternateBridgeAuthority, LINELIST, NULL),
328 V(AlternateDirAuthority, LINELIST, NULL),
330 V(AssumeReachable, BOOL,
"0"),
331 V(AssumeReachableIPv6, AUTOBOOL,
"auto"),
334 V(AuthDirBadExit, LINELIST, NULL),
335 V(AuthDirBadExitCCs, CSV,
""),
336 V(AuthDirInvalid, LINELIST, NULL),
337 V(AuthDirInvalidCCs, CSV,
""),
338 V(AuthDirMiddleOnly, LINELIST, NULL),
339 V(AuthDirMiddleOnlyCCs, CSV,
""),
340 V(AuthDirReject, LINELIST, NULL),
341 V(AuthDirRejectCCs, CSV,
""),
344 OBSOLETE(
"AuthDirMaxServersPerAuthAddr"),
345 VAR(
"AuthoritativeDirectory", BOOL, AuthoritativeDir,
"0"),
346 V(AutomapHostsOnResolve, BOOL,
"0"),
347 V(AutomapHostsSuffixes, CSV,
".onion,.exit"),
348 V(AvoidDiskWrites, BOOL,
"0"),
349 V(BandwidthBurst, MEMUNIT,
"1 GB"),
350 V(BandwidthRate, MEMUNIT,
"1 GB"),
351 V(BridgeAuthoritativeDir, BOOL,
"0"),
352 VAR(
"Bridge", LINELIST, Bridges, NULL),
353 V(BridgePassword, STRING, NULL),
354 V(BridgeRecordUsageByCountry, BOOL,
"1"),
355 V(BridgeRelay, BOOL,
"0"),
356 V(BridgeDistribution, STRING, NULL),
357 VAR_IMMUTABLE(
"CacheDirectory",FILENAME, CacheDirectory_option, NULL),
358 V(CacheDirectoryGroupReadable, AUTOBOOL,
"auto"),
359 V(CellStatistics, BOOL,
"0"),
360 V(PaddingStatistics, BOOL,
"1"),
361 V(OverloadStatistics, BOOL,
"1"),
362 V(LearnCircuitBuildTimeout, BOOL,
"1"),
363 V(CircuitBuildTimeout, INTERVAL,
"0"),
365 V(CircuitsAvailableTimeout, INTERVAL,
"0"),
366 V(CircuitStreamTimeout, INTERVAL,
"0"),
367 V(CircuitPriorityHalflife, DOUBLE,
"-1.0"),
368 V(ClientDNSRejectInternalAddresses, BOOL,
"1"),
369#if defined(HAVE_MODULE_RELAY) || defined(TOR_UNIT_TESTS)
371 V(ClientOnly, BOOL,
"0"),
374 V(ClientOnly, BOOL,
"1"),
376 V(ClientPreferIPv6ORPort, AUTOBOOL,
"auto"),
377 V(ClientPreferIPv6DirPort, AUTOBOOL,
"auto"),
379 V(ClientRejectInternalAddresses, BOOL,
"1"),
380 V(ClientTransportPlugin, LINELIST, NULL),
381 V(ClientUseIPv6, BOOL,
"1"),
382 V(ClientUseIPv4, BOOL,
"1"),
383 V(CompiledProofOfWorkHash, AUTOBOOL,
"auto"),
384 V(ConfluxEnabled, AUTOBOOL,
"auto"),
385 VAR(
"ConfluxClientUX", STRING, ConfluxClientUX_option,
387 V(ConnLimit, POSINT,
"1000"),
388 V(ConnDirectionStatistics, BOOL,
"0"),
389 V(ConstrainedSockets, BOOL,
"0"),
390 V(ConstrainedSockSize, MEMUNIT,
"8192"),
391 V(ContactInfo, STRING, NULL),
394 V(ControlPortFileGroupReadable,BOOL,
"0"),
395 V(ControlPortWriteToFile, FILENAME, NULL),
396 V(ControlSocket, LINELIST, NULL),
397 V(ControlSocketsGroupWritable, BOOL,
"0"),
398 V(UnixSocksGroupWritable, BOOL,
"0"),
399 V(CookieAuthentication, BOOL,
"0"),
400 V(CookieAuthFileGroupReadable, BOOL,
"0"),
401 V(CookieAuthFile, FILENAME, NULL),
402 V(CountPrivateBandwidth, BOOL,
"0"),
403 VAR_IMMUTABLE(
"DataDirectory", FILENAME, DataDirectory_option, NULL),
404 V(DataDirectoryGroupReadable, BOOL,
"0"),
405 V(DisableOOSCheck, BOOL,
"1"),
406 V(DisableNetwork, BOOL,
"0"),
407 V(DirAllowPrivateAddresses, BOOL,
"0"),
409 V(DirPolicy, LINELIST, NULL),
411 V(DirPortFrontPage, FILENAME, NULL),
412 VAR(
"DirReqStatistics", BOOL, DirReqStatistics_option,
"1"),
413 VAR(
"DirAuthority", LINELIST, DirAuthorities, NULL),
414#if defined(HAVE_MODULE_RELAY) || defined(TOR_UNIT_TESTS)
416 V(DirCache, BOOL,
"1"),
419 V(DirCache, BOOL,
"0"),
428 V(DirAuthorityFallbackRate, DOUBLE,
"0.1"),
429 V_IMMUTABLE(DisableAllSwap, BOOL,
"0"),
430 V_IMMUTABLE(DisableDebuggerAttachment, BOOL,
"1"),
432 OBSOLETE(
"DisableV2DirectoryInfo_"),
436 V(DormantClientTimeout, INTERVAL,
"24 hours"),
437 V(DormantTimeoutEnabled, BOOL,
"1"),
438 V(DormantTimeoutDisabledByIdleStreams, BOOL,
"1"),
439 V(DormantOnFirstStartup, BOOL,
"0"),
440 V(DormantCanceledByStartup, BOOL,
"0"),
441 V(DownloadExtraInfo, BOOL,
"0"),
442 V(TestingEnableConnBwEvent, BOOL,
"0"),
443 V(TestingEnableCellStatsEvent, BOOL,
"0"),
444 OBSOLETE(
"TestingEnableTbEmptyEvent"),
445 V(EnforceDistinctSubnets, BOOL,
"1"),
446 V_D(EntryNodes, ROUTERSET, NULL),
447 V(EntryStatistics, BOOL,
"0"),
448 OBSOLETE(
"TestingEstimatedDescriptorPropagationTime"),
449 V_D(ExcludeNodes, ROUTERSET, NULL),
450 V_D(ExcludeExitNodes, ROUTERSET, NULL),
452 V_D(ExitNodes, ROUTERSET, NULL),
456 V_D(MiddleNodes, ROUTERSET, NULL),
457 V(ExitPolicy, LINELIST, NULL),
458 V(ExitPolicyRejectPrivate, BOOL,
"1"),
459 V(ExitPolicyRejectLocalInterfaces, BOOL,
"0"),
460 V(ExitPortStatistics, BOOL,
"0"),
461 V(ExtendAllowPrivateAddresses, BOOL,
"0"),
462 V(ExitRelay, AUTOBOOL,
"auto"),
464 V(ExtORPortCookieAuthFile, FILENAME, NULL),
465 V(ExtORPortCookieAuthFileGroupReadable, BOOL,
"0"),
466 V(ExtraInfoStatistics, BOOL,
"1"),
467 V(ExtendByEd25519ID, AUTOBOOL,
"auto"),
468 V(FallbackDir, LINELIST, NULL),
470 V(UseDefaultFallbackDirs, BOOL,
"1"),
472 OBSOLETE(
"FallbackNetworkstatusFile"),
473 V(FascistFirewall, BOOL,
"0"),
474 V(FirewallPorts, CSV,
""),
476 V(FetchDirInfoEarly, BOOL,
"0"),
477 V(FetchDirInfoExtraEarly, BOOL,
"0"),
478 V(FetchServerDescriptors, BOOL,
"1"),
479 V(FetchHidServDescriptors, BOOL,
"1"),
480 V(FetchUselessDescriptors, BOOL,
"0"),
482 V(GeoIPExcludeUnknown, AUTOBOOL,
"auto"),
484 V(GeoIPFile, FILENAME,
"<default>"),
485 V(GeoIPv6File, FILENAME,
"<default>"),
486#elif defined(__ANDROID__)
491 V(GeoIPFile, FILENAME,
"/data/local/tmp/geoip"),
492 V(GeoIPv6File, FILENAME,
"/data/local/tmp/geoip6"),
494 V(GeoIPFile, FILENAME,
495 SHARE_DATADIR PATH_SEPARATOR
"tor" PATH_SEPARATOR
"geoip"),
496 V(GeoIPv6File, FILENAME,
497 SHARE_DATADIR PATH_SEPARATOR
"tor" PATH_SEPARATOR
"geoip6"),
500 V(GuardLifetime, INTERVAL,
"0 minutes"),
501 V(HeartbeatPeriod, INTERVAL,
"6 hours"),
502 V(MainloopStats, BOOL,
"0"),
503 V(HashedControlPassword, LINELIST, NULL),
505 OBSOLETE(
"HiddenServiceAuthorizeClient"),
507 VAR(
"HiddenServiceDir", LINELIST_S, RendConfigLines, NULL),
508 VAR(
"HiddenServiceDirGroupReadable", LINELIST_S, RendConfigLines, NULL),
509 VAR(
"HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL),
510 VAR(
"HiddenServicePort", LINELIST_S, RendConfigLines, NULL),
511 VAR(
"HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL),
512 VAR(
"HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
513 VAR(
"HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
514 VAR(
"HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
515 VAR(
"HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
516 VAR(
"HiddenServiceExportCircuitID", LINELIST_S, RendConfigLines, NULL),
517 VAR(
"HiddenServiceEnableIntroDoSDefense", LINELIST_S, RendConfigLines, NULL),
518 VAR(
"HiddenServiceEnableIntroDoSRatePerSec",
519 LINELIST_S, RendConfigLines, NULL),
520 VAR(
"HiddenServiceEnableIntroDoSBurstPerSec",
521 LINELIST_S, RendConfigLines, NULL),
522 VAR(
"HiddenServiceOnionBalanceInstance",
523 LINELIST_S, RendConfigLines, NULL),
524 VAR(
"HiddenServicePoWDefensesEnabled", LINELIST_S, RendConfigLines, NULL),
525 VAR(
"HiddenServicePoWQueueRate", LINELIST_S, RendConfigLines, NULL),
526 VAR(
"HiddenServicePoWQueueBurst", LINELIST_S, RendConfigLines, NULL),
527 VAR(
"HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option,
"1"),
528 V(ClientOnionAuthDir, FILENAME, NULL),
529 OBSOLETE(
"CloseHSClientCircuitsImmediatelyOnTimeout"),
530 OBSOLETE(
"CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
531 V_IMMUTABLE(HiddenServiceSingleHopMode, BOOL,
"0"),
532 V_IMMUTABLE(HiddenServiceNonAnonymousMode,BOOL,
"0"),
533 V(HTTPProxy, STRING, NULL),
534 V(HTTPProxyAuthenticator, STRING, NULL),
535 V(HTTPSProxy, STRING, NULL),
536 V(HTTPSProxyAuthenticator, STRING, NULL),
537 VPORT(HTTPTunnelPort),
538 V(IPv6Exit, BOOL,
"0"),
539 VAR(
"ServerTransportPlugin", LINELIST, ServerTransportPlugin, NULL),
540 V(ServerTransportListenAddr, LINELIST, NULL),
541 V(ServerTransportOptions, LINELIST, NULL),
542 V(SigningKeyLifetime, INTERVAL,
"30 days"),
543 V(Socks4Proxy, STRING, NULL),
544 V(Socks5Proxy, STRING, NULL),
545 V(Socks5ProxyUsername, STRING, NULL),
546 V(Socks5ProxyPassword, STRING, NULL),
547 V(TCPProxy, STRING, NULL),
548 VAR_IMMUTABLE(
"KeyDirectory", FILENAME, KeyDirectory_option, NULL),
549 V(KeyDirectoryGroupReadable, AUTOBOOL,
"auto"),
550 VAR_D(
"HSLayer2Nodes", ROUTERSET, HSLayer2Nodes, NULL),
551 VAR_D(
"HSLayer3Nodes", ROUTERSET, HSLayer3Nodes, NULL),
552 V(KeepalivePeriod, INTERVAL,
"5 minutes"),
553 V_IMMUTABLE(KeepBindCapabilities, AUTOBOOL,
"auto"),
554 VAR(
"Log", LINELIST, Logs, NULL),
555 V(LogMessageDomains, BOOL,
"0"),
556 V(LogTimeGranularity, MSEC_INTERVAL,
"1 second"),
557 V(TruncateLogFile, BOOL,
"0"),
558 V_IMMUTABLE(SyslogIdentityTag, STRING, NULL),
560 V(LongLivedPorts, CSV,
561 "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
562 VAR(
"MapAddress", LINELIST, AddressMap, NULL),
563 V(MaxAdvertisedBandwidth, MEMUNIT,
"1 GB"),
564 V(MaxCircuitDirtiness, INTERVAL,
"10 minutes"),
565 V(MaxClientCircuitsPending, POSINT,
"32"),
566 V(MaxConsensusAgeForDiffs, INTERVAL,
"0 seconds"),
567 VAR(
"MaxMemInQueues", MEMUNIT, MaxMemInQueues_raw,
"0"),
569 V(MaxOnionQueueDelay, MSEC_INTERVAL,
"0"),
570 V(MaxUnparseableDescSizeToLog, MEMUNIT,
"10 MB"),
572 V(MetricsPortPolicy, LINELIST, NULL),
573 V(TestingMinTimeToReportBandwidth, INTERVAL,
"1 day"),
574 VAR(
"MyFamily", LINELIST, MyFamily_lines, NULL),
575 V(NewCircuitPeriod, INTERVAL,
"30 seconds"),
576 OBSOLETE(
"NamingAuthoritativeDirectory"),
579 V(Nickname, STRING, NULL),
580 OBSOLETE(
"PredictedPortsRelevanceTime"),
582 VAR(
"NodeFamily", LINELIST, NodeFamilies, NULL),
583 V_IMMUTABLE(NoExec, BOOL,
"0"),
584 V(NumCPUs, POSINT,
"0"),
585 V(NumDirectoryGuards, POSINT,
"0"),
586 V(NumEntryGuards, POSINT,
"0"),
587 V(NumPrimaryGuards, POSINT,
"0"),
588 V(OfflineMasterKey, BOOL,
"0"),
591 V(OutboundBindAddress, LINELIST, NULL),
592 V(OutboundBindAddressOR, LINELIST, NULL),
593 V(OutboundBindAddressExit, LINELIST, NULL),
594 V(OutboundBindAddressPT, LINELIST, NULL),
597 V(PathBiasCircThreshold, INT,
"-1"),
598 V(PathBiasNoticeRate, DOUBLE,
"-1"),
599 V(PathBiasWarnRate, DOUBLE,
"-1"),
600 V(PathBiasExtremeRate, DOUBLE,
"-1"),
601 V(PathBiasScaleThreshold, INT,
"-1"),
604 V(PathBiasDropGuards, AUTOBOOL,
"0"),
607 V(PathBiasUseThreshold, INT,
"-1"),
608 V(PathBiasNoticeUseRate, DOUBLE,
"-1"),
609 V(PathBiasExtremeUseRate, DOUBLE,
"-1"),
610 V(PathBiasScaleUseThreshold, INT,
"-1"),
612 V(PathsNeededToBuildCircuits, DOUBLE,
"-1"),
613 V(PerConnBWBurst, MEMUNIT,
"0"),
614 V(PerConnBWRate, MEMUNIT,
"0"),
615 V_IMMUTABLE(PidFile, FILENAME, NULL),
616 V_IMMUTABLE(TestingTorNetwork, BOOL,
"0"),
618 V(TestingLinkCertLifetime, INTERVAL,
"2 days"),
619 V(TestingAuthKeyLifetime, INTERVAL,
"2 days"),
620 V(TestingLinkKeySlop, INTERVAL,
"3 hours"),
621 V(TestingAuthKeySlop, INTERVAL,
"3 hours"),
622 V(TestingSigningKeySlop, INTERVAL,
"1 day"),
628 V(ProtocolWarnings, BOOL,
"0"),
629 V(PublishServerDescriptor, CSV,
"1"),
630 V(PublishHidServDescriptors, BOOL,
"1"),
631 V(ReachableAddresses, LINELIST, NULL),
632 V(ReachableDirAddresses, LINELIST, NULL),
633 V(ReachableORAddresses, LINELIST, NULL),
635 V(ReducedConnectionPadding, BOOL,
"0"),
636 V(ConnectionPadding, AUTOBOOL,
"auto"),
637 V(RefuseUnknownExits, AUTOBOOL,
"auto"),
638 V(CircuitPadding, BOOL,
"1"),
639 V(ReconfigDropsBridgeDescs, BOOL,
"0"),
640 V(ReducedCircuitPadding, BOOL,
"0"),
641 V(RejectPlaintextPorts, CSV,
""),
642 V(RelayBandwidthBurst, MEMUNIT,
"0"),
643 V(RelayBandwidthRate, MEMUNIT,
"0"),
644 V(RephistTrackTime, INTERVAL,
"24 hours"),
645 V_IMMUTABLE(RunAsDaemon, BOOL,
"0"),
646 V(ReducedExitPolicy, BOOL,
"0"),
647 V(ReevaluateExitPolicy, BOOL,
"0"),
649 V_IMMUTABLE(Sandbox, BOOL,
"0"),
650 V(SafeLogging, STRING,
"1"),
651 V(SafeSocks, BOOL,
"0"),
652 V(ServerDNSAllowBrokenConfig, BOOL,
"1"),
653 V(ServerDNSAllowNonRFC953Hostnames, BOOL,
"0"),
654 V(ServerDNSDetectHijacking, BOOL,
"1"),
655 V(ServerDNSRandomizeCase, BOOL,
"1"),
656 V(ServerDNSResolvConfFile, FILENAME, NULL),
657 V(ServerDNSSearchDomains, BOOL,
"0"),
658 V(ServerDNSTestAddresses, CSV,
659 "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
660 OBSOLETE(
"SchedulerLowWaterMark__"),
661 OBSOLETE(
"SchedulerHighWaterMark__"),
662 OBSOLETE(
"SchedulerMaxFlushCells__"),
663 V(KISTSchedRunInterval, MSEC_INTERVAL,
"0 msec"),
664 V(KISTSockBufSizeFactor, DOUBLE,
"1.0"),
665 V(Schedulers, CSV,
"KIST,KISTLite,Vanilla"),
666 V(ShutdownWaitLength, INTERVAL,
"30 seconds"),
668 V(SocksPolicy, LINELIST, NULL),
670 V(SocksTimeout, INTERVAL,
"2 minutes"),
671 V(SSLKeyLifetime, INTERVAL,
"0"),
674 V(StrictNodes, BOOL,
"0"),
675 OBSOLETE(
"Support022HiddenServices"),
676 V(TestSocks, BOOL,
"0"),
677 V_IMMUTABLE(TokenBucketRefillInterval, MSEC_INTERVAL,
"100 msec"),
679 OBSOLETE(
"Tor2webRendezvousPoints"),
681 V(TrackHostExits, CSV, NULL),
682 V(TrackHostExitsExpire, INTERVAL,
"30 minutes"),
685 V(TransProxyType, STRING,
"default"),
687 V(UpdateBridgesFromAuthority, BOOL,
"0"),
688 V(UseBridges, BOOL,
"0"),
689 VAR(
"UseEntryGuards", BOOL, UseEntryGuards_option,
"1"),
690 OBSOLETE(
"UseEntryGuardsAsDirGuards"),
691 V(UseGuardFraction, AUTOBOOL,
"auto"),
692 V(VanguardsLiteEnabled, AUTOBOOL,
"auto"),
693 V(UseMicrodescriptors, AUTOBOOL,
"auto"),
695 VAR(
"__AlwaysCongestionControl", BOOL, AlwaysCongestionControl,
"0"),
696 VAR(
"__SbwsExit", BOOL, SbwsExit,
"0"),
697 V_IMMUTABLE(User, STRING, NULL),
699 OBSOLETE(
"V1AuthoritativeDirectory"),
700 OBSOLETE(
"V2AuthoritativeDirectory"),
701 VAR(
"V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,
"0"),
702 V(TestingV3AuthInitialVotingInterval, INTERVAL,
"30 minutes"),
703 V(TestingV3AuthInitialVoteDelay, INTERVAL,
"5 minutes"),
704 V(TestingV3AuthInitialDistDelay, INTERVAL,
"5 minutes"),
705 V(TestingV3AuthVotingStartOffset, INTERVAL,
"0"),
706 V(V3AuthVotingInterval, INTERVAL,
"1 hour"),
707 V(V3AuthVoteDelay, INTERVAL,
"5 minutes"),
708 V(V3AuthDistDelay, INTERVAL,
"5 minutes"),
709 V(V3AuthNIntervalsValid, POSINT,
"3"),
710 V(V3AuthUseLegacyKey, BOOL,
"0"),
711 V(V3BandwidthsFile, FILENAME, NULL),
712 V(GuardfractionFile, FILENAME, NULL),
713 OBSOLETE(
"VoteOnHidServDirectoriesV2"),
714 V(VirtualAddrNetworkIPv4, STRING,
"127.192.0.0/10"),
715 V(VirtualAddrNetworkIPv6, STRING,
