Tor  0.4.3.0-alpha-dev
relay_config.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * @file relay_config.c
9  * @brief Code to interpret the user's configuration of Tor's relay module.
10  **/
11 
12 #include "orconfig.h"
13 #define RELAY_CONFIG_PRIVATE
15 
16 #include "lib/encoding/confline.h"
17 #include "lib/confmgt/confmgt.h"
18 
20 #include "lib/geoip/geoip.h"
21 #include "lib/meminfo/meminfo.h"
22 #include "lib/osinfo/uname.h"
23 #include "lib/process/setuid.h"
24 
25 /* Required for dirinfo_type_t in or_options_t */
26 #include "core/or/or.h"
27 #include "app/config/config.h"
28 
31 #include "core/mainloop/mainloop.h"
32 #include "core/or/circuitbuild.h"
33 #include "core/or/connection_or.h"
34 #include "core/or/port_cfg_st.h"
35 
40 #include "feature/stats/rephist.h"
41 
43 
45 #include "feature/relay/dns.h"
47 
48 /** Contents of most recently read DirPortFrontPage file. */
49 static char *global_dirfrontpagecontents = NULL;
50 
51 /* Copied from config.c, we will refactor later in 29211. */
52 #define REJECT(arg) \
53  STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
54 #if defined(__GNUC__) && __GNUC__ <= 3
55 #define COMPLAIN(args...) \
56  STMT_BEGIN log_warn(LD_CONFIG, args); STMT_END
57 #else
58 #define COMPLAIN(args, ...) \
59  STMT_BEGIN log_warn(LD_CONFIG, args, ##__VA_ARGS__); STMT_END
60 #endif /* defined(__GNUC__) && __GNUC__ <= 3 */
61 
62 /* Used in the various options_transition_affects* functions. */
63 #define YES_IF_CHANGED_BOOL(opt) \
64  if (!CFG_EQ_BOOL(old_options, new_options, opt)) return 1;
65 #define YES_IF_CHANGED_INT(opt) \
66  if (!CFG_EQ_INT(old_options, new_options, opt)) return 1;
67 #define YES_IF_CHANGED_STRING(opt) \
68  if (!CFG_EQ_STRING(old_options, new_options, opt)) return 1;
69 #define YES_IF_CHANGED_LINELIST(opt) \
70  if (!CFG_EQ_LINELIST(old_options, new_options, opt)) return 1;
71 
72 /** Return the contents of our frontpage string, or NULL if not configured. */
73 MOCK_IMPL(const char*,
75 {
77 }
78 
79 /** Release all memory and resources held by global relay configuration
80  * structures.
81  */
82 void
84 {
86 }
87 
88 /** Return the bandwidthrate that we are going to report to the authorities
89  * based on the config options. */
90 uint32_t
92 {
93  uint64_t bw = options->BandwidthRate;
94  if (bw > options->MaxAdvertisedBandwidth)
95  bw = options->MaxAdvertisedBandwidth;
96  if (options->RelayBandwidthRate > 0 && bw > options->RelayBandwidthRate)
97  bw = options->RelayBandwidthRate;
98  /* config_ensure_bandwidth_cap() makes sure that this cast can't overflow. */
99  return (uint32_t)bw;
100 }
101 
102 /** Return the bandwidthburst that we are going to report to the authorities
103  * based on the config options. */
104 uint32_t
106 {
107  uint64_t bw = options->BandwidthBurst;
108  if (options->RelayBandwidthBurst > 0 && bw > options->RelayBandwidthBurst)
109  bw = options->RelayBandwidthBurst;
110  /* config_ensure_bandwidth_cap() makes sure that this cast can't overflow. */
111  return (uint32_t)bw;
112 }
113 
114 /** Warn for every Extended ORPort port in <b>ports</b> that is on a
115  * publicly routable address. */
116 void
117 port_warn_nonlocal_ext_orports(const smartlist_t *ports, const char *portname)
118 {
119  SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) {
120  if (port->type != CONN_TYPE_EXT_OR_LISTENER)
121  continue;
122  if (port->is_unix_addr)
123  continue;
124  /* XXX maybe warn even if address is RFC1918? */
125  if (!tor_addr_is_internal(&port->addr, 1)) {
126  log_warn(LD_CONFIG, "You specified a public address '%s' for %sPort. "
127  "This is not advised; this address is supposed to only be "
128  "exposed on localhost so that your pluggable transport "
129  "proxies can connect to it.",
130  fmt_addrport(&port->addr, port->port), portname);
131  }
132  } SMARTLIST_FOREACH_END(port);
133 }
134 
135 /** Given a list of <b>port_cfg_t</b> in <b>ports</b>, check them for internal
136  * consistency and warn as appropriate. On Unix-based OSes, set
137  * *<b>n_low_ports_out</b> to the number of sub-1024 ports we will be
138  * binding, and warn if we may be unable to re-bind after hibernation. */
139 static int
141  const or_options_t *options,
142  int *n_low_ports_out)
143 {
144  if (BUG(!ports))
145  return -1;
146 
147  if (BUG(!options))
148  return -1;
149 
150  if (BUG(!n_low_ports_out))
151  return -1;
152 
153  int n_orport_advertised = 0;
154  int n_orport_advertised_ipv4 = 0;
155  int n_orport_listeners = 0;
156  int n_dirport_advertised = 0;
157  int n_dirport_listeners = 0;
158  int n_low_port = 0;
159  int r = 0;
160 
161  SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) {
162  if (port->type == CONN_TYPE_DIR_LISTENER) {
163  if (! port->server_cfg.no_advertise)
164  ++n_dirport_advertised;
165  if (! port->server_cfg.no_listen)
166  ++n_dirport_listeners;
167  } else if (port->type == CONN_TYPE_OR_LISTENER) {
168  if (! port->server_cfg.no_advertise) {
169  ++n_orport_advertised;
170  if (port_binds_ipv4(port))
171  ++n_orport_advertised_ipv4;
172  }
173  if (! port->server_cfg.no_listen)
174  ++n_orport_listeners;
175  } else {
176  continue;
177  }
178 #ifndef _WIN32
179  if (!port->server_cfg.no_listen && port->port < 1024)
180  ++n_low_port;
181 #endif
182  } SMARTLIST_FOREACH_END(port);
183 
184  if (n_orport_advertised && !n_orport_listeners) {
185  log_warn(LD_CONFIG, "We are advertising an ORPort, but not actually "
186  "listening on one.");
187  r = -1;
188  }
189  if (n_orport_listeners && !n_orport_advertised) {
190  log_warn(LD_CONFIG, "We are listening on an ORPort, but not advertising "
191  "any ORPorts. This will keep us from building a %s "
192  "descriptor, and make us impossible to use.",
193  options->BridgeRelay ? "bridge" : "router");
194  r = -1;
195  }
196  if (n_dirport_advertised && !n_dirport_listeners) {
197  log_warn(LD_CONFIG, "We are advertising a DirPort, but not actually "
198  "listening on one.");
199  r = -1;
200  }
201  if (n_dirport_advertised > 1) {
202  log_warn(LD_CONFIG, "Can't advertise more than one DirPort.");
203  r = -1;
204  }
205  if (n_orport_advertised && !n_orport_advertised_ipv4 &&
206  !options->BridgeRelay) {
207  log_warn(LD_CONFIG, "Configured public relay to listen only on an IPv6 "
208  "address. Tor needs to listen on an IPv4 address too.");
209  r = -1;
210  }
211 
212  if (n_low_port && options->AccountingMax &&
213  (!have_capability_support() || options->KeepBindCapabilities == 0)) {
214  const char *extra = "";
215  if (options->KeepBindCapabilities == 0 && have_capability_support())
216  extra = ", and you have disabled KeepBindCapabilities.";
217  log_warn(LD_CONFIG,
218  "You have set AccountingMax to use hibernation. You have also "
219  "chosen a low DirPort or OrPort%s."
