or_options_st.h

Go to the documentation of this file.

/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 * Copyright (c) 2007-2019, The Tor Project, Inc. */
/* See LICENSE for licensing information */

#ifndef TOR_OR_OPTIONS_ST_H
#define TOR_OR_OPTIONS_ST_H

#include "lib/cc/torint.h"
#include "lib/net/address.h"

struct smartlist_t;
struct config_line_t;

typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR,
              OUTBOUND_ADDR_EXIT_AND_OR,
              OUTBOUND_ADDR_MAX} outbound_addr_t;

struct or_options_t {
  uint32_t magic_;

  enum {
    CMD_RUN_TOR=0, CMD_LIST_FINGERPRINT, CMD_HASH_PASSWORD,
    CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS, CMD_DUMP_CONFIG,
    CMD_KEYGEN,
    CMD_KEY_EXPIRATION,
  } command;
  char *command_arg; 
  struct config_line_t *Logs; 
  int LogTimeGranularity; 
  int LogMessageDomains; 
  int TruncateLogFile; 
  char *SyslogIdentityTag; 
  char *AndroidIdentityTag; 
  char *DebugLogFile; 
  char *DataDirectory_option; 
  char *DataDirectory; 
  int DataDirectoryGroupReadable; 
  char *KeyDirectory_option; 
  char *KeyDirectory; 
  int KeyDirectoryGroupReadable; 
  char *CacheDirectory_option; 
  char *CacheDirectory; 
  int CacheDirectoryGroupReadable; 
  char *Nickname; 
  char *Address; 
  char *PidFile; 
  routerset_t *ExitNodes; 
  routerset_t *MiddleNodes; 
  routerset_t *EntryNodes;
  int StrictNodes; 
  routerset_t *ExcludeNodes;
  routerset_t *ExcludeExitNodes;
  routerset_t *ExcludeExitNodesUnion_;

  int DisableAllSwap; 
  struct config_line_t *ExitPolicy; 
  int ExitPolicyRejectPrivate; 
  int ExitPolicyRejectLocalInterfaces; 
  int ReducedExitPolicy; 
  struct config_line_t *SocksPolicy; 
  struct config_line_t *DirPolicy; 
  struct config_line_t *OutboundBindAddress;
  struct config_line_t *OutboundBindAddressOR;
  struct config_line_t *OutboundBindAddressExit;
  tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2];
  struct config_line_t *RecommendedVersions;
  struct config_line_t *RecommendedClientVersions;
  struct config_line_t *RecommendedServerVersions;
  struct config_line_t *RecommendedPackages;
  int DirAllowPrivateAddresses;
  int ExtendAllowPrivateAddresses;
  char *User; 
  struct config_line_t *ORPort_lines;
  struct config_line_t *ExtORPort_lines;
  struct config_line_t *SocksPort_lines;
  struct config_line_t *TransPort_lines;
  char *TransProxyType; 
  enum {
    TPT_DEFAULT,
    TPT_PF_DIVERT,
    TPT_IPFW,
    TPT_TPROXY,
  } TransProxyType_parsed;
  struct config_line_t *NATDPort_lines;
  struct config_line_t *HTTPTunnelPort_lines;
  struct config_line_t *ControlPort_lines; 
  struct config_line_t *ControlSocket;

  int ControlSocketsGroupWritable; 
  int UnixSocksGroupWritable; 
  struct config_line_t *DirPort_lines;
  struct config_line_t *DNSPort_lines;

  /* MaxMemInQueues value as input by the user. We clean this up to be
   * MaxMemInQueues. */
  uint64_t MaxMemInQueues_raw;
  uint64_t MaxMemInQueues;
  uint64_t MaxMemInQueues_low_threshold;

  unsigned int ORPort_set : 1;
  unsigned int SocksPort_set : 1;
  unsigned int TransPort_set : 1;
  unsigned int NATDPort_set : 1;
  unsigned int ControlPort_set : 1;
  unsigned int DirPort_set : 1;
  unsigned int DNSPort_set : 1;
  unsigned int ExtORPort_set : 1;
  unsigned int HTTPTunnelPort_set : 1;
  int AssumeReachable; 
  int AuthoritativeDir; 
  int V3AuthoritativeDir; 
  int VersioningAuthoritativeDir; 
  int BridgeAuthoritativeDir; 
  char *BridgeDistribution;

  char *BridgePassword;
  char *BridgePassword_AuthDigest_;

