Tor  0.4.7.0-alpha-dev
or_options_st.h
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file or_options_st.h
9  *
10  * \brief The or_options_t structure, which represents Tor's configuration.
11  */
12 
13 #ifndef TOR_OR_OPTIONS_ST_H
14 #define TOR_OR_OPTIONS_ST_H
15 
16 #include "core/or/or.h"
17 #include "lib/cc/torint.h"
18 #include "lib/net/address.h"
20 
21 struct smartlist_t;
22 struct config_line_t;
23 struct config_suite_t;
24 struct routerset_t;
25 
26 /** Enumeration of outbound address configuration types:
27  * Exit-only, OR-only, PT-only, or any of them */
28 typedef enum {
29  /** Outbound IP address for Exit connections. Controlled by the
30  * `OutboundBindAddressExit` configuration entry in torrc. */
32 
33  /** Outbound IP address for OR connections. Controlled by the
34  * `OutboundBindAddressOR` configuration entry in torrc. */
36 
37  /** Outbound IP address for PT connections. Controlled by the
38  * `OutboundBindAddressPT` configuration entry in torrc. */
40 
41  /** Outbound IP address for any outgoing connections. Controlled by the
42  * OutboundBindAddress configuration entry in torrc. This value is used as
43  * fallback if the more specific OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR, and
44  * OUTBOUND_ADDR_PT are unset. */
46 
47  /** Max value for this enum. Must be the last element in this enum. */
50 
51 /** Which protocol to use for TCPProxy. */
52 typedef enum {
53  /** Use the HAProxy proxy protocol. */
56 
57 /** Enumeration of available time formats for output of --key-expiration */
58 typedef enum {
59  KEY_EXPIRATION_FORMAT_ISO8601 = 0,
60  KEY_EXPIRATION_FORMAT_TIMESTAMP
62 
63 /** Configuration options for a Tor process. */
64 struct or_options_t {
65  uint32_t magic_;
66 
67  /** What should the tor process actually do? */
69  char *command_arg; /**< Argument for command-line option. */
70 
71  struct config_line_t *Logs; /**< New-style list of configuration lines
72  * for logs */
73  int LogTimeGranularity; /**< Log resolution in milliseconds. */
74 
75  int LogMessageDomains; /**< Boolean: Should we log the domain(s) in which
76  * each log message occurs? */
77  int TruncateLogFile; /**< Boolean: Should we truncate the log file
78  before we start writing? */
79  char *SyslogIdentityTag; /**< Identity tag to add for syslog logging. */
80 
81  char *DebugLogFile; /**< Where to send verbose log messages. */
82  char *DataDirectory_option; /**< Where to store long-term data, as
83  * configured by the user. */
84  char *DataDirectory; /**< Where to store long-term data, as modified. */
85  int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */
86 
87  char *KeyDirectory_option; /**< Where to store keys, as
88  * configured by the user. */
89  char *KeyDirectory; /**< Where to store keys data, as modified. */
90  int KeyDirectoryGroupReadable; /**< Boolean: Is the KeyDirectory g+r? */
91 
92  char *CacheDirectory_option; /**< Where to store cached data, as
93  * configured by the user. */
94  char *CacheDirectory; /**< Where to store cached data, as modified. */
95  int CacheDirectoryGroupReadable; /**< Boolean: Is the CacheDirectory g+r? */
96 
97  char *Nickname; /**< OR only: nickname of this onion router. */
98  /** OR only: configured address for this onion router. Up to two times this
99  * options is accepted as in IPv4 and IPv6. */
101 
102  /** Boolean: If set, disable IPv6 address resolution, IPv6 ORPorts, IPv6
103  * reachability checks, and publishing an IPv6 ORPort in its descriptor. */
105 
106  char *PidFile; /**< Where to store PID of Tor process. */
107 
108  struct routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
109  * country codes and IP address patterns of ORs to
110  * consider as exits. */
111  struct routerset_t *MiddleNodes; /**< Structure containing nicknames,
112  * digests, country codes and IP address patterns
113  * of ORs to consider as middles. */
114  struct routerset_t *EntryNodes;/**< Structure containing nicknames, digests,
115  * country codes and IP address patterns of ORs to
116  * consider as entry points. */
117  int StrictNodes; /**< Boolean: When none of our EntryNodes or ExitNodes
118  * are up, or we need to access a node in ExcludeNodes,
119  * do we just fail instead? */
120  struct routerset_t *ExcludeNodes;/**< Structure containing nicknames,
121  * digests, country codes and IP address patterns
122  * of ORs not to use in circuits. But see
123  * StrictNodes above. */
124  struct routerset_t *ExcludeExitNodes;/**< Structure containing nicknames,
125  * digests, country codes and IP address
126  * patterns of ORs not to consider as
127  * exits. */
128 
129  /** Union of ExcludeNodes and ExcludeExitNodes */
130  struct routerset_t *ExcludeExitNodesUnion_;
131 
132  int DisableAllSwap; /**< Boolean: Attempt to call mlockall() on our
133  * process for all current and future memory. */
134 
135  struct config_line_t *ExitPolicy; /**< Lists of exit policy components. */
136  int ExitPolicyRejectPrivate; /**< Should we not exit to reserved private
137  * addresses, and our own published addresses?
138  */
139  int ExitPolicyRejectLocalInterfaces; /**< Should we not exit to local
140  * interface addresses?
141  * Includes OutboundBindAddresses and
142  * configured ports. */
143  int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */
144  struct config_line_t *SocksPolicy; /**< Lists of socks policy components */
145  struct config_line_t *DirPolicy; /**< Lists of dir policy components */
146  /** Local address to bind outbound sockets */
148  /** Local address to bind outbound relay sockets */
150  /** Local address to bind outbound exit sockets */
152  /** Local address to bind outbound PT sockets */
154  /** Addresses derived from the various OutboundBindAddress lines.
