Tor  0.4.3.0-alpha-dev
or_options_st.h
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file or_options_st.h
9  *
10  * \brief The or_options_t structure, which represents Tor's configuration.
11  */
12 
13 #ifndef TOR_OR_OPTIONS_ST_H
14 #define TOR_OR_OPTIONS_ST_H
15 
16 #include "lib/cc/torint.h"
17 #include "lib/net/address.h"
19 
20 struct smartlist_t;
21 struct config_line_t;
22 struct config_suite_t;
23 
24 /** Enumeration of outbound address configuration types:
25  * Exit-only, OR-only, or both */
26 typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR,
27  OUTBOUND_ADDR_EXIT_AND_OR,
28  OUTBOUND_ADDR_MAX} outbound_addr_t;
29 
30 /** Configuration options for a Tor process. */
31 struct or_options_t {
32  uint32_t magic_;
33 
34  /** What should the tor process actually do? */
36  char *command_arg; /**< Argument for command-line option. */
37 
38  struct config_line_t *Logs; /**< New-style list of configuration lines
39  * for logs */
40  int LogTimeGranularity; /**< Log resolution in milliseconds. */
41 
42  int LogMessageDomains; /**< Boolean: Should we log the domain(s) in which
43  * each log message occurs? */
44  int TruncateLogFile; /**< Boolean: Should we truncate the log file
45  before we start writing? */
46  char *SyslogIdentityTag; /**< Identity tag to add for syslog logging. */
47  char *AndroidIdentityTag; /**< Identity tag to add for Android logging. */
48 
49  char *DebugLogFile; /**< Where to send verbose log messages. */
50  char *DataDirectory_option; /**< Where to store long-term data, as
51  * configured by the user. */
52  char *DataDirectory; /**< Where to store long-term data, as modified. */
53  int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */
54 
55  char *KeyDirectory_option; /**< Where to store keys, as
56  * configured by the user. */
57  char *KeyDirectory; /**< Where to store keys data, as modified. */
58  int KeyDirectoryGroupReadable; /**< Boolean: Is the KeyDirectory g+r? */
59 
60  char *CacheDirectory_option; /**< Where to store cached data, as
61  * configured by the user. */
62  char *CacheDirectory; /**< Where to store cached data, as modified. */
63  int CacheDirectoryGroupReadable; /**< Boolean: Is the CacheDirectory g+r? */
64 
65  char *Nickname; /**< OR only: nickname of this onion router. */
66  char *Address; /**< OR only: configured address for this onion router. */
67  char *PidFile; /**< Where to store PID of Tor process. */
68 
69  routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
70  * country codes and IP address patterns of ORs to
71  * consider as exits. */
72  routerset_t *MiddleNodes; /**< Structure containing nicknames, digests,
73  * country codes and IP address patterns of ORs to
74  * consider as middles. */
75  routerset_t *EntryNodes;/**< Structure containing nicknames, digests,
76  * country codes and IP address patterns of ORs to
77  * consider as entry points. */
78  int StrictNodes; /**< Boolean: When none of our EntryNodes or ExitNodes
79  * are up, or we need to access a node in ExcludeNodes,
80  * do we just fail instead? */
81  routerset_t *ExcludeNodes;/**< Structure containing nicknames, digests,
82  * country codes and IP address patterns of ORs
83  * not to use in circuits. But see StrictNodes
84  * above. */
85  routerset_t *ExcludeExitNodes;/**< Structure containing nicknames, digests,
86  * country codes and IP address patterns of
87  * ORs not to consider as exits. */
88 
89  /** Union of ExcludeNodes and ExcludeExitNodes */
90  routerset_t *ExcludeExitNodesUnion_;
91 
92  int DisableAllSwap; /**< Boolean: Attempt to call mlockall() on our
93  * process for all current and future memory. */
94 
95  struct config_line_t *ExitPolicy; /**< Lists of exit policy components. */
96  int ExitPolicyRejectPrivate; /**< Should we not exit to reserved private
97  * addresses, and our own published addresses?
98  */
99  int ExitPolicyRejectLocalInterfaces; /**< Should we not exit to local
100  * interface addresses?
101  * Includes OutboundBindAddresses and
102  * configured ports. */
103  int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */
104  struct config_line_t *SocksPolicy; /**< Lists of socks policy components */
105  struct config_line_t *DirPolicy; /**< Lists of dir policy components */
106  /** Local address to bind outbound sockets */
108  /** Local address to bind outbound relay sockets */
110  /** Local address to bind outbound exit sockets */
112  /** Addresses derived from the various OutboundBindAddress lines.
113  * [][0] is IPv4, [][1] is IPv6
114  */
115  tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2];
116  /** Directory server only: which versions of
117  * Tor should we tell users to run? */
119  struct config_line_t *RecommendedClientVersions;
120  struct config_line_t *RecommendedServerVersions;
121  /** Whether dirservers allow router descriptors with private IPs. */
123  /** Whether routers accept EXTEND cells to routers with private IPs. */
125  char *User; /**< Name of user to run Tor as. */
126  /** Ports to listen on for OR connections. */
128  /** Ports to listen on for extended OR connections. */
130  /** Ports to listen on for SOCKS connections. */
132  /** Ports to listen on for transparent pf/netfilter connections. */
134  char *TransProxyType; /**< What kind of transparent proxy
135  * implementation are we using? */
136  /** Parsed value of TransProxyType. */
137  enum {
138  TPT_DEFAULT,
139  TPT_PF_DIVERT,
140  TPT_IPFW,
141  TPT_TPROXY,
143  /** Ports to listen on for transparent natd connections. */
145  /** Ports to listen on for HTTP Tunnel connections. */
147  struct config_line_t *ControlPort_lines; /**< Ports to listen on for control
148  * connections. */
149  /** List of Unix Domain Sockets to listen on for control connections. */
151 
152  int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */
153  int UnixSocksGroupWritable; /**< Boolean: Are SOCKS Unix sockets g+rw? */
154  /** Ports to listen on for directory connections. */
156  /** Ports to listen on for DNS requests. */
158 
159  /* MaxMemInQueues value as input by the user. We clean this up to be
160  * MaxMemInQueues. */
161  uint64_t MaxMemInQueues_raw;
162  uint64_t MaxMemInQueues;/**< If we have more memory than this allocated
163  * for queues and buffers, run the OOM handler */
164  /** Above this value, consider ourselves low on RAM. */
166 
167  /** @name port booleans
168  *
169  * Derived booleans: For server ports and ControlPort, true iff there is a
170  * non-listener port on an AF_INET or AF_INET6 address of the given type
171  * configured in one of the _lines options above.
172  * For client ports, also true if there is a unix socket configured.
