1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2011, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
9 * \brief Code to parse and interpret configuration files.
12 #define CONFIG_PRIVATE
15 #include "circuitbuild.h"
16 #include "circuitlist.h"
18 #include "connection.h"
19 #include "connection_edge.h"
20 #include "connection_or.h"
22 #include "cpuworker.h"
27 #include "hibernate.h"
29 #include "networkstatus.h"
32 #include "rendclient.h"
33 #include "rendservice.h"
37 #include "routerlist.h"
38 #include "transports.h"
46 extern int quiet_level
;
48 /** Enumeration of types which option values can take */
49 typedef enum config_type_t
{
50 CONFIG_TYPE_STRING
= 0, /**< An arbitrary string. */
51 CONFIG_TYPE_FILENAME
, /**< A filename: some prefixes get expanded. */
52 CONFIG_TYPE_UINT
, /**< A non-negative integer less than MAX_INT */
53 CONFIG_TYPE_PORT
, /**< A port from 1...65535, 0 for "not set", or
55 CONFIG_TYPE_INTERVAL
, /**< A number of seconds, with optional units*/
56 CONFIG_TYPE_MSEC_INTERVAL
,/**< A number of milliseconds, with optional
58 CONFIG_TYPE_MEMUNIT
, /**< A number of bytes, with optional units*/
59 CONFIG_TYPE_DOUBLE
, /**< A floating-point value */
60 CONFIG_TYPE_BOOL
, /**< A boolean value, expressed as 0 or 1. */
61 CONFIG_TYPE_AUTOBOOL
, /**< A boolean+auto value, expressed 0 for false,
62 * 1 for true, and -1 for auto */
63 CONFIG_TYPE_ISOTIME
, /**< An ISO-formatted time relative to GMT. */
64 CONFIG_TYPE_CSV
, /**< A list of strings, separated by commas and
65 * optional whitespace. */
66 CONFIG_TYPE_LINELIST
, /**< Uninterpreted config lines */
67 CONFIG_TYPE_LINELIST_S
, /**< Uninterpreted, context-sensitive config lines,
68 * mixed with other keywords. */
69 CONFIG_TYPE_LINELIST_V
, /**< Catch-all "virtual" option to summarize
70 * context-sensitive config lines when fetching.
72 CONFIG_TYPE_ROUTERSET
, /**< A list of router names, addrs, and fps,
73 * parsed into a routerset_t. */
74 CONFIG_TYPE_OBSOLETE
, /**< Obsolete (ignored) option. */
77 /** An abbreviation for a configuration option allowed on the command line. */
78 typedef struct config_abbrev_t
{
79 const char *abbreviated
;
85 /* Handy macro for declaring "In the config file or on the command line,
86 * you can abbreviate <b>tok</b>s as <b>tok</b>". */
87 #define PLURAL(tok) { #tok, #tok "s", 0, 0 }
89 /** A list of abbreviations and aliases to map command-line options, obsolete
90 * option names, or alternative option names, to their current values. */
91 static config_abbrev_t _option_abbrevs
[] = {
96 PLURAL(LongLivedPort
),
97 PLURAL(HiddenServiceNode
),
98 PLURAL(HiddenServiceExcludeNode
),
101 PLURAL(RendExcludeNode
),
102 PLURAL(StrictEntryNode
),
103 PLURAL(StrictExitNode
),
106 { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
107 { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
108 { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
109 { "BandwidthRateBytes", "BandwidthRate", 0, 0},
110 { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
111 { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
112 { "MaxConn", "ConnLimit", 0, 1},
113 { "ORBindAddress", "ORListenAddress", 0, 0},
114 { "DirBindAddress", "DirListenAddress", 0, 0},
115 { "SocksBindAddress", "SocksListenAddress", 0, 0},
116 { "UseHelperNodes", "UseEntryGuards", 0, 0},
117 { "NumHelperNodes", "NumEntryGuards", 0, 0},
118 { "UseEntryNodes", "UseEntryGuards", 0, 0},
119 { "NumEntryNodes", "NumEntryGuards", 0, 0},
120 { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
121 { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
122 { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
123 { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
124 { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
125 { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
126 { "StrictEntryNodes", "StrictNodes", 0, 1},
127 { "StrictExitNodes", "StrictNodes", 0, 1},
131 /** A list of state-file "abbreviations," for compatibility. */
132 static config_abbrev_t _state_abbrevs
[] = {
133 { "AccountingBytesReadInterval", "AccountingBytesReadInInterval", 0, 0 },
134 { "HelperNode", "EntryGuard", 0, 0 },
135 { "HelperNodeDownSince", "EntryGuardDownSince", 0, 0 },
136 { "HelperNodeUnlistedSince", "EntryGuardUnlistedSince", 0, 0 },
137 { "EntryNode", "EntryGuard", 0, 0 },
138 { "EntryNodeDownSince", "EntryGuardDownSince", 0, 0 },
139 { "EntryNodeUnlistedSince", "EntryGuardUnlistedSince", 0, 0 },
144 /** A variable allowed in the configuration file or on the command line. */
145 typedef struct config_var_t
{
146 const char *name
; /**< The full keyword (case insensitive). */
147 config_type_t type
; /**< How to interpret the type and turn it into a
149 off_t var_offset
; /**< Offset of the corresponding member of or_options_t. */
150 const char *initvalue
; /**< String (or null) describing initial value. */
153 /** An entry for config_vars: "The option <b>name</b> has type
154 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
155 * or_options_t.<b>member</b>"
157 #define VAR(name,conftype,member,initvalue) \
158 { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
160 /** As VAR, but the option name and member name are the same. */
161 #define V(member,conftype,initvalue) \
162 VAR(#member, conftype, member, initvalue)
163 /** An entry for config_vars: "The option <b>name</b> is obsolete." */
164 #define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
166 /** Array of configuration options. Until we disallow nonstandard
167 * abbreviations, order is significant, since the first matching option will
170 static config_var_t _option_vars
[] = {
171 OBSOLETE("AccountingMaxKB"),
172 V(AccountingMax
, MEMUNIT
, "0 bytes"),
173 V(AccountingStart
, STRING
, NULL
),
174 V(Address
, STRING
, NULL
),
175 V(AllowDotExit
, BOOL
, "0"),
176 V(AllowInvalidNodes
, CSV
, "middle,rendezvous"),
177 V(AllowNonRFC953Hostnames
, BOOL
, "0"),
178 V(AllowSingleHopCircuits
, BOOL
, "0"),
179 V(AllowSingleHopExits
, BOOL
, "0"),
180 V(AlternateBridgeAuthority
, LINELIST
, NULL
),
181 V(AlternateDirAuthority
, LINELIST
, NULL
),
182 V(AlternateHSAuthority
, LINELIST
, NULL
),
183 V(AssumeReachable
, BOOL
, "0"),
184 V(AuthDirBadDir
, LINELIST
, NULL
),
185 V(AuthDirBadExit
, LINELIST
, NULL
),
186 V(AuthDirInvalid
, LINELIST
, NULL
),
187 V(AuthDirFastGuarantee
, MEMUNIT
, "100 KB"),
188 V(AuthDirGuardBWGuarantee
, MEMUNIT
, "250 KB"),
189 V(AuthDirReject
, LINELIST
, NULL
),
190 V(AuthDirRejectUnlisted
, BOOL
, "0"),
191 V(AuthDirListBadDirs
, BOOL
, "0"),
192 V(AuthDirListBadExits
, BOOL
, "0"),
193 V(AuthDirMaxServersPerAddr
, UINT
, "2"),
194 V(AuthDirMaxServersPerAuthAddr
,UINT
, "5"),
195 VAR("AuthoritativeDirectory", BOOL
, AuthoritativeDir
, "0"),
196 V(AutomapHostsOnResolve
, BOOL
, "0"),
197 V(AutomapHostsSuffixes
, CSV
, ".onion,.exit"),
198 V(AvoidDiskWrites
, BOOL
, "0"),
199 V(BandwidthBurst
, MEMUNIT
, "10 MB"),
200 V(BandwidthRate
, MEMUNIT
, "5 MB"),
201 V(BridgeAuthoritativeDir
, BOOL
, "0"),
202 VAR("Bridge", LINELIST
, Bridges
, NULL
),
203 V(BridgePassword
, STRING
, NULL
),
204 V(BridgeRecordUsageByCountry
, BOOL
, "1"),
205 V(BridgeRelay
, BOOL
, "0"),
206 V(CellStatistics
, BOOL
, "0"),
207 V(LearnCircuitBuildTimeout
, BOOL
, "1"),
208 V(CircuitBuildTimeout
, INTERVAL
, "0"),
209 V(CircuitIdleTimeout
, INTERVAL
, "1 hour"),
210 V(CircuitStreamTimeout
, INTERVAL
, "0"),
211 V(CircuitPriorityHalflife
, DOUBLE
, "-100.0"), /*negative:'Use default'*/
212 V(ClientDNSRejectInternalAddresses
, BOOL
,"1"),
213 V(ClientOnly
, BOOL
, "0"),
214 V(ClientRejectInternalAddresses
, BOOL
, "1"),
215 V(ClientTransportPlugin
, LINELIST
, NULL
),
216 V(ConsensusParams
, STRING
, NULL
),
217 V(ConnLimit
, UINT
, "1000"),
218 V(ConnDirectionStatistics
, BOOL
, "0"),
219 V(ConstrainedSockets
, BOOL
, "0"),
220 V(ConstrainedSockSize
, MEMUNIT
, "8192"),
221 V(ContactInfo
, STRING
, NULL
),
222 V(ControlListenAddress
, LINELIST
, NULL
),
223 V(ControlPort
, PORT
, "0"),
224 V(ControlPortFileGroupReadable
,BOOL
, "0"),
225 V(ControlPortWriteToFile
, FILENAME
, NULL
),
226 V(ControlSocket
, LINELIST
, NULL
),
227 V(ControlSocketsGroupWritable
, BOOL
, "0"),
228 V(CookieAuthentication
, BOOL
, "0"),
229 V(CookieAuthFileGroupReadable
, BOOL
, "0"),
230 V(CookieAuthFile
, STRING
, NULL
),
231 V(CountPrivateBandwidth
, BOOL
, "0"),
232 V(DataDirectory
, FILENAME
, NULL
),
233 OBSOLETE("DebugLogFile"),
234 V(DirAllowPrivateAddresses
, BOOL
, NULL
),
235 V(TestingAuthDirTimeToLearnReachability
, INTERVAL
, "30 minutes"),
236 V(DirListenAddress
, LINELIST
, NULL
),
237 OBSOLETE("DirFetchPeriod"),
238 V(DirPolicy
, LINELIST
, NULL
),
239 V(DirPort
, PORT
, "0"),
240 V(DirPortFrontPage
, FILENAME
, NULL
),
241 OBSOLETE("DirPostPeriod"),
242 OBSOLETE("DirRecordUsageByCountry"),
243 OBSOLETE("DirRecordUsageGranularity"),
244 OBSOLETE("DirRecordUsageRetainIPs"),
245 OBSOLETE("DirRecordUsageSaveInterval"),
246 V(DirReqStatistics
, BOOL
, "1"),
247 VAR("DirServer", LINELIST
, DirServers
, NULL
),
248 V(DisableAllSwap
, BOOL
, "0"),
249 V(DisableIOCP
, BOOL
, "1"),
250 V(DynamicPrimes
, BOOL
, "1"),
251 V(DNSPort
, LINELIST
, NULL
),
252 V(DNSListenAddress
, LINELIST
, NULL
),
253 V(DownloadExtraInfo
, BOOL
, "0"),
254 V(EnforceDistinctSubnets
, BOOL
, "1"),
255 V(EntryNodes
, ROUTERSET
, NULL
),
256 V(EntryStatistics
, BOOL
, "0"),
257 V(TestingEstimatedDescriptorPropagationTime
, INTERVAL
, "10 minutes"),
258 V(ExcludeNodes
, ROUTERSET
, NULL
),
259 V(ExcludeExitNodes
, ROUTERSET
, NULL
),
260 V(ExcludeSingleHopRelays
, BOOL
, "1"),
261 V(ExitNodes
, ROUTERSET
, NULL
),
262 V(ExitPolicy
, LINELIST
, NULL
),
263 V(ExitPolicyRejectPrivate
, BOOL
, "1"),
264 V(ExitPortStatistics
, BOOL
, "0"),
265 V(ExtraInfoStatistics
, BOOL
, "1"),
268 V(FallbackNetworkstatusFile
, FILENAME
, "fallback-consensus"),
270 V(FallbackNetworkstatusFile
, FILENAME
,
271 SHARE_DATADIR PATH_SEPARATOR
"tor" PATH_SEPARATOR
"fallback-consensus"),
273 V(FascistFirewall
, BOOL
, "0"),
274 V(FirewallPorts
, CSV
, ""),
275 V(FastFirstHopPK
, BOOL
, "1"),
276 V(FetchDirInfoEarly
, BOOL
, "0"),
277 V(FetchDirInfoExtraEarly
, BOOL
, "0"),
278 V(FetchServerDescriptors
, BOOL
, "1"),
279 V(FetchHidServDescriptors
, BOOL
, "1"),
280 V(FetchUselessDescriptors
, BOOL
, "0"),
281 V(FetchV2Networkstatus
, BOOL
, "0"),
283 V(GeoIPFile
, FILENAME
, "<default>"),
285 V(GeoIPFile
, FILENAME
,
286 SHARE_DATADIR PATH_SEPARATOR
"tor" PATH_SEPARATOR
"geoip"),
288 V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
,
291 V(HardwareAccel
, BOOL
, "0"),
292 V(HeartbeatPeriod
, INTERVAL
, "6 hours"),
293 V(AccelName
, STRING
, NULL
),
294 V(AccelDir
, FILENAME
, NULL
),
295 V(HashedControlPassword
, LINELIST
, NULL
),
296 V(HidServDirectoryV2
, BOOL
, "1"),
297 VAR("HiddenServiceDir", LINELIST_S
, RendConfigLines
, NULL
),
298 OBSOLETE("HiddenServiceExcludeNodes"),
299 OBSOLETE("HiddenServiceNodes"),
300 VAR("HiddenServiceOptions",LINELIST_V
, RendConfigLines
, NULL
),
301 VAR("HiddenServicePort", LINELIST_S
, RendConfigLines
, NULL
),
302 VAR("HiddenServiceVersion",LINELIST_S
, RendConfigLines
, NULL
),