155  * [][0] is IPv4, [][1] is IPv6
156  */
158  /** Whether dirservers allow router descriptors with private IPs. */
160  /** Whether routers accept EXTEND cells to routers with private IPs. */
162  char *User; /**< Name of user to run Tor as. */
163  /** Ports to listen on for OR connections. */
165  /** Ports to listen on for extended OR connections. */
167  /** Ports to listen on for Metrics connections. */
169  /** Ports to listen on for SOCKS connections. */
171  /** Ports to listen on for transparent pf/netfilter connections. */
173  char *TransProxyType; /**< What kind of transparent proxy
174  * implementation are we using? */
175  /** Parsed value of TransProxyType. */
176  enum {
177  TPT_DEFAULT,
178  TPT_PF_DIVERT,
179  TPT_IPFW,
180  TPT_TPROXY,
182  /** Ports to listen on for transparent natd connections. */
184  /** Ports to listen on for HTTP Tunnel connections. */
186  struct config_line_t *ControlPort_lines; /**< Ports to listen on for control
187  * connections. */
188  /** List of Unix Domain Sockets to listen on for control connections. */
190 
191  int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */
192  int UnixSocksGroupWritable; /**< Boolean: Are SOCKS Unix sockets g+rw? */
193  /** Ports to listen on for directory connections. */
195  /** Ports to listen on for DNS requests. */
197 
198  /* MaxMemInQueues value as input by the user. We clean this up to be
199  * MaxMemInQueues. */
200  uint64_t MaxMemInQueues_raw;
201  uint64_t MaxMemInQueues;/**< If we have more memory than this allocated
202  * for queues and buffers, run the OOM handler */
203  /** Above this value, consider ourselves low on RAM. */
205 
206  /** @name port booleans
207  *
208  * Derived booleans: For server ports and ControlPort, true iff there is a
209  * non-listener port on an AF_INET or AF_INET6 address of the given type
210  * configured in one of the _lines options above.
211  * For client ports, also true if there is a unix socket configured.
212  * If you are checking for client ports, you may want to use:
213  * SocksPort_set || TransPort_set || NATDPort_set || DNSPort_set ||
214  * HTTPTunnelPort_set
215  * rather than SocksPort_set.
216  *
217  * @{
218  */
219  unsigned int ORPort_set : 1;
220  unsigned int SocksPort_set : 1;
221  unsigned int TransPort_set : 1;
222  unsigned int NATDPort_set : 1;
223  unsigned int ControlPort_set : 1;
224  unsigned int DirPort_set : 1;
225  unsigned int DNSPort_set : 1;
226  unsigned int ExtORPort_set : 1;
227  unsigned int HTTPTunnelPort_set : 1;
228  unsigned int MetricsPort_set : 1;
229  /**@}*/
230 
231  /** Whether to publish our descriptor regardless of all our self-tests
232  */
234  /** Whether to publish our descriptor regardless of IPv6 self-tests.
235  *
236  * This is an autobool; when set to AUTO, it uses AssumeReachable.
237  **/
239  int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
240  int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
241  * for version 3 directories? */
242  int BridgeAuthoritativeDir; /**< Boolean: is this an authoritative directory
243  * that aggregates bridge descriptors? */
244 
245  /** If set on a bridge relay, it will include this value on a new
246  * "bridge-distribution-request" line in its bridge descriptor. */
248 
249  /** If set on a bridge authority, it will answer requests on its dirport
250  * for bridge statuses -- but only if the requests use this password. */
252  /** If BridgePassword is set, this is a SHA256 digest of the basic http
253  * authenticator for it. Used so we can do a time-independent comparison. */
255 
256  int UseBridges; /**< Boolean: should we start all circuits with a bridge? */
257  struct config_line_t *Bridges; /**< List of bootstrap bridge addresses. */
258 
259  struct config_line_t *ClientTransportPlugin; /**< List of client
260  transport plugins. */
261 
262  struct config_line_t *ServerTransportPlugin; /**< List of client
263  transport plugins. */
264 
265  /** List of TCP/IP addresses that transports should listen at. */
267 
268  /** List of options that must be passed to pluggable transports. */
270 
271  int BridgeRelay; /**< Boolean: are we acting as a bridge relay? We make
272  * this explicit so we can change how we behave in the
273  * future. */
274 
275  /** Boolean: if we know the bridge's digest, should we get new
276  * descriptors from the bridge authorities or from the bridge itself? */
278 
279  int AvoidDiskWrites; /**< Boolean: should we never cache things to disk?
280  * Not used yet. */
281  int ClientOnly; /**< Boolean: should we never evolve into a server role? */
282 
283  int ReducedConnectionPadding; /**< Boolean: Should we try to keep connections
284  open shorter and pad them less against
285  connection-level traffic analysis? */
286  /** Autobool: if auto, then connection padding will be negotiated by client
287  * and server. If 0, it will be fully disabled. If 1, the client will still
288  * pad to the server regardless of server support. */
290 
291  /** Boolean: if true, then circuit padding will be negotiated by client
292  * and server, subject to consenus limits (default). If 0, it will be fully
293  * disabled. */
295 
296  /** Boolean: if true, then this client will only use circuit padding
297  * algorithms that are known to use a low amount of overhead. If false,
298  * we will use all available circuit padding algorithms.
299  */
301 
302  /** To what authority types do we publish our descriptor? Choices are
303  * "v1", "v2", "v3", "bridge", or "". */
305  /** A bitfield of authority types, derived from PublishServerDescriptor. */
307  /** Boolean: do we publish hidden service descriptors to the HS auths? */
309  int FetchServerDescriptors; /**< Do we fetch server descriptors as normal? */
310  int FetchHidServDescriptors; /**< and hidden service descriptors? */
311 
312  int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */
313  int AllDirActionsPrivate; /**< Should every directory action be sent
314  * through a Tor circuit? */
315 
316  /** A routerset that should be used when picking middle nodes for HS
317  * circuits. */
318  struct routerset_t *HSLayer2Nodes;
319 
320  /** A routerset that should be used when picking third-hop nodes for HS
321  * circuits. */
322  struct routerset_t *HSLayer3Nodes;
323 
324  /** Onion Services in HiddenServiceSingleHopMode make one-hop (direct)
325  * circuits between the onion service server, and the introduction and
326  * rendezvous points. (Onion service descriptors are still posted using
327  * 3-hop paths, to avoid onion service directories blocking the service.)
328  * This option makes every hidden service instance hosted by
329  * this tor instance a Single Onion Service.
330  * HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be
331  * set to 1.
332  * Use rend_service_allow_non_anonymous_connection() or
333  * rend_service_reveal_startup_time() instead of using this option directly.
334  */
336  /* Makes hidden service clients and servers non-anonymous on this tor
337  * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables
338  * non-anonymous behaviour in the hidden service protocol.
339  * Use hs_service_non_anonymous_mode_enabled() instead of using this option
340  * directly.