173  * If you are checking for client ports, you may want to use:
174  * SocksPort_set || TransPort_set || NATDPort_set || DNSPort_set ||
175  * HTTPTunnelPort_set
176  * rather than SocksPort_set.
177  *
178  * @{
179  */
180  unsigned int ORPort_set : 1;
181  unsigned int SocksPort_set : 1;
182  unsigned int TransPort_set : 1;
183  unsigned int NATDPort_set : 1;
184  unsigned int ControlPort_set : 1;
185  unsigned int DirPort_set : 1;
186  unsigned int DNSPort_set : 1;
187  unsigned int ExtORPort_set : 1;
188  unsigned int HTTPTunnelPort_set : 1;
189  /**@}*/
190 
191  int AssumeReachable; /**< Whether to publish our descriptor regardless. */
192  int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
193  int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
194  * for version 3 directories? */
195  int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative
196  * directory that's willing to recommend
197  * versions? */
198  int BridgeAuthoritativeDir; /**< Boolean: is this an authoritative directory
199  * that aggregates bridge descriptors? */
200 
201  /** If set on a bridge relay, it will include this value on a new
202  * "bridge-distribution-request" line in its bridge descriptor. */
204 
205  /** If set on a bridge authority, it will answer requests on its dirport
206  * for bridge statuses -- but only if the requests use this password. */
208  /** If BridgePassword is set, this is a SHA256 digest of the basic http
209  * authenticator for it. Used so we can do a time-independent comparison. */
211 
212  int UseBridges; /**< Boolean: should we start all circuits with a bridge? */
213  struct config_line_t *Bridges; /**< List of bootstrap bridge addresses. */
214 
215  struct config_line_t *ClientTransportPlugin; /**< List of client
216  transport plugins. */
217 
218  struct config_line_t *ServerTransportPlugin; /**< List of client
219  transport plugins. */
220 
221  /** List of TCP/IP addresses that transports should listen at. */
223 
224  /** List of options that must be passed to pluggable transports. */
226 
227  int BridgeRelay; /**< Boolean: are we acting as a bridge relay? We make
228  * this explicit so we can change how we behave in the
229  * future. */
230 
231  /** Boolean: if we know the bridge's digest, should we get new
232  * descriptors from the bridge authorities or from the bridge itself? */
234 
235  int AvoidDiskWrites; /**< Boolean: should we never cache things to disk?
236  * Not used yet. */
237  int ClientOnly; /**< Boolean: should we never evolve into a server role? */
238 
239  int ReducedConnectionPadding; /**< Boolean: Should we try to keep connections
240  open shorter and pad them less against
241  connection-level traffic analysis? */
242  /** Autobool: if auto, then connection padding will be negotiated by client
243  * and server. If 0, it will be fully disabled. If 1, the client will still
244  * pad to the server regardless of server support. */
246 
247  /** Boolean: if true, then circuit padding will be negotiated by client
248  * and server, subject to consenus limits (default). If 0, it will be fully
249  * disabled. */
251 
252  /** Boolean: if true, then this client will only use circuit padding
253  * algorithms that are known to use a low amount of overhead. If false,
254  * we will use all available circuit padding algorithms.
255  */
257 
258  /** To what authority types do we publish our descriptor? Choices are
259  * "v1", "v2", "v3", "bridge", or "". */
261  /** A bitfield of authority types, derived from PublishServerDescriptor. */
263  /** Boolean: do we publish hidden service descriptors to the HS auths? */
265  int FetchServerDescriptors; /**< Do we fetch server descriptors as normal? */
266  int FetchHidServDescriptors; /**< and hidden service descriptors? */
267 
268  int MinUptimeHidServDirectoryV2; /**< As directory authority, accept hidden
269  * service directories after what time? */
270 
271  int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */
272  int AllDirActionsPrivate; /**< Should every directory action be sent
273  * through a Tor circuit? */
274 
275  /** A routerset that should be used when picking middle nodes for HS
276  * circuits. */
277  routerset_t *HSLayer2Nodes;
278 
279  /** A routerset that should be used when picking third-hop nodes for HS
280  * circuits. */
281  routerset_t *HSLayer3Nodes;
282 
283  /** Onion Services in HiddenServiceSingleHopMode make one-hop (direct)
284  * circuits between the onion service server, and the introduction and
285  * rendezvous points. (Onion service descriptors are still posted using
286  * 3-hop paths, to avoid onion service directories blocking the service.)
287  * This option makes every hidden service instance hosted by
288  * this tor instance a Single Onion Service.
289  * HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be
290  * set to 1.
291  * Use rend_service_allow_non_anonymous_connection() or
292  * rend_service_reveal_startup_time() instead of using this option directly.
293  */
295  /* Makes hidden service clients and servers non-anonymous on this tor
296  * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables
297  * non-anonymous behaviour in the hidden service protocol.
298  * Use rend_service_non_anonymous_mode_enabled() instead of using this option
299  * directly.