220  "This combination can make Tor stop "
221  "working when it tries to re-attach the port after a period of "
222  "hibernation. Please choose a different port or turn off "
223  "hibernation unless you know this combination will work on your "
224  "platform.", extra);
225  }
226 
227  if (n_low_ports_out)
228  *n_low_ports_out = n_low_port;
229 
230  return r;
231 }
232 
233 /** Parse all relay ports from <b>options</b>. On success, add parsed ports to
234  * <b>ports</b>, and return 0. On failure, set *<b>msg</b> to a description
235  * of the problem and return -1.
236  **/
237 int
239  char **msg,
240  smartlist_t *ports_out,
241  int *have_low_ports_out)
242 {
243  int retval = -1;
244  smartlist_t *ports = smartlist_new();
245  int n_low_ports = 0;
246 
247  if (BUG(!options))
248  goto err;
249 
250  if (BUG(!msg))
251  goto err;
252 
253  if (BUG(!ports_out))
254  goto err;
255 
256  if (BUG(!have_low_ports_out))
257  goto err;
258 
259  if (options->ClientOnly) {
260  retval = 0;
261  goto err;
262  }
263 
264  if (port_parse_config(ports,
265  options->ORPort_lines,
266  "OR", CONN_TYPE_OR_LISTENER,
267  "0.0.0.0", 0,
268  CL_PORT_SERVER_OPTIONS) < 0) {
269  *msg = tor_strdup("Invalid ORPort configuration");
270  goto err;
271  }
272  if (port_parse_config(ports,
273  options->ExtORPort_lines,
274  "ExtOR", CONN_TYPE_EXT_OR_LISTENER,
275  "127.0.0.1", 0,
276  CL_PORT_SERVER_OPTIONS|CL_PORT_WARN_NONLOCAL) < 0) {
277  *msg = tor_strdup("Invalid ExtORPort configuration");
278  goto err;
279  }
280  if (port_parse_config(ports,
281  options->DirPort_lines,
282  "Dir", CONN_TYPE_DIR_LISTENER,
283  "0.0.0.0", 0,
284  CL_PORT_SERVER_OPTIONS) < 0) {
285  *msg = tor_strdup("Invalid DirPort configuration");
286  goto err;
287  }
288 
289  if (check_server_ports(ports, options, &n_low_ports) < 0) {
290  *msg = tor_strdup("Misconfigured server ports");
291  goto err;
292  }
293 
294  smartlist_add_all(ports_out, ports);
295  smartlist_free(ports);
296  ports = NULL;
297  retval = 0;
298 
299  err:
300  if (*have_low_ports_out < 0)
301  *have_low_ports_out = (n_low_ports > 0);
302  if (ports) {
303  SMARTLIST_FOREACH(ports, port_cfg_t *, p, port_cfg_free(p));
304  smartlist_free(ports);
305  }
306  return retval;
307 }
308 
309 /** Update the relay *Port_set values in <b>options</b> from <b>ports</b>. */
310 void
312  const smartlist_t *ports)
313 {
314  if (BUG(!options))
315  return;
316 
317  if (BUG(!ports))
318  return;
319 
320  if (options->ClientOnly)
321  return;
322 
323  /* Update the relay *Port_set options. The !! here is to force a boolean
324  * out of an integer. */
325  options->ORPort_set =
327  options->DirPort_set =
329  options->ExtORPort_set =
331 }
332 
333 /**
334  * Legacy validation function, which checks that the current OS is usable in
335  * relay mode, if options is set to a relay mode.
336  *
337  * Warns about OSes with potential issues. Always returns 0.
338  */
339 int
341  or_options_t *options,
342  char **msg)
343 {
344  (void)old_options;
345 
346  if (BUG(!options))
347  return -1;
348 
349  if (BUG(!msg))
350  return -1;
351 
352  if (!server_mode(options))
353  return 0;
354 
355  const char *uname = get_uname();
356 
357  if (!strcmpstart(uname, "Windows 95") ||
358  !strcmpstart(uname, "Windows 98") ||
359  !strcmpstart(uname, "Windows Me")) {
360  log_warn(LD_CONFIG, "Tor is running as a server, but you are "
361  "running %s; this probably won't work. See "
362  "https://www.torproject.org/docs/faq.html#BestOSForRelay "
363  "for details.", uname);
364  }
365 
366  return 0;
367 }
368 
369 /**
370  * Legacy validation/normalization function for the relay info options.
371  * Uses old_options as the previous options.
372  *
373  * Returns 0 on success, returns -1 and sets *msg to a newly allocated string
374  * on error.
375  */
376 int
378  or_options_t *options,
379  char **msg)
380 {
381  (void)old_options;
382 
383  if (BUG(!options))
384  return -1;
385 
386  if (BUG(!msg))
387  return -1;
388 
389  if (options->Nickname == NULL) {
390  if (server_mode(options)) {
391  options->Nickname = tor_strdup(UNNAMED_ROUTER_NICKNAME);
392  }
393  } else {
394  if (!is_legal_nickname(options->Nickname)) {
395  tor_asprintf(msg,
396  "Nickname '%s', nicknames must be between 1 and 19 characters "
397  "inclusive, and must contain only the characters [a-zA-Z0-9].",
398  options->Nickname);
399  return -1;
400  }
401  }
402 
403  if (server_mode(options) && !options->ContactInfo)
404  log_notice(LD_CONFIG, "Your ContactInfo config option is not set. "
405  "Please consider setting it, so we can contact you if your server is "
406  "misconfigured or something else goes wrong.");
407 
408  const char *ContactInfo = options->ContactInfo;
409  if (ContactInfo && !string_is_utf8(ContactInfo, strlen(ContactInfo)))
410  REJECT("ContactInfo config option must be UTF-8.");
411 
412  return 0;
413 }
414 
415 /** Parse an authority type from <b>options</b>->PublishServerDescriptor
416  * and write it to <b>options</b>->PublishServerDescriptor_. Treat "1"
417  * as "v3" unless BridgeRelay is 1, in which case treat it as "bridge".
418  * Treat "0" as "".
419  * Return 0 on success or -1 if not a recognized authority type (in which
420  * case the value of PublishServerDescriptor_ is undefined). */
421 static int
423 {
424  smartlist_t *list = options->PublishServerDescriptor;
425  dirinfo_type_t *auth = &options->PublishServerDescriptor_;
426  *auth = NO_DIRINFO;
427  if (!list) /* empty list, answer is none */
428  return 0;
429  SMARTLIST_FOREACH_BEGIN(list, const char *, string) {
430  if (!strcasecmp(string, "v1"))
431  log_warn(LD_CONFIG, "PublishServerDescriptor v1 has no effect, because "
432  "there are no v1 directory authorities anymore.");
433  else if (!strcmp(string, "1"))
434  if (options->BridgeRelay)
435  *auth |= BRIDGE_DIRINFO;
436  else
437  *auth |= V3_DIRINFO;
438  else if (!strcasecmp(string, "v2"))
439  log_warn(LD_CONFIG, "PublishServerDescriptor v2 has no effect, because "
440  "there are no v2 directory authorities anymore.");
441  else if (!strcasecmp(string, "v3"))
442  *auth |= V3_DIRINFO;
443  else if (!strcasecmp(string, "bridge"))
444  *auth |= BRIDGE_DIRINFO;
445  else if (!strcasecmp(string, "hidserv"))
446  log_warn(LD_CONFIG,
447  "PublishServerDescriptor hidserv is invalid. See "
448  "PublishHidServDescriptors.");
449  else if (!strcasecmp(string, "") || !strcmp(string, "0"))
450  /* no authority */;
451  else
452  return -1;
453  } SMARTLIST_FOREACH_END(string);
454  return 0;
455 }
456 
457 /**
458  * Validate the configured bridge distribution method from a BridgeDistribution
459  * config line.
