64 #define CONFIG_PRIVATE
80 #include "core/or/dos.h"
130 #ifdef HAVE_SYS_STAT_H
131 #include <sys/stat.h>
133 #ifdef HAVE_SYS_PARAM_H
134 #include <sys/param.h>
162 # if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
166 # define __INCLUDE_LEVEL__ 2
168 #include <systemd/sd-daemon.h>
172 static const char unix_socket_prefix[] =
"unix:";
175 static const char unix_q_socket_prefix[] =
"unix:\"";
178 #define MIN_CONSTRAINED_TCP_BUFFER 2048
179 #define MAX_CONSTRAINED_TCP_BUFFER 262144
184 #define DOWNLOAD_SCHEDULE(name) \
185 { (#name "DownloadSchedule"), (#name "DownloadInitialDelay"), 0, 1 }
187 #define DOWNLOAD_SCHEDULE(name) { NULL, NULL, 0, 1 }
201 PLURAL(HiddenServiceNode),
202 PLURAL(HiddenServiceExcludeNode),
205 PLURAL(RecommendedPackage),
211 {
"AllowUnverifiedNodes",
"AllowInvalidNodes", 0, 0},
212 {
"AutomapHostSuffixes",
"AutomapHostsSuffixes", 0, 0},
213 {
"AutomapHostOnResolve",
"AutomapHostsOnResolve", 0, 0},
214 {
"BandwidthRateBytes",
"BandwidthRate", 0, 0},
215 {
"BandwidthBurstBytes",
"BandwidthBurst", 0, 0},
216 {
"DirFetchPostPeriod",
"StatusFetchPeriod", 0, 0},
217 {
"DirServer",
"DirAuthority", 0, 0},
218 {
"MaxConn",
"ConnLimit", 0, 1},
219 {
"MaxMemInCellQueues",
"MaxMemInQueues", 0, 0},
220 {
"ORBindAddress",
"ORListenAddress", 0, 0},
221 {
"DirBindAddress",
"DirListenAddress", 0, 0},
222 {
"SocksBindAddress",
"SocksListenAddress", 0, 0},
223 {
"UseHelperNodes",
"UseEntryGuards", 0, 0},
224 {
"NumHelperNodes",
"NumEntryGuards", 0, 0},
225 {
"UseEntryNodes",
"UseEntryGuards", 0, 0},
226 {
"NumEntryNodes",
"NumEntryGuards", 0, 0},
227 {
"ResolvConf",
"ServerDNSResolvConfFile", 0, 1},
228 {
"SearchDomains",
"ServerDNSSearchDomains", 0, 1},
229 {
"ServerDNSAllowBrokenResolvConf",
"ServerDNSAllowBrokenConfig", 0, 0},
230 {
"PreferTunnelledDirConns",
"PreferTunneledDirConns", 0, 0},
231 {
"BridgeAuthoritativeDirectory",
"BridgeAuthoritativeDir", 0, 0},
232 {
"HashedControlPassword",
"__HashedControlSessionPassword", 1, 0},
233 {
"VirtualAddrNetwork",
"VirtualAddrNetworkIPv4", 0, 0},
234 {
"SocksSocketsGroupWritable",
"UnixSocksGroupWritable", 0, 1},
235 {
"_HSLayer2Nodes",
"HSLayer2Nodes", 0, 1 },
236 {
"_HSLayer3Nodes",
"HSLayer3Nodes", 0, 1 },
259 #define VAR(varname,conftype,member,initvalue) \
260 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, 0, initvalue)
263 #define VAR_D(varname,conftype,member,initvalue) \
264 CONFIG_VAR_DEFN(or_options_t, varname, conftype, member, 0, initvalue)
266 #define VAR_NODUMP(varname,conftype,member,initvalue) \
267 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
268 CFLG_NODUMP, initvalue)
269 #define VAR_NODUMP_IMMUTABLE(varname,conftype,member,initvalue) \
270 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
271 CFLG_NODUMP | CFLG_IMMUTABLE, initvalue)
272 #define VAR_INVIS(varname,conftype,member,initvalue) \
273 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
274 CFLG_NODUMP | CFLG_NOSET | CFLG_NOLIST, initvalue)
276 #define V(member,conftype,initvalue) \
277 VAR(#member, conftype, member, initvalue)
279 #define VAR_IMMUTABLE(varname, conftype, member, initvalue) \
280 CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
281 CFLG_IMMUTABLE, initvalue)
283 #define V_IMMUTABLE(member,conftype,initvalue) \
284 VAR_IMMUTABLE(#member, conftype, member, initvalue)
287 #define V_D(member,type,initvalue) \
288 VAR_D(#member, type, member, initvalue)
291 #define OBSOLETE(varname) CONFIG_VAR_OBSOLETE(varname)
300 #define VPORT(member) \
301 VAR(#member "Lines", LINELIST_V, member ## _lines, NULL), \
302 VAR(#member, LINELIST_S, member ## _lines, NULL), \
303 VAR_NODUMP("__" #member, LINELIST_S, member ## _lines, NULL)
306 #define UINT64_MAX_STRING "18446744073709551615"
313 V(AccountingMax, MEMUNIT,
"0 bytes"),
314 VAR(
"AccountingRule", STRING, AccountingRule_option,
"max"),
315 V(AccountingStart, STRING, NULL),
316 V(Address, LINELIST, NULL),
317 V(AddressDisableIPv6, BOOL,
"0"),
320 V(AllowNonRFC953Hostnames, BOOL,
"0"),
323 V(AlternateBridgeAuthority, LINELIST, NULL),
324 V(AlternateDirAuthority, LINELIST, NULL),
326 V(AssumeReachable, BOOL,
"0"),
327 V(AssumeReachableIPv6, AUTOBOOL,
"auto"),
330 V(AuthDirBadExit, LINELIST, NULL),
331 V(AuthDirBadExitCCs, CSV,
""),
332 V(AuthDirInvalid, LINELIST, NULL),
333 V(AuthDirInvalidCCs, CSV,
""),
334 V(AuthDirReject, LINELIST, NULL),
335 V(AuthDirRejectCCs, CSV,
""),
338 OBSOLETE(
"AuthDirMaxServersPerAuthAddr"),
339 VAR(
"AuthoritativeDirectory", BOOL, AuthoritativeDir,
"0"),
340 V(AutomapHostsOnResolve, BOOL,
"0"),
341 V(AutomapHostsSuffixes, CSV,
".onion,.exit"),
342 V(AvoidDiskWrites, BOOL,
"0"),
343 V(BandwidthBurst, MEMUNIT,
"1 GB"),
344 V(BandwidthRate, MEMUNIT,
"1 GB"),
345 V(BridgeAuthoritativeDir, BOOL,
"0"),
346 VAR(
"Bridge", LINELIST, Bridges, NULL),
347 V(BridgePassword, STRING, NULL),
348 V(BridgeRecordUsageByCountry, BOOL,
"1"),
349 V(BridgeRelay, BOOL,
"0"),
350 V(BridgeDistribution, STRING, NULL),
351 VAR_IMMUTABLE(
"CacheDirectory",FILENAME, CacheDirectory_option, NULL),
352 V(CacheDirectoryGroupReadable, AUTOBOOL,
"auto"),
353 V(CellStatistics, BOOL,
"0"),
354 V(PaddingStatistics, BOOL,
"1"),
355 V(OverloadStatistics, BOOL,
"1"),
356 V(LearnCircuitBuildTimeout, BOOL,
"1"),
357 V(CircuitBuildTimeout, INTERVAL,
"0"),
359 V(CircuitsAvailableTimeout, INTERVAL,
"0"),
360 V(CircuitStreamTimeout, INTERVAL,
"0"),
361 V(CircuitPriorityHalflife, DOUBLE,
"-1.0"),
362 V(ClientDNSRejectInternalAddresses, BOOL,
"1"),
363 #if defined(HAVE_MODULE_RELAY) || defined(TOR_UNIT_TESTS)
365 V(ClientOnly, BOOL,
"0"),
368 V(ClientOnly, BOOL,
"1"),
370 V(ClientPreferIPv6ORPort, AUTOBOOL,
"auto"),
371 V(ClientPreferIPv6DirPort, AUTOBOOL,
"auto"),
373 V(ClientRejectInternalAddresses, BOOL,
"1"),
374 V(ClientTransportPlugin, LINELIST, NULL),
375 V(ClientUseIPv6, BOOL,
"0"),
376 V(ClientUseIPv4, BOOL,
"1"),
377 V(ConnLimit, POSINT,
"1000"),
378 V(ConnDirectionStatistics, BOOL,
"0"),
379 V(ConstrainedSockets, BOOL,
"0"),
380 V(ConstrainedSockSize, MEMUNIT,
"8192"),
381 V(ContactInfo, STRING, NULL),
384 V(ControlPortFileGroupReadable,BOOL,
"0"),
385 V(ControlPortWriteToFile, FILENAME, NULL),
386 V(ControlSocket, LINELIST, NULL),
387 V(ControlSocketsGroupWritable, BOOL,
"0"),
388 V(UnixSocksGroupWritable, BOOL,
"0"),
389 V(CookieAuthentication, BOOL,
"0"),
390 V(CookieAuthFileGroupReadable, BOOL,
"0"),
391 V(CookieAuthFile, FILENAME, NULL),
392 V(CountPrivateBandwidth, BOOL,
"0"),
393 VAR_IMMUTABLE(
"DataDirectory", FILENAME, DataDirectory_option, NULL),
394 V(DataDirectoryGroupReadable, BOOL,
"0"),
395 V(DisableOOSCheck, BOOL,
"1"),
396 V(DisableNetwork, BOOL,
"0"),
397 V(DirAllowPrivateAddresses, BOOL,
"0"),
399 V(DirPolicy, LINELIST, NULL),
401 V(DirPortFrontPage, FILENAME, NULL),
402 VAR(
"DirReqStatistics", BOOL, DirReqStatistics_option,
"1"),
403 VAR(
"DirAuthority", LINELIST, DirAuthorities, NULL),
404 #if defined(HAVE_MODULE_RELAY) || defined(TOR_UNIT_TESTS)
406 V(DirCache, BOOL,
"1"),
409 V(DirCache, BOOL,
"0"),
418 V(DirAuthorityFallbackRate, DOUBLE,
"0.1"),
419 V_IMMUTABLE(DisableAllSwap, BOOL,
"0"),
420 V_IMMUTABLE(DisableDebuggerAttachment, BOOL,
"1"),
422 OBSOLETE(
"DisableV2DirectoryInfo_"),
426 V(DormantClientTimeout, INTERVAL,
"24 hours"),
427 V(DormantTimeoutEnabled, BOOL,
"1"),
428 V(DormantTimeoutDisabledByIdleStreams, BOOL,
"1"),
429 V(DormantOnFirstStartup, BOOL,
"0"),
430 V(DormantCanceledByStartup, BOOL,
"0"),
431 V(DownloadExtraInfo, BOOL,
"0"),
432 V(TestingEnableConnBwEvent, BOOL,
"0"),
433 V(TestingEnableCellStatsEvent, BOOL,
"0"),
434 OBSOLETE(
"TestingEnableTbEmptyEvent"),
435 V(EnforceDistinctSubnets, BOOL,
"1"),
436 V_D(EntryNodes, ROUTERSET, NULL),
437 V(EntryStatistics, BOOL,
"0"),
438 OBSOLETE(
"TestingEstimatedDescriptorPropagationTime"),
439 V_D(ExcludeNodes, ROUTERSET, NULL),
440 V_D(ExcludeExitNodes, ROUTERSET, NULL),
442 V_D(ExitNodes, ROUTERSET, NULL),
446 V_D(MiddleNodes, ROUTERSET, NULL),
447 V(ExitPolicy, LINELIST, NULL),
448 V(ExitPolicyRejectPrivate, BOOL,
"1"),
449 V(ExitPolicyRejectLocalInterfaces, BOOL,
"0"),
450 V(ExitPortStatistics, BOOL,
"0"),
451 V(ExtendAllowPrivateAddresses, BOOL,
"0"),
452 V(ExitRelay, AUTOBOOL,
"auto"),
454 V(ExtORPortCookieAuthFile, FILENAME, NULL),
455 V(ExtORPortCookieAuthFileGroupReadable, BOOL,
"0"),
456 V(ExtraInfoStatistics, BOOL,
"1"),
457 V(ExtendByEd25519ID, AUTOBOOL,
"auto"),
458 V(FallbackDir, LINELIST, NULL),
460 V(UseDefaultFallbackDirs, BOOL,
"1"),
462 OBSOLETE(
"FallbackNetworkstatusFile"),
463 V(FascistFirewall, BOOL,
"0"),
464 V(FirewallPorts, CSV,
""),
466 V(FetchDirInfoEarly, BOOL,
"0"),
467 V(FetchDirInfoExtraEarly, BOOL,
"0"),
468 V(FetchServerDescriptors, BOOL,
"1"),
469 V(FetchHidServDescriptors, BOOL,
"1"),
470 V(FetchUselessDescriptors, BOOL,
"0"),
472 V(GeoIPExcludeUnknown, AUTOBOOL,
"auto"),
474 V(GeoIPFile, FILENAME,
"<default>"),
475 V(GeoIPv6File, FILENAME,
"<default>"),
477 V(GeoIPFile, FILENAME,
478 SHARE_DATADIR PATH_SEPARATOR
"tor" PATH_SEPARATOR
"geoip"),
479 V(GeoIPv6File, FILENAME,
480 SHARE_DATADIR PATH_SEPARATOR
"tor" PATH_SEPARATOR
"geoip6"),
483 V(GuardLifetime, INTERVAL,
"0 minutes"),
484 V(HeartbeatPeriod, INTERVAL,
"6 hours"),
485 V(MainloopStats, BOOL,
"0"),
486 V(HashedControlPassword, LINELIST, NULL),
488 OBSOLETE(
"HiddenServiceAuthorizeClient"),
490 VAR(
"HiddenServiceDir", LINELIST_S, RendConfigLines, NULL),
491 VAR(
"HiddenServiceDirGroupReadable", LINELIST_S, RendConfigLines, NULL),
492 VAR(
"HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL),
493 VAR(
"HiddenServicePort", LINELIST_S, RendConfigLines, NULL),
494 VAR(
"HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL),
495 VAR(
"HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
496 VAR(
"HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
497 VAR(
"HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
498 VAR(
"HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
499 VAR(
"HiddenServiceExportCircuitID", LINELIST_S, RendConfigLines, NULL),
500 VAR(
"HiddenServiceEnableIntroDoSDefense", LINELIST_S, RendConfigLines, NULL),
501 VAR(
"HiddenServiceEnableIntroDoSRatePerSec",
502 LINELIST_S, RendConfigLines, NULL),
503 VAR(
"HiddenServiceEnableIntroDoSBurstPerSec",
504 LINELIST_S, RendConfigLines, NULL),
505 VAR(
"HiddenServiceOnionBalanceInstance",
506 LINELIST_S, RendConfigLines, NULL),
507 VAR(
"HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option,
"1"),
508 V(ClientOnionAuthDir, FILENAME, NULL),
509 OBSOLETE(
"CloseHSClientCircuitsImmediatelyOnTimeout"),
510 OBSOLETE(
"CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
511 V_IMMUTABLE(HiddenServiceSingleHopMode, BOOL,
"0"),
512 V_IMMUTABLE(HiddenServiceNonAnonymousMode,BOOL,
"0"),
513 V(HTTPProxy, STRING, NULL),
514 V(HTTPProxyAuthenticator, STRING, NULL),
515 V(HTTPSProxy, STRING, NULL),
516 V(HTTPSProxyAuthenticator, STRING, NULL),
517 VPORT(HTTPTunnelPort),
518 V(IPv6Exit, BOOL,
"0"),
519 VAR(
"ServerTransportPlugin", LINELIST, ServerTransportPlugin, NULL),
520 V(ServerTransportListenAddr, LINELIST, NULL),
521 V(ServerTransportOptions, LINELIST, NULL),
522 V(SigningKeyLifetime, INTERVAL,
"30 days"),
