80#include "trunnel/conflux.h"
81#include "core/or/dos.h"
133#ifdef HAVE_SYS_STAT_H
136#ifdef HAVE_SYS_PARAM_H
137#include <sys/param.h>
165# if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
169# define __INCLUDE_LEVEL__ 2
171#include <systemd/sd-daemon.h>
175static const char unix_socket_prefix[] =
"unix:";
178static const char unix_q_socket_prefix[] =
"unix:\"";
181#define MIN_CONSTRAINED_TCP_BUFFER 2048
182#define MAX_CONSTRAINED_TCP_BUFFER 262144
187#define DOWNLOAD_SCHEDULE(name) \
188 { (#name "DownloadSchedule"), (#name "DownloadInitialDelay"), 0, 1 }
190#define DOWNLOAD_SCHEDULE(name) { NULL, NULL, 0, 1 }
199 PLURAL(AuthDirMiddleOnlyCC),
205 PLURAL(HiddenServiceNode),
206 PLURAL(HiddenServiceExcludeNode),
209 PLURAL(RecommendedPackage),
215 {
"AllowUnverifiedNodes",
"AllowInvalidNodes", 0, 0},
216 {
"AutomapHostSuffixes",
"AutomapHostsSuffixes", 0, 0},
217 {
"AutomapHostOnResolve",
"AutomapHostsOnResolve", 0, 0},
218 {
"BandwidthRateBytes",
"BandwidthRate", 0, 0},
219 {
"BandwidthBurstBytes",
"BandwidthBurst", 0, 0},
220 {
"DirFetchPostPeriod",
"StatusFetchPeriod", 0, 0},
221 {
"DirServer",
"DirAuthority", 0, 0},
222 {
"MaxConn",
"ConnLimit", 0, 1},
223 {
"MaxMemInCellQueues",
"MaxMemInQueues", 0, 0},
224 {
"ORBindAddress",
"ORListenAddress", 0, 0},
225 {
"DirBindAddress",
"DirListenAddress", 0, 0},
226 {
"SocksBindAddress",
"SocksListenAddress", 0, 0},
227 {
"UseHelperNodes",
"UseEntryGuards", 0, 0},
228 {
"NumHelperNodes",
"NumEntryGuards", 0, 0},
229 {
"UseEntryNodes",
"UseEntryGuards", 0, 0},
230 {
"NumEntryNodes",
"NumEntryGuards", 0, 0},
231 {
"ResolvConf",
"ServerDNSResolvConfFile", 0, 1},
232 {
"SearchDomains",
"ServerDNSSearchDomains", 0, 1},
233 {
"ServerDNSAllowBrokenResolvConf",
"ServerDNSAllowBrokenConfig", 0, 0},
234 {
"PreferTunnelledDirConns",
"PreferTunneledDirConns", 0, 0},
235 {
"BridgeAuthoritativeDirectory",
"BridgeAuthoritativeDir", 0, 0},
236 {
"HashedControlPassword",
"__HashedControlSessionPassword", 1, 0},
237 {
"VirtualAddrNetwork",
"VirtualAddrNetworkIPv4", 0, 0},
238 {
"SocksSocketsGroupWritable",
"UnixSocksGroupWritable", 0, 1},
239 {
"_HSLayer2Nodes",
"HSLayer2Nodes", 0, 1 },
240 {
"_HSLayer3Nodes",
"HSLayer3Nodes", 0, 1 },
263#define VAR(varname,conftype,member,initvalue) \
264 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, 0, initvalue)
267#define VAR_D(varname,conftype,member,initvalue) \
268 CONFIG_VAR_DEFN(or_options_t, varname, conftype, member, 0, initvalue)
270#define VAR_NODUMP(varname,conftype,member,initvalue) \
271 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
272 CFLG_NODUMP, initvalue)
273#define VAR_NODUMP_IMMUTABLE(varname,conftype,member,initvalue) \
274 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
275 CFLG_NODUMP | CFLG_IMMUTABLE, initvalue)
276#define VAR_INVIS(varname,conftype,member,initvalue) \
277 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
278 CFLG_NODUMP | CFLG_NOSET | CFLG_NOLIST, initvalue)
280#define V(member,conftype,initvalue) \
281 VAR(#member, conftype, member, initvalue)
283#define VAR_IMMUTABLE(varname, conftype, member, initvalue) \
284 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
285 CFLG_IMMUTABLE, initvalue)
287#define V_IMMUTABLE(member,conftype,initvalue) \
288 VAR_IMMUTABLE(#member, conftype, member, initvalue)
291#define V_D(member,type,initvalue) \
292 VAR_D(#member, type, member, initvalue)
295#define OBSOLETE(varname) CONFIG_VAR_OBSOLETE(varname)
304#define VPORT(member) \
305 VAR(#member "Lines", LINELIST_V, member ## _lines, NULL), \
306 VAR(#member, LINELIST_S, member ## _lines, NULL), \
307 VAR_NODUMP("__" #member, LINELIST_S, member ## _lines, NULL)
310#define UINT64_MAX_STRING "18446744073709551615"
317 V(AccountingMax, MEMUNIT,
"0 bytes"),
318 VAR(
"AccountingRule", STRING, AccountingRule_option,
"max"),
319 V(AccountingStart, STRING, NULL),
320 V(Address, LINELIST, NULL),
321 V(AddressDisableIPv6, BOOL,
"0"),
324 V(AllowNonRFC953Hostnames, BOOL,
"0"),
327 V(AlternateBridgeAuthority, LINELIST, NULL),
328 V(AlternateDirAuthority, LINELIST, NULL),
330 V(AssumeReachable, BOOL,
"0"),
331 V(AssumeReachableIPv6, AUTOBOOL,
"auto"),
334 V(AuthDirBadExit, LINELIST, NULL),
335 V(AuthDirBadExitCCs, CSV,
""),
336 V(AuthDirInvalid, LINELIST, NULL),
337 V(AuthDirInvalidCCs, CSV,
""),
338 V(AuthDirMiddleOnly, LINELIST, NULL),
339 V(AuthDirMiddleOnlyCCs, CSV,
""),
340 V(AuthDirReject, LINELIST, NULL),
341 V(AuthDirRejectCCs, CSV,
""),
344 OBSOLETE(
"AuthDirMaxServersPerAuthAddr"),
345 VAR(
"AuthoritativeDirectory", BOOL, AuthoritativeDir,
"0"),
346 V(AutomapHostsOnResolve, BOOL,
"0"),
347 V(AutomapHostsSuffixes, CSV,
".onion,.exit"),
348 V(AvoidDiskWrites, BOOL,
"0"),
349 V(BandwidthBurst, MEMUNIT,
"1 GB"),
350 V(BandwidthRate, MEMUNIT,
"1 GB"),
351 V(BridgeAuthoritativeDir, BOOL,
"0"),
352 VAR(
"Bridge", LINELIST, Bridges, NULL),
353 V(BridgePassword, STRING, NULL),
354 V(BridgeRecordUsageByCountry, BOOL,
"1"),
355 V(BridgeRelay, BOOL,
"0"),
356 V(BridgeDistribution, STRING, NULL),
357 VAR_IMMUTABLE(
"CacheDirectory",FILENAME, CacheDirectory_option, NULL),
358 V(CacheDirectoryGroupReadable, AUTOBOOL,
"auto"),
359 V(CellStatistics, BOOL,
"0"),
360 V(PaddingStatistics, BOOL,
"1"),
361 V(OverloadStatistics, BOOL,
"1"),
362 V(LearnCircuitBuildTimeout, BOOL,
"1"),
363 V(CircuitBuildTimeout, INTERVAL,
"0"),
365 V(CircuitsAvailableTimeout, INTERVAL,
"0"),
366 V(CircuitStreamTimeout, INTERVAL,
"0"),
367 V(CircuitPriorityHalflife, DOUBLE,
"-1.0"),
368 V(ClientDNSRejectInternalAddresses, BOOL,
"1"),
369#if defined(HAVE_MODULE_RELAY) || defined(TOR_UNIT_TESTS)
371 V(ClientOnly, BOOL,
"0"),
374 V(ClientOnly, BOOL,
"1"),
376 V(ClientPreferIPv6ORPort, AUTOBOOL,
"auto"),
377 V(ClientPreferIPv6DirPort, AUTOBOOL,
"auto"),
379 V(ClientRejectInternalAddresses, BOOL,
"1"),
380 V(ClientTransportPlugin, LINELIST, NULL),
381 V(ClientUseIPv6, BOOL,
"1"),
382 V(ClientUseIPv4, BOOL,
"1"),
383 V(CompiledProofOfWorkHash, AUTOBOOL,
"auto"),
384 V(ConfluxEnabled, AUTOBOOL,
"auto"),
385 VAR(
"ConfluxClientUX", STRING, ConfluxClientUX_option,
387 V(ConnLimit, POSINT,
"1000"),
388 V(ConnDirectionStatistics, BOOL,
"0"),
389 V(ConstrainedSockets, BOOL,
"0"),
390 V(ConstrainedSockSize, MEMUNIT,
"8192"),
391 V(ContactInfo, STRING, NULL),
394 V(ControlPortFileGroupReadable,BOOL,
"0"),
395 V(ControlPortWriteToFile, FILENAME, NULL),
396 V(ControlSocket, LINELIST, NULL),
397 V(ControlSocketsGroupWritable, BOOL,
"0"),
398 V(UnixSocksGroupWritable, BOOL,
"0"),
399 V(CookieAuthentication, BOOL,
"0"),
400 V(CookieAuthFileGroupReadable, BOOL,
"0"),
401 V(CookieAuthFile, FILENAME, NULL),
402 V(CountPrivateBandwidth, BOOL,
"0"),
403 VAR_IMMUTABLE(
"DataDirectory", FILENAME, DataDirectory_option, NULL),
404 V(DataDirectoryGroupReadable, BOOL,
"0"),
405 V(DisableOOSCheck, BOOL,
"1"),
406 V(DisableNetwork, BOOL,
"0"),
407 V(DirAllowPrivateAddresses, BOOL,
"0"),
409 V(DirPolicy, LINELIST, NULL),
411 V(DirPortFrontPage, FILENAME, NULL),
412 VAR(
"DirReqStatistics", BOOL, DirReqStatistics_option,
"1"),
413 VAR(
"DirAuthority", LINELIST, DirAuthorities, NULL),
414#if defined(HAVE_MODULE_RELAY) || defined(TOR_UNIT_TESTS)
416 V(DirCache, BOOL,
"1"),
419 V(DirCache, BOOL,
"0"),
428 V(DirAuthorityFallbackRate, DOUBLE,
"0.1"),
429 V_IMMUTABLE(DisableAllSwap, BOOL,
"0"),
430 V_IMMUTABLE(DisableDebuggerAttachment, BOOL,
"1"),
432 OBSOLETE(
"DisableV2DirectoryInfo_"),
436 V(DormantClientTimeout, INTERVAL,
"24 hours"),
437 V(DormantTimeoutEnabled, BOOL,
"1"),
438 V(DormantTimeoutDisabledByIdleStreams, BOOL,
"1"),
439 V(DormantOnFirstStartup, BOOL,
"0"),
440 V(DormantCanceledByStartup, BOOL,
"0"),
441 V(DownloadExtraInfo, BOOL,
"0"),
442 V(TestingEnableConnBwEvent, BOOL,
"0"),
443 V(TestingEnableCellStatsEvent, BOOL,
"0"),
444 OBSOLETE(
"TestingEnableTbEmptyEvent"),
445 V(EnforceDistinctSubnets, BOOL,
"1"),
446 V_D(EntryNodes, ROUTERSET, NULL),
447 V(EntryStatistics, BOOL,
"0"),
448 OBSOLETE(
"TestingEstimatedDescriptorPropagationTime"),
449 V_D(ExcludeNodes, ROUTERSET, NULL),
450 V_D(ExcludeExitNodes, ROUTERSET, NULL),
452 V_D(ExitNodes, ROUTERSET, NULL),
456 V_D(MiddleNodes, ROUTERSET, NULL),
457 V(ExitPolicy, LINELIST, NULL),
458 V(ExitPolicyRejectPrivate, BOOL,
"1"),
459 V(ExitPolicyRejectLocalInterfaces, BOOL,
"0"),
460 V(ExitPortStatistics, BOOL,
"0"),
461 V(ExtendAllowPrivateAddresses, BOOL,
"0"),
462 V(ExitRelay, AUTOBOOL,
"auto"),
464 V(ExtORPortCookieAuthFile, FILENAME, NULL),
465 V(ExtORPortCookieAuthFileGroupReadable, BOOL,
"0"),
466 V(ExtraInfoStatistics, BOOL,
"1"),
467 V(ExtendByEd25519ID, AUTOBOOL,
"auto"),
468 V(FallbackDir, LINELIST, NULL),
470 V(UseDefaultFallbackDirs, BOOL,
"1"),
472 OBSOLETE(
"FallbackNetworkstatusFile"),
473 VAR(
"FamilyId", LINELIST, FamilyId_lines, NULL),
474 VAR_IMMUTABLE(
"FamilyKeyDirectory",
475 FILENAME, FamilyKeyDirectory_option, NULL),
476 V(FascistFirewall, BOOL,
"0"),
477 V(FirewallPorts, CSV,
""),
479 V(FetchDirInfoEarly, BOOL,
"0"),
480 V(FetchDirInfoExtraEarly, BOOL,
"0"),
481 V(FetchServerDescriptors, BOOL,
"1"),
482 V(FetchHidServDescriptors, BOOL,
"1"),
483 V(FetchUselessDescriptors, BOOL,
"0"),
485 V(GeoIPExcludeUnknown, AUTOBOOL,
"auto"),
487 V(GeoIPFile, FILENAME,
"<default>"),
488 V(GeoIPv6File, FILENAME,
"<default>"),
489#elif defined(__ANDROID__)
494 V(GeoIPFile, FILENAME,
"/data/local/tmp/geoip"),
495 V(GeoIPv6File, FILENAME,
"/data/local/tmp/geoip6"),
497 V(GeoIPFile, FILENAME,
498 SHARE_DATADIR PATH_SEPARATOR
"tor" PATH_SEPARATOR
"geoip"),
499 V(GeoIPv6File, FILENAME,
500 SHARE_DATADIR PATH_SEPARATOR
"tor" PATH_SEPARATOR
"geoip6"),
503 V(GuardLifetime, INTERVAL,
"0 minutes"),
504 V(HeartbeatPeriod, INTERVAL,
"6 hours"),
505 V(MainloopStats, BOOL,
"0"),
506 V(HashedControlPassword, LINELIST, NULL),
508 OBSOLETE(
"HiddenServiceAuthorizeClient"),
510 VAR(
"HiddenServiceDir", LINELIST_S, RendConfigLines, NULL),
511 VAR(
"HiddenServiceDirGroupReadable", LINELIST_S, RendConfigLines, NULL),
512 VAR(
"HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL),
513 VAR(
"HiddenServicePort", LINELIST_S, RendConfigLines, NULL),
514 VAR(
"HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL),
515 VAR(
"HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
516 VAR(
"HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
517 VAR(
"HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
518 VAR(
"HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
519 VAR(
"HiddenServiceExportCircuitID", LINELIST_S, RendConfigLines, NULL),
520 VAR(
"HiddenServiceEnableIntroDoSDefense", LINELIST_S, RendConfigLines, NULL),
521 VAR(
"HiddenServiceEnableIntroDoSRatePerSec",
522 LINELIST_S, RendConfigLines, NULL),
523 VAR(
"HiddenServiceEnableIntroDoSBurstPerSec",
524 LINELIST_S, RendConfigLines, NULL),
525 VAR(
"HiddenServiceOnionBalanceInstance",
526 LINELIST_S, RendConfigLines, NULL),
527 VAR(
"HiddenServicePoWDefensesEnabled", LINELIST_S, RendConfigLines, NULL),
528 VAR(
"HiddenServicePoWQueueRate", LINELIST_S, RendConfigLines, NULL),
529 VAR(
"HiddenServicePoWQueueBurst", LINELIST_S, RendConfigLines, NULL),
530 VAR(
"HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option,
"1"),
531 V(ClientOnionAuthDir, FILENAME, NULL),
532 OBSOLETE(
"CloseHSClientCircuitsImmediatelyOnTimeout"),
533 OBSOLETE(
"CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
534 V_IMMUTABLE(HiddenServiceSingleHopMode, BOOL,
"0"),
535 V_IMMUTABLE(HiddenServiceNonAnonymousMode,BOOL,
"0"),
536 V(HTTPProxy, STRING, NULL),
537 V(HTTPProxyAuthenticator, STRING, NULL),
538 V(HTTPSProxy, STRING, NULL),
539 V(HTTPSProxyAuthenticator, STRING, NULL),
540 VPORT(HTTPTunnelPort),
541 V(IPv6Exit, BOOL,
