Tor 0.4.9.2-alpha-dev
or_options_st.h
Go to the documentation of this file.
1/* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5/* See LICENSE for licensing information */
6
7/**
8 * \file or_options_st.h
9 *
10 * \brief The or_options_t structure, which represents Tor's configuration.
11 */
12
13#ifndef TOR_OR_OPTIONS_ST_H
14#define TOR_OR_OPTIONS_ST_H
15
16#include "core/or/or.h"
17#include "lib/cc/torint.h"
18#include "lib/net/address.h"
20
21struct smartlist_t;
22struct config_line_t;
23struct config_suite_t;
24struct routerset_t;
25
26/** Enumeration of outbound address configuration types:
27 * Exit-only, OR-only, PT-only, or any of them */
28typedef enum {
29 /** Outbound IP address for Exit connections. Controlled by the
30 * `OutboundBindAddressExit` configuration entry in torrc. */
32
33 /** Outbound IP address for OR connections. Controlled by the
34 * `OutboundBindAddressOR` configuration entry in torrc. */
36
37 /** Outbound IP address for PT connections. Controlled by the
38 * `OutboundBindAddressPT` configuration entry in torrc. */
40
41 /** Outbound IP address for any outgoing connections. Controlled by the
42 * OutboundBindAddress configuration entry in torrc. This value is used as
43 * fallback if the more specific OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR, and
44 * OUTBOUND_ADDR_PT are unset. */
46
47 /** Max value for this enum. Must be the last element in this enum. */
50
51/** Which protocol to use for TCPProxy. */
52typedef enum {
53 /** Use the HAProxy proxy protocol. */
56
57/** Enumeration of available time formats for output of --key-expiration */
58typedef enum {
59 KEY_EXPIRATION_FORMAT_ISO8601 = 0,
60 KEY_EXPIRATION_FORMAT_TIMESTAMP
62
63/** Configuration options for a Tor process. */
65 uint32_t magic_;
66
67 /** What should the tor process actually do? */
69 char *command_arg; /**< Argument for command-line option. */
70
71 struct config_line_t *Logs; /**< New-style list of configuration lines
72 * for logs */
73 int LogTimeGranularity; /**< Log resolution in milliseconds. */
74
75 int LogMessageDomains; /**< Boolean: Should we log the domain(s) in which
76 * each log message occurs? */
77 int TruncateLogFile; /**< Boolean: Should we truncate the log file
78 before we start writing? */
79 char *SyslogIdentityTag; /**< Identity tag to add for syslog logging. */
80
81 char *DebugLogFile; /**< Where to send verbose log messages. */
82 char *DataDirectory_option; /**< Where to store long-term data, as
83 * configured by the user. */
84 char *DataDirectory; /**< Where to store long-term data, as modified. */
85 int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */
86
87 char *KeyDirectory_option; /**< Where to store keys, as
88 * configured by the user. */
89 char *KeyDirectory; /**< Where to store keys data, as modified. */
90 int KeyDirectoryGroupReadable; /**< Boolean: Is the KeyDirectory g+r? */
91
92 char *FamilyKeyDirectory_option; /**< Where to look for family ID keys,
93 * as configured by the user. */
94 char *FamilyKeyDirectory; /**< Where to look for family ID keys. */
95
96 char *CacheDirectory_option; /**< Where to store cached data, as
97 * configured by the user. */
98 char *CacheDirectory; /**< Where to store cached data, as modified. */
99 int CacheDirectoryGroupReadable; /**< Boolean: Is the CacheDirectory g+r? */
100
101 char *Nickname; /**< OR only: nickname of this onion router. */
102 /** OR only: configured address for this onion router. Up to two times this
103 * options is accepted as in IPv4 and IPv6. */
105
106 /** Boolean: If set, disable IPv6 address resolution, IPv6 ORPorts, IPv6
107 * reachability checks, and publishing an IPv6 ORPort in its descriptor. */
109
110 char *PidFile; /**< Where to store PID of Tor process. */
111
112 struct routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
113 * country codes and IP address patterns of ORs to
114 * consider as exits. */
115 struct routerset_t *MiddleNodes; /**< Structure containing nicknames,
116 * digests, country codes and IP address patterns
117 * of ORs to consider as middles. */
118 struct routerset_t *EntryNodes;/**< Structure containing nicknames, digests,
119 * country codes and IP address patterns of ORs to
120 * consider as entry points. */
121 int StrictNodes; /**< Boolean: When none of our EntryNodes or ExitNodes
122 * are up, or we need to access a node in ExcludeNodes,
123 * do we just fail instead? */
124 struct routerset_t *ExcludeNodes;/**< Structure containing nicknames,
125 * digests, country codes and IP address patterns
126 * of ORs not to use in circuits. But see
127 * StrictNodes above. */
128 struct routerset_t *ExcludeExitNodes;/**< Structure containing nicknames,
129 * digests, country codes and IP address
130 * patterns of ORs not to consider as
131 * exits. */
132
133 /** Union of ExcludeNodes and ExcludeExitNodes */
134 struct routerset_t *ExcludeExitNodesUnion_;
135
136 int DisableAllSwap; /**< Boolean: Attempt to call mlockall() on our
137 * process for all current and future memory. */
138
139 struct config_line_t *ExitPolicy; /**< Lists of exit policy components. */
140 int ExitPolicyRejectPrivate; /**< Should we not exit to reserved private
141 * addresses, and our own published addresses?
142 */
143 int ExitPolicyRejectLocalInterfaces; /**< Should we not exit to local
144 * interface addresses?
145 * Includes OutboundBindAddresses and
146 * configured ports. */
147 int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */
148 int ReevaluateExitPolicy; /**<Should we re-evaluate Exit Policy on existing
149 * connections when it changes? */
150 struct config_line_t *SocksPolicy; /**< Lists of socks policy components */
151 struct config_line_t *DirPolicy; /**< Lists of dir policy components */
152 /** Local address to bind outbound sockets */
154 /** Local address to bind outbound relay sockets */
156 /** Local address to bind outbound exit sockets */
158 /** Local address to bind outbound PT sockets */
160 /** Addresses derived from the various OutboundBindAddress lines.