"[FE80::]/10"),
716 V(WarnPlaintextPorts, CSV,
"23,109,110,143"),
717 OBSOLETE(
"UseFilteringSSLBufferevents"),
718 OBSOLETE(
"__UseFilteringSSLBufferevents"),
719 VAR_NODUMP(
"__ReloadTorrcOnSIGHUP", BOOL, ReloadTorrcOnSIGHUP,
"1"),
720 VAR_NODUMP(
"__AllDirActionsPrivate", BOOL, AllDirActionsPrivate,
"0"),
721 VAR_NODUMP(
"__DisablePredictedCircuits",BOOL,DisablePredictedCircuits,
"0"),
722 VAR_NODUMP_IMMUTABLE(
"__DisableSignalHandlers", BOOL,
723 DisableSignalHandlers,
"0"),
724 VAR_NODUMP(
"__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached,
"0"),
725 VAR_NODUMP(
"__HashedControlSessionPassword", LINELIST,
726 HashedControlSessionPassword,
728 VAR_NODUMP(
"__OwningControllerProcess",STRING,
729 OwningControllerProcess, NULL),
730 VAR_NODUMP_IMMUTABLE(
"__OwningControllerFD", UINT64, OwningControllerFD,
732 V(TestingServerDownloadInitialDelay, CSV_INTERVAL,
"0"),
733 V(TestingClientDownloadInitialDelay, CSV_INTERVAL,
"0"),
734 V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL,
"0"),
735 V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL,
"0"),
751 V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL,
"6"),
752 V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL,
"0"),
754 V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
760 V(ClientBootstrapConsensusMaxInProgressTries, POSINT,
"3"),
763 V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,
"10800"),
768 V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL,
"0"),
769 V(TestingClientMaxIntervalWithoutRequest, INTERVAL,
"10 minutes"),
770 V(TestingDirConnectionMaxStall, INTERVAL,
"5 minutes"),
771 OBSOLETE(
"TestingConsensusMaxDownloadTries"),
772 OBSOLETE(
"ClientBootstrapConsensusMaxDownloadTries"),
773 OBSOLETE(
"ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
774 OBSOLETE(
"TestingDescriptorMaxDownloadTries"),
775 OBSOLETE(
"TestingMicrodescMaxDownloadTries"),
776 OBSOLETE(
"TestingCertMaxDownloadTries"),
777 VAR_INVIS(
"___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_,
786#include "auth_dirs.inc"
796#include "fallback_dirs.inc"
808#include "testnet.inc"
819 {
"HTTPProxy",
"It only applies to direct unencrypted HTTP connections "
820 "to your directory server, which your Tor probably wasn't using." },
821 {
"HTTPProxyAuthenticator",
"HTTPProxy is deprecated in favor of HTTPSProxy "
822 "which should be used with HTTPSProxyAuthenticator." },
826 {
"ReachableDirAddresses",
"It has no effect on relays, and has had no "
827 "effect on clients since 0.2.8." },
828 {
"ClientPreferIPv6DirPort",
"It has no effect on relays, and has had no "
829 "effect on clients since 0.2.8." },
833 {
"ClientAutoIPv6ORPort",
"This option is unreliable if a connection isn't "
834 "reliably dual-stack."},
841static char *get_windows_conf_root(
void);
852static int opt_streq(
const char *s1,
const char *s2);
870#define OR_OPTIONS_MAGIC 9090909
881 .deprecations = option_deprecation_notes_,
886 .has_config_suite =
true,
887 .config_suite_offset = offsetof(
or_options_t, subconfigs_),
920 if (PREDICT_UNLIKELY(options_mgr == NULL)) {
929#define CHECK_OPTIONS_MAGIC(opt) STMT_BEGIN \
930 config_check_toplevel_magic(get_options_mgr(), (opt)); \
968 next = &(*next)->next;
995 "Acting on config options left us in a broken state. Dying.");
1007 connection_reapply_exit_policy(changes);
1008 config_free_lines(changes);
1012 or_options_free(old_options);
1028 CHECK_OPTIONS_MAGIC(opts);
1034 rs, routerset_free(rs));
1050 tor_free(options->master_key_fname);
1051 config_free_lines(options->
MyFamily);
1088 config_mgr_free(options_mgr);
1105 if (options->SafeLogging_ == SAFELOG_SCRUB_ALL)
1106 return "[scrubbed]";
1126 if (options->SafeLogging_ != SAFELOG_SCRUB_NONE)
1127 return "[scrubbed]";
1138 if (
get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
1139 return "[scrubbed]";
1150 if (
get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
1151 return "[scrubbed]";
1216 log_err(
LD_BUG,
"Couldn't parse internal DirAuthority line %s",
1230 log_err(
LD_BUG,
"Couldn't parse internal FallbackDir line %s",
1249 "You cannot set both DirAuthority and Alternate*Authority.");
1263 "You have used DirAuthority or AlternateDirAuthority to "
1264 "specify alternate directory authorities in "
1265 "your configuration. This is potentially dangerous: it can "
1266 "make you look different from all other Tor users, and hurt "
1267 "your anonymity. Even if you've specified the same "
1268 "authorities as Tor uses by default, the defaults could "
1269 "change in the future. Be sure you know what you're doing.");
1283 for (cl = options->
FallbackDir; cl; cl = cl->next)
1297 int need_to_update =
1298 !smartlist_len(router_get_trusted_dir_servers()) ||
1299 !smartlist_len(router_get_fallback_dir_servers()) || !old_options ||
1308 if (!need_to_update)
1338 if (type != NO_DIRINFO)
1351 for (cl = options->
FallbackDir; cl; cl = cl->next)
1365 const char *directory,
1370 cpd_check_t cpd_opts = create ? CPD_CREATE : CPD_CHECK;
1372 cpd_opts |= CPD_GROUP_READ;
1377 "Couldn't %s private data directory \"%s\"",
1378 create ?
"create" :
"access",
1384 if (group_readable) {
1386 if (chmod(directory, 0750)) {
1387 log_warn(
LD_FS,
"Unable to make %s group-readable: %s",
1388 directory, strerror(errno));
1406 cpd_opts |= CPD_GROUP_READ;
1408 log_err(
LD_OR,
"Can't create/check datadirectory %s",
1421static int have_low_ports = -1;
1450 sd_notifyf(0,
"MAINPID=%ld\n", (
long int)getpid());
1458 control_initialize_event_queue();
1472 *msg_out = tor_strdup(
"DisableAllSwap failure. Do you have proper "
1491 if (options->
User) {
1493 unsigned switch_id_flags = 0;
1503 *msg_out = tor_strdup(
"Problem with User value. See logs for details.");
1523 if (subdir_gr != -1) {
1529 if (0 == strcmp(subdir, datadir)) {
1571 key_dir_group_readable,
1585 cache_dir_group_readable,
1628 if (! running_tor) {
1637 *msg_out = tor_strdup(
"Problem with ConnLimit value. "
1638 "See logs for details.");
1651 if (
parse_ports(options, 0, msg_out, &n_ports, NULL)) {
1653 *msg_out = tor_strdup(
"Unexpected problem parsing port config");
1668 *msg_out = tor_strdup(
"Failed to bind one of the listener ports.");
1674 log_notice(
LD_NET,
"DisableNetwork is set. Tor will not make or accept "
1675 "non-control network connections. Shutting down all existing "
1682#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
1684 if (options->TransPort_set &&
1686 if (get_pf_socket() < 0) {
1687 *msg_out = tor_strdup(
"Unable to open /dev/pf for transparent proxy.");
1721 int socks_in_reserve = options->
ConnLimit_ / 20;
1722 if (socks_in_reserve > 64) socks_in_reserve = 64;
1727 "Recomputed OOS thresholds: ConnLimit %d, ConnLimit_ %d, "
1728 "ConnLimit_high_thresh %d, ConnLimit_low_thresh %d",
1758 log_notice(LD_NET,
"Closing partially-constructed %s",
1759 connection_describe(conn));
1760 connection_close_immediate(conn);
1761 connection_mark_for_close(conn);
1807 old_options->SafeLogging_ != options->SafeLogging_;
1816 *msg_out = tor_strdup(
"Failed to init Log options. See logs for details.");
1854 const char *badness = NULL;
1855 int bad_safelog = 0, bad_severity = 0, new_badness = 0;
1856 if (options->SafeLogging_ != SAFELOG_SCRUB_ALL) {
1866 if (bad_safelog && bad_severity)
1867 badness =
"you disabled SafeLogging, and "
1868 "you're logging more than \"notice\"";
1869 else if (bad_safelog)
1870 badness =
"you disabled SafeLogging";
1872 badness =
"you're logging more than \"notice\"";
1874 log_warn(
LD_GENERAL,
"Your log may contain sensitive information - %s. "
1875 "Don't log unless it serves an important reason. "
1876 "Overwrite the log afterwards.", badness);
1938 if (listener_transaction == NULL)
1958 if (log_transaction == NULL)
1987 int routerset_usage =
1996 if (routerset_usage && reason_out) {
1997 *reason_out =
"We've been configured to use (or avoid) nodes in certain "
1998 "countries, and we need GEOIP information to figure out which ones they "
2000 }
else if (bridge_usage && reason_out) {
2001 *reason_out =
"We've been configured to see which countries can access "
2002 "us as a bridge, and we need GEOIP information to tell which countries "
2005 return bridge_usage || routerset_usage;
2009#define YES_IF_CHANGED_BOOL(opt) \
2010 if (!CFG_EQ_BOOL(old_options, new_options, opt)) return 1;
2011#define YES_IF_CHANGED_INT(opt) \
2012 if (!CFG_EQ_INT(old_options, new_options, opt)) return 1;
2013#define YES_IF_CHANGED_STRING(opt) \
2014 if (!CFG_EQ_STRING(old_options, new_options, opt)) return 1;
2015#define YES_IF_CHANGED_LINELIST(opt) \
2016 if (!CFG_EQ_LINELIST(old_options, new_options, opt)) return 1;
2017#define YES_IF_CHANGED_SMARTLIST(opt) \
2018 if (!CFG_EQ_SMARTLIST(old_options, new_options, opt)) return 1;
2019#define YES_IF_CHANGED_ROUTERSET(opt) \
2020 if (!CFG_EQ_ROUTERSET(old_options, new_options, opt)) return 1;
2035 YES_IF_CHANGED_BOOL(UseEntryGuards);
2036 YES_IF_CHANGED_BOOL(UseBridges);
2037 YES_IF_CHANGED_BOOL(ClientUseIPv4);
2038 YES_IF_CHANGED_BOOL(ClientUseIPv6);
2039 YES_IF_CHANGED_BOOL(FascistFirewall);
2040 YES_IF_CHANGED_ROUTERSET(ExcludeNodes);
2041 YES_IF_CHANGED_ROUTERSET(EntryNodes);
2042 YES_IF_CHANGED_SMARTLIST(FirewallPorts);
2043 YES_IF_CHANGED_LINELIST(Bridges);
2044 YES_IF_CHANGED_LINELIST(ReachableORAddresses);
2045 YES_IF_CHANGED_LINELIST(ReachableDirAddresses);
2067 const int transition_affects_guards =
2077 static int disabled_debugger_attach = 0;
2080 static int warned_debugger_attach = 0;
2086 if (warned_debugger_attach && ok == 1) {
2087 log_notice(
LD_CONFIG,
"Disabled attaching debuggers for unprivileged "
2091 disabled_debugger_attach = (ok == 1);
2093 !warned_debugger_attach) {
2094 log_notice(
LD_CONFIG,
"Not disabling debugger attaching for "
2095 "unprivileged users.");
2096 warned_debugger_attach = 1;
2119 if (hs_service_non_anonymous_mode_enabled(options)) {
2120 log_warn(
LD_GENERAL,
"This copy of Tor was compiled or configured to run "
2121 "in a non-anonymous mode. It will provide NO ANONYMITY.");
2127 log_warn(
LD_BUG,
"Failed parsing previously validated outbound "
2128 "bind addresses: %s", msg);
2136 for (cl = options->
Bridges; cl; cl = cl->next) {
2141 "Previously validated Bridge line could not be added!");
2153 "Previously validated hidden services line could not be added!");
2160 log_warn(
LD_BUG,
"Previously validated client authorization for "
2161 "hidden services could not be added!");
2166 if (running_tor && !old_options &&
2168 const unsigned ctrl_flags =
2169 CC_LOCAL_FD_IS_OWNER |
2170 CC_LOCAL_FD_IS_AUTHENTICATED;
2173 log_warn(
LD_CONFIG,
"Could not add local controller connection with "
2196 "Previously validated ClientTransportPlugin line "
2197 "could not be added!");
2235 log_err(
LD_CONFIG,
"Unable to write PIDFile %s",
2249 log_warn(
LD_BUG,
"Error parsing already-validated policy options.");
2254 log_warn(
LD_CONFIG,
"Error creating control cookie authentication file.");
2262 log_warn(
LD_GENERAL,
"Error loading rendezvous service keys");
2280 char *http_authenticator;
2282 if (!http_authenticator) {
2284 log_warn(
LD_BUG,
"Unable to allocate HTTP authenticator. Not setting "
2290 http_authenticator, strlen(http_authenticator),
2311 int revise_trackexithosts = 0;
2312 int revise_automap_entries = 0;
2313 int abandon_circuits = 0;
2330 "Changed to using entry guards or bridges, or changed "
2331 "preferred or excluded node lists. "
2332 "Abandoning previous circuits.");
2333 abandon_circuits = 1;
2336 if (transition_affects_guards) {
2338 routerlist_drop_bridge_descriptors();
2340 abandon_circuits = 1;
2344 if (abandon_circuits) {
2347 revise_trackexithosts = 1;
2352 revise_trackexithosts = 1;
2354 if (revise_trackexithosts)
2359 revise_automap_entries = 1;
2363 revise_automap_entries = 1;
2368 revise_automap_entries = 1;
2371 if (revise_automap_entries)
2409 bool print_notice = 0;
2460static const struct {
2472 { .name=
"--torrc-file",
2475 { .name=
"--allow-missing-torrc" },
2476 { .name=
"--defaults-torrc",
2478 { .name=
"--hash-password",
2482 { .name=
"--dump-config",
2486 { .name=
"--list-fingerprint",
2491 { .name=
"--key-expiration",
2496 { .name=
"--newpass" },
2497 { .name=
"--no-passphrase" },
2498 { .name=
"--passphrase-fd",
2500 { .name=
"--verify-config",
2502 { .name=
"--ignore-missing-torrc" },
2507 { .name=
"--version",
2510 { .name=
"--list-modules",
2513 { .name=
"--library-versions",
2520 { .name=
"--list-torrc-options",
2523 { .name=
"--list-deprecated-options",
2525 { .name=
"--nt-service" },
2526 { .name=
"-nt-service" },
2527 { .name=
"--dbg-dump-subsystem-list",
2558 bool is_a_command =
false;
2567 is_a_command =
true;
2588 }
else if (*s ==
'/') {
2595 const int is_last = (i == argc-1);
2598 if (ignore_errors) {
2599 arg = tor_strdup(
"");
2601 log_warn(
LD_CONFIG,
"Command-line option '%s' with no value. Failing.",
2603 parsed_cmdline_free(result);
2608 (is_last || argv[i+1][0] ==
'-')) {
2609 arg = tor_strdup(
"");
2617 param->key = is_cmdline ? tor_strdup(argv[i]) :
2622 log_debug(
LD_CONFIG,
"command line: parsed keyword '%s', value '%s'",
2623 param->key, param->value);
2630 *new_cmdline = param;
2631 new_cmdline = &((*new_cmdline)->next);
2634 new = &((*new)->next);
2637 i += want_arg ? 2 : 1;
2693 list, flags, msg)) < 0) {
2694 or_options_free(trial_options);
2707"Copyright (c) 2001-2004, Roger Dingledine\n"
2708"Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n"
2709"Copyright (c) 2007-2021, The Tor Project, Inc.\n\n"
2710"tor -f <torrc> [args]\n"
2711"See man page for options, or https://www.torproject.org/ for "
2728 printf(
"%s\n", var->member.name);
2729 } SMARTLIST_FOREACH_END(var);
2730 smartlist_free(vars);
2741 printf(
"%s\n",
name));
2742 smartlist_free(deps);
2749 static const struct {
2753 {
"relay", have_module_relay() },
2754 {
"dirauth", have_module_dirauth() },
2755 {
"dircache", have_module_dircache() },
2756 {
"pow", have_module_pow() }
2759 for (
unsigned i = 0; i <
sizeof list /
sizeof list[0]; i++) {
2760 printf(
"%s: %s\n", list[i].
