1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
8 * \file or_options_st.h
10 * \brief The or_options_t structure, which represents Tor's configuration.
13 #ifndef TOR_OR_OPTIONS_ST_H
14 #define TOR_OR_OPTIONS_ST_H
16 #include "core/or/or.h"
17 #include "lib/cc/torint.h"
18 #include "lib/net/address.h"
19 #include "app/config/tor_cmdline_mode.h"
23 struct config_suite_t
;
26 /** Enumeration of outbound address configuration types:
27 * Exit-only, OR-only, PT-only, or any of them */
29 /** Outbound IP address for Exit connections. Controlled by the
30 * `OutboundBindAddressExit` configuration entry in torrc. */
33 /** Outbound IP address for OR connections. Controlled by the
34 * `OutboundBindAddressOR` configuration entry in torrc. */
37 /** Outbound IP address for PT connections. Controlled by the
38 * `OutboundBindAddressPT` configuration entry in torrc. */
41 /** Outbound IP address for any outgoing connections. Controlled by the
42 * OutboundBindAddress configuration entry in torrc. This value is used as
43 * fallback if the more specific OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR, and
44 * OUTBOUND_ADDR_PT are unset. */
47 /** Max value for this enum. Must be the last element in this enum. */
51 /** Which protocol to use for TCPProxy. */
53 /** Use the HAProxy proxy protocol. */
54 TCP_PROXY_PROTOCOL_HAPROXY
55 } tcp_proxy_protocol_t
;
57 /** Enumeration of available time formats for output of --key-expiration */
59 KEY_EXPIRATION_FORMAT_ISO8601
= 0,
60 KEY_EXPIRATION_FORMAT_TIMESTAMP
61 } key_expiration_format_t
;
63 /** Configuration options for a Tor process. */
67 /** What should the tor process actually do? */
68 tor_cmdline_mode_t command
;
69 char *command_arg
; /**< Argument for command-line option. */
71 struct config_line_t
*Logs
; /**< New-style list of configuration lines
73 int LogTimeGranularity
; /**< Log resolution in milliseconds. */
75 int LogMessageDomains
; /**< Boolean: Should we log the domain(s) in which
76 * each log message occurs? */
77 int TruncateLogFile
; /**< Boolean: Should we truncate the log file
78 before we start writing? */
79 char *SyslogIdentityTag
; /**< Identity tag to add for syslog logging. */
81 char *DebugLogFile
; /**< Where to send verbose log messages. */
82 char *DataDirectory_option
; /**< Where to store long-term data, as
83 * configured by the user. */
84 char *DataDirectory
; /**< Where to store long-term data, as modified. */
85 int DataDirectoryGroupReadable
; /**< Boolean: Is the DataDirectory g+r? */
87 char *KeyDirectory_option
; /**< Where to store keys, as
88 * configured by the user. */
89 char *KeyDirectory
; /**< Where to store keys data, as modified. */
90 int KeyDirectoryGroupReadable
; /**< Boolean: Is the KeyDirectory g+r? */
92 char *CacheDirectory_option
; /**< Where to store cached data, as
93 * configured by the user. */
94 char *CacheDirectory
; /**< Where to store cached data, as modified. */
95 int CacheDirectoryGroupReadable
; /**< Boolean: Is the CacheDirectory g+r? */
97 char *Nickname
; /**< OR only: nickname of this onion router. */
98 /** OR only: configured address for this onion router. Up to two times this
99 * options is accepted as in IPv4 and IPv6. */
100 struct config_line_t
*Address
;
102 /** Boolean: If set, disable IPv6 address resolution, IPv6 ORPorts, IPv6
103 * reachability checks, and publishing an IPv6 ORPort in its descriptor. */
104 int AddressDisableIPv6
;
106 char *PidFile
; /**< Where to store PID of Tor process. */
108 struct routerset_t
*ExitNodes
; /**< Structure containing nicknames, digests,
109 * country codes and IP address patterns of ORs to
110 * consider as exits. */
111 struct routerset_t
*MiddleNodes
; /**< Structure containing nicknames,
112 * digests, country codes and IP address patterns
113 * of ORs to consider as middles. */
114 struct routerset_t
*EntryNodes
;/**< Structure containing nicknames, digests,
115 * country codes and IP address patterns of ORs to
116 * consider as entry points. */
117 int StrictNodes
; /**< Boolean: When none of our EntryNodes or ExitNodes
118 * are up, or we need to access a node in ExcludeNodes,
119 * do we just fail instead? */
120 struct routerset_t
*ExcludeNodes
;/**< Structure containing nicknames,
121 * digests, country codes and IP address patterns
122 * of ORs not to use in circuits. But see
123 * StrictNodes above. */
124 struct routerset_t
*ExcludeExitNodes
;/**< Structure containing nicknames,
125 * digests, country codes and IP address
126 * patterns of ORs not to consider as
129 /** Union of ExcludeNodes and ExcludeExitNodes */
130 struct routerset_t
*ExcludeExitNodesUnion_
;
132 int DisableAllSwap
; /**< Boolean: Attempt to call mlockall() on our
133 * process for all current and future memory. */
135 struct config_line_t
*ExitPolicy
; /**< Lists of exit policy components. */
136 int ExitPolicyRejectPrivate
; /**< Should we not exit to reserved private
137 * addresses, and our own published addresses?
139 int ExitPolicyRejectLocalInterfaces
; /**< Should we not exit to local
140 * interface addresses?
141 * Includes OutboundBindAddresses and
142 * configured ports. */
143 int ReducedExitPolicy
; /**<Should we use the Reduced Exit Policy? */
144 struct config_line_t
*SocksPolicy
; /**< Lists of socks policy components */
145 struct config_line_t
*DirPolicy
; /**< Lists of dir policy components */
146 /** Local address to bind outbound sockets */
147 struct config_line_t
*OutboundBindAddress
;
148 /** Local address to bind outbound relay sockets */
149 struct config_line_t
*OutboundBindAddressOR
;
150 /** Local address to bind outbound exit sockets */
151 struct config_line_t
*OutboundBindAddressExit
;
152 /** Local address to bind outbound PT sockets */
153 struct config_line_t
*OutboundBindAddressPT
;
154 /** Addresses derived from the various OutboundBindAddress lines.