460  *
461  * The input <b>bd</b>, is a string taken from the BridgeDistribution config
462  * line (if present). If the option wasn't set, return 0 immediately. The
463  * BridgeDistribution option is then validated. Currently valid, recognised
464  * options are:
465  *
466  * - "none"
467  * - "any"
468  * - "https"
469  * - "email"
470  * - "moat"
471  * - "hyphae"
472  *
473  * If the option string is unrecognised, a warning will be logged and 0 is
474  * returned. If the option string contains an invalid character, -1 is
475  * returned.
476  **/
477 STATIC int
479 {
480  if (bd == NULL)
481  return 0;
482 
483  const char *RECOGNIZED[] = {
484  "none", "any", "https", "email", "moat", "hyphae"
485  };
486  unsigned i;
487  for (i = 0; i < ARRAY_LENGTH(RECOGNIZED); ++i) {
488  if (!strcmp(bd, RECOGNIZED[i]))
489  return 0;
490  }
491 
492  const char *cp = bd;
493  // Method = (KeywordChar | "_") +
494  while (TOR_ISALNUM(*cp) || *cp == '-' || *cp == '_')
495  ++cp;
496 
497  if (*cp == 0) {
498  log_warn(LD_CONFIG, "Unrecognized BridgeDistribution value %s. I'll "
499  "assume you know what you are doing...", escaped(bd));
500  return 0; // we reached the end of the string; all is well
501  } else {
502  return -1; // we found a bad character in the string.
503  }
504 }
505 
506 /**
507  * Legacy validation/normalization function for the bridge relay options.
508  * Uses old_options as the previous options.
509  *
510  * Returns 0 on success, returns -1 and sets *msg to a newly allocated string
511  * on error.
512  */
513 int
515  or_options_t *options,
516  char **msg)
517 {
518  (void)old_options;
519 
520  if (BUG(!options))
521  return -1;
522 
523  if (BUG(!msg))
524  return -1;
525 
526  if (compute_publishserverdescriptor(options) < 0) {
527  tor_asprintf(msg, "Unrecognized value in PublishServerDescriptor");
528  return -1;
529  }
530 
531  if ((options->BridgeRelay
533  && (options->PublishServerDescriptor_ & V3_DIRINFO)) {
534  REJECT("Bridges are not supposed to publish router descriptors to the "
535  "directory authorities. Please correct your "
536  "PublishServerDescriptor line.");
537  }
538 
539  if (options->BridgeDistribution) {
540  if (!options->BridgeRelay) {
541  REJECT("You set BridgeDistribution, but you didn't set BridgeRelay!");
542  }
544  REJECT("Invalid BridgeDistribution value.");
545  }
546  }
547 
548  if (options->PublishServerDescriptor)
549  SMARTLIST_FOREACH(options->PublishServerDescriptor, const char *, pubdes, {
550  if (!strcmp(pubdes, "1") || !strcmp(pubdes, "0"))
551  if (smartlist_len(options->PublishServerDescriptor) > 1) {
552  COMPLAIN("You have passed a list of multiple arguments to the "
553  "PublishServerDescriptor option that includes 0 or 1. "
554  "0 or 1 should only be used as the sole argument. "
555  "This configuration will be rejected in a future release.");
556  break;
557  }
558  });
559 
560  return 0;
561 }
562 
563 /**
564  * Legacy validation/normalization function for the relay padding options.
565  * Uses old_options as the previous options.
566  *
567  * Returns 0 on success, returns -1 and sets *msg to a newly allocated string
568  * on error.
569  */
570 int
572  or_options_t *options,
573  char **msg)
574 {
575  (void)old_options;
576 
577  if (BUG(!options))
578  return -1;
579 
580  if (BUG(!msg))
581  return -1;
582 
583  if (!server_mode(options))
584  return 0;
585 
586  if (options->ConnectionPadding != -1) {
587  REJECT("Relays must use 'auto' for the ConnectionPadding setting.");
588  }
589 
590  if (options->ReducedConnectionPadding != 0) {
591  REJECT("Relays cannot set ReducedConnectionPadding. ");
592  }
593 
594  if (options->CircuitPadding == 0) {
595  REJECT("Relays cannot set CircuitPadding to 0. ");
596  }
597 
598  if (options->ReducedCircuitPadding == 1) {
599  REJECT("Relays cannot set ReducedCircuitPadding. ");
600  }
601 
602  return 0;
603 }
604 
605 /**
606  * Legacy validation/normalization function for the relay bandwidth options.
607  * Uses old_options as the previous options.
608  *
609  * Returns 0 on success, returns -1 and sets *msg to a newly allocated string
610  * on error.
611  */
612 int
614  or_options_t *options,
615  char **msg)
616 {
617  (void)old_options;
618 
619  if (BUG(!options))
620  return -1;
621 
622  if (BUG(!msg))
623  return -1;
624 
625  /* 31851: the tests expect us to validate bandwidths, even when we are not
626  * in relay mode. */
628  "MaxAdvertisedBandwidth", msg) < 0)
629  return -1;
631  "RelayBandwidthRate", msg) < 0)
632  return -1;
634  "RelayBandwidthBurst", msg) < 0)
635  return -1;
637  "PerConnBWRate", msg) < 0)
638  return -1;
640  "PerConnBWBurst", msg) < 0)
641  return -1;
642 
643  if (options->RelayBandwidthRate && !options->RelayBandwidthBurst)
644  options->RelayBandwidthBurst = options->RelayBandwidthRate;
645  if (options->RelayBandwidthBurst && !options->RelayBandwidthRate)
646  options->RelayBandwidthRate = options->RelayBandwidthBurst;
647 
648  if (server_mode(options)) {
649  const unsigned required_min_bw =
650  public_server_mode(options) ?
651  RELAY_REQUIRED_MIN_BANDWIDTH : BRIDGE_REQUIRED_MIN_BANDWIDTH;
652  const char * const optbridge =
653  public_server_mode(options) ? "" : "bridge ";
654  if (options->BandwidthRate < required_min_bw) {
655  tor_asprintf(msg,
656  "BandwidthRate is set to %d bytes/second. "
657  "For %sservers, it must be at least %u.",
658  (int)options->BandwidthRate, optbridge,
659  required_min_bw);
660  return -1;
661  } else if (options->MaxAdvertisedBandwidth <
662  required_min_bw/2) {
663  tor_asprintf(msg,
664  "MaxAdvertisedBandwidth is set to %d bytes/second. "
665  "For %sservers, it must be at least %u.",
666  (int)options->MaxAdvertisedBandwidth, optbridge,
667  required_min_bw/2);
668  return -1;
669  }
670  if (options->RelayBandwidthRate &&
671  options->RelayBandwidthRate < required_min_bw) {
672  tor_asprintf(msg,
673  "RelayBandwidthRate is set to %d bytes/second. "
674  "For %sservers, it must be at least %u.",
675  (int)options->RelayBandwidthRate, optbridge,
676  required_min_bw);
677  return -1;
678  }
679  }
680 
681  /* 31851: the tests expect us to validate bandwidths, even when we are not
682  * in relay mode. */
683  if (options->RelayBandwidthRate > options->RelayBandwidthBurst)
684  REJECT("RelayBandwidthBurst must be at least equal "
685  "to RelayBandwidthRate.");
686 
687  /* if they set relaybandwidth* really high but left bandwidth*
688  * at the default, raise the defaults. */
689  if (options->RelayBandwidthRate > options->BandwidthRate)
690  options->BandwidthRate = options->RelayBandwidthRate;
691  if (options->RelayBandwidthBurst > options->BandwidthBurst)
692  options->BandwidthBurst = options->RelayBandwidthBurst;
693 
694  return 0;
695 }
696 
697 /**
698  * Legacy validation/normalization function for the relay bandwidth accounting
699  * options. Uses old_options as the previous options.