"0"),
542 VAR(
"ServerTransportPlugin", LINELIST, ServerTransportPlugin, NULL),
543 V(ServerTransportListenAddr, LINELIST, NULL),
544 V(ServerTransportOptions, LINELIST, NULL),
545 V(SigningKeyLifetime, INTERVAL,
"30 days"),
546 V(Socks4Proxy, STRING, NULL),
547 V(Socks5Proxy, STRING, NULL),
548 V(Socks5ProxyUsername, STRING, NULL),
549 V(Socks5ProxyPassword, STRING, NULL),
550 V(TCPProxy, STRING, NULL),
551 VAR_IMMUTABLE(
"KeyDirectory", FILENAME, KeyDirectory_option, NULL),
552 V(KeyDirectoryGroupReadable, AUTOBOOL,
"auto"),
553 VAR_D(
"HSLayer2Nodes", ROUTERSET, HSLayer2Nodes, NULL),
554 VAR_D(
"HSLayer3Nodes", ROUTERSET, HSLayer3Nodes, NULL),
555 V(KeepalivePeriod, INTERVAL,
"5 minutes"),
556 V_IMMUTABLE(KeepBindCapabilities, AUTOBOOL,
"auto"),
557 VAR(
"Log", LINELIST, Logs, NULL),
558 V(LogMessageDomains, BOOL,
"0"),
559 V(LogTimeGranularity, MSEC_INTERVAL,
"1 second"),
560 V(TruncateLogFile, BOOL,
"0"),
561 V_IMMUTABLE(SyslogIdentityTag, STRING, NULL),
563 V(LongLivedPorts, CSV,
564 "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
565 VAR(
"MapAddress", LINELIST, AddressMap, NULL),
566 V(MaxAdvertisedBandwidth, MEMUNIT,
"1 GB"),
567 V(MaxCircuitDirtiness, INTERVAL,
"10 minutes"),
568 V(MaxClientCircuitsPending, POSINT,
"32"),
569 V(MaxConsensusAgeForDiffs, INTERVAL,
"0 seconds"),
570 VAR(
"MaxMemInQueues", MEMUNIT, MaxMemInQueues_raw,
"0"),
572 V(MaxOnionQueueDelay, MSEC_INTERVAL,
"0"),
573 V(MaxUnparseableDescSizeToLog, MEMUNIT,
"10 MB"),
575 V(MetricsPortPolicy, LINELIST, NULL),
576 V(TestingMinTimeToReportBandwidth, INTERVAL,
"1 day"),
577 VAR(
"MyFamily", LINELIST, MyFamily_lines, NULL),
578 V(NewCircuitPeriod, INTERVAL,
"30 seconds"),
579 OBSOLETE(
"NamingAuthoritativeDirectory"),
582 V(Nickname, STRING, NULL),
583 OBSOLETE(
"PredictedPortsRelevanceTime"),
585 VAR(
"NodeFamily", LINELIST, NodeFamilies, NULL),
586 V_IMMUTABLE(NoExec, BOOL,
"0"),
587 V(NumCPUs, POSINT,
"0"),
588 V(NumDirectoryGuards, POSINT,
"0"),
589 V(NumEntryGuards, POSINT,
"0"),
590 V(NumPrimaryGuards, POSINT,
"0"),
591 V(OfflineMasterKey, BOOL,
"0"),
594 V(OutboundBindAddress, LINELIST, NULL),
595 V(OutboundBindAddressOR, LINELIST, NULL),
596 V(OutboundBindAddressExit, LINELIST, NULL),
597 V(OutboundBindAddressPT, LINELIST, NULL),
600 V(PathBiasCircThreshold, INT,
"-1"),
601 V(PathBiasNoticeRate, DOUBLE,
"-1"),
602 V(PathBiasWarnRate, DOUBLE,
"-1"),
603 V(PathBiasExtremeRate, DOUBLE,
"-1"),
604 V(PathBiasScaleThreshold, INT,
"-1"),
607 V(PathBiasDropGuards, AUTOBOOL,
"0"),
610 V(PathBiasUseThreshold, INT,
"-1"),
611 V(PathBiasNoticeUseRate, DOUBLE,
"-1"),
612 V(PathBiasExtremeUseRate, DOUBLE,
"-1"),
613 V(PathBiasScaleUseThreshold, INT,
"-1"),
615 V(PathsNeededToBuildCircuits, DOUBLE,
"-1"),
616 V(PerConnBWBurst, MEMUNIT,
"0"),
617 V(PerConnBWRate, MEMUNIT,
"0"),
618 V_IMMUTABLE(PidFile, FILENAME, NULL),
619 V_IMMUTABLE(TestingTorNetwork, BOOL,
"0"),
621 V(TestingLinkCertLifetime, INTERVAL,
"2 days"),
622 V(TestingAuthKeyLifetime, INTERVAL,
"2 days"),
623 V(TestingLinkKeySlop, INTERVAL,
"3 hours"),
624 V(TestingAuthKeySlop, INTERVAL,
"3 hours"),
625 V(TestingSigningKeySlop, INTERVAL,
"1 day"),
631 V(ProtocolWarnings, BOOL,
"0"),
632 V(PublishServerDescriptor, CSV,
"1"),
633 V(PublishHidServDescriptors, BOOL,
"1"),
634 V(ReachableAddresses, LINELIST, NULL),
635 V(ReachableDirAddresses, LINELIST, NULL),
636 V(ReachableORAddresses, LINELIST, NULL),
638 V(ReducedConnectionPadding, BOOL,
"0"),
639 V(ConnectionPadding, AUTOBOOL,
"auto"),
640 V(RefuseUnknownExits, AUTOBOOL,
"auto"),
641 V(CircuitPadding, BOOL,
"1"),
642 V(ReconfigDropsBridgeDescs, BOOL,
"0"),
643 V(ReducedCircuitPadding, BOOL,
"0"),
644 V(RejectPlaintextPorts, CSV,
""),
645 V(RelayBandwidthBurst, MEMUNIT,
"0"),
646 V(RelayBandwidthRate, MEMUNIT,
"0"),
647 V(RephistTrackTime, INTERVAL,
"24 hours"),
648 V_IMMUTABLE(RunAsDaemon, BOOL,
"0"),
649 V(ReducedExitPolicy, BOOL,
"0"),
650 V(ReevaluateExitPolicy, BOOL,
"0"),
652 V_IMMUTABLE(Sandbox, BOOL,
"0"),
653 V(SafeLogging, STRING,
"1"),
654 V(SafeSocks, BOOL,
"0"),
655 V(ServerDNSAllowBrokenConfig, BOOL,
"1"),
656 V(ServerDNSAllowNonRFC953Hostnames, BOOL,
"0"),
657 V(ServerDNSDetectHijacking, BOOL,
"1"),
658 V(ServerDNSRandomizeCase, BOOL,
"1"),
659 V(ServerDNSResolvConfFile, FILENAME, NULL),
660 V(ServerDNSSearchDomains, BOOL,
"0"),
661 V(ServerDNSTestAddresses, CSV,
662 "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
663 OBSOLETE(
"SchedulerLowWaterMark__"),
664 OBSOLETE(
"SchedulerHighWaterMark__"),
665 OBSOLETE(
"SchedulerMaxFlushCells__"),
666 V(KISTSchedRunInterval, MSEC_INTERVAL,
"0 msec"),
667 V(KISTSockBufSizeFactor, DOUBLE,
"1.0"),
668 V(Schedulers, CSV,
"KIST,KISTLite,Vanilla"),
669 V(ShutdownWaitLength, INTERVAL,
"30 seconds"),
671 V(SocksPolicy, LINELIST, NULL),
673 V(SocksTimeout, INTERVAL,
"2 minutes"),
674 V(SSLKeyLifetime, INTERVAL,
"0"),
677 V(StrictNodes, BOOL,
"0"),
678 OBSOLETE(
"Support022HiddenServices"),
679 V(TestSocks, BOOL,
"0"),
680 V_IMMUTABLE(TokenBucketRefillInterval, MSEC_INTERVAL,
"100 msec"),
682 OBSOLETE(
"Tor2webRendezvousPoints"),
684 V(TrackHostExits, CSV, NULL),
685 V(TrackHostExitsExpire, INTERVAL,
"30 minutes"),
688 V(TransProxyType, STRING,
"default"),
690 V(UpdateBridgesFromAuthority, BOOL,
"0"),
691 V(UseBridges, BOOL,
"0"),
692 VAR(
"UseEntryGuards", BOOL, UseEntryGuards_option,
"1"),
693 OBSOLETE(
"UseEntryGuardsAsDirGuards"),
694 V(UseGuardFraction, AUTOBOOL,
"auto"),
695 V(VanguardsLiteEnabled, AUTOBOOL,
"auto"),
696 V(UseMicrodescriptors, AUTOBOOL,
"auto"),
698 VAR(
"__AlwaysCongestionControl", BOOL, AlwaysCongestionControl,
"0"),
699 VAR(
"__SbwsExit", BOOL, SbwsExit,
"0"),
700 V_IMMUTABLE(User, STRING, NULL),
702 OBSOLETE(
"V1AuthoritativeDirectory"),
703 OBSOLETE(
"V2AuthoritativeDirectory"),
704 VAR(
"V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,
"0"),
705 V(TestingV3AuthInitialVotingInterval, INTERVAL,
"30 minutes"),
706 V(TestingV3AuthInitialVoteDelay, INTERVAL,
"5 minutes"),
707 V(TestingV3AuthInitialDistDelay, INTERVAL,
"5 minutes"),
708 V(TestingV3AuthVotingStartOffset, INTERVAL,
"0"),
709 V(V3AuthVotingInterval, INTERVAL,
"1 hour"),
710 V(V3AuthVoteDelay, INTERVAL,
"5 minutes"),
711 V(V3AuthDistDelay, INTERVAL,
"5 minutes"),
712 V(V3AuthNIntervalsValid, POSINT,
"3"),
713 V(V3AuthUseLegacyKey, BOOL,
"0"),
714 V(V3BandwidthsFile, FILENAME, NULL),
715 V(GuardfractionFile, FILENAME, NULL),
716 OBSOLETE(
"VoteOnHidServDirectoriesV2"),
717 V(VirtualAddrNetworkIPv4, STRING,
"127.192.0.0/10"),
718 V(VirtualAddrNetworkIPv6, STRING,
"[FE80::]/10"),
719 V(WarnPlaintextPorts, CSV,
"23,109,110,143"),
720 OBSOLETE(
"UseFilteringSSLBufferevents"),
721 OBSOLETE(
"__UseFilteringSSLBufferevents"),
722 VAR_NODUMP(
"__ReloadTorrcOnSIGHUP", BOOL, ReloadTorrcOnSIGHUP,
"1"),
723 VAR_NODUMP(
"__AllDirActionsPrivate", BOOL, AllDirActionsPrivate,
"0"),
724 VAR_NODUMP(
"__DisablePredictedCircuits",BOOL,DisablePredictedCircuits,
"0"),
725 VAR_NODUMP_IMMUTABLE(
"__DisableSignalHandlers", BOOL,
726 DisableSignalHandlers,
"0"),
727 VAR_NODUMP(
"__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached,
"0"),
728 VAR_NODUMP(
"__HashedControlSessionPassword", LINELIST,
729 HashedControlSessionPassword,
731 VAR_NODUMP(
"__OwningControllerProcess",STRING,
732 OwningControllerProcess, NULL),
733 VAR_NODUMP_IMMUTABLE(
"__OwningControllerFD", UINT64, OwningControllerFD,
735 V(TestingServerDownloadInitialDelay, CSV_INTERVAL,
"0"),
736 V(TestingClientDownloadInitialDelay, CSV_INTERVAL,
"0"),
737 V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL,
"0"),
738 V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL,
"0"),
754 V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL,
"6"),
755 V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL,
"0"),
757 V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
763 V(ClientBootstrapConsensusMaxInProgressTries, POSINT,
"3"),
766 V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,
"10800"),
771 V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL,
"0"),
772 V(TestingClientMaxIntervalWithoutRequest, INTERVAL,
"10 minutes"),
773 V(TestingDirConnectionMaxStall, INTERVAL,
"5 minutes"),
774 OBSOLETE(
"TestingConsensusMaxDownloadTries"),
775 OBSOLETE(
"ClientBootstrapConsensusMaxDownloadTries"),
776 OBSOLETE(
"ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
777 OBSOLETE(
"TestingDescriptorMaxDownloadTries"),
778 OBSOLETE(
"TestingMicrodescMaxDownloadTries"),
779 OBSOLETE(
"TestingCertMaxDownloadTries"),
780 VAR_INVIS(
"___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_,
789#include "auth_dirs.inc"
799#include "fallback_dirs.inc"
811#include "testnet.inc"
822 {
"HTTPProxy",
"It only applies to direct unencrypted HTTP connections "
823 "to your directory server, which your Tor probably wasn't using." },
824 {
"HTTPProxyAuthenticator",
"HTTPProxy is deprecated in favor of HTTPSProxy "
825 "which should be used with HTTPSProxyAuthenticator." },
829 {
"ReachableDirAddresses",
"It has no effect on relays, and has had no "
830 "effect on clients since 0.2.8." },
831 {
"ClientPreferIPv6DirPort",
"It has no effect on relays, and has had no "
832 "effect on clients since 0.2.8." },
836 {
"ClientAutoIPv6ORPort",
"This option is unreliable if a connection isn't "
837 "reliably dual-stack."},
844static char *get_windows_conf_root(
void);
855static int opt_streq(
const char *s1,
const char *s2);
873#define OR_OPTIONS_MAGIC 9090909
884 .deprecations = option_deprecation_notes_,
889 .has_config_suite =
true,
890 .config_suite_offset = offsetof(
or_options_t, subconfigs_),
923 if (PREDICT_UNLIKELY(options_mgr == NULL)) {
932#define CHECK_OPTIONS_MAGIC(opt) STMT_BEGIN \
933 config_check_toplevel_magic(get_options_mgr(), (opt)); \
971 next = &(*next)->next;
998 "Acting on config options left us in a broken state. Dying.");
1010 connection_reapply_exit_policy(changes);
1011 config_free_lines(changes);
1015 or_options_free(old_options);
1031 CHECK_OPTIONS_MAGIC(opts);
1037 rs, routerset_free(rs));
1054 tor_free(options->master_key_fname);
1055 config_free_lines(options->
MyFamily);
1097 config_mgr_free(options_mgr);
1114 if (options->SafeLogging_ == SAFELOG_SCRUB_ALL)
1115 return "[scrubbed]";
1135 if (options->SafeLogging_ != SAFELOG_SCRUB_NONE)
1136 return "[scrubbed]";
1147 if (
get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
1148 return "[scrubbed]";
1159 if (
get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
1160 return "[scrubbed]";
1225 log_err(
LD_BUG,
"Couldn't parse internal DirAuthority line %s",
1239 log_err(
LD_BUG,
"Couldn't parse internal FallbackDir line %s",
1258 "You cannot set both DirAuthority and Alternate*Authority.");
1272 "You have used DirAuthority or AlternateDirAuthority to "
1273 "specify alternate directory authorities in "
1274 "your configuration. This is potentially dangerous: it can "
1275 "make you look different from all other Tor users, and hurt "
1276 "your anonymity. Even if you've specified the same "
1277 "authorities as Tor uses by default, the defaults could "
1278 "change in the future. Be sure you know what you're doing.");
1292 for (cl = options->
FallbackDir; cl; cl = cl->next)
1306 int need_to_update =
1307 !smartlist_len(router_get_trusted_dir_servers()) ||
1308 !smartlist_len(router_get_fallback_dir_servers()) || !old_options ||
1317 if (!need_to_update)
1347 if (type != NO_DIRINFO)
1360 for (cl = options->
FallbackDir; cl; cl = cl->next)
1374 const char *directory,
1379 cpd_check_t cpd_opts = create ? CPD_CREATE : CPD_CHECK;
1381 cpd_opts |= CPD_GROUP_READ;
1386 "Couldn't %s private data directory \"%s\"",
1387 create ?