341  */
342  int HiddenServiceNonAnonymousMode;
343 
344  int ConnLimit; /**< Demanded minimum number of simultaneous connections. */
345  int ConnLimit_; /**< Maximum allowed number of simultaneous connections. */
346  int ConnLimit_high_thresh; /**< start trying to lower socket usage if we
347  * have this many. */
348  int ConnLimit_low_thresh; /**< try to get down to here after socket
349  * exhaustion. */
350  int RunAsDaemon; /**< If true, run in the background. (Unix only) */
351  int FascistFirewall; /**< Whether to prefer ORs reachable on open ports. */
352  struct smartlist_t *FirewallPorts; /**< Which ports our firewall allows
353  * (strings). */
354  /** IP:ports our firewall allows. */
356  struct config_line_t *ReachableORAddresses; /**< IP:ports for OR conns. */
357  struct config_line_t *ReachableDirAddresses; /**< IP:ports for Dir conns. */
358 
359  int ConstrainedSockets; /**< Shrink xmit and recv socket buffers. */
360  uint64_t ConstrainedSockSize; /**< Size of constrained buffers. */
361 
362  /** Whether we should drop exit streams from Tors that we don't know are
363  * relays. One of "0" (never refuse), "1" (always refuse), or "-1" (do
364  * what the consensus says, defaulting to 'refuse' if the consensus says
365  * nothing). */
367 
368  /** Application ports that require all nodes in circ to have sufficient
369  * uptime. */
371  /** Application ports that are likely to be unencrypted and
372  * unauthenticated; we reject requests for them to prevent the
373  * user from screwing up and leaking plaintext secrets to an
374  * observer somewhere on the Internet. */
376  /** Related to RejectPlaintextPorts above, except this config option
377  * controls whether we warn (in the log and via a controller status
378  * event) every time a risky connection is attempted. */
380  /** Should we try to reuse the same exit node for a given host */
382  int TrackHostExitsExpire; /**< Number of seconds until we expire an
383  * addressmap */
384  struct config_line_t *AddressMap; /**< List of address map directives. */
385  int AutomapHostsOnResolve; /**< If true, when we get a resolve request for a
386  * hostname ending with one of the suffixes in
387  * <b>AutomapHostsSuffixes</b>, map it to a
388  * virtual address. */
389  /** List of suffixes for <b>AutomapHostsOnResolve</b>. The special value
390  * "." means "match everything." */
392  int RendPostPeriod; /**< How often do we post each rendezvous service
393  * descriptor? Remember to publish them independently. */
394  int KeepalivePeriod; /**< How often do we send padding cells to keep
395  * connections alive? */
396  int SocksTimeout; /**< How long do we let a socks connection wait
397  * unattached before we fail it? */
398  int LearnCircuitBuildTimeout; /**< If non-zero, we attempt to learn a value
399  * for CircuitBuildTimeout based on timeout
400  * history. Use circuit_build_times_disabled()
401  * rather than checking this value directly. */
402  int CircuitBuildTimeout; /**< Cull non-open circuits that were born at
403  * least this many seconds ago. Used until
404  * adaptive algorithm learns a new value. */
405  int CircuitsAvailableTimeout; /**< Try to have an open circuit for at
406  least this long after last activity */
407  int CircuitStreamTimeout; /**< If non-zero, detach streams from circuits
408  * and try a new circuit if the stream has been
409  * waiting for this many seconds. If zero, use
410  * our default internal timeout schedule. */
411  int MaxOnionQueueDelay; /*< DOCDOC */
412  int NewCircuitPeriod; /**< How long do we use a circuit before building
413  * a new one? */
414  int MaxCircuitDirtiness; /**< Never use circs that were first used more than
415  this interval ago. */
416  uint64_t BandwidthRate; /**< How much bandwidth, on average, are we willing
417  * to use in a second? */
418  uint64_t BandwidthBurst; /**< How much bandwidth, at maximum, are we willing
419  * to use in a second? */
420  uint64_t MaxAdvertisedBandwidth; /**< How much bandwidth are we willing to
421  * tell other nodes we have? */
422  uint64_t RelayBandwidthRate; /**< How much bandwidth, on average, are we
423  * willing to use for all relayed conns? */
424  uint64_t RelayBandwidthBurst; /**< How much bandwidth, at maximum, will we
425  * use in a second for all relayed conns? */
426  uint64_t PerConnBWRate; /**< Long-term bw on a single TLS conn, if set. */
427  uint64_t PerConnBWBurst; /**< Allowed burst on a single TLS conn, if set. */
428  int NumCPUs; /**< How many CPUs should we try to use? */
429  struct config_line_t *RendConfigLines; /**< List of configuration lines
430  * for rendezvous services. */
431  char *ClientOnionAuthDir; /**< Directory to keep client
432  * onion service authorization secret keys */
433  char *ContactInfo; /**< Contact info to be published in the directory. */
434 
435  int HeartbeatPeriod; /**< Log heartbeat messages after this many seconds
436  * have passed. */
437  int MainloopStats; /**< Log main loop statistics as part of the
438  * heartbeat messages. */
439 
440  char *HTTPProxy; /**< hostname[:port] to use as http proxy, if any. */
441  tor_addr_t HTTPProxyAddr; /**< Parsed IPv4 addr for http proxy, if any. */
442  uint16_t HTTPProxyPort; /**< Parsed port for http proxy, if any. */
443  char *HTTPProxyAuthenticator; /**< username:password string, if any. */
444 
445  char *HTTPSProxy; /**< hostname[:port] to use as https proxy, if any. */
446  tor_addr_t HTTPSProxyAddr; /**< Parsed addr for https proxy, if any. */
447  uint16_t HTTPSProxyPort; /**< Parsed port for https proxy, if any. */
448  char *HTTPSProxyAuthenticator; /**< username:password string, if any. */
449 
450  char *Socks4Proxy; /**< hostname:port to use as a SOCKS4 proxy, if any. */
451  tor_addr_t Socks4ProxyAddr; /**< Derived from Socks4Proxy. */
452  uint16_t Socks4ProxyPort; /**< Derived from Socks4Proxy. */
453 
454  char *Socks5Proxy; /**< hostname:port to use as a SOCKS5 proxy, if any. */
455  tor_addr_t Socks5ProxyAddr; /**< Derived from Sock5Proxy. */
456  uint16_t Socks5ProxyPort; /**< Derived from Socks5Proxy. */
457  char *Socks5ProxyUsername; /**< Username for SOCKS5 authentication, if any */
458  char *Socks5ProxyPassword; /**< Password for SOCKS5 authentication, if any */
459 
460  char *TCPProxy; /**< protocol and hostname:port to use as a proxy, if any. */
461  tcp_proxy_protocol_t TCPProxyProtocol; /**< Derived from TCPProxy. */
462  tor_addr_t TCPProxyAddr; /**< Derived from TCPProxy. */
463  uint16_t TCPProxyPort; /**< Derived from TCPProxy. */
464 
465  /** List of configuration lines for replacement directory authorities.