name, list[i].have ?
"yes" :
"no");
2769 printf(
"Library versions\tCompiled\t\tRuntime\n");
2770 printf(
"Libevent\t\t%-15s\t\t%s\n",
2773#ifdef ENABLE_OPENSSL
2774 printf(
"OpenSSL \t\t%-15s\t\t%s\n",
2775 crypto_openssl_get_header_version_str(),
2776 crypto_openssl_get_version_str());
2779 printf(
"NSS \t\t%-15s\t\t%s\n",
2780 crypto_nss_get_header_version_str(),
2781 crypto_nss_get_version_str());
2784 printf(
"Zlib \t\t%-15s\t\t%s\n",
2789 printf(
"Liblzma \t\t%-15s\t\t%s\n",
2794 printf(
"Libzstd \t\t%-15s\t\t%s\n",
2799 printf(
"%-7s \t\t%-15s\t\t%s\n",
2815 log_err(
LD_CONFIG,
"--no-passphrase specified without --keygen!");
2826 const char *formats[] = {
"iso8601",
"timestamp" };
2829 if (!strcmp(value, formats[i])) {
2843 log_err(
LD_CONFIG,
"--format specified without --key-expiration!");
2856 log_err(
LD_CONFIG,
"--newpass specified without --keygen!");
2865 if (
get_options()->keygen_force_passphrase == FORCE_PASSPHRASE_OFF) {
2866 log_err(
LD_CONFIG,
"--no-passphrase specified with --passphrase-fd!");
2869 log_err(
LD_CONFIG,
"--passphrase-fd specified without --keygen!");
2874 if (fd < 0 || ok == 0) {
2890 log_err(
LD_CONFIG,
"--master-key without --keygen!");
2901using_default_dir_authorities(
const or_options_t *options)
2925 log_err(
LD_BUG,
"Unable to set default options: %s", msg);
2927 tor_assert_unreached();
2929 config_free_lines(dflts);
2942 switch (how_to_dump) {
2943 case OPTIONS_DUMP_MINIMAL:
2947 case OPTIONS_DUMP_ALL:
2948 use_defaults = NULL;
2952 log_warn(
LD_BUG,
"Bogus value for how_to_dump==%d", how_to_dump);
2974 if (i < 1 || i > 65535) {
2989 if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
2994 if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
2997 ROUTER_MAX_DECLARED_BANDWIDTH);
3006#define MAX_CIRCS_AVAILABLE_TIME (24*60*60)
3010#define MIN_MAX_CIRCUIT_DIRTINESS 10
3014#define MAX_MAX_CIRCUIT_DIRTINESS (30*24*60*60)
3018#define MIN_CIRCUIT_STREAM_TIMEOUT 10
3025#define RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT (10)
3046 if (vs == VSTAT_TRANSITION_ERR) {
3047 rv = SETOPT_ERR_TRANSITION;
3049 }
else if (vs < 0) {
3050 rv = SETOPT_ERR_PARSE;
3056 rv = SETOPT_ERR_SETTING;
3064 tor_assert(new_options == NULL || rv != SETOPT_OK);
3065 or_options_free(new_options);
3069#ifdef TOR_UNIT_TESTS
3085 return vs < 0 ? -1 : 0;
3089#define REJECT(arg) \
3090 STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
3091#if defined(__GNUC__) && __GNUC__ <= 3
3092#define COMPLAIN(args...) \
3093 STMT_BEGIN log_warn(LD_CONFIG, args); STMT_END
3095#define COMPLAIN(args, ...) \
3096 STMT_BEGIN log_warn(LD_CONFIG, args, ##__VA_ARGS__); STMT_END
3109 const char *filepath)
3113 COMPLAIN(
"Path for %s (%s) is relative and will resolve to %s."
3114 " Is this what you wanted?", option, filepath, abs_path);
3138 const char *
name = cv->member.name;
3142 config_free_lines(line);
3143 } SMARTLIST_FOREACH_END(cv);
3144 smartlist_free(vars);
3147 hs_line = hs_line->next) {
3148 if (!strcasecmp(hs_line->key,
"HiddenServiceDir"))
3161options_validate_scheduler(
or_options_t *options,
char **msg)
3167 REJECT(
"Empty Schedulers list. Either remove the option so the defaults "
3168 "can be used or set at least one value.");
3178 if (!strcasecmp(
"KISTLite", type)) {
3179 sched_type = tor_malloc_zero(
sizeof(
int));
3180 *sched_type = SCHEDULER_KIST_LITE;
3182 }
else if (!strcasecmp(
"KIST", type)) {
3183 sched_type = tor_malloc_zero(
sizeof(
int));
3184 *sched_type = SCHEDULER_KIST;
3186 }
else if (!strcasecmp(
"Vanilla", type)) {
3187 sched_type = tor_malloc_zero(
sizeof(
int));
3188 *sched_type = SCHEDULER_VANILLA;
3191 tor_asprintf(msg,
"Unknown type %s in option Schedulers. "
3192 "Possible values are KIST, KISTLite and Vanilla.",
3196 } SMARTLIST_FOREACH_END(type);
3199 REJECT(
"KISTSockBufSizeFactor must be at least 0");
3205 tor_asprintf(msg,
"KISTSchedRunInterval must not be more than %d (ms)",
3206 KIST_SCHED_RUN_INTERVAL_MAX);
3218options_validate_single_onion(
or_options_t *options,
char **msg)
3222 !options->HiddenServiceNonAnonymousMode) {
3223 REJECT(
"HiddenServiceSingleHopMode does not provide any server anonymity. "
3224 "It must be used with HiddenServiceNonAnonymousMode set to 1.");
3226 if (options->HiddenServiceNonAnonymousMode &&
3228 REJECT(
"HiddenServiceNonAnonymousMode does not provide any server "
3229 "anonymity. It must be used with HiddenServiceSingleHopMode set to "
3238 const int client_port_set = (options->SocksPort_set ||
3239 options->TransPort_set ||
3240 options->NATDPort_set ||
3241 options->DNSPort_set ||
3242 options->HTTPTunnelPort_set);
3243 if (hs_service_non_anonymous_mode_enabled(options) && client_port_set) {
3244 REJECT(
"HiddenServiceNonAnonymousMode is incompatible with using Tor as "
3245 "an anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or "
3246 "revert HiddenServiceNonAnonymousMode to 0.");
3249 if (hs_service_allow_non_anonymous_connection(options)
3259 "HiddenServiceSingleHopMode is enabled; disabling "
3275 CHECK_OPTIONS_MAGIC(old_options_);
3276 CHECK_OPTIONS_MAGIC(options_);
3282 int world_writable_control_socket=0;
3288 &world_writable_control_socket) < 0)
3291#ifndef HAVE_SYS_UN_H
3293 *msg = tor_strdup(
"Unix domain sockets (ControlSocket) not supported "
3294 "on this OS/with this build.");
3299 *msg = tor_strdup(
"Setting ControlSocketsGroupWritable without setting "
3300 "a ControlSocket makes no sense.");
3319 REJECT(
"Invalid DataDirectory");
3324 REJECT(
"You have specified at least one relative path (see above) "
3325 "with the RunAsDaemon option. RunAsDaemon is not compatible "
3326 "with relative paths.");
3337 REJECT(
"Failed to validate Log options. See logs for details.");
3343 "SocksPort, TransPort, NATDPort, DNSPort, and ORPort are all "
3344 "undefined, and there aren't any hidden services configured. "
3345 "Tor will still run, but probably won't do anything.");
3348#ifdef USE_TRANSPARENT
3353#if !defined(OpenBSD) && !defined(DARWIN)
3355 REJECT(
"pf-divert is a OpenBSD-specific "
3356 "and OS X/Darwin-specific feature.");
3361#if !defined(__linux__)
3362 REJECT(
"TPROXY is a Linux-specific feature.");
3367#ifndef KERNEL_MAY_SUPPORT_IPFW
3369 REJECT(
"ipfw is a FreeBSD-specific "
3370 "and OS X/Darwin-specific feature.");
3375 REJECT(
"Unrecognized value for TransProxyType");
3379 !options->TransPort_set) {
3380 REJECT(
"Cannot use TransProxyType without any valid TransPort.");
3384 if (options->TransPort_set)
3385 REJECT(
"TransPort is disabled in this build.");
3390 REJECT(
"TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
3394 REJECT(
"Cannot set AssumeReachable 1 and AssumeReachableIPv6 0.");
3416 COMPLAIN(
"You have asked to exclude certain relays from all positions "
3417 "in your circuits. Expect hidden services and other Tor "
3418 "features to be broken in unpredictable ways.");
3425 REJECT(
"FetchDirInfoExtraEarly requires that you also set "
3426 "FetchDirInfoEarly");
3430 "ConnLimit must be greater than 0, but was set to %d",
3437 log_warn(
LD_CONFIG,
"PathsNeededToBuildCircuits is too low. Increasing "
3441 log_warn(
LD_CONFIG,
"PathsNeededToBuildCircuits is too high. Decreasing "
3450 "MaxClientCircuitsPending must be between 1 and %d, but "
3451 "was set to %d", MAX_MAX_CLIENT_CIRCUITS_PENDING,
3463 "RejectPlaintextPorts", msg) < 0)
3467 "WarnPlaintextPorts", msg) < 0)
3477 new_line->key = tor_strdup(
"ReachableAddresses");
3482 int p = atoi(portno);
3484 smartlist_add_asprintf(instead,
"*:%d", p);
3489 "Converting FascistFirewall and FirewallPorts "
3490 "config options to new format: \"ReachableAddresses %s\"",
3494 smartlist_free(instead);
3500 new_line->key = tor_strdup(
"ReachableDirAddresses");
3501 new_line->value = tor_strdup(
"*:80");
3503 log_notice(
LD_CONFIG,
"Converting FascistFirewall config option "
3504 "to new format: \"ReachableDirAddresses *:80\"");
3508 new_line->key = tor_strdup(
"ReachableORAddresses");
3509 new_line->value = tor_strdup(
"*:443");
3511 log_notice(
LD_CONFIG,
"Converting FascistFirewall config option "
3512 "to new format: \"ReachableORAddresses *:443\"");
3522 REJECT(
"Servers must be able to freely connect to the rest "
3523 "of the Internet, so they must not set Reachable*Addresses "
3524 "or FascistFirewall or FirewallPorts or ClientUseIPv4 0.");
3528 REJECT(
"Servers must be able to freely connect to the rest "
3529 "of the Internet, so they must not set UseBridges.");
3535 REJECT(
"You cannot set both UseBridges and EntryNodes.");
3540 REJECT(
"Setting UseBridges requires also setting UseEntryGuards.");
3543 compute_real_max_mem_in_queues(options->MaxMemInQueues_raw,
3549 options->SafeLogging_ = SAFELOG_SCRUB_NONE;
3550 }
else if (!strcasecmp(options->
SafeLogging,
"relay")) {
3551 options->SafeLogging_ = SAFELOG_SCRUB_RELAY;
3552 }
else if (!strcasecmp(options->
SafeLogging,
"1")) {
3553 options->SafeLogging_ = SAFELOG_SCRUB_ALL;
3556 "Unrecognized value '%s' in SafeLogging",
3561 options->ConfluxClientUX = CONFLUX_UX_HIGH_THROUGHPUT;
3564 options->ConfluxClientUX = CONFLUX_UX_MIN_LATENCY;
3566 options->ConfluxClientUX = CONFLUX_UX_HIGH_THROUGHPUT;
3568 options->ConfluxClientUX = CONFLUX_UX_LOW_MEM_LATENCY;
3570 options->ConfluxClientUX = CONFLUX_UX_LOW_MEM_THROUGHPUT;
3572 REJECT(
"ConfluxClientUX must be 'latency', 'throughput, "
3573 "'latency_lowmem', or 'throughput_lowmem'");
3583 if (options_validate_single_onion(options, msg) < 0)
3590 REJECT(
"CircuitsAvailableTimeout is too large. Max is 24 hours.");
3594 REJECT(
"If EntryNodes is set, UseEntryGuards must be enabled.");
3599 !hs_service_allow_non_anonymous_connection(options)) {
3601 "UseEntryGuards is disabled, but you have configured one or more "
3602 "hidden services on this Tor instance. Your hidden services "
3603 "will be very easy to locate using a well-known attack -- see "
3604 "https://freehaven.net/anonbib/#hs-attack06 for details.");
3609 REJECT(
"NumEntryGuards must not be greater than NumPrimaryGuards.");
3617 "You have one single EntryNodes and at least one hidden service "
3618 "configured. This is bad because it's very easy to locate your "
3619 "entry guard which can then lead to the deanonymization of your "
3620 "hidden service -- for more details, see "
3621 "https://bugs.torproject.org/tpo/core/tor/14917. "
3622 "For this reason, the use of one EntryNodes with an hidden "
3623 "service is prohibited until a better solution is found.");
3633 "EntryNodes is set with multiple entries and at least one "
3634 "hidden service is configured. Pinning entry nodes can possibly "
3635 "be harmful to the service anonymity. Because of this, we "
3636 "recommend you either don't do that or make sure you know what "
3637 "you are doing. For more details, please look at "
3638 "https://bugs.torproject.org/tpo/core/tor/21155.");
3642 if (hs_service_non_anonymous_mode_enabled(options)) {
3644 "HiddenServiceNonAnonymousMode is set. Every hidden service on "
3645 "this tor instance is NON-ANONYMOUS. If "
3646 "the HiddenServiceNonAnonymousMode option is changed, Tor will "
3647 "refuse to launch hidden services from the same directories, to "
3648 "protect your anonymity against config errors. This setting is "
3649 "for experimental use only.");
3655 "CircuitBuildTimeout is shorter (%d seconds) than the recommended "
3656 "minimum (%d seconds), and LearnCircuitBuildTimeout is disabled. "
3657 "If tor isn't working, raise this value or enable "
3658 "LearnCircuitBuildTimeout.",
3669 log_fn(severity,
LD_CONFIG,
"You disabled LearnCircuitBuildTimeout, but "
3670 "didn't specify a CircuitBuildTimeout. I'll pick a plausible "
3675 REJECT(
"DormantClientTimeout is too low. It must be at least 10 minutes.");
3678 if (options->PathBiasNoticeRate > 1.0) {
3680 "PathBiasNoticeRate is too high. "
3681 "It must be between 0 and 1.0");
3684 if (options->PathBiasWarnRate > 1.0) {
3686 "PathBiasWarnRate is too high. "
3687 "It must be between 0 and 1.0");
3690 if (options->PathBiasExtremeRate > 1.0) {
3692 "PathBiasExtremeRate is too high. "
3693 "It must be between 0 and 1.0");
3696 if (options->PathBiasNoticeUseRate > 1.0) {
3698 "PathBiasNoticeUseRate is too high. "
3699 "It must be between 0 and 1.0");
3702 if (options->PathBiasExtremeUseRate > 1.0) {
3704 "PathBiasExtremeUseRate is too high. "
3705 "It must be between 0 and 1.0");
3710 log_warn(
LD_CONFIG,
"MaxCircuitDirtiness option is too short; "
3716 log_warn(
LD_CONFIG,
"MaxCircuitDirtiness option is too high; "
3723 log_warn(
LD_CONFIG,
"CircuitStreamTimeout option is too short; "
3731 log_warn(
LD_CONFIG,
"HeartbeatPeriod option is too short; "
3737 REJECT(
"KeepalivePeriod option must be positive.");
3740 "BandwidthRate", msg) < 0)
3743 "BandwidthBurst", msg) < 0)
3750 REJECT(
"BandwidthBurst must be at least equal to BandwidthRate.");
3761 REJECT(
"HTTPProxy failed to parse or resolve. Please fix.");
3769 REJECT(
"HTTPProxyAuthenticator is too long (>= 512 chars).");
3775 REJECT(
"HTTPSProxy failed to parse or resolve. Please fix.");
3783 REJECT(
"HTTPSProxyAuthenticator is too long (>= 512 chars).");
3790 REJECT(
"Socks4Proxy failed to parse or resolve. Please fix.");
3800 REJECT(
"Socks5Proxy failed to parse or resolve. Please fix.");
3816 REJECT(
"You have configured more than one proxy type. "
3817 "(Socks4Proxy|Socks5Proxy|HTTPSProxy|TCPProxy)");
3824 log_warn(
LD_CONFIG,
"HTTPProxy configured, but no SOCKS proxy, "
3825 "HTTPS proxy, or any other TCP proxy configured. Watch out: "
3826 "this configuration will proxy unencrypted directory "
3827 "connections only.");
3835 REJECT(
"Socks5ProxyUsername must be between 1 and 255 characters.");
3838 REJECT(
"Socks5ProxyPassword must be included with Socks5ProxyUsername.");
3842 REJECT(
"Socks5ProxyPassword must be between 1 and 255 characters.");
3844 REJECT(
"Socks5ProxyPassword must be included with Socks5ProxyUsername.");
3849 REJECT(
"Bad HashedControlPassword: wrong length or bad encoding");
3860 REJECT(
"Bad HashedControlSessionPassword: wrong length or bad encoding");
3868 const char *validate_pspec_msg = NULL;
3870 &validate_pspec_msg)) {
3872 validate_pspec_msg);
3877 if ((options->ControlPort_set || world_writable_control_socket) &&
3881 log_warn(
LD_CONFIG,
"Control%s is %s, but no authentication method "
3882 "has been configured. This means that any program on your "
3883 "computer can reconfigure your Tor. That's bad! You should "
3884 "upgrade your Tor controller as soon as possible.",
3885 options->ControlPort_set ?