700  *
701  * Returns 0 on success, returns -1 and sets *msg to a newly allocated string
702  * on error.
703  */
704 int
706  or_options_t *options,
707  char **msg)
708 {
709  (void)old_options;
710 
711  if (BUG(!options))
712  return -1;
713 
714  if (BUG(!msg))
715  return -1;
716 
717  /* 31851: the tests expect us to validate accounting, even when we are not
718  * in relay mode. */
719  if (accounting_parse_options(options, 1)<0)
720  REJECT("Failed to parse accounting options. See logs for details.");
721 
722  if (options->AccountingMax) {
723  if (options->RendConfigLines && server_mode(options)) {
724  log_warn(LD_CONFIG, "Using accounting with a hidden service and an "
725  "ORPort is risky: your hidden service(s) and your public "
726  "address will all turn off at the same time, which may alert "
727  "observers that they are being run by the same party.");
728  } else if (config_count_key(options->RendConfigLines,
729  "HiddenServiceDir") > 1) {
730  log_warn(LD_CONFIG, "Using accounting with multiple hidden services is "
731  "risky: they will all turn off at the same time, which may "
732  "alert observers that they are being run by the same party.");
733  }
734  }
735 
736  options->AccountingRule = ACCT_MAX;
737  if (options->AccountingRule_option) {
738  if (!strcmp(options->AccountingRule_option, "sum"))
739  options->AccountingRule = ACCT_SUM;
740  else if (!strcmp(options->AccountingRule_option, "max"))
741  options->AccountingRule = ACCT_MAX;
742  else if (!strcmp(options->AccountingRule_option, "in"))
743  options->AccountingRule = ACCT_IN;
744  else if (!strcmp(options->AccountingRule_option, "out"))
745  options->AccountingRule = ACCT_OUT;
746  else
747  REJECT("AccountingRule must be 'sum', 'max', 'in', or 'out'");
748  }
749 
750  return 0;
751 }
752 
753 /** Verify whether lst is a list of strings containing valid-looking
754  * comma-separated nicknames, or NULL. Will normalise <b>lst</b> to prefix '$'
755  * to any nickname or fingerprint that needs it. Also splits comma-separated
756  * list elements into multiple elements. Return 0 on success.
757  * Warn and return -1 on failure.
758  */
759 static int
761  const config_line_t *lst, const char *name,
762  char **msg)
763 {
764  if (!lst)
765  return 0;
766 
767  config_line_t *new_nicknames = NULL;
768  config_line_t **new_nicknames_next = &new_nicknames;
769 
770  const config_line_t *cl;
771  for (cl = lst; cl; cl = cl->next) {
772  const char *line = cl->value;
773  if (!line)
774  continue;
775 
776  int valid_line = 1;
777  smartlist_t *sl = smartlist_new();
778  smartlist_split_string(sl, line, ",",
779  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK|SPLIT_STRIP_SPACE, 0);
780  SMARTLIST_FOREACH_BEGIN(sl, char *, s)
781  {
782  char *normalized = NULL;
784  // check if first char is dollar
785  if (s[0] != '$') {
786  // Try again but with a dollar symbol prepended
787  char *prepended;
788  tor_asprintf(&prepended, "$%s", s);
789 
790  if (is_legal_nickname_or_hexdigest(prepended)) {
791  // The nickname is valid when it's prepended, set it as the
792  // normalized version
793  normalized = prepended;
794  } else {
795  // Still not valid, free and fallback to error message
796  tor_free(prepended);
797  }
798  }
799 
800  if (!normalized) {
801  tor_asprintf(msg, "Invalid nickname '%s' in %s line", s, name);
802  valid_line = 0;
803  break;
804  }
805  } else {
806  normalized = tor_strdup(s);
807  }
808 
809  config_line_t *next = tor_malloc_zero(sizeof(*next));
810  next->key = tor_strdup(cl->key);
811  next->value = normalized;
812  next->next = NULL;
813 
814  *new_nicknames_next = next;
815  new_nicknames_next = &next->next;
816  } SMARTLIST_FOREACH_END(s);
817 
818  SMARTLIST_FOREACH(sl, char *, s, tor_free(s));
819  smartlist_free(sl);
820 
821  if (!valid_line) {
822  config_free_lines(new_nicknames);
823  return -1;
824  }
825  }
826 
827  *normalized_out = new_nicknames;
828 
829  return 0;
830 }
831 
832 #define ONE_MEGABYTE (UINT64_C(1) << 20)
833 
834 /* If we have less than 300 MB suggest disabling dircache */
835 #define DIRCACHE_MIN_MEM_MB 300
836 #define DIRCACHE_MIN_MEM_BYTES (DIRCACHE_MIN_MEM_MB*ONE_MEGABYTE)
837 #define STRINGIFY(val) #val
838 
839 /** Create a warning message for emitting if we are a dircache but may not have
840  * enough system memory, or if we are not a dircache but probably should be.
841  * Return -1 when a message is returned in *msg*, else return 0. */
842 STATIC int
843 have_enough_mem_for_dircache(const or_options_t *options, size_t total_mem,
844  char **msg)
845 {
846  *msg = NULL;
847  /* XXX We should possibly be looking at MaxMemInQueues here
848  * unconditionally. Or we should believe total_mem unconditionally. */
849  if (total_mem == 0) {
850  if (get_total_system_memory(&total_mem) < 0) {
851  total_mem = options->MaxMemInQueues >= SIZE_MAX ?
852  SIZE_MAX : (size_t)options->MaxMemInQueues;
853  }
854  }
855  if (options->DirCache) {
856  if (total_mem < DIRCACHE_MIN_MEM_BYTES) {
857  if (options->BridgeRelay) {
858  tor_asprintf(msg, "Running a Bridge with less than %d MB of memory "
859  "is not recommended.", DIRCACHE_MIN_MEM_MB);
860  } else {
861  tor_asprintf(msg, "Being a directory cache (default) with less than "
862  "%d MB of memory is not recommended and may consume "
863  "most of the available resources. Consider disabling "
864  "this functionality by setting the DirCache option "
865  "to 0.", DIRCACHE_MIN_MEM_MB);
866  }
867  }
868  } else {
869  if (total_mem >= DIRCACHE_MIN_MEM_BYTES) {
870  *msg = tor_strdup("DirCache is disabled and we are configured as a "
871  "relay. We will not become a Guard.");
872  }
873  }
874  return *msg == NULL ? 0 : -1;
875 }
876 #undef STRINGIFY
877 
878 /**
879  * Legacy validation/normalization function for the relay mode options.
880  * Uses old_options as the previous options.