"create" :
"access",
1393 if (group_readable) {
1395 if (chmod(directory, 0750)) {
1396 log_warn(
LD_FS,
"Unable to make %s group-readable: %s",
1397 directory, strerror(errno));
1415 cpd_opts |= CPD_GROUP_READ;
1417 log_err(
LD_OR,
"Can't create/check datadirectory %s",
1430static int have_low_ports = -1;
1459 sd_notifyf(0,
"MAINPID=%ld\n", (
long int)getpid());
1467 control_initialize_event_queue();
1481 *msg_out = tor_strdup(
"DisableAllSwap failure. Do you have proper "
1500 if (options->
User) {
1502 unsigned switch_id_flags = 0;
1512 *msg_out = tor_strdup(
"Problem with User value. See logs for details.");
1532 if (subdir_gr != -1) {
1538 if (0 == strcmp(subdir, datadir)) {
1580 key_dir_group_readable,
1594 cache_dir_group_readable,
1637 if (! running_tor) {
1646 *msg_out = tor_strdup(
"Problem with ConnLimit value. "
1647 "See logs for details.");
1660 if (
parse_ports(options, 0, msg_out, &n_ports, NULL)) {
1662 *msg_out = tor_strdup(
"Unexpected problem parsing port config");
1677 *msg_out = tor_strdup(
"Failed to bind one of the listener ports.");
1683 log_notice(
LD_NET,
"DisableNetwork is set. Tor will not make or accept "
1684 "non-control network connections. Shutting down all existing "
1691#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
1693 if (options->TransPort_set &&
1695 if (get_pf_socket() < 0) {
1696 *msg_out = tor_strdup(
"Unable to open /dev/pf for transparent proxy.");
1730 int socks_in_reserve = options->
ConnLimit_ / 20;
1731 if (socks_in_reserve > 64) socks_in_reserve = 64;
1736 "Recomputed OOS thresholds: ConnLimit %d, ConnLimit_ %d, "
1737 "ConnLimit_high_thresh %d, ConnLimit_low_thresh %d",
1767 log_notice(LD_NET,
"Closing partially-constructed %s",
1768 connection_describe(conn));
1769 connection_close_immediate(conn);
1770 connection_mark_for_close(conn);
1816 old_options->SafeLogging_ != options->SafeLogging_;
1825 *msg_out = tor_strdup(
"Failed to init Log options. See logs for details.");
1863 const char *badness = NULL;
1864 int bad_safelog = 0, bad_severity = 0, new_badness = 0;
1865 if (options->SafeLogging_ != SAFELOG_SCRUB_ALL) {
1875 if (bad_safelog && bad_severity)
1876 badness =
"you disabled SafeLogging, and "
1877 "you're logging more than \"notice\"";
1878 else if (bad_safelog)
1879 badness =
"you disabled SafeLogging";
1881 badness =
"you're logging more than \"notice\"";
1883 log_warn(
LD_GENERAL,
"Your log may contain sensitive information - %s. "
1884 "Don't log unless it serves an important reason. "
1885 "Overwrite the log afterwards.", badness);
1947 if (listener_transaction == NULL)
1967 if (log_transaction == NULL)
1996 int routerset_usage =
2005 if (routerset_usage && reason_out) {
2006 *reason_out =
"We've been configured to use (or avoid) nodes in certain "
2007 "countries, and we need GEOIP information to figure out which ones they "
2009 }
else if (bridge_usage && reason_out) {
2010 *reason_out =
"We've been configured to see which countries can access "
2011 "us as a bridge, and we need GEOIP information to tell which countries "
2014 return bridge_usage || routerset_usage;
2018#define YES_IF_CHANGED_BOOL(opt) \
2019 if (!CFG_EQ_BOOL(old_options, new_options, opt)) return 1;
2020#define YES_IF_CHANGED_INT(opt) \
2021 if (!CFG_EQ_INT(old_options, new_options, opt)) return 1;
2022#define YES_IF_CHANGED_STRING(opt) \
2023 if (!CFG_EQ_STRING(old_options, new_options, opt)) return 1;
2024#define YES_IF_CHANGED_LINELIST(opt) \
2025 if (!CFG_EQ_LINELIST(old_options, new_options, opt)) return 1;
2026#define YES_IF_CHANGED_SMARTLIST(opt) \
2027 if (!CFG_EQ_SMARTLIST(old_options, new_options, opt)) return 1;
2028#define YES_IF_CHANGED_ROUTERSET(opt) \
2029 if (!CFG_EQ_ROUTERSET(old_options, new_options, opt)) return 1;
2044 YES_IF_CHANGED_BOOL(UseEntryGuards);
2045 YES_IF_CHANGED_BOOL(UseBridges);
2046 YES_IF_CHANGED_BOOL(ClientUseIPv4);
2047 YES_IF_CHANGED_BOOL(ClientUseIPv6);
2048 YES_IF_CHANGED_BOOL(FascistFirewall);
2049 YES_IF_CHANGED_ROUTERSET(ExcludeNodes);
2050 YES_IF_CHANGED_ROUTERSET(EntryNodes);
2051 YES_IF_CHANGED_SMARTLIST(FirewallPorts);
2052 YES_IF_CHANGED_LINELIST(Bridges);
2053 YES_IF_CHANGED_LINELIST(ReachableORAddresses);
2054 YES_IF_CHANGED_LINELIST(ReachableDirAddresses);
2076 const int transition_affects_guards =
2086 static int disabled_debugger_attach = 0;
2089 static int warned_debugger_attach = 0;
2095 if (warned_debugger_attach && ok == 1) {
2096 log_notice(
LD_CONFIG,
"Disabled attaching debuggers for unprivileged "
2100 disabled_debugger_attach = (ok == 1);
2102 !warned_debugger_attach) {
2103 log_notice(
LD_CONFIG,
"Not disabling debugger attaching for "
2104 "unprivileged users.");
2105 warned_debugger_attach = 1;
2128 if (hs_service_non_anonymous_mode_enabled(options)) {
2129 log_warn(
LD_GENERAL,
"This copy of Tor was compiled or configured to run "
2130 "in a non-anonymous mode. It will provide NO ANONYMITY.");
2136 log_warn(
LD_BUG,
"Failed parsing previously validated outbound "
2137 "bind addresses: %s", msg);
2145 for (cl = options->
Bridges; cl; cl = cl->next) {
2150 "Previously validated Bridge line could not be added!");
2162 "Previously validated hidden services line could not be added!");
2169 log_warn(
LD_BUG,
"Previously validated client authorization for "
2170 "hidden services could not be added!");
2175 if (running_tor && !old_options &&
2177 const unsigned ctrl_flags =
2178 CC_LOCAL_FD_IS_OWNER |
2179 CC_LOCAL_FD_IS_AUTHENTICATED;
2182 log_warn(
LD_CONFIG,
"Could not add local controller connection with "
2205 "Previously validated ClientTransportPlugin line "
2206 "could not be added!");
2244 log_err(
LD_CONFIG,
"Unable to write PIDFile %s",
2258 log_warn(
LD_BUG,
"Error parsing already-validated policy options.");
2263 log_warn(
LD_CONFIG,
"Error creating control cookie authentication file.");
2271 log_warn(
LD_GENERAL,
"Error loading rendezvous service keys");
2289 char *http_authenticator;
2291 if (!http_authenticator) {
2293 log_warn(
LD_BUG,
"Unable to allocate HTTP authenticator. Not setting "
2299 http_authenticator, strlen(http_authenticator),
2320 int revise_trackexithosts = 0;
2321 int revise_automap_entries = 0;
2322 int abandon_circuits = 0;
2339 "Changed to using entry guards or bridges, or changed "
2340 "preferred or excluded node lists. "
2341 "Abandoning previous circuits.");
2342 abandon_circuits = 1;
2345 if (transition_affects_guards) {
2347 routerlist_drop_bridge_descriptors();
2349 abandon_circuits = 1;
2353 if (abandon_circuits) {
2356 revise_trackexithosts = 1;
2361 revise_trackexithosts = 1;
2363 if (revise_trackexithosts)
2368 revise_automap_entries = 1;
2372 revise_automap_entries = 1;
2377 revise_automap_entries = 1;
2380 if (revise_automap_entries)
2418 bool print_notice = 0;
2469static const struct {
2481 { .name=
"--torrc-file",
2484 { .name=
"--allow-missing-torrc" },
2485 { .name=
"--defaults-torrc",
2487 { .name=
"--hash-password",
2491 { .name=
"--dump-config",
2495 { .name=
"--list-fingerprint",
2500 { .name=
"--keygen-family",
2503 { .name=
"--key-expiration",
2508 { .name=
"--newpass" },
2509 { .name=
"--no-passphrase" },
2510 { .name=
"--passphrase-fd",
2512 { .name=
"--verify-config",
2514 { .name=
"--ignore-missing-torrc" },
2519 { .name=
"--version",
2522 { .name=
"--list-modules",
2525 { .name=
"--library-versions",
2532 { .name=
"--list-torrc-options",
2535 { .name=
"--list-deprecated-options",
2537 { .name=
"--nt-service" },
2538 { .name=
"-nt-service" },
2539 { .name=
"--dbg-dump-subsystem-list",
2570 bool is_a_command =
false;
2579 is_a_command =
true;
2600 }
else if (*s ==
'/') {
2607 const int is_last = (i == argc-1);
2610 if (ignore_errors) {
2611 arg = tor_strdup(
"");
2613 log_warn(
LD_CONFIG,
"Command-line option '%s' with no value. Failing.",
2615 parsed_cmdline_free(result);
2620 (is_last || argv[i+1][0] ==
'-')) {
2621 arg = tor_strdup(
"");
2629 param->key = is_cmdline ? tor_strdup(argv[i]) :
2634 log_debug(
LD_CONFIG,
"command line: parsed keyword '%s', value '%s'",
2635 param->key, param->value);
2642 *new_cmdline = param;
2643 new_cmdline = &((*new_cmdline)->next);
2646 new = &((*new)->next);
2649 i += want_arg ? 2 : 1;
2705 list, flags, msg)) < 0) {
2706 or_options_free(trial_options);
2719"Copyright (c) 2001-2004, Roger Dingledine\n"
2720"Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n"
2721"Copyright (c) 2007-2021, The Tor Project, Inc.\n\n"
2722"tor -f <torrc> [args]\n"
2723"See man page for options, or https://www.torproject.org/ for "
2740 printf(
"%s\n", var->member.name);
2741 } SMARTLIST_FOREACH_END(var);
2742 smartlist_free(vars);
2753 printf(
"%s\n",
name));
2754 smartlist_free(deps);
2761 static const struct {
2765 {
"relay", have_module_relay() },
2766 {
"dirauth", have_module_dirauth() },
2767 {
"dircache", have_module_dircache() },
2768 {
"pow", have_module_pow() }
2771 for (
unsigned i = 0; i <
sizeof list /
sizeof list[0]; i++) {
2772 printf(
"%s: %s\n", list[i].
name, list[i].have ?
"yes" :
"no");
2781 printf(
"Library versions\tCompiled\t\tRuntime\n");
2782 printf(
"Libevent\t\t%-15s\t\t%s\n",
2785#ifdef ENABLE_OPENSSL
2786 printf(
"OpenSSL \t\t%-15s\t\t%s\n",
2787 crypto_openssl_get_header_version_str(),
2788 crypto_openssl_get_version_str());
2791 printf(
"NSS \t\t%-15s\t\t%s\n",
2792 crypto_nss_get_header_version_str(),
2793 crypto_nss_get_version_str());
2796 printf(
"Zlib \t\t%-15s\t\t%s\n",
2801 printf(
"Liblzma \t\t%-15s\t\t%s\n",
2806 printf(
"Libzstd \t\t%-15s\t\t%s\n",
2811 printf(
"%-7s \t\t%-15s\t\t%s\n",
2827 log_err(
LD_CONFIG,
"--no-passphrase specified without --keygen!");
2838 const char *formats[] = {
"iso8601",
"timestamp" };
2841 if (!strcmp(value, formats[i])) {
2855 log_err(
LD_CONFIG,
"--format specified without --key-expiration!");
2868 log_err(
LD_CONFIG,
"--newpass specified without --keygen!");
2877 if (
get_options()->keygen_force_passphrase == FORCE_PASSPHRASE_OFF) {
2878 log_err(
LD_CONFIG,
"--no-passphrase specified with --passphrase-fd!");
2881 log_err(
LD_CONFIG,
"--passphrase-fd specified without --keygen!");
2886 if (fd < 0 || ok == 0) {
2902 log_err(
LD_CONFIG,
"--master-key without --keygen!");
2913using_default_dir_authorities(
const or_options_t *options)
2937 log_err(
LD_BUG,
"Unable to set default options: %s", msg);
2939 tor_assert_unreached();
2941 config_free_lines(dflts);
2954 switch (how_to_dump) {
2955 case OPTIONS_DUMP_MINIMAL:
2959 case OPTIONS_DUMP_ALL:
2960 use_defaults = NULL;
2964 log_warn(
LD_BUG,
"Bogus value for how_to_dump==%d", how_to_dump);
2986 if (i < 1 || i > 65535) {
3001 if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
3006 if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
3009 ROUTER_MAX_DECLARED_BANDWIDTH);
3018#define MAX_CIRCS_AVAILABLE_TIME (24*60*60)
3022#define MIN_MAX_CIRCUIT_DIRTINESS 10
3026#define MAX_MAX_CIRCUIT_DIRTINESS (30*24*60*60)
3030#define MIN_CIRCUIT_STREAM_TIMEOUT 10
3037#define RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT (10)
3058 if (vs == VSTAT_TRANSITION_ERR) {
3059 rv = SETOPT_ERR_TRANSITION;
3061 }
else if (vs < 0) {
3062 rv = SETOPT_ERR_PARSE;
3068 rv = SETOPT_ERR_SETTING;
3076 tor_assert(new_options == NULL || rv != SETOPT_OK);
3077 or_options_free(new_options);
3081#ifdef TOR_UNIT_TESTS
3097 return vs < 0 ? -1 : 0;
3101#define REJECT(arg) \
3102 STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
3103#if defined(__GNUC__) && __GNUC__ <= 3
3104#define COMPLAIN(args...) \
3105 STMT_BEGIN log_warn(LD_CONFIG, args); STMT_END
3107#define COMPLAIN(args, ...) \
3108 STMT_BEGIN log_warn(LD_CONFIG, args, ##__VA_ARGS__); STMT_END
3121 const char *filepath)
3125 COMPLAIN(
"Path for %s (%s) is relative and will resolve to %s."
3126 " Is this what you wanted?", option, filepath, abs_path);
3150 const char *
name = cv->member.name;
3154 config_free_lines(line);
3155 } SMARTLIST_FOREACH_END(cv);
3156 smartlist_free(vars);
3159 hs_line = hs_line->next) {
3160 if (!strcasecmp(hs_line->key,
"HiddenServiceDir"))
3173options_validate_scheduler(
or_options_t *options,
char **msg)
3179 REJECT(
"Empty Schedulers list. Either remove the option so the defaults "
3180 "can be used or set at least one value.");
3190 if (!strcasecmp(
"KISTLite", type)) {
3191 sched_type = tor_malloc_zero(
sizeof(
int));
3192 *sched_type = SCHEDULER_KIST_LITE;
3194 }
else if (!strcasecmp(
"KIST", type)) {
3195 sched_type = tor_malloc_zero(
sizeof(
int));
3196 *sched_type = SCHEDULER_KIST;
3198 }
else if (!strcasecmp(
"Vanilla", type)) {
3199 sched_type = tor_malloc_zero(
sizeof(
int));
3200 *sched_type = SCHEDULER_VANILLA;
3203 tor_asprintf(msg,
"Unknown type %s in option Schedulers. "
3204 "Possible values are KIST, KISTLite and Vanilla.",
3208 } SMARTLIST_FOREACH_END(type);
3211 REJECT(
"KISTSockBufSizeFactor must be at least 0");
3217 tor_asprintf(msg,
"KISTSchedRunInterval must not be more than %d (ms)",
3218 KIST_SCHED_RUN_INTERVAL_MAX);
3230options_validate_single_onion(
or_options_t *options,
char **msg)
3234 !options->HiddenServiceNonAnonymousMode) {
3235 REJECT(
"HiddenServiceSingleHopMode does not provide any server anonymity. "
3236 "It must be used with HiddenServiceNonAnonymousMode set to 1.");
3238 if (options->HiddenServiceNonAnonymousMode &&
3240 REJECT(
"HiddenServiceNonAnonymousMode does not provide any server "
3241 "anonymity. It must be used with HiddenServiceSingleHopMode set to "
3250 const int client_port_set = (options->SocksPort_set ||
3251 options->TransPort_set ||
3252 options->NATDPort_set ||
3253 options->DNSPort_set ||
3254 options->HTTPTunnelPort_set);
3255 if (hs_service_non_anonymous_mode_enabled(options) && client_port_set) {
3256 REJECT(
"HiddenServiceNonAnonymousMode is incompatible with using Tor as "
3257 "an anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or "
3258 "revert HiddenServiceNonAnonymousMode to 0.");
3261 if (hs_service_allow_non_anonymous_connection(options)
3271 "HiddenServiceSingleHopMode is enabled; disabling "
3287 CHECK_OPTIONS_MAGIC(old_options_);
3288 CHECK_OPTIONS_MAGIC(options_);
3294 int world_writable_control_socket=0;
3300 &world_writable_control_socket) < 0)
3303#ifndef HAVE_SYS_UN_H
3305 *msg = tor_strdup(
"Unix domain sockets (ControlSocket) not supported "
3306 "on this OS/with this build.");
3311 *msg = tor_strdup(
"Setting ControlSocketsGroupWritable without setting "
3312 "a ControlSocket makes no sense.");
3331 REJECT(
"Invalid DataDirectory");
3336 REJECT(
"You have specified at least one relative path (see above) "
3337 "with the RunAsDaemon option. RunAsDaemon is not compatible "
3338 "with relative paths.");
3349 REJECT(
"Failed to validate Log options. See logs for details.");
3355 "SocksPort, TransPort, NATDPort, DNSPort, and ORPort are all "
3356 "undefined, and there aren't any hidden services configured. "
3357 "Tor will still run, but probably won't do anything.");
3360#ifdef USE_TRANSPARENT
3365#if !defined(OpenBSD) && !defined(DARWIN)
3367 REJECT(
"pf-divert is a OpenBSD-specific "
3368 "and OS X/Darwin-specific feature.");
3373#if !defined(__linux__)
3374 REJECT(
"TPROXY is a Linux-specific feature.");
3379#ifndef KERNEL_MAY_SUPPORT_IPFW
3381 REJECT(
"ipfw is a FreeBSD-specific "
3382 "and OS X/Darwin-specific feature.");
3387 REJECT(
"Unrecognized value for TransProxyType");
3391 !options->TransPort_set) {
3392 REJECT(
"Cannot use TransProxyType without any valid TransPort.");
3396 if (options->TransPort_set)
3397 REJECT(
"TransPort is disabled in this build.");
3402 REJECT(
"TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
3406 REJECT(