  int UseBridges; 
  struct config_line_t *Bridges; 
  struct config_line_t *ClientTransportPlugin; 
  struct config_line_t *ServerTransportPlugin; 
  struct config_line_t *ServerTransportListenAddr;

  struct config_line_t *ServerTransportOptions;

  int BridgeRelay; 
  int UpdateBridgesFromAuthority;

  int AvoidDiskWrites; 
  int ClientOnly; 
  int ReducedConnectionPadding; 
  int ConnectionPadding;

  int CircuitPadding;

  int ReducedCircuitPadding;

  struct smartlist_t *PublishServerDescriptor;
  dirinfo_type_t PublishServerDescriptor_;
  int PublishHidServDescriptors;
  int FetchServerDescriptors; 
  int FetchHidServDescriptors; 
  int MinUptimeHidServDirectoryV2; 
  int FetchUselessDescriptors; 
  int AllDirActionsPrivate; 
  routerset_t *HSLayer2Nodes;

  routerset_t *HSLayer3Nodes;

  int HiddenServiceSingleHopMode;
  /* Makes hidden service clients and servers non-anonymous on this tor
   * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables
   * non-anonymous behaviour in the hidden service protocol.
   * Use rend_service_non_anonymous_mode_enabled() instead of using this option
   * directly.
   */
  int HiddenServiceNonAnonymousMode;

  int ConnLimit; 
  int ConnLimit_; 
  int ConnLimit_high_thresh; 
  int ConnLimit_low_thresh; 
  int RunAsDaemon; 
  int FascistFirewall; 
  struct smartlist_t *FirewallPorts; 
  struct config_line_t *ReachableAddresses;
  struct config_line_t *ReachableORAddresses; 
  struct config_line_t *ReachableDirAddresses; 
  int ConstrainedSockets; 
  uint64_t ConstrainedSockSize; 
  int RefuseUnknownExits;

  struct smartlist_t *LongLivedPorts;
  struct smartlist_t *RejectPlaintextPorts;
  struct smartlist_t *WarnPlaintextPorts;
  struct smartlist_t *TrackHostExits;
  int TrackHostExitsExpire; 
  struct config_line_t *AddressMap; 
  int AutomapHostsOnResolve; 
  struct smartlist_t *AutomapHostsSuffixes;
  int RendPostPeriod; 
  int KeepalivePeriod; 
  int SocksTimeout; 
  int LearnCircuitBuildTimeout; 
  int CircuitBuildTimeout; 
  int CircuitsAvailableTimeout; 
  int CircuitStreamTimeout; 
  int MaxOnionQueueDelay; /*< DOCDOC */
  int NewCircuitPeriod; 
  int MaxCircuitDirtiness; 
  uint64_t BandwidthRate; 
  uint64_t BandwidthBurst; 
  uint64_t MaxAdvertisedBandwidth; 
  uint64_t RelayBandwidthRate; 
  uint64_t RelayBandwidthBurst; 
  uint64_t PerConnBWRate; 
  uint64_t PerConnBWBurst; 
  int NumCPUs; 
  struct config_line_t *RendConfigLines; 
  struct config_line_t *HidServAuth; 
  char *ClientOnionAuthDir; 
  char *ContactInfo; 
  int HeartbeatPeriod; 
  int MainloopStats; 
  char *HTTPProxy; 
  tor_addr_t HTTPProxyAddr; 
  uint16_t HTTPProxyPort; 
  char *HTTPProxyAuthenticator; 
  char *HTTPSProxy; 
  tor_addr_t HTTPSProxyAddr; 
  uint16_t HTTPSProxyPort; 
  char *HTTPSProxyAuthenticator; 
  char *Socks4Proxy; 
  tor_addr_t Socks4ProxyAddr; 
  uint16_t Socks4ProxyPort; 
  char *Socks5Proxy; 
  tor_addr_t Socks5ProxyAddr; 
  uint16_t Socks5ProxyPort; 
  char *Socks5ProxyUsername; 
  char *Socks5ProxyPassword; 
  struct config_line_t *DirAuthorities;

  struct config_line_t *FallbackDir;
  int UseDefaultFallbackDirs;

  double DirAuthorityFallbackRate;

  struct config_line_t *AlternateDirAuthority;

  struct config_line_t *AlternateBridgeAuthority;