"Port" :
"Socket",
3886 options->ControlPort_set ?
"open" :
"world writable");
3890 log_warn(
LD_CONFIG,
"CookieAuthFileGroupReadable is set, but will have "
3891 "no effect: you must specify an explicit CookieAuthFile to "
3892 "have it group-readable.");
3909 log_info(
LD_CONFIG,
"You have set UseDefaultFallbackDirs 1 and "
3910 "FallbackDir(s). Ignoring UseDefaultFallbackDirs, and "
3911 "using the FallbackDir(s) you have set.");
3915 REJECT(
"Directory authority/fallback line did not parse. See logs "
3919 REJECT(
"If you set UseBridges, you must specify at least one bridge.");
3921 for (cl = options->
Bridges; cl; cl = cl->next) {
3924 REJECT(
"Bridge line did not parse. See logs for details.");
3925 bridge_line_free(bridge_line);
3930 REJECT(
"Invalid client transport line. See logs for details.");
3943 "ConstrainedSockSize is invalid. Must be a value between %d and %d "
3944 "in 1024 byte increments.",
3945 MIN_CONSTRAINED_TCP_BUFFER, MAX_CONSTRAINED_TCP_BUFFER);
3954 REJECT(
"Failed to configure rendezvous options. See logs for details.");
3958 REJECT(
"Failed to configure client authorization for hidden services. "
3959 "See logs for details.");
3965 AF_INET6, 1, msg)<0)
3972 REJECT(
"TestingTorNetwork may only be configured in combination with "
3973 "a non-default set of DirAuthority or both of "
3974 "AlternateDirAuthority and AlternateBridgeAuthority configured.");
3977#define CHECK_DEFAULT(arg) \
3979 if (!config_is_same(get_options_mgr(),options, \
3980 dflt_options,#arg)) { \
3981 or_options_free(dflt_options); \
3982 REJECT(#arg " may only be changed in testing Tor " \
3993 CHECK_DEFAULT(TestingV3AuthInitialVotingInterval);
3994 CHECK_DEFAULT(TestingV3AuthInitialVoteDelay);
3995 CHECK_DEFAULT(TestingV3AuthInitialDistDelay);
3996 CHECK_DEFAULT(TestingV3AuthVotingStartOffset);
3997 CHECK_DEFAULT(TestingAuthDirTimeToLearnReachability);
3998 CHECK_DEFAULT(TestingServerDownloadInitialDelay);
3999 CHECK_DEFAULT(TestingClientDownloadInitialDelay);
4000 CHECK_DEFAULT(TestingServerConsensusDownloadInitialDelay);
4001 CHECK_DEFAULT(TestingClientConsensusDownloadInitialDelay);
4002 CHECK_DEFAULT(TestingBridgeDownloadInitialDelay);
4003 CHECK_DEFAULT(TestingBridgeBootstrapDownloadInitialDelay);
4004 CHECK_DEFAULT(TestingClientMaxIntervalWithoutRequest);
4005 CHECK_DEFAULT(TestingDirConnectionMaxStall);
4006 CHECK_DEFAULT(TestingAuthKeyLifetime);
4007 CHECK_DEFAULT(TestingLinkCertLifetime);
4008 CHECK_DEFAULT(TestingSigningKeySlop);
4009 CHECK_DEFAULT(TestingAuthKeySlop);
4010 CHECK_DEFAULT(TestingLinkKeySlop);
4011 CHECK_DEFAULT(TestingMinTimeToReportBandwidth);
4012 or_options_free(dflt_options);
4019 REJECT(
"ClientDNSRejectInternalAddresses used for default network.");
4027 REJECT(
"TestingClientMaxIntervalWithoutRequest is way too low.");
4029 COMPLAIN(
"TestingClientMaxIntervalWithoutRequest is insanely high.");
4033 REJECT(
"TestingDirConnectionMaxStall is way too low.");
4035 COMPLAIN(
"TestingDirConnectionMaxStall is insanely high.");
4039 REJECT(
"ClientBootstrapConsensusMaxInProgressTries must be greater "
4043 COMPLAIN(
"ClientBootstrapConsensusMaxInProgressTries is insanely "
4049 REJECT(
"TestingEnableConnBwEvent may only be changed in testing "
4055 REJECT(
"TestingEnableCellStatsEvent may only be changed in testing "
4060 log_warn(
LD_CONFIG,
"TestingTorNetwork is set. This will make your node "
4061 "almost unusable in the public Tor network, and is "
4062 "therefore only advised if you are building a "
4063 "testing Tor network!");
4066 if (options_validate_scheduler(options, msg) < 0) {
4080compute_real_max_mem_in_queues(
const uint64_t val,
bool is_server)
4082#define MIN_SERVER_MB 64
4083#define MIN_UNWARNED_SERVER_MB 256
4084#define MIN_UNWARNED_CLIENT_MB 64
4088#define ONE_GIGABYTE (UINT64_C(1) << 30)
4089#define ONE_MEGABYTE (UINT64_C(1) << 20)
4092 static int notice_sent = 0;
4096#if SIZEOF_VOID_P >= 8
4098 result = 8 * ONE_GIGABYTE;
4101 result = ONE_GIGABYTE;
4107#if SIZEOF_SIZE_T > 4
4109#define RAM_IS_VERY_LARGE(x) ((x) >= (8 * ONE_GIGABYTE))
4112#define RAM_IS_VERY_LARGE(x) (0)
4115 if (RAM_IS_VERY_LARGE(ram)) {
4122 avail = (ram / 5) * 2;
4127 avail = (ram / 4) * 3;
4136 }
else if (avail < ONE_GIGABYTE / 4) {
4137 result = ONE_GIGABYTE / 4;
4142 if (is_server && ! notice_sent) {
4143 log_notice(
LD_CONFIG,
"%sMaxMemInQueues is set to %"PRIu64
" MB. "
4144 "You can override this by setting MaxMemInQueues by hand.",
4145 ram ?
"Based on detected system memory, " :
"",
4146 (result / ONE_MEGABYTE));
4150 }
else if (is_server && val < ONE_MEGABYTE * MIN_SERVER_MB) {
4152 log_warn(
LD_CONFIG,
"MaxMemInQueues must be at least %d MB on servers "
4153 "for now. Ideally, have it as large as you can afford.",
4155 return MIN_SERVER_MB * ONE_MEGABYTE;
4156 }
else if (is_server && val < ONE_MEGABYTE * MIN_UNWARNED_SERVER_MB) {
4159 log_warn(
LD_CONFIG,
"MaxMemInQueues is set to a low value; if your "
4160 "relay doesn't work, this may be the reason why.");
4162 }
else if (! is_server && val < ONE_MEGABYTE * MIN_UNWARNED_CLIENT_MB) {
4165 log_warn(
LD_CONFIG,
"MaxMemInQueues is set to a low value; if your "
4166 "client doesn't work, this may be the reason why.");
4185 const void *new_val_,
4188 CHECK_OPTIONS_MAGIC(old_);
4189 CHECK_OPTIONS_MAGIC(new_val_);
4197#define BAD_CHANGE_TO(opt, how) do { \
4198 *msg = tor_strdup("While Tor is running"how", changing " #opt \
4199 " is not allowed"); \
4204#define SB_NOCHANGE_STR(opt) \
4205 if (! CFG_EQ_STRING(old, new_val, opt)) \
4206 BAD_CHANGE_TO(opt," with Sandbox active")
4207#define SB_NOCHANGE_LINELIST(opt) \
4208 if (! CFG_EQ_LINELIST(old, new_val, opt)) \
4209 BAD_CHANGE_TO(opt," with Sandbox active")
4210#define SB_NOCHANGE_INT(opt) \
4211 if (! CFG_EQ_INT(old, new_val, opt)) \
4212 BAD_CHANGE_TO(opt," with Sandbox active")
4214 SB_NOCHANGE_LINELIST(Address);
4215 SB_NOCHANGE_STR(ServerDNSResolvConfFile);
4216 SB_NOCHANGE_STR(DirPortFrontPage);
4217 SB_NOCHANGE_STR(CookieAuthFile);
4218 SB_NOCHANGE_STR(ExtORPortCookieAuthFile);
4219 SB_NOCHANGE_LINELIST(Logs);
4220 SB_NOCHANGE_INT(ConnLimit);
4223 *msg = tor_strdup(
"Can't start/stop being a server while "
4224 "Sandbox is active");
4229#undef SB_NOCHANGE_LINELIST
4230#undef SB_NOCHANGE_STR
4231#undef SB_NOCHANGE_INT
4233#undef NO_CHANGE_BOOL
4235#undef NO_CHANGE_STRING
4243get_windows_conf_root(
void)
4245 static int is_set = 0;
4246 static char path[MAX_PATH*2+1];
4247 TCHAR tpath[MAX_PATH] = {0};
4259#ifdef ENABLE_LOCAL_APPDATA
4260#define APPDATA_PATH CSIDL_LOCAL_APPDATA
4262#define APPDATA_PATH CSIDL_APPDATA
4264 if (!SUCCEEDED(SHGetSpecialFolderLocation(NULL, APPDATA_PATH, &idl))) {
4265 getcwd(path,MAX_PATH);
4268 "I couldn't find your application data folder: are you "
4269 "running an ancient version of Windows 95? Defaulting to \"%s\"",
4274 result = SHGetPathFromIDList(idl, tpath);
4276 wcstombs(path,tpath,
sizeof(path));
4277 path[
sizeof(path)-1] =
'\0';
4279 strlcpy(path,tpath,
sizeof(path));
4286 m->lpVtbl->Free(m, idl);
4287 m->lpVtbl->Release(m);
4289 if (!SUCCEEDED(result)) {
4292 strlcat(path,
"\\tor",MAX_PATH);
4303#ifdef DISABLE_SYSTEM_TORRC
4304 (void) defaults_file;
4306#elif defined(_WIN32)
4307 if (defaults_file) {
4308 static char defaults_path[MAX_PATH+1];
4309 tor_snprintf(defaults_path, MAX_PATH,
"%s\\torrc-defaults",
4310 get_windows_conf_root());
4311 return defaults_path;
4313 static char path[MAX_PATH+1];
4315 get_windows_conf_root());
4319 return defaults_file ? CONFDIR
"/torrc-defaults" : CONFDIR
"/torrc";
4337 int *using_default_fname,
int *ignore_missing_torrc)
4341 const char *fname_opt = defaults_file ?
"--defaults-torrc" :
"-f";
4342 const char *fname_long_opt = defaults_file ?
"--defaults-torrc" :
4344 const char *ignore_opt = defaults_file ? NULL :
"--ignore-missing-torrc";
4345 const char *keygen_opt =
"--keygen";
4348 *ignore_missing_torrc = 1;
4350 for (p_index = cmd_arg; p_index; p_index = p_index->next) {
4352 if (!strcmp(p_index->key, fname_opt) ||
4353 !strcmp(p_index->key, fname_long_opt)) {
4355 log_warn(
LD_CONFIG,
"Duplicate %s options on command line.",
4368 *using_default_fname = 0;
4369 }
else if ((ignore_opt && !strcmp(p_index->key, ignore_opt)) ||
4370 (keygen_opt && !strcmp(p_index->key, keygen_opt))) {
4371 *ignore_missing_torrc = 1;
4375 if (*using_default_fname) {
4379 if (dflt && (st == FN_FILE || st == FN_EMPTY)) {
4380 fname = tor_strdup(dflt);
4384 if (!defaults_file) {
4389 if (hmst == FN_FILE || hmst == FN_EMPTY || dflt == NULL) {
4393 fname = tor_strdup(dflt);
4396 fname = dflt ? tor_strdup(dflt) : NULL;
4399 fname = dflt ? tor_strdup(dflt) : NULL;
4429 int using_default_torrc = 1;
4430 int ignore_missing_torrc = 0;
4433 if (*fname_var == NULL) {
4435 &using_default_torrc, &ignore_missing_torrc);
4441 log_debug(
LD_CONFIG,
"Opening config file \"%s\"", fname?fname:
"<NULL>");
4445 if (fname == NULL ||
4446 !(st == FN_FILE || st == FN_EMPTY) ||
4447 !(cf = read_file_to_str(fname,0,NULL))) {
4448 if (using_default_torrc == 1 || ignore_missing_torrc) {
4450 log_notice(
LD_CONFIG,
"Configuration file \"%s\" not present, "
4451 "using reasonable defaults.", fname);
4454 cf = tor_strdup(
"");
4457 "Unable to open configuration file \"%s\".", fname);
4461 log_notice(
LD_CONFIG,
"Read configuration file \"%s\".", fname);
4479 char *cf=NULL, *cf_defaults=NULL;
4518 printf(
"This build of Tor is covered by the GNU General Public License "
4519 "(https://www.gnu.org/licenses/gpl-3.0.en.html)\n");
4521 printf(
"Tor is running on %s with Libevent %s, "
4522 "%s %s, Zlib %s, Liblzma %s, Libzstd %s and %s %s as libc.\n",
4536 printf(
"Tor compiled with %s version %s\n",
4537 strcmp(COMPILER_VENDOR,
"gnu") == 0?