"Cannot set AssumeReachable 1 and AssumeReachableIPv6 0.");
3428 COMPLAIN(
"You have asked to exclude certain relays from all positions "
3429 "in your circuits. Expect hidden services and other Tor "
3430 "features to be broken in unpredictable ways.");
3437 REJECT(
"FetchDirInfoExtraEarly requires that you also set "
3438 "FetchDirInfoEarly");
3442 "ConnLimit must be greater than 0, but was set to %d",
3449 log_warn(
LD_CONFIG,
"PathsNeededToBuildCircuits is too low. Increasing "
3453 log_warn(
LD_CONFIG,
"PathsNeededToBuildCircuits is too high. Decreasing "
3462 "MaxClientCircuitsPending must be between 1 and %d, but "
3463 "was set to %d", MAX_MAX_CLIENT_CIRCUITS_PENDING,
3475 "RejectPlaintextPorts", msg) < 0)
3479 "WarnPlaintextPorts", msg) < 0)
3489 new_line->key = tor_strdup(
"ReachableAddresses");
3494 int p = atoi(portno);
3496 smartlist_add_asprintf(instead,
"*:%d", p);
3501 "Converting FascistFirewall and FirewallPorts "
3502 "config options to new format: \"ReachableAddresses %s\"",
3506 smartlist_free(instead);
3512 new_line->key = tor_strdup(
"ReachableDirAddresses");
3513 new_line->value = tor_strdup(
"*:80");
3515 log_notice(
LD_CONFIG,
"Converting FascistFirewall config option "
3516 "to new format: \"ReachableDirAddresses *:80\"");
3520 new_line->key = tor_strdup(
"ReachableORAddresses");
3521 new_line->value = tor_strdup(
"*:443");
3523 log_notice(
LD_CONFIG,
"Converting FascistFirewall config option "
3524 "to new format: \"ReachableORAddresses *:443\"");
3534 REJECT(
"Servers must be able to freely connect to the rest "
3535 "of the Internet, so they must not set Reachable*Addresses "
3536 "or FascistFirewall or FirewallPorts or ClientUseIPv4 0.");
3540 REJECT(
"Servers must be able to freely connect to the rest "
3541 "of the Internet, so they must not set UseBridges.");
3547 REJECT(
"You cannot set both UseBridges and EntryNodes.");
3552 REJECT(
"Setting UseBridges requires also setting UseEntryGuards.");
3555 compute_real_max_mem_in_queues(options->MaxMemInQueues_raw,
3561 options->SafeLogging_ = SAFELOG_SCRUB_NONE;
3562 }
else if (!strcasecmp(options->
SafeLogging,
"relay")) {
3563 options->SafeLogging_ = SAFELOG_SCRUB_RELAY;
3564 }
else if (!strcasecmp(options->
SafeLogging,
"1")) {
3565 options->SafeLogging_ = SAFELOG_SCRUB_ALL;
3568 "Unrecognized value '%s' in SafeLogging",
3573 options->ConfluxClientUX = CONFLUX_UX_HIGH_THROUGHPUT;
3576 options->ConfluxClientUX = CONFLUX_UX_MIN_LATENCY;
3578 options->ConfluxClientUX = CONFLUX_UX_HIGH_THROUGHPUT;
3580 options->ConfluxClientUX = CONFLUX_UX_LOW_MEM_LATENCY;
3582 options->ConfluxClientUX = CONFLUX_UX_LOW_MEM_THROUGHPUT;
3584 REJECT(
"ConfluxClientUX must be 'latency', 'throughput, "
3585 "'latency_lowmem', or 'throughput_lowmem'");
3595 if (options_validate_single_onion(options, msg) < 0)
3602 REJECT(
"CircuitsAvailableTimeout is too large. Max is 24 hours.");
3606 REJECT(
"If EntryNodes is set, UseEntryGuards must be enabled.");
3611 !hs_service_allow_non_anonymous_connection(options)) {
3613 "UseEntryGuards is disabled, but you have configured one or more "
3614 "hidden services on this Tor instance. Your hidden services "
3615 "will be very easy to locate using a well-known attack -- see "
3616 "https://freehaven.net/anonbib/#hs-attack06 for details.");
3621 REJECT(
"NumEntryGuards must not be greater than NumPrimaryGuards.");
3629 "You have one single EntryNodes and at least one hidden service "
3630 "configured. This is bad because it's very easy to locate your "
3631 "entry guard which can then lead to the deanonymization of your "
3632 "hidden service -- for more details, see "
3633 "https://bugs.torproject.org/tpo/core/tor/14917. "
3634 "For this reason, the use of one EntryNodes with an hidden "
3635 "service is prohibited until a better solution is found.");
3645 "EntryNodes is set with multiple entries and at least one "
3646 "hidden service is configured. Pinning entry nodes can possibly "
3647 "be harmful to the service anonymity. Because of this, we "
3648 "recommend you either don't do that or make sure you know what "
3649 "you are doing. For more details, please look at "
3650 "https://bugs.torproject.org/tpo/core/tor/21155.");
3654 if (hs_service_non_anonymous_mode_enabled(options)) {
3656 "HiddenServiceNonAnonymousMode is set. Every hidden service on "
3657 "this tor instance is NON-ANONYMOUS. If "
3658 "the HiddenServiceNonAnonymousMode option is changed, Tor will "
3659 "refuse to launch hidden services from the same directories, to "
3660 "protect your anonymity against config errors. This setting is "
3661 "for experimental use only.");
3667 "CircuitBuildTimeout is shorter (%d seconds) than the recommended "
3668 "minimum (%d seconds), and LearnCircuitBuildTimeout is disabled. "
3669 "If tor isn't working, raise this value or enable "
3670 "LearnCircuitBuildTimeout.",
3681 log_fn(severity,
LD_CONFIG,
"You disabled LearnCircuitBuildTimeout, but "
3682 "didn't specify a CircuitBuildTimeout. I'll pick a plausible "
3687 REJECT(
"DormantClientTimeout is too low. It must be at least 10 minutes.");
3690 if (options->PathBiasNoticeRate > 1.0) {
3692 "PathBiasNoticeRate is too high. "
3693 "It must be between 0 and 1.0");
3696 if (options->PathBiasWarnRate > 1.0) {
3698 "PathBiasWarnRate is too high. "
3699 "It must be between 0 and 1.0");
3702 if (options->PathBiasExtremeRate > 1.0) {
3704 "PathBiasExtremeRate is too high. "
3705 "It must be between 0 and 1.0");
3708 if (options->PathBiasNoticeUseRate > 1.0) {
3710 "PathBiasNoticeUseRate is too high. "
3711 "It must be between 0 and 1.0");
3714 if (options->PathBiasExtremeUseRate > 1.0) {
3716 "PathBiasExtremeUseRate is too high. "
3717 "It must be between 0 and 1.0");
3722 log_warn(
LD_CONFIG,
"MaxCircuitDirtiness option is too short; "
3728 log_warn(
LD_CONFIG,
"MaxCircuitDirtiness option is too high; "
3735 log_warn(
LD_CONFIG,
"CircuitStreamTimeout option is too short; "
3743 log_warn(
LD_CONFIG,
"HeartbeatPeriod option is too short; "
3749 REJECT(
"KeepalivePeriod option must be positive.");
3752 "BandwidthRate", msg) < 0)
3755 "BandwidthBurst", msg) < 0)
3762 REJECT(
"BandwidthBurst must be at least equal to BandwidthRate.");
3773 REJECT(
"HTTPProxy failed to parse or resolve. Please fix.");
3781 REJECT(
"HTTPProxyAuthenticator is too long (>= 512 chars).");
3787 REJECT(
"HTTPSProxy failed to parse or resolve. Please fix.");
3795 REJECT(
"HTTPSProxyAuthenticator is too long (>= 512 chars).");
3802 REJECT(
"Socks4Proxy failed to parse or resolve. Please fix.");
3812 REJECT(
"Socks5Proxy failed to parse or resolve. Please fix.");
3828 REJECT(
"You have configured more than one proxy type. "
3829 "(Socks4Proxy|Socks5Proxy|HTTPSProxy|TCPProxy)");
3836 log_warn(
LD_CONFIG,
"HTTPProxy configured, but no SOCKS proxy, "
3837 "HTTPS proxy, or any other TCP proxy configured. Watch out: "
3838 "this configuration will proxy unencrypted directory "
3839 "connections only.");
3847 REJECT(
"Socks5ProxyUsername must be between 1 and 255 characters.");
3850 REJECT(
"Socks5ProxyPassword must be included with Socks5ProxyUsername.");
3854 REJECT(
"Socks5ProxyPassword must be between 1 and 255 characters.");
3856 REJECT(
"Socks5ProxyPassword must be included with Socks5ProxyUsername.");
3861 REJECT(
"Bad HashedControlPassword: wrong length or bad encoding");
3872 REJECT(
"Bad HashedControlSessionPassword: wrong length or bad encoding");
3880 const char *validate_pspec_msg = NULL;
3882 &validate_pspec_msg)) {
3884 validate_pspec_msg);
3889 if ((options->ControlPort_set || world_writable_control_socket) &&
3893 log_warn(
LD_CONFIG,
"Control%s is %s, but no authentication method "
3894 "has been configured. This means that any program on your "
3895 "computer can reconfigure your Tor. That's bad! You should "
3896 "upgrade your Tor controller as soon as possible.",
3897 options->ControlPort_set ?
"Port" :
"Socket",
3898 options->ControlPort_set ?
"open" :
"world writable");
3902 log_warn(
LD_CONFIG,
"CookieAuthFileGroupReadable is set, but will have "
3903 "no effect: you must specify an explicit CookieAuthFile to "
3904 "have it group-readable.");
3921 log_info(
LD_CONFIG,
"You have set UseDefaultFallbackDirs 1 and "
3922 "FallbackDir(s). Ignoring UseDefaultFallbackDirs, and "
3923 "using the FallbackDir(s) you have set.");
3927 REJECT(
"Directory authority/fallback line did not parse. See logs "
3931 REJECT(
"If you set UseBridges, you must specify at least one bridge.");
3933 for (cl = options->
Bridges; cl; cl = cl->next) {
3936 REJECT(
"Bridge line did not parse. See logs for details.");
3937 bridge_line_free(bridge_line);
3942 REJECT(
"Invalid client transport line. See logs for details.");
3955 "ConstrainedSockSize is invalid. Must be a value between %d and %d "
3956 "in 1024 byte increments.",
3957 MIN_CONSTRAINED_TCP_BUFFER, MAX_CONSTRAINED_TCP_BUFFER);
3966 REJECT(
"Failed to configure rendezvous options. See logs for details.");
3970 REJECT(
"Failed to configure client authorization for hidden services. "
3971 "See logs for details.");
3977 AF_INET6, 1, msg)<0)
3984 REJECT(
"TestingTorNetwork may only be configured in combination with "
3985 "a non-default set of DirAuthority or both of "
3986 "AlternateDirAuthority and AlternateBridgeAuthority configured.");
3989#define CHECK_DEFAULT(arg) \
3991 if (!config_is_same(get_options_mgr(),options, \
3992 dflt_options,#arg)) { \
3993 or_options_free(dflt_options); \
3994 REJECT(#arg " may only be changed in testing Tor " \
4005 CHECK_DEFAULT(TestingV3AuthInitialVotingInterval);
4006 CHECK_DEFAULT(TestingV3AuthInitialVoteDelay);
4007 CHECK_DEFAULT(TestingV3AuthInitialDistDelay);
4008 CHECK_DEFAULT(TestingV3AuthVotingStartOffset);
4009 CHECK_DEFAULT(TestingAuthDirTimeToLearnReachability);
4010 CHECK_DEFAULT(TestingServerDownloadInitialDelay);
4011 CHECK_DEFAULT(TestingClientDownloadInitialDelay);
4012 CHECK_DEFAULT(TestingServerConsensusDownloadInitialDelay);
4013 CHECK_DEFAULT(TestingClientConsensusDownloadInitialDelay);
4014 CHECK_DEFAULT(TestingBridgeDownloadInitialDelay);
4015 CHECK_DEFAULT(TestingBridgeBootstrapDownloadInitialDelay);
4016 CHECK_DEFAULT(TestingClientMaxIntervalWithoutRequest);
4017 CHECK_DEFAULT(TestingDirConnectionMaxStall);
4018 CHECK_DEFAULT(TestingAuthKeyLifetime);
4019 CHECK_DEFAULT(TestingLinkCertLifetime);
4020 CHECK_DEFAULT(TestingSigningKeySlop);
4021 CHECK_DEFAULT(TestingAuthKeySlop);
4022 CHECK_DEFAULT(TestingLinkKeySlop);
4023 CHECK_DEFAULT(TestingMinTimeToReportBandwidth);
4024 or_options_free(dflt_options);
4031 REJECT(
"ClientDNSRejectInternalAddresses used for default network.");
4039 REJECT(
"TestingClientMaxIntervalWithoutRequest is way too low.");
4041 COMPLAIN(
"TestingClientMaxIntervalWithoutRequest is insanely high.");
4045 REJECT(
"TestingDirConnectionMaxStall is way too low.");
4047 COMPLAIN(
"TestingDirConnectionMaxStall is insanely high.");
4051 REJECT(
"ClientBootstrapConsensusMaxInProgressTries must be greater "
4055 COMPLAIN(
"ClientBootstrapConsensusMaxInProgressTries is insanely "
4061 REJECT(
"TestingEnableConnBwEvent may only be changed in testing "
4067 REJECT(
"TestingEnableCellStatsEvent may only be changed in testing "
4072 log_warn(
LD_CONFIG,
"TestingTorNetwork is set. This will make your node "
4073 "almost unusable in the public Tor network, and is "
4074 "therefore only advised if you are building a "
4075 "testing Tor network!");
4078 if (options_validate_scheduler(options, msg) < 0) {
4092compute_real_max_mem_in_queues(
const uint64_t val,
bool is_server)
4094#define MIN_SERVER_MB 64
4095#define MIN_UNWARNED_SERVER_MB 256
4096#define MIN_UNWARNED_CLIENT_MB 64
4100#define ONE_GIGABYTE (UINT64_C(1) << 30)
4101#define ONE_MEGABYTE (UINT64_C(1) << 20)
4104 static int notice_sent = 0;
4108#if SIZEOF_VOID_P >= 8
4110 result = 8 * ONE_GIGABYTE;
4113 result = ONE_GIGABYTE;
4119#if SIZEOF_SIZE_T > 4
4121#define RAM_IS_VERY_LARGE(x) ((x) >= (8 * ONE_GIGABYTE))
4124#define RAM_IS_VERY_LARGE(x) (0)
4127 if (RAM_IS_VERY_LARGE(ram)) {
4134 avail = (ram / 5) * 2;
4139 avail = (ram / 4) * 3;
4148 }
else if (avail < ONE_GIGABYTE / 4) {
4149 result = ONE_GIGABYTE / 4;
4154 if (is_server && ! notice_sent) {
4155 log_notice(
LD_CONFIG,
"%sMaxMemInQueues is set to %"PRIu64
" MB. "
4156 "You can override this by setting MaxMemInQueues by hand.",
4157 ram ?
"Based on detected system memory, " :
"",
4158 (result / ONE_MEGABYTE));
4162 }
else if (is_server && val < ONE_MEGABYTE * MIN_SERVER_MB) {
4164 log_warn(
LD_CONFIG,
"MaxMemInQueues must be at least %d MB on servers "
4165 "for now. Ideally, have it as large as you can afford.",
4167 return MIN_SERVER_MB * ONE_MEGABYTE;
4168 }
else if (is_server && val < ONE_MEGABYTE * MIN_UNWARNED_SERVER_MB) {
4171 log_warn(
LD_CONFIG,
"MaxMemInQueues is set to a low value; if your "
4172 "relay doesn't work, this may be the reason why.");
4174 }
else if (! is_server && val < ONE_MEGABYTE * MIN_UNWARNED_CLIENT_MB) {
4177 log_warn(
LD_CONFIG,
"MaxMemInQueues is set to a low value; if your "
4178 "client doesn't work, this may be the reason why.");
4197 const void *new_val_,
4200 CHECK_OPTIONS_MAGIC(old_);
4201 CHECK_OPTIONS_MAGIC(new_val_);
4209#define BAD_CHANGE_TO(opt, how) do { \
4210 *msg = tor_strdup("While Tor is running"how", changing " #opt \
4211 " is not allowed"); \
4216#define SB_NOCHANGE_STR(opt) \
4217 if (! CFG_EQ_STRING(old, new_val, opt)) \
4218 BAD_CHANGE_TO(opt," with Sandbox active")
4219#define SB_NOCHANGE_LINELIST(opt) \
4220 if (! CFG_EQ_LINELIST(old, new_val, opt)) \
4221 BAD_CHANGE_TO(opt," with Sandbox active")
4222#define SB_NOCHANGE_INT(opt) \
4223 if (! CFG_EQ_INT(old, new_val, opt)) \
4224 BAD_CHANGE_TO(opt," with Sandbox active")
4226 SB_NOCHANGE_LINELIST(Address);
4227 SB_NOCHANGE_STR(ServerDNSResolvConfFile);
4228 SB_NOCHANGE_STR(DirPortFrontPage);
4229 SB_NOCHANGE_STR(CookieAuthFile);
4230 SB_NOCHANGE_STR(ExtORPortCookieAuthFile);
4231 SB_NOCHANGE_LINELIST(Logs);
4232 SB_NOCHANGE_INT(ConnLimit);
4235 *msg = tor_strdup(
"Can't start/stop being a server while "
4236 "Sandbox is active");
4241#undef SB_NOCHANGE_LINELIST
4242#undef SB_NOCHANGE_STR
4243#undef SB_NOCHANGE_INT
4245#undef NO_CHANGE_BOOL
4247#undef NO_CHANGE_STRING
4255get_windows_conf_root(
void)
4257 static int is_set = 0;
4258 static char path[MAX_PATH*2+1];
4259 TCHAR tpath[MAX_PATH] = {0};
4271#ifdef ENABLE_LOCAL_APPDATA
4272#define APPDATA_PATH CSIDL_LOCAL_APPDATA
4274#define APPDATA_PATH CSIDL_APPDATA
4276 if (!SUCCEEDED(SHGetSpecialFolderLocation(NULL, APPDATA_PATH, &idl))) {
4277 getcwd(path,MAX_PATH);
4280 "I couldn't find your application data folder: are you "
4281 "running an ancient version of Windows 95? Defaulting to \"%s\"",
4286 result = SHGetPathFromIDList(idl, tpath);
4288 wcstombs(path,tpath,
sizeof(path));
4289 path[
sizeof(path)-1] =
'\0';
4291 strlcpy(path,tpath,
sizeof(path));
4298 m->lpVtbl->Free(m, idl);
4299 m->lpVtbl->Release(m);
4301 if (!SUCCEEDED(result)) {
4304 strlcat(path,
"\\tor",MAX_PATH);
4315#ifdef DISABLE_SYSTEM_TORRC
4316 (void) defaults_file;
4318#elif defined(_WIN32)
4319 if (defaults_file) {
4320 static char defaults_path[MAX_PATH+1];
4321 tor_snprintf(defaults_path, MAX_PATH,
"%s\\torrc-defaults",
4322 get_windows_conf_root());
4323 return defaults_path;
4325 static char path[MAX_PATH+1];
4327 get_windows_conf_root());
4331 return defaults_file ? CONFDIR
"/torrc-defaults" : CONFDIR
"/torrc";
4349 int *using_default_fname,
int *ignore_missing_torrc)
4353 const char *fname_opt = defaults_file ?
"--defaults-torrc" :
"-f";
4354 const char *fname_long_opt = defaults_file ?