161 * [][0] is IPv4, [][1] is IPv6
162 */
164 /** Whether dirservers allow router descriptors with private IPs. */
166 /** Whether routers accept EXTEND cells to routers with private IPs. */
168 char *User; /**< Name of user to run Tor as. */
169 /** Ports to listen on for OR connections. */
171 /** Ports to listen on for extended OR connections. */
173 /** Ports to listen on for Metrics connections. */
175 /** Ports to listen on for SOCKS connections. */
177 /** Ports to listen on for transparent pf/netfilter connections. */
179 char *TransProxyType; /**< What kind of transparent proxy
180 * implementation are we using? */
181 /** Parsed value of TransProxyType. */
182 enum {
183 TPT_DEFAULT,
184 TPT_PF_DIVERT,
185 TPT_IPFW,
186 TPT_TPROXY,
188 /** Ports to listen on for transparent natd connections. */
190 /** Ports to listen on for HTTP Tunnel connections. */
192 struct config_line_t *ControlPort_lines; /**< Ports to listen on for control
193 * connections. */
194 /** List of Unix Domain Sockets to listen on for control connections. */
196
197 int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */
198 int UnixSocksGroupWritable; /**< Boolean: Are SOCKS Unix sockets g+rw? */
199 /** Ports to listen on for directory connections. */
201 /** Ports to listen on for DNS requests. */
203
204 /* MaxMemInQueues value as input by the user. We clean this up to be
205 * MaxMemInQueues. */
206 uint64_t MaxMemInQueues_raw;
207 uint64_t MaxMemInQueues;/**< If we have more memory than this allocated
208 * for queues and buffers, run the OOM handler */
209 /** Above this value, consider ourselves low on RAM. */
211
212 /** @name port booleans
213 *
214 * Derived booleans: For server ports and ControlPort, true iff there is a
215 * non-listener port on an AF_INET or AF_INET6 address of the given type
216 * configured in one of the _lines options above.
217 * For client ports, also true if there is a unix socket configured.
218 * If you are checking for client ports, you may want to use:
219 * SocksPort_set || TransPort_set || NATDPort_set || DNSPort_set ||
220 * HTTPTunnelPort_set
221 * rather than SocksPort_set.
222 *
223 * @{
224 */
225 unsigned int ORPort_set : 1;
226 unsigned int SocksPort_set : 1;
227 unsigned int TransPort_set : 1;
228 unsigned int NATDPort_set : 1;
229 unsigned int ControlPort_set : 1;
230 unsigned int DirPort_set : 1;
231 unsigned int DNSPort_set : 1;
232 unsigned int ExtORPort_set : 1;
233 unsigned int HTTPTunnelPort_set : 1;
234 unsigned int MetricsPort_set : 1;
235 /**@}*/
236
237 /** Whether to publish our descriptor regardless of all our self-tests
238 */
240 /** Whether to publish our descriptor regardless of IPv6 self-tests.
241 *
242 * This is an autobool; when set to AUTO, it uses AssumeReachable.
243 **/
245 int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
246 int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
247 * for version 3 directories? */
248 int BridgeAuthoritativeDir; /**< Boolean: is this an authoritative directory
249 * that aggregates bridge descriptors? */
250
251 /** If set on a bridge relay, it will include this value on a new
252 * "bridge-distribution-request" line in its bridge descriptor. */
254
255 /** If set on a bridge authority, it will answer requests on its dirport
256 * for bridge statuses -- but only if the requests use this password. */
258 /** If BridgePassword is set, this is a SHA256 digest of the basic http
259 * authenticator for it. Used so we can do a time-independent comparison. */
261
262 int UseBridges; /**< Boolean: should we start all circuits with a bridge? */
263 struct config_line_t *Bridges; /**< List of bootstrap bridge addresses. */
264
265 struct config_line_t *ClientTransportPlugin; /**< List of client
266 transport plugins. */
267
268 struct config_line_t *ServerTransportPlugin; /**< List of client
269 transport plugins. */
270
271 /** List of TCP/IP addresses that transports should listen at. */
273
274 /** List of options that must be passed to pluggable transports. */
276
277 int BridgeRelay; /**< Boolean: are we acting as a bridge relay? We make
278 * this explicit so we can change how we behave in the
279 * future. */
280
281 /** Boolean: if we know the bridge's digest, should we get new
282 * descriptors from the bridge authorities or from the bridge itself? */
284
285 int AvoidDiskWrites; /**< Boolean: should we never cache things to disk?
286 * Not used yet. */
287 int ClientOnly; /**< Boolean: should we never evolve into a server role? */
288
289 int ReducedConnectionPadding; /**< Boolean: Should we try to keep connections
290 open shorter and pad them less against
291 connection-level traffic analysis? */
292 /** Autobool: if auto, then connection padding will be negotiated by client
293 * and server. If 0, it will be fully disabled. If 1, the client will still
294 * pad to the server regardless of server support. */
296
297 /** Boolean: if true, then circuit padding will be negotiated by client
298 * and server, subject to consenus limits (default). If 0, it will be fully
299 * disabled. */
301
302 /** Boolean: if true, then this client will discard cached bridge
303 * descriptors on a setconf or other config change that impacts guards
304 * or bridges (see options_transition_affects_guards() for exactly which
305 * config changes trigger it). Useful for tools that test bridge
306 * reachability by fetching fresh descriptors. */
308
309 /** Boolean: if true, then this client will only use circuit padding
310 * algorithms that are known to use a low amount of overhead. If false,
311 * we will use all available circuit padding algorithms.
312 */
314
315 /** To what authority types do we publish our descriptor? Choices are
316 * "v1", "v2", "v3", "bridge", or "". */
318 /** A bitfield of authority types, derived from PublishServerDescriptor. */
320 /** Boolean: do we publish hidden service descriptors to the HS auths? */
322 int FetchServerDescriptors; /**< Do we fetch server descriptors as normal? */
323 int FetchHidServDescriptors; /**< and hidden service descriptors? */
324
325 int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */
326 int AllDirActionsPrivate; /**< Should every directory action be sent
327 * through a Tor circuit? */
328
329 /** A routerset that should be used when picking middle nodes for HS
330 * circuits. */
331 struct routerset_t *HSLayer2Nodes;
332
333 /** A routerset that should be used when picking third-hop nodes for HS
334 * circuits. */
335 struct routerset_t *HSLayer3Nodes;
336
337 /** Onion Services in HiddenServiceSingleHopMode make one-hop (direct)
338 * circuits between the onion service server, and the introduction and
339 * rendezvous points. (Onion service descriptors are still posted using
340 * 3-hop paths, to avoid onion service directories blocking the service.)
341 * This option makes every hidden service instance hosted by
342 * this tor instance a Single Onion Service.
343 * HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be
344 * set to 1.
345 * Use rend_service_allow_non_anonymous_connection() or
346 * rend_service_reveal_startup_time() instead of using this option directly.
347 */
349 /* Makes hidden service clients and servers non-anonymous on this tor
350 * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables
351 * non-anonymous behaviour in the hidden service protocol.
352 * Use hs_service_non_anonymous_mode_enabled() instead of using this option
353 * directly.