300  */
301  int HiddenServiceNonAnonymousMode;
302 
303  int ConnLimit; /**< Demanded minimum number of simultaneous connections. */
304  int ConnLimit_; /**< Maximum allowed number of simultaneous connections. */
305  int ConnLimit_high_thresh; /**< start trying to lower socket usage if we
306  * have this many. */
307  int ConnLimit_low_thresh; /**< try to get down to here after socket
308  * exhaustion. */
309  int RunAsDaemon; /**< If true, run in the background. (Unix only) */
310  int FascistFirewall; /**< Whether to prefer ORs reachable on open ports. */
311  struct smartlist_t *FirewallPorts; /**< Which ports our firewall allows
312  * (strings). */
313  /** IP:ports our firewall allows. */
315  struct config_line_t *ReachableORAddresses; /**< IP:ports for OR conns. */
316  struct config_line_t *ReachableDirAddresses; /**< IP:ports for Dir conns. */
317 
318  int ConstrainedSockets; /**< Shrink xmit and recv socket buffers. */
319  uint64_t ConstrainedSockSize; /**< Size of constrained buffers. */
320 
321  /** Whether we should drop exit streams from Tors that we don't know are
322  * relays. One of "0" (never refuse), "1" (always refuse), or "-1" (do
323  * what the consensus says, defaulting to 'refuse' if the consensus says
324  * nothing). */
326 
327  /** Application ports that require all nodes in circ to have sufficient
328  * uptime. */
330  /** Application ports that are likely to be unencrypted and
331  * unauthenticated; we reject requests for them to prevent the
332  * user from screwing up and leaking plaintext secrets to an
333  * observer somewhere on the Internet. */
335  /** Related to RejectPlaintextPorts above, except this config option
336  * controls whether we warn (in the log and via a controller status
337  * event) every time a risky connection is attempted. */
339  /** Should we try to reuse the same exit node for a given host */
341  int TrackHostExitsExpire; /**< Number of seconds until we expire an
342  * addressmap */
343  struct config_line_t *AddressMap; /**< List of address map directives. */
344  int AutomapHostsOnResolve; /**< If true, when we get a resolve request for a
345  * hostname ending with one of the suffixes in
346  * <b>AutomapHostsSuffixes</b>, map it to a
347  * virtual address. */
348  /** List of suffixes for <b>AutomapHostsOnResolve</b>. The special value
349  * "." means "match everything." */
351  int RendPostPeriod; /**< How often do we post each rendezvous service
352  * descriptor? Remember to publish them independently. */
353  int KeepalivePeriod; /**< How often do we send padding cells to keep
354  * connections alive? */
355  int SocksTimeout; /**< How long do we let a socks connection wait
356  * unattached before we fail it? */
357  int LearnCircuitBuildTimeout; /**< If non-zero, we attempt to learn a value
358  * for CircuitBuildTimeout based on timeout
359  * history. Use circuit_build_times_disabled()
360  * rather than checking this value directly. */
361  int CircuitBuildTimeout; /**< Cull non-open circuits that were born at
362  * least this many seconds ago. Used until
363  * adaptive algorithm learns a new value. */
364  int CircuitsAvailableTimeout; /**< Try to have an open circuit for at
365  least this long after last activity */
366  int CircuitStreamTimeout; /**< If non-zero, detach streams from circuits
367  * and try a new circuit if the stream has been
368  * waiting for this many seconds. If zero, use
369  * our default internal timeout schedule. */
370  int MaxOnionQueueDelay; /*< DOCDOC */
371  int NewCircuitPeriod; /**< How long do we use a circuit before building
372  * a new one? */
373  int MaxCircuitDirtiness; /**< Never use circs that were first used more than
374  this interval ago. */
375  uint64_t BandwidthRate; /**< How much bandwidth, on average, are we willing
376  * to use in a second? */
377  uint64_t BandwidthBurst; /**< How much bandwidth, at maximum, are we willing
378  * to use in a second? */
379  uint64_t MaxAdvertisedBandwidth; /**< How much bandwidth are we willing to
380  * tell other nodes we have? */
381  uint64_t RelayBandwidthRate; /**< How much bandwidth, on average, are we
382  * willing to use for all relayed conns? */
383  uint64_t RelayBandwidthBurst; /**< How much bandwidth, at maximum, will we
384  * use in a second for all relayed conns? */
385  uint64_t PerConnBWRate; /**< Long-term bw on a single TLS conn, if set. */
386  uint64_t PerConnBWBurst; /**< Allowed burst on a single TLS conn, if set. */
387  int NumCPUs; /**< How many CPUs should we try to use? */
388  struct config_line_t *RendConfigLines; /**< List of configuration lines
389  * for rendezvous services. */
390  struct config_line_t *HidServAuth; /**< List of configuration lines for
391  * client-side authorizations for hidden
392  * services */
393  char *ClientOnionAuthDir; /**< Directory to keep client
394  * onion service authorization secret keys */
395  char *ContactInfo; /**< Contact info to be published in the directory. */
396 
397  int HeartbeatPeriod; /**< Log heartbeat messages after this many seconds
398  * have passed. */
399  int MainloopStats; /**< Log main loop statistics as part of the
400  * heartbeat messages. */
401 
402  char *HTTPProxy; /**< hostname[:port] to use as http proxy, if any. */
403  tor_addr_t HTTPProxyAddr; /**< Parsed IPv4 addr for http proxy, if any. */
404  uint16_t HTTPProxyPort; /**< Parsed port for http proxy, if any. */
405  char *HTTPProxyAuthenticator; /**< username:password string, if any. */
406 
407  char *HTTPSProxy; /**< hostname[:port] to use as https proxy, if any. */
408  tor_addr_t HTTPSProxyAddr; /**< Parsed addr for https proxy, if any. */
409  uint16_t HTTPSProxyPort; /**< Parsed port for https proxy, if any. */
410  char *HTTPSProxyAuthenticator; /**< username:password string, if any. */
411 
412  char *Socks4Proxy; /**< hostname:port to use as a SOCKS4 proxy, if any. */
413  tor_addr_t Socks4ProxyAddr; /**< Derived from Socks4Proxy. */
414  uint16_t Socks4ProxyPort; /**< Derived from Socks4Proxy. */
415 
416  char *Socks5Proxy; /**< hostname:port to use as a SOCKS5 proxy, if any. */
417  tor_addr_t Socks5ProxyAddr; /**< Derived from Sock5Proxy. */
418  uint16_t Socks5ProxyPort; /**< Derived from Socks5Proxy. */
419  char *Socks5ProxyUsername; /**< Username for SOCKS5 authentication, if any */
420  char *Socks5ProxyPassword; /**< Password for SOCKS5 authentication, if any */
421 
422  /** List of configuration lines for replacement directory authorities.
423  * If you just want to replace one class of authority at a time,
424  * use the "Alternate*Authority" options below instead. */
426 
427  /** List of fallback directory servers */
429  /** Whether to use the default hard-coded FallbackDirs */
431 
432  /** Weight to apply to all directory authority rates if considering them
433  * along with fallbackdirs */
435 
436  /** If set, use these main (currently v3) directory authorities and
437  * not the default ones. */
439 
440  /** If set, use these bridge authorities and not the default one. */
442 
443  struct config_line_t *MyFamily_lines; /**< Declared family for this OR. */
444  struct config_line_t *MyFamily; /**< Declared family for this OR,
445  normalized */
446  struct config_line_t *NodeFamilies; /**< List of config lines for
447  * node families */
448  /** List of parsed NodeFamilies values. */
450  struct config_line_t *AuthDirBadExit; /**< Address policy for descriptors to
451  * mark as bad exits. */
452  struct config_line_t *AuthDirReject; /**< Address policy for descriptors to
453  * reject. */
454  struct config_line_t *AuthDirInvalid; /**< Address policy for descriptors to
455  * never mark as valid. */
456  /** @name AuthDir...CC
457  *
458  * Lists of country codes to mark as BadExit, or Invalid, or to
459  * reject entirely.
460  *
461  * @{
462  */
463  struct smartlist_t *AuthDirBadExitCCs;
464  struct smartlist_t *AuthDirInvalidCCs;
465  struct smartlist_t *AuthDirRejectCCs;
466  /**@}*/
467 
468  int AuthDirListBadExits; /**< True iff we should list bad exits,
469  * and vote for all other exits as good. */
470  int AuthDirMaxServersPerAddr; /**< Do not permit more than this
471  * number of servers per IP address. */
472  int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */
473  int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */
474 
475  /** If non-zero, always vote the Fast flag for any relay advertising
476  * this amount of capacity or more. */
478 
479  /** If non-zero, this advertised capacity or more is always sufficient
480  * to satisfy the bandwidth requirement for the Guard flag. */
482 
483  char *AccountingStart; /**< How long is the accounting interval, and when
484  * does it start? */
485  uint64_t AccountingMax; /**< How many bytes do we allow per accounting
486  * interval before hibernation? 0 for "never
487  * hibernate." */
488  /** How do we determine when our AccountingMax has been reached?