523 V(Socks4Proxy, STRING, NULL),
524 V(Socks5Proxy, STRING, NULL),
525 V(Socks5ProxyUsername, STRING, NULL),
526 V(Socks5ProxyPassword, STRING, NULL),
527 V(TCPProxy, STRING, NULL),
528 VAR_IMMUTABLE(
"KeyDirectory", FILENAME, KeyDirectory_option, NULL),
529 V(KeyDirectoryGroupReadable, AUTOBOOL,
"auto"),
530 VAR_D(
"HSLayer2Nodes", ROUTERSET, HSLayer2Nodes, NULL),
531 VAR_D(
"HSLayer3Nodes", ROUTERSET, HSLayer3Nodes, NULL),
532 V(KeepalivePeriod, INTERVAL,
"5 minutes"),
533 V_IMMUTABLE(KeepBindCapabilities, AUTOBOOL,
"auto"),
534 VAR(
"Log", LINELIST, Logs, NULL),
535 V(LogMessageDomains, BOOL,
"0"),
536 V(LogTimeGranularity, MSEC_INTERVAL,
"1 second"),
537 V(TruncateLogFile, BOOL,
"0"),
538 V_IMMUTABLE(SyslogIdentityTag, STRING, NULL),
540 V(LongLivedPorts, CSV,
541 "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
542 VAR(
"MapAddress", LINELIST, AddressMap, NULL),
543 V(MaxAdvertisedBandwidth, MEMUNIT,
"1 GB"),
544 V(MaxCircuitDirtiness, INTERVAL,
"10 minutes"),
545 V(MaxClientCircuitsPending, POSINT,
"32"),
546 V(MaxConsensusAgeForDiffs, INTERVAL,
"0 seconds"),
547 VAR(
"MaxMemInQueues", MEMUNIT, MaxMemInQueues_raw,
"0"),
549 V(MaxOnionQueueDelay, MSEC_INTERVAL,
"1750 msec"),
550 V(MaxUnparseableDescSizeToLog, MEMUNIT,
"10 MB"),
552 V(MetricsPortPolicy, LINELIST, NULL),
553 VAR(
"MyFamily", LINELIST, MyFamily_lines, NULL),
554 V(NewCircuitPeriod, INTERVAL,
"30 seconds"),
555 OBSOLETE(
"NamingAuthoritativeDirectory"),
558 V(Nickname, STRING, NULL),
559 OBSOLETE(
"PredictedPortsRelevanceTime"),
561 VAR(
"NodeFamily", LINELIST, NodeFamilies, NULL),
562 V_IMMUTABLE(NoExec, BOOL,
"0"),
563 V(NumCPUs, POSINT,
"0"),
564 V(NumDirectoryGuards, POSINT,
"0"),
565 V(NumEntryGuards, POSINT,
"0"),
566 V(NumPrimaryGuards, POSINT,
"0"),
567 V(OfflineMasterKey, BOOL,
"0"),
570 V(OutboundBindAddress, LINELIST, NULL),
571 V(OutboundBindAddressOR, LINELIST, NULL),
572 V(OutboundBindAddressExit, LINELIST, NULL),
573 V(OutboundBindAddressPT, LINELIST, NULL),
576 V(PathBiasCircThreshold, INT,
"-1"),
577 V(PathBiasNoticeRate, DOUBLE,
"-1"),
578 V(PathBiasWarnRate, DOUBLE,
"-1"),
579 V(PathBiasExtremeRate, DOUBLE,
"-1"),
580 V(PathBiasScaleThreshold, INT,
"-1"),
583 V(PathBiasDropGuards, AUTOBOOL,
"0"),
586 V(PathBiasUseThreshold, INT,
"-1"),
587 V(PathBiasNoticeUseRate, DOUBLE,
"-1"),
588 V(PathBiasExtremeUseRate, DOUBLE,
"-1"),
589 V(PathBiasScaleUseThreshold, INT,
"-1"),
591 V(PathsNeededToBuildCircuits, DOUBLE,
"-1"),
592 V(PerConnBWBurst, MEMUNIT,
"0"),
593 V(PerConnBWRate, MEMUNIT,
"0"),
594 V_IMMUTABLE(PidFile, FILENAME, NULL),
595 V_IMMUTABLE(TestingTorNetwork, BOOL,
"0"),
597 V(TestingLinkCertLifetime, INTERVAL,
"2 days"),
598 V(TestingAuthKeyLifetime, INTERVAL,
"2 days"),
599 V(TestingLinkKeySlop, INTERVAL,
"3 hours"),
600 V(TestingAuthKeySlop, INTERVAL,
"3 hours"),
601 V(TestingSigningKeySlop, INTERVAL,
"1 day"),
607 V(ProtocolWarnings, BOOL,
"0"),
608 V(PublishServerDescriptor, CSV,
"1"),
609 V(PublishHidServDescriptors, BOOL,
"1"),
610 V(ReachableAddresses, LINELIST, NULL),
611 V(ReachableDirAddresses, LINELIST, NULL),
612 V(ReachableORAddresses, LINELIST, NULL),
614 V(ReducedConnectionPadding, BOOL,
"0"),
615 V(ConnectionPadding, AUTOBOOL,
"auto"),
616 V(RefuseUnknownExits, AUTOBOOL,
"auto"),
617 V(CircuitPadding, BOOL,
"1"),
618 V(ReducedCircuitPadding, BOOL,
"0"),
619 V(RejectPlaintextPorts, CSV,
""),
620 V(RelayBandwidthBurst, MEMUNIT,
"0"),
621 V(RelayBandwidthRate, MEMUNIT,
"0"),
622 V(RendPostPeriod, INTERVAL,
"1 hour"),
623 V(RephistTrackTime, INTERVAL,
"24 hours"),
624 V_IMMUTABLE(RunAsDaemon, BOOL,
"0"),
625 V(ReducedExitPolicy, BOOL,
"0"),
627 V_IMMUTABLE(Sandbox, BOOL,
"0"),
628 V(SafeLogging, STRING,
"1"),
629 V(SafeSocks, BOOL,
"0"),
630 V(ServerDNSAllowBrokenConfig, BOOL,
"1"),
631 V(ServerDNSAllowNonRFC953Hostnames, BOOL,
"0"),
632 V(ServerDNSDetectHijacking, BOOL,
"1"),
633 V(ServerDNSRandomizeCase, BOOL,
"1"),
634 V(ServerDNSResolvConfFile, FILENAME, NULL),
635 V(ServerDNSSearchDomains, BOOL,
"0"),
636 V(ServerDNSTestAddresses, CSV,
637 "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
638 OBSOLETE(
"SchedulerLowWaterMark__"),
639 OBSOLETE(
"SchedulerHighWaterMark__"),
640 OBSOLETE(
"SchedulerMaxFlushCells__"),
641 V(KISTSchedRunInterval, MSEC_INTERVAL,
"0 msec"),
642 V(KISTSockBufSizeFactor, DOUBLE,
"1.0"),
643 V(Schedulers, CSV,
"KIST,KISTLite,Vanilla"),
644 V(ShutdownWaitLength, INTERVAL,
"30 seconds"),
646 V(SocksPolicy, LINELIST, NULL),
648 V(SocksTimeout, INTERVAL,
"2 minutes"),
649 V(SSLKeyLifetime, INTERVAL,
"0"),
652 V(StrictNodes, BOOL,
"0"),
653 OBSOLETE(
"Support022HiddenServices"),
654 V(TestSocks, BOOL,
"0"),
655 V_IMMUTABLE(TokenBucketRefillInterval, MSEC_INTERVAL,
"100 msec"),
657 OBSOLETE(
"Tor2webRendezvousPoints"),
659 V(TrackHostExits, CSV, NULL),
660 V(TrackHostExitsExpire, INTERVAL,
"30 minutes"),
663 V(TransProxyType, STRING,
"default"),
665 V(UpdateBridgesFromAuthority, BOOL,
"0"),
666 V(UseBridges, BOOL,
"0"),
667 VAR(
"UseEntryGuards", BOOL, UseEntryGuards_option,
"1"),
668 OBSOLETE(
"UseEntryGuardsAsDirGuards"),
669 V(UseGuardFraction, AUTOBOOL,
"auto"),
670 V(UseMicrodescriptors, AUTOBOOL,
"auto"),
672 V_IMMUTABLE(User, STRING, NULL),
674 OBSOLETE(
"V1AuthoritativeDirectory"),
675 OBSOLETE(
"V2AuthoritativeDirectory"),
676 VAR(
"V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,
"0"),
677 V(TestingV3AuthInitialVotingInterval, INTERVAL,
"30 minutes"),
678 V(TestingV3AuthInitialVoteDelay, INTERVAL,
"5 minutes"),
679 V(TestingV3AuthInitialDistDelay, INTERVAL,
"5 minutes"),
680 V(TestingV3AuthVotingStartOffset, INTERVAL,
"0"),
681 V(V3AuthVotingInterval, INTERVAL,
"1 hour"),
682 V(V3AuthVoteDelay, INTERVAL,
"5 minutes"),
683 V(V3AuthDistDelay, INTERVAL,
"5 minutes"),
684 V(V3AuthNIntervalsValid, POSINT,
"3"),
685 V(V3AuthUseLegacyKey, BOOL,
"0"),
686 V(V3BandwidthsFile, FILENAME, NULL),
687 V(GuardfractionFile, FILENAME, NULL),
688 OBSOLETE(
"VoteOnHidServDirectoriesV2"),
689 V(VirtualAddrNetworkIPv4, STRING,
"127.192.0.0/10"),
690 V(VirtualAddrNetworkIPv6, STRING,
"[FE80::]/10"),
691 V(WarnPlaintextPorts, CSV,
"23,109,110,143"),
692 OBSOLETE(
"UseFilteringSSLBufferevents"),
693 OBSOLETE(
"__UseFilteringSSLBufferevents"),
694 VAR_NODUMP(
"__ReloadTorrcOnSIGHUP", BOOL, ReloadTorrcOnSIGHUP,
"1"),
695 VAR_NODUMP(
"__AllDirActionsPrivate", BOOL, AllDirActionsPrivate,
"0"),
696 VAR_NODUMP(
"__DisablePredictedCircuits",BOOL,DisablePredictedCircuits,
"0"),
697 VAR_NODUMP_IMMUTABLE(
"__DisableSignalHandlers", BOOL,
698 DisableSignalHandlers,
"0"),
699 VAR_NODUMP(
"__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached,
"0"),
700 VAR_NODUMP(
"__HashedControlSessionPassword", LINELIST,
701 HashedControlSessionPassword,
703 VAR_NODUMP(
"__OwningControllerProcess",STRING,
704 OwningControllerProcess, NULL),
705 VAR_NODUMP_IMMUTABLE(
"__OwningControllerFD", UINT64, OwningControllerFD,
707 V(TestingServerDownloadInitialDelay, CSV_INTERVAL,
"0"),
708 V(TestingClientDownloadInitialDelay, CSV_INTERVAL,
"0"),
709 V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL,
"0"),
710 V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL,
"0"),
726 V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL,
"6"),
727 V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL,
"0"),
729 V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
735 V(ClientBootstrapConsensusMaxInProgressTries, POSINT,
"3"),
738 V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,
"10800"),
743 V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL,
"0"),
744 V(TestingClientMaxIntervalWithoutRequest, INTERVAL,
"10 minutes"),
745 V(TestingDirConnectionMaxStall, INTERVAL,
"5 minutes"),
746 OBSOLETE(
"TestingConsensusMaxDownloadTries"),
747 OBSOLETE(
"ClientBootstrapConsensusMaxDownloadTries"),
748 OBSOLETE(
"ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
749 OBSOLETE(
"TestingDescriptorMaxDownloadTries"),
750 OBSOLETE(
"TestingMicrodescMaxDownloadTries"),
751 OBSOLETE(
"TestingCertMaxDownloadTries"),
752 VAR_INVIS(
"___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_,
761 #include "auth_dirs.inc"
771 #include "fallback_dirs.inc"
778 static const struct {
783 #include "testnet.inc"
794 {
"HTTPProxy",
"It only applies to direct unencrypted HTTP connections "
795 "to your directory server, which your Tor probably wasn't using." },
796 {
"HTTPProxyAuthenticator",
"HTTPProxy is deprecated in favor of HTTPSProxy "
797 "which should be used with HTTPSProxyAuthenticator." },
801 {
"ReachableDirAddresses",
"It has no effect on relays, and has had no "
802 "effect on clients since 0.2.8." },
803 {
"ClientPreferIPv6DirPort",
"It has no effect on relays, and has had no "
804 "effect on clients since 0.2.8." },
808 {
"ClientAutoIPv6ORPort",
"This option is unreliable if a connection isn't "
809 "reliably dual-stack."},
816 static char *get_windows_conf_root(
void);
827 static int opt_streq(
const char *s1,
const char *s2);
845 #define OR_OPTIONS_MAGIC 9090909
856 .deprecations = option_deprecation_notes_,
861 .has_config_suite =
true,
862 .config_suite_offset = offsetof(
or_options_t, subconfigs_),
895 if (PREDICT_UNLIKELY(options_mgr == NULL)) {
904 #define CHECK_OPTIONS_MAGIC(opt) STMT_BEGIN \
905 config_check_toplevel_magic(get_options_mgr(), (opt)); \
943 next = &(*next)->next;
970 "Acting on config options left us in a broken state. Dying.");
982 config_free_lines(changes);
986 or_options_free(old_options);
1002 CHECK_OPTIONS_MAGIC(opts);
1008 rs, routerset_free(rs));
1024 tor_free(options->master_key_fname);
1025 config_free_lines(options->
MyFamily);
1062 config_mgr_free(options_mgr);
1079 if (options->SafeLogging_ == SAFELOG_SCRUB_ALL)
1080 return "[scrubbed]";
1100 if (options->SafeLogging_ != SAFELOG_SCRUB_NONE)
1101 return "[scrubbed]";
1112 if (
get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
1113 return "[scrubbed]";
1124 if (
get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
1125 return "[scrubbed]";
1190 log_err(
LD_BUG,
"Couldn't parse internal DirAuthority line %s",
1204 log_err(
LD_BUG,
"Couldn't parse internal FallbackDir line %s",
1223 "You cannot set both DirAuthority and Alternate*Authority.");
1237 "You have used DirAuthority or AlternateDirAuthority to "
1238 "specify alternate directory authorities in "
1239 "your configuration. This is potentially dangerous: it can "
1240 "make you look different from all other Tor users, and hurt "
1241 "your anonymity. Even if you've specified the same "
1242 "authorities as Tor uses by default, the defaults could "
1243 "change in the future. Be sure you know what you're doing.");
1257 for (cl = options->
FallbackDir; cl; cl = cl->next)
1271 int need_to_update =
1272 !smartlist_len(router_get_trusted_dir_servers()) ||
1273 !smartlist_len(router_get_fallback_dir_servers()) || !old_options ||
1282 if (!need_to_update)
1312 if (type != NO_DIRINFO)
1325 for (cl = options->
FallbackDir; cl; cl = cl->next)
1339 const char *directory,
1344 cpd_check_t cpd_opts = create ? CPD_CREATE : CPD_CHECK;
1346 cpd_opts |= CPD_GROUP_READ;
1351 "Couldn't %s private data directory \"%s\"",
1352 create ?