4538 COMPILER:COMPILER_VENDOR, COMPILER_VERSION);
4559 cf_defaults = tor_strdup(
"");
4560 cf = tor_strdup(
"");
4566 if (f_line && f_line_long) {
4567 log_err(
LD_CONFIG,
"-f and --torrc-file cannot be used together.");
4570 }
else if (f_line_long) {
4571 f_line = f_line_long;
4574 const int read_torrc_from_stdin =
4575 (f_line != NULL && strcmp(f_line->value,
"-") == 0);
4577 if (read_torrc_from_stdin) {
4585 cf = tor_strdup(
"");
4613 KEY_EXPIRATION_FORMAT_ISO8601;
4648 return retval < 0 ? -1 : 0;
4662 int command,
const char *command_arg,
4666 or_options_t *oldoptions, *newoptions, *newdefaultoptions=NULL;
4670 int cf_has_include = 0;
4679 newoptions->
command_arg = command_arg ? tor_strdup(command_arg) : NULL;
4682 for (
int i = 0; i < 2; ++i) {
4683 const char *body = i==0 ? cf_defaults : cf;
4689 body == cf ? &cf_has_include : NULL,
4692 err = SETOPT_ERR_PARSE;
4697 config_free_lines(cl);
4699 err = SETOPT_ERR_PARSE;
4706 if (newdefaultoptions == NULL) {
4721 err = SETOPT_ERR_PARSE;
4727 opened_files = NULL;
4753 smartlist_free(opened_files);
4755 or_options_free(newdefaultoptions);
4756 or_options_free(newoptions);
4758 char *old_msg = *msg;
4759 tor_asprintf(msg,
"Failed to parse/validate config: %s", old_msg);
4789 const char *from, *to, *msg;
4793 for (opt = options->
AddressMap; opt; opt = opt->next) {
4795 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
4796 if (smartlist_len(elts) < 2) {
4797 log_warn(
LD_CONFIG,
"MapAddress '%s' has too few arguments. Ignoring.",
4802 from = smartlist_get(elts,0);
4803 to = smartlist_get(elts,1);
4805 if (to[0] ==
'.' || from[0] ==
'.') {
4806 log_warn(
LD_CONFIG,
"MapAddress '%s' is ambiguous - address starts with a"
4807 "'.'. Ignoring.",opt->value);
4812 log_warn(
LD_CONFIG,
"MapAddress '%s' failed: %s. Ignoring.", opt->value,
4817 if (smartlist_len(elts) > 2)
4818 log_warn(
LD_CONFIG,
"Ignoring extra arguments to MapAddress.");
4824 smartlist_free(elts);
4836 int from_wildcard = 0, to_wildcard = 0;
4838 *msg =
"whoops, forgot the error message";
4840 if (!strcmp(to,
"*") || !strcmp(from,
"*")) {
4841 *msg =
"can't remap from or to *";
4845 if (!strncmp(from,
"*.",2)) {
4849 if (!strncmp(to,
"*.",2)) {
4854 if (to_wildcard && !from_wildcard) {
4855 *msg =
"can only use wildcard (i.e. '*.') if 'from' address "
4856 "uses wildcard also";
4861 *msg =
"destination is invalid";
4866 from_wildcard, to_wildcard, 0);
4876 const char *filename,
int truncate_log)
4878 int open_flags = O_WRONLY|O_CREAT;
4879 open_flags |= truncate_log ? O_TRUNC : O_APPEND;
4898 log_warn(
LD_CONFIG,
"Log time granularity '%d' has to be positive.",
4904 if (granularity < 40) {
4906 while (1000 % granularity != 0);
4907 }
else if (granularity < 1000) {
4908 granularity = 1000 / granularity;
4909 while (1000 % granularity != 0)
4911 granularity = 1000 / granularity;
4913 granularity = 1000 * ((granularity / 1000) + 1);
4915 log_warn(
LD_CONFIG,
"Log time granularity '%d' has to be either a "
4916 "divisor or a multiple of 1 second. Changing to "
4952 if (options->
Logs == NULL && !run_as_daemon && !validate_only) {
4958 for (opt = options->
Logs; opt; opt = opt->next) {
4960 const char *cfg = opt->value;
4963 log_warn(
LD_CONFIG,
"Couldn't parse log levels in Log option 'Log %s'",
4965 ok = 0;
goto cleanup;
4969 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
4971 if (smartlist_len(elts) == 0)
4974 if (smartlist_len(elts) == 1 &&
4975 (!strcasecmp(smartlist_get(elts,0),
"stdout") ||
4976 !strcasecmp(smartlist_get(elts,0),
"stderr"))) {
4977 int err = smartlist_len(elts) &&
4978 !strcasecmp(smartlist_get(elts,0),
"stderr");
4979 if (!validate_only) {
4980 if (run_as_daemon) {
4982 "Can't log to %s with RunAsDaemon set; skipping stdout",
4983 err?
"stderr":
"stdout");
4986 fileno(err?stderr:stdout));
4991 if (smartlist_len(elts) == 1) {
4992 if (!strcasecmp(smartlist_get(elts,0),
"syslog")) {
4994 if (!validate_only) {
4998 log_warn(
LD_CONFIG,
"Syslog is not supported on this system. Sorry.");
5005 if (!strcasecmp(smartlist_get(elts, 0),
"android")) {
5007 log_warn(
LD_CONFIG,
"The android logging API is no longer supported;"
5008 " adding a syslog instead. The 'android' logging "
5009 " type will no longer work in the future.");
5010 if (!validate_only) {
5014 log_warn(
LD_CONFIG,
"The android logging API is no longer supported.");
5020 if (smartlist_len(elts) == 2 &&
5021 !strcasecmp(smartlist_get(elts,0),
"file")) {
5022 if (!validate_only) {
5026 int truncate_log = 0;
5031 for (opt2 = old_options->
Logs; opt2; opt2 = opt2->next)
5032 if (!strcmp(opt->value, opt2->value)) {
5039 log_warn(
LD_CONFIG,
"Couldn't open file for 'Log %s': %s",
5040 opt->value, strerror(errno));
5048 log_warn(
LD_CONFIG,
"Bad syntax on file Log option 'Log %s'",
5050 ok = 0;
goto cleanup;
5057 smartlist_free(elts);
5059 if (ok && !validate_only)
5071 char *socks_string = NULL;
5072 size_t socks_string_len;
5079 log_warn(
LD_CONFIG,
"'%s' is not a k=v item.", s);
5082 } SMARTLIST_FOREACH_END(s);
5088 socks_string_len = strlen(socks_string);
5092 log_warn(
LD_CONFIG,
"SOCKS arguments can't be more than %u bytes (%lu).",
5094 (
unsigned long) socks_string_len);
5108 if (bridge_line->socks_args) {
5110 smartlist_free(bridge_line->socks_args);
5112 tor_free(bridge_line->transport_name);
5132 char *addrport=NULL, *fingerprint=NULL;
5138 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5139 if (smartlist_len(items) < 1) {
5140 log_warn(
LD_CONFIG,
"Too few arguments to Bridge line.");
5145 field = smartlist_get(items, 0);
5150 bridge_line->transport_name = field;
5151 if (smartlist_len(items) < 1) {
5152 log_warn(
LD_CONFIG,
"Too few items to Bridge line.");
5155 addrport = smartlist_get(items, 0);
5162 &bridge_line->addr, &bridge_line->port, 443)<0) {
5163 log_warn(
LD_CONFIG,
"Error parsing Bridge address '%s'", addrport);
5170 if (smartlist_len(items)) {
5171 if (bridge_line->transport_name) {
5172 field = smartlist_get(items, 0);
5181 fingerprint = field;
5192 log_warn(
LD_CONFIG,
"Key digest for Bridge is wrong length.");
5197 log_warn(
LD_CONFIG,
"Unable to decode Bridge key digest.");
5204 if (bridge_line->transport_name && smartlist_len(items)) {
5205 if (!bridge_line->socks_args)
5212 tor_assert(smartlist_len(bridge_line->socks_args) > 0);
5215 if (bridge_line->socks_args) {
5223 bridge_line_free(bridge_line);
5228 smartlist_free(items);
5255 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
5258 if (smartlist_len(sl) < 2) {
5259 *msg = tor_strdup(
"TCPProxy has no address/port. Please fix.");
5263 char *protocol_string = smartlist_get(sl, 0);
5264 char *addrport_string = smartlist_get(sl, 1);
5267 if (strcasecmp(protocol_string,
"haproxy")) {
5268 *msg = tor_strdup(
"TCPProxy protocol is not supported. Currently "
5269 "the only supported protocol is 'haproxy'. "
5280 *msg = tor_strdup(
"TCPProxy address/port failed to parse or resolve. "
5309 const char *line,
int validate_only,
5315 const char *transports = NULL;
5318 char *addrport = NULL;
5321 int socks_ver = PROXY_NONE;
5325 char **proxy_argv = NULL;
5328 int is_useless_proxy = 1;
5335 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5336 line_length = smartlist_len(items);
5338 if (line_length < 3) {
5340 "Too few arguments on %sTransportPlugin line.",
5341 server ?
"Server" :
"Client");
5348 transports = smartlist_get(items, 0);
5351 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
5355 log_warn(
LD_CONFIG,
"Transport name is not a C identifier (%s).",
5362 is_useless_proxy = 0;
5363 } SMARTLIST_FOREACH_END(transport_name);
5365 type = smartlist_get(items, 1);
5366 if (!strcmp(type,
"exec")) {
5368 }
else if (server && !strcmp(type,
"proxy")) {
5371 }
else if (!server && !strcmp(type,
"socks4")) {
5374 socks_ver = PROXY_SOCKS4;
5375 }
else if (!server && !strcmp(type,
"socks5")) {
5378 socks_ver = PROXY_SOCKS5;
5381 "Strange %sTransportPlugin type '%s'",
5382 server ?
"Server" :
"Client", type);
5386 if (is_managed && options->
Sandbox) {
5388 "Managed proxies are not compatible with Sandbox mode."
5389 "(%sTransportPlugin line was %s)",
5390 server ?
"Server" :
"Client",
escaped(line));
5394 if (is_managed && options->
NoExec) {
5396 "Managed proxies are not compatible with NoExec mode; ignoring."
5397 "(%sTransportPlugin line was %s)",
5398 server ?
"Server" :
"Client",
escaped(line));
5406 if (!server && !validate_only && is_useless_proxy) {
5408 "Pluggable transport proxy (%s) does not provide "
5409 "any needed transports and will not be launched.",
5419 if (!validate_only && (server || !is_useless_proxy)) {
5420 proxy_argc = line_length - 2;
5422 proxy_argv = tor_calloc((proxy_argc + 1),
sizeof(
char *));
5425 for (i = 0; i < proxy_argc; i++) {
5427 *tmp++ = smartlist_get(items, 2);
5445 log_warn(
LD_CONFIG,
"You have configured an external proxy with another "
5446 "proxy type. (Socks4Proxy|Socks5Proxy|HTTPSProxy|"
5453 "You can't have an external proxy with more than "
5458 addrport = smartlist_get(items, 2);
5462 "Error parsing transport address '%s'", addrport);
5468 "Transport address '%s' has no port.", addrport);
5472 if (!validate_only) {
5473 log_info(
LD_DIR,
"%s '%s' at %s.",
5474 server ?
"Server transport" :
"Transport",
5493 smartlist_free(items);
5535 const char *eq = strchr(flag,
'=');
5537 const char *target = eq + 1;
5541 log_warn(
LD_CONFIG,
"Unsupported URL scheme in authority flag %s", flag);
5544 const char *addr = target + strlen(
"http://");
5546 const char *eos = strchr(addr,
'/');
5548 if (eos && strcmp(eos,
"/")) {
5549 log_warn(
LD_CONFIG,
"Unsupported URL prefix in authority flag %s", flag);
5552 addr_len = eos - addr;
5554 addr_len = strlen(addr);
5558 char *addr_string = tor_strndup(addr, addr_len);
5560 memset(&dirport, 0,
sizeof(dirport));
5562 &dirport.addr, &dirport.port, -1);
5563 if (ds != NULL && rv == 0) {
5565 }
else if (rv == -1) {
5566 log_warn(
LD_CONFIG,
"Unable to parse address in authority flag %s",flag);
5586 char *addrport=NULL, *address=NULL, *nickname=NULL, *fingerprint=NULL;
5588 uint16_t dir_port = 0, or_port = 0;
5592 double weight = 1.0;
5595 memset(v3_digest, 0,
sizeof(v3_digest));
5599 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5600 if (smartlist_len(items) < 1) {
5601 log_warn(
LD_CONFIG,
"No arguments on DirAuthority line.");
5606 nickname = smartlist_get(items, 0);
5610 while (smartlist_len(items)) {
5611 char *flag = smartlist_get(items, 0);
5612 if (TOR_ISDIGIT(flag[0]))
5614 if (!strcasecmp(flag,
"hs") ||
5615 !strcasecmp(flag,
"no-hs")) {
5616 log_warn(
LD_CONFIG,
"The DirAuthority options 'hs' and 'no-hs' are "
5617 "obsolete; you don't need them any more.");
5618 }
else if (!strcasecmp(flag,
"bridge")) {
5620 }
else if (!strcasecmp(flag,
"no-v2")) {
5625 char *portstring = flag + strlen(
"orport=");
5626 or_port = (uint16_t)
tor_parse_long(portstring, 10, 1, 65535, &ok, NULL);
5628 log_warn(
LD_CONFIG,
"Invalid orport '%s' on DirAuthority line.",
5632 const char *wstring = flag + strlen(
"weight=");
5635 log_warn(
LD_CONFIG,
"Invalid weight '%s' on DirAuthority line.",flag);
5639 char *idstr = flag + strlen(
"v3ident=");
5643 log_warn(
LD_CONFIG,
"Bad v3 identity digest '%s' on DirAuthority line",
5649 if (ipv6_addrport_ptr) {
5650 log_warn(
LD_CONFIG,
"Redundant ipv6 addr/port on DirAuthority line");
5653 &ipv6_addrport.addr, &ipv6_addrport.port,
5656 log_warn(
LD_CONFIG,
"Bad ipv6 addr/port %s on DirAuthority line",
5660 ipv6_addrport_ptr = &ipv6_addrport;
5669 log_warn(
LD_CONFIG,
"Unrecognized flag '%s' on DirAuthority line",
5676 if (smartlist_len(items) < 2) {
5677 log_warn(
LD_CONFIG,
"Too few arguments to DirAuthority line.");
5680 addrport = smartlist_get(items, 0);
5684 log_warn(
LD_CONFIG,
"Error parsing DirAuthority address '%s'.", addrport);
5689 log_warn(
LD_CONFIG,
"Error parsing DirAuthority address '%s' "
5690 "(invalid IPv4 address)", address);
5695 log_warn(
LD_CONFIG,
"Missing port in DirAuthority address '%s'",addrport);
5701 log_warn(
LD_CONFIG,
"Key digest '%s' for DirAuthority is wrong length %d.",
5702 fingerprint, (
int)strlen(fingerprint));
5707 log_warn(
LD_CONFIG,
"Unable to decode DirAuthority key digest.");
5711 if (validate_only) {
5715 } SMARTLIST_FOREACH_END(cp);
5718 if (!validate_only && (!required_type || required_type & type)) {
5721 type &= required_type;
5723 log_debug(
LD_DIR,
"Trusted %d dirserver at %s:%d (%s)", (
int)type,
5724 address, (
int)dir_port, (
char*)smartlist_get(items,0));
5727 digest, v3_digest, type, weight)))
5733 } SMARTLIST_FOREACH_END(cp);
5745 smartlist_free(extra_dirports);
5747 smartlist_free(items);
5774 memset(
id, 0,
sizeof(
id));
5776 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5778 const char *eq = strchr(cp,
'=');
5786 1, 65535, &ok, NULL);
5791 if (ipv6_addrport_ptr) {
5792 log_warn(
LD_CONFIG,
"Redundant ipv6 addr/port on FallbackDir line");
5795 &ipv6_addrport.addr, &ipv6_addrport.port,
5798 log_warn(
LD_CONFIG,
"Bad ipv6 addr/port %s on FallbackDir line",
5802 ipv6_addrport_ptr = &ipv6_addrport;
5806 const char *wstring = cp + strlen(
"weight=");
5809 log_warn(
LD_CONFIG,
"Invalid weight '%s' on FallbackDir line.", cp);
5818 } SMARTLIST_FOREACH_END(cp);
5820 if (smartlist_len(positional) != 1) {
5826 log_warn(
LD_CONFIG,
"Missing identity on FallbackDir line");
5831 log_warn(
LD_CONFIG,
"Missing orport on FallbackDir line");
5836 &address, &dirport) < 0 ||
5838 log_warn(
LD_CONFIG,
"Couldn't parse address:port %s on FallbackDir line",
5839 (
const char*)smartlist_get(positional, 0));
5843 if (!validate_only) {
5858 smartlist_free(items);
5859 smartlist_free(positional);
5900 const char *portname,
5901 const int listener_type)
5904 if (port->type != listener_type)
5906 if (port->is_unix_addr) {
5908 }
else if (!tor_addr_is_internal(&port->addr, 1)) {
5909 log_warn(
LD_CONFIG,
"You specified a public address '%s' for %sPort. "
5910 "Other people on the Internet might find your computer and "
5911 "use it as an open proxy. Please don't allow this unless you "
5912 "have a good reason.",
5915 log_notice(
LD_CONFIG,
"You configured a non-loopback address '%s' "
5916 "for %sPort. This allows everybody on your local network to "
5917 "use your machine as a proxy. Make sure this is what you "
5921 } SMARTLIST_FOREACH_END(port);
5935 if (port->is_unix_addr)
5938 if (forbid_nonlocal) {
5941 "You have a ControlPort set to accept "
5942 "unauthenticated connections from a non-local address. "
5943 "This means that programs not running on your computer "
5944 "can reconfigure your Tor, without even having to guess a "
5945 "password. That's so bad that I'm closing your ControlPort "
5946 "for you. If you need to control your Tor remotely, try "
5947 "enabling authentication and using a tool like stunnel or "
5948 "ssh to encrypt remote access.");
5950 port_cfg_free(port);
5953 log_warn(
LD_CONFIG,
"You have a ControlPort set to accept "
5954 "connections from a non-local address. This means that "
5955 "programs not running on your computer can reconfigure your "
5956 "Tor. That's pretty bad, since the controller "