489  * "max" for when in or out reaches AccountingMax
490  * "sum" for when in plus out reaches AccountingMax
491  * "in" for when in reaches AccountingMax
492  * "out" for when out reaches AccountingMax */
494  enum { ACCT_MAX, ACCT_SUM, ACCT_IN, ACCT_OUT } AccountingRule;
495 
496  /** Base64-encoded hash of accepted passwords for the control system. */
498  /** As HashedControlPassword, but not saved. */
500 
501  int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
502  * the control system? */
503  char *CookieAuthFile; /**< Filesystem location of a ControlPort
504  * authentication cookie. */
505  char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
506  * ORPort authentication cookie. */
507  int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
508  int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the
509  * ExtORPortCookieAuthFile g+r? */
510  int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
511  * circuits itself (0), or does it expect a controller
512  * to cope? (1) */
513  int DisablePredictedCircuits; /**< Boolean: does Tor preemptively
514  * make circuits in the background (0),
515  * or not (1)? */
516 
517  /** Process specifier for a controller that ‘owns’ this Tor
518  * instance. Tor will terminate if its owning controller does. */
520  /** FD specifier for a controller that owns this Tor instance. */
522 
523  int ShutdownWaitLength; /**< When we get a SIGINT and we're a server, how
524  * long do we wait before exiting? */
525  char *SafeLogging; /**< Contains "relay", "1", "0" (meaning no scrubbing). */
526 
527  /* Derived from SafeLogging */
528  enum {
529  SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE
530  } SafeLogging_;
531 
532  int Sandbox; /**< Boolean: should sandboxing be enabled? */
533  int SafeSocks; /**< Boolean: should we outright refuse application
534  * connections that use socks4 or socks5-with-local-dns? */
535  int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor
536  * protocol, is it a warn or an info in our logs? */
537  int TestSocks; /**< Boolean: when we get a socks connection, do we loudly
538  * log whether it was DNS-leaking or not? */
539  /** Token Bucket Refill resolution in milliseconds. */
541 
542  /** Boolean: Do we try to enter from a smallish number
543  * of fixed nodes? */
545  /** Internal variable to remember whether we're actually acting on
546  * UseEntryGuards_option -- when we're a non-anonymous Single Onion Service,
547  * it is always false, otherwise we use the value of UseEntryGuards_option.
548  * */
550 
551  int NumEntryGuards; /**< How many entry guards do we try to establish? */
552 
553  /** If 1, we use any guardfraction information we see in the
554  * consensus. If 0, we don't. If -1, let the consensus parameter
555  * decide. */
557 
558  int NumDirectoryGuards; /**< How many dir guards do we try to establish?
559  * If 0, use value from NumEntryGuards. */
560  int NumPrimaryGuards; /**< How many primary guards do we want? */
561 
562  int RephistTrackTime; /**< How many seconds do we keep rephist info? */
563  /** Should we always fetch our dir info on the mirror schedule (which
564  * means directly from the authorities) no matter our other config? */
566 
567  /** Should we fetch our dir info at the start of the consensus period? */
569 
570  int DirCache; /**< Cache all directory documents and accept requests via
571  * tunnelled dir conns from clients. If 1, enabled (default);
572  * If 0, disabled. Use dir_server_mode() rather than
573  * referencing this option directly. (Except for routermode
574  * and relay_config, which do direct checks.) */
575 
576  char *VirtualAddrNetworkIPv4; /**< Address and mask to hand out for virtual
577  * MAPADDRESS requests for IPv4 addresses */
578  char *VirtualAddrNetworkIPv6; /**< Address and mask to hand out for virtual
579  * MAPADDRESS requests for IPv6 addresses */
580  int ServerDNSSearchDomains; /**< Boolean: If set, we don't force exit
581  * addresses to be FQDNs, but rather search for them in
582  * the local domains. */
583  int ServerDNSDetectHijacking; /**< Boolean: If true, check for DNS failure
584  * hijacking. */
585  int ServerDNSRandomizeCase; /**< Boolean: Use the 0x20-hack to prevent
586  * DNS poisoning attacks. */
587  char *ServerDNSResolvConfFile; /**< If provided, we configure our internal
588  * resolver from the file here rather than from
589  * /etc/resolv.conf (Unix) or the registry (Windows). */
590  char *DirPortFrontPage; /**< This is a full path to a file with an html
591  disclaimer. This allows a server administrator to show
592  that they're running Tor and anyone visiting their server
593  will know this without any specialized knowledge. */
594  int DisableDebuggerAttachment; /**< Currently Linux only specific attempt to
595  disable ptrace; needs BSD testing. */
596  /** Boolean: if set, we start even if our resolv.conf file is missing
597  * or broken. */
599  /** Boolean: if set, then even connections to private addresses will get
600  * rate-limited. */
602  /** A list of addresses that definitely should be resolvable. Used for
603  * testing our DNS server. */
605  int EnforceDistinctSubnets; /**< If true, don't allow multiple routers in the
606  * same network zone in the same circuit. */
607  int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames
608  * with weird characters. */
609  /** If true, we try resolving hostnames with weird characters. */
611 
612  /** If true, we try to download extra-info documents (and we serve them,
613  * if we are a cache). For authorities, this is always true. */
615 
616  /** If true, we're configured to collect statistics on clients
617  * requesting network statuses from us as directory. */
619  /** Internal variable to remember whether we're actually acting on
620  * DirReqStatistics_option -- yes if it's set and we're a server, else no. */
622 
623  /** If true, the user wants us to collect statistics on port usage. */
625 
626  /** If true, the user wants us to collect connection statistics. */
628 
629  /** If true, the user wants us to collect cell statistics. */
631 
632  /** If true, the user wants us to collect padding statistics. */
634 
635  /** If true, the user wants us to collect statistics as entry node. */
637 
638  /** If true, the user wants us to collect statistics as hidden service
639  * directory, introduction point, or rendezvous point. */
641  /** Internal variable to remember whether we're actually acting on
642  * HiddenServiceStatistics_option -- yes if it's set and we're a server,
643  * else no. */
645 
646  /** If true, include statistics file contents in extra-info documents. */
648 
649  /** If true, do not believe anybody who tells us that a domain resolves
650  * to an internal address, or that an internal address has a PTR mapping.