303 VAR("HiddenServiceAuthorizeClient",LINELIST_S
,RendConfigLines
, NULL
),
304 V(HidServAuth
, LINELIST
, NULL
),
305 V(HSAuthoritativeDir
, BOOL
, "0"),
306 OBSOLETE("HSAuthorityRecordStats"),
307 V(HTTPProxy
, STRING
, NULL
),
308 V(HTTPProxyAuthenticator
, STRING
, NULL
),
309 V(HTTPSProxy
, STRING
, NULL
),
310 V(HTTPSProxyAuthenticator
, STRING
, NULL
),
311 VAR("ServerTransportPlugin", LINELIST
, ServerTransportPlugin
, NULL
),
312 V(Socks4Proxy
, STRING
, NULL
),
313 V(Socks5Proxy
, STRING
, NULL
),
314 V(Socks5ProxyUsername
, STRING
, NULL
),
315 V(Socks5ProxyPassword
, STRING
, NULL
),
316 OBSOLETE("IgnoreVersion"),
317 V(KeepalivePeriod
, INTERVAL
, "5 minutes"),
318 VAR("Log", LINELIST
, Logs
, NULL
),
319 V(LogMessageDomains
, BOOL
, "0"),
320 OBSOLETE("LinkPadding"),
321 OBSOLETE("LogLevel"),
323 V(LogTimeGranularity
, MSEC_INTERVAL
, "1 second"),
324 V(LongLivedPorts
, CSV
,
325 "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
326 VAR("MapAddress", LINELIST
, AddressMap
, NULL
),
327 V(MaxAdvertisedBandwidth
, MEMUNIT
, "1 GB"),
328 V(MaxCircuitDirtiness
, INTERVAL
, "10 minutes"),
329 V(MaxClientCircuitsPending
, UINT
, "32"),
330 V(MaxOnionsPending
, UINT
, "100"),
331 OBSOLETE("MonthlyAccountingStart"),
332 V(MyFamily
, STRING
, NULL
),
333 V(NewCircuitPeriod
, INTERVAL
, "30 seconds"),
334 VAR("NamingAuthoritativeDirectory",BOOL
, NamingAuthoritativeDir
, "0"),
335 V(NATDListenAddress
, LINELIST
, NULL
),
336 V(NATDPort
, LINELIST
, NULL
),
337 V(Nickname
, STRING
, NULL
),
338 V(WarnUnsafeSocks
, BOOL
, "1"),
339 OBSOLETE("NoPublish"),
340 VAR("NodeFamily", LINELIST
, NodeFamilies
, NULL
),
341 V(NumCPUs
, UINT
, "0"),
342 V(NumEntryGuards
, UINT
, "3"),
343 V(ORListenAddress
, LINELIST
, NULL
),
344 V(ORPort
, PORT
, "0"),
345 V(OutboundBindAddress
, STRING
, NULL
),
346 OBSOLETE("PathlenCoinWeight"),
347 V(PerConnBWBurst
, MEMUNIT
, "0"),
348 V(PerConnBWRate
, MEMUNIT
, "0"),
349 V(PidFile
, STRING
, NULL
),
350 V(TestingTorNetwork
, BOOL
, "0"),
351 V(OptimisticData
, AUTOBOOL
, "auto"),
352 V(PortForwarding
, BOOL
, "0"),
353 V(PortForwardingHelper
, FILENAME
, "tor-fw-helper"),
354 V(PreferTunneledDirConns
, BOOL
, "1"),
355 V(ProtocolWarnings
, BOOL
, "0"),
356 V(PublishServerDescriptor
, CSV
, "1"),
357 V(PublishHidServDescriptors
, BOOL
, "1"),
358 V(ReachableAddresses
, LINELIST
, NULL
),
359 V(ReachableDirAddresses
, LINELIST
, NULL
),
360 V(ReachableORAddresses
, LINELIST
, NULL
),
361 V(RecommendedVersions
, LINELIST
, NULL
),
362 V(RecommendedClientVersions
, LINELIST
, NULL
),
363 V(RecommendedServerVersions
, LINELIST
, NULL
),
364 OBSOLETE("RedirectExit"),
365 V(RefuseUnknownExits
, AUTOBOOL
, "auto"),
366 V(RejectPlaintextPorts
, CSV
, ""),
367 V(RelayBandwidthBurst
, MEMUNIT
, "0"),
368 V(RelayBandwidthRate
, MEMUNIT
, "0"),
369 OBSOLETE("RendExcludeNodes"),
370 OBSOLETE("RendNodes"),
371 V(RendPostPeriod
, INTERVAL
, "1 hour"),
372 V(RephistTrackTime
, INTERVAL
, "24 hours"),
373 OBSOLETE("RouterFile"),
374 V(RunAsDaemon
, BOOL
, "0"),
375 // V(RunTesting, BOOL, "0"),
376 OBSOLETE("RunTesting"), // currently unused
377 V(SafeLogging
, STRING
, "1"),
378 V(SafeSocks
, BOOL
, "0"),
379 V(ServerDNSAllowBrokenConfig
, BOOL
, "1"),
380 V(ServerDNSAllowNonRFC953Hostnames
, BOOL
,"0"),
381 V(ServerDNSDetectHijacking
, BOOL
, "1"),
382 V(ServerDNSRandomizeCase
, BOOL
, "1"),
383 V(ServerDNSResolvConfFile
, STRING
, NULL
),
384 V(ServerDNSSearchDomains
, BOOL
, "0"),
385 V(ServerDNSTestAddresses
, CSV
,
386 "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
387 V(ShutdownWaitLength
, INTERVAL
, "30 seconds"),
388 V(SocksListenAddress
, LINELIST
, NULL
),
389 V(SocksPolicy
, LINELIST
, NULL
),
390 V(SocksPort
, LINELIST
, NULL
),
391 V(SocksTimeout
, INTERVAL
, "2 minutes"),
392 OBSOLETE("StatusFetchPeriod"),
393 V(StrictNodes
, BOOL
, "0"),
395 V(TestSocks
, BOOL
, "0"),
397 V(TokenBucketRefillInterval
, MSEC_INTERVAL
, "100 msec"),
398 V(TrackHostExits
, CSV
, NULL
),
399 V(TrackHostExitsExpire
, INTERVAL
, "30 minutes"),
400 OBSOLETE("TrafficShaping"),
401 V(TransListenAddress
, LINELIST
, NULL
),
402 V(TransPort
, LINELIST
, NULL
),
403 V(TunnelDirConns
, BOOL
, "1"),
404 V(UpdateBridgesFromAuthority
, BOOL
, "0"),
405 V(UseBridges
, BOOL
, "0"),
406 V(UseEntryGuards
, BOOL
, "1"),
407 V(UseMicrodescriptors
, AUTOBOOL
, "auto"),
408 V(User
, STRING
, NULL
),
409 VAR("V1AuthoritativeDirectory",BOOL
, V1AuthoritativeDir
, "0"),
410 VAR("V2AuthoritativeDirectory",BOOL
, V2AuthoritativeDir
, "0"),
411 VAR("V3AuthoritativeDirectory",BOOL
, V3AuthoritativeDir
, "0"),
412 V(TestingV3AuthInitialVotingInterval
, INTERVAL
, "30 minutes"),
413 V(TestingV3AuthInitialVoteDelay
, INTERVAL
, "5 minutes"),
414 V(TestingV3AuthInitialDistDelay
, INTERVAL
, "5 minutes"),
415 V(V3AuthVotingInterval
, INTERVAL
, "1 hour"),
416 V(V3AuthVoteDelay
, INTERVAL
, "5 minutes"),
417 V(V3AuthDistDelay
, INTERVAL
, "5 minutes"),
418 V(V3AuthNIntervalsValid
, UINT
, "3"),
419 V(V3AuthUseLegacyKey
, BOOL
, "0"),
420 V(V3BandwidthsFile
, FILENAME
, NULL
),
421 VAR("VersioningAuthoritativeDirectory",BOOL
,VersioningAuthoritativeDir
, "0"),
422 V(VirtualAddrNetwork
, STRING
, "127.192.0.0/10"),
423 V(WarnPlaintextPorts
, CSV
, "23,109,110,143"),
424 V(_UseFilteringSSLBufferevents
, BOOL
, "0"),
425 VAR("__ReloadTorrcOnSIGHUP", BOOL
, ReloadTorrcOnSIGHUP
, "1"),
426 VAR("__AllDirActionsPrivate", BOOL
, AllDirActionsPrivate
, "0"),
427 VAR("__DisablePredictedCircuits",BOOL
,DisablePredictedCircuits
, "0"),
428 VAR("__LeaveStreamsUnattached",BOOL
, LeaveStreamsUnattached
, "0"),
429 VAR("__HashedControlSessionPassword", LINELIST
, HashedControlSessionPassword
,
431 VAR("__OwningControllerProcess",STRING
,OwningControllerProcess
, NULL
),
432 V(MinUptimeHidServDirectoryV2
, INTERVAL
, "25 hours"),
433 V(VoteOnHidServDirectoriesV2
, BOOL
, "1"),
434 V(_UsingTestNetworkDefaults
, BOOL
, "0"),
436 { NULL
, CONFIG_TYPE_OBSOLETE
, 0, NULL
}
439 /** Override default values with these if the user sets the TestingTorNetwork
441 static const config_var_t testing_tor_network_defaults
[] = {
442 V(ServerDNSAllowBrokenConfig
, BOOL
, "1"),
443 V(DirAllowPrivateAddresses
, BOOL
, "1"),
444 V(EnforceDistinctSubnets
, BOOL
, "0"),
445 V(AssumeReachable
, BOOL
, "1"),
446 V(AuthDirMaxServersPerAddr
, UINT
, "0"),
447 V(AuthDirMaxServersPerAuthAddr
,UINT
, "0"),
448 V(ClientDNSRejectInternalAddresses
, BOOL
,"0"),
449 V(ClientRejectInternalAddresses
, BOOL
, "0"),
450 V(CountPrivateBandwidth
, BOOL
, "1"),
451 V(ExitPolicyRejectPrivate
, BOOL
, "0"),
452 V(V3AuthVotingInterval
, INTERVAL
, "5 minutes"),
453 V(V3AuthVoteDelay
, INTERVAL
, "20 seconds"),
454 V(V3AuthDistDelay
, INTERVAL
, "20 seconds"),
455 V(TestingV3AuthInitialVotingInterval
, INTERVAL
, "5 minutes"),
456 V(TestingV3AuthInitialVoteDelay
, INTERVAL
, "20 seconds"),
457 V(TestingV3AuthInitialDistDelay
, INTERVAL
, "20 seconds"),
458 V(TestingAuthDirTimeToLearnReachability
, INTERVAL
, "0 minutes"),
459 V(TestingEstimatedDescriptorPropagationTime
, INTERVAL
, "0 minutes"),
460 V(MinUptimeHidServDirectoryV2
, INTERVAL
, "0 minutes"),
461 V(_UsingTestNetworkDefaults
, BOOL
, "1"),
463 { NULL
, CONFIG_TYPE_OBSOLETE
, 0, NULL
}
467 #define VAR(name,conftype,member,initvalue) \
468 { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_state_t, member), \
471 /** Array of "state" variables saved to the ~/.tor/state file. */
472 static config_var_t _state_vars
[] = {
473 V(AccountingBytesReadInInterval
, MEMUNIT
, NULL
),
474 V(AccountingBytesWrittenInInterval
, MEMUNIT
, NULL
),
475 V(AccountingExpectedUsage
, MEMUNIT
, NULL
),
476 V(AccountingIntervalStart
, ISOTIME
, NULL
),
477 V(AccountingSecondsActive
, INTERVAL
, NULL
),
478 V(AccountingSecondsToReachSoftLimit
,INTERVAL
, NULL
),
479 V(AccountingSoftLimitHitAt
, ISOTIME
, NULL
),
480 V(AccountingBytesAtSoftLimit
, MEMUNIT
, NULL
),
482 VAR("EntryGuard", LINELIST_S
, EntryGuards
, NULL
),
483 VAR("EntryGuardDownSince", LINELIST_S
, EntryGuards
, NULL
),
484 VAR("EntryGuardUnlistedSince", LINELIST_S
, EntryGuards
, NULL
),
485 VAR("EntryGuardAddedBy", LINELIST_S
, EntryGuards
, NULL
),
486 V(EntryGuards
, LINELIST_V
, NULL
),
488 VAR("TransportProxy", LINELIST_S
, TransportProxies
, NULL
),
489 V(TransportProxies
, LINELIST_V
, NULL
),
491 V(BWHistoryReadEnds
, ISOTIME
, NULL
),
492 V(BWHistoryReadInterval
, UINT
, "900"),
493 V(BWHistoryReadValues
, CSV
, ""),
494 V(BWHistoryReadMaxima
, CSV
, ""),
495 V(BWHistoryWriteEnds
, ISOTIME
, NULL
),
496 V(BWHistoryWriteInterval
, UINT
, "900"),
497 V(BWHistoryWriteValues
, CSV
, ""),
498 V(BWHistoryWriteMaxima
, CSV
, ""),
499 V(BWHistoryDirReadEnds
, ISOTIME
, NULL
),
500 V(BWHistoryDirReadInterval
, UINT
, "900"),
501 V(BWHistoryDirReadValues
, CSV
, ""),
502 V(BWHistoryDirReadMaxima
, CSV
, ""),
503 V(BWHistoryDirWriteEnds
, ISOTIME
, NULL
),
504 V(BWHistoryDirWriteInterval
, UINT
, "900"),
505 V(BWHistoryDirWriteValues
, CSV
, ""),
506 V(BWHistoryDirWriteMaxima
, CSV
, ""),
508 V(TorVersion
, STRING
, NULL
),
510 V(LastRotatedOnionKey
, ISOTIME
, NULL
),
511 V(LastWritten
, ISOTIME
, NULL
),
513 V(TotalBuildTimes
, UINT
, NULL
),
514 V(CircuitBuildAbandonedCount
, UINT
, "0"),
515 VAR("CircuitBuildTimeBin", LINELIST_S
, BuildtimeHistogram
, NULL
),
516 VAR("BuildtimeHistogram", LINELIST_V
, BuildtimeHistogram
, NULL
),
517 { NULL
, CONFIG_TYPE_OBSOLETE
, 0, NULL
}
524 /** Represents an English description of a configuration variable; used when
525 * generating configuration file comments. */
526 typedef struct config_var_description_t
{
528 const char *description
;
529 } config_var_description_t
;
531 /** Type of a callback to validate whether a given configuration is
532 * well-formed and consistent. See options_trial_assign() for documentation
534 typedef int (*validate_fn_t
)(void*,void*,int,char**);
536 /** Information on the keys, value types, key-to-struct-member mappings,
537 * variable descriptions, validation functions, and abbreviations for a
538 * configuration or storage format. */
540 size_t size
; /**< Size of the struct that everything gets parsed into. */
541 uint32_t magic
; /**< Required 'magic value' to make sure we have a struct
542 * of the right type. */
543 off_t magic_offset
; /**< Offset of the magic value within the struct. */
544 config_abbrev_t
*abbrevs
; /**< List of abbreviations that we expand when
545 * parsing this format. */
546 config_var_t
*vars
; /**< List of variables we recognize, their default
547 * values, and where we stick them in the structure. */
548 validate_fn_t validate_fn
; /**< Function to validate config. */
549 /** If present, extra is a LINELIST variable for unrecognized
550 * lines. Otherwise, unrecognized lines are an error. */
554 /** Macro: assert that <b>cfg</b> has the right magic field for format
556 #define CHECK(fmt, cfg) STMT_BEGIN \
557 tor_assert(fmt && cfg); \
558 tor_assert((fmt)->magic == \
559 *(uint32_t*)STRUCT_VAR_P(cfg,fmt->magic_offset)); \
563 static char *get_windows_conf_root(void);
565 static void config_line_append(config_line_t
**lst
,
566 const char *key
, const char *val
);