  struct config_line_t *MyFamily_lines; 
  struct config_line_t *MyFamily; 
  struct config_line_t *NodeFamilies; 
  struct smartlist_t *NodeFamilySets;
  struct config_line_t *AuthDirBadExit; 
  struct config_line_t *AuthDirReject; 
  struct config_line_t *AuthDirInvalid; 
  struct smartlist_t *AuthDirBadExitCCs;
  struct smartlist_t *AuthDirInvalidCCs;
  struct smartlist_t *AuthDirRejectCCs;
  int AuthDirListBadExits; 
  int AuthDirMaxServersPerAddr; 
  int AuthDirHasIPv6Connectivity; 
  int AuthDirPinKeys; 
  uint64_t AuthDirFastGuarantee;

  uint64_t AuthDirGuardBWGuarantee;

  char *AccountingStart; 
  uint64_t AccountingMax; 
  char *AccountingRule_option;
  enum { ACCT_MAX, ACCT_SUM, ACCT_IN, ACCT_OUT } AccountingRule;

  struct config_line_t *HashedControlPassword;
  struct config_line_t *HashedControlSessionPassword;

  int CookieAuthentication; 
  char *CookieAuthFile; 
  char *ExtORPortCookieAuthFile; 
  int CookieAuthFileGroupReadable; 
  int ExtORPortCookieAuthFileGroupReadable; 
  int LeaveStreamsUnattached; 
  int DisablePredictedCircuits; 
  char *OwningControllerProcess;
  uint64_t OwningControllerFD;

  int ShutdownWaitLength; 
  char *SafeLogging; 
  /* Derived from SafeLogging */
  enum {
    SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE
  } SafeLogging_;

  int Sandbox; 
  int SafeSocks; 
  int ProtocolWarnings; 
  int TestSocks; 
  int HardwareAccel; 
  int TokenBucketRefillInterval;
  char *AccelName; 
  char *AccelDir; 
  int UseEntryGuards_option;
  int UseEntryGuards;

  int NumEntryGuards; 
  int UseGuardFraction;

  int NumDirectoryGuards; 
  int NumPrimaryGuards; 
  int RephistTrackTime; 
  int FetchDirInfoEarly;

  int FetchDirInfoExtraEarly;

  int DirCache; 
  char *VirtualAddrNetworkIPv4; 
  char *VirtualAddrNetworkIPv6; 
  int ServerDNSSearchDomains; 
  int ServerDNSDetectHijacking; 
  int ServerDNSRandomizeCase; 
  char *ServerDNSResolvConfFile; 
  char *DirPortFrontPage; 
  int DisableDebuggerAttachment; 
  int ServerDNSAllowBrokenConfig;
  int CountPrivateBandwidth;
  struct smartlist_t *ServerDNSTestAddresses;
  int EnforceDistinctSubnets; 
  int AllowNonRFC953Hostnames; 
  int ServerDNSAllowNonRFC953Hostnames;

  int DownloadExtraInfo;

  int DirReqStatistics_option;
  int DirReqStatistics;

  int ExitPortStatistics;

  int ConnDirectionStatistics;

  int CellStatistics;

  int PaddingStatistics;

  int EntryStatistics;

  int HiddenServiceStatistics_option;
  int HiddenServiceStatistics;

  int ExtraInfoStatistics;

  int ClientDNSRejectInternalAddresses;

  int ClientRejectInternalAddresses;

  int ClientUseIPv4;
  int ClientUseIPv6;
  int ClientPreferIPv6ORPort;
  int ClientPreferIPv6DirPort;

  int ClientAutoIPv6ORPort;

  int V3AuthVotingInterval;
  int V3AuthVoteDelay;
  int V3AuthDistDelay;
  int V3AuthNIntervalsValid;

  int V3AuthUseLegacyKey;

  char *V3BandwidthsFile;

  char *GuardfractionFile;

  char *ConsensusParams;

  int MinMeasuredBWsForAuthToIgnoreAdvertised;

  int TestingV3AuthInitialVotingInterval;

  int TestingV3AuthInitialVoteDelay;

  int TestingV3AuthInitialDistDelay;

  int TestingV3AuthVotingStartOffset;

  int TestingAuthDirTimeToLearnReachability;

  int TestingEstimatedDescriptorPropagationTime;

  int TestingServerDownloadInitialDelay;

  int TestingClientDownloadInitialDelay;

  int TestingServerConsensusDownloadInitialDelay;

  int TestingClientConsensusDownloadInitialDelay;

  int ClientBootstrapConsensusAuthorityDownloadInitialDelay;

  int ClientBootstrapConsensusFallbackDownloadInitialDelay;