"--defaults-torrc" :
4356 const char *ignore_opt = defaults_file ? NULL :
"--ignore-missing-torrc";
4357 const char *keygen_opt =
"--keygen";
4360 *ignore_missing_torrc = 1;
4362 for (p_index = cmd_arg; p_index; p_index = p_index->next) {
4364 if (!strcmp(p_index->key, fname_opt) ||
4365 !strcmp(p_index->key, fname_long_opt)) {
4367 log_warn(
LD_CONFIG,
"Duplicate %s options on command line.",
4380 *using_default_fname = 0;
4381 }
else if ((ignore_opt && !strcmp(p_index->key, ignore_opt)) ||
4382 (keygen_opt && !strcmp(p_index->key, keygen_opt))) {
4383 *ignore_missing_torrc = 1;
4387 if (*using_default_fname) {
4391 if (dflt && (st == FN_FILE || st == FN_EMPTY)) {
4392 fname = tor_strdup(dflt);
4396 if (!defaults_file) {
4401 if (hmst == FN_FILE || hmst == FN_EMPTY || dflt == NULL) {
4405 fname = tor_strdup(dflt);
4408 fname = dflt ? tor_strdup(dflt) : NULL;
4411 fname = dflt ? tor_strdup(dflt) : NULL;
4441 int using_default_torrc = 1;
4442 int ignore_missing_torrc = 0;
4445 if (*fname_var == NULL) {
4447 &using_default_torrc, &ignore_missing_torrc);
4453 log_debug(
LD_CONFIG,
"Opening config file \"%s\"", fname?fname:
"<NULL>");
4457 if (fname == NULL ||
4458 !(st == FN_FILE || st == FN_EMPTY) ||
4459 !(cf = read_file_to_str(fname,0,NULL))) {
4460 if (using_default_torrc == 1 || ignore_missing_torrc) {
4462 log_notice(
LD_CONFIG,
"Configuration file \"%s\" not present, "
4463 "using reasonable defaults.", fname);
4466 cf = tor_strdup(
"");
4469 "Unable to open configuration file \"%s\".", fname);
4473 log_notice(
LD_CONFIG,
"Read configuration file \"%s\".", fname);
4491 char *cf=NULL, *cf_defaults=NULL;
4530 printf(
"This build of Tor is covered by the GNU General Public License "
4531 "(https://www.gnu.org/licenses/gpl-3.0.en.html)\n");
4533 printf(
"Tor is running on %s with Libevent %s, "
4534 "%s %s, Zlib %s, Liblzma %s, Libzstd %s and %s %s as libc.\n",
4548 printf(
"Tor compiled with %s version %s\n",
4549 strcmp(COMPILER_VENDOR,
"gnu") == 0?
4550 COMPILER:COMPILER_VENDOR, COMPILER_VERSION);
4571 cf_defaults = tor_strdup(
"");
4572 cf = tor_strdup(
"");
4578 if (f_line && f_line_long) {
4579 log_err(
LD_CONFIG,
"-f and --torrc-file cannot be used together.");
4582 }
else if (f_line_long) {
4583 f_line = f_line_long;
4586 const int read_torrc_from_stdin =
4587 (f_line != NULL && strcmp(f_line->value,
"-") == 0);
4589 if (read_torrc_from_stdin) {
4597 cf = tor_strdup(
"");
4625 KEY_EXPIRATION_FORMAT_ISO8601;
4660 return retval < 0 ? -1 : 0;
4674 int command,
const char *command_arg,
4678 or_options_t *oldoptions, *newoptions, *newdefaultoptions=NULL;
4682 int cf_has_include = 0;
4691 newoptions->
command_arg = command_arg ? tor_strdup(command_arg) : NULL;
4694 for (
int i = 0; i < 2; ++i) {
4695 const char *body = i==0 ? cf_defaults : cf;
4701 body == cf ? &cf_has_include : NULL,
4704 err = SETOPT_ERR_PARSE;
4709 config_free_lines(cl);
4711 err = SETOPT_ERR_PARSE;
4718 if (newdefaultoptions == NULL) {
4733 err = SETOPT_ERR_PARSE;
4739 opened_files = NULL;
4765 smartlist_free(opened_files);
4767 or_options_free(newdefaultoptions);
4768 or_options_free(newoptions);
4770 char *old_msg = *msg;
4771 tor_asprintf(msg,
"Failed to parse/validate config: %s", old_msg);
4801 const char *from, *to, *msg;
4805 for (opt = options->
AddressMap; opt; opt = opt->next) {
4807 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
4808 if (smartlist_len(elts) < 2) {
4809 log_warn(
LD_CONFIG,
"MapAddress '%s' has too few arguments. Ignoring.",
4814 from = smartlist_get(elts,0);
4815 to = smartlist_get(elts,1);
4817 if (to[0] ==
'.' || from[0] ==
'.') {
4818 log_warn(
LD_CONFIG,
"MapAddress '%s' is ambiguous - address starts with a"
4819 "'.'. Ignoring.",opt->value);
4824 log_warn(
LD_CONFIG,
"MapAddress '%s' failed: %s. Ignoring.", opt->value,
4829 if (smartlist_len(elts) > 2)
4830 log_warn(
LD_CONFIG,
"Ignoring extra arguments to MapAddress.");
4836 smartlist_free(elts);
4848 int from_wildcard = 0, to_wildcard = 0;
4850 *msg =
"whoops, forgot the error message";
4852 if (!strcmp(to,
"*") || !strcmp(from,
"*")) {
4853 *msg =
"can't remap from or to *";
4857 if (!strncmp(from,
"*.",2)) {
4861 if (!strncmp(to,
"*.",2)) {
4866 if (to_wildcard && !from_wildcard) {
4867 *msg =
"can only use wildcard (i.e. '*.') if 'from' address "
4868 "uses wildcard also";
4873 *msg =
"destination is invalid";
4878 from_wildcard, to_wildcard, 0);
4888 const char *filename,
int truncate_log)
4890 int open_flags = O_WRONLY|O_CREAT;
4891 open_flags |= truncate_log ? O_TRUNC : O_APPEND;
4910 log_warn(
LD_CONFIG,
"Log time granularity '%d' has to be positive.",
4916 if (granularity < 40) {
4918 while (1000 % granularity != 0);
4919 }
else if (granularity < 1000) {
4920 granularity = 1000 / granularity;
4921 while (1000 % granularity != 0)
4923 granularity = 1000 / granularity;
4925 granularity = 1000 * ((granularity / 1000) + 1);
4927 log_warn(
LD_CONFIG,
"Log time granularity '%d' has to be either a "
4928 "divisor or a multiple of 1 second. Changing to "
4964 if (options->
Logs == NULL && !run_as_daemon && !validate_only) {
4970 for (opt = options->
Logs; opt; opt = opt->next) {
4972 const char *cfg = opt->value;
4975 log_warn(
LD_CONFIG,
"Couldn't parse log levels in Log option 'Log %s'",
4977 ok = 0;
goto cleanup;
4981 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
4983 if (smartlist_len(elts) == 0)
4986 if (smartlist_len(elts) == 1 &&
4987 (!strcasecmp(smartlist_get(elts,0),
"stdout") ||
4988 !strcasecmp(smartlist_get(elts,0),
"stderr"))) {
4989 int err = smartlist_len(elts) &&
4990 !strcasecmp(smartlist_get(elts,0),
"stderr");
4991 if (!validate_only) {
4992 if (run_as_daemon) {
4994 "Can't log to %s with RunAsDaemon set; skipping stdout",
4995 err?
"stderr":
"stdout");
4998 fileno(err?stderr:stdout));
5003 if (smartlist_len(elts) == 1) {
5004 if (!strcasecmp(smartlist_get(elts,0),
"syslog")) {
5006 if (!validate_only) {
5010 log_warn(
LD_CONFIG,
"Syslog is not supported on this system. Sorry.");
5017 if (!strcasecmp(smartlist_get(elts, 0),
"android")) {
5019 log_warn(
LD_CONFIG,
"The android logging API is no longer supported;"
5020 " adding a syslog instead. The 'android' logging "
5021 " type will no longer work in the future.");
5022 if (!validate_only) {
5026 log_warn(
LD_CONFIG,
"The android logging API is no longer supported.");
5032 if (smartlist_len(elts) == 2 &&
5033 !strcasecmp(smartlist_get(elts,0),
"file")) {
5034 if (!validate_only) {
5038 int truncate_log = 0;
5043 for (opt2 = old_options->
Logs; opt2; opt2 = opt2->next)
5044 if (!strcmp(opt->value, opt2->value)) {
5051 log_warn(
LD_CONFIG,
"Couldn't open file for 'Log %s': %s",
5052 opt->value, strerror(errno));
5060 log_warn(
LD_CONFIG,
"Bad syntax on file Log option 'Log %s'",
5062 ok = 0;
goto cleanup;
5069 smartlist_free(elts);
5071 if (ok && !validate_only)
5083 char *socks_string = NULL;
5084 size_t socks_string_len;
5091 log_warn(
LD_CONFIG,
"'%s' is not a k=v item.", s);
5094 } SMARTLIST_FOREACH_END(s);
5100 socks_string_len = strlen(socks_string);
5104 log_warn(
LD_CONFIG,
"SOCKS arguments can't be more than %u bytes (%lu).",
5106 (
unsigned long) socks_string_len);
5120 if (bridge_line->socks_args) {
5122 smartlist_free(bridge_line->socks_args);
5124 tor_free(bridge_line->transport_name);
5144 char *addrport=NULL, *fingerprint=NULL;
5150 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5151 if (smartlist_len(items) < 1) {
5152 log_warn(
LD_CONFIG,
"Too few arguments to Bridge line.");
5157 field = smartlist_get(items, 0);
5162 bridge_line->transport_name = field;
5163 if (smartlist_len(items) < 1) {
5164 log_warn(
LD_CONFIG,
"Too few items to Bridge line.");
5167 addrport = smartlist_get(items, 0);
5174 &bridge_line->addr, &bridge_line->port, 443)<0) {
5175 log_warn(
LD_CONFIG,
"Error parsing Bridge address '%s'", addrport);
5182 if (smartlist_len(items)) {
5183 if (bridge_line->transport_name) {
5184 field = smartlist_get(items, 0);
5193 fingerprint = field;
5204 log_warn(
LD_CONFIG,
"Key digest for Bridge is wrong length.");
5209 log_warn(
LD_CONFIG,
"Unable to decode Bridge key digest.");
5216 if (bridge_line->transport_name && smartlist_len(items)) {
5217 if (!bridge_line->socks_args)
5224 tor_assert(smartlist_len(bridge_line->socks_args) > 0);
5227 if (bridge_line->socks_args) {
5235 bridge_line_free(bridge_line);
5240 smartlist_free(items);
5267 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
5270 if (smartlist_len(sl) < 2) {
5271 *msg = tor_strdup(
"TCPProxy has no address/port. Please fix.");
5275 char *protocol_string = smartlist_get(sl, 0);
5276 char *addrport_string = smartlist_get(sl, 1);
5279 if (strcasecmp(protocol_string,
"haproxy")) {
5280 *msg = tor_strdup(
"TCPProxy protocol is not supported. Currently "
5281 "the only supported protocol is 'haproxy'. "
5292 *msg = tor_strdup(
"TCPProxy address/port failed to parse or resolve. "
5321 const char *line,
int validate_only,
5327 const char *transports = NULL;
5330 char *addrport = NULL;
5333 int socks_ver = PROXY_NONE;
5337 char **proxy_argv = NULL;
5340 int is_useless_proxy = 1;
5347 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5348 line_length = smartlist_len(items);
5350 if (line_length < 3) {
5352 "Too few arguments on %sTransportPlugin line.",
5353 server ?
"Server" :
"Client");
5360 transports = smartlist_get(items, 0);
5363 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
5367 log_warn(
LD_CONFIG,
"Transport name is not a C identifier (%s).",
5374 is_useless_proxy = 0;
5375 } SMARTLIST_FOREACH_END(transport_name);
5377 type = smartlist_get(items, 1);
5378 if (!strcmp(type,
"exec")) {
5380 }
else if (server && !strcmp(type,
"proxy")) {
5383 }
else if (!server && !strcmp(type,
"socks4")) {
5386 socks_ver = PROXY_SOCKS4;
5387 }
else if (!server && !strcmp(type,
"socks5")) {
5390 socks_ver = PROXY_SOCKS5;
5393 "Strange %sTransportPlugin type '%s'",
5394 server ?
"Server" :
"Client", type);
5398 if (is_managed && options->
Sandbox) {
5400 "Managed proxies are not compatible with Sandbox mode."
5401 "(%sTransportPlugin line was %s)",
5402 server ?
"Server" :
"Client",
escaped(line));
5406 if (is_managed && options->
NoExec) {
5408 "Managed proxies are not compatible with NoExec mode; ignoring."
5409 "(%sTransportPlugin line was %s)",
5410 server ?
"Server" :
"Client",
escaped(line));
5418 if (!server && !validate_only && is_useless_proxy) {
5420 "Pluggable transport proxy (%s) does not provide "
5421 "any needed transports and will not be launched.",
5431 if (!validate_only && (server || !is_useless_proxy)) {
5432 proxy_argc = line_length - 2;
5434 proxy_argv = tor_calloc((proxy_argc + 1),
sizeof(
char *));
5437 for (i = 0; i < proxy_argc; i++) {
5439 *tmp++ = smartlist_get(items, 2);
5457 log_warn(
LD_CONFIG,
"You have configured an external proxy with another "
5458 "proxy type. (Socks4Proxy|Socks5Proxy|HTTPSProxy|"
5465 "You can't have an external proxy with more than "
5470 addrport = smartlist_get(items, 2);
5474 "Error parsing transport address '%s'", addrport);
5480 "Transport address '%s' has no port.", addrport);
5484 if (!validate_only) {
5485 log_info(
LD_DIR,
"%s '%s' at %s.",
5486 server ?