155 * [][0] is IPv4, [][1] is IPv6
157 tor_addr_t OutboundBindAddresses
[OUTBOUND_ADDR_MAX
][2];
158 /** Whether dirservers allow router descriptors with private IPs. */
159 int DirAllowPrivateAddresses
;
160 /** Whether routers accept EXTEND cells to routers with private IPs. */
161 int ExtendAllowPrivateAddresses
;
162 char *User
; /**< Name of user to run Tor as. */
163 /** Ports to listen on for OR connections. */
164 struct config_line_t
*ORPort_lines
;
165 /** Ports to listen on for extended OR connections. */
166 struct config_line_t
*ExtORPort_lines
;
167 /** Ports to listen on for Metrics connections. */
168 struct config_line_t
*MetricsPort_lines
;
169 /** Ports to listen on for SOCKS connections. */
170 struct config_line_t
*SocksPort_lines
;
171 /** Ports to listen on for transparent pf/netfilter connections. */
172 struct config_line_t
*TransPort_lines
;
173 char *TransProxyType
; /**< What kind of transparent proxy
174 * implementation are we using? */
175 /** Parsed value of TransProxyType. */
181 } TransProxyType_parsed
;
182 /** Ports to listen on for transparent natd connections. */
183 struct config_line_t
*NATDPort_lines
;
184 /** Ports to listen on for HTTP Tunnel connections. */
185 struct config_line_t
*HTTPTunnelPort_lines
;
186 struct config_line_t
*ControlPort_lines
; /**< Ports to listen on for control
188 /** List of Unix Domain Sockets to listen on for control connections. */
189 struct config_line_t
*ControlSocket
;
191 int ControlSocketsGroupWritable
; /**< Boolean: Are control sockets g+rw? */
192 int UnixSocksGroupWritable
; /**< Boolean: Are SOCKS Unix sockets g+rw? */
193 /** Ports to listen on for directory connections. */
194 struct config_line_t
*DirPort_lines
;
195 /** Ports to listen on for DNS requests. */
196 struct config_line_t
*DNSPort_lines
;
198 /* MaxMemInQueues value as input by the user. We clean this up to be
200 uint64_t MaxMemInQueues_raw
;
201 uint64_t MaxMemInQueues
;/**< If we have more memory than this allocated
202 * for queues and buffers, run the OOM handler */
203 /** Above this value, consider ourselves low on RAM. */
204 uint64_t MaxMemInQueues_low_threshold
;
206 /** @name port booleans
208 * Derived booleans: For server ports and ControlPort, true iff there is a
209 * non-listener port on an AF_INET or AF_INET6 address of the given type
210 * configured in one of the _lines options above.
211 * For client ports, also true if there is a unix socket configured.
212 * If you are checking for client ports, you may want to use:
213 * SocksPort_set || TransPort_set || NATDPort_set || DNSPort_set ||
215 * rather than SocksPort_set.
219 unsigned int ORPort_set
: 1;
220 unsigned int SocksPort_set
: 1;
221 unsigned int TransPort_set
: 1;
222 unsigned int NATDPort_set
: 1;
223 unsigned int ControlPort_set
: 1;
224 unsigned int DirPort_set
: 1;
225 unsigned int DNSPort_set
: 1;
226 unsigned int ExtORPort_set
: 1;
227 unsigned int HTTPTunnelPort_set
: 1;
228 unsigned int MetricsPort_set
: 1;
231 /** Whether to publish our descriptor regardless of all our self-tests
234 /** Whether to publish our descriptor regardless of IPv6 self-tests.
236 * This is an autobool; when set to AUTO, it uses AssumeReachable.
238 int AssumeReachableIPv6
;
239 int AuthoritativeDir
; /**< Boolean: is this an authoritative directory? */
240 int V3AuthoritativeDir
; /**< Boolean: is this an authoritative directory
241 * for version 3 directories? */
242 int BridgeAuthoritativeDir
; /**< Boolean: is this an authoritative directory
243 * that aggregates bridge descriptors? */
245 /** If set on a bridge relay, it will include this value on a new
246 * "bridge-distribution-request" line in its bridge descriptor. */
247 char *BridgeDistribution
;
249 /** If set on a bridge authority, it will answer requests on its dirport
250 * for bridge statuses -- but only if the requests use this password. */
251 char *BridgePassword
;
252 /** If BridgePassword is set, this is a SHA256 digest of the basic http
253 * authenticator for it. Used so we can do a time-independent comparison. */
254 char *BridgePassword_AuthDigest_
;
256 int UseBridges
; /**< Boolean: should we start all circuits with a bridge? */
257 struct config_line_t
*Bridges
; /**< List of bootstrap bridge addresses. */
259 struct config_line_t
*ClientTransportPlugin
; /**< List of client
260 transport plugins. */
262 struct config_line_t
*ServerTransportPlugin
; /**< List of client
263 transport plugins. */
265 /** List of TCP/IP addresses that transports should listen at. */
266 struct config_line_t
*ServerTransportListenAddr
;
268 /** List of options that must be passed to pluggable transports. */
269 struct config_line_t
*ServerTransportOptions
;
271 int BridgeRelay
; /**< Boolean: are we acting as a bridge relay? We make
272 * this explicit so we can change how we behave in the
275 /** Boolean: if we know the bridge's digest, should we get new
276 * descriptors from the bridge authorities or from the bridge itself? */
277 int UpdateBridgesFromAuthority
;
279 int AvoidDiskWrites
; /**< Boolean: should we never cache things to disk?