567 static void option_clear(const config_format_t
*fmt
, or_options_t
*options
,
568 const config_var_t
*var
);
569 static void option_reset(const config_format_t
*fmt
, or_options_t
*options
,
570 const config_var_t
*var
, int use_defaults
);
571 static void config_free(const config_format_t
*fmt
, void *options
);
572 static int config_lines_eq(config_line_t
*a
, config_line_t
*b
);
573 static int option_is_same(const config_format_t
*fmt
,
574 const or_options_t
*o1
, const or_options_t
*o2
,
576 static or_options_t
*options_dup(const config_format_t
*fmt
,
577 const or_options_t
*old
);
578 static int options_validate(or_options_t
*old_options
,
579 or_options_t
*options
,
580 int from_setconf
, char **msg
);
581 static int options_act_reversible(const or_options_t
*old_options
, char **msg
);
582 static int options_act(const or_options_t
*old_options
);
583 static int options_transition_allowed(const or_options_t
*old
,
584 const or_options_t
*new,
586 static int options_transition_affects_workers(
587 const or_options_t
*old_options
, const or_options_t
*new_options
);
588 static int options_transition_affects_descriptor(
589 const or_options_t
*old_options
, const or_options_t
*new_options
);
590 static int check_nickname_list(const char *lst
, const char *name
, char **msg
);
592 static int parse_bridge_line(const char *line
, int validate_only
);
593 static int parse_client_transport_line(const char *line
, int validate_only
);
595 static int parse_server_transport_line(const char *line
, int validate_only
);
596 static int parse_dir_server_line(const char *line
,
597 dirinfo_type_t required_type
,
599 static void port_cfg_free(port_cfg_t
*port
);
600 static int parse_client_ports(const or_options_t
*options
, int validate_only
,
601 char **msg_out
, int *n_ports_out
);
602 static int validate_data_directory(or_options_t
*options
);
603 static int write_configuration_file(const char *fname
,
604 const or_options_t
*options
);
605 static config_line_t
*get_assigned_option(const config_format_t
*fmt
,
606 const void *options
, const char *key
,
608 static void config_init(const config_format_t
*fmt
, void *options
);
609 static int or_state_validate(or_state_t
*old_options
, or_state_t
*options
,
610 int from_setconf
, char **msg
);
611 static int or_state_load(void);
612 static int options_init_logs(or_options_t
*options
, int validate_only
);
614 static int is_listening_on_low_port(int port_option
,
615 const config_line_t
*listen_options
);
617 static uint64_t config_parse_memunit(const char *s
, int *ok
);
618 static int config_parse_msec_interval(const char *s
, int *ok
);
619 static int config_parse_interval(const char *s
, int *ok
);
620 static void init_libevent(const or_options_t
*options
);
621 static int opt_streq(const char *s1
, const char *s2
);
623 /** Magic value for or_options_t. */
624 #define OR_OPTIONS_MAGIC 9090909
626 /** Configuration format for or_options_t. */
627 static config_format_t options_format
= {
628 sizeof(or_options_t
),
630 STRUCT_OFFSET(or_options_t
, _magic
),
633 (validate_fn_t
)options_validate
,
637 /** Magic value for or_state_t. */
638 #define OR_STATE_MAGIC 0x57A73f57
640 /** "Extra" variable in the state that receives lines we can't parse. This
641 * lets us preserve options from versions of Tor newer than us. */
642 static config_var_t state_extra_var
= {
643 "__extra", CONFIG_TYPE_LINELIST
, STRUCT_OFFSET(or_state_t
, ExtraLines
), NULL
646 /** Configuration format for or_state_t. */
647 static const config_format_t state_format
= {
650 STRUCT_OFFSET(or_state_t
, _magic
),
653 (validate_fn_t
)or_state_validate
,
658 * Functions to read and write the global options pointer.
661 /** Command-line and config-file options. */
662 static or_options_t
*global_options
= NULL
;
663 /** Name of most recently read torrc file. */
664 static char *torrc_fname
= NULL
;
665 /** Persistent serialized state. */
666 static or_state_t
*global_state
= NULL
;
667 /** Configuration Options set by command line. */
668 static config_line_t
*global_cmdline_options
= NULL
;
669 /** Contents of most recently read DirPortFrontPage file. */
670 static char *global_dirfrontpagecontents
= NULL
;
671 /** List of port_cfg_t for client-level (SOCKS, DNS, Trans, NATD) ports. */
672 static smartlist_t
*configured_client_ports
= NULL
;
674 /** Return the contents of our frontpage string, or NULL if not configured. */
676 get_dirportfrontpage(void)
678 return global_dirfrontpagecontents
;
681 /** Allocate an empty configuration object of a given format type. */
683 config_alloc(const config_format_t
*fmt
)
685 void *opts
= tor_malloc_zero(fmt
->size
);
686 *(uint32_t*)STRUCT_VAR_P(opts
, fmt
->magic_offset
) = fmt
->magic
;
691 /** Return the currently configured options. */
693 get_options_mutable(void)
695 tor_assert(global_options
);
696 return global_options
;
699 /** Returns the currently configured options */
703 return get_options_mutable();
706 /** Change the current global options to contain <b>new_val</b> instead of
707 * their current value; take action based on the new value; free the old value
708 * as necessary. Returns 0 on success, -1 on failure.
711 set_options(or_options_t
*new_val
, char **msg
)
714 smartlist_t
*elements
;
716 or_options_t
*old_options
= global_options
;
717 global_options
= new_val
;
718 /* Note that we pass the *old* options below, for comparison. It
719 * pulls the new options directly out of global_options. */
720 if (options_act_reversible(old_options
, msg
)<0) {
722 global_options
= old_options
;
725 if (options_act(old_options
) < 0) { /* acting on the options failed. die. */
727 "Acting on config options left us in a broken state. Dying.");
730 /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
731 * just starting up then the old_options will be undefined. */
733 elements
= smartlist_create();
734 for (i
=0; options_format
.vars
[i
].name
; ++i
) {
735 const config_var_t
*var
= &options_format
.vars
[i
];
736 const char *var_name
= var
->name
;
737 if (var
->type
== CONFIG_TYPE_LINELIST_S
||
738 var
->type
== CONFIG_TYPE_OBSOLETE
) {
741 if (!option_is_same(&options_format
, new_val
, old_options
, var_name
)) {
742 line
= get_assigned_option(&options_format
, new_val
, var_name
, 1);
745 for (; line
; line
= line
->next
) {
746 smartlist_add(elements
, line
->key
);
747 smartlist_add(elements
, line
->value
);
750 smartlist_add(elements
, (char*)options_format
.vars
[i
].name
);
751 smartlist_add(elements
, NULL
);
755 control_event_conf_changed(elements
);
756 smartlist_free(elements
);
758 config_free(&options_format
, old_options
);
763 extern const char tor_git_revision
[]; /* from tor_main.c */
765 /** The version of this Tor process, as parsed. */
766 static char *_version
= NULL
;
768 /** Return the current Tor version. */
772 if (_version
== NULL
) {
773 if (strlen(tor_git_revision
)) {
774 size_t len
= strlen(VERSION
)+strlen(tor_git_revision
)+16;
775 _version
= tor_malloc(len
);
776 tor_snprintf(_version
, len
, "%s (git-%s)", VERSION
, tor_git_revision
);
778 _version
= tor_strdup(VERSION
);
784 /** Release additional memory allocated in options
787 or_options_free(or_options_t
*options
)
792 routerset_free(options
->_ExcludeExitNodesUnion
);
793 if (options
->NodeFamilySets
) {
794 SMARTLIST_FOREACH(options
->NodeFamilySets
, routerset_t
*,
795 rs
, routerset_free(rs
));
796 smartlist_free(options
->NodeFamilySets
);
798 config_free(&options_format
, options
);
801 /** Release all memory and resources held by global configuration structures.
804 config_free_all(void)
806 or_options_free(global_options
);
807 global_options
= NULL
;
809 config_free(&state_format
, global_state
);
812 config_free_lines(global_cmdline_options
);
813 global_cmdline_options
= NULL
;
815 if (configured_client_ports
) {
816 SMARTLIST_FOREACH(configured_client_ports
,
817 port_cfg_t
*, p
, tor_free(p
));
818 smartlist_free(configured_client_ports
);
819 configured_client_ports
= NULL
;
822 tor_free(torrc_fname
);
824 tor_free(global_dirfrontpagecontents
);
827 /** Make <b>address</b> -- a piece of information related to our operation as
828 * a client -- safe to log according to the settings in options->SafeLogging,
831 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
834 safe_str_client(const char *address
)
837 if (get_options()->_SafeLogging
== SAFELOG_SCRUB_ALL
)
843 /** Make <b>address</b> -- a piece of information of unspecified sensitivity
844 * -- safe to log according to the settings in options->SafeLogging, and
847 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
851 safe_str(const char *address
)
854 if (get_options()->_SafeLogging
!= SAFELOG_SCRUB_NONE
)
860 /** Equivalent to escaped(safe_str_client(address)). See reentrancy note on
861 * escaped(): don't use this outside the main thread, or twice in the same
864 escaped_safe_str_client(const char *address
)
866 if (get_options()->_SafeLogging
== SAFELOG_SCRUB_ALL
)
869 return escaped(address
);
872 /** Equivalent to escaped(safe_str(address)). See reentrancy note on
873 * escaped(): don't use this outside the main thread, or twice in the same
876 escaped_safe_str(const char *address
)
878 if (get_options()->_SafeLogging
!= SAFELOG_SCRUB_NONE
)
881 return escaped(address
);
884 /** Add the default directory authorities directly into the trusted dir list,
885 * but only add them insofar as they share bits with <b>type</b>. */
887 add_default_trusted_dir_authorities(dirinfo_type_t type
)
890 const char *dirservers
[] = {
891 "moria1 orport=9101 no-v2 "
892 "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
893 "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
894 "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
895 "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
896 "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
897 "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
898 "Tonga orport=443 bridge no-v2 82.94.251.203:80 "
899 "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
900 "ides orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
901 "216.224.124.114:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
902 "gabelmoo orport=443 no-v2 "
903 "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
904 "212.112.245.170:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
905 "dannenberg orport=443 no-v2 "
906 "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
907 "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
908 "urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
909 "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
910 "maatuska orport=80 no-v2 "
911 "v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
912 "213.115.239.118:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
915 for (i
=0; dirservers
[i
]; i
++) {
916 if (parse_dir_server_line(dirservers
[i
], type
, 0)<0) {
917 log_err(LD_BUG
, "Couldn't parse internal dirserver line %s",
923 /** Look at all the config options for using alternate directory
924 * authorities, and make sure none of them are broken. Also, warn the
925 * user if we changed any dangerous ones.