881  *
882  * Returns 0 on success, returns -1 and sets *msg to a newly allocated string
883  * on error.
884  */
885 int
887  or_options_t *options,
888  char **msg)
889 {
890  (void)old_options;
891 
892  if (BUG(!options))
893  return -1;
894 
895  if (BUG(!msg))
896  return -1;
897 
898  if (server_mode(options) && options->RendConfigLines)
899  log_warn(LD_CONFIG,
900  "Tor is currently configured as a relay and a hidden service. "
901  "That's not very secure: you should probably run your hidden service "
902  "in a separate Tor process, at least -- see "
903  "https://trac.torproject.org/8742");
904 
905  if (options->BridgeRelay && options->DirPort_set) {
906  log_warn(LD_CONFIG, "Can't set a DirPort on a bridge relay; disabling "
907  "DirPort");
908  config_free_lines(options->DirPort_lines);
909  options->DirPort_lines = NULL;
910  options->DirPort_set = 0;
911  }
912 
913  if (options->DirPort_set && !options->DirCache) {
914  REJECT("DirPort configured but DirCache disabled. DirPort requires "
915  "DirCache.");
916  }
917 
918  if (options->BridgeRelay && !options->DirCache) {
919  REJECT("We're a bridge but DirCache is disabled. BridgeRelay requires "
920  "DirCache.");
921  }
922 
923  if (options->BridgeRelay == 1 && ! options->ORPort_set)
924  REJECT("BridgeRelay is 1, ORPort is not set. This is an invalid "
925  "combination.");
926 
927  if (server_mode(options)) {
928  char *dircache_msg = NULL;
929  if (have_enough_mem_for_dircache(options, 0, &dircache_msg)) {
930  log_warn(LD_CONFIG, "%s", dircache_msg);
931  tor_free(dircache_msg);
932  }
933  }
934 
935  if (options->MyFamily_lines && options->BridgeRelay) {
936  log_warn(LD_CONFIG, "Listing a family for a bridge relay is not "
937  "supported: it can reveal bridge fingerprints to censors. "
938  "You should also make sure you aren't listing this bridge's "
939  "fingerprint in any other MyFamily.");
940  }
941  if (options->MyFamily_lines && !options->ContactInfo) {
942  log_warn(LD_CONFIG, "MyFamily is set but ContactInfo is not configured. "
943  "ContactInfo should always be set when MyFamily option is too.");
944  }
945  if (normalize_nickname_list(&options->MyFamily,
946  options->MyFamily_lines, "MyFamily", msg))
947  return -1;
948 
949  if (options->ConstrainedSockets) {
950  if (options->DirPort_set) {
951  /* Providing cached directory entries while system TCP buffers are scarce
952  * will exacerbate the socket errors. Suggest that this be disabled. */
953  COMPLAIN("You have requested constrained socket buffers while also "
954  "serving directory entries via DirPort. It is strongly "
955  "suggested that you disable serving directory requests when "
956  "system TCP buffer resources are scarce.");
957  }
958  }
959 
960  return 0;
961 }
962 
963 /**
964  * Legacy validation/normalization function for the relay testing options
965  * in options. Uses old_options as the previous options.
966  *
967  * Returns 0 on success, returns -1 and sets *msg to a newly allocated string
968  * on error.
969  */
970 int
972  or_options_t *options,
973  char **msg)
974 {
975  (void)old_options;
976 
977  if (BUG(!options))
978  return -1;
979 
980  if (BUG(!msg))
981  return -1;
982 
983  if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2)
984  REJECT("SigningKeyLifetime is too short.");
985  if (options->TestingLinkCertLifetime < options->TestingAuthKeySlop*2)
986  REJECT("LinkCertLifetime is too short.");
987  if (options->TestingAuthKeyLifetime < options->TestingLinkKeySlop*2)
988  REJECT("TestingAuthKeyLifetime is too short.");
989 
990  return 0;
991 }
992 
993 /** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
994  * will require us to rotate the CPU and DNS workers; else return 0. */
995 static int
997  const or_options_t *new_options)
998 {
999  YES_IF_CHANGED_STRING(DataDirectory);
1000  YES_IF_CHANGED_INT(NumCPUs);
1001  YES_IF_CHANGED_LINELIST(ORPort_lines);
1002  YES_IF_CHANGED_BOOL(ServerDNSSearchDomains);
1003  YES_IF_CHANGED_BOOL(SafeLogging_);
1004  YES_IF_CHANGED_BOOL(ClientOnly);
1005  YES_IF_CHANGED_BOOL(LogMessageDomains);
1006  YES_IF_CHANGED_LINELIST(Logs);
1007 
1008  if (server_mode(old_options) != server_mode(new_options) ||
1009  public_server_mode(old_options) != public_server_mode(new_options) ||
1010  dir_server_mode(old_options) != dir_server_mode(new_options))
1011  return 1;
1012 
1013  /* Nothing that changed matters. */
1014  return 0;
1015 }
1016 
1017 /** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
1018  * will require us to generate a new descriptor; else return 0. */
1019 static int
1021  const or_options_t *new_options)
1022 {
1023  /* XXX We can be smarter here. If your DirPort isn't being
1024  * published and you just turned it off, no need to republish. Etc. */
1025 
1026  YES_IF_CHANGED_STRING(DataDirectory);
1027  YES_IF_CHANGED_STRING(Nickname);
1028  YES_IF_CHANGED_STRING(Address);
1029  YES_IF_CHANGED_LINELIST(ExitPolicy);
1030  YES_IF_CHANGED_BOOL(ExitRelay);
1031  YES_IF_CHANGED_BOOL(ExitPolicyRejectPrivate);
1032  YES_IF_CHANGED_BOOL(ExitPolicyRejectLocalInterfaces);
1033  YES_IF_CHANGED_BOOL(IPv6Exit);
1034  YES_IF_CHANGED_LINELIST(ORPort_lines);
1035  YES_IF_CHANGED_LINELIST(DirPort_lines);
1036  YES_IF_CHANGED_LINELIST(DirPort_lines);
1037  YES_IF_CHANGED_BOOL(ClientOnly);
1038  YES_IF_CHANGED_BOOL(DisableNetwork);
1039  YES_IF_CHANGED_BOOL(PublishServerDescriptor_);
1040  YES_IF_CHANGED_STRING(ContactInfo);
1041  YES_IF_CHANGED_STRING(BridgeDistribution);
1042  YES_IF_CHANGED_LINELIST(MyFamily);
1043  YES_IF_CHANGED_STRING(AccountingStart);
1044  YES_IF_CHANGED_INT(AccountingMax);
1045  YES_IF_CHANGED_INT(AccountingRule);
1046  YES_IF_CHANGED_BOOL(DirCache);
1047  YES_IF_CHANGED_BOOL(AssumeReachable);
1048 
1049  if (relay_get_effective_bwrate(old_options) !=
1050  relay_get_effective_bwrate(new_options) ||
1051  relay_get_effective_bwburst(old_options) !=
1052  relay_get_effective_bwburst(new_options) ||
1053  public_server_mode(old_options) != public_server_mode(new_options))
1054  return 1;
1055 
1056  return 0;
1057 }
1058 
1059 /** Fetch the active option list, and take relay actions based on it. All of
1060  * the things we do should survive being done repeatedly. If present,
1061  * <b>old_options</b> contains the previous value of the options.
1062  *
1063  * Return 0 if all goes well, return -1 if it's time to die.
1064  *
1065  * Note: We haven't moved all the "act on new configuration" logic
1066  * into the options_act* functions yet. Some is still in do_hup() and other
1067  * places.