354 */
355 int HiddenServiceNonAnonymousMode;
356
357 int ConnLimit; /**< Demanded minimum number of simultaneous connections. */
358 int ConnLimit_; /**< Maximum allowed number of simultaneous connections. */
359 int ConnLimit_high_thresh; /**< start trying to lower socket usage if we
360 * have this many. */
361 int ConnLimit_low_thresh; /**< try to get down to here after socket
362 * exhaustion. */
363 int RunAsDaemon; /**< If true, run in the background. (Unix only) */
364 int FascistFirewall; /**< Whether to prefer ORs reachable on open ports. */
365 struct smartlist_t *FirewallPorts; /**< Which ports our firewall allows
366 * (strings). */
367 /** IP:ports our firewall allows. */
369 struct config_line_t *ReachableORAddresses; /**< IP:ports for OR conns. */
370 struct config_line_t *ReachableDirAddresses; /**< IP:ports for Dir conns. */
371
372 int ConstrainedSockets; /**< Shrink xmit and recv socket buffers. */
373 uint64_t ConstrainedSockSize; /**< Size of constrained buffers. */
374
375 /** Whether we should drop exit streams from Tors that we don't know are
376 * relays. One of "0" (never refuse), "1" (always refuse), or "-1" (do
377 * what the consensus says, defaulting to 'refuse' if the consensus says
378 * nothing). */
380
381 /** Application ports that require all nodes in circ to have sufficient
382 * uptime. */
384 /** Application ports that are likely to be unencrypted and
385 * unauthenticated; we reject requests for them to prevent the
386 * user from screwing up and leaking plaintext secrets to an
387 * observer somewhere on the Internet. */
389 /** Related to RejectPlaintextPorts above, except this config option
390 * controls whether we warn (in the log and via a controller status
391 * event) every time a risky connection is attempted. */
393 /** Should we try to reuse the same exit node for a given host */
395 int TrackHostExitsExpire; /**< Number of seconds until we expire an
396 * addressmap */
397 struct config_line_t *AddressMap; /**< List of address map directives. */
398 int AutomapHostsOnResolve; /**< If true, when we get a resolve request for a
399 * hostname ending with one of the suffixes in
400 * <b>AutomapHostsSuffixes</b>, map it to a
401 * virtual address. */
402 /** List of suffixes for <b>AutomapHostsOnResolve</b>. The special value
403 * "." means "match everything." */
405 int KeepalivePeriod; /**< How often do we send padding cells to keep
406 * connections alive? */
407 int SocksTimeout; /**< How long do we let a socks connection wait
408 * unattached before we fail it? */
409 int LearnCircuitBuildTimeout; /**< If non-zero, we attempt to learn a value
410 * for CircuitBuildTimeout based on timeout
411 * history. Use circuit_build_times_disabled()
412 * rather than checking this value directly. */
413 int CircuitBuildTimeout; /**< Cull non-open circuits that were born at
414 * least this many seconds ago. Used until
415 * adaptive algorithm learns a new value. */
416 int CircuitsAvailableTimeout; /**< Try to have an open circuit for at
417 least this long after last activity */
418 int CircuitStreamTimeout; /**< If non-zero, detach streams from circuits
419 * and try a new circuit if the stream has been
420 * waiting for this many seconds. If zero, use
421 * our default internal timeout schedule. */
422 int MaxOnionQueueDelay; /*< DOCDOC */
423 int NewCircuitPeriod; /**< How long do we use a circuit before building
424 * a new one? */
425 int MaxCircuitDirtiness; /**< Never use circs that were first used more than
426 this interval ago. */
427 uint64_t BandwidthRate; /**< How much bandwidth, on average, are we willing
428 * to use in a second? */
429 uint64_t BandwidthBurst; /**< How much bandwidth, at maximum, are we willing
430 * to use in a second? */
431 uint64_t MaxAdvertisedBandwidth; /**< How much bandwidth are we willing to
432 * tell other nodes we have? */
433 uint64_t RelayBandwidthRate; /**< How much bandwidth, on average, are we
434 * willing to use for all relayed conns? */
435 uint64_t RelayBandwidthBurst; /**< How much bandwidth, at maximum, will we
436 * use in a second for all relayed conns? */
437 uint64_t PerConnBWRate; /**< Long-term bw on a single TLS conn, if set. */
438 uint64_t PerConnBWBurst; /**< Allowed burst on a single TLS conn, if set. */
439 int NumCPUs; /**< How many CPUs should we try to use? */
440 struct config_line_t *RendConfigLines; /**< List of configuration lines
441 * for rendezvous services. */
442 char *ClientOnionAuthDir; /**< Directory to keep client
443 * onion service authorization secret keys */
444 char *ContactInfo; /**< Contact info to be published in the directory. */
445
446 int HeartbeatPeriod; /**< Log heartbeat messages after this many seconds
447 * have passed. */
448 int MainloopStats; /**< Log main loop statistics as part of the
449 * heartbeat messages. */
450
451 char *HTTPProxy; /**< hostname[:port] to use as http proxy, if any. */
452 tor_addr_t HTTPProxyAddr; /**< Parsed IPv4 addr for http proxy, if any. */
453 uint16_t HTTPProxyPort; /**< Parsed port for http proxy, if any. */
454 char *HTTPProxyAuthenticator; /**< username:password string, if any. */
455
456 char *HTTPSProxy; /**< hostname[:port] to use as https proxy, if any. */
457 tor_addr_t HTTPSProxyAddr; /**< Parsed addr for https proxy, if any. */
458 uint16_t HTTPSProxyPort; /**< Parsed port for https proxy, if any. */
459 char *HTTPSProxyAuthenticator; /**< username:password string, if any. */
460
461 char *Socks4Proxy; /**< hostname:port to use as a SOCKS4 proxy, if any. */
462 tor_addr_t Socks4ProxyAddr; /**< Derived from Socks4Proxy. */
463 uint16_t Socks4ProxyPort; /**< Derived from Socks4Proxy. */
464
465 char *Socks5Proxy; /**< hostname:port to use as a SOCKS5 proxy, if any. */
466 tor_addr_t Socks5ProxyAddr; /**< Derived from Sock5Proxy. */
467 uint16_t Socks5ProxyPort; /**< Derived from Socks5Proxy. */
468 char *Socks5ProxyUsername; /**< Username for SOCKS5 authentication, if any */
469 char *Socks5ProxyPassword; /**< Password for SOCKS5 authentication, if any */
470
471 char *TCPProxy; /**< protocol and hostname:port to use as a proxy, if any. */
472 tcp_proxy_protocol_t TCPProxyProtocol; /**< Derived from TCPProxy. */
473 tor_addr_t TCPProxyAddr; /**< Derived from TCPProxy. */
474 uint16_t TCPProxyPort; /**< Derived from TCPProxy. */
475
476 /** List of configuration lines for replacement directory authorities.