5957 "protocol isn't encrypted! Maybe you should just listen on "
5958 "127.0.0.1 and use a tool like stunnel or ssh to encrypt "
5959 "remote connections to your control port.");
5963 } SMARTLIST_FOREACH_END(port);
5978 char **addrport_out,
5980 const char **rest_out)
5993 *addrport_out = NULL;
5994 line += strlen(unix_socket_prefix);
5996 if (!*rest_out || (*addrport_out && sz != strlen(*addrport_out))) {
6005 line += strlen(unix_socket_prefix);
6013 end = strchr(line,
'\0');
6016 *addrport_out = tor_strndup(line, end - line);
6023warn_client_dns_cache(
const char *option,
int disabling)
6029 "Client-side DNS caching enables a wide variety of route-"
6030 "capture attacks. If a single bad exit node lies to you about "
6031 "an IP address, caching that address would make you visit "
6032 "an address of the attacker's choice every time you connected "
6033 "to your destination.");
6069 const char *portname,
6071 const char *defaultaddr,
6073 const unsigned flags)
6079 const unsigned allow_no_stream_options = flags & CL_PORT_NO_STREAM_OPTIONS;
6080 const unsigned use_server_options = flags & CL_PORT_SERVER_OPTIONS;
6081 const unsigned warn_nonlocal = flags & CL_PORT_WARN_NONLOCAL;
6082 const unsigned forbid_nonlocal = flags & CL_PORT_FORBID_NONLOCAL;
6083 const unsigned default_to_group_writable =
6084 flags & CL_PORT_DFLT_GROUP_WRITABLE;
6085 const unsigned takes_hostnames = flags & CL_PORT_TAKES_HOSTNAMES;
6086 const unsigned is_unix_socket = flags & CL_PORT_IS_UNIXSOCKET;
6087 int got_zero_port=0, got_nonzero_port=0;
6088 char *unix_socket_path = NULL;
6090 bool addr_is_explicit =
false;
6101 if (defaultport && defaultaddr && out) {
6102 cfg =
port_cfg_new(is_unix_socket ? strlen(defaultaddr) : 0);
6103 cfg->
type = listener_type;
6104 if (is_unix_socket) {
6106 memcpy(cfg->
unix_addr, defaultaddr, strlen(defaultaddr) + 1);
6109 cfg->
port = defaultport;
6120 char *addrport = NULL;
6122 for (; ports; ports = ports->next) {
6126 has_used_unix_socket_only_option = 0,
6127 is_unix_tagged_addr = 0;
6129 const char *rest_of_line = NULL;
6132 &addrport, &is_unix_tagged_addr, &rest_of_line)<0) {
6133 log_warn(
LD_CONFIG,
"Invalid %sPort line with unparsable address",
6137 if (strlen(addrport) == 0) {
6138 log_warn(
LD_CONFIG,
"Invalid %sPort line with no address", portname);
6144 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
6147 if (is_unix_tagged_addr) {
6148#ifndef HAVE_SYS_UN_H
6149 log_warn(
LD_CONFIG,
"Unix sockets not supported on this system.");
6152 unix_socket_path = addrport;
6156 if (unix_socket_path &&
6158 log_warn(
LD_CONFIG,
"%sPort does not support unix sockets", portname);
6162 if (unix_socket_path) {
6164 }
else if (is_unix_socket) {
6167 unix_socket_path = tor_strdup(addrport);
6168 if (!strcmp(addrport,
"0"))
6172 }
else if (!strcasecmp(addrport,
"auto")) {
6176 char *addrtmp = tor_strndup(addrport, strlen(addrport)-5);
6179 log_warn(
LD_CONFIG,
"Invalid address '%s' for %sPort",
6191 addr_is_explicit =
false;
6194 log_warn(
LD_CONFIG,
"%sPort line has address but no port", portname);
6198 addr_is_explicit =
true;
6200 log_warn(
LD_CONFIG,
"Couldn't parse address %s for %sPort",
6207 cfg =
port_cfg_new(unix_socket_path ? strlen(unix_socket_path) : 0);
6209 cfg->explicit_addr = addr_is_explicit;
6210 if (unix_socket_path && default_to_group_writable)
6211 cfg->is_group_writable = 1;
6214 if (use_server_options) {
6217 if (!strcasecmp(elt,
"NoAdvertise")) {
6218 cfg->server_cfg.no_advertise = 1;
6219 }
else if (!strcasecmp(elt,
"NoListen")) {
6220 cfg->server_cfg.no_listen = 1;
6223 }
else if (!strcasecmp(elt,
"AllAddrs")) {
6227 }
else if (!strcasecmp(elt,
"IPv4Only")) {
6228 cfg->server_cfg.bind_ipv4_only = 1;
6229 }
else if (!strcasecmp(elt,
"IPv6Only")) {
6230 cfg->server_cfg.bind_ipv6_only = 1;
6232 log_warn(
LD_CONFIG,
"Unrecognized %sPort option '%s'",
6235 } SMARTLIST_FOREACH_END(elt);
6237 if (cfg->server_cfg.no_advertise && cfg->server_cfg.no_listen) {
6238 log_warn(
LD_CONFIG,
"Tried to set both NoListen and NoAdvertise "
6239 "on %sPort line '%s'",
6240 portname,
escaped(ports->value));
6243 if (cfg->server_cfg.bind_ipv4_only &&
6244 cfg->server_cfg.bind_ipv6_only) {
6245 log_warn(
LD_CONFIG,
"Tried to set both IPv4Only and IPv6Only "
6246 "on %sPort line '%s'",
6247 portname,
escaped(ports->value));
6250 if (cfg->server_cfg.bind_ipv4_only &&
6252 if (cfg->explicit_addr) {
6253 log_warn(
LD_CONFIG,
"Could not interpret %sPort address as IPv4",
6261 if (cfg->server_cfg.bind_ipv6_only &&
6263 if (cfg->explicit_addr) {
6264 log_warn(
LD_CONFIG,
"Could not interpret %sPort address as IPv6",
6275 int no = 0, isoflag = 0;
6276 const char *elt_orig = elt;
6280 10, 0, INT_MAX, &ok, NULL);
6281 if (!ok || allow_no_stream_options) {
6282 log_warn(
LD_CONFIG,
"Invalid %sPort option '%s'",
6287 log_warn(
LD_CONFIG,
"Multiple SessionGroup options on %sPort",
6300 if (!strcasecmp(elt,
"GroupWritable")) {
6301 cfg->is_group_writable = !no;
6302 has_used_unix_socket_only_option = 1;
6304 }
else if (!strcasecmp(elt,
"WorldWritable")) {
6305 cfg->is_world_writable = !no;
6306 has_used_unix_socket_only_option = 1;
6308 }
else if (!strcasecmp(elt,
"RelaxDirModeCheck")) {
6309 cfg->relax_dirmode_check = !no;
6310 has_used_unix_socket_only_option = 1;
6314 if (allow_no_stream_options) {
6315 log_warn(
LD_CONFIG,
"Unrecognized %sPort option '%s'",
6320 if (takes_hostnames) {
6321 if (!strcasecmp(elt,
"IPv4Traffic")) {
6324 }
else if (!strcasecmp(elt,
"IPv6Traffic")) {
6327 }
else if (!strcasecmp(elt,
"PreferIPv6")) {
6330 }
else if (!strcasecmp(elt,
"DNSRequest")) {
6333 }
else if (!strcasecmp(elt,
"OnionTraffic")) {
6336 }
else if (!strcasecmp(elt,
"OnionTrafficOnly")) {
6341 log_warn(
LD_CONFIG,
"Unsupported %sPort option 'No%s'. Use "
6342 "DNSRequest, IPv4Traffic, and/or IPv6Traffic instead.",
6352 if (!strcasecmp(elt,
"CacheIPv4DNS")) {
6353 warn_client_dns_cache(elt, no);
6356 }
else if (!strcasecmp(elt,
"CacheIPv6DNS")) {
6357 warn_client_dns_cache(elt, no);
6358 cfg->
entry_cfg.cache_ipv6_answers = ! no;
6360 }
else if (!strcasecmp(elt,
"CacheDNS")) {
6361 warn_client_dns_cache(elt, no);
6363 cfg->
entry_cfg.cache_ipv6_answers = ! no;
6365 }
else if (!strcasecmp(elt,
"UseIPv4Cache")) {
6366 warn_client_dns_cache(elt, no);
6369 }
else if (!strcasecmp(elt,
"UseIPv6Cache")) {
6370 warn_client_dns_cache(elt, no);
6371 cfg->
entry_cfg.use_cached_ipv6_answers = ! no;
6373 }
else if (!strcasecmp(elt,
"UseDNSCache")) {
6374 warn_client_dns_cache(elt, no);
6376 cfg->
entry_cfg.use_cached_ipv6_answers = ! no;
6378 }
else if (!strcasecmp(elt,
"PreferIPv6Automap")) {
6381 }
else if (!strcasecmp(elt,
"PreferSOCKSNoAuth")) {
6384 }
else if (!strcasecmp(elt,
"KeepAliveIsolateSOCKSAuth")) {
6387 }
else if (!strcasecmp(elt,
"ExtendedErrors")) {
6393 elt[strlen(elt)-1] =
'\0';
6395 if (!strcasecmp(elt,
"IsolateDestPort")) {
6397 }
else if (!strcasecmp(elt,
"IsolateDestAddr")) {
6399 }
else if (!strcasecmp(elt,
"IsolateSOCKSAuth")) {
6401 }
else if (!strcasecmp(elt,
"IsolateClientProtocol")) {
6403 }
else if (!strcasecmp(elt,
"IsolateClientAddr")) {
6406 log_warn(
LD_CONFIG,
"Unrecognized %sPort option '%s'",
6415 } SMARTLIST_FOREACH_END(elt);
6419 got_nonzero_port = 1;
6425 log_warn(
LD_CONFIG,
"You have a %sPort entry with DNS disabled; that "
6426 "won't work.", portname);
6433 log_warn(
LD_CONFIG,
"You have a %sPort entry with all of IPv4 and "
6434 "IPv6 and .onion disabled; that won't work.", portname);
6441 log_warn(
LD_CONFIG,
"You have a %sPort entry with DNSRequest enabled, "
6442 "but IPv4 and IPv6 disabled; DNS-based sites won't work.",
6446 if (has_used_unix_socket_only_option && !unix_socket_path) {
6447 log_warn(
LD_CONFIG,
"You have a %sPort entry with GroupWritable, "
6448 "WorldWritable, or RelaxDirModeCheck, but it is not a "
6449 "unix socket.", portname);
6454 log_warn(
LD_CONFIG,
"You have a %sPort entry with both "
6455 "NoIsolateSOCKSAuth and KeepAliveIsolateSOCKSAuth set.",
6459 if (unix_socket_path &&
6467 size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0;
6468 if (unix_socket_path) {
6470 memcpy(cfg->
unix_addr, unix_socket_path, namelen + 1);
6477 cfg->
type = listener_type;
6493 if (warn_nonlocal && out) {
6496 else if (is_ext_orport)
6502 if (got_zero_port && got_nonzero_port) {
6503 log_warn(
LD_CONFIG,
"You specified a nonzero %sPort along with '%sPort 0' "
6504 "in the same configuration. Did you mean to disable %sPort or "
6505 "not?", portname, portname, portname);
6523 smartlist_free(elts);
6539 if (port->server_cfg.no_listen)
6541 if (!count_sockets && port->is_unix_addr)
6543 if (port->type != listenertype)
6546 } SMARTLIST_FOREACH_END(port);
6560 char **msg,
int *n_ports_out,
6561 int *world_writable_control_socket)
6571 CL_PORT_DFLT_GROUP_WRITABLE : 0;
6576 ((validate_only ? 0 : CL_PORT_WARN_NONLOCAL)
6577 | CL_PORT_TAKES_HOSTNAMES | gw_flag)) < 0) {
6578 *msg = tor_strdup(
"Invalid SocksPort configuration");
6585 CL_PORT_WARN_NONLOCAL|CL_PORT_TAKES_HOSTNAMES) < 0) {
6586 *msg = tor_strdup(
"Invalid DNSPort configuration");
6593 CL_PORT_WARN_NONLOCAL) < 0) {
6594 *msg = tor_strdup(
"Invalid TransPort configuration");
6601 CL_PORT_WARN_NONLOCAL) < 0) {
6602 *msg = tor_strdup(
"Invalid NatdPort configuration");
6609 ((validate_only ? 0 : CL_PORT_WARN_NONLOCAL)
6610 | CL_PORT_TAKES_HOSTNAMES | gw_flag)) < 0) {
6611 *msg = tor_strdup(
"Invalid HTTPTunnelPort configuration");
6619 unsigned control_port_flags = CL_PORT_NO_STREAM_OPTIONS |
6620 CL_PORT_WARN_NONLOCAL;
6624 if (! any_passwords)
6625 control_port_flags |= CL_PORT_FORBID_NONLOCAL;
6627 control_port_flags |= CL_PORT_DFLT_GROUP_WRITABLE;
6633 control_port_flags) < 0) {
6634 *msg = tor_strdup(
"Invalid ControlPort configuration");
6641 control_port_flags | CL_PORT_IS_UNIXSOCKET) < 0) {
6642 *msg = tor_strdup(
"Invalid ControlSocket configuration");
6650 *n_ports_out = smartlist_len(ports);
6657 options->SocksPort_set =
6659 options->TransPort_set =
6661 options->NATDPort_set =
6663 options->HTTPTunnelPort_set =
6666 options->ControlPort_set =
6668 options->DNSPort_set =
6671 if (world_writable_control_socket) {
6675 p->is_world_writable) {
6676 *world_writable_control_socket = 1;
6681 if (!validate_only) {
6694 smartlist_free(ports);
6705 && !port->server_cfg.bind_ipv6_only);
6714 && !port->server_cfg.bind_ipv4_only);
6739 static const char *ipv4_localhost =
"127.0.0.1";
6740 static const char *ipv6_localhost =
"[::1]";
6741 const char *address;
6743 char *
string = NULL;
6749 if (cfg->server_cfg.no_listen)
6752 if (cfg->type == listener_type &&
6761 address =
tor_addr_is_v4(&cfg->addr) ? ipv4_localhost : ipv6_localhost;
6782 } SMARTLIST_FOREACH_END(cfg);
6793 const port_cfg_t *first_port_explicit_addr = NULL;
6795 if (address_family == AF_UNSPEC)
6800 if (cfg->type == listener_type && !cfg->server_cfg.no_advertise) {
6801 if ((address_family == AF_INET && port_binds_ipv4(cfg)) ||
6802 (address_family == AF_INET6 && port_binds_ipv6(cfg))) {
6803 if (cfg->explicit_addr && !first_port_explicit_addr) {
6804 first_port_explicit_addr = cfg;
6805 }
else if (!first_port) {
6810 } SMARTLIST_FOREACH_END(cfg);
6813 return (first_port_explicit_addr) ? first_port_explicit_addr : first_port;
6825 return cfg ? cfg->
port : 0;
6837 return cfg ? &cfg->
addr : NULL;
6848 int port,
int check_wildcard)
6853 if (cfg->type == listener_type) {
6854 if (cfg->port == port || (check_wildcard && port == -1)) {
6860 if (!check_wildcard) {
6864 const int cfg_v4 = port_binds_ipv4(cfg);
6869 if ((cfg_any_v4 && addr_v4) || (cfg_v4 && addr_any_v4)) {
6873 const int cfg_v6 = port_binds_ipv6(cfg);
6878 if ((cfg_any_v6 && addr_v6) || (cfg_v6 && addr_any_v6)) {
6883 } SMARTLIST_FOREACH_END(cfg);
6890port_exists_by_type_addr32h_port(
int listener_type, uint32_t addr_ipv4h,
6891 int port,
int check_wildcard)
6906 return tor_strdup(val);
6908 return tor_strdup(get_windows_conf_root());
6910#elif defined(__ANDROID__)
6915 return tor_strdup(val);
6917 return tor_strdup(
"/data/local/tmp");
6920 const char *d = val;
6927 log_warn(
LD_CONFIG,
"Failed to expand filename \"%s\".", d);
6930 if (!val && !strcmp(fn,
"/.tor")) {
6935 "Default DataDirectory is \"~/.tor\". This expands to "
6936 "\"%s\", which is probably not what you want. Using "
6937 "\"%s"PATH_SEPARATOR
"tor\" instead", fn, LOCALSTATEDIR);
6939 fn = tor_strdup(LOCALSTATEDIR PATH_SEPARATOR
"tor");
6943 return tor_strdup(d);
6957 log_warn(
LD_CONFIG,
"DataDirectory is too long.");
6988#define GENERATED_FILE_PREFIX "# This file was generated by Tor; " \
6989 "if you edit it, comments will not be preserved"
6992#define GENERATED_FILE_COMMENT "# The old torrc file was renamed " \
6993 "to torrc.orig.1, and Tor will ignore it"
7002 char *old_val=NULL, *new_val=NULL, *new_conf=NULL;
7003 int rename_old = 0, r;
7012 old_val = read_file_to_str(fname, 0, NULL);
7024 "Config file \"%s\" is not a file? Failing.", fname);
7028 if (!(new_conf =
options_dump(options, OPTIONS_DUMP_MINIMAL))) {
7029 log_warn(
LD_BUG,
"Couldn't get configuration string");
7037 char *fn_tmp = NULL;
7040 if (fn_tmp_status == FN_DIR || fn_tmp_status == FN_ERROR) {
7042 "Config backup file \"%s\" is not a file? Failing.", fn_tmp);
7047 log_notice(
LD_CONFIG,
"Renaming old configuration file to \"%s\"", fn_tmp);
7050 "Couldn't rename configuration file \"%s\" to \"%s\": %s",
7051 fname, fn_tmp, strerror(errno));
7093 return (n >= 1) ? n : 1;
7115 memset(&cfg, 0,
sizeof(cfg));
7136 directory_root_t roottype,
7137 const char *sub1,
const char *sub2,
7138 const char *suffix))
7142 const char *rootdir = NULL;
7144 case DIRROOT_DATADIR:
7147 case DIRROOT_CACHEDIR:
7150 case DIRROOT_KEYDIR:
7154 tor_assert_unreached();
7167 }
else if (sub2 == NULL) {
7168 tor_asprintf(&fname,
"%s"PATH_SEPARATOR
"%s%s", rootdir, sub1, suffix);
7170 tor_asprintf(&fname,
"%s"PATH_SEPARATOR
"%s"PATH_SEPARATOR
"%s%s",
7171 rootdir, sub1, sub2, suffix);
7183 char *statsdir = get_datadir_fname(subdir);
7187 log_warn(
LD_HIST,
"Unable to create %s/ directory!", subdir);
7201 const char* str,
const char* descr)
7203 char *filename = get_datadir_fname2(subdir, fname);
7207 log_warn(
LD_HIST,
"Unable to write %s to disk!", descr ? descr : fname);
7220 const char *question,
char **answer,
7221 const char **errmsg)
7225 if (!strcmp(question,
"config/names")) {
7236 } SMARTLIST_FOREACH_END(var);
7240 smartlist_free(vars);
7241 }
else if (!strcmp(question,
"config/defaults")) {
7243 int dirauth_lines_seen = 0, fallback_lines_seen = 0;
7248 if (var->initvalue != NULL) {
7249 if (strcmp(var->member.name,
"DirAuthority") == 0) {
7254 ++dirauth_lines_seen;
7256 if (strcmp(var->member.name,
"FallbackDir") == 0) {
7261 ++fallback_lines_seen;
7267 } SMARTLIST_FOREACH_END(var);
7268 smartlist_free(vars);
7270 if (dirauth_lines_seen == 0) {
7288 if (fallback_lines_seen == 0 &&
7327 if (family==AF_INET6) {
7334 if (!validate_only) {
7353 if (verify_and_store_outbound_address(family, &addr, type,
7354 options, validate_only)) {
7356 tor_asprintf(msg,
"Multiple%s%s outbound bind addresses "
7358 family==AF_INET?