1068  */
1069 int
1070 options_act_relay(const or_options_t *old_options)
1071 {
1072  const or_options_t *options = get_options();
1073 
1074  const int transition_affects_workers =
1075  old_options && options_transition_affects_workers(old_options, options);
1076 
1077  /* We want to reinit keys as needed before we do much of anything else:
1078  keys are important, and other things can depend on them. */
1079  if (transition_affects_workers ||
1080  (authdir_mode_v3(options) && (!old_options ||
1081  !authdir_mode_v3(old_options)))) {
1082  if (init_keys() < 0) {
1083  log_warn(LD_BUG,"Error initializing keys; exiting");
1084  return -1;
1085  }
1086  }
1087 
1088  if (server_mode(options)) {
1089  static int cdm_initialized = 0;
1090  if (cdm_initialized == 0) {
1091  cdm_initialized = 1;
1092  consdiffmgr_configure(NULL);
1094  }
1095  }
1096 
1097  /* Check for transitions that need action. */
1098  if (old_options) {
1099  if (transition_affects_workers) {
1100  log_info(LD_GENERAL,
1101  "Worker-related options changed. Rotating workers.");
1102  const int server_mode_turned_on =
1103  server_mode(options) && !server_mode(old_options);
1104  const int dir_server_mode_turned_on =
1105  dir_server_mode(options) && !dir_server_mode(old_options);
1106 
1107  if (server_mode_turned_on || dir_server_mode_turned_on) {
1108  cpu_init();
1109  }
1110 
1111  if (server_mode_turned_on) {
1112  ip_address_changed(0);
1113  if (have_completed_a_circuit() || !any_predicted_circuits(time(NULL)))
1115  }
1117  }
1118  }
1119 
1120  return 0;
1121 }
1122 
1123 /** Fetch the active option list, and take relay accounting actions based on
1124  * it. All of the things we do should survive being done repeatedly. If
1125  * present, <b>old_options</b> contains the previous value of the options.
1126  *
1127  * Return 0 if all goes well, return -1 if it's time to die.
1128  *
1129  * Note: We haven't moved all the "act on new configuration" logic
1130  * into the options_act* functions yet. Some is still in do_hup() and other
1131  * places.
1132  */
1133 int
1135 {
1136  (void)old_options;
1137 
1138  const or_options_t *options = get_options();
1139 
1140  /* Set up accounting */
1141  if (accounting_parse_options(options, 0)<0) {
1142  // LCOV_EXCL_START
1143  log_warn(LD_BUG,"Error in previously validated accounting options");
1144  return -1;
1145  // LCOV_EXCL_STOP
1146  }
1147  if (accounting_is_enabled(options))
1148  configure_accounting(time(NULL));
1149 
1150  return 0;
1151 }
1152 
1153 /** Fetch the active option list, and take relay bandwidth actions based on
1154  * it. All of the things we do should survive being done repeatedly. If
1155  * present, <b>old_options</b> contains the previous value of the options.
1156  *
1157  * Return 0 if all goes well, return -1 if it's time to die.
1158  *
1159  * Note: We haven't moved all the "act on new configuration" logic
1160  * into the options_act* functions yet. Some is still in do_hup() and other
1161  * places.
1162  */
1163 int
1165 {
1166  const or_options_t *options = get_options();
1167 
1168  /* Check for transitions that need action. */
1169  if (old_options) {
1170  if (options->PerConnBWRate != old_options->PerConnBWRate ||
1171  options->PerConnBWBurst != old_options->PerConnBWBurst)
1173 
1174  if (options->RelayBandwidthRate != old_options->RelayBandwidthRate ||
1175  options->RelayBandwidthBurst != old_options->RelayBandwidthBurst)
1176  connection_bucket_adjust(options);
1177  }
1178 
1179  return 0;
1180 }
1181 
1182 /** Fetch the active option list, and take bridge statistics actions based on
1183  * it. All of the things we do should survive being done repeatedly. If
1184  * present, <b>old_options</b> contains the previous value of the options.
1185  *
1186  * Return 0 if all goes well, return -1 if it's time to die.
1187  *
1188  * Note: We haven't moved all the "act on new configuration" logic
1189  * into the options_act* functions yet. Some is still in do_hup() and other
1190  * places.
1191  */
1192 int
1194 {
1195  const or_options_t *options = get_options();
1196 
1197 /* How long should we delay counting bridge stats after becoming a bridge?
1198  * We use this so we don't count clients who used our bridge thinking it is
1199  * a relay. If you change this, don't forget to change the log message
1200  * below. It's 4 hours (the time it takes to stop being used by clients)
1201  * plus some extra time for clock skew. */
1202 #define RELAY_BRIDGE_STATS_DELAY (6 * 60 * 60)
1203 
1204  /* Check for transitions that need action. */
1205  if (old_options) {
1206  if (! bool_eq(options->BridgeRelay, old_options->BridgeRelay)) {
1207  int was_relay = 0;
1208  if (options->BridgeRelay) {
1209  time_t int_start = time(NULL);
1210  if (config_lines_eq(old_options->ORPort_lines,options->ORPort_lines)) {
1211  int_start += RELAY_BRIDGE_STATS_DELAY;
1212  was_relay = 1;
1213  }
1214  geoip_bridge_stats_init(int_start);
1215  log_info(LD_CONFIG, "We are acting as a bridge now. Starting new "
1216  "GeoIP stats interval%s.", was_relay ? " in 6 "
1217  "hours from now" : "");
1218  } else {
1220  log_info(LD_GENERAL, "We are no longer acting as a bridge. "
1221  "Forgetting GeoIP stats.");
1222  }
1223  }
1224  }
1225 
1226  return 0;
1227 }
1228 
1229 /** Fetch the active option list, and take relay statistics actions based on
1230  * it. All of the things we do should survive being done repeatedly. If
1231  * present, <b>old_options</b> contains the previous value of the options.
1232  *
1233  * Sets <b>*print_notice_out</b> if we enabled stats, and need to print
1234  * a stats log using options_act_relay_stats_msg().
1235  *
1236  * If loading the GeoIP file failed, sets DirReqStatistics and
1237  * EntryStatistics to 0. This breaks the normalization/act ordering
1238  * introduced in 29211.
1239  *
1240  * Return 0 if all goes well, return -1 if it's time to die.
1241  *
1242  * Note: We haven't moved all the "act on new configuration" logic
1243  * into the options_act* functions yet. Some is still in do_hup() and other
1244  * places.
1245  */
1246 int
1248  bool *print_notice_out)
1249 {
1250  if (BUG(!print_notice_out))
1251  return -1;
1252 
1253  or_options_t *options = get_options_mutable();
1254 
1255  if (options->CellStatistics || options->DirReqStatistics ||
1256  options->EntryStatistics || options->ExitPortStatistics ||
1257  options->ConnDirectionStatistics ||
1258  options->HiddenServiceStatistics) {
1259  time_t now = time(NULL);
1260  int print_notice = 0;
1261 
1262  if ((!old_options || !old_options->CellStatistics) &&
1263  options->CellStatistics) {
1265  print_notice = 1;
1266  }
1267  if ((!old_options || !old_options->DirReqStatistics) &&
1268  options->DirReqStatistics) {
1269  if (geoip_is_loaded(AF_INET)) {
1271  print_notice = 1;
1272  } else {
1273  /* disable statistics collection since we have no geoip file */
1274  /* 29211: refactor to avoid the normalisation/act inversion */
1275  options->DirReqStatistics = 0;
1276  if (options->ORPort_set)
1277  log_notice(LD_CONFIG, "Configured to measure directory request "
1278  "statistics, but no GeoIP database found. "
1279  "Please specify a GeoIP database using the "
1280  "GeoIPFile option.");
1281  }
1282  }
1283  if ((!old_options || !old_options->EntryStatistics) &&
1284  options->EntryStatistics && !should_record_bridge_info(options)) {
1285  /* If we get here, we've started recording bridge info when we didn't
1286  * do so before. Note that "should_record_bridge_info()" will
1287  * always be false at this point, because of the earlier block
1288  * that cleared EntryStatistics when public_server_mode() was false.