"create" :
"access",
1358 if (group_readable) {
1360 if (chmod(directory, 0750)) {
1361 log_warn(
LD_FS,
"Unable to make %s group-readable: %s",
1362 directory, strerror(errno));
1380 cpd_opts |= CPD_GROUP_READ;
1382 log_err(
LD_OR,
"Can't create/check datadirectory %s",
1395 static int have_low_ports = -1;
1424 sd_notifyf(0,
"MAINPID=%ld\n", (
long int)getpid());
1432 control_initialize_event_queue();
1446 *msg_out = tor_strdup(
"DisableAllSwap failure. Do you have proper "
1465 if (options->
User) {
1467 unsigned switch_id_flags = 0;
1477 *msg_out = tor_strdup(
"Problem with User value. See logs for details.");
1497 if (subdir_gr != -1) {
1503 if (0 == strcmp(subdir, datadir)) {
1545 key_dir_group_readable,
1559 cache_dir_group_readable,
1602 if (! running_tor) {
1611 *msg_out = tor_strdup(
"Problem with ConnLimit value. "
1612 "See logs for details.");
1625 if (
parse_ports(options, 0, msg_out, &n_ports, NULL)) {
1627 *msg_out = tor_strdup(
"Unexpected problem parsing port config");
1642 *msg_out = tor_strdup(
"Failed to bind one of the listener ports.");
1648 log_notice(
LD_NET,
"DisableNetwork is set. Tor will not make or accept "
1649 "non-control network connections. Shutting down all existing "
1656 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
1658 if (options->TransPort_set &&
1660 if (get_pf_socket() < 0) {
1661 *msg_out = tor_strdup(
"Unable to open /dev/pf for transparent proxy.");
1695 int socks_in_reserve = options->
ConnLimit_ / 20;
1696 if (socks_in_reserve > 64) socks_in_reserve = 64;
1701 "Recomputed OOS thresholds: ConnLimit %d, ConnLimit_ %d, "
1702 "ConnLimit_high_thresh %d, ConnLimit_low_thresh %d",
1732 log_notice(LD_NET,
"Closing partially-constructed %s",
1733 connection_describe(conn));
1734 connection_close_immediate(conn);
1735 connection_mark_for_close(conn);
1781 old_options->SafeLogging_ != options->SafeLogging_;
1790 *msg_out = tor_strdup(
"Failed to init Log options. See logs for details.");
1828 const char *badness = NULL;
1829 int bad_safelog = 0, bad_severity = 0, new_badness = 0;
1830 if (options->SafeLogging_ != SAFELOG_SCRUB_ALL) {
1840 if (bad_safelog && bad_severity)
1841 badness =
"you disabled SafeLogging, and "
1842 "you're logging more than \"notice\"";
1843 else if (bad_safelog)
1844 badness =
"you disabled SafeLogging";
1846 badness =
"you're logging more than \"notice\"";
1848 log_warn(
LD_GENERAL,
"Your log may contain sensitive information - %s. "
1849 "Don't log unless it serves an important reason. "
1850 "Overwrite the log afterwards.", badness);
1912 if (listener_transaction == NULL)
1932 if (log_transaction == NULL)
1961 int routerset_usage =
1970 if (routerset_usage && reason_out) {
1971 *reason_out =
"We've been configured to use (or avoid) nodes in certain "
1972 "countries, and we need GEOIP information to figure out which ones they "
1974 }
else if (bridge_usage && reason_out) {
1975 *reason_out =
"We've been configured to see which countries can access "
1976 "us as a bridge, and we need GEOIP information to tell which countries "
1979 return bridge_usage || routerset_usage;
1983 #define YES_IF_CHANGED_BOOL(opt) \
1984 if (!CFG_EQ_BOOL(old_options, new_options, opt)) return 1;
1985 #define YES_IF_CHANGED_INT(opt) \
1986 if (!CFG_EQ_INT(old_options, new_options, opt)) return 1;
1987 #define YES_IF_CHANGED_STRING(opt) \
1988 if (!CFG_EQ_STRING(old_options, new_options, opt)) return 1;
1989 #define YES_IF_CHANGED_LINELIST(opt) \
1990 if (!CFG_EQ_LINELIST(old_options, new_options, opt)) return 1;
1991 #define YES_IF_CHANGED_SMARTLIST(opt) \
1992 if (!CFG_EQ_SMARTLIST(old_options, new_options, opt)) return 1;
1993 #define YES_IF_CHANGED_ROUTERSET(opt) \
1994 if (!CFG_EQ_ROUTERSET(old_options, new_options, opt)) return 1;
2009 YES_IF_CHANGED_BOOL(UseEntryGuards);
2010 YES_IF_CHANGED_BOOL(UseBridges);
2011 YES_IF_CHANGED_BOOL(ClientUseIPv4);
2012 YES_IF_CHANGED_BOOL(ClientUseIPv6);
2013 YES_IF_CHANGED_BOOL(FascistFirewall);
2014 YES_IF_CHANGED_ROUTERSET(ExcludeNodes);
2015 YES_IF_CHANGED_ROUTERSET(EntryNodes);
2016 YES_IF_CHANGED_SMARTLIST(FirewallPorts);
2017 YES_IF_CHANGED_LINELIST(Bridges);
2018 YES_IF_CHANGED_LINELIST(ReachableORAddresses);
2019 YES_IF_CHANGED_LINELIST(ReachableDirAddresses);
2041 const int transition_affects_guards =
2051 static int disabled_debugger_attach = 0;
2054 static int warned_debugger_attach = 0;
2060 if (warned_debugger_attach && ok == 1) {
2061 log_notice(
LD_CONFIG,
"Disabled attaching debuggers for unprivileged "
2065 disabled_debugger_attach = (ok == 1);
2067 !warned_debugger_attach) {
2068 log_notice(
LD_CONFIG,
"Not disabling debugger attaching for "
2069 "unprivileged users.");
2070 warned_debugger_attach = 1;
2093 if (hs_service_non_anonymous_mode_enabled(options)) {
2094 log_warn(
LD_GENERAL,
"This copy of Tor was compiled or configured to run "
2095 "in a non-anonymous mode. It will provide NO ANONYMITY.");
2101 log_warn(
LD_BUG,
"Failed parsing previously validated outbound "
2102 "bind addresses: %s", msg);
2110 for (cl = options->
Bridges; cl; cl = cl->next) {
2115 "Previously validated Bridge line could not be added!");
2127 "Previously validated hidden services line could not be added!");
2134 log_warn(
LD_BUG,
"Previously validated client authorization for "
2135 "hidden services could not be added!");
2140 if (running_tor && !old_options &&
2142 const unsigned ctrl_flags =
2143 CC_LOCAL_FD_IS_OWNER |
2144 CC_LOCAL_FD_IS_AUTHENTICATED;
2147 log_warn(
LD_CONFIG,
"Could not add local controller connection with "
2170 "Previously validated ClientTransportPlugin line "
2171 "could not be added!");
2209 log_err(
LD_CONFIG,
"Unable to write PIDFile %s",
2223 log_warn(
LD_BUG,
"Error parsing already-validated policy options.");
2228 log_warn(
LD_CONFIG,
"Error creating control cookie authentication file.");
2236 log_warn(
LD_GENERAL,
"Error loading rendezvous service keys");
2254 char *http_authenticator;
2256 if (!http_authenticator) {
2258 log_warn(
LD_BUG,
"Unable to allocate HTTP authenticator. Not setting "
2264 http_authenticator, strlen(http_authenticator),
2285 int revise_trackexithosts = 0;
2286 int revise_automap_entries = 0;
2287 int abandon_circuits = 0;
2304 "Changed to using entry guards or bridges, or changed "
2305 "preferred or excluded node lists. "
2306 "Abandoning previous circuits.");
2307 abandon_circuits = 1;
2310 if (transition_affects_guards) {
2312 abandon_circuits = 1;
2316 if (abandon_circuits) {
2319 revise_trackexithosts = 1;
2324 revise_trackexithosts = 1;
2326 if (revise_trackexithosts)
2331 revise_automap_entries = 1;
2335 revise_automap_entries = 1;
2340 revise_automap_entries = 1;
2343 if (revise_automap_entries)
2381 bool print_notice = 0;
2432 static const struct {
2444 { .name=
"--torrc-file",
2447 { .name=
"--allow-missing-torrc" },
2448 { .name=
"--defaults-torrc",
2450 { .name=
"--hash-password",
2454 { .name=
"--dump-config",
2458 { .name=
"--list-fingerprint",
2463 { .name=
"--key-expiration",
2468 { .name=
"--newpass" },
2469 { .name=
"--no-passphrase" },
2470 { .name=
"--passphrase-fd",
2472 { .name=
"--verify-config",
2474 { .name=
"--ignore-missing-torrc" },
2479 { .name=
"--version",
2482 { .name=
"--list-modules",
2485 { .name=
"--library-versions",
2492 { .name=
"--list-torrc-options",
2495 { .name=
"--list-deprecated-options",
2497 { .name=
"--nt-service" },
2498 { .name=
"-nt-service" },
2499 { .name=
"--dbg-dump-subsystem-list",
2530 bool is_a_command =
false;
2539 is_a_command =
true;
2560 }
else if (*s ==
'/') {
2567 const int is_last = (i == argc-1);
2570 if (ignore_errors) {
2571 arg = tor_strdup(
"");
2573 log_warn(
LD_CONFIG,
"Command-line option '%s' with no value. Failing.",
2575 parsed_cmdline_free(result);
2580 (is_last || argv[i+1][0] ==
'-')) {
2581 arg = tor_strdup(
"");
2589 param->key = is_cmdline ? tor_strdup(argv[i]) :
2594 log_debug(
LD_CONFIG,
"command line: parsed keyword '%s', value '%s'",
2595 param->key, param->value);
2602 *new_cmdline = param;
2603 new_cmdline = &((*new_cmdline)->next);
2606 new = &((*new)->next);
2609 i += want_arg ? 2 : 1;
2665 list, flags, msg)) < 0) {
2666 or_options_free(trial_options);
2679 "Copyright (c) 2001-2004, Roger Dingledine\n"
2680 "Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n"
2681 "Copyright (c) 2007-2021, The Tor Project, Inc.\n\n"
2682 "tor -f <torrc> [args]\n"
2683 "See man page for options, or https://www.torproject.org/ for "
2684 "documentation.\n");
2700 printf(
"%s\n", var->member.name);
2701 } SMARTLIST_FOREACH_END(var);
2702 smartlist_free(vars);
2713 printf(
"%s\n",
name));
2714 smartlist_free(deps);
2721 printf(
"%s: %s\n",
"relay", have_module_relay() ?
"yes" :
"no");
2722 printf(
"%s: %s\n",
"dirauth", have_module_dirauth() ?
"yes" :
"no");
2733 printf(
"Library versions\tCompiled\t\tRuntime\n");
2734 printf(
"Libevent\t\t%-15s\t\t%s\n",
2737 #ifdef ENABLE_OPENSSL
2738 printf(
"OpenSSL \t\t%-15s\t\t%s\n",
2739 crypto_openssl_get_header_version_str(),
2740 crypto_openssl_get_version_str());
2743 printf(
"NSS \t\t%-15s\t\t%s\n",
2744 crypto_nss_get_header_version_str(),
2745 crypto_nss_get_version_str());
2748 printf(
"Zlib \t\t%-15s\t\t%s\n",
2753 printf(
"Liblzma \t\t%-15s\t\t%s\n",
2758 printf(
"Libzstd \t\t%-15s\t\t%s\n",
2763 printf(
"%-7s \t\t%-15s\t\t%s\n",
2779 log_err(
LD_CONFIG,
"--no-passphrase specified without --keygen!");
2790 const char *formats[] = {
"iso8601",
"timestamp" };
2793 if (!strcmp(value, formats[i])) {
2807 log_err(
LD_CONFIG,
"--format specified without --key-expiration!");
2820 log_err(
LD_CONFIG,
"--newpass specified without --keygen!");
2829 if (
get_options()->keygen_force_passphrase == FORCE_PASSPHRASE_OFF) {
2830 log_err(
LD_CONFIG,
"--no-passphrase specified with --passphrase-fd!");
2833 log_err(
LD_CONFIG,
"--passphrase-fd specified without --keygen!");
2838 if (fd < 0 || ok == 0) {
2854 log_err(
LD_CONFIG,
"--master-key without --keygen!");
2865 using_default_dir_authorities(
const or_options_t *options)
2889 log_err(
LD_BUG,
"Unable to set default options: %s", msg);
2891 tor_assert_unreached();
2893 config_free_lines(dflts);
2906 switch (how_to_dump) {
2907 case OPTIONS_DUMP_MINIMAL:
2911 case OPTIONS_DUMP_ALL:
2912 use_defaults = NULL;
2916 log_warn(
LD_BUG,
"Bogus value for how_to_dump==%d", how_to_dump);
2938 if (i < 1 || i > 65535) {
2953 if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
2958 if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
2961 ROUTER_MAX_DECLARED_BANDWIDTH);
2969 #define MIN_REND_POST_PERIOD (10*60)
2970 #define MIN_REND_POST_PERIOD_TESTING (5)
2975 #define MAX_CIRCS_AVAILABLE_TIME (24*60*60)
2978 #define MAX_DIR_PERIOD ((7*24*60*60)/2)
2982 #define MIN_MAX_CIRCUIT_DIRTINESS 10
2986 #define MAX_MAX_CIRCUIT_DIRTINESS (30*24*60*60)
2990 #define MIN_CIRCUIT_STREAM_TIMEOUT 10
2997 #define RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT (10)
3018 if (vs == VSTAT_TRANSITION_ERR) {
3019 rv = SETOPT_ERR_TRANSITION;
3021 }
else if (vs < 0) {
3022 rv = SETOPT_ERR_PARSE;
3028 rv = SETOPT_ERR_SETTING;
3036 tor_assert(new_options == NULL || rv != SETOPT_OK);
3037 or_options_free(new_options);
3041 #ifdef TOR_UNIT_TESTS
3057 return vs < 0 ? -1 : 0;
3061 #define REJECT(arg) \
3062 STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
3063 #if defined(__GNUC__) && __GNUC__ <= 3
3064 #define COMPLAIN(args...) \
3065 STMT_BEGIN log_warn(LD_CONFIG, args); STMT_END
3067 #define COMPLAIN(args, ...) \
3068 STMT_BEGIN log_warn(LD_CONFIG, args, ##__VA_ARGS__); STMT_END
3081 const char *filepath)
3085 COMPLAIN(
"Path for %s (%s) is relative and will resolve to %s."
3086 " Is this what you wanted?", option, filepath, abs_path);
3110 const char *
name = cv->member.name;
3114 config_free_lines(line);
3115 } SMARTLIST_FOREACH_END(cv);
3116 smartlist_free(vars);
3119 hs_line = hs_line->next) {
3120 if (!strcasecmp(hs_line->key,
"HiddenServiceDir"))
3133 options_validate_scheduler(
or_options_t *options,
char **msg)
3139 REJECT(
"Empty Schedulers list. Either remove the option so the defaults "
3140 "can be used or set at least one value.");
3150 if (!strcasecmp(
"KISTLite", type)) {
3151 sched_type = tor_malloc_zero(
sizeof(
int));
3152 *sched_type = SCHEDULER_KIST_LITE;
3154 }
else if (!strcasecmp(
"KIST", type)) {
3155 sched_type = tor_malloc_zero(
sizeof(
int));
3156 *sched_type = SCHEDULER_KIST;
3158 }
else if (!strcasecmp(
"Vanilla", type)) {
3159 sched_type = tor_malloc_zero(
sizeof(
int));
3160 *sched_type = SCHEDULER_VANILLA;
3163 tor_asprintf(msg,
"Unknown type %s in option Schedulers. "
3164 "Possible values are KIST, KISTLite and Vanilla.",
3168 } SMARTLIST_FOREACH_END(type);
3171 REJECT(
"KISTSockBufSizeFactor must be at least 0");
3177 tor_asprintf(msg,
"KISTSchedRunInterval must not be more than %d (ms)",
3178 KIST_SCHED_RUN_INTERVAL_MAX);
3190 options_validate_single_onion(
or_options_t *options,
char **msg)
3194 !options->HiddenServiceNonAnonymousMode) {
3195 REJECT(
"HiddenServiceSingleHopMode does not provide any server anonymity. "
3196 "It must be used with HiddenServiceNonAnonymousMode set to 1.");
3198 if (options->HiddenServiceNonAnonymousMode &&
3200 REJECT(
"HiddenServiceNonAnonymousMode does not provide any server "
3201 "anonymity. It must be used with HiddenServiceSingleHopMode set to "
3210 const int client_port_set = (options->SocksPort_set ||
3211 options->TransPort_set ||
3212 options->NATDPort_set ||
3213 options->DNSPort_set ||
3214 options->HTTPTunnelPort_set);
3215 if (hs_service_non_anonymous_mode_enabled(options) && client_port_set) {
3216 REJECT(
"HiddenServiceNonAnonymousMode is incompatible with using Tor as "
3217 "an anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or "
3218 "revert HiddenServiceNonAnonymousMode to 0.");
3221 if (hs_service_allow_non_anonymous_connection(options)
3231 "HiddenServiceSingleHopMode is enabled; disabling "
3247 CHECK_OPTIONS_MAGIC(old_options_);
3248 CHECK_OPTIONS_MAGIC(options_);
3254 int world_writable_control_socket=0;
3260 &world_writable_control_socket) < 0)
3263 #ifndef HAVE_SYS_UN_H
3265 *msg = tor_strdup(
"Unix domain sockets (ControlSocket) not supported "
3266 "on this OS/with this build.");
3271 *msg = tor_strdup(
"Setting ControlSocketsGroupWritable without setting "
3272 "a ControlSocket makes no sense.");
3291 REJECT(
"Invalid DataDirectory");
3296 REJECT(
"You have specified at least one relative path (see above) "
3297 "with the RunAsDaemon option. RunAsDaemon is not compatible "
3298 "with relative paths.");
3309 REJECT(
"Failed to validate Log options. See logs for details.");
3315 "SocksPort, TransPort, NATDPort, DNSPort, and ORPort are all "
3316 "undefined, and there aren't any hidden services configured. "
3317 "Tor will still run, but probably won't do anything.");
3320 #ifdef USE_TRANSPARENT
3325 #if !defined(OpenBSD) && !defined(DARWIN)
3327 REJECT(
"pf-divert is a OpenBSD-specific "
3328 "and OS X/Darwin-specific feature.");
3333 #if !defined(__linux__)
3334 REJECT(
"TPROXY is a Linux-specific feature.");
3339 #ifndef KERNEL_MAY_SUPPORT_IPFW
3341 REJECT(
"ipfw is a FreeBSD-specific "
3342 "and OS X/Darwin-specific feature.");
3347 REJECT(
"Unrecognized value for TransProxyType");
3351 !options->TransPort_set) {
3352 REJECT(
"Cannot use TransProxyType without any valid TransPort.");
3356 if (options->TransPort_set)
3357 REJECT(
"TransPort is disabled in this build.");
3362 REJECT(
"TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