" IPv4":(family==AF_INET6?
" IPv6":
""),
7364 lines = lines->next;
7378 if (!validate_only) {
7385 validate_only, msg) < 0) {
7421 const char *msg =
"";
7426 char *free_fname = NULL;
7429 if (!strcmp(fname,
"<default>")) {
7430 const char *conf_root = get_windows_conf_root();
7441 if (r < 0 && severity ==
LOG_WARN) {
7464 if (options->GeoIPv6File &&
7465 ((!old_options || !
opt_streq(old_options->GeoIPv6File,
7466 options->GeoIPv6File))
7486 int cookie_len,
int group_readable,
7487 uint8_t **cookie_out,
int *cookie_is_set_out)
7489 char cookie_file_str_len = strlen(header) + cookie_len;
7490 char *cookie_file_str = tor_malloc(cookie_file_str_len);
7495 if (*cookie_is_set_out) {
7507 *cookie_out = tor_malloc(cookie_len);
7511 memcpy(cookie_file_str, header, strlen(header));
7512 memcpy(cookie_file_str+strlen(header), *cookie_out, cookie_len);
7514 log_warn(
LD_FS,
"Error writing auth cookie to %s.",
escaped(fname));
7519 if (group_readable) {
7520 if (chmod(fname, 0640)) {
7521 log_warn(
LD_FS,
"Unable to make %s group-readable.",
escaped(fname));
7525 (void) group_readable;
7530 *cookie_is_set_out = 1;
7534 memwipe(cookie_file_str, 0, cookie_file_str_len);
7546 return (options->SocksPort_set ||
7547 options->TransPort_set ||
7548 options->NATDPort_set ||
7549 options->DNSPort_set ||
7550 options->HTTPTunnelPort_set);
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
void tor_addr_make_unspec(tor_addr_t *a)
int string_is_valid_ipv4_address(const char *string)
int tor_addr_parse(tor_addr_t *addr, const char *src)
int tor_addr_port_parse(int severity, const char *addrport, tor_addr_t *address_out, uint16_t *port_out, int default_port)
int tor_addr_is_loopback(const tor_addr_t *addr)
int tor_addr_is_v4(const tor_addr_t *addr)
int tor_addr_port_split(int severity, const char *addrport, char **address_out, uint16_t *port_out)
int tor_addr_is_null(const tor_addr_t *addr)
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
#define fmt_and_decorate_addr(a)
static sa_family_t tor_addr_family(const tor_addr_t *a)
#define tor_addr_from_ipv4h(dest, v4addr)
#define tor_addr_eq(a, b)
void addressmap_clear_invalid_automaps(const or_options_t *options)
void addressmap_register(const char *address, char *new_address, time_t expires, addressmap_entry_source_t source, const int wildcard_addr, const int wildcard_new_addr, uint64_t stream_id)
void addressmap_clear_configured(void)
void addressmap_clear_excluded_trackexithosts(const or_options_t *options)
int parse_virtual_addr_network(const char *val, sa_family_t family, int validate_only, char **msg)
Header file for directory authority mode.
int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
void mark_bridge_list(void)
void sweep_bridge_list(void)
int transport_is_needed(const char *transport_name)
void bridge_add_from_config(bridge_line_t *bridge_line)
Header file for circuitbuild.c.
Header file for channel.c.
void circuit_mark_all_dirty_circs_as_unusable(void)
void circuit_mark_all_unused_circs(void)
Header file for circuitlist.c.
Header file for circuitmux.c.
void cmux_ewma_set_options(const or_options_t *options, const networkstatus_t *consensus)
Header file for circuitmux_ewma.c.
int circuit_build_times_disabled_(const or_options_t *options, int ignore_consensus)
Header file for circuitstats.c.
const char * tor_libevent_get_header_version_str(void)
void suppress_libevent_log_msg(const char *msg)
void tor_libevent_initialize(tor_libevent_cfg_t *torcfg)
const char * tor_libevent_get_version_str(void)
void configure_libevent_logging(void)
size_t atomic_counter_exchange(atomic_counter_t *counter, size_t newval)
void atomic_counter_init(atomic_counter_t *counter)
size_t atomic_counter_get(atomic_counter_t *counter)
void atomic_counter_destroy(atomic_counter_t *counter)
const char * tor_compress_version_str(compress_method_t method)
int tor_compress_supports_method(compress_method_t method)
const char * tor_compress_header_version_str(compress_method_t method)
Read configuration files from disk, with full include support.
int config_get_lines_include(const char *string, struct config_line_t **result, int extended, int *has_include, struct smartlist_t *opened_lst)
int config_ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg)
static config_line_t * get_options_defaults(void)
static void options_commit_listener_transaction(listener_transaction_t *xn)
static int compute_group_readable_flag(const char *datadir, const char *subdir, int datadir_gr, int subdir_gr)
static int validate_transport_socks_arguments(const smartlist_t *args)
void options_init(or_options_t *options)
int options_save_current(void)
static const char * default_fallbacks[]
static void print_usage(void)
STATIC void add_default_trusted_dir_authorities(dirinfo_type_t type)
int pt_parse_transport_line(const or_options_t *options, const char *line, int validate_only, int server)
const char * get_torrc_fname(int defaults_fname)
#define MAX_MAX_CIRCUIT_DIRTINESS
#define MIN_MAX_CIRCUIT_DIRTINESS
static void warn_nonlocal_client_ports(const smartlist_t *ports, const char *portname, const int listener_type)
static void set_protocol_warning_severity_level(int warning_severity)
static int validate_ports_csv(smartlist_t *sl, const char *name, char **msg)
or_options_t * get_options_mutable(void)
void bridge_line_free_(bridge_line_t *bridge_line)
int get_num_cpus(const or_options_t *options)
const smartlist_t * get_configured_ports(void)
static void list_deprecated_options(void)
void add_default_fallback_dir_servers(void)
static const config_var_t option_vars_[]
static atomic_counter_t protocol_warning_severity_level
static int write_configuration_file(const char *fname, const or_options_t *options)
STATIC int options_act_reversible(const or_options_t *old_options, char **msg)
#define MIN_CIRCUIT_STREAM_TIMEOUT
char * options_get_dir_fname2_suffix(const or_options_t *options, directory_root_t roottype, const char *sub1, const char *sub2, const char *suffix)
STATIC void or_options_free_(or_options_t *options)
static bool testing_network_configured
static listener_transaction_t * options_start_listener_transaction(const or_options_t *old_options, char **msg_out)
static void list_torrc_options(void)
static int validate_data_directories(or_options_t *options)
static int in_option_validation
int getinfo_helper_config(control_connection_t *conn, const char *question, char **answer, const char **errmsg)
static void print_library_versions(void)
static int opt_streq(const char *s1, const char *s2)
STATIC int parse_ports(or_options_t *options, int validate_only, char **msg, int *n_ports_out, int *world_writable_control_socket)
int consider_adding_dir_servers(const or_options_t *options, const or_options_t *old_options)
static const char * default_authorities[]
static int options_transition_affects_guards(const or_options_t *old_options, const or_options_t *new_options)
const char * escaped_safe_str_client(const char *address)
static int warn_if_option_path_is_relative(const char *option, const char *filepath)
char * get_first_listener_addrport_string(int listener_type)
#define V_D(member, type, initvalue)
int options_init_from_torrc(int argc, char **argv)
static or_options_t * global_options
static void config_load_geoip_file_(sa_family_t family, const char *fname, const char *default_fname)
static const config_abbrev_t option_abbrevs_[]
#define OBSOLETE(varname)
void port_cfg_free_(port_cfg_t *port)
static int options_switch_id(char **msg_out)
static int handle_cmdline_master_key(tor_cmdline_mode_t command, const char *value)
static char * find_torrc_filename(const config_line_t *cmd_arg, int defaults_file, int *using_default_fname, int *ignore_missing_torrc)
takes_argument_t takes_argument
STATIC void options_commit_log_transaction(log_transaction_t *xn)
static void options_rollback_listener_transaction(struct listener_transaction_t *xn)
STATIC int open_and_add_file_log(const log_severity_list_t *severity, const char *filename, int truncate_log)
static or_options_t * global_default_options
static void cleanup_protocol_warning_severity_level(void)
static int parse_outbound_addresses(or_options_t *options, int validate_only, char **msg)
STATIC int options_create_directories(char **msg_out)
static char * load_torrc_from_stdin(void)
const char * safe_str_client_opts(const or_options_t *options, const char *address)
int portconf_get_first_advertised_port(int listener_type, int address_family)
static char * torrc_defaults_fname
static int handle_cmdline_passphrase_fd(tor_cmdline_mode_t command, const char *value)
int port_cfg_line_extract_addrport(const char *line, char **addrport_out, int *is_unix_out, const char **rest_out)
const char * escaped_safe_str(const char *address)
int check_or_create_data_subdir(const char *subdir)
static const char * get_default_conf_file(int defaults_file)
int options_any_client_port_set(const or_options_t *options)
or_options_t * options_new(void)
int create_keys_directory(const or_options_t *options)
#define MAX_CIRCS_AVAILABLE_TIME
void init_protocol_warning_severity_level(void)
static int check_and_create_data_directory(int create, const char *directory, int group_readable, const char *owner, char **msg_out)
static int handle_cmdline_no_passphrase(tor_cmdline_mode_t command)
char * options_dump(const or_options_t *options, int how_to_dump)
int get_protocol_warning_severity_level(void)
static int warn_about_relative_paths(const or_options_t *options)
static char * torrc_fname
int parse_dir_fallback_line(const char *line, int validate_only)
const or_options_t * get_options(void)
int option_is_recognized(const char *key)
setopt_err_t options_trial_assign(config_line_t *list, unsigned flags, char **msg)
static int options_init_log_granularity(const or_options_t *options, int validate_only)
STATIC int options_act(const or_options_t *old_options)
#define RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT
STATIC int parse_dir_authority_line(const char *line, dirinfo_type_t required_type, int validate_only)
#define VAR(varname, conftype, member, initvalue)
STATIC int options_init_logs(const or_options_t *old_options, const or_options_t *options, int validate_only)
STATIC void options_rollback_log_transaction(log_transaction_t *xn)
static int validate_dir_servers(const or_options_t *options, const or_options_t *old_options)
static int handle_cmdline_format(tor_cmdline_mode_t command, const char *value)
static bool have_set_startup_options
#define GENERATED_FILE_PREFIX
void parsed_cmdline_free_(parsed_cmdline_t *cmdline)
static char * load_torrc_from_disk(const config_line_t *cmd_arg, int defaults_file)
STATIC const config_mgr_t * get_options_mgr(void)
static const config_format_t options_format
static int options_act_once_on_startup(char **msg_out)
static void config_maybe_load_geoip_files_(const or_options_t *options, const or_options_t *old_options)
static const port_cfg_t * portconf_get_first_advertised(int listener_type, int address_family)
static const struct @0 testing_tor_network_defaults[]
static int options_check_transition_cb(const void *old, const void *new, char **msg)
int set_options(or_options_t *new_val, char **msg)
static void warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid_nonlocal)
const char * safe_str_opts(const or_options_t *options, const char *address)
DUMMY_TYPECHECK_INSTANCE(or_options_t)
port_cfg_t * port_cfg_new(size_t namelen)
static int handle_cmdline_newpass(tor_cmdline_mode_t command)
STATIC log_transaction_t * options_start_log_transaction(const or_options_t *old_options, char **msg_out)
int addressmap_register_auto(const char *from, const char *to, time_t expires, addressmap_entry_source_t addrmap_source, const char **msg)
int options_need_geoip_info(const or_options_t *options, const char **reason_out)
#define UINT64_MAX_STRING
void config_register_addressmaps(const or_options_t *options)
static void options_clear_cb(const config_mgr_t *mgr, void *opts)
void config_free_all(void)
int port_count_real_listeners(const smartlist_t *ports, int listenertype, int count_sockets)
static void init_libevent(const or_options_t *options)
bridge_line_t * parse_bridge_line(const char *line)
int port_exists_by_type_addr_port(int listener_type, const tor_addr_t *addr, int port, int check_wildcard)
static int parse_dirauth_dirport(dir_server_t *ds, const char *flag)
tor_cmdline_mode_t command
int init_cookie_authentication(const char *fname, const char *header, int cookie_len, int group_readable, uint8_t **cookie_out, int *cookie_is_set_out)
static const struct @1 CMDLINE_ONLY_OPTIONS[]
parsed_cmdline_t * config_parse_commandline(int argc, char **argv, int ignore_errors)
const tor_addr_t * portconf_get_first_advertised_addr(int listener_type, int address_family)
setopt_err_t options_init_from_string(const char *cf_defaults, const char *cf, int command, const char *command_arg, char **msg)
static int options_validate_cb(const void *old_options, void *options, char **msg)
const char * option_get_canonical_name(const char *key)
static void list_enabled_modules(void)
static setopt_err_t options_validate_and_set(const or_options_t *old_options, or_options_t *new_options, char **msg_out)
static smartlist_t * configured_ports
config_line_t * option_get_assignment(const or_options_t *options, const char *key)
STATIC int parse_tcp_proxy_line(const char *line, or_options_t *options, char **msg)
#define DOWNLOAD_SCHEDULE(name)
int write_to_data_subdir(const char *subdir, const char *fname, const char *str, const char *descr)
static char * get_data_directory(const char *val)
int port_parse_config(smartlist_t *out, const config_line_t *ports, const char *portname, int listener_type, const char *defaultaddr, int defaultport, const unsigned flags)
static parsed_cmdline_t * global_cmdline
#define GENERATED_FILE_COMMENT
Header file for config.c.