477 * If you just want to replace one class of authority at a time,
478 * use the "Alternate*Authority" options below instead. */
480
481 /** List of fallback directory servers */
483 /** Whether to use the default hard-coded FallbackDirs */
485
486 /** Weight to apply to all directory authority rates if considering them
487 * along with fallbackdirs */
489
490 /** If set, use these main (currently v3) directory authorities and
491 * not the default ones. */
493
494 /** If set, use these bridge authorities and not the default one. */
496
497 struct config_line_t *MyFamily_lines; /**< Declared family for this OR. */
498 struct config_line_t *MyFamily; /**< Declared family for this OR,
499 normalized */
500 struct config_line_t *FamilyId_lines; /**< If set, IDs for family keys to use
501 * to certify this OR's membership. */
502 struct smartlist_t *FamilyIds; /**< FamilyIds, parsed and converted
503 * to a list of ed25519_public_key_t */
504 bool AllFamilyIdsExpected; /**< If true, we should accept all the
505 * FamilyIds in the FamilyKeyDirectory. */
506
507 struct config_line_t *NodeFamilies; /**< List of config lines for
508 * node families */
509 /** List of parsed NodeFamilies values. */
511 struct config_line_t *AuthDirBadExit; /**< Address policy for descriptors to
512 * mark as bad exits. */
513 /** Address policy for descriptors to mark as only suitable for the
514 * middle position in circuits. */
516 struct config_line_t *AuthDirReject; /**< Address policy for descriptors to
517 * reject. */
518 struct config_line_t *AuthDirInvalid; /**< Address policy for descriptors to
519 * never mark as valid. */
520 /** @name AuthDir...CC
521 *
522 * Lists of country codes to mark as BadExit, or Invalid, or to
523 * reject entirely.
524 *
525 * @{
526 */
527 struct smartlist_t *AuthDirBadExitCCs;
528 struct smartlist_t *AuthDirInvalidCCs;
529 struct smartlist_t *AuthDirMiddleOnlyCCs;
530 struct smartlist_t *AuthDirRejectCCs;
531 /**@}*/
532
533 char *AccountingStart; /**< How long is the accounting interval, and when
534 * does it start? */
535 uint64_t AccountingMax; /**< How many bytes do we allow per accounting
536 * interval before hibernation? 0 for "never
537 * hibernate." */
538 /** How do we determine when our AccountingMax has been reached?
539 * "max" for when in or out reaches AccountingMax
540 * "sum" for when in plus out reaches AccountingMax
541 * "in" for when in reaches AccountingMax
542 * "out" for when out reaches AccountingMax */
544 enum { ACCT_MAX, ACCT_SUM, ACCT_IN, ACCT_OUT } AccountingRule;
545
546 /** Base64-encoded hash of accepted passwords for the control system. */
548 /** As HashedControlPassword, but not saved. */
550
551 int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
552 * the control system? */
553 char *CookieAuthFile; /**< Filesystem location of a ControlPort
554 * authentication cookie. */
555 char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
556 * ORPort authentication cookie. */
557 int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
558 int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the
559 * ExtORPortCookieAuthFile g+r? */
560 int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
561 * circuits itself (0), or does it expect a controller
562 * to cope? (1) */
563 int DisablePredictedCircuits; /**< Boolean: does Tor preemptively
564 * make circuits in the background (0),
565 * or not (1)? */
566
567 /** Process specifier for a controller that ‘owns’ this Tor
568 * instance. Tor will terminate if its owning controller does. */
570 /** FD specifier for a controller that owns this Tor instance. */
572
573 int ShutdownWaitLength; /**< When we get a SIGINT and we're a server, how
574 * long do we wait before exiting? */
575 char *SafeLogging; /**< Contains "relay", "1", "0" (meaning no scrubbing). */
576
577 /* Derived from SafeLogging */
578 enum {
579 SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE
580 } SafeLogging_;
581
582 int Sandbox; /**< Boolean: should sandboxing be enabled? */
583 int SafeSocks; /**< Boolean: should we outright refuse application
584 * connections that use socks4 or socks5-with-local-dns? */
585 int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor
586 * protocol, is it a warn or an info in our logs? */
587 int TestSocks; /**< Boolean: when we get a socks connection, do we loudly
588 * log whether it was DNS-leaking or not? */
589 /** Token Bucket Refill resolution in milliseconds. */
591
592 /** Boolean: Do we try to enter from a smallish number
593 * of fixed nodes? */
595 /** Internal variable to remember whether we're actually acting on
596 * UseEntryGuards_option -- when we're a non-anonymous Single Onion Service,
597 * it is always false, otherwise we use the value of UseEntryGuards_option.
598 * */
600
601 int NumEntryGuards; /**< How many entry guards do we try to establish? */
602
603 /** If 1, we use any guardfraction information we see in the
604 * consensus. If 0, we don't. If -1, let the consensus parameter
605 * decide. */
607
608 int NumDirectoryGuards; /**< How many dir guards do we try to establish?