3366 REJECT(
"Cannot set AssumeReachable 1 and AssumeReachableIPv6 0.");
3388 COMPLAIN(
"You have asked to exclude certain relays from all positions "
3389 "in your circuits. Expect hidden services and other Tor "
3390 "features to be broken in unpredictable ways.");
3397 REJECT(
"FetchDirInfoExtraEarly requires that you also set "
3398 "FetchDirInfoEarly");
3402 "ConnLimit must be greater than 0, but was set to %d",
3409 log_warn(
LD_CONFIG,
"PathsNeededToBuildCircuits is too low. Increasing "
3413 log_warn(
LD_CONFIG,
"PathsNeededToBuildCircuits is too high. Decreasing "
3422 "MaxClientCircuitsPending must be between 1 and %d, but "
3423 "was set to %d", MAX_MAX_CLIENT_CIRCUITS_PENDING,
3435 "RejectPlaintextPorts", msg) < 0)
3439 "WarnPlaintextPorts", msg) < 0)
3449 new_line->key = tor_strdup(
"ReachableAddresses");
3454 int p = atoi(portno);
3456 smartlist_add_asprintf(instead,
"*:%d", p);
3461 "Converting FascistFirewall and FirewallPorts "
3462 "config options to new format: \"ReachableAddresses %s\"",
3466 smartlist_free(instead);
3472 new_line->key = tor_strdup(
"ReachableDirAddresses");
3473 new_line->value = tor_strdup(
"*:80");
3475 log_notice(
LD_CONFIG,
"Converting FascistFirewall config option "
3476 "to new format: \"ReachableDirAddresses *:80\"");
3480 new_line->key = tor_strdup(
"ReachableORAddresses");
3481 new_line->value = tor_strdup(
"*:443");
3483 log_notice(
LD_CONFIG,
"Converting FascistFirewall config option "
3484 "to new format: \"ReachableORAddresses *:443\"");
3494 REJECT(
"Servers must be able to freely connect to the rest "
3495 "of the Internet, so they must not set Reachable*Addresses "
3496 "or FascistFirewall or FirewallPorts or ClientUseIPv4 0.");
3500 REJECT(
"Servers must be able to freely connect to the rest "
3501 "of the Internet, so they must not set UseBridges.");
3507 REJECT(
"You cannot set both UseBridges and EntryNodes.");
3512 REJECT(
"Setting UseBridges requires also setting UseEntryGuards.");
3515 compute_real_max_mem_in_queues(options->MaxMemInQueues_raw,
3521 options->SafeLogging_ = SAFELOG_SCRUB_NONE;
3522 }
else if (!strcasecmp(options->
SafeLogging,
"relay")) {
3523 options->SafeLogging_ = SAFELOG_SCRUB_RELAY;
3524 }
else if (!strcasecmp(options->
SafeLogging,
"1")) {
3525 options->SafeLogging_ = SAFELOG_SCRUB_ALL;
3528 "Unrecognized value '%s' in SafeLogging",
3539 const int min_rendpostperiod =
3543 log_warn(
LD_CONFIG,
"RendPostPeriod option is too short; "
3544 "raising to %d seconds.", min_rendpostperiod);
3549 log_warn(
LD_CONFIG,
"RendPostPeriod is too large; clipping to %ds.",
3555 if (options_validate_single_onion(options, msg) < 0)
3562 REJECT(
"CircuitsAvailableTimeout is too large. Max is 24 hours.");
3566 REJECT(
"If EntryNodes is set, UseEntryGuards must be enabled.");
3571 !hs_service_allow_non_anonymous_connection(options)) {
3573 "UseEntryGuards is disabled, but you have configured one or more "
3574 "hidden services on this Tor instance. Your hidden services "
3575 "will be very easy to locate using a well-known attack -- see "
3576 "https://freehaven.net/anonbib/#hs-attack06 for details.");
3581 REJECT(
"NumEntryGuards must not be greater than NumPrimaryGuards.");
3589 "You have one single EntryNodes and at least one hidden service "
3590 "configured. This is bad because it's very easy to locate your "
3591 "entry guard which can then lead to the deanonymization of your "
3592 "hidden service -- for more details, see "
3593 "https://bugs.torproject.org/tpo/core/tor/14917. "
3594 "For this reason, the use of one EntryNodes with an hidden "
3595 "service is prohibited until a better solution is found.");
3605 "EntryNodes is set with multiple entries and at least one "
3606 "hidden service is configured. Pinning entry nodes can possibly "
3607 "be harmful to the service anonymity. Because of this, we "
3608 "recommend you either don't do that or make sure you know what "
3609 "you are doing. For more details, please look at "
3610 "https://bugs.torproject.org/tpo/core/tor/21155.");
3614 if (hs_service_non_anonymous_mode_enabled(options)) {
3616 "HiddenServiceNonAnonymousMode is set. Every hidden service on "
3617 "this tor instance is NON-ANONYMOUS. If "
3618 "the HiddenServiceNonAnonymousMode option is changed, Tor will "
3619 "refuse to launch hidden services from the same directories, to "
3620 "protect your anonymity against config errors. This setting is "
3621 "for experimental use only.");
3627 "CircuitBuildTimeout is shorter (%d seconds) than the recommended "
3628 "minimum (%d seconds), and LearnCircuitBuildTimeout is disabled. "
3629 "If tor isn't working, raise this value or enable "
3630 "LearnCircuitBuildTimeout.",
3641 log_fn(severity,
LD_CONFIG,
"You disabled LearnCircuitBuildTimeout, but "
3642 "didn't specify a CircuitBuildTimeout. I'll pick a plausible "
3647 REJECT(
"DormantClientTimeout is too low. It must be at least 10 minutes.");
3650 if (options->PathBiasNoticeRate > 1.0) {
3652 "PathBiasNoticeRate is too high. "
3653 "It must be between 0 and 1.0");
3656 if (options->PathBiasWarnRate > 1.0) {
3658 "PathBiasWarnRate is too high. "
3659 "It must be between 0 and 1.0");
3662 if (options->PathBiasExtremeRate > 1.0) {
3664 "PathBiasExtremeRate is too high. "
3665 "It must be between 0 and 1.0");
3668 if (options->PathBiasNoticeUseRate > 1.0) {
3670 "PathBiasNoticeUseRate is too high. "
3671 "It must be between 0 and 1.0");
3674 if (options->PathBiasExtremeUseRate > 1.0) {
3676 "PathBiasExtremeUseRate is too high. "
3677 "It must be between 0 and 1.0");
3682 log_warn(
LD_CONFIG,
"MaxCircuitDirtiness option is too short; "
3688 log_warn(
LD_CONFIG,
"MaxCircuitDirtiness option is too high; "
3695 log_warn(
LD_CONFIG,
"CircuitStreamTimeout option is too short; "
3703 log_warn(
LD_CONFIG,
"HeartbeatPeriod option is too short; "
3709 REJECT(
"KeepalivePeriod option must be positive.");
3712 "BandwidthRate", msg) < 0)
3715 "BandwidthBurst", msg) < 0)
3722 REJECT(
"BandwidthBurst must be at least equal to BandwidthRate.");
3733 REJECT(
"HTTPProxy failed to parse or resolve. Please fix.");
3741 REJECT(
"HTTPProxyAuthenticator is too long (>= 512 chars).");
3747 REJECT(
"HTTPSProxy failed to parse or resolve. Please fix.");
3755 REJECT(
"HTTPSProxyAuthenticator is too long (>= 512 chars).");
3762 REJECT(
"Socks4Proxy failed to parse or resolve. Please fix.");
3772 REJECT(
"Socks5Proxy failed to parse or resolve. Please fix.");
3788 REJECT(
"You have configured more than one proxy type. "
3789 "(Socks4Proxy|Socks5Proxy|HTTPSProxy|TCPProxy)");
3796 log_warn(
LD_CONFIG,
"HTTPProxy configured, but no SOCKS proxy, "
3797 "HTTPS proxy, or any other TCP proxy configured. Watch out: "
3798 "this configuration will proxy unencrypted directory "
3799 "connections only.");
3807 REJECT(
"Socks5ProxyUsername must be between 1 and 255 characters.");
3810 REJECT(
"Socks5ProxyPassword must be included with Socks5ProxyUsername.");
3814 REJECT(
"Socks5ProxyPassword must be between 1 and 255 characters.");
3816 REJECT(
"Socks5ProxyPassword must be included with Socks5ProxyUsername.");
3821 REJECT(
"Bad HashedControlPassword: wrong length or bad encoding");
3832 REJECT(
"Bad HashedControlSessionPassword: wrong length or bad encoding");
3840 const char *validate_pspec_msg = NULL;
3842 &validate_pspec_msg)) {
3844 validate_pspec_msg);
3849 if ((options->ControlPort_set || world_writable_control_socket) &&
3853 log_warn(
LD_CONFIG,
"Control%s is %s, but no authentication method "
3854 "has been configured. This means that any program on your "
3855 "computer can reconfigure your Tor. That's bad! You should "
3856 "upgrade your Tor controller as soon as possible.",
3857 options->ControlPort_set ?
"Port" :
"Socket",
3858 options->ControlPort_set ?
"open" :
"world writable");
3862 log_warn(
LD_CONFIG,
"CookieAuthFileGroupReadable is set, but will have "
3863 "no effect: you must specify an explicit CookieAuthFile to "
3864 "have it group-readable.");
3881 log_info(
LD_CONFIG,
"You have set UseDefaultFallbackDirs 1 and "
3882 "FallbackDir(s). Ignoring UseDefaultFallbackDirs, and "
3883 "using the FallbackDir(s) you have set.");
3887 REJECT(
"Directory authority/fallback line did not parse. See logs "
3891 REJECT(
"If you set UseBridges, you must specify at least one bridge.");
3893 for (cl = options->
Bridges; cl; cl = cl->next) {
3896 REJECT(
"Bridge line did not parse. See logs for details.");
3897 bridge_line_free(bridge_line);
3902 REJECT(
"Invalid client transport line. See logs for details.");
3915 "ConstrainedSockSize is invalid. Must be a value between %d and %d "
3916 "in 1024 byte increments.",
3917 MIN_CONSTRAINED_TCP_BUFFER, MAX_CONSTRAINED_TCP_BUFFER);
3926 REJECT(
"Failed to configure rendezvous options. See logs for details.");
3930 REJECT(
"Failed to configure client authorization for hidden services. "
3931 "See logs for details.");
3937 AF_INET6, 1, msg)<0)
3944 REJECT(
"TestingTorNetwork may only be configured in combination with "
3945 "a non-default set of DirAuthority or both of "
3946 "AlternateDirAuthority and AlternateBridgeAuthority configured.");
3949 #define CHECK_DEFAULT(arg) \
3951 if (!config_is_same(get_options_mgr(),options, \
3952 dflt_options,#arg)) { \
3953 or_options_free(dflt_options); \
3954 REJECT(#arg " may only be changed in testing Tor " \
3965 CHECK_DEFAULT(TestingV3AuthInitialVotingInterval);
3966 CHECK_DEFAULT(TestingV3AuthInitialVoteDelay);
3967 CHECK_DEFAULT(TestingV3AuthInitialDistDelay);
3968 CHECK_DEFAULT(TestingV3AuthVotingStartOffset);
3969 CHECK_DEFAULT(TestingAuthDirTimeToLearnReachability);
3970 CHECK_DEFAULT(TestingServerDownloadInitialDelay);
3971 CHECK_DEFAULT(TestingClientDownloadInitialDelay);
3972 CHECK_DEFAULT(TestingServerConsensusDownloadInitialDelay);
3973 CHECK_DEFAULT(TestingClientConsensusDownloadInitialDelay);
3974 CHECK_DEFAULT(TestingBridgeDownloadInitialDelay);
3975 CHECK_DEFAULT(TestingBridgeBootstrapDownloadInitialDelay);
3976 CHECK_DEFAULT(TestingClientMaxIntervalWithoutRequest);
3977 CHECK_DEFAULT(TestingDirConnectionMaxStall);
3978 CHECK_DEFAULT(TestingAuthKeyLifetime);
3979 CHECK_DEFAULT(TestingLinkCertLifetime);
3980 CHECK_DEFAULT(TestingSigningKeySlop);
3981 CHECK_DEFAULT(TestingAuthKeySlop);
3982 CHECK_DEFAULT(TestingLinkKeySlop);
3983 or_options_free(dflt_options);
3985 #undef CHECK_DEFAULT
3990 REJECT(
"ClientDNSRejectInternalAddresses used for default network.");
3998 REJECT(
"TestingClientMaxIntervalWithoutRequest is way too low.");
4000 COMPLAIN(
"TestingClientMaxIntervalWithoutRequest is insanely high.");
4004 REJECT(
"TestingDirConnectionMaxStall is way too low.");
4006 COMPLAIN(
"TestingDirConnectionMaxStall is insanely high.");
4010 REJECT(
"ClientBootstrapConsensusMaxInProgressTries must be greater "
4014 COMPLAIN(
"ClientBootstrapConsensusMaxInProgressTries is insanely "
4020 REJECT(
"TestingEnableConnBwEvent may only be changed in testing "
4026 REJECT(
"TestingEnableCellStatsEvent may only be changed in testing "
4031 log_warn(
LD_CONFIG,
"TestingTorNetwork is set. This will make your node "
4032 "almost unusable in the public Tor network, and is "
4033 "therefore only advised if you are building a "
4034 "testing Tor network!");
4037 if (options_validate_scheduler(options, msg) < 0) {
4051 compute_real_max_mem_in_queues(
const uint64_t val,
bool is_server)
4053 #define MIN_SERVER_MB 64
4054 #define MIN_UNWARNED_SERVER_MB 256
4055 #define MIN_UNWARNED_CLIENT_MB 64
4059 #define ONE_GIGABYTE (UINT64_C(1) << 30)
4060 #define ONE_MEGABYTE (UINT64_C(1) << 20)
4063 static int notice_sent = 0;
4067 #if SIZEOF_VOID_P >= 8
4069 result = 8 * ONE_GIGABYTE;
4072 result = ONE_GIGABYTE;
4078 #if SIZEOF_SIZE_T > 4
4080 #define RAM_IS_VERY_LARGE(x) ((x) >= (8 * ONE_GIGABYTE))
4083 #define RAM_IS_VERY_LARGE(x) (0)
4086 if (RAM_IS_VERY_LARGE(ram)) {
4093 avail = (ram / 5) * 2;
4098 avail = (ram / 4) * 3;
4107 }
else if (avail < ONE_GIGABYTE / 4) {
4108 result = ONE_GIGABYTE / 4;
4113 if (is_server && ! notice_sent) {
4114 log_notice(
LD_CONFIG,
"%sMaxMemInQueues is set to %"PRIu64
" MB. "
4115 "You can override this by setting MaxMemInQueues by hand.",
4116 ram ?
"Based on detected system memory, " :
"",
4117 (result / ONE_MEGABYTE));
4121 }
else if (is_server && val < ONE_MEGABYTE * MIN_SERVER_MB) {
4123 log_warn(
LD_CONFIG,
"MaxMemInQueues must be at least %d MB on servers "
4124 "for now. Ideally, have it as large as you can afford.",
4126 return MIN_SERVER_MB * ONE_MEGABYTE;
4127 }
else if (is_server && val < ONE_MEGABYTE * MIN_UNWARNED_SERVER_MB) {
4130 log_warn(
LD_CONFIG,
"MaxMemInQueues is set to a low value; if your "
4131 "relay doesn't work, this may be the reason why.");
4133 }
else if (! is_server && val < ONE_MEGABYTE * MIN_UNWARNED_CLIENT_MB) {
4136 log_warn(
LD_CONFIG,
"MaxMemInQueues is set to a low value; if your "
4137 "client doesn't work, this may be the reason why.");
4156 const void *new_val_,
4159 CHECK_OPTIONS_MAGIC(old_);
4160 CHECK_OPTIONS_MAGIC(new_val_);
4168 #define BAD_CHANGE_TO(opt, how) do { \
4169 *msg = tor_strdup("While Tor is running"how", changing " #opt \
4170 " is not allowed"); \
4175 #define SB_NOCHANGE_STR(opt) \
4176 if (! CFG_EQ_STRING(old, new_val, opt)) \
4177 BAD_CHANGE_TO(opt," with Sandbox active")
4178 #define SB_NOCHANGE_LINELIST(opt) \
4179 if (! CFG_EQ_LINELIST(old, new_val, opt)) \
4180 BAD_CHANGE_TO(opt," with Sandbox active")
4181 #define SB_NOCHANGE_INT(opt) \
4182 if (! CFG_EQ_INT(old, new_val, opt)) \
4183 BAD_CHANGE_TO(opt," with Sandbox active")
4185 SB_NOCHANGE_LINELIST(Address);
4186 SB_NOCHANGE_STR(ServerDNSResolvConfFile);
4187 SB_NOCHANGE_STR(DirPortFrontPage);
4188 SB_NOCHANGE_STR(CookieAuthFile);
4189 SB_NOCHANGE_STR(ExtORPortCookieAuthFile);
4190 SB_NOCHANGE_LINELIST(Logs);
4191 SB_NOCHANGE_INT(ConnLimit);
4194 *msg = tor_strdup(
"Can't start/stop being a server while "
4195 "Sandbox is active");
4200 #undef SB_NOCHANGE_LINELIST
4201 #undef SB_NOCHANGE_STR
4202 #undef SB_NOCHANGE_INT
4203 #undef BAD_CHANGE_TO
4204 #undef NO_CHANGE_BOOL
4205 #undef NO_CHANGE_INT
4206 #undef NO_CHANGE_STRING
4214 get_windows_conf_root(
void)
4216 static int is_set = 0;
4217 static char path[MAX_PATH*2+1];
4218 TCHAR tpath[MAX_PATH] = {0};
4230 #ifdef ENABLE_LOCAL_APPDATA
4231 #define APPDATA_PATH CSIDL_LOCAL_APPDATA
4233 #define APPDATA_PATH CSIDL_APPDATA
4235 if (!SUCCEEDED(SHGetSpecialFolderLocation(NULL, APPDATA_PATH, &idl))) {
4236 getcwd(path,MAX_PATH);
4239 "I couldn't find your application data folder: are you "
4240 "running an ancient version of Windows 95? Defaulting to \"%s\"",
4245 result = SHGetPathFromIDList(idl, tpath);
4247 wcstombs(path,tpath,
sizeof(path));
4248 path[
sizeof(path)-1] =
'\0';
4250 strlcpy(path,tpath,
sizeof(path));
4257 m->lpVtbl->Free(m, idl);
4258 m->lpVtbl->Release(m);
4260 if (!SUCCEEDED(result)) {
4263 strlcat(path,
"\\tor",MAX_PATH);
4274 #ifdef DISABLE_SYSTEM_TORRC
4275 (void) defaults_file;
4277 #elif defined(_WIN32)
4278 if (defaults_file) {
4279 static char defaults_path[MAX_PATH+1];
4280 tor_snprintf(defaults_path, MAX_PATH,
"%s\\torrc-defaults",
4281 get_windows_conf_root());
4282 return defaults_path;
4284 static char path[MAX_PATH+1];
4286 get_windows_conf_root());
4290 return defaults_file ? CONFDIR
"/torrc-defaults" : CONFDIR
"/torrc";
4308 int *using_default_fname,
int *ignore_missing_torrc)
4312 const char *fname_opt = defaults_file ?
"--defaults-torrc" :
"-f";
4313 const char *fname_long_opt = defaults_file ?