928 validate_dir_authorities(or_options_t
*options
, or_options_t
*old_options
)
932 if (options
->DirServers
&&
933 (options
->AlternateDirAuthority
|| options
->AlternateBridgeAuthority
||
934 options
->AlternateHSAuthority
)) {
936 "You cannot set both DirServers and Alternate*Authority.");
940 /* do we want to complain to the user about being partitionable? */
941 if ((options
->DirServers
&&
943 !config_lines_eq(options
->DirServers
, old_options
->DirServers
))) ||
944 (options
->AlternateDirAuthority
&&
946 !config_lines_eq(options
->AlternateDirAuthority
,
947 old_options
->AlternateDirAuthority
)))) {
949 "You have used DirServer or AlternateDirAuthority to "
950 "specify alternate directory authorities in "
951 "your configuration. This is potentially dangerous: it can "
952 "make you look different from all other Tor users, and hurt "
953 "your anonymity. Even if you've specified the same "
954 "authorities as Tor uses by default, the defaults could "
955 "change in the future. Be sure you know what you're doing.");
958 /* Now go through the four ways you can configure an alternate
959 * set of directory authorities, and make sure none are broken. */
960 for (cl
= options
->DirServers
; cl
; cl
= cl
->next
)
961 if (parse_dir_server_line(cl
->value
, NO_DIRINFO
, 1)<0)
963 for (cl
= options
->AlternateBridgeAuthority
; cl
; cl
= cl
->next
)
964 if (parse_dir_server_line(cl
->value
, NO_DIRINFO
, 1)<0)
966 for (cl
= options
->AlternateDirAuthority
; cl
; cl
= cl
->next
)
967 if (parse_dir_server_line(cl
->value
, NO_DIRINFO
, 1)<0)
969 for (cl
= options
->AlternateHSAuthority
; cl
; cl
= cl
->next
)
970 if (parse_dir_server_line(cl
->value
, NO_DIRINFO
, 1)<0)
975 /** Look at all the config options and assign new dir authorities
979 consider_adding_dir_authorities(const or_options_t
*options
,
980 const or_options_t
*old_options
)
984 !smartlist_len(router_get_trusted_dir_servers()) || !old_options
||
985 !config_lines_eq(options
->DirServers
, old_options
->DirServers
) ||
986 !config_lines_eq(options
->AlternateBridgeAuthority
,
987 old_options
->AlternateBridgeAuthority
) ||
988 !config_lines_eq(options
->AlternateDirAuthority
,
989 old_options
->AlternateDirAuthority
) ||
990 !config_lines_eq(options
->AlternateHSAuthority
,
991 old_options
->AlternateHSAuthority
);
994 return 0; /* all done */
996 /* Start from a clean slate. */
997 clear_trusted_dir_servers();
999 if (!options
->DirServers
) {
1000 /* then we may want some of the defaults */
1001 dirinfo_type_t type
= NO_DIRINFO
;
1002 if (!options
->AlternateBridgeAuthority
)
1003 type
|= BRIDGE_DIRINFO
;
1004 if (!options
->AlternateDirAuthority
)
1005 type
|= V1_DIRINFO
| V2_DIRINFO
| V3_DIRINFO
| EXTRAINFO_DIRINFO
|
1007 if (!options
->AlternateHSAuthority
)
1008 type
|= HIDSERV_DIRINFO
;
1009 add_default_trusted_dir_authorities(type
);
1012 for (cl
= options
->DirServers
; cl
; cl
= cl
->next
)
1013 if (parse_dir_server_line(cl
->value
, NO_DIRINFO
, 0)<0)
1015 for (cl
= options
->AlternateBridgeAuthority
; cl
; cl
= cl
->next
)
1016 if (parse_dir_server_line(cl
->value
, NO_DIRINFO
, 0)<0)
1018 for (cl
= options
->AlternateDirAuthority
; cl
; cl
= cl
->next
)
1019 if (parse_dir_server_line(cl
->value
, NO_DIRINFO
, 0)<0)
1021 for (cl
= options
->AlternateHSAuthority
; cl
; cl
= cl
->next
)
1022 if (parse_dir_server_line(cl
->value
, NO_DIRINFO
, 0)<0)
1027 /** Fetch the active option list, and take actions based on it. All of the
1028 * things we do should survive being done repeatedly. If present,
1029 * <b>old_options</b> contains the previous value of the options.
1031 * Return 0 if all goes well, return -1 if things went badly.
1034 options_act_reversible(const or_options_t
*old_options
, char **msg
)
1036 smartlist_t
*new_listeners
= smartlist_create();
1037 smartlist_t
*replaced_listeners
= smartlist_create();
1038 static int libevent_initialized
= 0;
1039 or_options_t
*options
= get_options_mutable();
1040 int running_tor
= options
->command
== CMD_RUN_TOR
;
1041 int set_conn_limit
= 0;
1043 int logs_marked
= 0;
1045 /* Daemonize _first_, since we only want to open most of this stuff in
1046 * the subprocess. Libevent bases can't be reliably inherited across
1048 if (running_tor
&& options
->RunAsDaemon
) {
1049 /* No need to roll back, since you can't change the value. */
1053 #ifndef HAVE_SYS_UN_H
1054 if (options
->ControlSocket
|| options
->ControlSocketsGroupWritable
) {
1055 *msg
= tor_strdup("Unix domain sockets (ControlSocket) not supported "
1056 "on this OS/with this build.");
1060 if (options
->ControlSocketsGroupWritable
&& !options
->ControlSocket
) {
1061 *msg
= tor_strdup("Setting ControlSocketGroupWritable without setting"
1062 "a ControlSocket makes no sense.");
1068 int n_client_ports
=0;
1069 /* We need to set the connection limit before we can open the listeners. */
1070 if (set_max_file_descriptors((unsigned)options
->ConnLimit
,
1071 &options
->_ConnLimit
) < 0) {
1072 *msg
= tor_strdup("Problem with ConnLimit value. See logs for details.");
1077 /* Set up libevent. (We need to do this before we can register the
1078 * listeners as listeners.) */
1079 if (running_tor
&& !libevent_initialized
) {
1080 init_libevent(options
);
1081 libevent_initialized
= 1;
1084 /* Adjust the client port configuration so we can launch listeners. */
1085 if (parse_client_ports(options
, 0, msg
, &n_client_ports
)) {
1087 *msg
= tor_strdup("Unexpected problem parsing client port config");
1091 /* Set the hibernation state appropriately.*/
1092 consider_hibernation(time(NULL
));
1094 /* Launch the listeners. (We do this before we setuid, so we can bind to
1095 * ports under 1024.) We don't want to rebind if we're hibernating. */
1096 if (!we_are_hibernating()) {
1097 if (retry_all_listeners(replaced_listeners
, new_listeners
) < 0) {
1098 *msg
= tor_strdup("Failed to bind one of the listener ports.");
1104 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
1105 /* Open /dev/pf before dropping privileges. */
1106 if (options
->TransPort
) {
1107 if (get_pf_socket() < 0) {
1108 *msg
= tor_strdup("Unable to open /dev/pf for transparent proxy.");
1114 /* Attempt to lock all current and future memory with mlockall() only once */
1115 if (options
->DisableAllSwap
) {
1116 if (tor_mlockall() == -1) {
1117 *msg
= tor_strdup("DisableAllSwap failure. Do you have proper "
1123 /* Setuid/setgid as appropriate */
1124 if (options
->User
) {
1125 if (switch_id(options
->User
) != 0) {
1126 /* No need to roll back, since you can't change the value. */
1127 *msg
= tor_strdup("Problem with User value. See logs for details.");
1132 /* Ensure data directory is private; create if possible. */
1133 if (check_private_dir(options
->DataDirectory
,
1134 running_tor
? CPD_CREATE
: CPD_CHECK
,
1137 "Couldn't access/create private data directory \"%s\"",
1138 options
->DataDirectory
);
1140 /* No need to roll back, since you can't change the value. */
1143 /* Write control ports to disk as appropriate */
1144 control_ports_write_to_file();
1146 if (directory_caches_v2_dir_info(options
)) {
1147 size_t len
= strlen(options
->DataDirectory
)+32;
1148 char *fn
= tor_malloc(len
);
1149 tor_snprintf(fn
, len
, "%s"PATH_SEPARATOR
"cached-status",
1150 options
->DataDirectory
);
1151 if (check_private_dir(fn
, running_tor
? CPD_CREATE
: CPD_CHECK
,
1152 options
->User
) < 0) {
1154 "Couldn't access/create private data directory \"%s\"", fn
);
1161 /* Bail out at this point if we're not going to be a client or server:
1162 * we don't run Tor itself. */
1166 mark_logs_temp(); /* Close current logs once new logs are open. */
1168 if (options_init_logs(options
, 0)<0) { /* Configure the log(s) */
1169 *msg
= tor_strdup("Failed to init Log options. See logs for details.");
1176 log_severity_list_t
*severity
=
1177 tor_malloc_zero(sizeof(log_severity_list_t
));
1179 add_callback_log(severity
, control_event_logmsg
);
1180 control_adjust_event_log_severity();
1183 SMARTLIST_FOREACH(replaced_listeners
, connection_t
*, conn
,
1185 log_notice(LD_NET
, "Closing old %s on %s:%d",
1186 conn_type_to_string(conn
->type
), conn
->address
, conn
->port
);
1187 connection_close_immediate(conn
);
1188 connection_mark_for_close(conn
);
1197 rollback_log_changes();
1198 control_adjust_event_log_severity();
1201 if (set_conn_limit
&& old_options
)
1202 set_max_file_descriptors((unsigned)old_options
->ConnLimit
,
1203 &options
->_ConnLimit
);
1205 SMARTLIST_FOREACH(new_listeners
, connection_t
*, conn
,
1207 log_notice(LD_NET
, "Closing partially-constructed listener %s on %s:%d",
1208 conn_type_to_string(conn
->type
), conn
->address
, conn
->port
);
1209 connection_close_immediate(conn
);
1210 connection_mark_for_close(conn
);
1214 smartlist_free(new_listeners
);
1215 smartlist_free(replaced_listeners
);
1219 /** If we need to have a GEOIP ip-to-country map to run with our configured
1220 * options, return 1 and set *<b>reason_out</b> to a description of why. */
1222 options_need_geoip_info(const or_options_t
*options
, const char **reason_out
)
1225 options
->BridgeRelay
&& options
->BridgeRecordUsageByCountry
;
1226 int routerset_usage
=
1227 routerset_needs_geoip(options
->EntryNodes
) ||
1228 routerset_needs_geoip(options
->ExitNodes
) ||
1229 routerset_needs_geoip(options
->ExcludeExitNodes
) ||
1230 routerset_needs_geoip(options
->ExcludeNodes
);
1232 if (routerset_usage
&& reason_out
) {
1233 *reason_out
= "We've been configured to use (or avoid) nodes in certain "
1234 "countries, and we need GEOIP information to figure out which ones they "
1236 } else if (bridge_usage
&& reason_out
) {
1237 *reason_out
= "We've been configured to see which countries can access "
1238 "us as a bridge, and we need GEOIP information to tell which countries "
1241 return bridge_usage
|| routerset_usage
;
1244 /** Return the bandwidthrate that we are going to report to the authorities
1245 * based on the config options. */
1247 get_effective_bwrate(const or_options_t
*options
)
1249 uint64_t bw
= options
->BandwidthRate
;
1250 if (bw
> options
->MaxAdvertisedBandwidth
)
1251 bw
= options
->MaxAdvertisedBandwidth
;
1252 if (options
->RelayBandwidthRate
> 0 && bw
> options
->RelayBandwidthRate
)
1253 bw
= options
->RelayBandwidthRate
;
1254 /* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
1255 return (uint32_t)bw
;
1258 /** Return the bandwidthburst that we are going to report to the authorities
1259 * based on the config options. */
1261 get_effective_bwburst(const or_options_t
*options
)
1263 uint64_t bw
= options
->BandwidthBurst
;
1264 if (options
->RelayBandwidthBurst
> 0 && bw
> options
->RelayBandwidthBurst
)
1265 bw
= options
->RelayBandwidthBurst
;
1266 /* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
1267 return (uint32_t)bw
;
1270 /** Fetch the active option list, and take actions based on it. All of the
1271 * things we do should survive being done repeatedly. If present,
1272 * <b>old_options</b> contains the previous value of the options.
1274 * Return 0 if all goes well, return -1 if it's time to die.
1276 * Note: We haven't moved all the "act on new configuration" logic
1277 * here yet. Some is still in do_hup() and other places.