466  * If you just want to replace one class of authority at a time,
467  * use the "Alternate*Authority" options below instead. */
469 
470  /** List of fallback directory servers */
472  /** Whether to use the default hard-coded FallbackDirs */
474 
475  /** Weight to apply to all directory authority rates if considering them
476  * along with fallbackdirs */
478 
479  /** If set, use these main (currently v3) directory authorities and
480  * not the default ones. */
482 
483  /** If set, use these bridge authorities and not the default one. */
485 
486  struct config_line_t *MyFamily_lines; /**< Declared family for this OR. */
487  struct config_line_t *MyFamily; /**< Declared family for this OR,
488  normalized */
489  struct config_line_t *NodeFamilies; /**< List of config lines for
490  * node families */
491  /** List of parsed NodeFamilies values. */
493  struct config_line_t *AuthDirBadExit; /**< Address policy for descriptors to
494  * mark as bad exits. */
495  struct config_line_t *AuthDirReject; /**< Address policy for descriptors to
496  * reject. */
497  struct config_line_t *AuthDirInvalid; /**< Address policy for descriptors to
498  * never mark as valid. */
499  /** @name AuthDir...CC
500  *
501  * Lists of country codes to mark as BadExit, or Invalid, or to
502  * reject entirely.
503  *
504  * @{
505  */
506  struct smartlist_t *AuthDirBadExitCCs;
507  struct smartlist_t *AuthDirInvalidCCs;
508  struct smartlist_t *AuthDirRejectCCs;
509  /**@}*/
510 
511  char *AccountingStart; /**< How long is the accounting interval, and when
512  * does it start? */
513  uint64_t AccountingMax; /**< How many bytes do we allow per accounting
514  * interval before hibernation? 0 for "never
515  * hibernate." */
516  /** How do we determine when our AccountingMax has been reached?
517  * "max" for when in or out reaches AccountingMax
518  * "sum" for when in plus out reaches AccountingMax
519  * "in" for when in reaches AccountingMax
520  * "out" for when out reaches AccountingMax */
522  enum { ACCT_MAX, ACCT_SUM, ACCT_IN, ACCT_OUT } AccountingRule;
523 
524  /** Base64-encoded hash of accepted passwords for the control system. */
526  /** As HashedControlPassword, but not saved. */
528 
529  int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
530  * the control system? */
531  char *CookieAuthFile; /**< Filesystem location of a ControlPort
532  * authentication cookie. */
533  char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
534  * ORPort authentication cookie. */
535  int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
536  int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the
537  * ExtORPortCookieAuthFile g+r? */
538  int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
539  * circuits itself (0), or does it expect a controller
540  * to cope? (1) */
541  int DisablePredictedCircuits; /**< Boolean: does Tor preemptively
542  * make circuits in the background (0),
543  * or not (1)? */
544 
545  /** Process specifier for a controller that ‘owns’ this Tor
546  * instance. Tor will terminate if its owning controller does. */
548  /** FD specifier for a controller that owns this Tor instance. */
550 
551  int ShutdownWaitLength; /**< When we get a SIGINT and we're a server, how
552  * long do we wait before exiting? */
553  char *SafeLogging; /**< Contains "relay", "1", "0" (meaning no scrubbing). */
554 
555  /* Derived from SafeLogging */
556  enum {
557  SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE
558  } SafeLogging_;
559 
560  int Sandbox; /**< Boolean: should sandboxing be enabled? */
561  int SafeSocks; /**< Boolean: should we outright refuse application
562  * connections that use socks4 or socks5-with-local-dns? */
563  int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor
564  * protocol, is it a warn or an info in our logs? */
565  int TestSocks; /**< Boolean: when we get a socks connection, do we loudly
566  * log whether it was DNS-leaking or not? */
567  /** Token Bucket Refill resolution in milliseconds. */
569 
570  /** Boolean: Do we try to enter from a smallish number
571  * of fixed nodes? */
573  /** Internal variable to remember whether we're actually acting on
574  * UseEntryGuards_option -- when we're a non-anonymous Single Onion Service,
575  * it is always false, otherwise we use the value of UseEntryGuards_option.
576  * */
578 
579  int NumEntryGuards; /**< How many entry guards do we try to establish? */
580 
581  /** If 1, we use any guardfraction information we see in the
582  * consensus. If 0, we don't. If -1, let the consensus parameter
583  * decide. */
585 
586  int NumDirectoryGuards; /**< How many dir guards do we try to establish?