609 * If 0, use value from NumEntryGuards. */
610 int NumPrimaryGuards; /**< How many primary guards do we want? */
611
612 /** Boolean: Switch to toggle the vanguards-lite subsystem */
614
615 /** Boolean: Switch to override consensus to enable congestion control */
617
618 /** Boolean: Switch to specify this is an sbws measurement exit */
620
621 int RephistTrackTime; /**< How many seconds do we keep rephist info? */
622 /** Should we always fetch our dir info on the mirror schedule (which
623 * means directly from the authorities) no matter our other config? */
625
626 /** Should we fetch our dir info at the start of the consensus period? */
628
629 int DirCache; /**< Cache all directory documents and accept requests via
630 * tunnelled dir conns from clients. If 1, enabled (default);
631 * If 0, disabled. Use dir_server_mode() rather than
632 * referencing this option directly. (Except for routermode
633 * and relay_config, which do direct checks.) */
634
635 char *VirtualAddrNetworkIPv4; /**< Address and mask to hand out for virtual
636 * MAPADDRESS requests for IPv4 addresses */
637 char *VirtualAddrNetworkIPv6; /**< Address and mask to hand out for virtual
638 * MAPADDRESS requests for IPv6 addresses */
639 int ServerDNSSearchDomains; /**< Boolean: If set, we don't force exit
640 * addresses to be FQDNs, but rather search for them in
641 * the local domains. */
642 int ServerDNSDetectHijacking; /**< Boolean: If true, check for DNS failure
643 * hijacking. */
644 int ServerDNSRandomizeCase; /**< Boolean: Use the 0x20-hack to prevent
645 * DNS poisoning attacks. */
646 char *ServerDNSResolvConfFile; /**< If provided, we configure our internal
647 * resolver from the file here rather than from
648 * /etc/resolv.conf (Unix) or the registry (Windows). */
649 char *DirPortFrontPage; /**< This is a full path to a file with an html
650 disclaimer. This allows a server administrator to show
651 that they're running Tor and anyone visiting their server
652 will know this without any specialized knowledge. */
653 int DisableDebuggerAttachment; /**< Currently Linux only specific attempt to
654 disable ptrace; needs BSD testing. */
655 /** Boolean: if set, we start even if our resolv.conf file is missing
656 * or broken. */
658 /** Boolean: if set, then even connections to private addresses will get
659 * rate-limited. */
661 /** A list of addresses that definitely should be resolvable. Used for
662 * testing our DNS server. */
664 int EnforceDistinctSubnets; /**< If true, don't allow multiple routers in the
665 * same network zone in the same circuit. */
666 int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames
667 * with weird characters. */
668 /** If true, we try resolving hostnames with weird characters. */
670
671 /** If true, we try to download extra-info documents (and we serve them,
672 * if we are a cache). For authorities, this is always true. */
674
675 /** If true, we're configured to collect statistics on clients
676 * requesting network statuses from us as directory. */
678 /** Internal variable to remember whether we're actually acting on
679 * DirReqStatistics_option -- yes if it's set and we're a server, else no. */
681
682 /** If true, the user wants us to collect statistics on port usage. */
684
685 /** If true, the user wants us to collect connection statistics. */
687
688 /** If true, the user wants us to collect cell statistics. */
690
691 /** If true, the user wants us to collect padding statistics. */
693
694 /** If true, the user wants us to collect statistics as entry node. */
696
697 /** If true, the user wants us to collect statistics as hidden service
698 * directory, introduction point, or rendezvous point. */
700 /** Internal variable to remember whether we're actually acting on
701 * HiddenServiceStatistics_option -- yes if it's set and we're a server,
702 * else no. */
704
705 /** If true, include statistics file contents in extra-info documents. */
707
708 /** If true, include overload statistics in extra-info documents. */
710
711 /** If true, do not believe anybody who tells us that a domain resolves
712 * to an internal address, or that an internal address has a PTR mapping.
713 * Helps avoid some cross-site attacks. */
715
716 /** If true, do not accept any requests to connect to internal addresses
717 * over randomly chosen exits. */
719
720 /** If true, clients may connect over IPv4. If false, they will avoid
721 * connecting over IPv4. We enforce this for OR and Dir connections. */
723 /** If true, clients may connect over IPv6. If false, they will avoid
724 * connecting over IPv4. We enforce this for OR and Dir connections.
725 * Use reachable_addr_use_ipv6() instead of accessing this value
726 * directly. */
728 /** If true, prefer an IPv6 OR port over an IPv4 one for entry node
729 * connections. If auto, bridge clients prefer IPv6, and other clients
730 * prefer IPv4. Use node_ipv6_or_preferred() instead of accessing this value
731 * directly. */
733 /** If true, prefer an IPv6 directory port over an IPv4 one for direct
734 * directory connections. If auto, bridge clients prefer IPv6, and other
735 * clients prefer IPv4. Use reachable_addr_prefer_ipv6_dirport() instead of
736 * accessing this value directly. */
738
739 /** If true, always use the compiled hash implementation. If false, always
740 * the interpreter. Default of "auto" allows a dynamic fallback from
741 * copmiler to interpreter. */
743
744 /** If true, the tor client will use conflux for its general purpose
745 * circuits which excludes onion service traffic. */
747
748 /** Has the UX integer value that the client will request from the exit. */
750 int ConfluxClientUX;
751
752 /** The length of time that we think a consensus should be fresh. */
754 /** The length of time we think it will take to distribute votes. */
756 /** The length of time we think it will take to distribute signatures. */
758 /** The number of intervals we think a consensus should be valid. */
760
761 /** Should advertise and sign consensuses with a legacy key, for key
762 * migration purposes? */
764
765 /** Location of bandwidth measurement file */
767
768 /** Location of guardfraction file */
770
771 /** The length of time that we think an initial consensus should be fresh.
772 * Only altered on testing networks. */
774
775 /** The length of time we think it will take to distribute initial votes.
776 * Only altered on testing networks. */
778
779 /** The length of time we think it will take to distribute initial
780 * signatures. Only altered on testing networks.*/
782
783 /** Offset in seconds added to the starting time for consensus
784 voting. Only altered on testing networks. */
786
787 /** Schedule for when servers should download things in general. Only
788 * altered on testing networks. */
790
791 /** Schedule for when clients should download things in general. Only
792 * altered on testing networks. */
794
795 /** Schedule for when servers should download consensuses. Only altered
796 * on testing networks. */
798
799 /** Schedule for when clients should download consensuses. Only altered
800 * on testing networks. */
802
803 /** Schedule for when clients should download consensuses from authorities
804 * if they are bootstrapping (that is, they don't have a usable, reasonably
805 * live consensus). Only used by clients fetching from a list of fallback
806 * directory mirrors.
807 *
808 * This schedule is incremented by (potentially concurrent) connection
809 * attempts, unlike other schedules, which are incremented by connection
810 * failures. Only altered on testing networks. */
812
813 /** Schedule for when clients should download consensuses from fallback
814 * directory mirrors if they are bootstrapping (that is, they don't have a
815 * usable, reasonably live consensus). Only used by clients fetching from a
816 * list of fallback directory mirrors.
817 *
818 * This schedule is incremented by (potentially concurrent) connection
819 * attempts, unlike other schedules, which are incremented by connection
820 * failures. Only altered on testing networks. */
822
823 /** Schedule for when clients should download consensuses from authorities
824 * if they are bootstrapping (that is, they don't have a usable, reasonably
825 * live consensus). Only used by clients which don't have or won't fetch
826 * from a list of fallback directory mirrors.