1280 options_act(const or_options_t
*old_options
)
1283 or_options_t
*options
= get_options_mutable();
1284 int running_tor
= options
->command
== CMD_RUN_TOR
;
1286 const int transition_affects_workers
=
1287 old_options
&& options_transition_affects_workers(old_options
, options
);
1289 if (running_tor
&& !have_lockfile()) {
1290 if (try_locking(options
, 1) < 0)
1294 if (consider_adding_dir_authorities(options
, old_options
) < 0)
1297 if (options
->Bridges
) {
1299 for (cl
= options
->Bridges
; cl
; cl
= cl
->next
) {
1300 if (parse_bridge_line(cl
->value
, 0)<0) {
1302 "Previously validated Bridge line could not be added!");
1306 sweep_bridge_list();
1309 if (running_tor
&& rend_config_services(options
, 0)<0) {
1311 "Previously validated hidden services line could not be added!");
1315 if (running_tor
&& rend_parse_service_authorization(options
, 0) < 0) {
1316 log_warn(LD_BUG
, "Previously validated client authorization for "
1317 "hidden services could not be added!");
1322 if (! global_state
&& running_tor
) {
1323 if (or_state_load())
1325 rep_hist_load_mtbf_data(time(NULL
));
1328 mark_transport_list();
1329 pt_prepare_proxy_list_for_config_read();
1330 if (options
->ClientTransportPlugin
) {
1331 for (cl
= options
->ClientTransportPlugin
; cl
; cl
= cl
->next
) {
1332 if (parse_client_transport_line(cl
->value
, 0)<0) {
1334 "Previously validated ClientTransportPlugin line "
1335 "could not be added!");
1341 if (options
->ServerTransportPlugin
) {
1342 for (cl
= options
->ServerTransportPlugin
; cl
; cl
= cl
->next
) {
1343 if (parse_server_transport_line(cl
->value
, 0)<0) {
1345 "Previously validated ServerTransportPlugin line "
1346 "could not be added!");
1351 sweep_transport_list();
1354 /* Bail out at this point if we're not going to be a client or server:
1355 * we want to not fork, and to log stuff to stderr. */
1359 /* Finish backgrounding the process */
1360 if (options
->RunAsDaemon
) {
1361 /* We may be calling this for the n'th time (on SIGHUP), but it's safe. */
1362 finish_daemon(options
->DataDirectory
);
1365 /* We want to reinit keys as needed before we do much of anything else:
1366 keys are important, and other things can depend on them. */
1367 if (transition_affects_workers
||
1368 (options
->V3AuthoritativeDir
&& (!old_options
||
1369 !old_options
->V3AuthoritativeDir
))) {
1370 if (init_keys() < 0) {
1371 log_warn(LD_BUG
,"Error initializing keys; exiting");
1376 /* Write our PID to the PID file. If we do not have write permissions we
1377 * will log a warning */
1378 if (options
->PidFile
)
1379 write_pidfile(options
->PidFile
);
1381 /* Register addressmap directives */
1382 config_register_addressmaps(options
);
1383 parse_virtual_addr_network(options
->VirtualAddrNetwork
, 0, &msg
);
1385 /* Update address policies. */
1386 if (policies_parse_from_options(options
) < 0) {
1387 /* This should be impossible, but let's be sure. */
1388 log_warn(LD_BUG
,"Error parsing already-validated policy options.");
1392 if (init_cookie_authentication(options
->CookieAuthentication
) < 0) {
1393 log_warn(LD_CONFIG
,"Error creating cookie authentication file.");
1397 monitor_owning_controller_process(options
->OwningControllerProcess
);
1399 /* reload keys as needed for rendezvous services. */
1400 if (rend_service_load_keys()<0) {
1401 log_warn(LD_GENERAL
,"Error loading rendezvous service keys");
1405 /* Set up accounting */
1406 if (accounting_parse_options(options
, 0)<0) {
1407 log_warn(LD_CONFIG
,"Error in accounting options");
1410 if (accounting_is_enabled(options
))
1411 configure_accounting(time(NULL
));
1413 #ifdef USE_BUFFEREVENTS
1414 /* If we're using the bufferevents implementation and our rate limits
1415 * changed, we need to tell the rate-limiting system about it. */
1417 old_options
->BandwidthRate
!= options
->BandwidthRate
||
1418 old_options
->BandwidthBurst
!= options
->BandwidthBurst
||
1419 old_options
->RelayBandwidthRate
!= options
->RelayBandwidthRate
||
1420 old_options
->RelayBandwidthBurst
!= options
->RelayBandwidthBurst
)
1421 connection_bucket_init();
1424 /* Change the cell EWMA settings */
1425 cell_ewma_set_scale_factor(options
, networkstatus_get_latest_consensus());
1427 /* Check for transitions that need action. */
1429 int revise_trackexithosts
= 0;
1430 int revise_automap_entries
= 0;
1431 if ((options
->UseEntryGuards
&& !old_options
->UseEntryGuards
) ||
1432 options
->UseBridges
!= old_options
->UseBridges
||
1433 (options
->UseBridges
&&
1434 !config_lines_eq(options
->Bridges
, old_options
->Bridges
)) ||
1435 !routerset_equal(old_options
->ExcludeNodes
,options
->ExcludeNodes
) ||
1436 !routerset_equal(old_options
->ExcludeExitNodes
,
1437 options
->ExcludeExitNodes
) ||
1438 !routerset_equal(old_options
->EntryNodes
, options
->EntryNodes
) ||
1439 !routerset_equal(old_options
->ExitNodes
, options
->ExitNodes
) ||
1440 options
->StrictNodes
!= old_options
->StrictNodes
) {
1442 "Changed to using entry guards or bridges, or changed "
1443 "preferred or excluded node lists. "
1444 "Abandoning previous circuits.");
1445 circuit_mark_all_unused_circs();
1446 circuit_expire_all_dirty_circs();
1447 revise_trackexithosts
= 1;
1450 if (!smartlist_strings_eq(old_options
->TrackHostExits
,
1451 options
->TrackHostExits
))
1452 revise_trackexithosts
= 1;
1454 if (revise_trackexithosts
)
1455 addressmap_clear_excluded_trackexithosts(options
);
1457 if (!options
->AutomapHostsOnResolve
) {
1458 if (old_options
->AutomapHostsOnResolve
)
1459 revise_automap_entries
= 1;
1461 if (!smartlist_strings_eq(old_options
->AutomapHostsSuffixes
,
1462 options
->AutomapHostsSuffixes
))
1463 revise_automap_entries
= 1;
1464 else if (!opt_streq(old_options
->VirtualAddrNetwork
,
1465 options
->VirtualAddrNetwork
))
1466 revise_automap_entries
= 1;
1469 if (revise_automap_entries
)
1470 addressmap_clear_invalid_automaps(options
);
1472 /* How long should we delay counting bridge stats after becoming a bridge?
1473 * We use this so we don't count people who used our bridge thinking it is
1474 * a relay. If you change this, don't forget to change the log message
1475 * below. It's 4 hours (the time it takes to stop being used by clients)
1476 * plus some extra time for clock skew. */
1477 #define RELAY_BRIDGE_STATS_DELAY (6 * 60 * 60)
1479 if (! bool_eq(options
->BridgeRelay
, old_options
->BridgeRelay
)) {
1481 if (options
->BridgeRelay
) {
1482 time_t int_start
= time(NULL
);
1483 if (old_options
->ORPort
== options
->ORPort
) {
1484 int_start
+= RELAY_BRIDGE_STATS_DELAY
;
1487 geoip_bridge_stats_init(int_start
);
1488 log_info(LD_CONFIG
, "We are acting as a bridge now. Starting new "
1489 "GeoIP stats interval%s.", was_relay
? " in 6 "
1490 "hours from now" : "");
1492 geoip_bridge_stats_term();
1493 log_info(LD_GENERAL
, "We are no longer acting as a bridge. "
1494 "Forgetting GeoIP stats.");
1498 if (transition_affects_workers
) {
1499 log_info(LD_GENERAL
,
1500 "Worker-related options changed. Rotating workers.");
1502 if (server_mode(options
) && !server_mode(old_options
)) {
1503 ip_address_changed(0);
1504 if (can_complete_circuit
|| !any_predicted_circuits(time(NULL
)))
1505 inform_testing_reachability();
1507 cpuworkers_rotate();
1515 if (options
->PerConnBWRate
!= old_options
->PerConnBWRate
||
1516 options
->PerConnBWBurst
!= old_options
->PerConnBWBurst
)
1517 connection_or_update_token_buckets(get_connection_array(), options
);
1520 /* Maybe load geoip file */
1521 if (options
->GeoIPFile
&&
1522 ((!old_options
|| !opt_streq(old_options
->GeoIPFile
, options
->GeoIPFile
))
1523 || !geoip_is_loaded())) {
1524 /* XXXX Don't use this "<default>" junk; make our filename options
1525 * understand prefixes somehow. -NM */
1526 /* XXXX023 Reload GeoIPFile on SIGHUP. -NM */
1527 char *actual_fname
= tor_strdup(options
->GeoIPFile
);
1529 if (!strcmp(actual_fname
, "<default>")) {
1530 const char *conf_root
= get_windows_conf_root();
1531 size_t len
= strlen(conf_root
)+16;
1532 tor_free(actual_fname
);
1533 actual_fname
= tor_malloc(len
+1);
1534 tor_snprintf(actual_fname
, len
, "%s\\geoip", conf_root
);
1537 geoip_load_file(actual_fname
, options
);
1538 tor_free(actual_fname
);
1541 if (options
->CellStatistics
|| options
->DirReqStatistics
||
1542 options
->EntryStatistics
|| options
->ExitPortStatistics
||
1543 options
->ConnDirectionStatistics
||
1544 options
->BridgeAuthoritativeDir
) {
1545 time_t now
= time(NULL
);
1546 int print_notice
= 0;
1548 /* If we aren't acting as a server, we can't collect stats anyway. */
1549 if (!server_mode(options
)) {
1550 options
->CellStatistics
= 0;
1551 options
->DirReqStatistics
= 0;
1552 options
->EntryStatistics
= 0;
1553 options
->ExitPortStatistics
= 0;
1556 if ((!old_options
|| !old_options
->CellStatistics
) &&
1557 options
->CellStatistics
) {
1558 rep_hist_buffer_stats_init(now
);
1561 if ((!old_options
|| !old_options
->DirReqStatistics
) &&
1562 options
->DirReqStatistics
) {
1563 if (geoip_is_loaded()) {
1564 geoip_dirreq_stats_init(now
);
1567 options
->DirReqStatistics
= 0;
1568 /* Don't warn Tor clients, they don't use statistics */
1569 if (options
->ORPort
)
1570 log_notice(LD_CONFIG
, "Configured to measure directory request "
1571 "statistics, but no GeoIP database found. "
1572 "Please specify a GeoIP database using the "
1573 "GeoIPFile option.");
1576 if ((!old_options
|| !old_options
->EntryStatistics
) &&
1577 options
->EntryStatistics
&& !should_record_bridge_info(options
)) {
1578 if (geoip_is_loaded()) {
1579 geoip_entry_stats_init(now
);
1582 options
->EntryStatistics
= 0;
1583 log_notice(LD_CONFIG
, "Configured to measure entry node "
1584 "statistics, but no GeoIP database found. "
1585 "Please specify a GeoIP database using the "
1586 "GeoIPFile option.");
1589 if ((!old_options
|| !old_options
->ExitPortStatistics
) &&
1590 options
->ExitPortStatistics
) {
1591 rep_hist_exit_stats_init(now
);
1594 if ((!old_options
|| !old_options
->ConnDirectionStatistics
) &&
1595 options
->ConnDirectionStatistics
) {
1596 rep_hist_conn_stats_init(now
);
1598 if ((!old_options
|| !old_options
->BridgeAuthoritativeDir
) &&
1599 options
->BridgeAuthoritativeDir
) {
1600 rep_hist_desc_stats_init(now
);
1604 log_notice(LD_CONFIG
, "Configured to measure statistics. Look for "
1605 "the *-stats files that will first be written to the "
1606 "data directory in 24 hours from now.");
1609 if (old_options
&& old_options
->CellStatistics
&&
1610 !options
->CellStatistics
)
1611 rep_hist_buffer_stats_term();
1612 if (old_options
&& old_options
->DirReqStatistics
&&
1613 !options
->DirReqStatistics
)
1614 geoip_dirreq_stats_term();
1615 if (old_options
&& old_options
->EntryStatistics
&&
1616 !options
->EntryStatistics
)
1617 geoip_entry_stats_term();
1618 if (old_options
&& old_options
->ExitPortStatistics
&&
1619 !options
->ExitPortStatistics
)
1620 rep_hist_exit_stats_term();
1621 if (old_options
&& old_options
->ConnDirectionStatistics
&&
1622 !options
->ConnDirectionStatistics
)
1623 rep_hist_conn_stats_term();
1624 if (old_options
&& old_options
->BridgeAuthoritativeDir
&&
1625 !options
->BridgeAuthoritativeDir
)
1626 rep_hist_desc_stats_term();
1628 /* Check if we need to parse and add the EntryNodes config option. */
1629 if (options
->EntryNodes
&&
1631 !routerset_equal(old_options
->EntryNodes
,options
->EntryNodes
) ||
1632 !routerset_equal(old_options
->ExcludeNodes
,options
->ExcludeNodes
)))
1633 entry_nodes_should_be_added();
1635 /* Since our options changed, we might need to regenerate and upload our
1636 * server descriptor.