281 int ClientOnly
; /**< Boolean: should we never evolve into a server role? */
283 int ReducedConnectionPadding
; /**< Boolean: Should we try to keep connections
284 open shorter and pad them less against
285 connection-level traffic analysis? */
286 /** Autobool: if auto, then connection padding will be negotiated by client
287 * and server. If 0, it will be fully disabled. If 1, the client will still
288 * pad to the server regardless of server support. */
289 int ConnectionPadding
;
291 /** Boolean: if true, then circuit padding will be negotiated by client
292 * and server, subject to consenus limits (default). If 0, it will be fully
296 /** Boolean: if true, then this client will discard cached bridge
297 * descriptors on a setconf or other config change that impacts guards
298 * or bridges (see options_transition_affects_guards() for exactly which
299 * config changes trigger it). Useful for tools that test bridge
300 * reachability by fetching fresh descriptors. */
301 int ReconfigDropsBridgeDescs
;
303 /** Boolean: if true, then this client will only use circuit padding
304 * algorithms that are known to use a low amount of overhead. If false,
305 * we will use all available circuit padding algorithms.
307 int ReducedCircuitPadding
;
309 /** To what authority types do we publish our descriptor? Choices are
310 * "v1", "v2", "v3", "bridge", or "". */
311 struct smartlist_t
*PublishServerDescriptor
;
312 /** A bitfield of authority types, derived from PublishServerDescriptor. */
313 dirinfo_type_t PublishServerDescriptor_
;
314 /** Boolean: do we publish hidden service descriptors to the HS auths? */
315 int PublishHidServDescriptors
;
316 int FetchServerDescriptors
; /**< Do we fetch server descriptors as normal? */
317 int FetchHidServDescriptors
; /**< and hidden service descriptors? */
319 int FetchUselessDescriptors
; /**< Do we fetch non-running descriptors too? */
320 int AllDirActionsPrivate
; /**< Should every directory action be sent
321 * through a Tor circuit? */
323 /** A routerset that should be used when picking middle nodes for HS
325 struct routerset_t
*HSLayer2Nodes
;
327 /** A routerset that should be used when picking third-hop nodes for HS
329 struct routerset_t
*HSLayer3Nodes
;
331 /** Onion Services in HiddenServiceSingleHopMode make one-hop (direct)
332 * circuits between the onion service server, and the introduction and
333 * rendezvous points. (Onion service descriptors are still posted using
334 * 3-hop paths, to avoid onion service directories blocking the service.)
335 * This option makes every hidden service instance hosted by
336 * this tor instance a Single Onion Service.
337 * HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be
339 * Use rend_service_allow_non_anonymous_connection() or
340 * rend_service_reveal_startup_time() instead of using this option directly.
342 int HiddenServiceSingleHopMode
;
343 /* Makes hidden service clients and servers non-anonymous on this tor
344 * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables
345 * non-anonymous behaviour in the hidden service protocol.
346 * Use hs_service_non_anonymous_mode_enabled() instead of using this option
349 int HiddenServiceNonAnonymousMode
;
351 int ConnLimit
; /**< Demanded minimum number of simultaneous connections. */
352 int ConnLimit_
; /**< Maximum allowed number of simultaneous connections. */
353 int ConnLimit_high_thresh
; /**< start trying to lower socket usage if we
355 int ConnLimit_low_thresh
; /**< try to get down to here after socket
357 int RunAsDaemon
; /**< If true, run in the background. (Unix only) */
358 int FascistFirewall
; /**< Whether to prefer ORs reachable on open ports. */
359 struct smartlist_t
*FirewallPorts
; /**< Which ports our firewall allows
361 /** IP:ports our firewall allows. */
362 struct config_line_t
*ReachableAddresses
;
363 struct config_line_t
*ReachableORAddresses
; /**< IP:ports for OR conns. */
364 struct config_line_t
*ReachableDirAddresses
; /**< IP:ports for Dir conns. */
366 int ConstrainedSockets
; /**< Shrink xmit and recv socket buffers. */
367 uint64_t ConstrainedSockSize
; /**< Size of constrained buffers. */
369 /** Whether we should drop exit streams from Tors that we don't know are
370 * relays. One of "0" (never refuse), "1" (always refuse), or "-1" (do
371 * what the consensus says, defaulting to 'refuse' if the consensus says
373 int RefuseUnknownExits
;
375 /** Application ports that require all nodes in circ to have sufficient
377 struct smartlist_t
*LongLivedPorts
;
378 /** Application ports that are likely to be unencrypted and
379 * unauthenticated; we reject requests for them to prevent the
380 * user from screwing up and leaking plaintext secrets to an
381 * observer somewhere on the Internet. */
382 struct smartlist_t
*RejectPlaintextPorts
;
383 /** Related to RejectPlaintextPorts above, except this config option
384 * controls whether we warn (in the log and via a controller status
385 * event) every time a risky connection is attempted. */
386 struct smartlist_t
*WarnPlaintextPorts
;
387 /** Should we try to reuse the same exit node for a given host */
388 struct smartlist_t
*TrackHostExits
;
389 int TrackHostExitsExpire
; /**< Number of seconds until we expire an
391 struct config_line_t
*AddressMap
; /**< List of address map directives. */
392 int AutomapHostsOnResolve
; /**< If true, when we get a resolve request for a
393 * hostname ending with one of the suffixes in
394 * <b>AutomapHostsSuffixes</b>, map it to a
395 * virtual address. */
396 /** List of suffixes for <b>AutomapHostsOnResolve</b>. The special value
397 * "." means "match everything." */
398 struct smartlist_t
*AutomapHostsSuffixes
;
399 int KeepalivePeriod
; /**< How often do we send padding cells to keep
400 * connections alive? */
401 int SocksTimeout
; /**< How long do we let a socks connection wait
402 * unattached before we fail it? */