"Server transport" :
"Transport",
5505 smartlist_free(items);
5547 const char *eq = strchr(flag,
'=');
5549 const char *target = eq + 1;
5553 log_warn(
LD_CONFIG,
"Unsupported URL scheme in authority flag %s", flag);
5556 const char *addr = target + strlen(
"http://");
5558 const char *eos = strchr(addr,
'/');
5560 if (eos && strcmp(eos,
"/")) {
5561 log_warn(
LD_CONFIG,
"Unsupported URL prefix in authority flag %s", flag);
5564 addr_len = eos - addr;
5566 addr_len = strlen(addr);
5570 char *addr_string = tor_strndup(addr, addr_len);
5572 memset(&dirport, 0,
sizeof(dirport));
5574 &dirport.addr, &dirport.port, -1);
5575 if (ds != NULL && rv == 0) {
5577 }
else if (rv == -1) {
5578 log_warn(
LD_CONFIG,
"Unable to parse address in authority flag %s",flag);
5598 char *addrport=NULL, *address=NULL, *nickname=NULL, *fingerprint=NULL;
5600 uint16_t dir_port = 0, or_port = 0;
5604 double weight = 1.0;
5607 memset(v3_digest, 0,
sizeof(v3_digest));
5611 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5612 if (smartlist_len(items) < 1) {
5613 log_warn(
LD_CONFIG,
"No arguments on DirAuthority line.");
5618 nickname = smartlist_get(items, 0);
5622 while (smartlist_len(items)) {
5623 char *flag = smartlist_get(items, 0);
5624 if (TOR_ISDIGIT(flag[0]))
5626 if (!strcasecmp(flag,
"hs") ||
5627 !strcasecmp(flag,
"no-hs")) {
5628 log_warn(
LD_CONFIG,
"The DirAuthority options 'hs' and 'no-hs' are "
5629 "obsolete; you don't need them any more.");
5630 }
else if (!strcasecmp(flag,
"bridge")) {
5632 }
else if (!strcasecmp(flag,
"no-v2")) {
5637 char *portstring = flag + strlen(
"orport=");
5638 or_port = (uint16_t)
tor_parse_long(portstring, 10, 1, 65535, &ok, NULL);
5640 log_warn(
LD_CONFIG,
"Invalid orport '%s' on DirAuthority line.",
5644 const char *wstring = flag + strlen(
"weight=");
5647 log_warn(
LD_CONFIG,
"Invalid weight '%s' on DirAuthority line.",flag);
5651 char *idstr = flag + strlen(
"v3ident=");
5655 log_warn(
LD_CONFIG,
"Bad v3 identity digest '%s' on DirAuthority line",
5661 if (ipv6_addrport_ptr) {
5662 log_warn(
LD_CONFIG,
"Redundant ipv6 addr/port on DirAuthority line");
5665 &ipv6_addrport.addr, &ipv6_addrport.port,
5668 log_warn(
LD_CONFIG,
"Bad ipv6 addr/port %s on DirAuthority line",
5672 ipv6_addrport_ptr = &ipv6_addrport;
5681 log_warn(
LD_CONFIG,
"Unrecognized flag '%s' on DirAuthority line",
5688 if (smartlist_len(items) < 2) {
5689 log_warn(
LD_CONFIG,
"Too few arguments to DirAuthority line.");
5692 addrport = smartlist_get(items, 0);
5696 log_warn(
LD_CONFIG,
"Error parsing DirAuthority address '%s'.", addrport);
5701 log_warn(
LD_CONFIG,
"Error parsing DirAuthority address '%s' "
5702 "(invalid IPv4 address)", address);
5707 log_warn(
LD_CONFIG,
"Missing port in DirAuthority address '%s'",addrport);
5713 log_warn(
LD_CONFIG,
"Key digest '%s' for DirAuthority is wrong length %d.",
5714 fingerprint, (
int)strlen(fingerprint));
5719 log_warn(
LD_CONFIG,
"Unable to decode DirAuthority key digest.");
5723 if (validate_only) {
5727 } SMARTLIST_FOREACH_END(cp);
5730 if (!validate_only && (!required_type || required_type & type)) {
5733 type &= required_type;
5735 log_debug(
LD_DIR,
"Trusted %d dirserver at %s:%d (%s)", (
int)type,
5736 address, (
int)dir_port, (
char*)smartlist_get(items,0));
5739 digest, v3_digest, type, weight)))
5745 } SMARTLIST_FOREACH_END(cp);
5757 smartlist_free(extra_dirports);
5759 smartlist_free(items);
5786 memset(
id, 0,
sizeof(
id));
5788 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5790 const char *eq = strchr(cp,
'=');
5798 1, 65535, &ok, NULL);
5803 if (ipv6_addrport_ptr) {
5804 log_warn(
LD_CONFIG,
"Redundant ipv6 addr/port on FallbackDir line");
5807 &ipv6_addrport.addr, &ipv6_addrport.port,
5810 log_warn(
LD_CONFIG,
"Bad ipv6 addr/port %s on FallbackDir line",
5814 ipv6_addrport_ptr = &ipv6_addrport;
5818 const char *wstring = cp + strlen(
"weight=");
5821 log_warn(
LD_CONFIG,
"Invalid weight '%s' on FallbackDir line.", cp);
5830 } SMARTLIST_FOREACH_END(cp);
5832 if (smartlist_len(positional) != 1) {
5838 log_warn(
LD_CONFIG,
"Missing identity on FallbackDir line");
5843 log_warn(
LD_CONFIG,
"Missing orport on FallbackDir line");
5848 &address, &dirport) < 0 ||
5850 log_warn(
LD_CONFIG,
"Couldn't parse address:port %s on FallbackDir line",
5851 (
const char*)smartlist_get(positional, 0));
5855 if (!validate_only) {
5870 smartlist_free(items);
5871 smartlist_free(positional);
5912 const char *portname,
5913 const int listener_type)
5916 if (port->type != listener_type)
5918 if (port->is_unix_addr) {
5920 }
else if (!tor_addr_is_internal(&port->addr, 1)) {
5921 log_warn(
LD_CONFIG,
"You specified a public address '%s' for %sPort. "
5922 "Other people on the Internet might find your computer and "
5923 "use it as an open proxy. Please don't allow this unless you "
5924 "have a good reason.",
5927 log_notice(
LD_CONFIG,
"You configured a non-loopback address '%s' "
5928 "for %sPort. This allows everybody on your local network to "
5929 "use your machine as a proxy. Make sure this is what you "
5933 } SMARTLIST_FOREACH_END(port);
5947 if (port->is_unix_addr)
5950 if (forbid_nonlocal) {
5953 "You have a ControlPort set to accept "
5954 "unauthenticated connections from a non-local address. "
5955 "This means that programs not running on your computer "
5956 "can reconfigure your Tor, without even having to guess a "
5957 "password. That's so bad that I'm closing your ControlPort "
5958 "for you. If you need to control your Tor remotely, try "
5959 "enabling authentication and using a tool like stunnel or "
5960 "ssh to encrypt remote access.");
5962 port_cfg_free(port);
5965 log_warn(
LD_CONFIG,
"You have a ControlPort set to accept "
5966 "connections from a non-local address. This means that "
5967 "programs not running on your computer can reconfigure your "
5968 "Tor. That's pretty bad, since the controller "
5969 "protocol isn't encrypted! Maybe you should just listen on "
5970 "127.0.0.1 and use a tool like stunnel or ssh to encrypt "
5971 "remote connections to your control port.");
5975 } SMARTLIST_FOREACH_END(port);
5990 char **addrport_out,
5992 const char **rest_out)
6005 *addrport_out = NULL;
6006 line += strlen(unix_socket_prefix);
6008 if (!*rest_out || (*addrport_out && sz != strlen(*addrport_out))) {
6017 line += strlen(unix_socket_prefix);
6025 end = strchr(line,
'\0');
6028 *addrport_out = tor_strndup(line, end - line);
6035warn_client_dns_cache(
const char *option,
int disabling)
6041 "Client-side DNS caching enables a wide variety of route-"
6042 "capture attacks. If a single bad exit node lies to you about "
6043 "an IP address, caching that address would make you visit "
6044 "an address of the attacker's choice every time you connected "
6045 "to your destination.");
6081 const char *portname,
6083 const char *defaultaddr,
6085 const unsigned flags)
6091 const unsigned allow_no_stream_options = flags & CL_PORT_NO_STREAM_OPTIONS;
6092 const unsigned use_server_options = flags & CL_PORT_SERVER_OPTIONS;
6093 const unsigned warn_nonlocal = flags & CL_PORT_WARN_NONLOCAL;
6094 const unsigned forbid_nonlocal = flags & CL_PORT_FORBID_NONLOCAL;
6095 const unsigned default_to_group_writable =
6096 flags & CL_PORT_DFLT_GROUP_WRITABLE;
6097 const unsigned takes_hostnames = flags & CL_PORT_TAKES_HOSTNAMES;
6098 const unsigned is_unix_socket = flags & CL_PORT_IS_UNIXSOCKET;
6099 int got_zero_port=0, got_nonzero_port=0;
6100 char *unix_socket_path = NULL;
6102 bool addr_is_explicit =
false;
6113 if (defaultport && defaultaddr && out) {
6114 cfg =
port_cfg_new(is_unix_socket ? strlen(defaultaddr) : 0);
6115 cfg->
type = listener_type;
6116 if (is_unix_socket) {
6118 memcpy(cfg->
unix_addr, defaultaddr, strlen(defaultaddr) + 1);
6121 cfg->
port = defaultport;
6132 char *addrport = NULL;
6134 for (; ports; ports = ports->next) {
6138 has_used_unix_socket_only_option = 0,
6139 is_unix_tagged_addr = 0;
6141 const char *rest_of_line = NULL;
6144 &addrport, &is_unix_tagged_addr, &rest_of_line)<0) {
6145 log_warn(
LD_CONFIG,
"Invalid %sPort line with unparsable address",
6149 if (strlen(addrport) == 0) {
6150 log_warn(
LD_CONFIG,
"Invalid %sPort line with no address", portname);
6156 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
6159 if (is_unix_tagged_addr) {
6160#ifndef HAVE_SYS_UN_H
6161 log_warn(
LD_CONFIG,
"Unix sockets not supported on this system.");
6164 unix_socket_path = addrport;
6168 if (unix_socket_path &&
6170 log_warn(
LD_CONFIG,
"%sPort does not support unix sockets", portname);
6174 if (unix_socket_path) {
6176 }
else if (is_unix_socket) {
6179 unix_socket_path = tor_strdup(addrport);
6180 if (!strcmp(addrport,
"0"))
6184 }
else if (!strcasecmp(addrport,
"auto")) {
6188 char *addrtmp = tor_strndup(addrport, strlen(addrport)-5);
6191 log_warn(
LD_CONFIG,
"Invalid address '%s' for %sPort",
6203 addr_is_explicit =
false;
6206 log_warn(
LD_CONFIG,
"%sPort line has address but no port", portname);
6210 addr_is_explicit =
true;
6212 log_warn(
LD_CONFIG,
"Couldn't parse address %s for %sPort",
6219 cfg =
port_cfg_new(unix_socket_path ? strlen(unix_socket_path) : 0);
6221 cfg->explicit_addr = addr_is_explicit;
6222 if (unix_socket_path && default_to_group_writable)
6223 cfg->is_group_writable = 1;
6226 if (use_server_options) {
6229 if (!strcasecmp(elt,
"NoAdvertise")) {
6230 cfg->server_cfg.no_advertise = 1;
6231 }
else if (!strcasecmp(elt,
"NoListen")) {
6232 cfg->server_cfg.no_listen = 1;
6235 }
else if (!strcasecmp(elt,
"AllAddrs")) {
6239 }
else if (!strcasecmp(elt,
"IPv4Only")) {
6240 cfg->server_cfg.bind_ipv4_only = 1;
6241 }
else if (!strcasecmp(elt,
"IPv6Only")) {
6242 cfg->server_cfg.bind_ipv6_only = 1;
6244 log_warn(
LD_CONFIG,
"Unrecognized %sPort option '%s'",
6247 } SMARTLIST_FOREACH_END(elt);
6249 if (cfg->server_cfg.no_advertise && cfg->server_cfg.no_listen) {
6250 log_warn(
LD_CONFIG,
"Tried to set both NoListen and NoAdvertise "
6251 "on %sPort line '%s'",
6252 portname,
escaped(ports->value));
6255 if (cfg->server_cfg.bind_ipv4_only &&
6256 cfg->server_cfg.bind_ipv6_only) {
6257 log_warn(
LD_CONFIG,
"Tried to set both IPv4Only and IPv6Only "
6258 "on %sPort line '%s'",
6259 portname,
escaped(ports->value));
6262 if (cfg->server_cfg.bind_ipv4_only &&
6264 if (cfg->explicit_addr) {
6265 log_warn(
LD_CONFIG,
"Could not interpret %sPort address as IPv4",
6273 if (cfg->server_cfg.bind_ipv6_only &&
6275 if (cfg->explicit_addr) {
6276 log_warn(
LD_CONFIG,
"Could not interpret %sPort address as IPv6",
6287 int no = 0, isoflag = 0;
6288 const char *elt_orig = elt;
6292 10, 0, INT_MAX, &ok, NULL);
6293 if (!ok || allow_no_stream_options) {
6294 log_warn(
LD_CONFIG,
"Invalid %sPort option '%s'",
6299 log_warn(
LD_CONFIG,
"Multiple SessionGroup options on %sPort",
6312 if (!strcasecmp(elt,
"GroupWritable")) {
6313 cfg->is_group_writable = !no;
6314 has_used_unix_socket_only_option = 1;
6316 }
else if (!strcasecmp(elt,
"WorldWritable")) {
6317 cfg->is_world_writable = !no;
6318 has_used_unix_socket_only_option = 1;
6320 }
else if (!strcasecmp(elt,
"RelaxDirModeCheck")) {
6321 cfg->relax_dirmode_check = !no;
6322 has_used_unix_socket_only_option = 1;
6326 if (allow_no_stream_options) {
6327 log_warn(
LD_CONFIG,
"Unrecognized %sPort option '%s'",
6332 if (takes_hostnames) {
6333 if (!strcasecmp(elt,
"IPv4Traffic")) {
6336 }
else if (!strcasecmp(elt,
"IPv6Traffic")) {
6339 }
else if (!strcasecmp(elt,
"PreferIPv6")) {
6342 }
else if (!strcasecmp(elt,
"DNSRequest")) {
6345 }
else if (!strcasecmp(elt,
"OnionTraffic")) {
6348 }
else if (!strcasecmp(elt,
"OnionTrafficOnly")) {
6353 log_warn(
LD_CONFIG,
"Unsupported %sPort option 'No%s'. Use "
6354 "DNSRequest, IPv4Traffic, and/or IPv6Traffic instead.",
6364 if (!strcasecmp(elt,
"CacheIPv4DNS")) {
6365 warn_client_dns_cache(elt, no);
6368 }
else if (!strcasecmp(elt,
"CacheIPv6DNS")) {
6369 warn_client_dns_cache(elt, no);
6370 cfg->
entry_cfg.cache_ipv6_answers = ! no;
6372 }
else if (!strcasecmp(elt,
"CacheDNS")) {
6373 warn_client_dns_cache(elt, no);
6375 cfg->
entry_cfg.cache_ipv6_answers = ! no;
6377 }
else if (!strcasecmp(elt,
"UseIPv4Cache")) {
6378 warn_client_dns_cache(elt, no);
6381 }
else if (!strcasecmp(elt,
"UseIPv6Cache")) {
6382 warn_client_dns_cache(elt, no);
6383 cfg->
entry_cfg.use_cached_ipv6_answers = ! no;
6385 }
else if (!strcasecmp(elt,
"UseDNSCache")) {
6386 warn_client_dns_cache(elt, no);
6388 cfg->
entry_cfg.use_cached_ipv6_answers = ! no;
6390 }
else if (!strcasecmp(elt,
"PreferIPv6Automap")) {
6393 }
else if (!strcasecmp(elt,
"PreferSOCKSNoAuth")) {
6396 }
else if (!strcasecmp(elt,
"KeepAliveIsolateSOCKSAuth")) {
6399 }
else if (!strcasecmp(elt,
"ExtendedErrors")) {
6405 elt[strlen(elt)-1] =
'\0';
6407 if (!strcasecmp(elt,
"IsolateDestPort")) {
6409 }
else if (!strcasecmp(elt,
"IsolateDestAddr")) {
6411 }
else if (!strcasecmp(elt,
"IsolateSOCKSAuth")) {
6413 }
else if (!strcasecmp(elt,
"IsolateClientProtocol")) {
6415 }
else if (!strcasecmp(elt,
"IsolateClientAddr")) {
6418 log_warn(
LD_CONFIG,
"Unrecognized %sPort option '%s'",
6427 } SMARTLIST_FOREACH_END(elt);
6431 got_nonzero_port = 1;
6437 log_warn(
LD_CONFIG,
"You have a %sPort entry with DNS disabled; that "
6438 "won't work.", portname);
6445 log_warn(
LD_CONFIG,
"You have a %sPort entry with all of IPv4 and "
6446 "IPv6 and .onion disabled; that won't work.", portname);
6453 log_warn(
LD_CONFIG,
"You have a %sPort entry with DNSRequest enabled, "
6454 "but IPv4 and IPv6 disabled; DNS-based sites won't work.",
6458 if (has_used_unix_socket_only_option && !unix_socket_path) {
6459 log_warn(
LD_CONFIG,
"You have a %sPort entry with GroupWritable, "
6460 "WorldWritable, or RelaxDirModeCheck, but it is not a "
6461 "unix socket.", portname);
6466 log_warn(
LD_CONFIG,
"You have a %sPort entry with both "
6467 "NoIsolateSOCKSAuth and KeepAliveIsolateSOCKSAuth set.",
6471 if (unix_socket_path &&
6479 size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0;
6480 if (unix_socket_path) {
6482 memcpy(cfg->
unix_addr, unix_socket_path, namelen + 1);
6489 cfg->
type = listener_type;
6505 if (warn_nonlocal && out) {
6508 else if (is_ext_orport)
6514 if (got_zero_port && got_nonzero_port) {
6515 log_warn(
LD_CONFIG,
"You specified a nonzero %sPort along with '%sPort 0' "
6516 "in the same configuration. Did you mean to disable %sPort or "
6517 "not?", portname, portname, portname);
6535 smartlist_free(elts);
6551 if (port->server_cfg.no_listen)
6553 if (!count_sockets && port->is_unix_addr)
6555 if (port->type != listenertype)
6558 } SMARTLIST_FOREACH_END(port);
6572 char **msg,
int *n_ports_out,
6573 int *world_writable_control_socket)
6583 CL_PORT_DFLT_GROUP_WRITABLE : 0;
6588 ((validate_only ? 0 : CL_PORT_WARN_NONLOCAL)
6589 | CL_PORT_TAKES_HOSTNAMES | gw_flag)) < 0) {
6590 *msg = tor_strdup(
"Invalid SocksPort configuration");
6597 CL_PORT_WARN_NONLOCAL|CL_PORT_TAKES_HOSTNAMES) < 0) {
6598 *msg = tor_strdup(
"Invalid DNSPort configuration");
6605 CL_PORT_WARN_NONLOCAL) < 0) {
6606 *msg = tor_strdup(
"Invalid TransPort configuration");
6613 CL_PORT_WARN_NONLOCAL) < 0) {
6614 *msg = tor_strdup(
"Invalid NatdPort configuration");
6621 ((validate_only ? 0 : CL_PORT_WARN_NONLOCAL)
6622 | CL_PORT_TAKES_HOSTNAMES | gw_flag)) < 0) {
6623 *msg = tor_strdup(
"Invalid HTTPTunnelPort configuration");
6631 unsigned control_port_flags = CL_PORT_NO_STREAM_OPTIONS |
6632 CL_PORT_WARN_NONLOCAL;
6636 if (! any_passwords)
6637 control_port_flags |= CL_PORT_FORBID_NONLOCAL;
6639 control_port_flags |= CL_PORT_DFLT_GROUP_WRITABLE;
6645 control_port_flags) < 0) {
6646 *msg = tor_strdup(
"Invalid ControlPort configuration");
6653 control_port_flags | CL_PORT_IS_UNIXSOCKET) < 0) {
6654 *msg = tor_strdup(
"Invalid ControlSocket configuration");
6662 *n_ports_out = smartlist_len(ports);
6669 options->SocksPort_set =
6671 options->TransPort_set =
6673 options->NATDPort_set =
6675 options->HTTPTunnelPort_set =
6678 options->ControlPort_set =
6680 options->DNSPort_set =
6683 if (world_writable_control_socket) {
6687 p->is_world_writable) {
6688 *world_writable_control_socket = 1;
6693 if (!validate_only) {
6706 smartlist_free(ports);
6717 && !port->server_cfg.bind_ipv6_only);
6726 && !port->server_cfg.bind_ipv4_only);
6751 static const char *ipv4_localhost =
"127.0.0.1";
6752 static const char *ipv6_localhost =
"[::1]";
6753 const char *address;
6755 char *
string = NULL;
6761 if (cfg->server_cfg.no_listen)
6764 if (cfg->type == listener_type &&
6773 address =
tor_addr_is_v4(&cfg->addr) ? ipv4_localhost : ipv6_localhost;
6794 } SMARTLIST_FOREACH_END(cfg);
6805 const port_cfg_t *first_port_explicit_addr = NULL;
6807 if (address_family == AF_UNSPEC)
6812 if (cfg->type == listener_type && !cfg->server_cfg.no_advertise) {
6813 if ((address_family == AF_INET && port_binds_ipv4(cfg)) ||
6814 (address_family == AF_INET6 && port_binds_ipv6(cfg))) {
6815 if (cfg->explicit_addr && !first_port_explicit_addr) {
6816 first_port_explicit_addr = cfg;
6817 }
else if (!first_port) {
6822 } SMARTLIST_FOREACH_END(cfg);
6825 return (first_port_explicit_addr) ? first_port_explicit_addr : first_port;
6837 return cfg ? cfg->
port : 0;
6849 return cfg ? &cfg->
addr : NULL;
6860 int port,
int check_wildcard)
6865 if (cfg->type == listener_type) {
6866 if (cfg->port == port || (check_wildcard && port == -1)) {
6872 if (!check_wildcard) {
6876 const int cfg_v4 = port_binds_ipv4(cfg);
6881 if ((cfg_any_v4 && addr_v4) || (cfg_v4 && addr_any_v4)) {
6885 const int cfg_v6 = port_binds_ipv6(cfg);
6890 if ((cfg_any_v6 && addr_v6) || (cfg_v6 && addr_any_v6)) {
6895 } SMARTLIST_FOREACH_END(cfg);
6902port_exists_by_type_addr32h_port(
int listener_type, uint32_t addr_ipv4h,
6903 int port,
int check_wildcard)
6918 return tor_strdup(val);
6920 return tor_strdup(get_windows_conf_root());
6922#elif defined(__ANDROID__)
6927 return tor_strdup(val);
6929 return tor_strdup(
"/data/local/tmp");
6932 const char *d = val;
6939 log_warn(
LD_CONFIG,
"Failed to expand filename \"%s\".", d);
6942 if (!val && !strcmp(fn,
"/.tor")) {
6947 "Default DataDirectory is \"~/.tor\". This expands to "
6948 "\"%s\", which is probably not what you want. Using "
6949 "\"%s"PATH_SEPARATOR
"tor\" instead", fn, LOCALSTATEDIR);
6951 fn = tor_strdup(LOCALSTATEDIR PATH_SEPARATOR
"tor");
6955 return tor_strdup(d);
6969 log_warn(
LD_CONFIG,
"DataDirectory is too long.");
7011#define GENERATED_FILE_PREFIX "# This file was generated by Tor; " \
7012 "if you edit it, comments will not be preserved"
7015#define GENERATED_FILE_COMMENT "# The old torrc file was renamed " \
7016 "to torrc.orig.1, and Tor will ignore it"
7025 char *old_val=NULL, *new_val=NULL, *new_conf=NULL;
7026 int rename_old = 0, r;
7035 old_val = read_file_to_str(fname, 0, NULL);
7047 "Config file \"%s\" is not a file? Failing.", fname);
7051 if (!(new_conf =
options_dump(options, OPTIONS_DUMP_MINIMAL))) {
7052 log_warn(
LD_BUG,
"Couldn't get configuration string");
7060 char *fn_tmp = NULL;
7063 if (fn_tmp_status == FN_DIR || fn_tmp_status == FN_ERROR) {
7065 "Config backup file \"%s\" is not a file? Failing.", fn_tmp);
7070 log_notice(
LD_CONFIG,
"Renaming old configuration file to \"%s\"", fn_tmp);
7073 "Couldn't rename configuration file \"%s\" to \"%s\": %s",
7074 fname, fn_tmp, strerror(errno));
7116 return (n >= 1) ? n : 1;
7138 memset(&cfg, 0,
sizeof(cfg));
7159 directory_root_t roottype,
7160 const char *sub1,
const char *sub2,
7161 const char *suffix))
7165 const char *rootdir = NULL;
7167 case DIRROOT_DATADIR:
7170 case DIRROOT_CACHEDIR:
7173 case DIRROOT_KEYDIR:
7177 tor_assert_unreached();
7190 }
else if (sub2 == NULL) {
7191 tor_asprintf(&fname,
"%s"PATH_SEPARATOR
"%s%s", rootdir, sub1, suffix);
7193 tor_asprintf(&fname,
"%s"PATH_SEPARATOR
"%s"PATH_SEPARATOR
"%s%s",
7194 rootdir, sub1, sub2, suffix);
7206 char *statsdir = get_datadir_fname(subdir);
7210 log_warn(
LD_HIST,
"Unable to create %s/ directory!", subdir);
7224 const char* str,
const char* descr)
7226 char *filename = get_datadir_fname2(subdir, fname);
7230 log_warn(
LD_HIST,
"Unable to write %s to disk!", descr ? descr : fname);
7243 const char *question,
char **answer,
7244 const char **errmsg)
7248 if (!strcmp(question,
"config/names")) {
7259 } SMARTLIST_FOREACH_END(var);
7263 smartlist_free(vars);
7264 }
else if (!strcmp(question,
"config/defaults")) {
7266 int dirauth_lines_seen = 0, fallback_lines_seen = 0;
7271 if (var->initvalue != NULL) {
7272 if (strcmp(var->member.name,
"DirAuthority") == 0) {
7277 ++dirauth_lines_seen;
7279 if (strcmp(var->member.name,
"FallbackDir") == 0) {
7284 ++fallback_lines_seen;
7290 } SMARTLIST_FOREACH_END(var);
7291 smartlist_free(vars);
7293 if (dirauth_lines_seen == 0) {
7311 if (fallback_lines_seen == 0 &&
7350 if (family==AF_INET6) {
7357 if (!validate_only) {
7376 if (verify_and_store_outbound_address(family, &addr, type,
7377 options, validate_only)) {
7379 tor_asprintf(msg,
"Multiple%s%s outbound bind addresses "
7381 family==AF_INET?