1639 options_transition_affects_descriptor(old_options
, options
))
1640 mark_my_descriptor_dirty("config change");
1642 /* We may need to reschedule some directory stuff if our status changed. */
1644 if (authdir_mode_v3(options
) && !authdir_mode_v3(old_options
))
1645 dirvote_recalculate_timing(options
, time(NULL
));
1646 if (!bool_eq(directory_fetches_dir_info_early(options
),
1647 directory_fetches_dir_info_early(old_options
)) ||
1648 !bool_eq(directory_fetches_dir_info_later(options
),
1649 directory_fetches_dir_info_later(old_options
))) {
1650 /* Make sure update_router_have_min_dir_info gets called. */
1651 router_dir_info_changed();
1652 /* We might need to download a new consensus status later or sooner than
1653 * we had expected. */
1654 update_consensus_networkstatus_fetch_time(time(NULL
));
1658 /* Load the webpage we're going to serve every time someone asks for '/' on
1660 tor_free(global_dirfrontpagecontents
);
1661 if (options
->DirPortFrontPage
) {
1662 global_dirfrontpagecontents
=
1663 read_file_to_str(options
->DirPortFrontPage
, 0, NULL
);
1664 if (!global_dirfrontpagecontents
) {
1666 "DirPortFrontPage file '%s' not found. Continuing anyway.",
1667 options
->DirPortFrontPage
);
1675 * Functions to parse config options
1678 /** If <b>option</b> is an official abbreviation for a longer option,
1679 * return the longer option. Otherwise return <b>option</b>.
1680 * If <b>command_line</b> is set, apply all abbreviations. Otherwise, only
1681 * apply abbreviations that work for the config file and the command line.
1682 * If <b>warn_obsolete</b> is set, warn about deprecated names. */
1684 expand_abbrev(const config_format_t
*fmt
, const char *option
, int command_line
,
1690 for (i
=0; fmt
->abbrevs
[i
].abbreviated
; ++i
) {
1691 /* Abbreviations are case insensitive. */
1692 if (!strcasecmp(option
,fmt
->abbrevs
[i
].abbreviated
) &&
1693 (command_line
|| !fmt
->abbrevs
[i
].commandline_only
)) {
1694 if (warn_obsolete
&& fmt
->abbrevs
[i
].warn
) {
1696 "The configuration option '%s' is deprecated; "
1697 "use '%s' instead.",
1698 fmt
->abbrevs
[i
].abbreviated
,
1699 fmt
->abbrevs
[i
].full
);
1701 /* Keep going through the list in case we want to rewrite it more.
1702 * (We could imagine recursing here, but I don't want to get the
1703 * user into an infinite loop if we craft our list wrong.) */
1704 option
= fmt
->abbrevs
[i
].full
;
1710 /** Helper: Read a list of configuration options from the command line.
1711 * If successful, put them in *<b>result</b> and return 0, and return
1712 * -1 and leave *<b>result</b> alone. */
1714 config_get_commandlines(int argc
, char **argv
, config_line_t
**result
)
1716 config_line_t
*front
= NULL
;
1717 config_line_t
**new = &front
;
1722 if (!strcmp(argv
[i
],"-f") ||
1723 !strcmp(argv
[i
],"--hash-password")) {
1724 i
+= 2; /* command-line option with argument. ignore them. */
1726 } else if (!strcmp(argv
[i
],"--list-fingerprint") ||
1727 !strcmp(argv
[i
],"--verify-config") ||
1728 !strcmp(argv
[i
],"--ignore-missing-torrc") ||
1729 !strcmp(argv
[i
],"--quiet") ||
1730 !strcmp(argv
[i
],"--hush")) {
1731 i
+= 1; /* command-line option. ignore it. */
1733 } else if (!strcmp(argv
[i
],"--nt-service") ||
1734 !strcmp(argv
[i
],"-nt-service")) {
1740 log_warn(LD_CONFIG
,"Command-line option '%s' with no value. Failing.",
1742 config_free_lines(front
);
1746 *new = tor_malloc_zero(sizeof(config_line_t
));
1749 /* Each keyword may be prefixed with one or two dashes. */
1755 (*new)->key
= tor_strdup(expand_abbrev(&options_format
, s
, 1, 1));
1756 (*new)->value
= tor_strdup(argv
[i
+1]);
1757 (*new)->next
= NULL
;
1758 log(LOG_DEBUG
, LD_CONFIG
, "command line: parsed keyword '%s', value '%s'",
1759 (*new)->key
, (*new)->value
);
1761 new = &((*new)->next
);
1768 /** Helper: allocate a new configuration option mapping 'key' to 'val',
1769 * append it to *<b>lst</b>. */
1771 config_line_append(config_line_t
**lst
,
1775 config_line_t
*newline
;
1777 newline
= tor_malloc(sizeof(config_line_t
));
1778 newline
->key
= tor_strdup(key
);
1779 newline
->value
= tor_strdup(val
);
1780 newline
->next
= NULL
;
1782 lst
= &((*lst
)->next
);
1787 /** Helper: parse the config string and strdup into key/value
1788 * strings. Set *result to the list, or NULL if parsing the string
1789 * failed. Return 0 on success, -1 on failure. Warn and ignore any
1790 * misformatted lines. */
1792 config_get_lines(const char *string
, config_line_t
**result
)
1794 config_line_t
*list
= NULL
, **next
;
1800 string
= parse_config_line_from_str(string
, &k
, &v
);
1802 config_free_lines(list
);
1808 /* This list can get long, so we keep a pointer to the end of it
1809 * rather than using config_line_append over and over and getting
1810 * n^2 performance. */
1811 *next
= tor_malloc(sizeof(config_line_t
));
1814 (*next
)->next
= NULL
;
1815 next
= &((*next
)->next
);
1827 * Free all the configuration lines on the linked list <b>front</b>.
1830 config_free_lines(config_line_t
*front
)
1839 tor_free(tmp
->value
);
1844 /** As config_find_option, but return a non-const pointer. */
1845 static config_var_t
*
1846 config_find_option_mutable(config_format_t
*fmt
, const char *key
)
1849 size_t keylen
= strlen(key
);
1851 return NULL
; /* if they say "--" on the command line, it's not an option */
1852 /* First, check for an exact (case-insensitive) match */
1853 for (i
=0; fmt
->vars
[i
].name
; ++i
) {
1854 if (!strcasecmp(key
, fmt
->vars
[i
].name
)) {
1855 return &fmt
->vars
[i
];
1858 /* If none, check for an abbreviated match */
1859 for (i
=0; fmt
->vars
[i
].name
; ++i
) {
1860 if (!strncasecmp(key
, fmt
->vars
[i
].name
, keylen
)) {
1861 log_warn(LD_CONFIG
, "The abbreviation '%s' is deprecated. "
1862 "Please use '%s' instead",
1863 key
, fmt
->vars
[i
].name
);
1864 return &fmt
->vars
[i
];
1867 /* Okay, unrecognized option */
1871 /** If <b>key</b> is a configuration option, return the corresponding const
1872 * config_var_t. Otherwise, if <b>key</b> is a non-standard abbreviation,
1873 * warn, and return the corresponding const config_var_t. Otherwise return
1876 static const config_var_t
*
1877 config_find_option(const config_format_t
*fmt
, const char *key
)
1879 return config_find_option_mutable((config_format_t
*)fmt
, key
);
1882 /** Return the number of option entries in <b>fmt</b>. */
1884 config_count_options(const config_format_t
*fmt
)
1887 for (i
=0; fmt
->vars
[i
].name
; ++i
)
1893 * Functions to assign config options.
1896 /** <b>c</b>-\>key is known to be a real key. Update <b>options</b>
1897 * with <b>c</b>-\>value and return 0, or return -1 if bad value.
1899 * Called from config_assign_line() and option_reset().
1902 config_assign_value(const config_format_t
*fmt
, or_options_t
*options
,
1903 config_line_t
*c
, char **msg
)
1906 const config_var_t
*var
;
1909 CHECK(fmt
, options
);
1911 var
= config_find_option(fmt
, c
->key
);
1914 lvalue
= STRUCT_VAR_P(options
, var
->var_offset
);
1916 switch (var
->type
) {
1918 case CONFIG_TYPE_PORT
:
1919 if (!strcasecmp(c
->value
, "auto")) {
1920 *(int *)lvalue
= CFG_AUTO_PORT
;
1924 case CONFIG_TYPE_UINT
:
1925 i
= (int)tor_parse_long(c
->value
, 10, 0,
1926 var
->type
==CONFIG_TYPE_PORT
? 65535 : INT_MAX
,
1930 "Int keyword '%s %s' is malformed or out of bounds.",
1937 case CONFIG_TYPE_INTERVAL
: {
1938 i
= config_parse_interval(c
->value
, &ok
);
1941 "Interval '%s %s' is malformed or out of bounds.",
1949 case CONFIG_TYPE_MSEC_INTERVAL
: {
1950 i
= config_parse_msec_interval(c
->value
, &ok
);
1953 "Msec interval '%s %s' is malformed or out of bounds.",
1961 case CONFIG_TYPE_MEMUNIT
: {
1962 uint64_t u64
= config_parse_memunit(c
->value
, &ok
);
1965 "Value '%s %s' is malformed or out of bounds.",
1969 *(uint64_t *)lvalue
= u64
;
1973 case CONFIG_TYPE_BOOL
:
1974 i
= (int)tor_parse_long(c
->value
, 10, 0, 1, &ok
, NULL
);
1977 "Boolean '%s %s' expects 0 or 1.",
1984 case CONFIG_TYPE_AUTOBOOL
:
1985 if (!strcmp(c
->value
, "auto"))
1986 *(int *)lvalue
= -1;
1987 else if (!strcmp(c
->value
, "0"))
1989 else if (!strcmp(c
->value
, "1"))
1992 tor_asprintf(msg
, "Boolean '%s %s' expects 0, 1, or 'auto'.",
1998 case CONFIG_TYPE_STRING
:
1999 case CONFIG_TYPE_FILENAME
:
2000 tor_free(*(char **)lvalue
);
2001 *(char **)lvalue
= tor_strdup(c
->value
);
2004 case CONFIG_TYPE_DOUBLE
:
2005 *(double *)lvalue
= atof(c
->value
);
2008 case CONFIG_TYPE_ISOTIME
:
2009 if (parse_iso_time(c
->value
, (time_t *)lvalue
)) {
2011 "Invalid time '%s' for keyword '%s'", c
->value
, c
->key
);
2016 case CONFIG_TYPE_ROUTERSET
:
2017 if (*(routerset_t
**)lvalue
) {
2018 routerset_free(*(routerset_t
**)lvalue
);
2020 *(routerset_t
**)lvalue
= routerset_new();
2021 if (routerset_parse(*(routerset_t
**)lvalue
, c
->value
, c
->key
)<0) {
2022 tor_asprintf(msg
, "Invalid exit list '%s' for option '%s'",
2028 case CONFIG_TYPE_CSV
:
2029 if (*(smartlist_t
**)lvalue
) {
2030 SMARTLIST_FOREACH(*(smartlist_t
**)lvalue
, char *, cp
, tor_free(cp
));
2031 smartlist_clear(*(smartlist_t
**)lvalue
);
2033 *(smartlist_t
**)lvalue
= smartlist_create();
2036 smartlist_split_string(*(smartlist_t
**)lvalue
, c
->value
, ",",
2037 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
2040 case CONFIG_TYPE_LINELIST
:
2041 case CONFIG_TYPE_LINELIST_S
:
2042 config_line_append((config_line_t
**)lvalue
, c
->key
, c
->value
);
2044 case CONFIG_TYPE_OBSOLETE
:
2045 log_warn(LD_CONFIG
, "Skipping obsolete configuration option '%s'", c
->key
);
2047 case CONFIG_TYPE_LINELIST_V
:
2049 "You may not provide a value for virtual option '%s'", c
->key
);
2058 /** If <b>c</b> is a syntactically valid configuration line, update
2059 * <b>options</b> with its value and return 0. Otherwise return -1 for bad
2060 * key, -2 for bad value.
2062 * If <b>clear_first</b> is set, clear the value first. Then if
2063 * <b>use_defaults</b> is set, set the value to the default.
2065 * Called from config_assign().
2068 config_assign_line(const config_format_t
*fmt
, or_options_t
*options
,
2069 config_line_t
*c
, int use_defaults
,
2070 int clear_first
, bitarray_t
*options_seen
, char **msg
)
2072 const config_var_t
*var
;
2074 CHECK(fmt
, options
);
2076 var
= config_find_option(fmt
, c
->key
);
2079 void *lvalue
= STRUCT_VAR_P(options
, fmt
->extra
->var_offset
);
2081 "Found unrecognized option '%s'; saving it.", c
->key
);
2082 config_line_append((config_line_t
**)lvalue
, c
->key
, c
->value
);
2086 "Unknown option '%s'. Failing.", c
->key
);
2091 /* Put keyword into canonical case. */
2092 if (strcmp(var
->name
, c
->key
)) {
2094 c
->key
= tor_strdup(var
->name
);
2097 if (!strlen(c
->value
)) {
2098 /* reset or clear it, then return */
2100 if (var
->type
== CONFIG_TYPE_LINELIST
||
2101 var
->type
== CONFIG_TYPE_LINELIST_S
) {
2102 /* We got an empty linelist from the torrc or command line.
2103 As a special case, call this an error. Warn and ignore. */
2105 "Linelist option '%s' has no value. Skipping.", c
->key
);
2106 } else { /* not already cleared */
2107 option_reset(fmt
, options
, var
, use_defaults
);
2113 if (options_seen
&& (var
->type
!= CONFIG_TYPE_LINELIST
&&
2114 var
->type
!= CONFIG_TYPE_LINELIST_S
)) {
2115 /* We're tracking which options we've seen, and this option is not
2116 * supposed to occur more than once. */
2117 int var_index
= (int)(var
- fmt
->vars
);
2118 if (bitarray_is_set(options_seen
, var_index
)) {
2119 log_warn(LD_CONFIG
, "Option '%s' used more than once; all but the last "
2120 "value will be ignored.", var
->name
);
2122 bitarray_set(options_seen
, var_index
);
2125 if (config_assign_value(fmt
, options
, c
, msg
) < 0)
2130 /** Restore the option named <b>key</b> in options to its default value.