1289  * We're leaving it in as defensive programming. */
1290  if (geoip_is_loaded(AF_INET) || geoip_is_loaded(AF_INET6)) {
1292  print_notice = 1;
1293  } else {
1294  options->EntryStatistics = 0;
1295  log_notice(LD_CONFIG, "Configured to measure entry node "
1296  "statistics, but no GeoIP database found. "
1297  "Please specify a GeoIP database using the "
1298  "GeoIPFile option.");
1299  }
1300  }
1301  if ((!old_options || !old_options->ExitPortStatistics) &&
1302  options->ExitPortStatistics) {
1304  print_notice = 1;
1305  }
1306  if ((!old_options || !old_options->ConnDirectionStatistics) &&
1307  options->ConnDirectionStatistics) {
1309  }
1310  if ((!old_options || !old_options->HiddenServiceStatistics) &&
1311  options->HiddenServiceStatistics) {
1312  log_info(LD_CONFIG, "Configured to measure hidden service statistics.");
1314  }
1315  if (print_notice)
1316  *print_notice_out = 1;
1317  }
1318 
1319  /* If we used to have statistics enabled but we just disabled them,
1320  stop gathering them. */
1321  if (old_options && old_options->CellStatistics &&
1322  !options->CellStatistics)
1324  if (old_options && old_options->DirReqStatistics &&
1325  !options->DirReqStatistics)
1327  if (old_options && old_options->EntryStatistics &&
1328  !options->EntryStatistics)
1330  if (old_options && old_options->HiddenServiceStatistics &&
1331  !options->HiddenServiceStatistics)
1333  if (old_options && old_options->ExitPortStatistics &&
1334  !options->ExitPortStatistics)
1336  if (old_options && old_options->ConnDirectionStatistics &&
1337  !options->ConnDirectionStatistics)
1339 
1340  return 0;
1341 }
1342 
1343 /** Print a notice about relay/dirauth stats being enabled. */
1344 void
1346 {
1347  log_notice(LD_CONFIG, "Configured to measure statistics. Look for "
1348  "the *-stats files that will first be written to the "
1349  "data directory in 24 hours from now.");
1350 }
1351 
1352 /** Fetch the active option list, and take relay descriptor actions based on
1353  * it. All of the things we do should survive being done repeatedly. If
1354  * present, <b>old_options</b> contains the previous value of the options.
1355  *
1356  * Return 0 if all goes well, return -1 if it's time to die.
1357  *
1358  * Note: We haven't moved all the "act on new configuration" logic
1359  * into the options_act* functions yet. Some is still in do_hup() and other
1360  * places.
1361  */
1362 int
1364 {
1365  const or_options_t *options = get_options();
1366 
1367  /* Since our options changed, we might need to regenerate and upload our
1368  * server descriptor.
1369  */
1370  if (!old_options ||
1371  options_transition_affects_descriptor(old_options, options))
1372  mark_my_descriptor_dirty("config change");
1373 
1374  return 0;
1375 }
1376 
1377 /** Fetch the active option list, and take relay DoS actions based on
1378  * it. All of the things we do should survive being done repeatedly. If
1379  * present, <b>old_options</b> contains the previous value of the options.
1380  *
1381  * Return 0 if all goes well, return -1 if it's time to die.
1382  *
1383  * Note: We haven't moved all the "act on new configuration" logic
1384  * into the options_act* functions yet. Some is still in do_hup() and other
1385  * places.
1386  */
1387 int
1389 {
1390  const or_options_t *options = get_options();
1391 
1392  /* DoS mitigation subsystem only applies to public relay. */
1393  if (public_server_mode(options)) {
1394  /* If we are configured as a relay, initialize the subsystem. Even on HUP,
1395  * this is safe to call as it will load data from the current options
1396  * or/and the consensus. */
1397  dos_init();
1398  } else if (old_options && public_server_mode(old_options)) {
1399  /* Going from relay to non relay, clean it up. */
1400  dos_free_all();
1401  }
1402 
1403  return 0;
1404 }
1405 
1406 /** Fetch the active option list, and take dirport actions based on
1407  * it. All of the things we do should survive being done repeatedly. If
1408  * present, <b>old_options</b> contains the previous value of the options.
1409  *
1410  * Return 0 if all goes well, return -1 if it's time to die.
1411  *
1412  * Note: We haven't moved all the "act on new configuration" logic
1413  * into the options_act* functions yet. Some is still in do_hup() and other
1414  * places.
1415  */
1416 int
1418 {
1419  (void)old_options;
1420 
1421  const or_options_t *options = get_options();
1422 
1423  if (!public_server_mode(options))
1424  return 0;
1425 
1426  /* Load the webpage we're going to serve every time someone asks for '/' on
1427  our DirPort. */
1429  if (options->DirPortFrontPage) {
1431  read_file_to_str(options->DirPortFrontPage, 0, NULL);
1433  log_warn(LD_CONFIG,
1434  "DirPortFrontPage file '%s' not found. Continuing anyway.",
1435  options->DirPortFrontPage);
1436  }
1437  }
1438 
1439  return 0;
1440 }
int config_ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg)
Definition: config.c:3119
#define CONN_TYPE_DIR_LISTENER
Definition: connection.h:33
smartlist_t * get_connection_array(void)
Definition: mainloop.c:452
static int options_transition_affects_workers(const or_options_t *old_options, const or_options_t *new_options)
Definition: relay_config.c:996
char * DirPortFrontPage
static int compute_publishserverdescriptor(or_options_t *options)
Definition: relay_config.c:422
Header for feature/relay/relay_config.c.
char * AccountingRule_option
int TestingLinkKeySlop
Header for uname.c.
Header for confline.c.
int options_act_relay_accounting(const or_options_t *old_options)
Header for smartlist.c.
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
void rep_hist_exit_stats_term(void)
Definition: rephist.c:1579
Header file for geoip_stats.c.
void consdiffmgr_configure(const consdiff_cfg_t *cfg)
Definition: consdiffmgr.c:834
int config_lines_eq(const config_line_t *a, const config_line_t *b)
Definition: confline.c:259
uint64_t PerConnBWRate
char * ContactInfo
int ReducedConnectionPadding
int port_count_real_listeners(const smartlist_t *ports, int listenertype, int count_sockets)
Definition: config.c:6487
Header file for connection.c.
int options_act_relay_stats(const or_options_t *old_options, bool *print_notice_out)
#define LD_GENERAL
Definition: log.h:62
int ExitPortStatistics
void rep_hist_conn_stats_term(void)
Definition: rephist.c:2320
uint64_t MaxMemInQueues
struct config_line_t * RendConfigLines
int any_predicted_circuits(time_t now)
int accounting_is_enabled(const or_options_t *options)
Definition: hibernate.c:305
uint64_t RelayBandwidthRate
int options_act_relay_bandwidth(const or_options_t *old_options)
dirinfo_type_t PublishServerDescriptor_
#define CONN_TYPE_OR_LISTENER
Definition: connection.h:21
Header file for config.c.