651  * Helps avoid some cross-site attacks. */
653 
654  /** If true, do not accept any requests to connect to internal addresses
655  * over randomly chosen exits. */
657 
658  /** If true, clients may connect over IPv4. If false, they will avoid
659  * connecting over IPv4. We enforce this for OR and Dir connections. */
661  /** If true, clients may connect over IPv6. If false, they will avoid
662  * connecting over IPv4. We enforce this for OR and Dir connections.
663  * Use fascist_firewall_use_ipv6() instead of accessing this value
664  * directly. */
666  /** If true, prefer an IPv6 OR port over an IPv4 one for entry node
667  * connections. If auto, bridge clients prefer IPv6, and other clients
668  * prefer IPv4. Use node_ipv6_or_preferred() instead of accessing this value
669  * directly. */
671  /** If true, prefer an IPv6 directory port over an IPv4 one for direct
672  * directory connections. If auto, bridge clients prefer IPv6, and other
673  * clients prefer IPv4. Use fascist_firewall_prefer_ipv6_dirport() instead of
674  * accessing this value directly. */
676 
677  /** If true, prefer an IPv4 or IPv6 OR port at random. */
679 
680  /** The length of time that we think a consensus should be fresh. */
682  /** The length of time we think it will take to distribute votes. */
684  /** The length of time we think it will take to distribute signatures. */
686  /** The number of intervals we think a consensus should be valid. */
688 
689  /** Should advertise and sign consensuses with a legacy key, for key
690  * migration purposes? */
692 
693  /** Location of bandwidth measurement file */
695 
696  /** Location of guardfraction file */
698 
699  /** Authority only: key=value pairs that we add to our networkstatus
700  * consensus vote on the 'params' line. */
702 
703  /** Authority only: minimum number of measured bandwidths we must see
704  * before we only believe measured bandwidths to assign flags. */
706 
707  /** The length of time that we think an initial consensus should be fresh.
708  * Only altered on testing networks. */
710 
711  /** The length of time we think it will take to distribute initial votes.
712  * Only altered on testing networks. */
714 
715  /** The length of time we think it will take to distribute initial
716  * signatures. Only altered on testing networks.*/
718 
719  /** Offset in seconds added to the starting time for consensus
720  voting. Only altered on testing networks. */
722 
723  /** If an authority has been around for less than this amount of time, it
724  * does not believe its reachability information is accurate. Only
725  * altered on testing networks. */
727 
728  /** Clients don't download any descriptor this recent, since it will
729  * probably not have propagated to enough caches. Only altered on testing
730  * networks. */
732 
733  /** Schedule for when servers should download things in general. Only
734  * altered on testing networks. */
736 
737  /** Schedule for when clients should download things in general. Only
738  * altered on testing networks. */
740 
741  /** Schedule for when servers should download consensuses. Only altered
742  * on testing networks. */
744 
745  /** Schedule for when clients should download consensuses. Only altered
746  * on testing networks. */
748 
749  /** Schedule for when clients should download consensuses from authorities
750  * if they are bootstrapping (that is, they don't have a usable, reasonably
751  * live consensus). Only used by clients fetching from a list of fallback
752  * directory mirrors.
753  *
754  * This schedule is incremented by (potentially concurrent) connection
755  * attempts, unlike other schedules, which are incremented by connection
756  * failures. Only altered on testing networks. */
758 
759  /** Schedule for when clients should download consensuses from fallback
760  * directory mirrors if they are bootstrapping (that is, they don't have a
761  * usable, reasonably live consensus). Only used by clients fetching from a
762  * list of fallback directory mirrors.
763  *
764  * This schedule is incremented by (potentially concurrent) connection
765  * attempts, unlike other schedules, which are incremented by connection
766  * failures. Only altered on testing networks. */
768 
769  /** Schedule for when clients should download consensuses from authorities
770  * if they are bootstrapping (that is, they don't have a usable, reasonably
771  * live consensus). Only used by clients which don't have or won't fetch
772  * from a list of fallback directory mirrors.
773  *
774  * This schedule is incremented by (potentially concurrent) connection
775  * attempts, unlike other schedules, which are incremented by connection
776  * failures. Only altered on testing networks. */
778 
779  /** Schedule for when clients should download bridge descriptors. Only
780  * altered on testing networks. */
782 
783  /** Schedule for when clients should download bridge descriptors when they
784  * have no running bridges. Only altered on testing networks. */
786 
787  /** When directory clients have only a few descriptors to request, they
788  * batch them until they have more, or until this amount of time has
789  * passed. Only altered on testing networks. */
791 
792  /** How long do we let a directory connection stall before expiring
793  * it? Only altered on testing networks. */
795 
796  /** How many simultaneous in-progress connections will we make when trying
797  * to fetch a consensus before we wait for one to complete, timeout, or
798  * error out? Only altered on testing networks. */
800 
801  /** If true, we take part in a testing network. Change the defaults of a
802  * couple of other configuration options and allow to change the values
803  * of certain configuration options. */
805 
806  /** Minimum value for the Exit flag threshold on testing networks. */
808 
809  /** Minimum value for the Fast flag threshold on testing networks. */
811 
812  /** Relays in a testing network which should be voted Exit
813  * regardless of exit policy. */
815  int TestingDirAuthVoteExitIsStrict;
816 
817  /** Relays in a testing network which should be voted Guard
818  * regardless of uptime and bandwidth. */
820  int TestingDirAuthVoteGuardIsStrict;
821 
822  /** Relays in a testing network which should be voted HSDir
823  * regardless of uptime and DirPort. */
825  int TestingDirAuthVoteHSDirIsStrict;
826 
827  /** Enable CONN_BW events. Only altered on testing networks. */
829 
830  /** Enable CELL_STATS events. Only altered on testing networks. */
832 
833  /** If true, and we have GeoIP data, and we're a bridge, keep a per-country
834  * count of how many client addresses have contacted us so that we can help
835  * the bridge authority guess which countries have blocked access to us. */
837 
838  /** Optionally, IPv4 and IPv6 GeoIP data. */
839  char *GeoIPFile;
840  char *GeoIPv6File;
841 
842  /** Autobool: if auto, then any attempt to Exclude{Exit,}Nodes a particular
843  * country code will exclude all nodes in ?? and A1. If true, all nodes in
844  * ?? and A1 are excluded. Has no effect if we don't know any GeoIP data. */
846 
847  /** If true, SIGHUP should reload the torrc. Sometimes controllers want
848  * to make this false. */
850 
851  /** The main parameter for picking circuits within a connection.
852  *
853  * If this value is positive, when picking a cell to relay on a connection,
854  * we always relay from the circuit whose weighted cell count is lowest.
855  * Cells are weighted exponentially such that if one cell is sent
856  * 'CircuitPriorityHalflife' seconds before another, it counts for half as
857  * much.