" IPv4":(family==AF_INET6?
" IPv6":
""),
7387 lines = lines->next;
7401 if (!validate_only) {
7408 validate_only, msg) < 0) {
7444 const char *msg =
"";
7449 char *free_fname = NULL;
7452 if (!strcmp(fname,
"<default>")) {
7453 const char *conf_root = get_windows_conf_root();
7464 if (r < 0 && severity ==
LOG_WARN) {
7487 if (options->GeoIPv6File &&
7488 ((!old_options || !
opt_streq(old_options->GeoIPv6File,
7489 options->GeoIPv6File))
7509 int cookie_len,
int group_readable,
7510 uint8_t **cookie_out,
int *cookie_is_set_out)
7512 char cookie_file_str_len = strlen(header) + cookie_len;
7513 char *cookie_file_str = tor_malloc(cookie_file_str_len);
7518 if (*cookie_is_set_out) {
7530 *cookie_out = tor_malloc(cookie_len);
7534 memcpy(cookie_file_str, header, strlen(header));
7535 memcpy(cookie_file_str+strlen(header), *cookie_out, cookie_len);
7537 log_warn(
LD_FS,
"Error writing auth cookie to %s.",
escaped(fname));
7542 if (group_readable) {
7543 if (chmod(fname, 0640)) {
7544 log_warn(
LD_FS,
"Unable to make %s group-readable.",
escaped(fname));
7548 (void) group_readable;
7553 *cookie_is_set_out = 1;
7557 memwipe(cookie_file_str, 0, cookie_file_str_len);
7569 return (options->SocksPort_set ||
7570 options->TransPort_set ||
7571 options->NATDPort_set ||
7572 options->DNSPort_set ||
7573 options->HTTPTunnelPort_set);
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
void tor_addr_make_unspec(tor_addr_t *a)
int string_is_valid_ipv4_address(const char *string)
int tor_addr_parse(tor_addr_t *addr, const char *src)
int tor_addr_port_parse(int severity, const char *addrport, tor_addr_t *address_out, uint16_t *port_out, int default_port)
int tor_addr_is_loopback(const tor_addr_t *addr)
int tor_addr_is_v4(const tor_addr_t *addr)
int tor_addr_port_split(int severity, const char *addrport, char **address_out, uint16_t *port_out)
int tor_addr_is_null(const tor_addr_t *addr)
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
#define fmt_and_decorate_addr(a)
static sa_family_t tor_addr_family(const tor_addr_t *a)
#define tor_addr_from_ipv4h(dest, v4addr)
#define tor_addr_eq(a, b)
void addressmap_clear_invalid_automaps(const or_options_t *options)
void addressmap_register(const char *address, char *new_address, time_t expires, addressmap_entry_source_t source, const int wildcard_addr, const int wildcard_new_addr, uint64_t stream_id)
void addressmap_clear_configured(void)
void addressmap_clear_excluded_trackexithosts(const or_options_t *options)
int parse_virtual_addr_network(const char *val, sa_family_t family, int validate_only, char **msg)
Header file for directory authority mode.
int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
void mark_bridge_list(void)
void sweep_bridge_list(void)
int transport_is_needed(const char *transport_name)
void bridge_add_from_config(bridge_line_t *bridge_line)
Header file for circuitbuild.c.
Header file for channel.c.
void circuit_mark_all_dirty_circs_as_unusable(void)
void circuit_mark_all_unused_circs(void)
Header file for circuitlist.c.
Header file for circuitmux.c.
void cmux_ewma_set_options(const or_options_t *options, const networkstatus_t *consensus)
Header file for circuitmux_ewma.c.
int circuit_build_times_disabled_(const or_options_t *options, int ignore_consensus)
Header file for circuitstats.c.
const char * tor_libevent_get_header_version_str(void)
void suppress_libevent_log_msg(const char *msg)
void tor_libevent_initialize(tor_libevent_cfg_t *torcfg)
const char * tor_libevent_get_version_str(void)
void configure_libevent_logging(void)
size_t atomic_counter_exchange(atomic_counter_t *counter, size_t newval)
void atomic_counter_init(atomic_counter_t *counter)
size_t atomic_counter_get(atomic_counter_t *counter)
void atomic_counter_destroy(atomic_counter_t *counter)
const char * tor_compress_version_str(compress_method_t method)
int tor_compress_supports_method(compress_method_t method)
const char * tor_compress_header_version_str(compress_method_t method)
Read configuration files from disk, with full include support.
int config_get_lines_include(const char *string, struct config_line_t **result, int extended, int *has_include, struct smartlist_t *opened_lst)
int config_ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg)
static config_line_t * get_options_defaults(void)
static void options_commit_listener_transaction(listener_transaction_t *xn)
static int compute_group_readable_flag(const char *datadir, const char *subdir, int datadir_gr, int subdir_gr)
static int validate_transport_socks_arguments(const smartlist_t *args)
void options_init(or_options_t *options)
int options_save_current(void)
static const char * default_fallbacks[]
static void print_usage(void)
STATIC void add_default_trusted_dir_authorities(dirinfo_type_t type)
int pt_parse_transport_line(const or_options_t *options, const char *line, int validate_only, int server)
const char * get_torrc_fname(int defaults_fname)
#define MAX_MAX_CIRCUIT_DIRTINESS
#define MIN_MAX_CIRCUIT_DIRTINESS
static void warn_nonlocal_client_ports(const smartlist_t *ports, const char *portname, const int listener_type)
static void set_protocol_warning_severity_level(int warning_severity)
static int validate_ports_csv(smartlist_t *sl, const char *name, char **msg)
or_options_t * get_options_mutable(void)
void bridge_line_free_(bridge_line_t *bridge_line)
int get_num_cpus(const or_options_t *options)
const smartlist_t * get_configured_ports(void)
static void list_deprecated_options(void)
void add_default_fallback_dir_servers(void)
static const config_var_t option_vars_[]
static atomic_counter_t protocol_warning_severity_level
static int write_configuration_file(const char *fname, const or_options_t *options)
STATIC int options_act_reversible(const or_options_t *old_options, char **msg)
#define MIN_CIRCUIT_STREAM_TIMEOUT
char * options_get_dir_fname2_suffix(const or_options_t *options, directory_root_t roottype, const char *sub1, const char *sub2, const char *suffix)
STATIC void or_options_free_(or_options_t *options)
static bool testing_network_configured
static listener_transaction_t * options_start_listener_transaction(const or_options_t *old_options, char **msg_out)
static void list_torrc_options(void)
static int validate_data_directories(or_options_t *options)
static int in_option_validation
int getinfo_helper_config(control_connection_t *conn, const char *question, char **answer, const char **errmsg)
static void print_library_versions(void)
static int opt_streq(const char *s1, const char *s2)
STATIC int parse_ports(or_options_t *options, int validate_only, char **msg, int *n_ports_out, int *world_writable_control_socket)
int consider_adding_dir_servers(const or_options_t *options, const or_options_t *old_options)
static const char * default_authorities[]
static int options_transition_affects_guards(const or_options_t *old_options, const or_options_t *new_options)
const char * escaped_safe_str_client(const char *address)
static int warn_if_option_path_is_relative(const char *option, const char *filepath)
char * get_first_listener_addrport_string(int listener_type)
#define V_D(member, type, initvalue)
int options_init_from_torrc(int argc, char **argv)
static or_options_t * global_options
static void config_load_geoip_file_(sa_family_t family, const char *fname, const char *default_fname)
static const config_abbrev_t option_abbrevs_[]
#define OBSOLETE(varname)
void port_cfg_free_(port_cfg_t *port)
static int options_switch_id(char **msg_out)
static int handle_cmdline_master_key(tor_cmdline_mode_t command, const char *value)
static char * find_torrc_filename(const config_line_t *cmd_arg, int defaults_file, int *using_default_fname, int *ignore_missing_torrc)
takes_argument_t takes_argument
STATIC void options_commit_log_transaction(log_transaction_t *xn)
static void options_rollback_listener_transaction(struct listener_transaction_t *xn)
STATIC int open_and_add_file_log(const log_severity_list_t *severity, const char *filename, int truncate_log)
static or_options_t * global_default_options
static void cleanup_protocol_warning_severity_level(void)
static int parse_outbound_addresses(or_options_t *options, int validate_only, char **msg)
STATIC int options_create_directories(char **msg_out)
static char * load_torrc_from_stdin(void)
const char * safe_str_client_opts(const or_options_t *options, const char *address)
int portconf_get_first_advertised_port(int listener_type, int address_family)
static char * torrc_defaults_fname
static int handle_cmdline_passphrase_fd(tor_cmdline_mode_t command, const char *value)
int port_cfg_line_extract_addrport(const char *line, char **addrport_out, int *is_unix_out, const char **rest_out)
const char * escaped_safe_str(const char *address)
int check_or_create_data_subdir(const char *subdir)
static const char * get_default_conf_file(int defaults_file)
int options_any_client_port_set(const or_options_t *options)
or_options_t * options_new(void)
int create_keys_directory(const or_options_t *options)
#define MAX_CIRCS_AVAILABLE_TIME
void init_protocol_warning_severity_level(void)
static int check_and_create_data_directory(int create, const char *directory, int group_readable, const char *owner, char **msg_out)
static int handle_cmdline_no_passphrase(tor_cmdline_mode_t command)
char * options_dump(const or_options_t *options, int how_to_dump)
int get_protocol_warning_severity_level(void)
static int warn_about_relative_paths(const or_options_t *options)
static char * torrc_fname
int parse_dir_fallback_line(const char *line, int validate_only)
const or_options_t * get_options(void)
int option_is_recognized(const char *key)
setopt_err_t options_trial_assign(config_line_t *list, unsigned flags, char **msg)
static int options_init_log_granularity(const or_options_t *options, int validate_only)
STATIC int options_act(const or_options_t *old_options)
#define RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT
STATIC int parse_dir_authority_line(const char *line, dirinfo_type_t required_type, int validate_only)
#define VAR(varname, conftype, member, initvalue)
STATIC int options_init_logs(const or_options_t *old_options, const or_options_t *options, int validate_only)
STATIC void options_rollback_log_transaction(log_transaction_t *xn)
static int validate_dir_servers(const or_options_t *options, const or_options_t *old_options)
static int handle_cmdline_format(tor_cmdline_mode_t command, const char *value)
static bool have_set_startup_options
#define GENERATED_FILE_PREFIX
void parsed_cmdline_free_(parsed_cmdline_t *cmdline)
static char * load_torrc_from_disk(const config_line_t *cmd_arg, int defaults_file)
STATIC const config_mgr_t * get_options_mgr(void)
static const config_format_t options_format
static int options_act_once_on_startup(char **msg_out)
static void config_maybe_load_geoip_files_(const or_options_t *options, const or_options_t *old_options)
static const port_cfg_t * portconf_get_first_advertised(int listener_type, int address_family)
static const struct @0 testing_tor_network_defaults[]
static int options_check_transition_cb(const void *old, const void *new, char **msg)
int set_options(or_options_t *new_val, char **msg)
static void warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid_nonlocal)
const char * safe_str_opts(const or_options_t *options, const char *address)
DUMMY_TYPECHECK_INSTANCE(or_options_t)
port_cfg_t * port_cfg_new(size_t namelen)
static int handle_cmdline_newpass(tor_cmdline_mode_t command)
STATIC log_transaction_t * options_start_log_transaction(const or_options_t *old_options, char **msg_out)
int addressmap_register_auto(const char *from, const char *to, time_t expires, addressmap_entry_source_t addrmap_source, const char **msg)
int options_need_geoip_info(const or_options_t *options, const char **reason_out)
#define UINT64_MAX_STRING
void config_register_addressmaps(const or_options_t *options)
static void options_clear_cb(const config_mgr_t *mgr, void *opts)
void config_free_all(void)
int port_count_real_listeners(const smartlist_t *ports, int listenertype, int count_sockets)
static void init_libevent(const or_options_t *options)
bridge_line_t * parse_bridge_line(const char *line)
int port_exists_by_type_addr_port(int listener_type, const tor_addr_t *addr, int port, int check_wildcard)
static int parse_dirauth_dirport(dir_server_t *ds, const char *flag)
tor_cmdline_mode_t command
int init_cookie_authentication(const char *fname, const char *header, int cookie_len, int group_readable, uint8_t **cookie_out, int *cookie_is_set_out)
static const struct @1 CMDLINE_ONLY_OPTIONS[]
parsed_cmdline_t * config_parse_commandline(int argc, char **argv, int ignore_errors)
const tor_addr_t * portconf_get_first_advertised_addr(int listener_type, int address_family)
setopt_err_t options_init_from_string(const char *cf_defaults, const char *cf, int command, const char *command_arg, char **msg)
static int options_validate_cb(const void *old_options, void *options, char **msg)
const char * option_get_canonical_name(const char *key)
static void list_enabled_modules(void)
static setopt_err_t options_validate_and_set(const or_options_t *old_options, or_options_t *new_options, char **msg_out)
static smartlist_t * configured_ports
config_line_t * option_get_assignment(const or_options_t *options, const char *key)
STATIC int parse_tcp_proxy_line(const char *line, or_options_t *options, char **msg)
#define DOWNLOAD_SCHEDULE(name)
int write_to_data_subdir(const char *subdir, const char *fname, const char *str, const char *descr)
static char * get_data_directory(const char *val)
int port_parse_config(smartlist_t *out, const config_line_t *ports, const char *portname, int listener_type, const char *defaultaddr, int defaultport, const unsigned flags)
static parsed_cmdline_t * global_cmdline
#define GENERATED_FILE_COMMENT
Header file for config.c.