Header file for nickname.c.
void rep_hist_buffer_stats_init(time_t now)
Definition: rephist.c:1815
int ConnDirectionStatistics
struct config_line_t * DirPort_lines
const or_options_t * get_options(void)
Definition: config.c:944
Header file for cpuworker.c.
void geoip_dirreq_stats_init(time_t now)
Definition: geoip_stats.c:918
int should_record_bridge_info(const or_options_t *options)
Definition: geoip_stats.c:112
int strcmpstart(const char *s1, const char *s2)
Definition: util_string.c:206
static int check_server_ports(const smartlist_t *ports, const or_options_t *options, int *n_low_ports_out)
Definition: relay_config.c:140
#define tor_free(p)
Definition: malloc.h:52
void rep_hist_buffer_stats_term(void)
Definition: rephist.c:1907
void rep_hist_exit_stats_init(time_t now)
Definition: rephist.c:1558
int is_legal_nickname_or_hexdigest(const char *s)
Definition: nickname.c:31
int geoip_is_loaded(sa_family_t family)
Definition: geoip.c:458
const char * name
Definition: config.c:2459
void relay_config_free_all(void)
Definition: relay_config.c:83
Header file for mainloop.c.
dirinfo_type_t
Definition: or.h:891
int config_count_key(const config_line_t *a, const char *key)
Definition: confline.c:274
smartlist_t * smartlist_new(void)
Header for meminfo.c.
STATIC int check_bridge_distribution_setting(const char *bd)
Definition: relay_config.c:478
#define bool_eq(a, b)
Definition: logic.h:16
int dir_server_mode(const or_options_t *options)
Definition: routermode.c:23
Header file for geoip.c.
void options_act_relay_stats_msg(void)
#define STATIC
Definition: testsupport.h:32
int options_validate_relay_info(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:377
int options_act_bridge_stats(const or_options_t *old_options)
void geoip_dirreq_stats_term(void)
Definition: geoip_stats.c:957
int options_act_relay_dir(const or_options_t *old_options)
Header file for directory authority mode.
int options_validate_publish_server(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:514
void geoip_entry_stats_init(time_t now)
Definition: geoip_stats.c:1320
Header file for hibernate.c.
int SigningKeyLifetime
int options_validate_relay_padding(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:571
struct config_line_t * MyFamily
int options_act_relay_desc(const or_options_t *old_options)
struct config_line_t * ExtORPort_lines
int TestingAuthKeySlop
Header for setuid.c.
void configure_accounting(time_t now)
Definition: hibernate.c:430
int init_keys(void)
Definition: router.c:920
int TestingAuthKeyLifetime
const char * get_uname(void)
Definition: uname.c:33
uint32_t relay_get_effective_bwburst(const or_options_t *options)
Definition: relay_config.c:105
uint64_t BandwidthRate
Header file for routermode.c.
int options_validate_relay_mode(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:886
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1169
void cpu_init(void)
Definition: cpuworker.c:83
int options_validate_relay_os(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:340
int string_is_utf8(const char *str, size_t len)
Definition: util_string.c:507
Master header file for Tor-specific functionality.
uint64_t MaxAdvertisedBandwidth
int accounting_parse_options(const or_options_t *options, int validate_only)
Definition: hibernate.c:190
Header file for circuitbuild.c.
int port_parse_ports_relay(or_options_t *options, char **msg, smartlist_t *ports_out, int *have_low_ports_out)
Definition: relay_config.c:238
int options_act_relay(const or_options_t *old_options)
Header file for rephist.c.
int port_parse_config(smartlist_t *out, const config_line_t *ports, const char *portname, int listener_type, const char *defaultaddr, int defaultport, const unsigned flags)
Definition: config.c:6025
int TestingLinkCertLifetime
int consdiffmgr_validate(void)
Definition: consdiffmgr.c:858
void rep_hist_hs_stats_term(void)
Definition: rephist.c:2549
void rep_hist_hs_stats_init(time_t now)
Definition: rephist.c:2520
void mark_my_descriptor_dirty(const char *reason)
Definition: router.c:2421
int options_validate_relay_accounting(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:705
void cpuworkers_rotate_keyinfo(void)
Definition: cpuworker.c:188
void port_warn_nonlocal_ext_orports(const smartlist_t *ports, const char *portname)
Definition: relay_config.c:117
uint64_t AccountingMax
char * BridgeDistribution
int ConstrainedSockets
int is_legal_nickname(const char *s)
Definition: nickname.c:19
#define UNNAMED_ROUTER_NICKNAME
Definition: or.h:560
int options_act_relay_dos(const or_options_t *old_options)
int have_capability_support(void)
Definition: setuid.c:149
char * Nickname
Definition: or_options_st.h:65
uint64_t PerConnBWBurst
void geoip_bridge_stats_init(time_t now)
Definition: geoip_stats.c:1064
void rep_hist_conn_stats_init(time_t now)
Definition: rephist.c:2222
void geoip_entry_stats_term(void)
Definition: geoip_stats.c:1336
#define SMARTLIST_FOREACH(sl, type, var, cmd)
static int normalize_nickname_list(config_line_t **normalized_out, const config_line_t *lst, const char *name, char **msg)
Definition: relay_config.c:760
const char * escaped(const char *s)
Definition: escape.c:126
uint64_t RelayBandwidthBurst
#define ARRAY_LENGTH(x)
int get_total_system_memory(size_t *mem_out)
Definition: meminfo.c:151
uint64_t BandwidthBurst
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
int ReducedCircuitPadding
const char * relay_get_dirportfrontpage(void)
Definition: relay_config.c:74
Definition: or.h:894
struct config_line_t * ORPort_lines
Header for confmgt.c.
int public_server_mode(const or_options_t *options)
Definition: routermode.c:43
void connection_or_update_token_buckets(smartlist_t *conns, const or_options_t *options)
void connection_bucket_adjust(const or_options_t *options)
Definition: connection.c:3449
void geoip_bridge_stats_term(void)
Definition: geoip_stats.c:1072
Header file for connection_or.c.
int options_validate_relay_bandwidth(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:613
STATIC int have_enough_mem_for_dircache(const or_options_t *options, size_t total_mem, char **msg)
Definition: relay_config.c:843
int HiddenServiceStatistics
void ip_address_changed(int at_interface)
Definition: mainloop.c:2280
static int options_transition_affects_descriptor(const or_options_t *old_options, const or_options_t *new_options)
or_options_t * get_options_mutable(void)
Definition: config.c:935
int server_mode(const or_options_t *options)
Definition: routermode.c:34
void port_update_port_set_relay(or_options_t *options, const smartlist_t *ports)
Definition: relay_config.c:311
struct smartlist_t * PublishServerDescriptor
uint32_t relay_get_effective_bwrate(const or_options_t *options)
Definition: relay_config.c:91
#define CONN_TYPE_EXT_OR_LISTENER
Definition: connection.h:53
Header for consdiffmgr.c.
#define LD_BUG
Definition: log.h:86
Header file for dns.c.
Header file for predict_ports.c.
struct config_line_t * MyFamily_lines
#define LD_CONFIG
Definition: log.h:68
int inform_testing_reachability(void)
Definition: circuitbuild.c:774
int options_validate_relay_testing(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:971
int have_completed_a_circuit(void)
Definition: mainloop.c:219
Listener port configuration structure.
int TestingSigningKeySlop
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
int KeepBindCapabilities
static char * global_dirfrontpagecontents
Definition: relay_config.c:49