858  *
859  * If this value is zero, we're disabling the cell-EWMA algorithm.
860  *
861  * If this value is negative, we're using the default approach
862  * according to either Tor or a parameter set in the consensus.
863  */
865 
866  /** Set to true if the TestingTorNetwork configuration option is set.
867  * This is used so that options_validate() has a chance to realize that
868  * the defaults have changed. */
870 
871  /** If 1, we try to use microdescriptors to build circuits. If 0, we don't.
872  * If -1, Tor decides. */
874 
875  /** File where we should write the ControlPort. */
877  /** Should that file be group-readable? */
879 
880 #define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024
881  /** Maximum number of non-open general-purpose origin circuits to allow at
882  * once. */
884 
885  /** If 1, we always send optimistic data when it's supported. If 0, we
886  * never use it. If -1, we do what the consensus says. */
888 
889  /** If 1, we accept and launch no external network connections, except on
890  * control ports. */
892 
893  /**
894  * Parameters for path-bias detection.
895  * @{
896  * These options override the default behavior of Tor's (**currently
897  * experimental**) path bias detection algorithm. To try to find broken or
898  * misbehaving guard nodes, Tor looks for nodes where more than a certain
899  * fraction of circuits through that guard fail to get built.
900  *
901  * The PathBiasCircThreshold option controls how many circuits we need to
902  * build through a guard before we make these checks. The
903  * PathBiasNoticeRate, PathBiasWarnRate and PathBiasExtremeRate options
904  * control what fraction of circuits must succeed through a guard so we
905  * won't write log messages. If less than PathBiasExtremeRate circuits
906  * succeed *and* PathBiasDropGuards is set to 1, we disable use of that
907  * guard.
908  *
909  * When we have seen more than PathBiasScaleThreshold circuits through a
910  * guard, we scale our observations by 0.5 (governed by the consensus) so
911  * that new observations don't get swamped by old ones.
912  *
913  * By default, or if a negative value is provided for one of these options,
914  * Tor uses reasonable defaults from the networkstatus consensus document.
915  * If no defaults are available there, these options default to 150, .70,
916  * .50, .30, 0, and 300 respectively.
917  */
919  double PathBiasNoticeRate;
920  double PathBiasWarnRate;
921  double PathBiasExtremeRate;
922  int PathBiasDropGuards;
923  int PathBiasScaleThreshold;
924  /** @} */
925 
926  /**
927  * Parameters for path-bias use detection
928  * @{
929  * Similar to the above options, these options override the default behavior
930  * of Tor's (**currently experimental**) path use bias detection algorithm.
931  *
932  * Where as the path bias parameters govern thresholds for successfully
933  * building circuits, these four path use bias parameters govern thresholds
934  * only for circuit usage. Circuits which receive no stream usage are not
935  * counted by this detection algorithm. A used circuit is considered
936  * successful if it is capable of carrying streams or otherwise receiving
937  * well-formed responses to RELAY cells.
938  *
939  * By default, or if a negative value is provided for one of these options,
940  * Tor uses reasonable defaults from the networkstatus consensus document.
941  * If no defaults are available there, these options default to 20, .80,
942  * .60, and 100, respectively.
943  */
945  double PathBiasNoticeUseRate;
946  double PathBiasExtremeUseRate;
947  int PathBiasScaleUseThreshold;
948  /** @} */
949 
950  int IPv6Exit; /**< Do we support exiting to IPv6 addresses? */
951 
952  /** Fraction: */
954 
955  /** What expiry time shall we place on our SSL certs? "0" means we
956  * should guess a suitable value. */
958 
959  /** How long (seconds) do we keep a guard before picking a new one? */
961 
962  /** Is this an exit node? This is a tristate, where "1" means "yes, and use
963  * the default exit policy if none is given" and "0" means "no; exit policy
964  * is 'reject *'" and "auto" (-1) means "same as 1, but warn the user."
965  *
966  * XXXX Eventually, the default will be 0. */
968 
969  /** For how long (seconds) do we declare our signing keys to be valid? */
971  /** For how long (seconds) do we declare our link keys to be valid? */
973  /** For how long (seconds) do we declare our auth keys to be valid? */
975 
976  /** How long before signing keys expire will we try to make a new one? */
978  /** How long before link keys expire will we try to make a new one? */
980  /** How long before auth keys expire will we try to make a new one? */
982 
983  /** Force use of offline master key features: never generate a master
984  * ed25519 identity key except from tor --keygen */
986 
987  enum {
988  FORCE_PASSPHRASE_AUTO=0,
989  FORCE_PASSPHRASE_ON,
990  FORCE_PASSPHRASE_OFF
991  } keygen_force_passphrase;
992  int use_keygen_passphrase_fd;
993  int keygen_passphrase_fd;
994  int change_key_passphrase;
995  char *master_key_fname;
996 
997  /** Autobool: Do we try to retain capabilities if we can? */
999 
1000  /** Maximum total size of unparseable descriptors to log during the
1001  * lifetime of this Tor process.
1002  */
1004 
1005  /** Bool (default: 1): Switch for the shared random protocol. Only
1006  * relevant to a directory authority. If off, the authority won't
1007  * participate in the protocol. If on (default), a flag is added to the
1008  * vote indicating participation. */
1010 
1011  /** If 1, we skip all OOS checks. */
1013 
1014  /** Autobool: Should we include Ed25519 identities in extend2 cells?
1015  * If -1, we should do whatever the consensus parameter says. */
1017 
1018  /** Bool (default: 1): When testing routerinfos as a directory authority,
1019  * do we enforce Ed25519 identity match? */
1020  /* NOTE: remove this option someday. */
1022 
1023  /** Bool (default: 0): Tells if a %include was used on torrc */
1025 
1026  /** The seconds after expiration which we as a relay should keep old
1027  * consensuses around so that we can generate diffs from them. If 0,
1028  * use the default. */
1030 
1031  /** Bool (default: 0). Tells Tor to never try to exec another program.
1032  */
1033  int NoExec;
1034 
1035  /** Have the KIST scheduler run every X milliseconds. If less than zero, do
1036  * not use the KIST scheduler but use the old vanilla scheduler instead. If
1037  * zero, do what the consensus says and fall back to using KIST as if this is
1038  * set to "10 msec" if the consensus doesn't say anything. */
1040 
1041  /** A multiplier for the KIST per-socket limit calculation. */
1043 
1044  /** The list of scheduler type string ordered by priority that is first one
1045  * has to be tried first. Default: KIST,KISTLite,Vanilla */
1047  /** An ordered list of scheduler_types mapped from Schedulers. */
1049 
1050  /** List of files that were opened by %include in torrc and torrc-defaults */
1052 
1053  /** If true, Tor shouldn't install any posix signal handlers, since it is
1054  * running embedded inside another process.