2131 * Called from config_assign(). */
2133 config_reset_line(const config_format_t
*fmt
, or_options_t
*options
,
2134 const char *key
, int use_defaults
)
2136 const config_var_t
*var
;
2138 CHECK(fmt
, options
);
2140 var
= config_find_option(fmt
, key
);
2142 return; /* give error on next pass. */
2144 option_reset(fmt
, options
, var
, use_defaults
);
2147 /** Return true iff key is a valid configuration option. */
2149 option_is_recognized(const char *key
)
2151 const config_var_t
*var
= config_find_option(&options_format
, key
);
2152 return (var
!= NULL
);
2155 /** Return the canonical name of a configuration option, or NULL
2156 * if no such option exists. */
2158 option_get_canonical_name(const char *key
)
2160 const config_var_t
*var
= config_find_option(&options_format
, key
);
2161 return var
? var
->name
: NULL
;
2164 /** Return a canonical list of the options assigned for key.
2167 option_get_assignment(const or_options_t
*options
, const char *key
)
2169 return get_assigned_option(&options_format
, options
, key
, 1);
2172 /** Return true iff value needs to be quoted and escaped to be used in
2173 * a configuration file. */
2175 config_value_needs_escape(const char *value
)
2185 /* Note: quotes and backspaces need special handling when we are using
2186 * quotes, not otherwise, so they don't trigger escaping on their
2190 if (!TOR_ISPRINT(*value
))
2198 /** Return a newly allocated deep copy of the lines in <b>inp</b>. */
2199 static config_line_t
*
2200 config_lines_dup(const config_line_t
*inp
)
2202 config_line_t
*result
= NULL
;
2203 config_line_t
**next_out
= &result
;
2205 *next_out
= tor_malloc(sizeof(config_line_t
));
2206 (*next_out
)->key
= tor_strdup(inp
->key
);
2207 (*next_out
)->value
= tor_strdup(inp
->value
);
2209 next_out
= &((*next_out
)->next
);
2215 /** Return newly allocated line or lines corresponding to <b>key</b> in the
2216 * configuration <b>options</b>. If <b>escape_val</b> is true and a
2217 * value needs to be quoted before it's put in a config file, quote and
2218 * escape that value. Return NULL if no such key exists. */
2219 static config_line_t
*
2220 get_assigned_option(const config_format_t
*fmt
, const void *options
,
2221 const char *key
, int escape_val
)
2223 const config_var_t
*var
;
2225 config_line_t
*result
;
2226 tor_assert(options
&& key
);
2228 CHECK(fmt
, options
);
2230 var
= config_find_option(fmt
, key
);
2232 log_warn(LD_CONFIG
, "Unknown option '%s'. Failing.", key
);
2235 value
= STRUCT_VAR_P(options
, var
->var_offset
);
2237 result
= tor_malloc_zero(sizeof(config_line_t
));
2238 result
->key
= tor_strdup(var
->name
);
2241 case CONFIG_TYPE_STRING
:
2242 case CONFIG_TYPE_FILENAME
:
2243 if (*(char**)value
) {
2244 result
->value
= tor_strdup(*(char**)value
);
2246 tor_free(result
->key
);
2251 case CONFIG_TYPE_ISOTIME
:
2252 if (*(time_t*)value
) {
2253 result
->value
= tor_malloc(ISO_TIME_LEN
+1);
2254 format_iso_time(result
->value
, *(time_t*)value
);
2256 tor_free(result
->key
);
2259 escape_val
= 0; /* Can't need escape. */
2261 case CONFIG_TYPE_PORT
:
2262 if (*(int*)value
== CFG_AUTO_PORT
) {
2263 result
->value
= tor_strdup("auto");
2268 case CONFIG_TYPE_INTERVAL
:
2269 case CONFIG_TYPE_MSEC_INTERVAL
:
2270 case CONFIG_TYPE_UINT
:
2271 /* This means every or_options_t uint or bool element
2272 * needs to be an int. Not, say, a uint16_t or char. */
2273 tor_asprintf(&result
->value
, "%d", *(int*)value
);
2274 escape_val
= 0; /* Can't need escape. */
2276 case CONFIG_TYPE_MEMUNIT
:
2277 tor_asprintf(&result
->value
, U64_FORMAT
,
2278 U64_PRINTF_ARG(*(uint64_t*)value
));
2279 escape_val
= 0; /* Can't need escape. */
2281 case CONFIG_TYPE_DOUBLE
:
2282 tor_asprintf(&result
->value
, "%f", *(double*)value
);
2283 escape_val
= 0; /* Can't need escape. */
2286 case CONFIG_TYPE_AUTOBOOL
:
2287 if (*(int*)value
== -1) {
2288 result
->value
= tor_strdup("auto");
2293 case CONFIG_TYPE_BOOL
:
2294 result
->value
= tor_strdup(*(int*)value
? "1" : "0");
2295 escape_val
= 0; /* Can't need escape. */
2297 case CONFIG_TYPE_ROUTERSET
:
2298 result
->value
= routerset_to_string(*(routerset_t
**)value
);
2300 case CONFIG_TYPE_CSV
:
2301 if (*(smartlist_t
**)value
)
2303 smartlist_join_strings(*(smartlist_t
**)value
, ",", 0, NULL
);
2305 result
->value
= tor_strdup("");
2307 case CONFIG_TYPE_OBSOLETE
:
2308 log_fn(LOG_PROTOCOL_WARN
, LD_CONFIG
,
2309 "You asked me for the value of an obsolete config option '%s'.",
2311 tor_free(result
->key
);
2314 case CONFIG_TYPE_LINELIST_S
:
2316 "Can't return context-sensitive '%s' on its own", key
);
2317 tor_free(result
->key
);
2320 case CONFIG_TYPE_LINELIST
:
2321 case CONFIG_TYPE_LINELIST_V
:
2322 tor_free(result
->key
);
2324 result
= config_lines_dup(*(const config_line_t
**)value
);
2327 tor_free(result
->key
);
2329 log_warn(LD_BUG
,"Unknown type %d for known key '%s'",
2335 config_line_t
*line
;
2336 for (line
= result
; line
; line
= line
->next
) {
2337 if (line
->value
&& config_value_needs_escape(line
->value
)) {
2338 char *newval
= esc_for_log(line
->value
);
2339 tor_free(line
->value
);
2340 line
->value
= newval
;
2348 /** Iterate through the linked list of requested options <b>list</b>.
2349 * For each item, convert as appropriate and assign to <b>options</b>.
2350 * If an item is unrecognized, set *msg and return -1 immediately,
2351 * else return 0 for success.
2353 * If <b>clear_first</b>, interpret config options as replacing (not
2354 * extending) their previous values. If <b>clear_first</b> is set,
2355 * then <b>use_defaults</b> to decide if you set to defaults after
2356 * clearing, or make the value 0 or NULL.
2358 * Here are the use cases:
2359 * 1. A non-empty AllowInvalid line in your torrc. Appends to current
2360 * if linelist, replaces current if csv.
2361 * 2. An empty AllowInvalid line in your torrc. Should clear it.
2362 * 3. "RESETCONF AllowInvalid" sets it to default.
2363 * 4. "SETCONF AllowInvalid" makes it NULL.
2364 * 5. "SETCONF AllowInvalid=foo" clears it and sets it to "foo".
2366 * Use_defaults Clear_first
2368 * 1 0 undefined, don't use
2369 * 0 1 "set to null first"
2370 * 1 1 "set to defaults first"
2371 * Return 0 on success, -1 on bad key, -2 on bad value.
2373 * As an additional special case, if a LINELIST config option has
2374 * no value and clear_first is 0, then warn and ignore it.
2378 There are three call cases for config_assign() currently.
2380 Case one: Torrc entry
2381 options_init_from_torrc() calls config_assign(0, 0)
2382 calls config_assign_line(0, 0).
2383 if value is empty, calls option_reset(0) and returns.
2384 calls config_assign_value(), appends.
2387 options_trial_assign() calls config_assign(0, 1)
2388 calls config_reset_line(0)
2389 calls option_reset(0)
2390 calls option_clear().
2391 calls config_assign_line(0, 1).
2392 if value is empty, returns.
2393 calls config_assign_value(), appends.
2395 Case three: resetconf
2396 options_trial_assign() calls config_assign(1, 1)
2397 calls config_reset_line(1)
2398 calls option_reset(1)
2399 calls option_clear().
2400 calls config_assign_value(default)
2401 calls config_assign_line(1, 1).
2405 config_assign(const config_format_t
*fmt
, void *options
, config_line_t
*list
,
2406 int use_defaults
, int clear_first
, char **msg
)
2409 bitarray_t
*options_seen
;
2410 const int n_options
= config_count_options(fmt
);
2412 CHECK(fmt
, options
);
2414 /* pass 1: normalize keys */
2415 for (p
= list
; p
; p
= p
->next
) {
2416 const char *full
= expand_abbrev(fmt
, p
->key
, 0, 1);
2417 if (strcmp(full
,p
->key
)) {
2419 p
->key
= tor_strdup(full
);
2423 /* pass 2: if we're reading from a resetting source, clear all
2424 * mentioned config options, and maybe set to their defaults. */
2426 for (p
= list
; p
; p
= p
->next
)
2427 config_reset_line(fmt
, options
, p
->key
, use_defaults
);
2430 options_seen
= bitarray_init_zero(n_options
);
2431 /* pass 3: assign. */
2434 if ((r
=config_assign_line(fmt
, options
, list
, use_defaults
,
2435 clear_first
, options_seen
, msg
))) {
2436 bitarray_free(options_seen
);
2441 bitarray_free(options_seen
);
2445 /** Try assigning <b>list</b> to the global options. You do this by duping
2446 * options, assigning list to the new one, then validating it. If it's
2447 * ok, then throw out the old one and stick with the new one. Else,
2448 * revert to old and return failure. Return SETOPT_OK on success, or
2449 * a setopt_err_t on failure.
2451 * If not success, point *<b>msg</b> to a newly allocated string describing
2455 options_trial_assign(config_line_t
*list
, int use_defaults
,
2456 int clear_first
, char **msg
)
2459 or_options_t
*trial_options
= options_dup(&options_format
, get_options());
2461 if ((r
=config_assign(&options_format
, trial_options
,
2462 list
, use_defaults
, clear_first
, msg
)) < 0) {
2463 config_free(&options_format
, trial_options
);
2467 if (options_validate(get_options_mutable(), trial_options
, 1, msg
) < 0) {
2468 config_free(&options_format
, trial_options
);
2469 return SETOPT_ERR_PARSE
; /*XXX make this a separate return value. */
2472 if (options_transition_allowed(get_options(), trial_options
, msg
) < 0) {
2473 config_free(&options_format
, trial_options
);
2474 return SETOPT_ERR_TRANSITION
;
2477 if (set_options(trial_options
, msg
)<0) {
2478 config_free(&options_format
, trial_options
);
2479 return SETOPT_ERR_SETTING
;
2482 /* we liked it. put it in place. */
2486 /** Reset config option <b>var</b> to 0, 0.0, NULL, or the equivalent.
2487 * Called from option_reset() and config_free(). */
2489 option_clear(const config_format_t
*fmt
, or_options_t
*options
,
2490 const config_var_t
*var
)
2492 void *lvalue
= STRUCT_VAR_P(options
, var
->var_offset
);
2493 (void)fmt
; /* unused */
2494 switch (var
->type
) {
2495 case CONFIG_TYPE_STRING
:
2496 case CONFIG_TYPE_FILENAME
:
2497 tor_free(*(char**)lvalue
);
2499 case CONFIG_TYPE_DOUBLE
:
2500 *(double*)lvalue
= 0.0;
2502 case CONFIG_TYPE_ISOTIME
:
2503 *(time_t*)lvalue
= 0;
2505 case CONFIG_TYPE_INTERVAL
:
2506 case CONFIG_TYPE_MSEC_INTERVAL
:
2507 case CONFIG_TYPE_UINT
:
2508 case CONFIG_TYPE_PORT
:
2509 case CONFIG_TYPE_BOOL
:
2512 case CONFIG_TYPE_AUTOBOOL
:
2515 case CONFIG_TYPE_MEMUNIT
:
2516 *(uint64_t*)lvalue
= 0;
2518 case CONFIG_TYPE_ROUTERSET
:
2519 if (*(routerset_t
**)lvalue
) {
2520 routerset_free(*(routerset_t
**)lvalue
);
2521 *(routerset_t
**)lvalue
= NULL
;
2524 case CONFIG_TYPE_CSV
:
2525 if (*(smartlist_t
**)lvalue
) {
2526 SMARTLIST_FOREACH(*(smartlist_t
**)lvalue
, char *, cp
, tor_free(cp
));
2527 smartlist_free(*(smartlist_t
**)lvalue
);
2528 *(smartlist_t
**)lvalue
= NULL
;
2531 case CONFIG_TYPE_LINELIST
:
2532 case CONFIG_TYPE_LINELIST_S
:
2533 config_free_lines(*(config_line_t
**)lvalue
);
2534 *(config_line_t
**)lvalue
= NULL
;
2536 case CONFIG_TYPE_LINELIST_V
:
2537 /* handled by linelist_s. */
2539 case CONFIG_TYPE_OBSOLETE
:
2544 /** Clear the option indexed by <b>var</b> in <b>options</b>. Then if
2545 * <b>use_defaults</b>, set it to its default value.