587  * If 0, use value from NumEntryGuards. */
588  int NumPrimaryGuards; /**< How many primary guards do we want? */
589 
590  int RephistTrackTime; /**< How many seconds do we keep rephist info? */
591  /** Should we always fetch our dir info on the mirror schedule (which
592  * means directly from the authorities) no matter our other config? */
594 
595  /** Should we fetch our dir info at the start of the consensus period? */
597 
598  int DirCache; /**< Cache all directory documents and accept requests via
599  * tunnelled dir conns from clients. If 1, enabled (default);
600  * If 0, disabled. Use dir_server_mode() rather than
601  * referencing this option directly. (Except for routermode
602  * and relay_config, which do direct checks.) */
603 
604  char *VirtualAddrNetworkIPv4; /**< Address and mask to hand out for virtual
605  * MAPADDRESS requests for IPv4 addresses */
606  char *VirtualAddrNetworkIPv6; /**< Address and mask to hand out for virtual
607  * MAPADDRESS requests for IPv6 addresses */
608  int ServerDNSSearchDomains; /**< Boolean: If set, we don't force exit
609  * addresses to be FQDNs, but rather search for them in
610  * the local domains. */
611  int ServerDNSDetectHijacking; /**< Boolean: If true, check for DNS failure
612  * hijacking. */
613  int ServerDNSRandomizeCase; /**< Boolean: Use the 0x20-hack to prevent
614  * DNS poisoning attacks. */
615  char *ServerDNSResolvConfFile; /**< If provided, we configure our internal
616  * resolver from the file here rather than from
617  * /etc/resolv.conf (Unix) or the registry (Windows). */
618  char *DirPortFrontPage; /**< This is a full path to a file with an html
619  disclaimer. This allows a server administrator to show
620  that they're running Tor and anyone visiting their server
621  will know this without any specialized knowledge. */
622  int DisableDebuggerAttachment; /**< Currently Linux only specific attempt to
623  disable ptrace; needs BSD testing. */
624  /** Boolean: if set, we start even if our resolv.conf file is missing
625  * or broken. */
627  /** Boolean: if set, then even connections to private addresses will get
628  * rate-limited. */
630  /** A list of addresses that definitely should be resolvable. Used for
631  * testing our DNS server. */
633  int EnforceDistinctSubnets; /**< If true, don't allow multiple routers in the
634  * same network zone in the same circuit. */
635  int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames
636  * with weird characters. */
637  /** If true, we try resolving hostnames with weird characters. */
639 
640  /** If true, we try to download extra-info documents (and we serve them,
641  * if we are a cache). For authorities, this is always true. */
643 
644  /** If true, we're configured to collect statistics on clients
645  * requesting network statuses from us as directory. */
647  /** Internal variable to remember whether we're actually acting on
648  * DirReqStatistics_option -- yes if it's set and we're a server, else no. */
650 
651  /** If true, the user wants us to collect statistics on port usage. */
653 
654  /** If true, the user wants us to collect connection statistics. */
656 
657  /** If true, the user wants us to collect cell statistics. */
659 
660  /** If true, the user wants us to collect padding statistics. */
662 
663  /** If true, the user wants us to collect statistics as entry node. */
665 
666  /** If true, the user wants us to collect statistics as hidden service
667  * directory, introduction point, or rendezvous point. */
669  /** Internal variable to remember whether we're actually acting on
670  * HiddenServiceStatistics_option -- yes if it's set and we're a server,
671  * else no. */
673 
674  /** If true, include statistics file contents in extra-info documents. */
676 
677  /** If true, include overload statistics in extra-info documents. */
679 
680  /** If true, do not believe anybody who tells us that a domain resolves
681  * to an internal address, or that an internal address has a PTR mapping.
682  * Helps avoid some cross-site attacks. */
684 
685  /** If true, do not accept any requests to connect to internal addresses
686  * over randomly chosen exits. */
688 
689  /** If true, clients may connect over IPv4. If false, they will avoid
690  * connecting over IPv4. We enforce this for OR and Dir connections. */
692  /** If true, clients may connect over IPv6. If false, they will avoid
693  * connecting over IPv4. We enforce this for OR and Dir connections.
694  * Use reachable_addr_use_ipv6() instead of accessing this value
695  * directly. */
697  /** If true, prefer an IPv6 OR port over an IPv4 one for entry node
698  * connections. If auto, bridge clients prefer IPv6, and other clients
699  * prefer IPv4. Use node_ipv6_or_preferred() instead of accessing this value
700  * directly. */
702  /** If true, prefer an IPv6 directory port over an IPv4 one for direct
703  * directory connections. If auto, bridge clients prefer IPv6, and other
704  * clients prefer IPv4. Use reachable_addr_prefer_ipv6_dirport() instead of
705  * accessing this value directly. */
707 
708  /** The length of time that we think a consensus should be fresh. */
710  /** The length of time we think it will take to distribute votes. */
712  /** The length of time we think it will take to distribute signatures. */
714  /** The number of intervals we think a consensus should be valid. */
716 
717  /** Should advertise and sign consensuses with a legacy key, for key
718  * migration purposes? */
720 
721  /** Location of bandwidth measurement file */
723 
724  /** Location of guardfraction file */
726 
727  /** The length of time that we think an initial consensus should be fresh.
728  * Only altered on testing networks. */
730 
731  /** The length of time we think it will take to distribute initial votes.
732  * Only altered on testing networks. */
734 
735  /** The length of time we think it will take to distribute initial
736  * signatures. Only altered on testing networks.*/
738 
739  /** Offset in seconds added to the starting time for consensus
740  voting. Only altered on testing networks. */
742 
743  /** Schedule for when servers should download things in general. Only
744  * altered on testing networks. */
746 
747  /** Schedule for when clients should download things in general. Only
748  * altered on testing networks. */
750 
751  /** Schedule for when servers should download consensuses. Only altered
752  * on testing networks. */
754 
755  /** Schedule for when clients should download consensuses. Only altered
756  * on testing networks. */
758 
759  /** Schedule for when clients should download consensuses from authorities
760  * if they are bootstrapping (that is, they don't have a usable, reasonably
761  * live consensus). Only used by clients fetching from a list of fallback
762  * directory mirrors.
763  *
764  * This schedule is incremented by (potentially concurrent) connection
765  * attempts, unlike other schedules, which are incremented by connection
766  * failures. Only altered on testing networks. */
768 
769  /** Schedule for when clients should download consensuses from fallback
770  * directory mirrors if they are bootstrapping (that is, they don't have a
771  * usable, reasonably live consensus). Only used by clients fetching from a
772  * list of fallback directory mirrors.
773  *
774  * This schedule is incremented by (potentially concurrent) connection
775  * attempts, unlike other schedules, which are incremented by connection
776  * failures. Only altered on testing networks. */
778 
779  /** Schedule for when clients should download consensuses from authorities
780  * if they are bootstrapping (that is, they don't have a usable, reasonably
781  * live consensus). Only used by clients which don't have or won't fetch
782  * from a list of fallback directory mirrors.
783  *
784  * This schedule is incremented by (potentially concurrent) connection
785  * attempts, unlike other schedules, which are incremented by connection
786  * failures. Only altered on testing networks. */
788 
789  /** Schedule for when clients should download bridge descriptors. Only
790  * altered on testing networks. */
792 
793  /** Schedule for when clients should download bridge descriptors when they
794  * have no running bridges. Only altered on testing networks. */
796 
797  /** When directory clients have only a few descriptors to request, they
798  * batch them until they have more, or until this amount of time has
799  * passed. Only altered on testing networks. */
801 
802  /** How long do we let a directory connection stall before expiring
803  * it? Only altered on testing networks. */
805 
806  /** How many simultaneous in-progress connections will we make when trying
807  * to fetch a consensus before we wait for one to complete, timeout, or
808  * error out? Only altered on testing networks. */
810 
811  /** If true, we take part in a testing network. Change the defaults of a
812  * couple of other configuration options and allow to change the values
813  * of certain configuration options. */
815 
816  /** Enable CONN_BW events. Only altered on testing networks. */
818 
819  /** Enable CELL_STATS events. Only altered on testing networks. */
821 
822  /** If true, and we have GeoIP data, and we're a bridge, keep a per-country
823  * count of how many client addresses have contacted us so that we can help
824  * the bridge authority guess which countries have blocked access to us. */
826 
827  /** Optionally, IPv4 and IPv6 GeoIP data. */
828  char *GeoIPFile;
829  char *GeoIPv6File;
830 
831  /** Autobool: if auto, then any attempt to Exclude{Exit,}Nodes a particular
832  * country code will exclude all nodes in ?? and A1. If true, all nodes in
833  * ?? and A1 are excluded. Has no effect if we don't know any GeoIP data. */
835 
836  /** If true, SIGHUP should reload the torrc. Sometimes controllers want
837  * to make this false. */
839 
840  /** The main parameter for picking circuits within a connection.