#define MAX_DEFAULT_MEMORY_QUEUE_SIZE
#define CONFIG_BACKUP_PATTERN
#define MIN_HEARTBEAT_PERIOD
const config_line_t * config_line_find(const config_line_t *lines, const char *key)
void config_line_append(config_line_t **lst, const char *key, const char *val)
int config_lines_eq(const config_line_t *a, const config_line_t *b)
#define CONFIG_LINE_APPEND
#define CONFIG_LINE_NORMAL
#define END_OF_CONFIG_VARS
void config_init(const config_mgr_t *mgr, void *options)
void config_mgr_freeze(config_mgr_t *mgr)
void warn_deprecated_option(const char *what, const char *why)
config_line_t * config_get_changes(const config_mgr_t *mgr, const void *options1, const void *options2)
bool config_var_is_listable(const config_var_t *var)
const char * config_find_option_name(const config_mgr_t *mgr, const char *key)
const char * config_expand_abbrev(const config_mgr_t *mgr, const char *option, int command_line, int warn_obsolete)
bool config_var_is_settable(const config_var_t *var)
void * config_dup(const config_mgr_t *mgr, const void *old)
smartlist_t * config_mgr_list_deprecated_vars(const config_mgr_t *mgr)
config_line_t * config_get_assigned_option(const config_mgr_t *mgr, const void *options, const char *key, int escape_val)
smartlist_t * config_mgr_list_vars(const config_mgr_t *mgr)
validation_status_t config_validate(const config_mgr_t *mgr, const void *old_options, void *options, char **msg_out)
int config_assign(const config_mgr_t *mgr, void *options, config_line_t *list, unsigned config_assign_flags, char **msg)
char * config_dump(const config_mgr_t *mgr, const void *default_options, const void *options, int minimal, int comment_defaults)
config_mgr_t * config_mgr_new(const config_format_t *toplevel_fmt)
void * config_new(const config_mgr_t *mgr)
#define CAL_WARN_DEPRECATIONS
char * alloc_http_authenticator(const char *authenticator)
int retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
void connection_bucket_adjust(const or_options_t *options)
int conn_listener_type_supports_af_unix(int type)
void connection_mark_all_noncontrol_connections(void)
void connection_check_oos(int n_socks, int failed)
Header file for connection.c.
#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER
#define CONN_TYPE_CONTROL_LISTENER
#define CONN_TYPE_EXT_OR_LISTENER
#define MAX_SOCKS5_AUTH_SIZE_TOTAL
#define MAX_SOCKS5_AUTH_FIELD_SIZE
#define CONN_TYPE_AP_NATD_LISTENER
#define CONN_TYPE_AP_LISTENER
#define CONN_TYPE_AP_DNS_LISTENER
#define CONN_TYPE_AP_TRANS_LISTENER
Header file for connection_edge.c.
int address_is_invalid_destination(const char *address, int client)
Base connection structure.
void control_ports_write_to_file(void)
int control_connection_add_local_fd(tor_socket_t sock, unsigned flags)
void monitor_owning_controller_process(const char *process_spec)
Header file for control.c.
smartlist_t * decode_hashed_passwords(config_line_t *passwords)
Header file for control_auth.c.
void control_adjust_event_log_severity(void)
void control_event_logmsg_pending(void)
void control_event_logmsg(int severity, log_domain_mask_t domain, const char *msg)
void control_event_conf_changed(const config_line_t *changes)
Header file for control_events.c.
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
const char * crypto_get_library_version_string(void)
const char * crypto_get_library_name(void)
Headers for crypto_init.c.
Headers for crypto_nss_mgt.c.
Headers for crypto_openssl_mgt.c.
void crypto_rand(char *to, size_t n)
Common functions for using (pseudo-)random number generators.
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
const char * unescape_string(const char *s, char **result, size_t *size_out)
bool start_daemon_has_been_called(void)
int finish_daemon(const char *desired_cwd)
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
int options_act_dirauth_mtbf(const or_options_t *old_options)
int options_act_dirauth_stats(const or_options_t *old_options, bool *print_notice_out)
int options_validate_dirauth_mode(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_dirauth(const or_options_t *old_options)
int options_validate_dirauth_testing(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_dirauth_schedule(const or_options_t *old_options, or_options_t *options, char **msg)
Header for feature/dirauth/dirauth_config.c.
int dirclient_fetches_dir_info_later(const or_options_t *options)
int dirclient_fetches_dir_info_early(const or_options_t *options)
Header for feature/dirclient/dirclient_modes.c.
void trusted_dir_server_add_dirport(dir_server_t *ds, auth_dirport_usage_t usage, const tor_addr_port_t *dirport)
dir_server_t * fallback_dir_server_new(const tor_addr_t *ipv4_addr, uint16_t ipv4_dirport, uint16_t ipv4_orport, const tor_addr_port_t *addrport_ipv6, const char *id_digest, double weight)
void clear_dir_servers(void)
void dir_server_add(dir_server_t *ent)
dir_server_t * trusted_dir_server_new(const char *nickname, const char *address, uint16_t ipv4_dirport, uint16_t ipv4_orport, const tor_addr_port_t *ipv6_addrport, const char *digest, const char *v3_auth_digest, dirinfo_type_t type, double weight)
Header file for dirlist.c.
Header file for dirserv.c.
int guards_update_all(void)
Header file for circuitbuild.c.
char * esc_for_log(const char *s)
const char * escaped(const char *s)
char * read_file_to_str_until_eof(int fd, size_t max_bytes_to_read, size_t *sz_out) ATTR_MALLOC
int write_str_to_file(const char *fname, const char *str, int bin)
file_status_t file_status(const char *filename)
int tor_open_cloexec(const char *path, int flags, unsigned mode)
int replace_file(const char *from, const char *to)
int write_bytes_to_file(const char *fname, const char *str, size_t len, int bin)
int geoip_load_file(sa_family_t family, const char *filename, int severity)
int geoip_is_loaded(sa_family_t family)
Header file for geoip_stats.c.
int should_record_bridge_info(const or_options_t *options)
Header for gethostname.c.
void consider_hibernation(time_t now)
int we_are_hibernating(void)
Header file for hibernate.c.
int hs_config_client_auth_all(const or_options_t *options, int validate_only)
int hs_config_service_all(const or_options_t *options, int validate_only)
Header file containing configuration ABI/API for the HS subsystem.
Header file containing PoW denial of service defenses for the HS subsystem for all versions.
int hs_service_load_all_keys(void)
int string_is_key_value(int severity, const char *string)
const char * tor_libc_get_header_version_str(void)
const char * tor_libc_get_version_str(void)
const char * tor_libc_get_name(void)
Header for lib/osinfo/libc.c.
int add_file_log(const log_severity_list_t *severity, const char *filename, int fd)
void flush_log_messages_from_startup(void)
void mark_logs_temp(void)
void rollback_log_changes(void)
void logs_set_pending_callback_callback(pending_callback_callback cb)
int add_callback_log(const log_severity_list_t *severity, log_callback cb)
int get_min_log_level(void)
void set_log_time_granularity(int granularity_msec)
void tor_log_update_sigsafe_err_fds(void)
void add_stream_log(const log_severity_list_t *severity, const char *name, int fd)
void logs_set_domain_logging(int enabled)
int parse_log_severity_config(const char **cfg_ptr, log_severity_list_t *severity_out)
void close_temp_logs(void)
#define log_fn(severity, domain, args,...)
int try_locking(const or_options_t *options, int err_if_locked)
void note_that_we_maybe_cant_complete_circuits(void)
void tor_shutdown_event_loop_and_exit(int exitcode)
void reset_main_loop_counters(void)
int tor_event_loop_shutdown_is_pending(void)
Header file for mainloop.c.
int get_total_system_memory(size_t *mem_out)
int metrics_parse_ports(or_options_t *options, smartlist_t *ports, char **err_msg_out)
Header for feature/metrics/metrics.c.
int net_is_disabled(void)
networkstatus_t * networkstatus_get_latest_consensus(void)
void update_consensus_networkstatus_fetch_time(time_t now)
Header file for networkstatus.c.
int is_legal_nickname(const char *s)
Header file for nickname.c.
void router_dir_info_changed(void)
Header file for nodelist.c.
int compute_num_cpus(void)
Master header file for Tor-specific functionality.
addressmap_entry_source_t
#define SESSION_GROUP_UNSET
@ TCP_PROXY_PROTOCOL_HAPROXY
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
double tor_parse_double(const char *s, double min, double max, int *ok, char **next)
char * make_path_absolute(const char *fname)
int path_is_relative(const char *filename)
char * expand_filename(const char *filename)
int write_pidfile(const char *filename)
int policies_parse_from_options(const or_options_t *options)
int validate_addr_policies(const or_options_t *options, char **msg)
Header file for policies.c.
Listener port configuration structure.
int tor_asprintf(char **strp, const char *fmt,...)
int tor_snprintf(char *str, size_t size, const char *format,...)
void tor_disable_spawning_background_processes(void)
int tor_validate_process_specifier(const char *process_spec, const char **msg)
quiet_level_t quiet_level
void add_default_log_for_quiet_level(quiet_level_t quiet)
int options_act_relay_bandwidth(const or_options_t *old_options)
int options_validate_relay_padding(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_relay_stats(const or_options_t *old_options, bool *print_notice_out)
void port_update_port_set_relay(or_options_t *options, const smartlist_t *ports)
int options_act_relay(const or_options_t *old_options)
int options_validate_relay_accounting(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_relay_bandwidth(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_relay_os(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_relay_dir(const or_options_t *old_options)
void port_warn_nonlocal_ext_orports(const smartlist_t *ports, const char *portname)
int port_parse_ports_relay(or_options_t *options, char **msg, smartlist_t *ports_out, int *have_low_ports_out)
int options_act_relay_accounting(const or_options_t *old_options)
void options_act_relay_stats_msg(void)
int options_validate_relay_info(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_publish_server(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_relay_dos(const or_options_t *old_options)
int options_act_relay_desc(const or_options_t *old_options)
int options_act_bridge_stats(const or_options_t *old_options)
int options_validate_relay_testing(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_relay_mode(const or_options_t *old_options, or_options_t *options, char **msg)
Header for feature/relay/relay_config.c.
int tor_addr_port_lookup(const char *s, tor_addr_t *addr_out, uint16_t *port_out)
int set_max_file_descriptors(rlim_t limit, int *max_out)
int tor_disable_debugger_attach(void)
uint16_t router_get_active_listener_port_by_type_af(int listener_type, sa_family_t family)
void refresh_all_country_info(void)
Header file for routerlist.c.
int public_server_mode(const or_options_t *options)
int server_mode(const or_options_t *options)
Header file for routermode.c.
int routerset_needs_geoip(const routerset_t *set)
routerset_t * routerset_new(void)
int routerset_equal(const routerset_t *old, const routerset_t *new)
int routerset_is_list(const routerset_t *set)
int routerset_add_unknown_ccs(routerset_t **setp, int only_if_some_cc_set)
int routerset_parse(routerset_t *target, const char *s, const char *description)
int routerset_len(const routerset_t *set)
void routerset_union(routerset_t *target, const routerset_t *source)
Header file for routerset.c.
int sandbox_is_active(void)
Header file for sandbox.c.
void scheduler_conf_changed(void)
Header file for scheduler*.c.
int switch_id(const char *user, const unsigned flags)
#define SWITCH_ID_WARN_IF_NO_CAPS
#define SWITCH_ID_KEEP_BINDLOW
static const char default_fname[]
int smartlist_strings_eq(const smartlist_t *sl1, const smartlist_t *sl2)
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
void smartlist_del_keeporder(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
void check_network_configuration(bool server_mode)
int get_n_open_sockets(void)
int or_state_loaded(void)
unsigned int cache_ipv4_answers
unsigned int socks_iso_keep_alive
unsigned int use_cached_ipv4_answers
unsigned int prefer_ipv6_virtaddr
unsigned int socks_prefer_no_auth
unsigned int extended_socks5_codes
smartlist_t * new_listeners
struct config_line_t * ControlPort_lines
tor_addr_t Socks4ProxyAddr
struct config_line_t * MyFamily
struct config_line_t * NATDPort_lines
int DirReqStatistics_option
struct config_line_t * AlternateBridgeAuthority
tor_addr_t HTTPSProxyAddr
int ConnLimit_high_thresh
struct routerset_t * ExcludeExitNodes
int TestingEnableConnBwEvent
struct config_line_t * OutboundBindAddressExit
struct config_line_t * DNSPort_lines
char * BridgePassword_AuthDigest_
uint64_t MaxMemInQueues_low_threshold
struct smartlist_t * RejectPlaintextPorts
struct config_line_t * Logs
struct routerset_t * ExcludeExitNodesUnion_
int TestingDirConnectionMaxStall
int ClientBootstrapConsensusMaxInProgressTries
struct smartlist_t * WarnPlaintextPorts
struct smartlist_t * TrackHostExits
struct smartlist_t * FirewallPorts
int TestingClientMaxIntervalWithoutRequest
struct smartlist_t * Schedulers
tcp_proxy_protocol_t TCPProxyProtocol
int FetchDirInfoExtraEarly
struct config_line_t * ClientTransportPlugin
struct config_line_t * OutboundBindAddressPT
struct smartlist_t * SchedulerTypes_
struct config_line_t * DirAuthorities
struct config_line_t * Bridges
int ControlSocketsGroupWritable
uint64_t OwningControllerFD
double KISTSockBufSizeFactor
struct config_line_t * ControlSocket
struct config_line_t * OutboundBindAddress
int UseDefaultFallbackDirs
struct config_line_t * AlternateDirAuthority
int DataDirectoryGroupReadable
int CacheDirectoryGroupReadable
int KeyDirectoryGroupReadable
char * KeyDirectory_option
struct smartlist_t * NodeFamilySets
uint64_t ConstrainedSockSize
struct config_line_t * AddressMap
struct smartlist_t * FilesOpenedByIncludes
int HiddenServiceStatistics_option
char * HTTPProxyAuthenticator
struct config_line_t * HashedControlPassword
int TokenBucketRefillInterval
int LearnCircuitBuildTimeout
struct config_line_t * FallbackDir
struct routerset_t * EntryNodes
int HiddenServiceStatistics
int UsingTestNetworkDefaults_
int UnixSocksGroupWritable
struct config_line_t * NodeFamilies
char * VirtualAddrNetworkIPv6
struct routerset_t * ExcludeNodes
char * OwningControllerProcess
struct config_line_t * ReachableORAddresses
char * Socks5ProxyUsername
struct config_line_t * HashedControlSessionPassword
char * Socks5ProxyPassword
int CookieAuthFileGroupReadable
int TestingEnableCellStatsEvent
struct routerset_t * ExitNodes
tor_addr_t Socks5ProxyAddr
struct config_line_t * ReachableDirAddresses
int MaxClientCircuitsPending
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
struct routerset_t * HSLayer2Nodes
char * CacheDirectory_option
struct config_line_t * OutboundBindAddressOR
int ReconfigDropsBridgeDescs
int CircuitsAvailableTimeout
enum or_options_t::@2 TransProxyType_parsed
struct smartlist_t * AutomapHostsSuffixes
int ConnDirectionStatistics
char * VirtualAddrNetworkIPv4
int AutomapHostsOnResolve
char * HTTPSProxyAuthenticator
tor_cmdline_mode_t command
int DisableDebuggerAttachment
struct config_line_t * TransPort_lines
struct smartlist_t * LongLivedPorts
struct config_line_t * RendConfigLines
struct config_line_t * ReachableAddresses
char * ConfluxClientUX_option
int HiddenServiceSingleHopMode
double PathsNeededToBuildCircuits
int UseEntryGuards_option
struct config_line_t * HTTPTunnelPort_lines
char * DataDirectory_option
int ClientDNSRejectInternalAddresses
struct routerset_t * MiddleNodes
struct config_line_t * SocksPort_lines
struct routerset_t * HSLayer3Nodes
quiet_level_t quiet_level
struct config_line_t * cmdline_opts
struct config_line_t * other_opts
tor_cmdline_mode_t command
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
entry_port_cfg_t entry_cfg
const char * struct_var_get_typename(const struct_member_t *member)
Header for lib/confmgt/structvar.c.
int subsystems_set_options(const config_mgr_t *mgr, struct or_options_t *options)
void subsystems_prefork(void)
void subsystems_postfork(void)
void subsystems_dump_list(void)
int subsystems_register_options_formats(config_mgr_t *mgr)
#define MOCK_IMPL(rv, funcname, arglist)
const char * get_version(void)
int options_act_server_transport(const or_options_t *old_options)
int options_validate_server_transport(const or_options_t *old_options, or_options_t *options, char **msg)
Header for feature/relay/transport_config.c.
int pt_proxies_configuration_pending(void)
int transport_add_from_config(const tor_addr_t *addr, uint16_t port, const char *name, int socks_ver)
char * pt_stringify_socks_args(const smartlist_t *socks_args)
void pt_configure_remaining_proxies(void)
void sweep_proxy_list(void)
void mark_transport_list(void)
static smartlist_t * transport_list
void sweep_transport_list(void)
void pt_prepare_proxy_list_for_config_read(void)
Headers for transports.c.
const char * get_uname(void)
#define tor_assert_nonfatal_unreached()
int strcasecmpstart(const char *s1, const char *s2)
int strcmpstart(const char *s1, const char *s2)
const char * find_whitespace(const char *s)
int strcasecmpend(const char *s1, const char *s2)
int strcmp_opt(const char *s1, const char *s2)
int string_is_C_identifier(const char *string)
const char * eat_whitespace(const char *s)
int tor_digest_is_zero(const char *digest)