1055  */
1057 
1058  /** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */
1060  /** Minimum concurrent connection needed from one single address before any
1061  * defense is used. */
1063  /** Circuit rate used to refill the token bucket. */
1065  /** Maximum allowed burst of circuits. Reaching that value, the address is
1066  * detected as malicious and a defense might be used. */
1068  /** When an address is marked as malicous, what defense should be used
1069  * against it. See the dos_cc_defense_type_t enum. */
1071  /** For how much time (in seconds) the defense is applicable for a malicious
1072  * address. A random time delta is added to the defense time of an address
1073  * which will be between 1 second and half of this value. */
1075 
1076  /** Autobool: Is the DoS connection mitigation subsystem enabled? */
1078  /** Maximum concurrent connection allowed per address. */
1080  /** When an address is reaches the maximum count, what defense should be
1081  * used against it. See the dos_conn_defense_type_t enum. */
1083 
1084  /** Autobool: Do we refuse single hop client rendezvous? */
1086 
1087  /** Interval: how long without activity does it take for a client
1088  * to become dormant?
1089  **/
1091 
1092  /** Boolean: true if having an idle stream is sufficient to prevent a client
1093  * from becoming dormant.
1094  **/
1096 
1097  /** Boolean: true if Tor should be dormant the first time it starts with
1098  * a datadirectory; false otherwise. */
1100  /**
1101  * Boolean: true if Tor should treat every startup event as cancelling
1102  * a possible previous dormant state.
1103  **/
1105 
1106  /**
1107  * Configuration objects for individual modules.
1108  *
1109  * Never access this field or its members directly: instead, use the module
1110  * in question to get its relevant configuration object.
1111  */
1113 };
1114 
1115 #endif /* !defined(TOR_OR_OPTIONS_ST_H) */
int MinMeasuredBWsForAuthToIgnoreAdvertised
int KeyDirectoryGroupReadable
Definition: or_options_st.h:58
int DormantClientTimeout
int V3AuthUseLegacyKey
Declare the tor_cmdline_mode_t enumeration.
char * DirPortFrontPage
char * OwningControllerProcess
uint64_t MaxMemInQueues_low_threshold
struct config_line_t * TransPort_lines
char * AccountingRule_option
int DirAllowPrivateAddresses
int ClientBootstrapConsensusMaxInProgressTries
int TestingLinkKeySlop
int AuthDirTestEd25519LinkKeys
int ExtORPortCookieAuthFileGroupReadable
int DirReqStatistics_option
int ExitPolicyRejectLocalInterfaces
Definition: or_options_st.h:99
routerset_t * TestingDirAuthVoteExit
uint16_t HTTPSProxyPort
uint64_t OwningControllerFD
struct smartlist_t * LongLivedPorts
char * PidFile
Definition: or_options_st.h:67
routerset_t * ExitNodes
Definition: or_options_st.h:69
int ClientBootstrapConsensusFallbackDownloadInitialDelay
int HiddenServiceStatistics_option
struct config_line_t * ControlSocket
char * HTTPProxy
int TestingClientDownloadInitialDelay
routerset_t * ExcludeExitNodesUnion_
Definition: or_options_st.h:90
struct config_line_t * DirPolicy
int HiddenServiceSingleHopMode
char * GeoIPFile
char * HTTPProxyAuthenticator
uint64_t PerConnBWRate
int CircuitBuildTimeout
char * Socks5ProxyPassword
routerset_t * TestingDirAuthVoteHSDir
int ClientPreferIPv6DirPort
char * ContactInfo
char * CookieAuthFile
int ReducedConnectionPadding
struct smartlist_t * NodeFamilySets
int ServerDNSDetectHijacking
char * DebugLogFile
Definition: or_options_st.h:49
int TestingServerDownloadInitialDelay
int EnforceDistinctSubnets
int DormantCanceledByStartup
struct config_line_t * AuthDirReject
int ServerDNSAllowBrokenConfig
int TrackHostExitsExpire
char * ControlPortWriteToFile
struct config_line_t * DNSPort_lines
struct config_line_t * HidServAuth
int TestingBridgeBootstrapDownloadInitialDelay
int PathBiasUseThreshold
int AllowNonRFC953Hostnames
int ExitPortStatistics
uint64_t MaxMemInQueues
struct config_line_t * RendConfigLines
int FetchServerDescriptors
int DormantOnFirstStartup
struct smartlist_t * AutomapHostsSuffixes
char * Socks5ProxyUsername
uint64_t RelayBandwidthRate
int ControlSocketsGroupWritable
int DoSRefuseSingleHopClientRendezvous
dirinfo_type_t PublishServerDescriptor_
int ExtraInfoStatistics
int MaxClientCircuitsPending
char * Socks4Proxy
int ConnDirectionStatistics
struct config_line_t * AlternateDirAuthority
struct config_line_t * DirPort_lines
struct config_line_t * AuthDirBadExit
int DoSCircuitCreationRate
int TestingBridgeDownloadInitialDelay
int LogMessageDomains
Definition: or_options_st.h:42
int ServerDNSRandomizeCase
char * Address
Definition: or_options_st.h:66
struct config_line_t * SocksPolicy
int AuthDirSharedRandomness
tor_addr_t Socks5ProxyAddr
struct smartlist_t * FirewallPorts
int MaxCircuitDirtiness
char * VirtualAddrNetworkIPv6
struct smartlist_t * WarnPlaintextPorts
dirinfo_type_t
Definition: or.h:891
Integer definitions used throughout Tor.
struct smartlist_t * RejectPlaintextPorts
struct config_line_t * DirAuthorities
tor_cmdline_mode_t
double DirAuthorityFallbackRate
int ServerDNSSearchDomains
int TestingV3AuthInitialDistDelay
struct config_line_t * OutboundBindAddressOR
double KISTSockBufSizeFactor
int AuthDirListBadExits
int ShutdownWaitLength
routerset_t * HSLayer3Nodes
routerset_t * TestingDirAuthVoteGuard
int PathBiasCircThreshold
int RefuseUnknownExits
int ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay
struct config_line_t * ServerTransportOptions
struct config_line_t * HTTPTunnelPort_lines
int ExtendAllowPrivateAddresses
uint64_t ConstrainedSockSize
int SigningKeyLifetime
char * ExtORPortCookieAuthFile
char * ClientOnionAuthDir
int ExitPolicyRejectPrivate
Definition: or_options_st.h:96
char * AndroidIdentityTag
Definition: or_options_st.h:47
struct config_line_t * NATDPort_lines
struct config_line_t * MyFamily
struct config_line_t * ExtORPort_lines
int TestingAuthKeySlop
char * ConsensusParams
struct config_line_t * ControlPort_lines
int DoSConnectionEnabled
int TestingAuthKeyLifetime
uint64_t BandwidthRate
int FetchHidServDescriptors
char * KeyDirectory_option
Definition: or_options_st.h:55
int DisablePredictedCircuits
int CookieAuthentication
int ReloadTorrcOnSIGHUP
struct config_line_t * ServerTransportListenAddr
char * BridgePassword_AuthDigest_
int MinUptimeHidServDirectoryV2
routerset_t * HSLayer2Nodes
struct config_line_t * ExitPolicy
Definition: or_options_st.h:95
struct config_line_t * ReachableAddresses
uint64_t AuthDirFastGuarantee
tor_addr_t Socks4ProxyAddr
Headers for address.h.
