35#include "feature/hs/hs_opts_st.h"
39#define CONF_CONTEXT TABLE
40#include "feature/hs/hs_options.inc"
44#define HS_OPTS_MAGIC 0x6f6e796e
48 .magic = {
"hs_opts_t",
51 .vars = hs_opts_t_vars,
86#define hs_opts_free(opts) \
87 config_free(get_hs_opts_mgr(), (opts))
143 log_warn(
LD_REND,
"Another hidden service is already configured "
149 } SMARTLIST_FOREACH_END(s);
161 if (i < low || i > high) {
165 log_warn(
LD_CONFIG,
"%s must be between %d and %d, not %d.",
177#define CHECK_OOB(opts, name, low, high) \
178 check_value_oob((opts)->name, #name, (low), (high))
193 if (! strcasecmp(value,
"haproxy")) {
196 }
else if (! strcasecmp(value,
"none")) {
200 log_warn(
LD_CONFIG,
"%s must be 'haproxy' or 'none'.", key);
244 const char **optlist;
252 const char *opts_exclude_v3[] = {
253 "HiddenServiceAuthorizeClient",
270 if (optlist == NULL) {
274 for (
int i = 0; optlist[i]; i++) {
275 const char *opt = optlist[i];
276 for (line = line_; line; line = line->next) {
284 if (!strcasecmp(line->key, opt)) {
285 log_warn(
LD_CONFIG,
"Hidden service option %s is incompatible with "
286 "version %" PRIu32
" of service in %s",
309 if (!config->
ports || smartlist_len(config->
ports) == 0) {
310 log_warn(
LD_CONFIG,
"Hidden service (%s) with no ports configured.",
317 (config->intro_dos_burst_per_sec < config->intro_dos_rate_per_sec)) {
318 log_warn(
LD_CONFIG,
"Hidden service DoS defenses burst (%" PRIu32
") can "
319 "not be smaller than the rate value (%" PRIu32
").",
320 config->intro_dos_burst_per_sec, config->intro_dos_rate_per_sec);
324 (config->pow_queue_burst < config->pow_queue_rate)) {
325 log_warn(
LD_CONFIG,
"Hidden service PoW queue burst (%" PRIu32
") can "
326 "not be smaller than the rate value (%" PRIu32
").",
327 config->pow_queue_burst, config->pow_queue_rate);
331 log_warn(
LD_CONFIG,
"Hidden service proof-of-work defenses are enabled "
332 "in our configuration but this build of tor does not "
333 "include the required 'pow' module.");
356 if (
CHECK_OOB(hs_opts, HiddenServiceNumIntroductionPoints,
358 HS_CONFIG_V3_MAX_INTRO_POINTS)) {
364 if (hs_opts->HiddenServiceExportCircuitID) {
368 hs_opts->HiddenServiceExportCircuitID,
377 hs_opts->HiddenServiceEnableIntroDoSDefense;
380 if (
CHECK_OOB(hs_opts, HiddenServiceEnableIntroDoSRatePerSec,
381 HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN,
382 HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MAX)) {
385 config->intro_dos_rate_per_sec =
386 hs_opts->HiddenServiceEnableIntroDoSRatePerSec;
387 log_info(
LD_REND,
"Service INTRO2 DoS defenses rate set to: %" PRIu32,
388 config->intro_dos_rate_per_sec);
390 if (
CHECK_OOB(hs_opts, HiddenServiceEnableIntroDoSBurstPerSec,
391 HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN,
392 HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MAX)) {
395 config->intro_dos_burst_per_sec =
396 hs_opts->HiddenServiceEnableIntroDoSBurstPerSec;
397 log_info(
LD_REND,
"Service INTRO2 DoS defenses burst set to: %" PRIu32,
398 config->intro_dos_burst_per_sec);
401 if (hs_opts->HiddenServiceOnionBalanceInstance) {
410 config->pow_queue_rate = hs_opts->HiddenServicePoWQueueRate;
411 config->pow_queue_burst = hs_opts->HiddenServicePoWQueueBurst;
413 log_info(
LD_REND,
"Service PoW defenses are %s",
416 log_info(
LD_REND,
"Service PoW queue rate set to: %" PRIu32,
417 config->pow_queue_rate);
418 log_info(
LD_REND,
"Service PoW queue burst set to: %" PRIu32,
419 config->pow_queue_burst);
459 config = &service->
config;
464 log_info(
LD_CONFIG,
"%s=%s. Configuring...",
468 if (hs_opts->HiddenServiceVersion == -1) {
470 }
else if (hs_opts->HiddenServiceVersion == 2) {
471 log_warn(
LD_CONFIG,
"Onion services version 2 are obsolete. Please see "
472 "https://blog.torproject.org/v2-deprecation-timeline "
473 "for more details and for instructions on how to "
474 "transition to version 3.");
476 }
else if (
CHECK_OOB(hs_opts, HiddenServiceVersion,
481 config->
version = hs_opts->HiddenServiceVersion;
485 for (
const config_line_t *portline = hs_opts->HiddenServicePort;
486 portline; portline = portline->next) {
487 char *err_msg = NULL;
500 log_info(
LD_CONFIG,
"HiddenServicePort=%s for %s",
511 if (
CHECK_OOB(hs_opts, HiddenServiceMaxStreams,
512 0, HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT)) {
519 hs_opts->HiddenServiceMaxStreamsCloseCircuit;
523 if (hs_service_non_anonymous_mode_enabled(options)) {
558 log_warn(
LD_REND,
"Can't parse configuration for onion service: %s", msg);
561 tor_assert_nonfatal(msg == NULL);
565 log_warn(
LD_REND,
"Bad configuration for onion service: %s", msg);
568 tor_assert_nonfatal(msg == NULL);
659 log_warn(
LD_CONFIG,
"%s with no preceding %s directive",
672 config_free_lines(section);
674 config_free_lines(remaining);
683 if (!validate_only) {
700 smartlist_free(new_service_list);
Macros for generating a configuration struct from a list of its individual fields.