403 int LearnCircuitBuildTimeout
; /**< If non-zero, we attempt to learn a value
404 * for CircuitBuildTimeout based on timeout
405 * history. Use circuit_build_times_disabled()
406 * rather than checking this value directly. */
407 int CircuitBuildTimeout
; /**< Cull non-open circuits that were born at
408 * least this many seconds ago. Used until
409 * adaptive algorithm learns a new value. */
410 int CircuitsAvailableTimeout
; /**< Try to have an open circuit for at
411 least this long after last activity */
412 int CircuitStreamTimeout
; /**< If non-zero, detach streams from circuits
413 * and try a new circuit if the stream has been
414 * waiting for this many seconds. If zero, use
415 * our default internal timeout schedule. */
416 int MaxOnionQueueDelay
; /*< DOCDOC */
417 int NewCircuitPeriod
; /**< How long do we use a circuit before building
419 int MaxCircuitDirtiness
; /**< Never use circs that were first used more than
420 this interval ago. */
421 uint64_t BandwidthRate
; /**< How much bandwidth, on average, are we willing
422 * to use in a second? */
423 uint64_t BandwidthBurst
; /**< How much bandwidth, at maximum, are we willing
424 * to use in a second? */
425 uint64_t MaxAdvertisedBandwidth
; /**< How much bandwidth are we willing to
426 * tell other nodes we have? */
427 uint64_t RelayBandwidthRate
; /**< How much bandwidth, on average, are we
428 * willing to use for all relayed conns? */
429 uint64_t RelayBandwidthBurst
; /**< How much bandwidth, at maximum, will we
430 * use in a second for all relayed conns? */
431 uint64_t PerConnBWRate
; /**< Long-term bw on a single TLS conn, if set. */
432 uint64_t PerConnBWBurst
; /**< Allowed burst on a single TLS conn, if set. */
433 int NumCPUs
; /**< How many CPUs should we try to use? */
434 struct config_line_t
*RendConfigLines
; /**< List of configuration lines
435 * for rendezvous services. */
436 char *ClientOnionAuthDir
; /**< Directory to keep client
437 * onion service authorization secret keys */
438 char *ContactInfo
; /**< Contact info to be published in the directory. */
440 int HeartbeatPeriod
; /**< Log heartbeat messages after this many seconds
442 int MainloopStats
; /**< Log main loop statistics as part of the
443 * heartbeat messages. */
445 char *HTTPProxy
; /**< hostname[:port] to use as http proxy, if any. */
446 tor_addr_t HTTPProxyAddr
; /**< Parsed IPv4 addr for http proxy, if any. */
447 uint16_t HTTPProxyPort
; /**< Parsed port for http proxy, if any. */
448 char *HTTPProxyAuthenticator
; /**< username:password string, if any. */
450 char *HTTPSProxy
; /**< hostname[:port] to use as https proxy, if any. */
451 tor_addr_t HTTPSProxyAddr
; /**< Parsed addr for https proxy, if any. */
452 uint16_t HTTPSProxyPort
; /**< Parsed port for https proxy, if any. */
453 char *HTTPSProxyAuthenticator
; /**< username:password string, if any. */
455 char *Socks4Proxy
; /**< hostname:port to use as a SOCKS4 proxy, if any. */
456 tor_addr_t Socks4ProxyAddr
; /**< Derived from Socks4Proxy. */
457 uint16_t Socks4ProxyPort
; /**< Derived from Socks4Proxy. */
459 char *Socks5Proxy
; /**< hostname:port to use as a SOCKS5 proxy, if any. */
460 tor_addr_t Socks5ProxyAddr
; /**< Derived from Sock5Proxy. */
461 uint16_t Socks5ProxyPort
; /**< Derived from Socks5Proxy. */
462 char *Socks5ProxyUsername
; /**< Username for SOCKS5 authentication, if any */
463 char *Socks5ProxyPassword
; /**< Password for SOCKS5 authentication, if any */
465 char *TCPProxy
; /**< protocol and hostname:port to use as a proxy, if any. */
466 tcp_proxy_protocol_t TCPProxyProtocol
; /**< Derived from TCPProxy. */
467 tor_addr_t TCPProxyAddr
; /**< Derived from TCPProxy. */
468 uint16_t TCPProxyPort
; /**< Derived from TCPProxy. */
470 /** List of configuration lines for replacement directory authorities.
471 * If you just want to replace one class of authority at a time,
472 * use the "Alternate*Authority" options below instead. */
473 struct config_line_t
*DirAuthorities
;
475 /** List of fallback directory servers */
476 struct config_line_t
*FallbackDir
;
477 /** Whether to use the default hard-coded FallbackDirs */
478 int UseDefaultFallbackDirs
;
480 /** Weight to apply to all directory authority rates if considering them
481 * along with fallbackdirs */
482 double DirAuthorityFallbackRate
;
484 /** If set, use these main (currently v3) directory authorities and
485 * not the default ones. */
486 struct config_line_t
*AlternateDirAuthority
;
488 /** If set, use these bridge authorities and not the default one. */
489 struct config_line_t
*AlternateBridgeAuthority
;
491 struct config_line_t
*MyFamily_lines
; /**< Declared family for this OR. */
492 struct config_line_t
*MyFamily
; /**< Declared family for this OR,
494 struct config_line_t
*NodeFamilies
; /**< List of config lines for
496 /** List of parsed NodeFamilies values. */
497 struct smartlist_t
*NodeFamilySets
;
498 struct config_line_t
*AuthDirBadExit
; /**< Address policy for descriptors to
499 * mark as bad exits. */
500 /** Address policy for descriptors to mark as only suitable for the
501 * middle position in circuits. */
502 struct config_line_t
*AuthDirMiddleOnly
;
503 struct config_line_t
*AuthDirReject
; /**< Address policy for descriptors to
505 struct config_line_t
*AuthDirInvalid
; /**< Address policy for descriptors to
506 * never mark as valid. */
507 /** @name AuthDir...CC
509 * Lists of country codes to mark as BadExit, or Invalid, or to
514 struct smartlist_t
*AuthDirBadExitCCs
;
515 struct smartlist_t
*AuthDirInvalidCCs
;
516 struct smartlist_t
*AuthDirMiddleOnlyCCs
;
517 struct smartlist_t
*AuthDirRejectCCs
;
520 char *AccountingStart
; /**< How long is the accounting interval, and when
522 uint64_t AccountingMax
; /**< How many bytes do we allow per accounting
523 * interval before hibernation? 0 for "never
525 /** How do we determine when our AccountingMax has been reached?