"--defaults-torrc" :
4315 const char *ignore_opt = defaults_file ? NULL :
"--ignore-missing-torrc";
4316 const char *keygen_opt =
"--keygen";
4319 *ignore_missing_torrc = 1;
4321 for (p_index = cmd_arg; p_index; p_index = p_index->next) {
4323 if (!strcmp(p_index->key, fname_opt) ||
4324 !strcmp(p_index->key, fname_long_opt)) {
4326 log_warn(
LD_CONFIG,
"Duplicate %s options on command line.",
4339 *using_default_fname = 0;
4340 }
else if ((ignore_opt && !strcmp(p_index->key, ignore_opt)) ||
4341 (keygen_opt && !strcmp(p_index->key, keygen_opt))) {
4342 *ignore_missing_torrc = 1;
4346 if (*using_default_fname) {
4350 if (dflt && (st == FN_FILE || st == FN_EMPTY)) {
4351 fname = tor_strdup(dflt);
4355 if (!defaults_file) {
4360 if (hmst == FN_FILE || hmst == FN_EMPTY || dflt == NULL) {
4364 fname = tor_strdup(dflt);
4367 fname = dflt ? tor_strdup(dflt) : NULL;
4370 fname = dflt ? tor_strdup(dflt) : NULL;
4400 int using_default_torrc = 1;
4401 int ignore_missing_torrc = 0;
4404 if (*fname_var == NULL) {
4406 &using_default_torrc, &ignore_missing_torrc);
4412 log_debug(
LD_CONFIG,
"Opening config file \"%s\"", fname?fname:
"<NULL>");
4416 if (fname == NULL ||
4417 !(st == FN_FILE || st == FN_EMPTY) ||
4418 !(cf = read_file_to_str(fname,0,NULL))) {
4419 if (using_default_torrc == 1 || ignore_missing_torrc) {
4421 log_notice(
LD_CONFIG,
"Configuration file \"%s\" not present, "
4422 "using reasonable defaults.", fname);
4425 cf = tor_strdup(
"");
4428 "Unable to open configuration file \"%s\".", fname);
4432 log_notice(
LD_CONFIG,
"Read configuration file \"%s\".", fname);
4450 char *cf=NULL, *cf_defaults=NULL;
4488 printf(
"Tor is running on %s with Libevent %s, "
4489 "%s %s, Zlib %s, Liblzma %s, Libzstd %s and %s %s as libc.\n",
4503 printf(
"Tor compiled with %s version %s\n",
4504 strcmp(COMPILER_VENDOR,
"gnu") == 0?
4505 COMPILER:COMPILER_VENDOR, COMPILER_VERSION);
4526 cf_defaults = tor_strdup(
"");
4527 cf = tor_strdup(
"");
4533 if (f_line && f_line_long) {
4534 log_err(
LD_CONFIG,
"-f and --torrc-file cannot be used together.");
4537 }
else if (f_line_long) {
4538 f_line = f_line_long;
4541 const int read_torrc_from_stdin =
4542 (f_line != NULL && strcmp(f_line->value,
"-") == 0);
4544 if (read_torrc_from_stdin) {
4552 cf = tor_strdup(
"");
4580 KEY_EXPIRATION_FORMAT_ISO8601;
4615 return retval < 0 ? -1 : 0;
4629 int command,
const char *command_arg,
4633 or_options_t *oldoptions, *newoptions, *newdefaultoptions=NULL;
4637 int cf_has_include = 0;
4646 newoptions->
command_arg = command_arg ? tor_strdup(command_arg) : NULL;
4649 for (
int i = 0; i < 2; ++i) {
4650 const char *body = i==0 ? cf_defaults : cf;
4656 body == cf ? &cf_has_include : NULL,
4659 err = SETOPT_ERR_PARSE;
4664 config_free_lines(cl);
4666 err = SETOPT_ERR_PARSE;
4673 if (newdefaultoptions == NULL) {
4688 err = SETOPT_ERR_PARSE;
4694 opened_files = NULL;
4720 smartlist_free(opened_files);
4722 or_options_free(newdefaultoptions);
4723 or_options_free(newoptions);
4725 char *old_msg = *msg;
4726 tor_asprintf(msg,
"Failed to parse/validate config: %s", old_msg);
4756 const char *from, *to, *msg;
4760 for (opt = options->
AddressMap; opt; opt = opt->next) {
4762 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
4763 if (smartlist_len(elts) < 2) {
4764 log_warn(
LD_CONFIG,
"MapAddress '%s' has too few arguments. Ignoring.",
4769 from = smartlist_get(elts,0);
4770 to = smartlist_get(elts,1);
4772 if (to[0] ==
'.' || from[0] ==
'.') {
4773 log_warn(
LD_CONFIG,
"MapAddress '%s' is ambiguous - address starts with a"
4774 "'.'. Ignoring.",opt->value);
4779 log_warn(
LD_CONFIG,
"MapAddress '%s' failed: %s. Ignoring.", opt->value,
4784 if (smartlist_len(elts) > 2)
4785 log_warn(
LD_CONFIG,
"Ignoring extra arguments to MapAddress.");
4791 smartlist_free(elts);
4803 int from_wildcard = 0, to_wildcard = 0;
4805 *msg =
"whoops, forgot the error message";
4807 if (!strcmp(to,
"*") || !strcmp(from,
"*")) {
4808 *msg =
"can't remap from or to *";
4812 if (!strncmp(from,
"*.",2)) {
4816 if (!strncmp(to,
"*.",2)) {
4821 if (to_wildcard && !from_wildcard) {
4822 *msg =
"can only use wildcard (i.e. '*.') if 'from' address "
4823 "uses wildcard also";
4828 *msg =
"destination is invalid";
4833 from_wildcard, to_wildcard, 0);
4843 const char *filename,
int truncate_log)
4845 int open_flags = O_WRONLY|O_CREAT;
4846 open_flags |= truncate_log ? O_TRUNC : O_APPEND;
4865 log_warn(
LD_CONFIG,
"Log time granularity '%d' has to be positive.",
4871 if (granularity < 40) {
4873 while (1000 % granularity != 0);
4874 }
else if (granularity < 1000) {
4875 granularity = 1000 / granularity;
4876 while (1000 % granularity != 0)
4878 granularity = 1000 / granularity;
4880 granularity = 1000 * ((granularity / 1000) + 1);
4882 log_warn(
LD_CONFIG,
"Log time granularity '%d' has to be either a "
4883 "divisor or a multiple of 1 second. Changing to "
4919 if (options->
Logs == NULL && !run_as_daemon && !validate_only) {
4925 for (opt = options->
Logs; opt; opt = opt->next) {
4927 const char *cfg = opt->value;
4930 log_warn(
LD_CONFIG,
"Couldn't parse log levels in Log option 'Log %s'",
4932 ok = 0;
goto cleanup;
4936 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
4938 if (smartlist_len(elts) == 0)
4941 if (smartlist_len(elts) == 1 &&
4942 (!strcasecmp(smartlist_get(elts,0),
"stdout") ||
4943 !strcasecmp(smartlist_get(elts,0),
"stderr"))) {
4944 int err = smartlist_len(elts) &&
4945 !strcasecmp(smartlist_get(elts,0),
"stderr");
4946 if (!validate_only) {
4947 if (run_as_daemon) {
4949 "Can't log to %s with RunAsDaemon set; skipping stdout",
4950 err?
"stderr":
"stdout");
4953 fileno(err?stderr:stdout));
4958 if (smartlist_len(elts) == 1) {
4959 if (!strcasecmp(smartlist_get(elts,0),
"syslog")) {
4960 #ifdef HAVE_SYSLOG_H
4961 if (!validate_only) {
4965 log_warn(
LD_CONFIG,
"Syslog is not supported on this system. Sorry.");
4972 if (!strcasecmp(smartlist_get(elts, 0),
"android")) {
4973 #ifdef HAVE_SYSLOG_H
4974 log_warn(
LD_CONFIG,
"The android logging API is no longer supported;"
4975 " adding a syslog instead. The 'android' logging "
4976 " type will no longer work in the future.");
4977 if (!validate_only) {
4981 log_warn(
LD_CONFIG,
"The android logging API is no longer supported.");
4987 if (smartlist_len(elts) == 2 &&
4988 !strcasecmp(smartlist_get(elts,0),
"file")) {
4989 if (!validate_only) {
4993 int truncate_log = 0;
4998 for (opt2 = old_options->
Logs; opt2; opt2 = opt2->next)
4999 if (!strcmp(opt->value, opt2->value)) {
5006 log_warn(
LD_CONFIG,
"Couldn't open file for 'Log %s': %s",
5007 opt->value, strerror(errno));
5015 log_warn(
LD_CONFIG,
"Bad syntax on file Log option 'Log %s'",
5017 ok = 0;
goto cleanup;
5024 smartlist_free(elts);
5026 if (ok && !validate_only)
5038 char *socks_string = NULL;
5039 size_t socks_string_len;
5046 log_warn(
LD_CONFIG,
"'%s' is not a k=v item.", s);
5049 } SMARTLIST_FOREACH_END(s);
5055 socks_string_len = strlen(socks_string);
5059 log_warn(
LD_CONFIG,
"SOCKS arguments can't be more than %u bytes (%lu).",
5061 (
unsigned long) socks_string_len);
5075 if (bridge_line->socks_args) {
5077 smartlist_free(bridge_line->socks_args);
5079 tor_free(bridge_line->transport_name);
5099 char *addrport=NULL, *fingerprint=NULL;
5105 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5106 if (smartlist_len(items) < 1) {
5107 log_warn(
LD_CONFIG,
"Too few arguments to Bridge line.");
5112 field = smartlist_get(items, 0);
5117 bridge_line->transport_name = field;
5118 if (smartlist_len(items) < 1) {
5119 log_warn(
LD_CONFIG,
"Too few items to Bridge line.");
5122 addrport = smartlist_get(items, 0);
5129 &bridge_line->addr, &bridge_line->port, 443)<0) {
5130 log_warn(
LD_CONFIG,
"Error parsing Bridge address '%s'", addrport);
5137 if (smartlist_len(items)) {
5138 if (bridge_line->transport_name) {
5139 field = smartlist_get(items, 0);
5148 fingerprint = field;
5159 log_warn(
LD_CONFIG,
"Key digest for Bridge is wrong length.");
5164 log_warn(
LD_CONFIG,
"Unable to decode Bridge key digest.");
5171 if (bridge_line->transport_name && smartlist_len(items)) {
5172 if (!bridge_line->socks_args)
5179 tor_assert(smartlist_len(bridge_line->socks_args) > 0);
5182 if (bridge_line->socks_args) {
5190 bridge_line_free(bridge_line);
5195 smartlist_free(items);
5222 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
5225 if (smartlist_len(sl) < 2) {
5226 *msg = tor_strdup(
"TCPProxy has no address/port. Please fix.");
5230 char *protocol_string = smartlist_get(sl, 0);
5231 char *addrport_string = smartlist_get(sl, 1);
5234 if (strcasecmp(protocol_string,
"haproxy")) {
5235 *msg = tor_strdup(
"TCPProxy protocol is not supported. Currently "
5236 "the only supported protocol is 'haproxy'. "
5247 *msg = tor_strdup(
"TCPProxy address/port failed to parse or resolve. "
5276 const char *line,
int validate_only,
5282 const char *transports = NULL;
5285 char *addrport = NULL;
5288 int socks_ver = PROXY_NONE;
5292 char **proxy_argv = NULL;
5295 int is_useless_proxy = 1;
5302 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5303 line_length = smartlist_len(items);
5305 if (line_length < 3) {
5307 "Too few arguments on %sTransportPlugin line.",
5308 server ?
"Server" :
"Client");
5315 transports = smartlist_get(items, 0);
5318 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
5322 log_warn(
LD_CONFIG,
"Transport name is not a C identifier (%s).",
5329 is_useless_proxy = 0;
5330 } SMARTLIST_FOREACH_END(transport_name);
5332 type = smartlist_get(items, 1);
5333 if (!strcmp(type,
"exec")) {
5335 }
else if (server && !strcmp(type,
"proxy")) {
5338 }
else if (!server && !strcmp(type,
"socks4")) {
5341 socks_ver = PROXY_SOCKS4;
5342 }
else if (!server && !strcmp(type,
"socks5")) {
5345 socks_ver = PROXY_SOCKS5;
5348 "Strange %sTransportPlugin type '%s'",
5349 server ?
"Server" :
"Client", type);
5353 if (is_managed && options->
Sandbox) {
5355 "Managed proxies are not compatible with Sandbox mode."
5356 "(%sTransportPlugin line was %s)",
5357 server ?
"Server" :
"Client",
escaped(line));
5361 if (is_managed && options->
NoExec) {
5363 "Managed proxies are not compatible with NoExec mode; ignoring."
5364 "(%sTransportPlugin line was %s)",
5365 server ?
"Server" :
"Client",
escaped(line));
5373 if (!server && !validate_only && is_useless_proxy) {
5375 "Pluggable transport proxy (%s) does not provide "
5376 "any needed transports and will not be launched.",
5386 if (!validate_only && (server || !is_useless_proxy)) {
5387 proxy_argc = line_length - 2;
5389 proxy_argv = tor_calloc((proxy_argc + 1),
sizeof(
char *));
5392 for (i = 0; i < proxy_argc; i++) {
5394 *tmp++ = smartlist_get(items, 2);
5412 log_warn(
LD_CONFIG,
"You have configured an external proxy with another "
5413 "proxy type. (Socks4Proxy|Socks5Proxy|HTTPSProxy|"
5420 "You can't have an external proxy with more than "
5425 addrport = smartlist_get(items, 2);
5429 "Error parsing transport address '%s'", addrport);
5435 "Transport address '%s' has no port.", addrport);
5439 if (!validate_only) {
5440 log_info(
LD_DIR,
"%s '%s' at %s.",
5441 server ?