841  *
842  * If this value is positive, when picking a cell to relay on a connection,
843  * we always relay from the circuit whose weighted cell count is lowest.
844  * Cells are weighted exponentially such that if one cell is sent
845  * 'CircuitPriorityHalflife' seconds before another, it counts for half as
846  * much.
847  *
848  * If this value is zero, we're disabling the cell-EWMA algorithm.
849  *
850  * If this value is negative, we're using the default approach
851  * according to either Tor or a parameter set in the consensus.
852  */
854 
855  /** Set to true if the TestingTorNetwork configuration option is set.
856  * This is used so that options_validate() has a chance to realize that
857  * the defaults have changed. */
859 
860  /** If 1, we try to use microdescriptors to build circuits. If 0, we don't.
861  * If -1, Tor decides. */
863 
864  /** File where we should write the ControlPort. */
866  /** Should that file be group-readable? */
868 
869 #define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024
870  /** Maximum number of non-open general-purpose origin circuits to allow at
871  * once. */
873 
874  /** If 1, we accept and launch no external network connections, except on
875  * control ports. */
877 
878  /**
879  * Parameters for path-bias detection.
880  * @{
881  * These options override the default behavior of Tor's (**currently
882  * experimental**) path bias detection algorithm. To try to find broken or
883  * misbehaving guard nodes, Tor looks for nodes where more than a certain
884  * fraction of circuits through that guard fail to get built.
885  *
886  * The PathBiasCircThreshold option controls how many circuits we need to
887  * build through a guard before we make these checks. The
888  * PathBiasNoticeRate, PathBiasWarnRate and PathBiasExtremeRate options
889  * control what fraction of circuits must succeed through a guard so we
890  * won't write log messages. If less than PathBiasExtremeRate circuits
891  * succeed *and* PathBiasDropGuards is set to 1, we disable use of that
892  * guard.
893  *
894  * When we have seen more than PathBiasScaleThreshold circuits through a
895  * guard, we scale our observations by 0.5 (governed by the consensus) so
896  * that new observations don't get swamped by old ones.
897  *
898  * By default, or if a negative value is provided for one of these options,
899  * Tor uses reasonable defaults from the networkstatus consensus document.
900  * If no defaults are available there, these options default to 150, .70,
901  * .50, .30, 0, and 300 respectively.
902  */
904  double PathBiasNoticeRate;
905  double PathBiasWarnRate;
906  double PathBiasExtremeRate;
907  int PathBiasDropGuards;
908  int PathBiasScaleThreshold;
909  /** @} */
910 
911  /**
912  * Parameters for path-bias use detection
913  * @{
914  * Similar to the above options, these options override the default behavior
915  * of Tor's (**currently experimental**) path use bias detection algorithm.
916  *
917  * Where as the path bias parameters govern thresholds for successfully
918  * building circuits, these four path use bias parameters govern thresholds
919  * only for circuit usage. Circuits which receive no stream usage are not
920  * counted by this detection algorithm. A used circuit is considered
921  * successful if it is capable of carrying streams or otherwise receiving
922  * well-formed responses to RELAY cells.
923  *
924  * By default, or if a negative value is provided for one of these options,
925  * Tor uses reasonable defaults from the networkstatus consensus document.
926  * If no defaults are available there, these options default to 20, .80,
927  * .60, and 100, respectively.
928  */
930  double PathBiasNoticeUseRate;
931  double PathBiasExtremeUseRate;
932  int PathBiasScaleUseThreshold;
933  /** @} */
934 
935  int IPv6Exit; /**< Do we support exiting to IPv6 addresses? */
936 
937  /** Fraction: */
939 
940  /** What expiry time shall we place on our SSL certs? "0" means we
941  * should guess a suitable value. */
943 
944  /** How long (seconds) do we keep a guard before picking a new one? */
946 
947  /** Is this an exit node? This is a tristate, where "1" means "yes, and use
948  * the default exit policy if none is given" and "0" means "no; exit policy
949  * is 'reject *'" and "auto" (-1) means "same as 1, but warn the user."
950  *
951  * XXXX Eventually, the default will be 0. */
953 
954  /** For how long (seconds) do we declare our signing keys to be valid? */
956  /** For how long (seconds) do we declare our link keys to be valid? */
958  /** For how long (seconds) do we declare our auth keys to be valid? */
960 
961  /** How long before signing keys expire will we try to make a new one? */
963  /** How long before link keys expire will we try to make a new one? */
965  /** How long before auth keys expire will we try to make a new one? */
967 
968  /** Force use of offline master key features: never generate a master
969  * ed25519 identity key except from tor --keygen */
971 
972  key_expiration_format_t key_expiration_format;
973 
974  enum {
975  FORCE_PASSPHRASE_AUTO=0,
976  FORCE_PASSPHRASE_ON,
977  FORCE_PASSPHRASE_OFF
978  } keygen_force_passphrase;
979  int use_keygen_passphrase_fd;
980  int keygen_passphrase_fd;
981  int change_key_passphrase;
982  char *master_key_fname;
983 
984  /** Autobool: Do we try to retain capabilities if we can? */
986 
987  /** Maximum total size of unparseable descriptors to log during the
988  * lifetime of this Tor process.
989  */
991 
992  /** If 1, we skip all OOS checks. */
994 
995  /** Autobool: Should we include Ed25519 identities in extend2 cells?
996  * If -1, we should do whatever the consensus parameter says. */
998 
999  /** Bool (default: 0): Tells if a %include was used on torrc */
1001 
1002  /** The seconds after expiration which we as a relay should keep old
1003  * consensuses around so that we can generate diffs from them. If 0,
1004  * use the default. */
1006 
1007  /** Bool (default: 0). Tells Tor to never try to exec another program.