#define MAX_DEFAULT_MEMORY_QUEUE_SIZE
#define CONFIG_BACKUP_PATTERN
#define MIN_HEARTBEAT_PERIOD
const config_line_t * config_line_find(const config_line_t *lines, const char *key)
void config_line_append(config_line_t **lst, const char *key, const char *val)
int config_lines_eq(const config_line_t *a, const config_line_t *b)
#define CONFIG_LINE_APPEND
#define CONFIG_LINE_NORMAL
#define END_OF_CONFIG_VARS
void config_init(const config_mgr_t *mgr, void *options)
void config_mgr_freeze(config_mgr_t *mgr)
void warn_deprecated_option(const char *what, const char *why)
config_line_t * config_get_changes(const config_mgr_t *mgr, const void *options1, const void *options2)
bool config_var_is_listable(const config_var_t *var)
const char * config_find_option_name(const config_mgr_t *mgr, const char *key)
const char * config_expand_abbrev(const config_mgr_t *mgr, const char *option, int command_line, int warn_obsolete)
bool config_var_is_settable(const config_var_t *var)
void * config_dup(const config_mgr_t *mgr, const void *old)
smartlist_t * config_mgr_list_deprecated_vars(const config_mgr_t *mgr)
config_line_t * config_get_assigned_option(const config_mgr_t *mgr, const void *options, const char *key, int escape_val)
smartlist_t * config_mgr_list_vars(const config_mgr_t *mgr)
validation_status_t config_validate(const config_mgr_t *mgr, const void *old_options, void *options, char **msg_out)
int config_assign(const config_mgr_t *mgr, void *options, config_line_t *list, unsigned config_assign_flags, char **msg)
char * config_dump(const config_mgr_t *mgr, const void *default_options, const void *options, int minimal, int comment_defaults)
config_mgr_t * config_mgr_new(const config_format_t *toplevel_fmt)
void * config_new(const config_mgr_t *mgr)
#define CAL_WARN_DEPRECATIONS
char * alloc_http_authenticator(const char *authenticator)
int retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
void connection_bucket_adjust(const or_options_t *options)
int conn_listener_type_supports_af_unix(int type)
void connection_mark_all_noncontrol_connections(void)
void connection_check_oos(int n_socks, int failed)
Header file for connection.c.
#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER
#define CONN_TYPE_CONTROL_LISTENER
#define CONN_TYPE_EXT_OR_LISTENER
#define MAX_SOCKS5_AUTH_SIZE_TOTAL
#define MAX_SOCKS5_AUTH_FIELD_SIZE
#define CONN_TYPE_AP_NATD_LISTENER
#define CONN_TYPE_AP_LISTENER
#define CONN_TYPE_AP_DNS_LISTENER
#define CONN_TYPE_AP_TRANS_LISTENER
Header file for connection_edge.c.
int address_is_invalid_destination(const char *address, int client)
Base connection structure.
void control_ports_write_to_file(void)
int control_connection_add_local_fd(tor_socket_t sock, unsigned flags)
void monitor_owning_controller_process(const char *process_spec)
Header file for control.c.
smartlist_t * decode_hashed_passwords(config_line_t *passwords)
Header file for control_auth.c.
void control_adjust_event_log_severity(void)
void control_event_logmsg_pending(void)
void control_event_logmsg(int severity, log_domain_mask_t domain, const char *msg)
void control_event_conf_changed(const config_line_t *changes)
Header file for control_events.c.
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
const char * crypto_get_library_version_string(void)
const char * crypto_get_library_name(void)
Headers for crypto_init.c.
Headers for crypto_nss_mgt.c.
Headers for crypto_openssl_mgt.c.
void crypto_rand(char *to, size_t n)
Common functions for using (pseudo-)random number generators.
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
const char * unescape_string(const char *s, char **result, size_t *size_out)
bool start_daemon_has_been_called(void)
int finish_daemon(const char *desired_cwd)
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
int options_act_dirauth_mtbf(const or_options_t *old_options)
int options_act_dirauth_stats(const or_options_t *old_options, bool *print_notice_out)
int options_validate_dirauth_mode(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_dirauth(const or_options_t *old_options)
int options_validate_dirauth_testing(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_dirauth_schedule(const or_options_t *old_options, or_options_t *options, char **msg)
Header for feature/dirauth/dirauth_config.c.
int dirclient_fetches_dir_info_later(const or_options_t *options)
int dirclient_fetches_dir_info_early(const or_options_t *options)
Header for feature/dirclient/dirclient_modes.c.
void trusted_dir_server_add_dirport(dir_server_t *ds, auth_dirport_usage_t usage, const tor_addr_port_t *dirport)
dir_server_t * fallback_dir_server_new(const tor_addr_t *ipv4_addr, uint16_t ipv4_dirport, uint16_t ipv4_orport, const tor_addr_port_t *addrport_ipv6, const char *id_digest, double weight)
void clear_dir_servers(void)
void dir_server_add(dir_server_t *ent)
dir_server_t * trusted_dir_server_new(const char *nickname, const char *address, uint16_t ipv4_dirport, uint16_t ipv4_orport, const tor_addr_port_t *ipv6_addrport, const char *digest, const char *v3_auth_digest, dirinfo_type_t type, double weight)
Header file for dirlist.c.
Header file for dirserv.c.
int guards_update_all(void)
Header file for circuitbuild.c.
char * esc_for_log(const char *s)
const char * escaped(const char *s)
char * read_file_to_str_until_eof(int fd, size_t max_bytes_to_read, size_t *sz_out) ATTR_MALLOC
int write_str_to_file(const char *fname, const char *str, int bin)
file_status_t file_status(const char *filename)
int tor_open_cloexec(const char *path, int flags, unsigned mode)
int replace_file(const char *from, const char *to)
int write_bytes_to_file(const char *fname, const char *str, size_t len, int bin)
int geoip_load_file(sa_family_t family, const char *filename, int severity)
int geoip_is_loaded(sa_family_t family)
Header file for geoip_stats.c.
int should_record_bridge_info(const or_options_t *options)
Header for gethostname.c.
void consider_hibernation(time_t now)
int we_are_hibernating(void)
Header file for hibernate.c.
int hs_config_client_auth_all(const or_options_t *options, int validate_only)
int hs_config_service_all(const or_options_t *options, int validate_only)
Header file containing configuration ABI/API for the HS subsystem.
Header file containing PoW denial of service defenses for the HS subsystem for all versions.
int hs_service_load_all_keys(void)
int string_is_key_value(int severity, const char *string)
const char * tor_libc_get_header_version_str(void)
const char * tor_libc_get_version_str(void)
const char * tor_libc_get_name(void)
Header for lib/osinfo/libc.c.
int add_file_log(const log_severity_list_t *severity, const char *filename, int fd)
void flush_log_messages_from_startup(void)
void mark_logs_temp(void)
void rollback_log_changes(void)
void logs_set_pending_callback_callback(pending_callback_callback cb)
int add_callback_log(const log_severity_list_t *severity, log_callback cb)
int get_min_log_level(void)
void set_log_time_granularity(int granularity_msec)
void tor_log_update_sigsafe_err_fds(void)
void add_stream_log(const log_severity_list_t *severity, const char *name, int fd)
void logs_set_domain_logging(int enabled)
int parse_log_severity_config(const char **cfg_ptr, log_severity_list_t *severity_out)
void close_temp_logs(void)
#define log_fn(severity, domain, args,...)
int try_locking(const or_options_t *options, int err_if_locked)
void note_that_we_maybe_cant_complete_circuits(void)
void tor_shutdown_event_loop_and_exit(int exitcode)
void reset_main_loop_counters(void)
int tor_event_loop_shutdown_is_pending(void)
Header file for mainloop.c.
int get_total_system_memory(size_t *mem_out)
int metrics_parse_ports(or_options_t *options, smartlist_t *ports, char **err_msg_out)
Header for feature/metrics/metrics.c.
int net_is_disabled(void)
networkstatus_t * networkstatus_get_latest_consensus(void)
void update_consensus_networkstatus_fetch_time(time_t now)
Header file for networkstatus.c.
int is_legal_nickname(const char *s)
Header file for nickname.c.
void router_dir_info_changed(void)
Header file for nodelist.c.
int compute_num_cpus(void)
Master header file for Tor-specific functionality.
addressmap_entry_source_t
#define SESSION_GROUP_UNSET
@ TCP_PROXY_PROTOCOL_HAPROXY
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
double tor_parse_double(const char *s, double min, double max, int *ok, char **next)
char * make_path_absolute(const char *fname)
int path_is_relative(const char *filename)
char * expand_filename(const char *filename)
int write_pidfile(const char *filename)
int policies_parse_from_options(const or_options_t *options)
int validate_addr_policies(const or_options_t *options, char **msg)
Header file for policies.c.
Listener port configuration structure.
int tor_asprintf(char **strp, const char *fmt,...)
int tor_snprintf(char *str, size_t size, const char *format,...)
void tor_disable_spawning_background_processes(void)
int tor_validate_process_specifier(const char *process_spec, const char **msg)
quiet_level_t quiet_level
void add_default_log_for_quiet_level(quiet_level_t quiet)
int options_act_relay_bandwidth(const or_options_t *old_options)
int options_validate_relay_padding(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_relay_stats(const or_options_t *old_options, bool *print_notice_out)
void port_update_port_set_relay(or_options_t *options, const smartlist_t *ports)
int options_act_relay(const or_options_t *old_options)
int options_validate_relay_accounting(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_relay_bandwidth(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_relay_os(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_relay_dir(const or_options_t *old_options)
void port_warn_nonlocal_ext_orports(const smartlist_t *ports, const char *portname)
int port_parse_ports_relay(or_options_t *options, char **msg, smartlist_t *ports_out, int *have_low_ports_out)
int options_act_relay_accounting(const or_options_t *old_options)
void options_act_relay_stats_msg(void)
int options_validate_relay_info(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_publish_server(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_relay_dos(const or_options_t *old_options)
int options_act_relay_desc(const or_options_t *old_options)
int options_act_bridge_stats(const or_options_t *old_options)
int options_validate_relay_testing(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_relay_mode(const or_options_t *old_options, or_options_t *options, char **msg)
Header for feature/relay/relay_config.c.
int tor_addr_port_lookup(const char *s, tor_addr_t *addr_out, uint16_t *port_out)
int set_max_file_descriptors(rlim_t limit, int *max_out)
int tor_disable_debugger_attach(void)
uint16_t router_get_active_listener_port_by_type_af(int listener_type, sa_family_t family)
void refresh_all_country_info(void)
Header file for routerlist.c.
int public_server_mode(const or_options_t *options)
int server_mode(const or_options_t *options)
Header file for routermode.c.
int routerset_needs_geoip(const routerset_t *set)
routerset_t * routerset_new(void)
int routerset_equal(const routerset_t *old, const routerset_t *new)
int routerset_is_list(const routerset_t *set)
int routerset_add_unknown_ccs(routerset_t **setp, int only_if_some_cc_set)
int routerset_parse(routerset_t *target, const char *s, const char *description)
int routerset_len(const routerset_t *set)
void routerset_union(routerset_t *target, const routerset_t *source)
Header file for routerset.c.
int sandbox_is_active(void)
Header file for sandbox.c.
void scheduler_conf_changed(void)
Header file for scheduler*.c.
int switch_id(const char *user, const unsigned flags)
#define SWITCH_ID_WARN_IF_NO_CAPS
#define SWITCH_ID_KEEP_BINDLOW
static const char default_fname[]
int smartlist_strings_eq(const smartlist_t *sl1, const smartlist_t *sl2)
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
void smartlist_del_keeporder(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
void check_network_configuration(bool server_mode)
int get_n_open_sockets(void)
int or_state_loaded(void)
unsigned int cache_ipv4_answers
unsigned int socks_iso_keep_alive
unsigned int use_cached_ipv4_answers
unsigned int prefer_ipv6_virtaddr
unsigned int socks_prefer_no_auth
unsigned int extended_socks5_codes
smartlist_t * new_listeners
struct config_line_t * ControlPort_lines
tor_addr_t Socks4ProxyAddr
struct config_line_t * MyFamily
struct config_line_t * NATDPort_lines
int DirReqStatistics_option
struct config_line_t * AlternateBridgeAuthority
tor_addr_t HTTPSProxyAddr
int ConnLimit_high_thresh
struct routerset_t * ExcludeExitNodes
int TestingEnableConnBwEvent
struct config_line_t * OutboundBindAddressExit
struct config_line_t * DNSPort_lines
char * BridgePassword_AuthDigest_
char * FamilyKeyDirectory_option
uint64_t MaxMemInQueues_low_threshold
struct smartlist_t * RejectPlaintextPorts
char * FamilyKeyDirectory
struct config_line_t * Logs
struct routerset_t * ExcludeExitNodesUnion_
int TestingDirConnectionMaxStall
int ClientBootstrapConsensusMaxInProgressTries
struct smartlist_t * WarnPlaintextPorts
struct smartlist_t * TrackHostExits
struct smartlist_t * FirewallPorts
int TestingClientMaxIntervalWithoutRequest
struct smartlist_t * Schedulers
tcp_proxy_protocol_t TCPProxyProtocol
int FetchDirInfoExtraEarly
struct config_line_t * ClientTransportPlugin
struct config_line_t * OutboundBindAddressPT
struct smartlist_t * SchedulerTypes_
struct config_line_t * DirAuthorities
struct config_line_t * Bridges
int ControlSocketsGroupWritable
uint64_t OwningControllerFD
double KISTSockBufSizeFactor
struct config_line_t * ControlSocket
struct config_line_t * OutboundBindAddress
int UseDefaultFallbackDirs
struct config_line_t * AlternateDirAuthority
int DataDirectoryGroupReadable
int CacheDirectoryGroupReadable
int KeyDirectoryGroupReadable
char * KeyDirectory_option
struct smartlist_t * NodeFamilySets
uint64_t ConstrainedSockSize
struct config_line_t * AddressMap
struct smartlist_t * FilesOpenedByIncludes
int HiddenServiceStatistics_option
char * HTTPProxyAuthenticator
struct config_line_t * HashedControlPassword
int TokenBucketRefillInterval
int LearnCircuitBuildTimeout
struct config_line_t * FallbackDir
struct routerset_t * EntryNodes
int HiddenServiceStatistics
int UsingTestNetworkDefaults_
int UnixSocksGroupWritable
struct config_line_t * NodeFamilies
char * VirtualAddrNetworkIPv6
struct routerset_t * ExcludeNodes
char * OwningControllerProcess
struct config_line_t * ReachableORAddresses
char * Socks5ProxyUsername
struct config_line_t * HashedControlSessionPassword
char * Socks5ProxyPassword
int CookieAuthFileGroupReadable
int TestingEnableCellStatsEvent
struct routerset_t * ExitNodes
tor_addr_t Socks5ProxyAddr
struct config_line_t * ReachableDirAddresses
int MaxClientCircuitsPending
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
struct routerset_t * HSLayer2Nodes
char * CacheDirectory_option
struct config_line_t * OutboundBindAddressOR
int ReconfigDropsBridgeDescs
int CircuitsAvailableTimeout
enum or_options_t::@2 TransProxyType_parsed
struct smartlist_t * AutomapHostsSuffixes
int ConnDirectionStatistics
char * VirtualAddrNetworkIPv4
int AutomapHostsOnResolve
char * HTTPSProxyAuthenticator
tor_cmdline_mode_t command
int DisableDebuggerAttachment
struct smartlist_t * FamilyIds
struct config_line_t * TransPort_lines
struct smartlist_t * LongLivedPorts
struct config_line_t * RendConfigLines
struct config_line_t * ReachableAddresses
char * ConfluxClientUX_option
int HiddenServiceSingleHopMode
double PathsNeededToBuildCircuits
int UseEntryGuards_option
struct config_line_t * HTTPTunnelPort_lines
char * DataDirectory_option
int ClientDNSRejectInternalAddresses
struct routerset_t * MiddleNodes
struct config_line_t * SocksPort_lines
struct routerset_t * HSLayer3Nodes
quiet_level_t quiet_level
struct config_line_t * cmdline_opts
struct config_line_t * other_opts
tor_cmdline_mode_t command
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
entry_port_cfg_t entry_cfg
const char * struct_var_get_typename(const struct_member_t *member)
Header for lib/confmgt/structvar.c.
int subsystems_set_options(const config_mgr_t *mgr, struct or_options_t *options)
void subsystems_prefork(void)
void subsystems_postfork(void)
void subsystems_dump_list(void)
int subsystems_register_options_formats(config_mgr_t *mgr)
#define MOCK_IMPL(rv, funcname, arglist)
const char * get_version(void)
int options_act_server_transport(const or_options_t *old_options)
int options_validate_server_transport(const or_options_t *old_options, or_options_t *options, char **msg)
Header for feature/relay/transport_config.c.
int pt_proxies_configuration_pending(void)
int transport_add_from_config(const tor_addr_t *addr, uint16_t port, const char *name, int socks_ver)
char * pt_stringify_socks_args(const smartlist_t *socks_args)
void pt_configure_remaining_proxies(void)
void sweep_proxy_list(void)
void mark_transport_list(void)
static smartlist_t * transport_list
void sweep_transport_list(void)
void pt_prepare_proxy_list_for_config_read(void)
Headers for transports.c.
const char * get_uname(void)
#define tor_assert_nonfatal_unreached()
int strcasecmpstart(const char *s1, const char *s2)
int strcmpstart(const char *s1, const char *s2)
const char * find_whitespace(const char *s)
int strcasecmpend(const char *s1, const char *s2)
int strcmp_opt(const char *s1, const char *s2)
int string_is_C_identifier(const char *string)
const char * eat_whitespace(const char *s)
int tor_digest_is_zero(const char *digest)