"Server transport" :
"Transport",
5460 smartlist_free(items);
5502 const char *eq = strchr(flag,
'=');
5504 const char *target = eq + 1;
5508 log_warn(
LD_CONFIG,
"Unsupported URL scheme in authority flag %s", flag);
5511 const char *addr = target + strlen(
"http://");
5513 const char *eos = strchr(addr,
'/');
5515 if (eos && strcmp(eos,
"/")) {
5516 log_warn(
LD_CONFIG,
"Unsupported URL prefix in authority flag %s", flag);
5519 addr_len = eos - addr;
5521 addr_len = strlen(addr);
5525 char *addr_string = tor_strndup(addr, addr_len);
5527 memset(&dirport, 0,
sizeof(dirport));
5529 &dirport.addr, &dirport.port, -1);
5530 if (ds != NULL && rv == 0) {
5532 }
else if (rv == -1) {
5533 log_warn(
LD_CONFIG,
"Unable to parse address in authority flag %s",flag);
5553 char *addrport=NULL, *address=NULL, *nickname=NULL, *fingerprint=NULL;
5555 uint16_t dir_port = 0, or_port = 0;
5559 double weight = 1.0;
5562 memset(v3_digest, 0,
sizeof(v3_digest));
5566 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5567 if (smartlist_len(items) < 1) {
5568 log_warn(
LD_CONFIG,
"No arguments on DirAuthority line.");
5573 nickname = smartlist_get(items, 0);
5577 while (smartlist_len(items)) {
5578 char *flag = smartlist_get(items, 0);
5579 if (TOR_ISDIGIT(flag[0]))
5581 if (!strcasecmp(flag,
"hs") ||
5582 !strcasecmp(flag,
"no-hs")) {
5583 log_warn(
LD_CONFIG,
"The DirAuthority options 'hs' and 'no-hs' are "
5584 "obsolete; you don't need them any more.");
5585 }
else if (!strcasecmp(flag,
"bridge")) {
5587 }
else if (!strcasecmp(flag,
"no-v2")) {
5592 char *portstring = flag + strlen(
"orport=");
5593 or_port = (uint16_t)
tor_parse_long(portstring, 10, 1, 65535, &ok, NULL);
5595 log_warn(
LD_CONFIG,
"Invalid orport '%s' on DirAuthority line.",
5599 const char *wstring = flag + strlen(
"weight=");
5602 log_warn(
LD_CONFIG,
"Invalid weight '%s' on DirAuthority line.",flag);
5606 char *idstr = flag + strlen(
"v3ident=");
5610 log_warn(
LD_CONFIG,
"Bad v3 identity digest '%s' on DirAuthority line",
5616 if (ipv6_addrport_ptr) {
5617 log_warn(
LD_CONFIG,
"Redundant ipv6 addr/port on DirAuthority line");
5620 &ipv6_addrport.addr, &ipv6_addrport.port,
5623 log_warn(
LD_CONFIG,
"Bad ipv6 addr/port %s on DirAuthority line",
5627 ipv6_addrport_ptr = &ipv6_addrport;
5636 log_warn(
LD_CONFIG,
"Unrecognized flag '%s' on DirAuthority line",
5643 if (smartlist_len(items) < 2) {
5644 log_warn(
LD_CONFIG,
"Too few arguments to DirAuthority line.");
5647 addrport = smartlist_get(items, 0);
5651 log_warn(
LD_CONFIG,
"Error parsing DirAuthority address '%s'.", addrport);
5656 log_warn(
LD_CONFIG,
"Error parsing DirAuthority address '%s' "
5657 "(invalid IPv4 address)", address);
5662 log_warn(
LD_CONFIG,
"Missing port in DirAuthority address '%s'",addrport);
5668 log_warn(
LD_CONFIG,
"Key digest '%s' for DirAuthority is wrong length %d.",
5669 fingerprint, (
int)strlen(fingerprint));
5674 log_warn(
LD_CONFIG,
"Unable to decode DirAuthority key digest.");
5678 if (validate_only) {
5682 } SMARTLIST_FOREACH_END(cp);
5685 if (!validate_only && (!required_type || required_type & type)) {
5688 type &= required_type;
5690 log_debug(
LD_DIR,
"Trusted %d dirserver at %s:%d (%s)", (
int)type,
5691 address, (
int)dir_port, (
char*)smartlist_get(items,0));
5694 digest, v3_digest, type, weight)))
5700 } SMARTLIST_FOREACH_END(cp);
5712 smartlist_free(extra_dirports);
5714 smartlist_free(items);
5741 memset(
id, 0,
sizeof(
id));
5743 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5745 const char *eq = strchr(cp,
'=');
5753 1, 65535, &ok, NULL);
5758 if (ipv6_addrport_ptr) {
5759 log_warn(
LD_CONFIG,
"Redundant ipv6 addr/port on FallbackDir line");
5762 &ipv6_addrport.addr, &ipv6_addrport.port,
5765 log_warn(
LD_CONFIG,
"Bad ipv6 addr/port %s on FallbackDir line",
5769 ipv6_addrport_ptr = &ipv6_addrport;
5773 const char *wstring = cp + strlen(
"weight=");
5776 log_warn(
LD_CONFIG,
"Invalid weight '%s' on FallbackDir line.", cp);
5785 } SMARTLIST_FOREACH_END(cp);
5787 if (smartlist_len(positional) != 1) {
5793 log_warn(
LD_CONFIG,
"Missing identity on FallbackDir line");
5798 log_warn(
LD_CONFIG,
"Missing orport on FallbackDir line");
5803 &address, &dirport) < 0 ||
5805 log_warn(
LD_CONFIG,
"Couldn't parse address:port %s on FallbackDir line",
5806 (
const char*)smartlist_get(positional, 0));
5810 if (!validate_only) {
5825 smartlist_free(items);
5826 smartlist_free(positional);
5867 const char *portname,
5868 const int listener_type)
5871 if (port->type != listener_type)
5873 if (port->is_unix_addr) {
5875 }
else if (!tor_addr_is_internal(&port->addr, 1)) {
5876 log_warn(
LD_CONFIG,
"You specified a public address '%s' for %sPort. "
5877 "Other people on the Internet might find your computer and "
5878 "use it as an open proxy. Please don't allow this unless you "
5879 "have a good reason.",
5882 log_notice(
LD_CONFIG,
"You configured a non-loopback address '%s' "
5883 "for %sPort. This allows everybody on your local network to "
5884 "use your machine as a proxy. Make sure this is what you "
5888 } SMARTLIST_FOREACH_END(port);
5902 if (port->is_unix_addr)
5905 if (forbid_nonlocal) {
5908 "You have a ControlPort set to accept "
5909 "unauthenticated connections from a non-local address. "
5910 "This means that programs not running on your computer "
5911 "can reconfigure your Tor, without even having to guess a "
5912 "password. That's so bad that I'm closing your ControlPort "
5913 "for you. If you need to control your Tor remotely, try "
5914 "enabling authentication and using a tool like stunnel or "
5915 "ssh to encrypt remote access.");
5917 port_cfg_free(port);
5920 log_warn(
LD_CONFIG,
"You have a ControlPort set to accept "
5921 "connections from a non-local address. This means that "
5922 "programs not running on your computer can reconfigure your "
5923 "Tor. That's pretty bad, since the controller "
5924 "protocol isn't encrypted! Maybe you should just listen on "
5925 "127.0.0.1 and use a tool like stunnel or ssh to encrypt "
5926 "remote connections to your control port.");
5930 } SMARTLIST_FOREACH_END(port);
5945 char **addrport_out,
5947 const char **rest_out)
5960 *addrport_out = NULL;
5961 line += strlen(unix_socket_prefix);
5963 if (!*rest_out || (*addrport_out && sz != strlen(*addrport_out))) {
5972 line += strlen(unix_socket_prefix);
5980 end = strchr(line,
'\0');
5983 *addrport_out = tor_strndup(line, end - line);
5990 warn_client_dns_cache(
const char *option,
int disabling)
5996 "Client-side DNS caching enables a wide variety of route-"
5997 "capture attacks. If a single bad exit node lies to you about "
5998 "an IP address, caching that address would make you visit "
5999 "an address of the attacker's choice every time you connected "
6000 "to your destination.");
6036 const char *portname,
6038 const char *defaultaddr,
6040 const unsigned flags)
6046 const unsigned allow_no_stream_options = flags & CL_PORT_NO_STREAM_OPTIONS;
6047 const unsigned use_server_options = flags & CL_PORT_SERVER_OPTIONS;
6048 const unsigned warn_nonlocal = flags & CL_PORT_WARN_NONLOCAL;
6049 const unsigned forbid_nonlocal = flags & CL_PORT_FORBID_NONLOCAL;
6050 const unsigned default_to_group_writable =
6051 flags & CL_PORT_DFLT_GROUP_WRITABLE;
6052 const unsigned takes_hostnames = flags & CL_PORT_TAKES_HOSTNAMES;
6053 const unsigned is_unix_socket = flags & CL_PORT_IS_UNIXSOCKET;
6054 int got_zero_port=0, got_nonzero_port=0;
6055 char *unix_socket_path = NULL;
6057 bool addr_is_explicit =
false;
6068 if (defaultport && defaultaddr && out) {
6069 cfg =
port_cfg_new(is_unix_socket ? strlen(defaultaddr) : 0);
6070 cfg->
type = listener_type;
6071 if (is_unix_socket) {
6073 memcpy(cfg->
unix_addr, defaultaddr, strlen(defaultaddr) + 1);
6076 cfg->
port = defaultport;
6087 char *addrport = NULL;
6089 for (; ports; ports = ports->next) {
6093 has_used_unix_socket_only_option = 0,
6094 is_unix_tagged_addr = 0;
6096 const char *rest_of_line = NULL;
6099 &addrport, &is_unix_tagged_addr, &rest_of_line)<0) {
6100 log_warn(
LD_CONFIG,
"Invalid %sPort line with unparsable address",
6104 if (strlen(addrport) == 0) {
6105 log_warn(
LD_CONFIG,
"Invalid %sPort line with no address", portname);
6111 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
6114 if (is_unix_tagged_addr) {
6115 #ifndef HAVE_SYS_UN_H
6116 log_warn(
LD_CONFIG,
"Unix sockets not supported on this system.");
6119 unix_socket_path = addrport;
6123 if (unix_socket_path &&
6125 log_warn(
LD_CONFIG,
"%sPort does not support unix sockets", portname);
6129 if (unix_socket_path) {
6131 }
else if (is_unix_socket) {
6134 unix_socket_path = tor_strdup(addrport);
6135 if (!strcmp(addrport,
"0"))
6139 }
else if (!strcasecmp(addrport,
"auto")) {
6143 char *addrtmp = tor_strndup(addrport, strlen(addrport)-5);
6146 log_warn(
LD_CONFIG,
"Invalid address '%s' for %sPort",
6158 addr_is_explicit =
false;
6161 log_warn(
LD_CONFIG,
"%sPort line has address but no port", portname);
6165 addr_is_explicit =
true;
6167 log_warn(
LD_CONFIG,
"Couldn't parse address %s for %sPort",
6174 cfg =
port_cfg_new(unix_socket_path ? strlen(unix_socket_path) : 0);
6176 cfg->explicit_addr = addr_is_explicit;
6177 if (unix_socket_path && default_to_group_writable)
6178 cfg->is_group_writable = 1;
6181 if (use_server_options) {
6184 if (!strcasecmp(elt,
"NoAdvertise")) {
6185 cfg->server_cfg.no_advertise = 1;
6186 }
else if (!strcasecmp(elt,
"NoListen")) {
6187 cfg->server_cfg.no_listen = 1;
6190 }
else if (!strcasecmp(elt,
"AllAddrs")) {
6194 }
else if (!strcasecmp(elt,
"IPv4Only")) {
6195 cfg->server_cfg.bind_ipv4_only = 1;
6196 }
else if (!strcasecmp(elt,
"IPv6Only")) {
6197 cfg->server_cfg.bind_ipv6_only = 1;
6199 log_warn(
LD_CONFIG,
"Unrecognized %sPort option '%s'",
6202 } SMARTLIST_FOREACH_END(elt);
6204 if (cfg->server_cfg.no_advertise && cfg->server_cfg.no_listen) {
6205 log_warn(
LD_CONFIG,
"Tried to set both NoListen and NoAdvertise "
6206 "on %sPort line '%s'",
6207 portname,
escaped(ports->value));
6210 if (cfg->server_cfg.bind_ipv4_only &&
6211 cfg->server_cfg.bind_ipv6_only) {
6212 log_warn(
LD_CONFIG,
"Tried to set both IPv4Only and IPv6Only "
6213 "on %sPort line '%s'",
6214 portname,
escaped(ports->value));
6217 if (cfg->server_cfg.bind_ipv4_only &&
6219 if (cfg->explicit_addr) {
6220 log_warn(
LD_CONFIG,
"Could not interpret %sPort address as IPv4",
6228 if (cfg->server_cfg.bind_ipv6_only &&
6230 if (cfg->explicit_addr) {
6231 log_warn(
LD_CONFIG,
"Could not interpret %sPort address as IPv6",
6242 int no = 0, isoflag = 0;
6243 const char *elt_orig = elt;
6247 10, 0, INT_MAX, &ok, NULL);
6248 if (!ok || allow_no_stream_options) {
6249 log_warn(
LD_CONFIG,
"Invalid %sPort option '%s'",
6254 log_warn(
LD_CONFIG,
"Multiple SessionGroup options on %sPort",
6267 if (!strcasecmp(elt,
"GroupWritable")) {
6268 cfg->is_group_writable = !no;
6269 has_used_unix_socket_only_option = 1;
6271 }
else if (!strcasecmp(elt,
"WorldWritable")) {
6272 cfg->is_world_writable = !no;
6273 has_used_unix_socket_only_option = 1;
6275 }
else if (!strcasecmp(elt,
"RelaxDirModeCheck")) {
6276 cfg->relax_dirmode_check = !no;
6277 has_used_unix_socket_only_option = 1;
6281 if (allow_no_stream_options) {
6282 log_warn(
LD_CONFIG,
"Unrecognized %sPort option '%s'",
6287 if (takes_hostnames) {
6288 if (!strcasecmp(elt,
"IPv4Traffic")) {
6291 }
else if (!strcasecmp(elt,
"IPv6Traffic")) {
6294 }
else if (!strcasecmp(elt,
"PreferIPv6")) {
6297 }
else if (!strcasecmp(elt,
"DNSRequest")) {
6300 }
else if (!strcasecmp(elt,
"OnionTraffic")) {
6303 }
else if (!strcasecmp(elt,
"OnionTrafficOnly")) {
6308 log_warn(
LD_CONFIG,
"Unsupported %sPort option 'No%s'. Use "
6309 "DNSRequest, IPv4Traffic, and/or IPv6Traffic instead.",
6319 if (!strcasecmp(elt,
"CacheIPv4DNS")) {
6320 warn_client_dns_cache(elt, no);
6323 }
else if (!strcasecmp(elt,
"CacheIPv6DNS")) {
6324 warn_client_dns_cache(elt, no);
6325 cfg->
entry_cfg.cache_ipv6_answers = ! no;
6327 }
else if (!strcasecmp(elt,
"CacheDNS")) {
6328 warn_client_dns_cache(elt, no);
6330 cfg->
entry_cfg.cache_ipv6_answers = ! no;
6332 }
else if (!strcasecmp(elt,
"UseIPv4Cache")) {
6333 warn_client_dns_cache(elt, no);
6336 }
else if (!strcasecmp(elt,
"UseIPv6Cache")) {
6337 warn_client_dns_cache(elt, no);
6338 cfg->
entry_cfg.use_cached_ipv6_answers = ! no;
6340 }
else if (!strcasecmp(elt,
"UseDNSCache")) {
6341 warn_client_dns_cache(elt, no);
6343 cfg->
entry_cfg.use_cached_ipv6_answers = ! no;
6345 }
else if (!strcasecmp(elt,
"PreferIPv6Automap")) {
6348 }
else if (!strcasecmp(elt,
"PreferSOCKSNoAuth")) {
6351 }
else if (!strcasecmp(elt,
"KeepAliveIsolateSOCKSAuth")) {
6354 }
else if (!strcasecmp(elt,
"ExtendedErrors")) {
6360 elt[strlen(elt)-1] =
'\0';
6362 if (!strcasecmp(elt,
"IsolateDestPort")) {
6364 }
else if (!strcasecmp(elt,
"IsolateDestAddr")) {
6366 }
else if (!strcasecmp(elt,
"IsolateSOCKSAuth")) {
6368 }
else if (!strcasecmp(elt,
"IsolateClientProtocol")) {
6370 }
else if (!strcasecmp(elt,
"IsolateClientAddr")) {
6373 log_warn(
LD_CONFIG,
"Unrecognized %sPort option '%s'",
6382 } SMARTLIST_FOREACH_END(elt);
6386 got_nonzero_port = 1;
6392 log_warn(
LD_CONFIG,
"You have a %sPort entry with DNS disabled; that "
6393 "won't work.", portname);
6400 log_warn(
LD_CONFIG,
"You have a %sPort entry with all of IPv4 and "
6401 "IPv6 and .onion disabled; that won't work.", portname);
6408 log_warn(
LD_CONFIG,
"You have a %sPort entry with DNSRequest enabled, "
6409 "but IPv4 and IPv6 disabled; DNS-based sites won't work.",
6413 if (has_used_unix_socket_only_option && !unix_socket_path) {
6414 log_warn(
LD_CONFIG,
"You have a %sPort entry with GroupWritable, "
6415 "WorldWritable, or RelaxDirModeCheck, but it is not a "
6416 "unix socket.", portname);
6421 log_warn(
LD_CONFIG,
"You have a %sPort entry with both "
6422 "NoIsolateSOCKSAuth and KeepAliveIsolateSOCKSAuth set.",
6426 if (unix_socket_path &&
6434 size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0;
6435 if (unix_socket_path) {
6437 memcpy(cfg->
unix_addr, unix_socket_path, namelen + 1);
6444 cfg->
type = listener_type;
6460 if (warn_nonlocal && out) {
6463 else if (is_ext_orport)
6469 if (got_zero_port && got_nonzero_port) {
6470 log_warn(
LD_CONFIG,
"You specified a nonzero %sPort along with '%sPort 0' "
6471 "in the same configuration. Did you mean to disable %sPort or "
6472 "not?", portname, portname, portname);
6490 smartlist_free(elts);
6506 if (port->server_cfg.no_listen)
6508 if (!count_sockets && port->is_unix_addr)
6510 if (port->type != listenertype)
6513 } SMARTLIST_FOREACH_END(port);
6527 char **msg,
int *n_ports_out,
6528 int *world_writable_control_socket)
6538 CL_PORT_DFLT_GROUP_WRITABLE : 0;
6543 ((validate_only ? 0 : CL_PORT_WARN_NONLOCAL)
6544 | CL_PORT_TAKES_HOSTNAMES | gw_flag)) < 0) {
6545 *msg = tor_strdup(
"Invalid SocksPort configuration");
6552 CL_PORT_WARN_NONLOCAL|CL_PORT_TAKES_HOSTNAMES) < 0) {
6553 *msg = tor_strdup(
"Invalid DNSPort configuration");
6560 CL_PORT_WARN_NONLOCAL) < 0) {
6561 *msg = tor_strdup(
"Invalid TransPort configuration");
6568 CL_PORT_WARN_NONLOCAL) < 0) {
6569 *msg = tor_strdup(
"Invalid NatdPort configuration");
6576 ((validate_only ? 0 : CL_PORT_WARN_NONLOCAL)
6577 | CL_PORT_TAKES_HOSTNAMES | gw_flag)) < 0) {
6578 *msg = tor_strdup(
"Invalid HTTPTunnelPort configuration");
6586 unsigned control_port_flags = CL_PORT_NO_STREAM_OPTIONS |
6587 CL_PORT_WARN_NONLOCAL;
6591 if (! any_passwords)
6592 control_port_flags |= CL_PORT_FORBID_NONLOCAL;
6594 control_port_flags |= CL_PORT_DFLT_GROUP_WRITABLE;
6600 control_port_flags) < 0) {
6601 *msg = tor_strdup(
"Invalid ControlPort configuration");
6608 control_port_flags | CL_PORT_IS_UNIXSOCKET) < 0) {
6609 *msg = tor_strdup(
"Invalid ControlSocket configuration");
6617 *n_ports_out = smartlist_len(ports);
6624 options->SocksPort_set =
6626 options->TransPort_set =
6628 options->NATDPort_set =
6630 options->HTTPTunnelPort_set =
6633 options->ControlPort_set =
6635 options->DNSPort_set =
6638 if (world_writable_control_socket) {
6642 p->is_world_writable) {
6643 *world_writable_control_socket = 1;
6648 if (!validate_only) {
6661 smartlist_free(ports);
6672 && !port->server_cfg.bind_ipv6_only);
6681 && !port->server_cfg.bind_ipv4_only);
6706 static const char *ipv4_localhost =
"127.0.0.1";
6707 static const char *ipv6_localhost =
"[::1]";
6708 const char *address;
6710 char *
string = NULL;
6716 if (cfg->server_cfg.no_listen)
6719 if (cfg->type == listener_type &&
6728 address =
tor_addr_is_v4(&cfg->addr) ? ipv4_localhost : ipv6_localhost;
6749 } SMARTLIST_FOREACH_END(cfg);
6760 const port_cfg_t *first_port_explicit_addr = NULL;
6762 if (address_family == AF_UNSPEC)
6767 if (cfg->type == listener_type && !cfg->server_cfg.no_advertise) {
6768 if ((address_family == AF_INET && port_binds_ipv4(cfg)) ||
6769 (address_family == AF_INET6 && port_binds_ipv6(cfg))) {
6770 if (cfg->explicit_addr && !first_port_explicit_addr) {
6771 first_port_explicit_addr = cfg;
6772 }
else if (!first_port) {
6777 } SMARTLIST_FOREACH_END(cfg);
6780 return (first_port_explicit_addr) ? first_port_explicit_addr : first_port;
6792 return cfg ? cfg->
port : 0;
6804 return cfg ? &cfg->
addr : NULL;
6815 int port,
int check_wildcard)
6820 if (cfg->type == listener_type) {
6821 if (cfg->port == port || (check_wildcard && port == -1)) {
6827 if (!check_wildcard) {
6831 const int cfg_v4 = port_binds_ipv4(cfg);
6836 if ((cfg_any_v4 && addr_v4) || (cfg_v4 && addr_any_v4)) {
6840 const int cfg_v6 = port_binds_ipv6(cfg);
6845 if ((cfg_any_v6 && addr_v6) || (cfg_v6 && addr_any_v6)) {
6850 } SMARTLIST_FOREACH_END(cfg);
6857 port_exists_by_type_addr32h_port(
int listener_type, uint32_t addr_ipv4h,
6858 int port,
int check_wildcard)
6873 return tor_strdup(val);
6875 return tor_strdup(get_windows_conf_root());
6878 const char *d = val;
6885 log_warn(
LD_CONFIG,
"Failed to expand filename \"%s\".", d);
6888 if (!val && !strcmp(fn,
"/.tor")) {
6893 "Default DataDirectory is \"~/.tor\". This expands to "
6894 "\"%s\", which is probably not what you want. Using "
6895 "\"%s"PATH_SEPARATOR
"tor\" instead", fn, LOCALSTATEDIR);
6897 fn = tor_strdup(LOCALSTATEDIR PATH_SEPARATOR
"tor");
6901 return tor_strdup(d);
6915 log_warn(
LD_CONFIG,
"DataDirectory is too long.");
6946 #define GENERATED_FILE_PREFIX "# This file was generated by Tor; " \
6947 "if you edit it, comments will not be preserved"
6950 #define GENERATED_FILE_COMMENT "# The old torrc file was renamed " \
6951 "to torrc.orig.1, and Tor will ignore it"
6960 char *old_val=NULL, *new_val=NULL, *new_conf=NULL;
6961 int rename_old = 0, r;
6970 old_val = read_file_to_str(fname, 0, NULL);
6982 "Config file \"%s\" is not a file? Failing.", fname);
6986 if (!(new_conf =
options_dump(options, OPTIONS_DUMP_MINIMAL))) {
6987 log_warn(
LD_BUG,
"Couldn't get configuration string");
6995 char *fn_tmp = NULL;
6998 if (fn_tmp_status == FN_DIR || fn_tmp_status == FN_ERROR) {
7000 "Config backup file \"%s\" is not a file? Failing.", fn_tmp);
7005 log_notice(
LD_CONFIG,
"Renaming old configuration file to \"%s\"", fn_tmp);
7008 "Couldn't rename configuration file \"%s\" to \"%s\": %s",
7009 fname, fn_tmp, strerror(errno));
7051 return (n >= 1) ? n : 1;
7073 memset(&cfg, 0,
sizeof(cfg));
7094 directory_root_t roottype,
7095 const char *sub1,
const char *sub2,
7096 const char *suffix))
7100 const char *rootdir = NULL;
7102 case DIRROOT_DATADIR:
7105 case DIRROOT_CACHEDIR:
7108 case DIRROOT_KEYDIR:
7112 tor_assert_unreached();
7125 }
else if (sub2 == NULL) {
7126 tor_asprintf(&fname,
"%s"PATH_SEPARATOR
"%s%s", rootdir, sub1, suffix);
7128 tor_asprintf(&fname,
"%s"PATH_SEPARATOR
"%s"PATH_SEPARATOR
"%s%s",
7129 rootdir, sub1, sub2, suffix);
7141 char *statsdir = get_datadir_fname(subdir);
7145 log_warn(
LD_HIST,
"Unable to create %s/ directory!", subdir);
7159 const char* str,
const char* descr)
7161 char *filename = get_datadir_fname2(subdir, fname);
7165 log_warn(
LD_HIST,
"Unable to write %s to disk!", descr ? descr : fname);
7178 const char *question,
char **answer,
7179 const char **errmsg)
7183 if (!strcmp(question,
"config/names")) {
7194 } SMARTLIST_FOREACH_END(var);
7198 smartlist_free(vars);
7199 }
else if (!strcmp(question,
"config/defaults")) {
7201 int dirauth_lines_seen = 0, fallback_lines_seen = 0;
7206 if (var->initvalue != NULL) {
7207 if (strcmp(var->member.name,
"DirAuthority") == 0) {
7212 ++dirauth_lines_seen;
7214 if (strcmp(var->member.name,
"FallbackDir") == 0) {
7219 ++fallback_lines_seen;
7225 } SMARTLIST_FOREACH_END(var);
7226 smartlist_free(vars);
7228 if (dirauth_lines_seen == 0) {
7246 if (fallback_lines_seen == 0 &&
7285 if (family==AF_INET6) {
7292 if (!validate_only) {
7311 if (verify_and_store_outbound_address(family, &addr, type,
7312 options, validate_only)) {
7314 tor_asprintf(msg,
"Multiple%s%s outbound bind addresses "
7316 family==AF_INET?