1008  */
1009  int NoExec;
1010 
1011  /** Have the KIST scheduler run every X milliseconds. If less than zero, do
1012  * not use the KIST scheduler but use the old vanilla scheduler instead. If
1013  * zero, do what the consensus says and fall back to using KIST as if this is
1014  * set to "10 msec" if the consensus doesn't say anything. */
1016 
1017  /** A multiplier for the KIST per-socket limit calculation. */
1019 
1020  /** The list of scheduler type string ordered by priority that is first one
1021  * has to be tried first. Default: KIST,KISTLite,Vanilla */
1023  /** An ordered list of scheduler_types mapped from Schedulers. */
1025 
1026  /** List of files that were opened by %include in torrc and torrc-defaults */
1028 
1029  /** If true, Tor shouldn't install any posix signal handlers, since it is
1030  * running embedded inside another process.
1031  */
1033 
1034  /** Interval: how long without activity does it take for a client
1035  * to become dormant?
1036  **/
1038 
1039  /**
1040  * Boolean: If enabled, then we consider the timeout when deciding whether
1041  * to be dormant. If not enabled, then only the SIGNAL ACTIVE/DORMANT
1042  * controls can change our status.
1043  **/
1045 
1046  /** Boolean: true if having an idle stream is sufficient to prevent a client
1047  * from becoming dormant.
1048  **/
1050 
1051  /** Boolean: true if Tor should be dormant the first time it starts with
1052  * a datadirectory; false otherwise. */
1054  /**
1055  * Boolean: true if Tor should treat every startup event as cancelling
1056  * a possible previous dormant state.
1057  **/
1059 
1060  /** List of policy allowed to query the Metrics port. */
1062 
1063  /**
1064  * Configuration objects for individual modules.
1065  *
1066  * Never access this field or its members directly: instead, use the module
1067  * in question to get its relevant configuration object.
1068  */
1070 };
1071 
1072 #endif /* !defined(TOR_OR_OPTIONS_ST_H) */
Headers for address.h.
Master header file for Tor-specific functionality.
dirinfo_type_t
Definition: or.h:785
tcp_proxy_protocol_t
Definition: or_options_st.h:52
@ TCP_PROXY_PROTOCOL_HAPROXY
Definition: or_options_st.h:54
outbound_addr_t
Definition: or_options_st.h:28
@ OUTBOUND_ADDR_OR
Definition: or_options_st.h:35
@ OUTBOUND_ADDR_EXIT
Definition: or_options_st.h:31
@ OUTBOUND_ADDR_ANY
Definition: or_options_st.h:45
@ OUTBOUND_ADDR_MAX
Definition: or_options_st.h:48
@ OUTBOUND_ADDR_PT
Definition: or_options_st.h:39
key_expiration_format_t
Definition: or_options_st.h:58
int TestingV3AuthInitialDistDelay
char * ExtORPortCookieAuthFile
struct smartlist_t * PublishServerDescriptor
struct config_line_t * ControlPort_lines
int TrackHostExitsExpire
int ExitPortStatistics
tor_addr_t Socks4ProxyAddr
int MaxCircuitDirtiness
int TestingClientDownloadInitialDelay
tor_addr_t HTTPProxyAddr
uint64_t MaxMemInQueues
int ClientBootstrapConsensusFallbackDownloadInitialDelay
int ReducedConnectionPadding
int KISTSchedRunInterval
dirinfo_type_t PublishServerDescriptor_
struct config_line_t * MyFamily
struct config_line_t * NATDPort_lines
int DirReqStatistics_option
struct config_line_t * AuthDirInvalid
int GeoIPExcludeUnknown
char * ClientOnionAuthDir
uint64_t RelayBandwidthBurst
int ClientPreferIPv6DirPort
char * CacheDirectory
Definition: or_options_st.h:94
struct config_line_t * AlternateBridgeAuthority
tor_addr_t HTTPSProxyAddr
char * SyslogIdentityTag
Definition: or_options_st.h:79
uint16_t Socks4ProxyPort
int RefuseUnknownExits
int ConnLimit_high_thresh
int ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay
char * KeyDirectory
Definition: or_options_st.h:89
struct routerset_t * ExcludeExitNodes
int TestingBridgeBootstrapDownloadInitialDelay
int ShutdownWaitLength
int NumDirectoryGuards
int TestingEnableConnBwEvent
struct config_line_t * OutboundBindAddressExit
struct config_line_t * AuthDirReject
struct config_line_t * DNSPort_lines
int FetchServerDescriptors
char * BridgePassword_AuthDigest_
char * BridgePassword
struct config_line_t * ServerTransportOptions
int ExtORPortCookieAuthFileGroupReadable
char * HTTPSProxy
char * ContactInfo
int TestingLinkKeySlop
uint64_t MaxMemInQueues_low_threshold
char * SafeLogging
char * command_arg
Definition: or_options_st.h:69
struct smartlist_t * RejectPlaintextPorts
int DisableSignalHandlers
char * ServerDNSResolvConfFile
int V3AuthNIntervalsValid
tor_addr_t TCPProxyAddr
struct config_line_t * Logs
Definition: or_options_st.h:71
int ExitPolicyRejectPrivate
struct config_line_t * ORPort_lines
struct routerset_t * ExcludeExitNodesUnion_
int TestingDirConnectionMaxStall
struct config_line_t * ServerTransportListenAddr
int ClientBootstrapConsensusMaxInProgressTries
int ConnLimit_low_thresh
char * BridgeDistribution
struct smartlist_t * ServerDNSTestAddresses
char * CookieAuthFile
struct smartlist_t * WarnPlaintextPorts
struct smartlist_t * TrackHostExits
int MaxConsensusAgeForDiffs
struct smartlist_t * FirewallPorts
int TestingClientMaxIntervalWithoutRequest
char * HTTPProxy
struct smartlist_t * Schedulers
tcp_proxy_protocol_t TCPProxyProtocol
int FetchDirInfoExtraEarly
uint64_t MaxUnparseableDescSizeToLog
struct config_line_t * ExtORPort_lines
struct config_line_t * ClientTransportPlugin
struct config_line_t * OutboundBindAddressPT
int AllowNonRFC953Hostnames
struct smartlist_t * SchedulerTypes_
char * TransProxyType
int V3AuthUseLegacyKey
uint64_t BandwidthRate