827 *
828 * This schedule is incremented by (potentially concurrent) connection
829 * attempts, unlike other schedules, which are incremented by connection
830 * failures. Only altered on testing networks. */
832
833 /** Schedule for when clients should download bridge descriptors. Only
834 * altered on testing networks. */
836
837 /** Schedule for when clients should download bridge descriptors when they
838 * have no running bridges. Only altered on testing networks. */
840
841 /** When directory clients have only a few descriptors to request, they
842 * batch them until they have more, or until this amount of time has
843 * passed. Only altered on testing networks. */
845
846 /** How long do we let a directory connection stall before expiring
847 * it? Only altered on testing networks. */
849
850 /** How many simultaneous in-progress connections will we make when trying
851 * to fetch a consensus before we wait for one to complete, timeout, or
852 * error out? Only altered on testing networks. */
854
855 /** If true, we take part in a testing network. Change the defaults of a
856 * couple of other configuration options and allow to change the values
857 * of certain configuration options. */
859
860 /** Enable CONN_BW events. Only altered on testing networks. */
862
863 /** Enable CELL_STATS events. Only altered on testing networks. */
865
866 /** If true, and we have GeoIP data, and we're a bridge, keep a per-country
867 * count of how many client addresses have contacted us so that we can help
868 * the bridge authority guess which countries have blocked access to us. */
870
871 /** Optionally, IPv4 and IPv6 GeoIP data. */
873 char *GeoIPv6File;
874
875 /** Autobool: if auto, then any attempt to Exclude{Exit,}Nodes a particular
876 * country code will exclude all nodes in ?? and A1. If true, all nodes in
877 * ?? and A1 are excluded. Has no effect if we don't know any GeoIP data. */
879
880 /** If true, SIGHUP should reload the torrc. Sometimes controllers want
881 * to make this false. */
883
884 /** The main parameter for picking circuits within a connection.
885 *
886 * If this value is positive, when picking a cell to relay on a connection,
887 * we always relay from the circuit whose weighted cell count is lowest.
888 * Cells are weighted exponentially such that if one cell is sent
889 * 'CircuitPriorityHalflife' seconds before another, it counts for half as
890 * much.
891 *
892 * If this value is zero, we're disabling the cell-EWMA algorithm.
893 *
894 * If this value is negative, we're using the default approach
895 * according to either Tor or a parameter set in the consensus.
896 */
898
899 /** Set to true if the TestingTorNetwork configuration option is set.
900 * This is used so that options_validate() has a chance to realize that
901 * the defaults have changed. */
903
904 /** If 1, we try to use microdescriptors to build circuits. If 0, we don't.
905 * If -1, Tor decides. */
907
908 /** File where we should write the ControlPort. */
910 /** Should that file be group-readable? */
912
913#define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024
914 /** Maximum number of non-open general-purpose origin circuits to allow at
915 * once. */
917
918 /** If 1, we accept and launch no external network connections, except on
919 * control ports. */
921
922 /**
923 * Parameters for path-bias detection.
924 * @{
925 * These options override the default behavior of Tor's (**currently
926 * experimental**) path bias detection algorithm. To try to find broken or
927 * misbehaving guard nodes, Tor looks for nodes where more than a certain
928 * fraction of circuits through that guard fail to get built.
929 *
930 * The PathBiasCircThreshold option controls how many circuits we need to
931 * build through a guard before we make these checks. The
932 * PathBiasNoticeRate, PathBiasWarnRate and PathBiasExtremeRate options
933 * control what fraction of circuits must succeed through a guard so we
934 * won't write log messages. If less than PathBiasExtremeRate circuits
935 * succeed *and* PathBiasDropGuards is set to 1, we disable use of that
936 * guard.
937 *
938 * When we have seen more than PathBiasScaleThreshold circuits through a
939 * guard, we scale our observations by 0.5 (governed by the consensus) so
940 * that new observations don't get swamped by old ones.
941 *
942 * By default, or if a negative value is provided for one of these options,
943 * Tor uses reasonable defaults from the networkstatus consensus document.
944 * If no defaults are available there, these options default to 150, .70,
945 * .50, .30, 0, and 300 respectively.
946 */
948 double PathBiasNoticeRate;
949 double PathBiasWarnRate;
950 double PathBiasExtremeRate;
951 int PathBiasDropGuards;
952 int PathBiasScaleThreshold;
953 /** @} */
954
955 /**
956 * Parameters for path-bias use detection
957 * @{
958 * Similar to the above options, these options override the default behavior
959 * of Tor's (**currently experimental**) path use bias detection algorithm.
960 *
961 * Where as the path bias parameters govern thresholds for successfully
962 * building circuits, these four path use bias parameters govern thresholds
963 * only for circuit usage. Circuits which receive no stream usage are not
964 * counted by this detection algorithm. A used circuit is considered
965 * successful if it is capable of carrying streams or otherwise receiving
966 * well-formed responses to RELAY cells.
967 *
968 * By default, or if a negative value is provided for one of these options,
969 * Tor uses reasonable defaults from the networkstatus consensus document.
970 * If no defaults are available there, these options default to 20, .80,
971 * .60, and 100, respectively.
972 */
974 double PathBiasNoticeUseRate;
975 double PathBiasExtremeUseRate;
976 int PathBiasScaleUseThreshold;
977 /** @} */
978
979 int IPv6Exit; /**< Do we support exiting to IPv6 addresses? */
980
981 /** Fraction: */
983
984 /** What expiry time shall we place on our SSL certs? "0" means we
985 * should guess a suitable value. */
987
988 /** How long (seconds) do we keep a guard before picking a new one? */
990
991 /** Is this an exit node? This is a tristate, where "1" means "yes, and use
992 * the default exit policy if none is given" and "0" means "no; exit policy
993 * is 'reject *'" and "auto" (-1) means "same as 1, but warn the user."
994 *
995 * XXXX Eventually, the default will be 0. */
997
998 /** For how long (seconds) do we declare our signing keys to be valid? */
1000 /** For how long (seconds) do we declare our link keys to be valid? */
1002 /** For how long (seconds) do we declare our auth keys to be valid? */
1004
1005 /** How long before signing keys expire will we try to make a new one? */
1007 /** How long before link keys expire will we try to make a new one? */
1009 /** How long before auth keys expire will we try to make a new one? */
1011
1012 /** Force use of offline master key features: never generate a master
1013 * ed25519 identity key except from tor --keygen */
1015
1016 key_expiration_format_t key_expiration_format;
1017
1018 enum {
1019 FORCE_PASSPHRASE_AUTO=0,
1020 FORCE_PASSPHRASE_ON,
1021 FORCE_PASSPHRASE_OFF
1022 } keygen_force_passphrase;
1023 int use_keygen_passphrase_fd;
1024 int keygen_passphrase_fd;
1025 int change_key_passphrase;
1026 char *master_key_fname;
1027
1028 /** Autobool: Do we try to retain capabilities if we can? */
1030
1031 /** Maximum total size of unparseable descriptors to log during the
1032 * lifetime of this Tor process.
1033 */
1035
1036 /** If 1, we skip all OOS checks. */
1038
1039 /** Autobool: Should we include Ed25519 identities in extend2 cells?
1040 * If -1, we should do whatever the consensus parameter says. */
1042
1043 /** Bool (default: 0): Tells if a %include was used on torrc */
1045
1046 /** The seconds after expiration which we as a relay should keep old
1047 * consensuses around so that we can generate diffs from them. If 0,
1048 * use the default. */
1050
1051 /** Bool (default: 0). Tells Tor to never try to exec another program.