  int ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay;

  int TestingBridgeDownloadInitialDelay;

  int TestingBridgeBootstrapDownloadInitialDelay;

  int TestingClientMaxIntervalWithoutRequest;

  int TestingDirConnectionMaxStall;

  int ClientBootstrapConsensusMaxInProgressTries;

  int TestingTorNetwork;

  uint64_t TestingMinExitFlagThreshold;

  uint64_t TestingMinFastFlagThreshold;

  routerset_t *TestingDirAuthVoteExit;
  int TestingDirAuthVoteExitIsStrict;

  routerset_t *TestingDirAuthVoteGuard;
  int TestingDirAuthVoteGuardIsStrict;

  routerset_t *TestingDirAuthVoteHSDir;
  int TestingDirAuthVoteHSDirIsStrict;

  int TestingEnableConnBwEvent;

  int TestingEnableCellStatsEvent;

  int BridgeRecordUsageByCountry;

  char *GeoIPFile;
  char *GeoIPv6File;

  int GeoIPExcludeUnknown;

  int ReloadTorrcOnSIGHUP;

  /* The main parameter for picking circuits within a connection.
   *
   * If this value is positive, when picking a cell to relay on a connection,
   * we always relay from the circuit whose weighted cell count is lowest.
   * Cells are weighted exponentially such that if one cell is sent
   * 'CircuitPriorityHalflife' seconds before another, it counts for half as
   * much.
   *
   * If this value is zero, we're disabling the cell-EWMA algorithm.
   *
   * If this value is negative, we're using the default approach
   * according to either Tor or a parameter set in the consensus.
   */
  double CircuitPriorityHalflife;

  int UsingTestNetworkDefaults_;

  int UseMicrodescriptors;

  char *ControlPortWriteToFile;
  int ControlPortFileGroupReadable;

#define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024

  int MaxClientCircuitsPending;

  int OptimisticData;

  int DisableNetwork;

  int PathBiasCircThreshold;
  double PathBiasNoticeRate;
  double PathBiasWarnRate;
  double PathBiasExtremeRate;
  int PathBiasDropGuards;
  int PathBiasScaleThreshold;
  int PathBiasUseThreshold;
  double PathBiasNoticeUseRate;
  double PathBiasExtremeUseRate;
  int PathBiasScaleUseThreshold;
  int IPv6Exit; 
  double PathsNeededToBuildCircuits;

  int SSLKeyLifetime;

  int GuardLifetime;

  int ExitRelay;

  int SigningKeyLifetime;
  int TestingLinkCertLifetime;
  int TestingAuthKeyLifetime;

  int TestingSigningKeySlop;
  int TestingLinkKeySlop;
  int TestingAuthKeySlop;

  int OfflineMasterKey;

  enum {
    FORCE_PASSPHRASE_AUTO=0,
    FORCE_PASSPHRASE_ON,
    FORCE_PASSPHRASE_OFF
  } keygen_force_passphrase;
  int use_keygen_passphrase_fd;
  int keygen_passphrase_fd;
  int change_key_passphrase;
  char *master_key_fname;

  int KeepBindCapabilities;

  uint64_t MaxUnparseableDescSizeToLog;

  int AuthDirSharedRandomness;

  int DisableOOSCheck;

  int ExtendByEd25519ID;

  /* NOTE: remove this option someday. */
  int AuthDirTestEd25519LinkKeys;

  int IncludeUsed;

  int MaxConsensusAgeForDiffs;

  int NoExec;

  int KISTSchedRunInterval;

  double KISTSockBufSizeFactor;

  struct smartlist_t *Schedulers;
  /* An ordered list of scheduler_types mapped from Schedulers. */
  struct smartlist_t *SchedulerTypes_;

  struct smartlist_t *FilesOpenedByIncludes;

  int DisableSignalHandlers;

  int DoSCircuitCreationEnabled;
  int DoSCircuitCreationMinConnections;
  int DoSCircuitCreationRate;
  int DoSCircuitCreationBurst;
  int DoSCircuitCreationDefenseType;
  int DoSCircuitCreationDefenseTimePeriod;

  int DoSConnectionEnabled;
  int DoSConnectionMaxConcurrentCount;
  int DoSConnectionDefenseType;

  int DoSRefuseSingleHopClientRendezvous;

  int DormantClientTimeout;

  int DormantTimeoutDisabledByIdleStreams;

  int DormantOnFirstStartup;
  int DormantCanceledByStartup;
};

#endif