struct config_line_t * DirAuthorities
int FetchHidServDescriptors
struct config_line_t * Bridges
int DormantOnFirstStartup
int ServerDNSSearchDomains
int ControlSocketsGroupWritable
int LeaveStreamsUnattached
int TestingAuthKeyLifetime
uint64_t OwningControllerFD
double KISTSockBufSizeFactor
int ExtraInfoStatistics
struct config_line_t * MetricsPort_lines
struct config_line_t * ControlSocket
int ServerDNSAllowBrokenConfig
int ClientBootstrapConsensusAuthorityDownloadInitialDelay
int TestingClientConsensusDownloadInitialDelay
uint64_t AccountingMax
struct config_line_t * OutboundBindAddress
int UpdateBridgesFromAuthority
int ClientRejectInternalAddresses
int DormantTimeoutEnabled
int OverloadStatistics
int UseDefaultFallbackDirs
char * DebugLogFile
Definition: or_options_st.h:81
struct config_suite_t * subconfigs_
struct config_line_t * AlternateDirAuthority
int DataDirectoryGroupReadable
Definition: or_options_st.h:85
int CacheDirectoryGroupReadable
Definition: or_options_st.h:95
struct config_line_t * MyFamily_lines
int KeyDirectoryGroupReadable
Definition: or_options_st.h:90
char * KeyDirectory_option
Definition: or_options_st.h:87
struct smartlist_t * NodeFamilySets
uint64_t ConstrainedSockSize
int AllDirActionsPrivate
struct config_line_t * AddressMap
int EnforceDistinctSubnets
struct smartlist_t * FilesOpenedByIncludes
int HiddenServiceStatistics_option
uint64_t PerConnBWBurst
char * GuardfractionFile
char * HTTPProxyAuthenticator
int CircuitBuildTimeout
int DormantTimeoutDisabledByIdleStreams
struct config_line_t * HashedControlPassword
char * Nickname
Definition: or_options_st.h:97
int TokenBucketRefillInterval
char * GeoIPFile
int TestingServerConsensusDownloadInitialDelay
int LearnCircuitBuildTimeout
struct config_line_t * FallbackDir
char * V3BandwidthsFile
char * Socks5Proxy
struct routerset_t * EntryNodes
int ReloadTorrcOnSIGHUP
int HiddenServiceStatistics
int TestingServerDownloadInitialDelay
struct config_line_t * ServerTransportPlugin
int TestingLinkCertLifetime
int UsingTestNetworkDefaults_
int UnixSocksGroupWritable
int KeepBindCapabilities
int ServerDNSRandomizeCase
struct config_line_t * NodeFamilies
int CookieAuthentication
int ServerDNSDetectHijacking
char * ControlPortWriteToFile
char * Socks4Proxy
int ConstrainedSockets
int SigningKeyLifetime
int FetchUselessDescriptors
struct config_line_t * MetricsPortPolicy
int ClientPreferIPv6ORPort
char * VirtualAddrNetworkIPv6
int TestingV3AuthInitialVotingInterval
struct routerset_t * ExcludeNodes
struct config_line_t * SocksPolicy
char * OwningControllerProcess
struct config_line_t * ReachableORAddresses
char * Socks5ProxyUsername
double CircuitPriorityHalflife
struct config_line_t * HashedControlSessionPassword
char * Socks5ProxyPassword
int CookieAuthFileGroupReadable
int V3AuthoritativeDir
int ServerDNSAllowNonRFC953Hostnames
int CountPrivateBandwidth
int TestingEnableCellStatsEvent
struct routerset_t * ExitNodes
int TestingBridgeDownloadInitialDelay
tor_addr_t Socks5ProxyAddr
int AddressDisableIPv6
int DormantClientTimeout
struct config_line_t * ReachableDirAddresses
uint64_t RelayBandwidthRate
int MaxClientCircuitsPending
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
int PublishHidServDescriptors
int LogMessageDomains
Definition: or_options_st.h:75
struct routerset_t * HSLayer2Nodes
int ExitPolicyRejectLocalInterfaces
int BridgeRecordUsageByCountry
int ControlPortFileGroupReadable
int DisablePredictedCircuits
struct config_line_t * DirPolicy
char * DirPortFrontPage
char * CacheDirectory_option
Definition: or_options_st.h:92
uint16_t TCPProxyPort
int DirAllowPrivateAddresses
struct config_line_t * ExitPolicy
struct config_line_t * OutboundBindAddressOR
int TestingV3AuthInitialVoteDelay
int CircuitsAvailableTimeout
struct config_line_t * Address
int TestingSigningKeySlop
uint16_t Socks5ProxyPort
uint64_t MaxAdvertisedBandwidth
int ReducedCircuitPadding
enum or_options_t::@2 TransProxyType_parsed
struct smartlist_t * AutomapHostsSuffixes
int ConnDirectionStatistics
char * VirtualAddrNetworkIPv4
int AssumeReachableIPv6
int AutomapHostsOnResolve
char * HTTPSProxyAuthenticator
int UseMicrodescriptors
int CircuitStreamTimeout
tor_cmdline_mode_t command
Definition: or_options_st.h:68
int DisableDebuggerAttachment
uint16_t HTTPProxyPort
char * AccountingRule_option
struct config_line_t * TransPort_lines
char * DataDirectory
Definition: or_options_st.h:84
struct smartlist_t * LongLivedPorts
int LogTimeGranularity
Definition: or_options_st.h:73
struct config_line_t * RendConfigLines
int TestingAuthKeySlop
struct config_line_t * ReachableAddresses
uint64_t PerConnBWRate
int HiddenServiceSingleHopMode
int V3AuthVotingInterval
int BridgeAuthoritativeDir
int DormantCanceledByStartup
char * AccountingStart
double PathsNeededToBuildCircuits
int UseEntryGuards_option
int ExtendAllowPrivateAddresses
struct config_line_t * HTTPTunnelPort_lines
int PathBiasCircThreshold
char * DataDirectory_option
Definition: or_options_st.h:82
struct config_line_t * DirPort_lines
int ClientDNSRejectInternalAddresses
struct routerset_t * MiddleNodes
struct config_line_t * SocksPort_lines
double DirAuthorityFallbackRate
int TestingV3AuthVotingStartOffset
int PathBiasUseThreshold
uint16_t HTTPSProxyPort
uint64_t BandwidthBurst
struct routerset_t * HSLayer3Nodes
struct config_line_t * AuthDirBadExit
Declare the tor_cmdline_mode_t enumeration.
tor_cmdline_mode_t
Integer definitions used throughout Tor.