1052 */
1054
1055 /** Have the KIST scheduler run every X milliseconds. If less than zero, do
1056 * not use the KIST scheduler but use the old vanilla scheduler instead. If
1057 * zero, do what the consensus says and fall back to using KIST as if this is
1058 * set to "10 msec" if the consensus doesn't say anything. */
1060
1061 /** A multiplier for the KIST per-socket limit calculation. */
1063
1064 /** The list of scheduler type string ordered by priority that is first one
1065 * has to be tried first. Default: KIST,KISTLite,Vanilla */
1067 /** An ordered list of scheduler_types mapped from Schedulers. */
1069
1070 /** List of files that were opened by %include in torrc and torrc-defaults */
1072
1073 /** If true, Tor shouldn't install any posix signal handlers, since it is
1074 * running embedded inside another process.
1075 */
1077
1078 /** Interval: how long without activity does it take for a client
1079 * to become dormant?
1080 **/
1082
1083 /**
1084 * Boolean: If enabled, then we consider the timeout when deciding whether
1085 * to be dormant. If not enabled, then only the SIGNAL ACTIVE/DORMANT
1086 * controls can change our status.
1087 **/
1089
1090 /** Boolean: true if having an idle stream is sufficient to prevent a client
1091 * from becoming dormant.
1092 **/
1094
1095 /** Boolean: true if Tor should be dormant the first time it starts with
1096 * a datadirectory; false otherwise. */
1098 /**
1099 * Boolean: true if Tor should treat every startup event as cancelling
1100 * a possible previous dormant state.
1101 **/
1103
1104 /** List of policy allowed to query the Metrics port. */
1106
1107 /** How far must we be into the current bandwidth-measurement period to
1108 * report bandwidth observations from this period? */
1110
1111 /**
1112 * Configuration objects for individual modules.
1113 *
1114 * Never access this field or its members directly: instead, use the module
1115 * in question to get its relevant configuration object.
1116 */
1118};
1119
1120#endif /* !defined(TOR_OR_OPTIONS_ST_H) */
Headers for address.h.
Master header file for Tor-specific functionality.
dirinfo_type_t
Definition: or.h:789
tcp_proxy_protocol_t
Definition: or_options_st.h:52
@ TCP_PROXY_PROTOCOL_HAPROXY
Definition: or_options_st.h:54
outbound_addr_t
Definition: or_options_st.h:28
@ OUTBOUND_ADDR_OR
Definition: or_options_st.h:35
@ OUTBOUND_ADDR_EXIT
Definition: or_options_st.h:31
@ OUTBOUND_ADDR_ANY
Definition: or_options_st.h:45
@ OUTBOUND_ADDR_MAX
Definition: or_options_st.h:48
@ OUTBOUND_ADDR_PT
Definition: or_options_st.h:39
key_expiration_format_t
Definition: or_options_st.h:58
int TestingV3AuthInitialDistDelay
char * ExtORPortCookieAuthFile
struct smartlist_t * PublishServerDescriptor
struct config_line_t * ControlPort_lines
int TrackHostExitsExpire
int ExitPortStatistics
tor_addr_t Socks4ProxyAddr
int MaxCircuitDirtiness
int TestingClientDownloadInitialDelay
tor_addr_t HTTPProxyAddr
uint64_t MaxMemInQueues
int ClientBootstrapConsensusFallbackDownloadInitialDelay
int ReducedConnectionPadding
int AlwaysCongestionControl
int KISTSchedRunInterval
dirinfo_type_t PublishServerDescriptor_
struct config_line_t * MyFamily
struct config_line_t * NATDPort_lines
int DirReqStatistics_option
struct config_line_t * AuthDirInvalid
int GeoIPExcludeUnknown
char * ClientOnionAuthDir
uint64_t RelayBandwidthBurst
int ClientPreferIPv6DirPort
int VanguardsLiteEnabled
char * CacheDirectory
Definition: or_options_st.h:98
struct config_line_t * AlternateBridgeAuthority
tor_addr_t HTTPSProxyAddr
char * SyslogIdentityTag
Definition: or_options_st.h:79
uint16_t Socks4ProxyPort
int RefuseUnknownExits
int ConnLimit_high_thresh
int ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay
char * KeyDirectory
Definition: or_options_st.h:89
struct routerset_t * ExcludeExitNodes
int TestingBridgeBootstrapDownloadInitialDelay
int ShutdownWaitLength
int NumDirectoryGuards
int TestingEnableConnBwEvent
struct config_line_t * OutboundBindAddressExit
struct config_line_t * AuthDirReject
struct config_line_t * DNSPort_lines
int FetchServerDescriptors
char * BridgePassword_AuthDigest_
char * BridgePassword
struct config_line_t * ServerTransportOptions
int ExtORPortCookieAuthFileGroupReadable
char * HTTPSProxy
char * FamilyKeyDirectory_option
Definition: or_options_st.h:92
char * ContactInfo
uint64_t MaxMemInQueues_low_threshold
char * SafeLogging
char * command_arg
Definition: or_options_st.h:69
struct smartlist_t * RejectPlaintextPorts
int DisableSignalHandlers
char * ServerDNSResolvConfFile
int V3AuthNIntervalsValid
char * FamilyKeyDirectory
Definition: or_options_st.h:94
tor_addr_t TCPProxyAddr
struct config_line_t * Logs
Definition: or_options_st.h:71
int ExitPolicyRejectPrivate
struct config_line_t * ORPort_lines
struct routerset_t * ExcludeExitNodesUnion_
int TestingDirConnectionMaxStall
struct config_line_t * ServerTransportListenAddr
int ClientBootstrapConsensusMaxInProgressTries
int ConnLimit_low_thresh
char * BridgeDistribution
struct smartlist_t * ServerDNSTestAddresses
int TestingMinTimeToReportBandwidth
char * CookieAuthFile
struct smartlist_t * WarnPlaintextPorts
struct smartlist_t * TrackHostExits
int MaxConsensusAgeForDiffs
struct smartlist_t * FirewallPorts
int TestingClientMaxIntervalWithoutRequest
char * HTTPProxy
struct smartlist_t * Schedulers
tcp_proxy_protocol_t TCPProxyProtocol
int FetchDirInfoExtraEarly
uint64_t MaxUnparseableDescSizeToLog
struct config_line_t * ExtORPort_lines
struct config_line_t * ClientTransportPlugin
struct config_line_t * OutboundBindAddressPT
int AllowNonRFC953Hostnames
struct smartlist_t * SchedulerTypes_
char * TransProxyType