int UpdateBridgesFromAuthority
int UseDefaultFallbackDirs
char * SafeLogging
int GeoIPExcludeUnknown
uint64_t MaxAdvertisedBandwidth
struct smartlist_t * Schedulers
int ConnLimit_low_thresh
char * SyslogIdentityTag
Definition: or_options_st.h:46
struct config_line_t * AlternateBridgeAuthority
int TestingClientMaxIntervalWithoutRequest
int DisableSignalHandlers
int LogTimeGranularity
Definition: or_options_st.h:40
int FetchDirInfoExtraEarly
struct config_suite_t * subconfigs_
int TestingLinkCertLifetime
char * VirtualAddrNetworkIPv4
int VersioningAuthoritativeDir
struct config_line_t * NodeFamilies
char * Socks5Proxy
int ConnLimit_high_thresh
struct config_line_t * ServerTransportPlugin
int DoSCircuitCreationMinConnections
uint16_t Socks4ProxyPort
int LeaveStreamsUnattached
int TestingV3AuthInitialVoteDelay
struct config_line_t * Bridges
int AuthDirHasIPv6Connectivity
struct smartlist_t * SchedulerTypes_
int TestingClientConsensusDownloadInitialDelay
int ClientAutoIPv6ORPort
struct config_line_t * RecommendedVersions
int AutomapHostsOnResolve
int UsingTestNetworkDefaults_
char * TransProxyType
int TestingEstimatedDescriptorPropagationTime
routerset_t * MiddleNodes
Definition: or_options_st.h:72
uint64_t AccountingMax
int TestingServerConsensusDownloadInitialDelay
int DoSCircuitCreationDefenseType
char * BridgeDistribution
int ConstrainedSockets
int TestingAuthDirTimeToLearnReachability
int CacheDirectoryGroupReadable
Definition: or_options_st.h:63
struct config_line_t * Logs
Definition: or_options_st.h:38
char * Nickname
Definition: or_options_st.h:65
int ControlPortFileGroupReadable
uint64_t PerConnBWBurst
struct config_line_t * AuthDirInvalid
struct smartlist_t * FilesOpenedByIncludes
struct smartlist_t * ServerDNSTestAddresses
int ServerDNSAllowNonRFC953Hostnames
char * CacheDirectory_option
Definition: or_options_st.h:60
int TestingDirConnectionMaxStall
routerset_t * EntryNodes
Definition: or_options_st.h:75
int BridgeAuthoritativeDir
int TestingV3AuthInitialVotingInterval
int DisableDebuggerAttachment
int DoSCircuitCreationEnabled
int UseEntryGuards_option
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
int MaxConsensusAgeForDiffs
int ClientRejectInternalAddresses
int DoSCircuitCreationDefenseTimePeriod
struct smartlist_t * TrackHostExits
char * AccountingStart
double CircuitPriorityHalflife
int DataDirectoryGroupReadable
Definition: or_options_st.h:53
int LearnCircuitBuildTimeout
struct config_line_t * ReachableORAddresses
struct config_line_t * AddressMap
uint64_t RelayBandwidthBurst
int TestingEnableCellStatsEvent
char * DataDirectory_option
Definition: or_options_st.h:50
int V3AuthNIntervalsValid
uint64_t BandwidthBurst
int KISTSchedRunInterval
routerset_t * ExcludeExitNodes
Definition: or_options_st.h:85
int ReducedCircuitPadding
struct config_line_t * SocksPort_lines
outbound_addr_t
Definition: or_options_st.h:26
tor_addr_t HTTPSProxyAddr
struct config_line_t * ORPort_lines
char * GuardfractionFile
int TestingV3AuthVotingStartOffset
int BridgeRecordUsageByCountry
char * CacheDirectory
Definition: or_options_st.h:62
int ClientBootstrapConsensusAuthorityDownloadInitialDelay
char * HTTPSProxyAuthenticator
int UnixSocksGroupWritable
char * BridgePassword
char * V3BandwidthsFile
int PublishHidServDescriptors
struct config_line_t * FallbackDir
struct config_line_t * ReachableDirAddresses
int NumDirectoryGuards
int DoSConnectionMaxConcurrentCount
int V3AuthVotingInterval
char * ServerDNSResolvConfFile
char * DataDirectory
Definition: or_options_st.h:52
char * KeyDirectory
Definition: or_options_st.h:57
int TestingEnableConnBwEvent
struct config_line_t * ClientTransportPlugin
int HiddenServiceStatistics
tor_cmdline_mode_t command
Definition: or_options_st.h:35
int DormantTimeoutDisabledByIdleStreams
int CircuitStreamTimeout
int ClientPreferIPv6ORPort
uint64_t AuthDirGuardBWGuarantee
int DoSConnectionDefenseType
int UseMicrodescriptors
char * command_arg
Definition: or_options_st.h:36
int V3AuthoritativeDir
struct config_line_t * OutboundBindAddressExit
struct config_line_t * HashedControlSessionPassword
struct smartlist_t * PublishServerDescriptor
int CountPrivateBandwidth
tor_addr_t HTTPProxyAddr
int AuthDirMaxServersPerAddr
char * HTTPSProxy
uint64_t TestingMinExitFlagThreshold
int ClientDNSRejectInternalAddresses
uint16_t Socks5ProxyPort
uint64_t MaxUnparseableDescSizeToLog
int AllDirActionsPrivate
double PathsNeededToBuildCircuits
struct config_line_t * HashedControlPassword
int DoSCircuitCreationBurst
uint16_t HTTPProxyPort
int CircuitsAvailableTimeout
struct config_line_t * MyFamily_lines
int TokenBucketRefillInterval
enum or_options_t::@2 TransProxyType_parsed
int CookieAuthFileGroupReadable
int FetchUselessDescriptors
struct config_line_t * OutboundBindAddress
routerset_t * ExcludeNodes
Definition: or_options_st.h:81
int TestingSigningKeySlop
int KeepBindCapabilities
uint64_t TestingMinFastFlagThreshold