526 * "max" for when in or out reaches AccountingMax
527 * "sum" for when in plus out reaches AccountingMax
528 * "in" for when in reaches AccountingMax
529 * "out" for when out reaches AccountingMax */
530 char *AccountingRule_option
;
531 enum { ACCT_MAX
, ACCT_SUM
, ACCT_IN
, ACCT_OUT
} AccountingRule
;
533 /** Base64-encoded hash of accepted passwords for the control system. */
534 struct config_line_t
*HashedControlPassword
;
535 /** As HashedControlPassword, but not saved. */
536 struct config_line_t
*HashedControlSessionPassword
;
538 int CookieAuthentication
; /**< Boolean: do we enable cookie-based auth for
539 * the control system? */
540 char *CookieAuthFile
; /**< Filesystem location of a ControlPort
541 * authentication cookie. */
542 char *ExtORPortCookieAuthFile
; /**< Filesystem location of Extended
543 * ORPort authentication cookie. */
544 int CookieAuthFileGroupReadable
; /**< Boolean: Is the CookieAuthFile g+r? */
545 int ExtORPortCookieAuthFileGroupReadable
; /**< Boolean: Is the
546 * ExtORPortCookieAuthFile g+r? */
547 int LeaveStreamsUnattached
; /**< Boolean: Does Tor attach new streams to
548 * circuits itself (0), or does it expect a controller
550 int DisablePredictedCircuits
; /**< Boolean: does Tor preemptively
551 * make circuits in the background (0),
554 /** Process specifier for a controller that ‘owns’ this Tor
555 * instance. Tor will terminate if its owning controller does. */
556 char *OwningControllerProcess
;
557 /** FD specifier for a controller that owns this Tor instance. */
558 uint64_t OwningControllerFD
;
560 int ShutdownWaitLength
; /**< When we get a SIGINT and we're a server, how
561 * long do we wait before exiting? */
562 char *SafeLogging
; /**< Contains "relay", "1", "0" (meaning no scrubbing). */
564 /* Derived from SafeLogging */
566 SAFELOG_SCRUB_ALL
, SAFELOG_SCRUB_RELAY
, SAFELOG_SCRUB_NONE
569 int Sandbox
; /**< Boolean: should sandboxing be enabled? */
570 int SafeSocks
; /**< Boolean: should we outright refuse application
571 * connections that use socks4 or socks5-with-local-dns? */
572 int ProtocolWarnings
; /**< Boolean: when other parties screw up the Tor
573 * protocol, is it a warn or an info in our logs? */
574 int TestSocks
; /**< Boolean: when we get a socks connection, do we loudly
575 * log whether it was DNS-leaking or not? */
576 /** Token Bucket Refill resolution in milliseconds. */
577 int TokenBucketRefillInterval
;
579 /** Boolean: Do we try to enter from a smallish number
581 int UseEntryGuards_option
;
582 /** Internal variable to remember whether we're actually acting on
583 * UseEntryGuards_option -- when we're a non-anonymous Single Onion Service,
584 * it is always false, otherwise we use the value of UseEntryGuards_option.
588 int NumEntryGuards
; /**< How many entry guards do we try to establish? */
590 /** If 1, we use any guardfraction information we see in the
591 * consensus. If 0, we don't. If -1, let the consensus parameter
593 int UseGuardFraction
;
595 int NumDirectoryGuards
; /**< How many dir guards do we try to establish?
596 * If 0, use value from NumEntryGuards. */
597 int NumPrimaryGuards
; /**< How many primary guards do we want? */
599 /** Boolean: Switch to toggle the vanguards-lite subsystem */
600 int VanguardsLiteEnabled
;
602 /** Boolean: Switch to override consensus to enable congestion control */
603 int AlwaysCongestionControl
;
605 /** Boolean: Switch to specify this is an sbws measurement exit */
608 int RephistTrackTime
; /**< How many seconds do we keep rephist info? */
609 /** Should we always fetch our dir info on the mirror schedule (which
610 * means directly from the authorities) no matter our other config? */
611 int FetchDirInfoEarly
;
613 /** Should we fetch our dir info at the start of the consensus period? */
614 int FetchDirInfoExtraEarly
;
616 int DirCache
; /**< Cache all directory documents and accept requests via
617 * tunnelled dir conns from clients. If 1, enabled (default);
618 * If 0, disabled. Use dir_server_mode() rather than
619 * referencing this option directly. (Except for routermode
620 * and relay_config, which do direct checks.) */
622 char *VirtualAddrNetworkIPv4
; /**< Address and mask to hand out for virtual
623 * MAPADDRESS requests for IPv4 addresses */
624 char *VirtualAddrNetworkIPv6
; /**< Address and mask to hand out for virtual
625 * MAPADDRESS requests for IPv6 addresses */
626 int ServerDNSSearchDomains
; /**< Boolean: If set, we don't force exit
627 * addresses to be FQDNs, but rather search for them in
628 * the local domains. */
629 int ServerDNSDetectHijacking
; /**< Boolean: If true, check for DNS failure
631 int ServerDNSRandomizeCase
; /**< Boolean: Use the 0x20-hack to prevent
632 * DNS poisoning attacks. */
633 char *ServerDNSResolvConfFile
; /**< If provided, we configure our internal
634 * resolver from the file here rather than from
635 * /etc/resolv.conf (Unix) or the registry (Windows). */
636 char *DirPortFrontPage
; /**< This is a full path to a file with an html
637 disclaimer. This allows a server administrator to show
638 that they're running Tor and anyone visiting their server
639 will know this without any specialized knowledge. */
640 int DisableDebuggerAttachment
; /**< Currently Linux only specific attempt to
641 disable ptrace; needs BSD testing. */
642 /** Boolean: if set, we start even if our resolv.conf file is missing
644 int ServerDNSAllowBrokenConfig
;
645 /** Boolean: if set, then even connections to private addresses will get
647 int CountPrivateBandwidth
;
648 /** A list of addresses that definitely should be resolvable. Used for
649 * testing our DNS server. */
650 struct smartlist_t
*ServerDNSTestAddresses
;
651 int EnforceDistinctSubnets
; /**< If true, don't allow multiple routers in the
652 * same network zone in the same circuit. */
653 int AllowNonRFC953Hostnames
; /**< If true, we allow connections to hostnames
654 * with weird characters. */
655 /** If true, we try resolving hostnames with weird characters. */