config_line_t * config_lines_partition(config_line_t *inp, const char *header)
config_line_t * config_lines_dup(const config_line_t *inp)
void config_init(const config_mgr_t *mgr, void *options)
void config_mgr_freeze(config_mgr_t *mgr)
validation_status_t config_validate(const config_mgr_t *mgr, const void *old_options, void *options, char **msg_out)
int config_assign(const config_mgr_t *mgr, void *options, config_line_t *list, unsigned config_assign_flags, char **msg)
config_mgr_t * config_mgr_new(const config_format_t *toplevel_fmt)
void * config_new(const config_mgr_t *mgr)
const char * escaped(const char *s)
int hs_config_client_authorization(const or_options_t *options, int validate_only)
Header file containing client data for the HS subsystem.
hs_port_config_t * hs_parse_port_config(const char *string, const char *sep, char **err_msg_out)
int hs_check_service_private_dir(const char *username, const char *path, unsigned int dir_group_readable, unsigned int create)
Header file containing common data for the whole HS subsystem.
#define NUM_INTRO_POINTS_DEFAULT
static hs_opts_t * hs_opts_new(void)
int hs_config_client_auth_all(const or_options_t *options, int validate_only)
static int config_service_v3(const hs_opts_t *hs_opts, hs_service_config_t *config)
static int config_generic_service(const hs_opts_t *hs_opts, const or_options_t *options, hs_service_t *service)
void hs_config_free_all(void)
#define CHECK_OOB(opts, name, low, high)
static const config_mgr_t * get_hs_opts_mgr(void)
int hs_config_service_all(const or_options_t *options, int validate_only)
static int config_learn_service_version(hs_service_t *service)
static bool check_value_oob(int i, const char *name, int low, int high)
static hs_circuit_id_protocol_t helper_parse_circuit_id_protocol(const char *key, const char *value, int *ok)
static void stage_services(smartlist_t *service_list)
#define hs_opts_free(opts)
static const char SECTION_HEADER[]
static config_mgr_t * hs_opts_mgr
static int config_service(config_line_t *line, const or_options_t *options, smartlist_t *service_list)
static int config_has_invalid_options(const config_line_t *line_, const hs_service_t *service)
static int service_is_duplicate_in_list(const smartlist_t *service_list, const hs_service_t *service)
static int config_validate_service(const hs_service_config_t *config)
Header file containing configuration ABI/API for the HS subsystem.
int hs_ob_parse_config_file(hs_service_config_t *config)
Header file for the specific code for onion balance.
void hs_service_stage_services(const smartlist_t *service_list)
int hs_service_get_version_from_key(const hs_service_t *service)
hs_service_t * hs_service_new(const or_options_t *options)
Header file containing service data for the HS subsystem.
@ HS_CIRCUIT_ID_PROTOCOL_NONE
@ HS_CIRCUIT_ID_PROTOCOL_HAPROXY
#define hs_service_free(s)
The or_options_t structure, which represents Tor's configuration.
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
hs_circuit_id_protocol_t circuit_id_protocol
uint64_t max_streams_per_rdv_circuit
unsigned int is_single_onion
unsigned int dir_group_readable
unsigned int hs_version_explicitly_set
unsigned int max_streams_close_circuit
unsigned int is_ephemeral
unsigned int has_dos_defense_enabled
unsigned int num_intro_points
unsigned int allow_unknown_ports
unsigned int has_pow_defenses_enabled
hs_service_config_t config
struct config_line_t * RendConfigLines
#define tor_assert_nonfatal_unreached()