" IPv4":(family==AF_INET6?
" IPv6":
""),
7322 lines = lines->next;
7336 if (!validate_only) {
7343 validate_only, msg) < 0) {
7379 const char *msg =
"";
7384 char *free_fname = NULL;
7387 if (!strcmp(fname,
"<default>")) {
7388 const char *conf_root = get_windows_conf_root();
7399 if (r < 0 && severity ==
LOG_WARN) {
7422 if (options->GeoIPv6File &&
7423 ((!old_options || !
opt_streq(old_options->GeoIPv6File,
7424 options->GeoIPv6File))
7444 int cookie_len,
int group_readable,
7445 uint8_t **cookie_out,
int *cookie_is_set_out)
7447 char cookie_file_str_len = strlen(header) + cookie_len;
7448 char *cookie_file_str = tor_malloc(cookie_file_str_len);
7453 if (*cookie_is_set_out) {
7465 *cookie_out = tor_malloc(cookie_len);
7469 memcpy(cookie_file_str, header, strlen(header));
7470 memcpy(cookie_file_str+strlen(header), *cookie_out, cookie_len);
7472 log_warn(
LD_FS,
"Error writing auth cookie to %s.",
escaped(fname));
7477 if (group_readable) {
7478 if (chmod(fname, 0640)) {
7479 log_warn(
LD_FS,
"Unable to make %s group-readable.",
escaped(fname));
7483 (void) group_readable;
7488 *cookie_is_set_out = 1;
7492 memwipe(cookie_file_str, 0, cookie_file_str_len);
7504 return (options->SocksPort_set ||
7505 options->TransPort_set ||
7506 options->NATDPort_set ||
7507 options->DNSPort_set ||
7508 options->HTTPTunnelPort_set);
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
void tor_addr_make_unspec(tor_addr_t *a)
int string_is_valid_ipv4_address(const char *string)
int tor_addr_parse(tor_addr_t *addr, const char *src)
int tor_addr_port_parse(int severity, const char *addrport, tor_addr_t *address_out, uint16_t *port_out, int default_port)
int tor_addr_is_loopback(const tor_addr_t *addr)
int tor_addr_is_v4(const tor_addr_t *addr)
int tor_addr_port_split(int severity, const char *addrport, char **address_out, uint16_t *port_out)
int tor_addr_is_null(const tor_addr_t *addr)
#define fmt_and_decorate_addr(a)
static sa_family_t tor_addr_family(const tor_addr_t *a)
#define tor_addr_from_ipv4h(dest, v4addr)
#define tor_addr_eq(a, b)
void addressmap_clear_invalid_automaps(const or_options_t *options)
void addressmap_register(const char *address, char *new_address, time_t expires, addressmap_entry_source_t source, const int wildcard_addr, const int wildcard_new_addr, uint64_t stream_id)
void addressmap_clear_configured(void)
void addressmap_clear_excluded_trackexithosts(const or_options_t *options)
int parse_virtual_addr_network(const char *val, sa_family_t family, int validate_only, char **msg)
Header file for directory authority mode.
int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
void mark_bridge_list(void)
void sweep_bridge_list(void)
int transport_is_needed(const char *transport_name)
void bridge_add_from_config(bridge_line_t *bridge_line)
Header file for circuitbuild.c.
Header file for channel.c.
void circuit_mark_all_dirty_circs_as_unusable(void)
void circuit_mark_all_unused_circs(void)
Header file for circuitlist.c.
Header file for circuitmux.c.
void cmux_ewma_set_options(const or_options_t *options, const networkstatus_t *consensus)
Header file for circuitmux_ewma.c.
int circuit_build_times_disabled_(const or_options_t *options, int ignore_consensus)
Header file for circuitstats.c.
void suppress_libevent_log_msg(const char *msg)
const char * tor_libevent_get_version_str(void)
void tor_libevent_initialize(tor_libevent_cfg_t *torcfg)
const char * tor_libevent_get_header_version_str(void)
void configure_libevent_logging(void)
size_t atomic_counter_exchange(atomic_counter_t *counter, size_t newval)
void atomic_counter_init(atomic_counter_t *counter)
size_t atomic_counter_get(atomic_counter_t *counter)
void atomic_counter_destroy(atomic_counter_t *counter)
int tor_compress_supports_method(compress_method_t method)
const char * tor_compress_header_version_str(compress_method_t method)
const char * tor_compress_version_str(compress_method_t method)
Read configuration files from disk, with full include support.
int config_get_lines_include(const char *string, struct config_line_t **result, int extended, int *has_include, struct smartlist_t *opened_lst)
int config_ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg)
static void options_commit_listener_transaction(listener_transaction_t *xn)
static int compute_group_readable_flag(const char *datadir, const char *subdir, int datadir_gr, int subdir_gr)
static int validate_transport_socks_arguments(const smartlist_t *args)
void options_init(or_options_t *options)
int options_save_current(void)
#define MIN_REND_POST_PERIOD
static const char * default_fallbacks[]
static void print_usage(void)
const smartlist_t * get_configured_ports(void)
static config_line_t * get_options_defaults(void)
STATIC void add_default_trusted_dir_authorities(dirinfo_type_t type)
int pt_parse_transport_line(const or_options_t *options, const char *line, int validate_only, int server)
static char * get_data_directory(const char *val)
#define MAX_MAX_CIRCUIT_DIRTINESS
#define MIN_MAX_CIRCUIT_DIRTINESS
static void warn_nonlocal_client_ports(const smartlist_t *ports, const char *portname, const int listener_type)
static void set_protocol_warning_severity_level(int warning_severity)
static int validate_ports_csv(smartlist_t *sl, const char *name, char **msg)
void bridge_line_free_(bridge_line_t *bridge_line)
int get_num_cpus(const or_options_t *options)
static void list_deprecated_options(void)
or_options_t * get_options_mutable(void)
void add_default_fallback_dir_servers(void)
static const config_var_t option_vars_[]
parsed_cmdline_t * config_parse_commandline(int argc, char **argv, int ignore_errors)
or_options_t * options_new(void)
static atomic_counter_t protocol_warning_severity_level
static int write_configuration_file(const char *fname, const or_options_t *options)
STATIC int options_act_reversible(const or_options_t *old_options, char **msg)
#define MIN_CIRCUIT_STREAM_TIMEOUT
STATIC void or_options_free_(or_options_t *options)
static bool testing_network_configured
static char * load_torrc_from_stdin(void)
static void list_torrc_options(void)
static int validate_data_directories(or_options_t *options)
static int in_option_validation
int getinfo_helper_config(control_connection_t *conn, const char *question, char **answer, const char **errmsg)
static void print_library_versions(void)
char * get_first_listener_addrport_string(int listener_type)
static int opt_streq(const char *s1, const char *s2)
port_cfg_t * port_cfg_new(size_t namelen)
STATIC int parse_ports(or_options_t *options, int validate_only, char **msg, int *n_ports_out, int *world_writable_control_socket)
int consider_adding_dir_servers(const or_options_t *options, const or_options_t *old_options)
static const char * default_authorities[]
static int options_transition_affects_guards(const or_options_t *old_options, const or_options_t *new_options)
static int warn_if_option_path_is_relative(const char *option, const char *filepath)
char * options_get_dir_fname2_suffix(const or_options_t *options, directory_root_t roottype, const char *sub1, const char *sub2, const char *suffix)
#define V_D(member, type, initvalue)
int options_init_from_torrc(int argc, char **argv)
static or_options_t * global_options
static void config_load_geoip_file_(sa_family_t family, const char *fname, const char *default_fname)
static const config_abbrev_t option_abbrevs_[]
#define OBSOLETE(varname)
void port_cfg_free_(port_cfg_t *port)
static int options_switch_id(char **msg_out)
static int handle_cmdline_master_key(tor_cmdline_mode_t command, const char *value)
takes_argument_t takes_argument
STATIC void options_commit_log_transaction(log_transaction_t *xn)
static void options_rollback_listener_transaction(struct listener_transaction_t *xn)
static char * find_torrc_filename(const config_line_t *cmd_arg, int defaults_file, int *using_default_fname, int *ignore_missing_torrc)
STATIC int open_and_add_file_log(const log_severity_list_t *severity, const char *filename, int truncate_log)
static or_options_t * global_default_options
static void cleanup_protocol_warning_severity_level(void)
static int parse_outbound_addresses(or_options_t *options, int validate_only, char **msg)
STATIC int options_create_directories(char **msg_out)
int portconf_get_first_advertised_port(int listener_type, int address_family)
const or_options_t * get_options(void)
STATIC log_transaction_t * options_start_log_transaction(const or_options_t *old_options, char **msg_out)
static char * torrc_defaults_fname
static const char * get_default_conf_file(int defaults_file)
static int handle_cmdline_passphrase_fd(tor_cmdline_mode_t command, const char *value)
int port_cfg_line_extract_addrport(const char *line, char **addrport_out, int *is_unix_out, const char **rest_out)
int check_or_create_data_subdir(const char *subdir)
STATIC const config_mgr_t * get_options_mgr(void)
static listener_transaction_t * options_start_listener_transaction(const or_options_t *old_options, char **msg_out)
int options_any_client_port_set(const or_options_t *options)
int create_keys_directory(const or_options_t *options)
#define MAX_CIRCS_AVAILABLE_TIME
void init_protocol_warning_severity_level(void)
static int check_and_create_data_directory(int create, const char *directory, int group_readable, const char *owner, char **msg_out)
static int handle_cmdline_no_passphrase(tor_cmdline_mode_t command)
int get_protocol_warning_severity_level(void)
static int warn_about_relative_paths(const or_options_t *options)
static char * torrc_fname
const tor_addr_t * portconf_get_first_advertised_addr(int listener_type, int address_family)
int parse_dir_fallback_line(const char *line, int validate_only)
char * options_dump(const or_options_t *options, int how_to_dump)
int option_is_recognized(const char *key)
setopt_err_t options_trial_assign(config_line_t *list, unsigned flags, char **msg)
static int options_init_log_granularity(const or_options_t *options, int validate_only)
STATIC int options_act(const or_options_t *old_options)
#define RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT
STATIC int parse_dir_authority_line(const char *line, dirinfo_type_t required_type, int validate_only)
#define VAR(varname, conftype, member, initvalue)
STATIC int options_init_logs(const or_options_t *old_options, const or_options_t *options, int validate_only)
STATIC void options_rollback_log_transaction(log_transaction_t *xn)
static int validate_dir_servers(const or_options_t *options, const or_options_t *old_options)
const char * safe_str_client_opts(const or_options_t *options, const char *address)
static int handle_cmdline_format(tor_cmdline_mode_t command, const char *value)
static bool have_set_startup_options
#define GENERATED_FILE_PREFIX
const char * safe_str_opts(const or_options_t *options, const char *address)
void parsed_cmdline_free_(parsed_cmdline_t *cmdline)
const char * option_get_canonical_name(const char *key)
static const config_format_t options_format
static int options_act_once_on_startup(char **msg_out)
static char * load_torrc_from_disk(const config_line_t *cmd_arg, int defaults_file)
static void config_maybe_load_geoip_files_(const or_options_t *options, const or_options_t *old_options)
static const struct @0 testing_tor_network_defaults[]
const char * get_torrc_fname(int defaults_fname)
static int options_check_transition_cb(const void *old, const void *new, char **msg)
int set_options(or_options_t *new_val, char **msg)
bridge_line_t * parse_bridge_line(const char *line)
static void warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid_nonlocal)
const char * escaped_safe_str_client(const char *address)
DUMMY_TYPECHECK_INSTANCE(or_options_t)
static int handle_cmdline_newpass(tor_cmdline_mode_t command)
int addressmap_register_auto(const char *from, const char *to, time_t expires, addressmap_entry_source_t addrmap_source, const char **msg)
int options_need_geoip_info(const or_options_t *options, const char **reason_out)
#define UINT64_MAX_STRING
void config_register_addressmaps(const or_options_t *options)
static void options_clear_cb(const config_mgr_t *mgr, void *opts)
void config_free_all(void)
static const port_cfg_t * portconf_get_first_advertised(int listener_type, int address_family)
int port_count_real_listeners(const smartlist_t *ports, int listenertype, int count_sockets)
static void init_libevent(const or_options_t *options)
int port_exists_by_type_addr_port(int listener_type, const tor_addr_t *addr, int port, int check_wildcard)
static int parse_dirauth_dirport(dir_server_t *ds, const char *flag)
tor_cmdline_mode_t command
int init_cookie_authentication(const char *fname, const char *header, int cookie_len, int group_readable, uint8_t **cookie_out, int *cookie_is_set_out)
static const struct @1 CMDLINE_ONLY_OPTIONS[]
setopt_err_t options_init_from_string(const char *cf_defaults, const char *cf, int command, const char *command_arg, char **msg)
static int options_validate_cb(const void *old_options, void *options, char **msg)
static void list_enabled_modules(void)
static setopt_err_t options_validate_and_set(const or_options_t *old_options, or_options_t *new_options, char **msg_out)
static smartlist_t * configured_ports
config_line_t * option_get_assignment(const or_options_t *options, const char *key)
const char * escaped_safe_str(const char *address)
STATIC int parse_tcp_proxy_line(const char *line, or_options_t *options, char **msg)
#define DOWNLOAD_SCHEDULE(name)
int write_to_data_subdir(const char *subdir, const char *fname, const char *str, const char *descr)
int port_parse_config(smartlist_t *out, const config_line_t *ports, const char *portname, int listener_type, const char *defaultaddr, int defaultport, const unsigned flags)
static parsed_cmdline_t * global_cmdline
#define GENERATED_FILE_COMMENT
Header file for config.c.