656 int ServerDNSAllowNonRFC953Hostnames
;
658 /** If true, we try to download extra-info documents (and we serve them,
659 * if we are a cache). For authorities, this is always true. */
660 int DownloadExtraInfo
;
662 /** If true, we're configured to collect statistics on clients
663 * requesting network statuses from us as directory. */
664 int DirReqStatistics_option
;
665 /** Internal variable to remember whether we're actually acting on
666 * DirReqStatistics_option -- yes if it's set and we're a server, else no. */
667 int DirReqStatistics
;
669 /** If true, the user wants us to collect statistics on port usage. */
670 int ExitPortStatistics
;
672 /** If true, the user wants us to collect connection statistics. */
673 int ConnDirectionStatistics
;
675 /** If true, the user wants us to collect cell statistics. */
678 /** If true, the user wants us to collect padding statistics. */
679 int PaddingStatistics
;
681 /** If true, the user wants us to collect statistics as entry node. */
684 /** If true, the user wants us to collect statistics as hidden service
685 * directory, introduction point, or rendezvous point. */
686 int HiddenServiceStatistics_option
;
687 /** Internal variable to remember whether we're actually acting on
688 * HiddenServiceStatistics_option -- yes if it's set and we're a server,
690 int HiddenServiceStatistics
;
692 /** If true, include statistics file contents in extra-info documents. */
693 int ExtraInfoStatistics
;
695 /** If true, include overload statistics in extra-info documents. */
696 int OverloadStatistics
;
698 /** If true, do not believe anybody who tells us that a domain resolves
699 * to an internal address, or that an internal address has a PTR mapping.
700 * Helps avoid some cross-site attacks. */
701 int ClientDNSRejectInternalAddresses
;
703 /** If true, do not accept any requests to connect to internal addresses
704 * over randomly chosen exits. */
705 int ClientRejectInternalAddresses
;
707 /** If true, clients may connect over IPv4. If false, they will avoid
708 * connecting over IPv4. We enforce this for OR and Dir connections. */
710 /** If true, clients may connect over IPv6. If false, they will avoid
711 * connecting over IPv4. We enforce this for OR and Dir connections.
712 * Use reachable_addr_use_ipv6() instead of accessing this value
715 /** If true, prefer an IPv6 OR port over an IPv4 one for entry node
716 * connections. If auto, bridge clients prefer IPv6, and other clients
717 * prefer IPv4. Use node_ipv6_or_preferred() instead of accessing this value
719 int ClientPreferIPv6ORPort
;
720 /** If true, prefer an IPv6 directory port over an IPv4 one for direct
721 * directory connections. If auto, bridge clients prefer IPv6, and other
722 * clients prefer IPv4. Use reachable_addr_prefer_ipv6_dirport() instead of
723 * accessing this value directly. */
724 int ClientPreferIPv6DirPort
;
726 /** If true, always use the compiled hash implementation. If false, always
727 * the interpreter. Default of "auto" allows a dynamic fallback from
728 * copmiler to interpreter. */
729 int CompiledProofOfWorkHash
;
731 /** If true, the tor client will use conflux for its general purpose
732 * circuits which excludes onion service traffic. */
735 /** Has the UX integer value that the client will request from the exit. */
736 char *ConfluxClientUX_option
;
739 /** The length of time that we think a consensus should be fresh. */
740 int V3AuthVotingInterval
;
741 /** The length of time we think it will take to distribute votes. */
743 /** The length of time we think it will take to distribute signatures. */
745 /** The number of intervals we think a consensus should be valid. */
746 int V3AuthNIntervalsValid
;
748 /** Should advertise and sign consensuses with a legacy key, for key
749 * migration purposes? */
750 int V3AuthUseLegacyKey
;
752 /** Location of bandwidth measurement file */
753 char *V3BandwidthsFile
;
755 /** Location of guardfraction file */
756 char *GuardfractionFile
;
758 /** The length of time that we think an initial consensus should be fresh.
759 * Only altered on testing networks. */
760 int TestingV3AuthInitialVotingInterval
;
762 /** The length of time we think it will take to distribute initial votes.
763 * Only altered on testing networks. */
764 int TestingV3AuthInitialVoteDelay
;
766 /** The length of time we think it will take to distribute initial
767 * signatures. Only altered on testing networks.*/
768 int TestingV3AuthInitialDistDelay
;
770 /** Offset in seconds added to the starting time for consensus
771 voting. Only altered on testing networks. */
772 int TestingV3AuthVotingStartOffset
;
774 /** Schedule for when servers should download things in general. Only
775 * altered on testing networks. */
776 int TestingServerDownloadInitialDelay
;
778 /** Schedule for when clients should download things in general. Only
779 * altered on testing networks. */
780 int TestingClientDownloadInitialDelay
;
782 /** Schedule for when servers should download consensuses. Only altered
783 * on testing networks. */
784 int TestingServerConsensusDownloadInitialDelay
;
786 /** Schedule for when clients should download consensuses. Only altered
787 * on testing networks. */
788 int TestingClientConsensusDownloadInitialDelay
;
790 /** Schedule for when clients should download consensuses from authorities
791 * if they are bootstrapping (that is, they don't have a usable, reasonably
792 * live consensus). Only used by clients fetching from a list of fallback
795 * This schedule is incremented by (potentially concurrent) connection
796 * attempts, unlike other schedules, which are incremented by connection
797 * failures. Only altered on testing networks. */
798 int ClientBootstrapConsensusAuthorityDownloadInitialDelay
;
800 /** Schedule for when clients should download consensuses from fallback
801 * directory mirrors if they are bootstrapping (that is, they don't have a
802 * usable, reasonably live consensus). Only used by clients fetching from a
803 * list of fallback directory mirrors.