int V3AuthUseLegacyKey
uint64_t BandwidthRate
struct config_line_t * DirAuthorities
int FetchHidServDescriptors
struct config_line_t * Bridges
int DormantOnFirstStartup
int ServerDNSSearchDomains
int ControlSocketsGroupWritable
int LeaveStreamsUnattached
int TestingAuthKeyLifetime
uint64_t OwningControllerFD
double KISTSockBufSizeFactor
struct config_line_t * AuthDirMiddleOnly
int ExtraInfoStatistics
struct config_line_t * MetricsPort_lines
struct config_line_t * ControlSocket
int ServerDNSAllowBrokenConfig
int ClientBootstrapConsensusAuthorityDownloadInitialDelay
int TestingClientConsensusDownloadInitialDelay
uint64_t AccountingMax
struct config_line_t * OutboundBindAddress
int UpdateBridgesFromAuthority
int ClientRejectInternalAddresses
int DormantTimeoutEnabled
int OverloadStatistics
int UseDefaultFallbackDirs
char * DebugLogFile
Definition: or_options_st.h:81
struct config_suite_t * subconfigs_
struct config_line_t * AlternateDirAuthority
int DataDirectoryGroupReadable
Definition: or_options_st.h:85
int CacheDirectoryGroupReadable
Definition: or_options_st.h:99
struct config_line_t * MyFamily_lines
int KeyDirectoryGroupReadable
Definition: or_options_st.h:90
char * KeyDirectory_option
Definition: or_options_st.h:87
struct smartlist_t * NodeFamilySets
uint64_t ConstrainedSockSize
int AllDirActionsPrivate
struct config_line_t * AddressMap
int EnforceDistinctSubnets
struct smartlist_t * FilesOpenedByIncludes
int HiddenServiceStatistics_option
uint64_t PerConnBWBurst
char * GuardfractionFile
char * HTTPProxyAuthenticator
int CircuitBuildTimeout
int DormantTimeoutDisabledByIdleStreams
struct config_line_t * HashedControlPassword
int TokenBucketRefillInterval
char * GeoIPFile
int TestingServerConsensusDownloadInitialDelay
int LearnCircuitBuildTimeout
struct config_line_t * FallbackDir
char * V3BandwidthsFile
char * Socks5Proxy
bool AllFamilyIdsExpected
struct routerset_t * EntryNodes
int ReloadTorrcOnSIGHUP
int HiddenServiceStatistics
int TestingServerDownloadInitialDelay
struct config_line_t * ServerTransportPlugin
int TestingLinkCertLifetime
int UsingTestNetworkDefaults_
int UnixSocksGroupWritable
int KeepBindCapabilities
int ServerDNSRandomizeCase
struct config_line_t * NodeFamilies
int CookieAuthentication
int ServerDNSDetectHijacking
char * ControlPortWriteToFile
char * Socks4Proxy
int ConstrainedSockets
int SigningKeyLifetime
int FetchUselessDescriptors
struct config_line_t * MetricsPortPolicy
int ClientPreferIPv6ORPort
char * VirtualAddrNetworkIPv6
struct config_line_t * FamilyId_lines
int TestingV3AuthInitialVotingInterval
struct routerset_t * ExcludeNodes
struct config_line_t * SocksPolicy
char * OwningControllerProcess
struct config_line_t * ReachableORAddresses
char * Socks5ProxyUsername
double CircuitPriorityHalflife
struct config_line_t * HashedControlSessionPassword
char * Socks5ProxyPassword
int CookieAuthFileGroupReadable
int V3AuthoritativeDir
int ServerDNSAllowNonRFC953Hostnames
int CountPrivateBandwidth
int TestingEnableCellStatsEvent
struct routerset_t * ExitNodes
int TestingBridgeDownloadInitialDelay
tor_addr_t Socks5ProxyAddr
int AddressDisableIPv6
int DormantClientTimeout
struct config_line_t * ReachableDirAddresses
uint64_t RelayBandwidthRate
int MaxClientCircuitsPending
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
int PublishHidServDescriptors
int LogMessageDomains
Definition: or_options_st.h:75
struct routerset_t * HSLayer2Nodes
int ExitPolicyRejectLocalInterfaces
int BridgeRecordUsageByCountry
int ControlPortFileGroupReadable
int DisablePredictedCircuits
struct config_line_t * DirPolicy
char * DirPortFrontPage
char * CacheDirectory_option
Definition: or_options_st.h:96
uint16_t TCPProxyPort
int DirAllowPrivateAddresses
struct config_line_t * ExitPolicy
struct config_line_t * OutboundBindAddressOR
int TestingV3AuthInitialVoteDelay
int ReconfigDropsBridgeDescs
int CircuitsAvailableTimeout
struct config_line_t * Address
int TestingSigningKeySlop
uint16_t Socks5ProxyPort
uint64_t MaxAdvertisedBandwidth
int ReducedCircuitPadding
enum or_options_t::@2 TransProxyType_parsed
struct smartlist_t * AutomapHostsSuffixes
int ConnDirectionStatistics
char * VirtualAddrNetworkIPv4
int AssumeReachableIPv6
int AutomapHostsOnResolve
char * HTTPSProxyAuthenticator
int UseMicrodescriptors
int CircuitStreamTimeout
tor_cmdline_mode_t command
Definition: or_options_st.h:68
int DisableDebuggerAttachment
uint16_t HTTPProxyPort
char * AccountingRule_option
struct smartlist_t * FamilyIds
struct config_line_t * TransPort_lines
char * DataDirectory
Definition: or_options_st.h:84
struct smartlist_t * LongLivedPorts
int LogTimeGranularity
Definition: or_options_st.h:73
struct config_line_t * RendConfigLines
int CompiledProofOfWorkHash
struct config_line_t * ReachableAddresses
uint64_t PerConnBWRate
char * ConfluxClientUX_option
int HiddenServiceSingleHopMode
int V3AuthVotingInterval
int BridgeAuthoritativeDir
int DormantCanceledByStartup
char * AccountingStart
double PathsNeededToBuildCircuits
int UseEntryGuards_option
int ExtendAllowPrivateAddresses
int ReevaluateExitPolicy
struct config_line_t * HTTPTunnelPort_lines
int PathBiasCircThreshold
char * DataDirectory_option
Definition: or_options_st.h:82
struct config_line_t * DirPort_lines
int ClientDNSRejectInternalAddresses
struct routerset_t * MiddleNodes
struct config_line_t * SocksPort_lines
double DirAuthorityFallbackRate
int TestingV3AuthVotingStartOffset
int PathBiasUseThreshold
uint16_t HTTPSProxyPort
uint64_t BandwidthBurst
struct routerset_t * HSLayer3Nodes
struct config_line_t * AuthDirBadExit
Declare the tor_cmdline_mode_t enumeration.
tor_cmdline_mode_t
Integer definitions used throughout Tor.