#define MAX_DEFAULT_MEMORY_QUEUE_SIZE
#define CONFIG_BACKUP_PATTERN
#define MIN_HEARTBEAT_PERIOD
const config_line_t * config_line_find(const config_line_t *lines, const char *key)
void config_line_append(config_line_t **lst, const char *key, const char *val)
int config_lines_eq(const config_line_t *a, const config_line_t *b)
#define CONFIG_LINE_APPEND
#define CONFIG_LINE_NORMAL
#define END_OF_CONFIG_VARS
void config_init(const config_mgr_t *mgr, void *options)
void config_mgr_freeze(config_mgr_t *mgr)
void warn_deprecated_option(const char *what, const char *why)
char * config_dump(const config_mgr_t *mgr, const void *default_options, const void *options, int minimal, int comment_defaults)
bool config_var_is_listable(const config_var_t *var)
config_line_t * config_get_assigned_option(const config_mgr_t *mgr, const void *options, const char *key, int escape_val)
config_line_t * config_get_changes(const config_mgr_t *mgr, const void *options1, const void *options2)
bool config_var_is_settable(const config_var_t *var)
void * config_new(const config_mgr_t *mgr)
config_mgr_t * config_mgr_new(const config_format_t *toplevel_fmt)
const char * config_expand_abbrev(const config_mgr_t *mgr, const char *option, int command_line, int warn_obsolete)
const char * config_find_option_name(const config_mgr_t *mgr, const char *key)
validation_status_t config_validate(const config_mgr_t *mgr, const void *old_options, void *options, char **msg_out)
int config_assign(const config_mgr_t *mgr, void *options, config_line_t *list, unsigned config_assign_flags, char **msg)
void * config_dup(const config_mgr_t *mgr, const void *old)
smartlist_t * config_mgr_list_deprecated_vars(const config_mgr_t *mgr)
smartlist_t * config_mgr_list_vars(const config_mgr_t *mgr)
#define CAL_WARN_DEPRECATIONS
int retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
void connection_bucket_adjust(const or_options_t *options)
int conn_listener_type_supports_af_unix(int type)
char * alloc_http_authenticator(const char *authenticator)
void connection_mark_all_noncontrol_connections(void)
void connection_check_oos(int n_socks, int failed)
Header file for connection.c.
#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER
#define CONN_TYPE_CONTROL_LISTENER
#define CONN_TYPE_EXT_OR_LISTENER
#define MAX_SOCKS5_AUTH_SIZE_TOTAL
#define MAX_SOCKS5_AUTH_FIELD_SIZE
#define CONN_TYPE_AP_NATD_LISTENER
#define CONN_TYPE_AP_LISTENER
#define CONN_TYPE_AP_DNS_LISTENER
#define CONN_TYPE_AP_TRANS_LISTENER
Header file for connection_edge.c.
int address_is_invalid_destination(const char *address, int client)
Base connection structure.
void control_ports_write_to_file(void)
int control_connection_add_local_fd(tor_socket_t sock, unsigned flags)
void monitor_owning_controller_process(const char *process_spec)
Header file for control.c.
smartlist_t * decode_hashed_passwords(config_line_t *passwords)
Header file for control_auth.c.
void control_adjust_event_log_severity(void)
void control_event_logmsg_pending(void)
void control_event_logmsg(int severity, log_domain_mask_t domain, const char *msg)
void control_event_conf_changed(const config_line_t *changes)
Header file for control_events.c.
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
const char * crypto_get_library_name(void)
const char * crypto_get_library_version_string(void)
Headers for crypto_init.c.
Headers for crypto_nss_mgt.c.
Headers for crypto_openssl_mgt.c.
void crypto_rand(char *to, size_t n)
Common functions for using (pseudo-)random number generators.
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
const char * unescape_string(const char *s, char **result, size_t *size_out)
bool start_daemon_has_been_called(void)
int finish_daemon(const char *desired_cwd)
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
int options_act_dirauth_mtbf(const or_options_t *old_options)
int options_act_dirauth_stats(const or_options_t *old_options, bool *print_notice_out)
int options_validate_dirauth_mode(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_dirauth(const or_options_t *old_options)
int options_validate_dirauth_testing(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_dirauth_schedule(const or_options_t *old_options, or_options_t *options, char **msg)
Header for feature/dirauth/dirauth_config.c.
int dirclient_fetches_dir_info_later(const or_options_t *options)
int dirclient_fetches_dir_info_early(const or_options_t *options)
Header for feature/dirclient/dirclient_modes.c.
void trusted_dir_server_add_dirport(dir_server_t *ds, auth_dirport_usage_t usage, const tor_addr_port_t *dirport)
dir_server_t * fallback_dir_server_new(const tor_addr_t *ipv4_addr, uint16_t ipv4_dirport, uint16_t ipv4_orport, const tor_addr_port_t *addrport_ipv6, const char *id_digest, double weight)
void clear_dir_servers(void)
void dir_server_add(dir_server_t *ent)
dir_server_t * trusted_dir_server_new(const char *nickname, const char *address, uint16_t ipv4_dirport, uint16_t ipv4_orport, const tor_addr_port_t *ipv6_addrport, const char *digest, const char *v3_auth_digest, dirinfo_type_t type, double weight)
Header file for dirlist.c.
int guards_update_all(void)
Header file for circuitbuild.c.
const char * escaped(const char *s)
char * esc_for_log(const char *s)
int write_str_to_file(const char *fname, const char *str, int bin)
file_status_t file_status(const char *filename)
int tor_open_cloexec(const char *path, int flags, unsigned mode)
char * read_file_to_str_until_eof(int fd, size_t max_bytes_to_read, size_t *sz_out) ATTR_MALLOC
int replace_file(const char *from, const char *to)
int write_bytes_to_file(const char *fname, const char *str, size_t len, int bin)
int geoip_load_file(sa_family_t family, const char *filename, int severity)
int geoip_is_loaded(sa_family_t family)
Header file for geoip_stats.c.
int should_record_bridge_info(const or_options_t *options)
Header for gethostname.c.
void consider_hibernation(time_t now)
int we_are_hibernating(void)
Header file for hibernate.c.
int hs_config_client_auth_all(const or_options_t *options, int validate_only)
int hs_config_service_all(const or_options_t *options, int validate_only)
Header file containing configuration ABI/API for the HS subsystem.
int hs_service_load_all_keys(void)
int string_is_key_value(int severity, const char *string)
const char * tor_libc_get_name(void)
const char * tor_libc_get_header_version_str(void)
const char * tor_libc_get_version_str(void)
Header for lib/osinfo/libc.c.
int add_file_log(const log_severity_list_t *severity, const char *filename, int fd)
void flush_log_messages_from_startup(void)
void mark_logs_temp(void)
void rollback_log_changes(void)
void logs_set_pending_callback_callback(pending_callback_callback cb)
int add_callback_log(const log_severity_list_t *severity, log_callback cb)
int get_min_log_level(void)
void set_log_time_granularity(int granularity_msec)
void tor_log_update_sigsafe_err_fds(void)
void add_stream_log(const log_severity_list_t *severity, const char *name, int fd)
void logs_set_domain_logging(int enabled)
int parse_log_severity_config(const char **cfg_ptr, log_severity_list_t *severity_out)
void close_temp_logs(void)
#define log_fn(severity, domain, args,...)
int try_locking(const or_options_t *options, int err_if_locked)
void note_that_we_maybe_cant_complete_circuits(void)
void tor_shutdown_event_loop_and_exit(int exitcode)
void reset_main_loop_counters(void)
int tor_event_loop_shutdown_is_pending(void)
Header file for mainloop.c.
int get_total_system_memory(size_t *mem_out)
int metrics_parse_ports(or_options_t *options, smartlist_t *ports, char **err_msg_out)
Header for feature/metrics/metrics.c.
int net_is_disabled(void)
networkstatus_t * networkstatus_get_latest_consensus(void)
void update_consensus_networkstatus_fetch_time(time_t now)
Header file for networkstatus.c.
int is_legal_nickname(const char *s)
Header file for nickname.c.
void router_dir_info_changed(void)
Header file for nodelist.c.
int compute_num_cpus(void)
Master header file for Tor-specific functionality.
addressmap_entry_source_t
#define SESSION_GROUP_UNSET
@ TCP_PROXY_PROTOCOL_HAPROXY
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
double tor_parse_double(const char *s, double min, double max, int *ok, char **next)
char * expand_filename(const char *filename)
int path_is_relative(const char *filename)
char * make_path_absolute(const char *fname)
int write_pidfile(const char *filename)
int policies_parse_from_options(const or_options_t *options)
int validate_addr_policies(const or_options_t *options, char **msg)
Header file for policies.c.
Listener port configuration structure.
int tor_asprintf(char **strp, const char *fmt,...)
int tor_snprintf(char *str, size_t size, const char *format,...)
void tor_disable_spawning_background_processes(void)
int tor_validate_process_specifier(const char *process_spec, const char **msg)
quiet_level_t quiet_level
void add_default_log_for_quiet_level(quiet_level_t quiet)
int options_act_relay_bandwidth(const or_options_t *old_options)
int options_validate_relay_padding(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_relay_stats(const or_options_t *old_options, bool *print_notice_out)
void port_update_port_set_relay(or_options_t *options, const smartlist_t *ports)
int options_act_relay(const or_options_t *old_options)
int options_validate_relay_accounting(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_relay_bandwidth(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_relay_os(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_relay_dir(const or_options_t *old_options)
void port_warn_nonlocal_ext_orports(const smartlist_t *ports, const char *portname)
int port_parse_ports_relay(or_options_t *options, char **msg, smartlist_t *ports_out, int *have_low_ports_out)
int options_act_relay_accounting(const or_options_t *old_options)
void options_act_relay_stats_msg(void)
int options_validate_relay_info(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_publish_server(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_relay_dos(const or_options_t *old_options)
int options_act_relay_desc(const or_options_t *old_options)
int options_act_bridge_stats(const or_options_t *old_options)
int options_validate_relay_testing(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_relay_mode(const or_options_t *old_options, or_options_t *options, char **msg)
Header for feature/relay/relay_config.c.
int tor_addr_port_lookup(const char *s, tor_addr_t *addr_out, uint16_t *port_out)
int set_max_file_descriptors(rlim_t limit, int *max_out)
int tor_disable_debugger_attach(void)
uint16_t router_get_active_listener_port_by_type_af(int listener_type, sa_family_t family)
void refresh_all_country_info(void)
Header file for routerlist.c.
int public_server_mode(const or_options_t *options)
int server_mode(const or_options_t *options)
Header file for routermode.c.
int routerset_needs_geoip(const routerset_t *set)
int routerset_equal(const routerset_t *old, const routerset_t *new)
int routerset_is_list(const routerset_t *set)
int routerset_add_unknown_ccs(routerset_t **setp, int only_if_some_cc_set)
int routerset_parse(routerset_t *target, const char *s, const char *description)
int routerset_len(const routerset_t *set)
routerset_t * routerset_new(void)
void routerset_union(routerset_t *target, const routerset_t *source)
Header file for routerset.c.
int sandbox_is_active(void)
Header file for sandbox.c.
void scheduler_conf_changed(void)
Header file for scheduler*.c.
int switch_id(const char *user, const unsigned flags)
#define SWITCH_ID_WARN_IF_NO_CAPS
#define SWITCH_ID_KEEP_BINDLOW
static const char default_fname[]
int smartlist_strings_eq(const smartlist_t *sl1, const smartlist_t *sl2)
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
void smartlist_del_keeporder(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
void check_network_configuration(bool server_mode)
int get_n_open_sockets(void)
int or_state_loaded(void)
unsigned int cache_ipv4_answers
unsigned int socks_iso_keep_alive
unsigned int use_cached_ipv4_answers
unsigned int prefer_ipv6_virtaddr
unsigned int socks_prefer_no_auth
unsigned int extended_socks5_codes
smartlist_t * new_listeners
struct config_line_t * ControlPort_lines
tor_addr_t Socks4ProxyAddr
struct config_line_t * MyFamily
struct config_line_t * NATDPort_lines
int DirReqStatistics_option
struct config_line_t * AlternateBridgeAuthority
tor_addr_t HTTPSProxyAddr
int ConnLimit_high_thresh
struct routerset_t * ExcludeExitNodes
int TestingEnableConnBwEvent
struct config_line_t * OutboundBindAddressExit
struct config_line_t * DNSPort_lines
char * BridgePassword_AuthDigest_
uint64_t MaxMemInQueues_low_threshold
struct smartlist_t * RejectPlaintextPorts
struct config_line_t * Logs
struct routerset_t * ExcludeExitNodesUnion_
int TestingDirConnectionMaxStall
int ClientBootstrapConsensusMaxInProgressTries
struct smartlist_t * WarnPlaintextPorts
struct smartlist_t * TrackHostExits
struct smartlist_t * FirewallPorts
int TestingClientMaxIntervalWithoutRequest
struct smartlist_t * Schedulers
tcp_proxy_protocol_t TCPProxyProtocol
int FetchDirInfoExtraEarly
struct config_line_t * ClientTransportPlugin
struct config_line_t * OutboundBindAddressPT
struct smartlist_t * SchedulerTypes_
struct config_line_t * DirAuthorities
struct config_line_t * Bridges
int ControlSocketsGroupWritable
uint64_t OwningControllerFD
double KISTSockBufSizeFactor
struct config_line_t * ControlSocket
struct config_line_t * OutboundBindAddress
int UseDefaultFallbackDirs
struct config_line_t * AlternateDirAuthority
int DataDirectoryGroupReadable
int CacheDirectoryGroupReadable
int KeyDirectoryGroupReadable
char * KeyDirectory_option
struct smartlist_t * NodeFamilySets
uint64_t ConstrainedSockSize
struct config_line_t * AddressMap
struct smartlist_t * FilesOpenedByIncludes
int HiddenServiceStatistics_option
char * HTTPProxyAuthenticator
struct config_line_t * HashedControlPassword
int TokenBucketRefillInterval
int LearnCircuitBuildTimeout
struct config_line_t * FallbackDir
struct routerset_t * EntryNodes
int HiddenServiceStatistics
int UsingTestNetworkDefaults_
int UnixSocksGroupWritable
struct config_line_t * NodeFamilies
char * VirtualAddrNetworkIPv6
struct routerset_t * ExcludeNodes
char * OwningControllerProcess
struct config_line_t * ReachableORAddresses
char * Socks5ProxyUsername
struct config_line_t * HashedControlSessionPassword
char * Socks5ProxyPassword
int CookieAuthFileGroupReadable
int TestingEnableCellStatsEvent
struct routerset_t * ExitNodes
tor_addr_t Socks5ProxyAddr
struct config_line_t * ReachableDirAddresses
int MaxClientCircuitsPending
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
struct routerset_t * HSLayer2Nodes
char * CacheDirectory_option
struct config_line_t * OutboundBindAddressOR
int CircuitsAvailableTimeout
enum or_options_t::@2 TransProxyType_parsed
struct smartlist_t * AutomapHostsSuffixes
int ConnDirectionStatistics
char * VirtualAddrNetworkIPv4
int AutomapHostsOnResolve
char * HTTPSProxyAuthenticator
tor_cmdline_mode_t command
int DisableDebuggerAttachment
struct config_line_t * TransPort_lines
struct smartlist_t * LongLivedPorts
struct config_line_t * RendConfigLines
struct config_line_t * ReachableAddresses
int HiddenServiceSingleHopMode
double PathsNeededToBuildCircuits
int UseEntryGuards_option
struct config_line_t * HTTPTunnelPort_lines
char * DataDirectory_option
int ClientDNSRejectInternalAddresses
struct routerset_t * MiddleNodes
struct config_line_t * SocksPort_lines
struct routerset_t * HSLayer3Nodes
quiet_level_t quiet_level
struct config_line_t * cmdline_opts
struct config_line_t * other_opts
tor_cmdline_mode_t command
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
entry_port_cfg_t entry_cfg
const char * struct_var_get_typename(const struct_member_t *member)
Header for lib/confmgt/structvar.c.
int subsystems_set_options(const config_mgr_t *mgr, struct or_options_t *options)
void subsystems_prefork(void)
void subsystems_postfork(void)
void subsystems_dump_list(void)
int subsystems_register_options_formats(config_mgr_t *mgr)
#define MOCK_IMPL(rv, funcname, arglist)
const char * get_version(void)
int options_act_server_transport(const or_options_t *old_options)
int options_validate_server_transport(const or_options_t *old_options, or_options_t *options, char **msg)
Header for feature/relay/transport_config.c.
int pt_proxies_configuration_pending(void)
int transport_add_from_config(const tor_addr_t *addr, uint16_t port, const char *name, int socks_ver)
char * pt_stringify_socks_args(const smartlist_t *socks_args)
void pt_configure_remaining_proxies(void)
void sweep_proxy_list(void)
void mark_transport_list(void)
static smartlist_t * transport_list
void sweep_transport_list(void)
void pt_prepare_proxy_list_for_config_read(void)
Headers for transports.c.
const char * get_uname(void)
#define tor_assert_nonfatal_unreached()
int strcasecmpstart(const char *s1, const char *s2)
int strcmpstart(const char *s1, const char *s2)
const char * find_whitespace(const char *s)
int strcasecmpend(const char *s1, const char *s2)
int strcmp_opt(const char *s1, const char *s2)
const char * eat_whitespace(const char *s)
int string_is_C_identifier(const char *string)
int tor_digest_is_zero(const char *digest)