805 * This schedule is incremented by (potentially concurrent) connection
806 * attempts, unlike other schedules, which are incremented by connection
807 * failures. Only altered on testing networks. */
808 int ClientBootstrapConsensusFallbackDownloadInitialDelay
;
810 /** Schedule for when clients should download consensuses from authorities
811 * if they are bootstrapping (that is, they don't have a usable, reasonably
812 * live consensus). Only used by clients which don't have or won't fetch
813 * from a list of fallback directory mirrors.
815 * This schedule is incremented by (potentially concurrent) connection
816 * attempts, unlike other schedules, which are incremented by connection
817 * failures. Only altered on testing networks. */
818 int ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay
;
820 /** Schedule for when clients should download bridge descriptors. Only
821 * altered on testing networks. */
822 int TestingBridgeDownloadInitialDelay
;
824 /** Schedule for when clients should download bridge descriptors when they
825 * have no running bridges. Only altered on testing networks. */
826 int TestingBridgeBootstrapDownloadInitialDelay
;
828 /** When directory clients have only a few descriptors to request, they
829 * batch them until they have more, or until this amount of time has
830 * passed. Only altered on testing networks. */
831 int TestingClientMaxIntervalWithoutRequest
;
833 /** How long do we let a directory connection stall before expiring
834 * it? Only altered on testing networks. */
835 int TestingDirConnectionMaxStall
;
837 /** How many simultaneous in-progress connections will we make when trying
838 * to fetch a consensus before we wait for one to complete, timeout, or
839 * error out? Only altered on testing networks. */
840 int ClientBootstrapConsensusMaxInProgressTries
;
842 /** If true, we take part in a testing network. Change the defaults of a
843 * couple of other configuration options and allow to change the values
844 * of certain configuration options. */
845 int TestingTorNetwork
;
847 /** Enable CONN_BW events. Only altered on testing networks. */
848 int TestingEnableConnBwEvent
;
850 /** Enable CELL_STATS events. Only altered on testing networks. */
851 int TestingEnableCellStatsEvent
;
853 /** If true, and we have GeoIP data, and we're a bridge, keep a per-country
854 * count of how many client addresses have contacted us so that we can help
855 * the bridge authority guess which countries have blocked access to us. */
856 int BridgeRecordUsageByCountry
;
858 /** Optionally, IPv4 and IPv6 GeoIP data. */
862 /** Autobool: if auto, then any attempt to Exclude{Exit,}Nodes a particular
863 * country code will exclude all nodes in ?? and A1. If true, all nodes in
864 * ?? and A1 are excluded. Has no effect if we don't know any GeoIP data. */
865 int GeoIPExcludeUnknown
;
867 /** If true, SIGHUP should reload the torrc. Sometimes controllers want
868 * to make this false. */
869 int ReloadTorrcOnSIGHUP
;
871 /** The main parameter for picking circuits within a connection.
873 * If this value is positive, when picking a cell to relay on a connection,
874 * we always relay from the circuit whose weighted cell count is lowest.
875 * Cells are weighted exponentially such that if one cell is sent
876 * 'CircuitPriorityHalflife' seconds before another, it counts for half as
879 * If this value is zero, we're disabling the cell-EWMA algorithm.
881 * If this value is negative, we're using the default approach
882 * according to either Tor or a parameter set in the consensus.
884 double CircuitPriorityHalflife
;
886 /** Set to true if the TestingTorNetwork configuration option is set.
887 * This is used so that options_validate() has a chance to realize that
888 * the defaults have changed. */
889 int UsingTestNetworkDefaults_
;
891 /** If 1, we try to use microdescriptors to build circuits. If 0, we don't.
892 * If -1, Tor decides. */
893 int UseMicrodescriptors
;
895 /** File where we should write the ControlPort. */
896 char *ControlPortWriteToFile
;
897 /** Should that file be group-readable? */
898 int ControlPortFileGroupReadable
;
900 #define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024
901 /** Maximum number of non-open general-purpose origin circuits to allow at
903 int MaxClientCircuitsPending
;
905 /** If 1, we accept and launch no external network connections, except on
910 * Parameters for path-bias detection.
912 * These options override the default behavior of Tor's (**currently
913 * experimental**) path bias detection algorithm. To try to find broken or
914 * misbehaving guard nodes, Tor looks for nodes where more than a certain
915 * fraction of circuits through that guard fail to get built.
917 * The PathBiasCircThreshold option controls how many circuits we need to
918 * build through a guard before we make these checks. The
919 * PathBiasNoticeRate, PathBiasWarnRate and PathBiasExtremeRate options
920 * control what fraction of circuits must succeed through a guard so we
921 * won't write log messages. If less than PathBiasExtremeRate circuits
922 * succeed *and* PathBiasDropGuards is set to 1, we disable use of that
925 * When we have seen more than PathBiasScaleThreshold circuits through a
926 * guard, we scale our observations by 0.5 (governed by the consensus) so
927 * that new observations don't get swamped by old ones.
929 * By default, or if a negative value is provided for one of these options,
930 * Tor uses reasonable defaults from the networkstatus consensus document.
931 * If no defaults are available there, these options default to 150, .70,
932 * .50, .30, 0, and 300 respectively.
934 int PathBiasCircThreshold
;
935 double PathBiasNoticeRate
;
936 double PathBiasWarnRate
;
937 double PathBiasExtremeRate
;
938 int PathBiasDropGuards
;
939 int PathBiasScaleThreshold
;
943 * Parameters for path-bias use detection
945 * Similar to the above options, these options override the default behavior
946 * of Tor's (**currently experimental**) path use bias detection algorithm.
948 * Where as the path bias parameters govern thresholds for successfully
949 * building circuits, these four path use bias parameters govern thresholds
950 * only for circuit usage. Circuits which receive no stream usage are not
951 * counted by this detection algorithm. A used circuit is considered
952 * successful if it is capable of carrying streams or otherwise receiving
953 * well-formed responses to RELAY cells.
955 * By default, or if a negative value is provided for one of these options,
956 * Tor uses reasonable defaults from the networkstatus consensus document.
957 * If no defaults are available there, these options default to 20, .80,
958 * .60, and 100, respectively.
960 int PathBiasUseThreshold
;
961 double PathBiasNoticeUseRate
;
962 double PathBiasExtremeUseRate
;
963 int PathBiasScaleUseThreshold
;
966 int IPv6Exit
; /**< Do we support exiting to IPv6 addresses? */
969 double PathsNeededToBuildCircuits
;
971 /** What expiry time shall we place on our SSL certs? "0" means we
972 * should guess a suitable value. */
975 /** How long (seconds) do we keep a guard before picking a new one? */
978 /** Is this an exit node? This is a tristate, where "1" means "yes, and use
979 * the default exit policy if none is given" and "0" means "no; exit policy
980 * is 'reject *'" and "auto" (-1) means "same as 1, but warn the user."
982 * XXXX Eventually, the default will be 0. */
985 /** For how long (seconds) do we declare our signing keys to be valid? */
986 int SigningKeyLifetime
;
987 /** For how long (seconds) do we declare our link keys to be valid? */
988 int TestingLinkCertLifetime
;
989 /** For how long (seconds) do we declare our auth keys to be valid? */
990 int TestingAuthKeyLifetime
;
992 /** How long before signing keys expire will we try to make a new one? */
993 int TestingSigningKeySlop
;
994 /** How long before link keys expire will we try to make a new one? */
995 int TestingLinkKeySlop
;
996 /** How long before auth keys expire will we try to make a new one? */
997 int TestingAuthKeySlop
;
999 /** Force use of offline master key features: never generate a master
1000 * ed25519 identity key except from tor --keygen */
1001 int OfflineMasterKey
;
1003 key_expiration_format_t key_expiration_format
;
1006 FORCE_PASSPHRASE_AUTO
=0,
1007 FORCE_PASSPHRASE_ON
,
1008 FORCE_PASSPHRASE_OFF
1009 } keygen_force_passphrase
;
1010 int use_keygen_passphrase_fd
;
1011 int keygen_passphrase_fd
;
1012 int change_key_passphrase
;
1013 char *master_key_fname
;
1015 /** Autobool: Do we try to retain capabilities if we can? */
1016 int KeepBindCapabilities
;
1018 /** Maximum total size of unparseable descriptors to log during the
1019 * lifetime of this Tor process.
1021 uint64_t MaxUnparseableDescSizeToLog
;
1023 /** If 1, we skip all OOS checks. */
1024 int DisableOOSCheck
;
1026 /** Autobool: Should we include Ed25519 identities in extend2 cells?
1027 * If -1, we should do whatever the consensus parameter says. */
1028 int ExtendByEd25519ID
;
1030 /** Bool (default: 0): Tells if a %include was used on torrc */
1033 /** The seconds after expiration which we as a relay should keep old
1034 * consensuses around so that we can generate diffs from them. If 0,
1035 * use the default. */
1036 int MaxConsensusAgeForDiffs
;
1038 /** Bool (default: 0). Tells Tor to never try to exec another program.
1042 /** Have the KIST scheduler run every X milliseconds. If less than zero, do
1043 * not use the KIST scheduler but use the old vanilla scheduler instead. If
1044 * zero, do what the consensus says and fall back to using KIST as if this is
1045 * set to "10 msec" if the consensus doesn't say anything. */
1046 int KISTSchedRunInterval
;
1048 /** A multiplier for the KIST per-socket limit calculation. */
1049 double KISTSockBufSizeFactor
;
1051 /** The list of scheduler type string ordered by priority that is first one
1052 * has to be tried first. Default: KIST,KISTLite,Vanilla */
1053 struct smartlist_t
*Schedulers
;
1054 /** An ordered list of scheduler_types mapped from Schedulers. */
1055 struct smartlist_t
*SchedulerTypes_
;
1057 /** List of files that were opened by %include in torrc and torrc-defaults */
1058 struct smartlist_t
*FilesOpenedByIncludes
;
1060 /** If true, Tor shouldn't install any posix signal handlers, since it is
1061 * running embedded inside another process.
1063 int DisableSignalHandlers
;
1065 /** Interval: how long without activity does it take for a client
1066 * to become dormant?
1068 int DormantClientTimeout
;
1071 * Boolean: If enabled, then we consider the timeout when deciding whether
1072 * to be dormant. If not enabled, then only the SIGNAL ACTIVE/DORMANT
1073 * controls can change our status.
1075 int DormantTimeoutEnabled
;
1077 /** Boolean: true if having an idle stream is sufficient to prevent a client
1078 * from becoming dormant.
1080 int DormantTimeoutDisabledByIdleStreams
;
1082 /** Boolean: true if Tor should be dormant the first time it starts with
1083 * a datadirectory; false otherwise. */
1084 int DormantOnFirstStartup
;
1086 * Boolean: true if Tor should treat every startup event as cancelling
1087 * a possible previous dormant state.
1089 int DormantCanceledByStartup
;
1091 /** List of policy allowed to query the Metrics port. */
1092 struct config_line_t
*MetricsPortPolicy
;
1094 /** How far must we be into the current bandwidth-measurement period to
1095 * report bandwidth observations from this period? */
1096 int TestingMinTimeToReportBandwidth
;
1099 * Configuration objects for individual modules.
1101 * Never access this field or its members directly: instead, use the module
1102 * in question to get its relevant configuration object.
1104 struct config_suite_t
*subconfigs_
;
1107 #endif /* !defined(TOR_OR_OPTIONS_ST_H) */