2546 * Called by config_init() and option_reset_line() and option_assign_line(). */
2548 option_reset(const config_format_t
*fmt
, or_options_t
*options
,
2549 const config_var_t
*var
, int use_defaults
)
2553 CHECK(fmt
, options
);
2554 option_clear(fmt
, options
, var
); /* clear it first */
2556 return; /* all done */
2557 if (var
->initvalue
) {
2558 c
= tor_malloc_zero(sizeof(config_line_t
));
2559 c
->key
= tor_strdup(var
->name
);
2560 c
->value
= tor_strdup(var
->initvalue
);
2561 if (config_assign_value(fmt
, options
, c
, &msg
) < 0) {
2562 log_warn(LD_BUG
, "Failed to assign default: %s", msg
);
2563 tor_free(msg
); /* if this happens it's a bug */
2565 config_free_lines(c
);
2569 /** Print a usage message for tor. */
2574 "Copyright (c) 2001-2004, Roger Dingledine\n"
2575 "Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n"
2576 "Copyright (c) 2007-2011, The Tor Project, Inc.\n\n"
2577 "tor -f <torrc> [args]\n"
2578 "See man page for options, or https://www.torproject.org/ for "
2579 "documentation.\n");
2582 /** Print all non-obsolete torrc options. */
2584 list_torrc_options(void)
2587 smartlist_t
*lines
= smartlist_create();
2588 for (i
= 0; _option_vars
[i
].name
; ++i
) {
2589 const config_var_t
*var
= &_option_vars
[i
];
2590 if (var
->type
== CONFIG_TYPE_OBSOLETE
||
2591 var
->type
== CONFIG_TYPE_LINELIST_V
)
2593 printf("%s\n", var
->name
);
2595 smartlist_free(lines
);
2598 /** Last value actually set by resolve_my_address. */
2599 static uint32_t last_resolved_addr
= 0;
2601 * Based on <b>options-\>Address</b>, guess our public IP address and put it
2602 * (in host order) into *<b>addr_out</b>. If <b>hostname_out</b> is provided,
2603 * set *<b>hostname_out</b> to a new string holding the hostname we used to
2604 * get the address. Return 0 if all is well, or -1 if we can't find a suitable
2605 * public IP address.
2608 resolve_my_address(int warn_severity
, const or_options_t
*options
,
2609 uint32_t *addr_out
, char **hostname_out
)
2612 uint32_t addr
; /* host order */
2615 int explicit_hostname
=1;
2616 int from_interface
=0;
2617 char *addr_string
= NULL
;
2618 const char *address
= options
->Address
;
2619 int notice_severity
= warn_severity
<= LOG_NOTICE
?
2620 LOG_NOTICE
: warn_severity
;
2622 tor_assert(addr_out
);
2624 if (address
&& *address
) {
2625 strlcpy(hostname
, address
, sizeof(hostname
));
2626 } else { /* then we need to guess our address */
2627 explicit_ip
= 0; /* it's implicit */
2628 explicit_hostname
= 0; /* it's implicit */
2630 if (gethostname(hostname
, sizeof(hostname
)) < 0) {
2631 log_fn(warn_severity
, LD_NET
,"Error obtaining local hostname");
2634 log_debug(LD_CONFIG
,"Guessed local host name as '%s'",hostname
);
2637 /* now we know hostname. resolve it and keep only the IP address */
2639 if (tor_inet_aton(hostname
, &in
) == 0) {
2640 /* then we have to resolve it */
2642 if (tor_lookup_hostname(hostname
, &addr
)) { /* failed to resolve */
2643 uint32_t interface_ip
; /* host order */
2645 if (explicit_hostname
) {
2646 log_fn(warn_severity
, LD_CONFIG
,
2647 "Could not resolve local Address '%s'. Failing.", hostname
);
2650 log_fn(notice_severity
, LD_CONFIG
,
2651 "Could not resolve guessed local hostname '%s'. "
2652 "Trying something else.", hostname
);
2653 if (get_interface_address(warn_severity
, &interface_ip
)) {
2654 log_fn(warn_severity
, LD_CONFIG
,
2655 "Could not get local interface IP address. Failing.");
2659 addr
= interface_ip
;
2660 log_fn(notice_severity
, LD_CONFIG
, "Learned IP address '%s' for "
2661 "local interface. Using that.", fmt_addr32(addr
));
2662 strlcpy(hostname
, "<guessed from interfaces>", sizeof(hostname
));
2663 } else { /* resolved hostname into addr */
2664 if (!explicit_hostname
&&
2665 is_internal_IP(addr
, 0)) {
2666 uint32_t interface_ip
;
2668 log_fn(notice_severity
, LD_CONFIG
, "Guessed local hostname '%s' "
2669 "resolves to a private IP address (%s). Trying something "
2670 "else.", hostname
, fmt_addr32(addr
));
2672 if (get_interface_address(warn_severity
, &interface_ip
)) {
2673 log_fn(warn_severity
, LD_CONFIG
,
2674 "Could not get local interface IP address. Too bad.");
2675 } else if (is_internal_IP(interface_ip
, 0)) {
2676 log_fn(notice_severity
, LD_CONFIG
,
2677 "Interface IP address '%s' is a private address too. "
2678 "Ignoring.", fmt_addr32(interface_ip
));
2681 addr
= interface_ip
;
2682 log_fn(notice_severity
, LD_CONFIG
,
2683 "Learned IP address '%s' for local interface."
2684 " Using that.", fmt_addr32(addr
));
2685 strlcpy(hostname
, "<guessed from interfaces>", sizeof(hostname
));
2690 addr
= ntohl(in
.s_addr
); /* set addr so that addr_string is not
2694 addr_string
= tor_dup_ip(addr
);
2695 if (is_internal_IP(addr
, 0)) {
2696 /* make sure we're ok with publishing an internal IP */
2697 if (!options
->DirServers
&& !options
->AlternateDirAuthority
) {
2698 /* if they are using the default dirservers, disallow internal IPs
2700 log_fn(warn_severity
, LD_CONFIG
,
2701 "Address '%s' resolves to private IP address '%s'. "
2702 "Tor servers that use the default DirServers must have public "
2703 "IP addresses.", hostname
, addr_string
);
2704 tor_free(addr_string
);
2708 /* even if they've set their own dirservers, require an explicit IP if
2709 * they're using an internal address. */
2710 log_fn(warn_severity
, LD_CONFIG
, "Address '%s' resolves to private "
2711 "IP address '%s'. Please set the Address config option to be "
2712 "the IP address you want to use.", hostname
, addr_string
);
2713 tor_free(addr_string
);
2718 log_debug(LD_CONFIG
, "Resolved Address to '%s'.", fmt_addr32(addr
));
2720 if (last_resolved_addr
&& last_resolved_addr
!= *addr_out
) {
2721 /* Leave this as a notice, regardless of the requested severity,
2722 * at least until dynamic IP address support becomes bulletproof. */
2724 "Your IP address seems to have changed to %s. Updating.",
2726 ip_address_changed(0);
2728 if (last_resolved_addr
!= *addr_out
) {
2730 const char *h
= hostname
;
2732 method
= "CONFIGURED";
2734 } else if (explicit_hostname
) {
2735 method
= "RESOLVED";
2736 } else if (from_interface
) {
2737 method
= "INTERFACE";
2740 method
= "GETHOSTNAME";
2742 control_event_server_status(LOG_NOTICE
,
2743 "EXTERNAL_ADDRESS ADDRESS=%s METHOD=%s %s%s",
2744 addr_string
, method
, h
?"HOSTNAME=":"", h
);
2746 last_resolved_addr
= *addr_out
;
2748 *hostname_out
= tor_strdup(hostname
);
2749 tor_free(addr_string
);
2753 /** Return true iff <b>addr</b> is judged to be on the same network as us, or
2754 * on a private network.
2757 is_local_addr(const tor_addr_t
*addr
)
2759 if (tor_addr_is_internal(addr
, 0))
2761 /* Check whether ip is on the same /24 as we are. */
2762 if (get_options()->EnforceDistinctSubnets
== 0)
2764 if (tor_addr_family(addr
) == AF_INET
) {
2765 /*XXXX023 IP6 what corresponds to an /24? */
2766 uint32_t ip
= tor_addr_to_ipv4h(addr
);
2768 /* It's possible that this next check will hit before the first time
2769 * resolve_my_address actually succeeds. (For clients, it is likely that
2770 * resolve_my_address will never be called at all). In those cases,
2771 * last_resolved_addr will be 0, and so checking to see whether ip is on
2772 * the same /24 as last_resolved_addr will be the same as checking whether
2773 * it was on net 0, which is already done by is_internal_IP.
2775 if ((last_resolved_addr
& (uint32_t)0xffffff00ul
)
2776 == (ip
& (uint32_t)0xffffff00ul
))
2782 /** Release storage held by <b>options</b>. */
2784 config_free(const config_format_t
*fmt
, void *options
)
2793 for (i
=0; fmt
->vars
[i
].name
; ++i
)
2794 option_clear(fmt
, options
, &(fmt
->vars
[i
]));
2796 config_line_t
**linep
= STRUCT_VAR_P(options
, fmt
->extra
->var_offset
);
2797 config_free_lines(*linep
);
2803 /** Return true iff a and b contain identical keys and values in identical
2806 config_lines_eq(config_line_t
*a
, config_line_t
*b
)
2809 if (strcasecmp(a
->key
, b
->key
) || strcmp(a
->value
, b
->value
))
2819 /** Return true iff the option <b>name</b> has the same value in <b>o1</b>
2820 * and <b>o2</b>. Must not be called for LINELIST_S or OBSOLETE options.
2823 option_is_same(const config_format_t
*fmt
,
2824 const or_options_t
*o1
, const or_options_t
*o2
,
2827 config_line_t
*c1
, *c2
;
2832 c1
= get_assigned_option(fmt
, o1
, name
, 0);
2833 c2
= get_assigned_option(fmt
, o2
, name
, 0);
2834 r
= config_lines_eq(c1
, c2
);
2835 config_free_lines(c1
);
2836 config_free_lines(c2
);
2840 /** Copy storage held by <b>old</b> into a new or_options_t and return it. */
2841 static or_options_t
*
2842 options_dup(const config_format_t
*fmt
, const or_options_t
*old
)
2844 or_options_t
*newopts
;
2846 config_line_t
*line
;
2848 newopts
= config_alloc(fmt
);
2849 for (i
=0; fmt
->vars
[i
].name
; ++i
) {
2850 if (fmt
->vars
[i
].type
== CONFIG_TYPE_LINELIST_S
)
2852 if (fmt
->vars
[i
].type
== CONFIG_TYPE_OBSOLETE
)
2854 line
= get_assigned_option(fmt
, old
, fmt
->vars
[i
].name
, 0);
2857 if (config_assign(fmt
, newopts
, line
, 0, 0, &msg
) < 0) {
2858 log_err(LD_BUG
, "Config_get_assigned_option() generated "
2859 "something we couldn't config_assign(): %s", msg
);
2864 config_free_lines(line
);
2869 /** Return a new empty or_options_t. Used for testing. */
2873 return config_alloc(&options_format
);
2876 /** Set <b>options</b> to hold reasonable defaults for most options.
2877 * Each option defaults to zero. */
2879 options_init(or_options_t
*options
)
2881 config_init(&options_format
, options
);
2884 /* Check if the port number given in <b>port_option</b> in combination with
2885 * the specified port in <b>listen_options</b> will result in Tor actually
2886 * opening a low port (meaning a port lower than 1024). Return 1 if
2887 * it is, or 0 if it isn't or the concept of a low port isn't applicable for
2888 * the platform we're on. */
2890 is_listening_on_low_port(int port_option
,
2891 const config_line_t
*listen_options
)
2895 (void) listen_options
;
2896 return 0; /* No port is too low for windows. */
2898 const config_line_t
*l
;
2900 if (port_option
== 0)
2901 return 0; /* We're not listening */
2902 if (listen_options
== NULL
)
2903 return (port_option
< 1024);
2905 for (l
= listen_options
; l
; l
= l
->next
) {
2906 addr_port_lookup(LOG_WARN
, l
->value
, NULL
, NULL
, &p
);
2915 /** Set all vars in the configuration object <b>options</b> to their default
2918 config_init(const config_format_t
*fmt
, void *options
)
2921 const config_var_t
*var
;
2922 CHECK(fmt
, options
);
2924 for (i
=0; fmt
->vars
[i
].name
; ++i
) {
2925 var
= &fmt
->vars
[i
];
2926 if (!var
->initvalue
)
2927 continue; /* defaults to NULL or 0 */
2928 option_reset(fmt
, options
, var
, 1);
2932 /** Allocate and return a new string holding the written-out values of the vars
2933 * in 'options'. If 'minimal', do not write out any default-valued vars.
2934 * Else, if comment_defaults, write default values as comments.
2937 config_dump(const config_format_t
*fmt
, const void *options
, int minimal
,
2938 int comment_defaults
)
2940 smartlist_t
*elements
;
2941 or_options_t
*defaults
;
2942 config_line_t
*line
, *assigned
;
2947 defaults
= config_alloc(fmt
);
2948 config_init(fmt
, defaults
);
2950 /* XXX use a 1 here so we don't add a new log line while dumping */
2951 if (fmt
->validate_fn(NULL
,defaults
, 1, &msg
) < 0) {
2952 log_err(LD_BUG
, "Failed to validate default config.");
2957 elements
= smartlist_create();
2958 for (i
=0; fmt
->vars
[i
].name
; ++i
) {
2959 int comment_option
= 0;
2960 if (fmt
->vars
[i
].type
== CONFIG_TYPE_OBSOLETE
||
2961 fmt
->vars
[i
].type
== CONFIG_TYPE_LINELIST_S
)
2963 /* Don't save 'hidden' control variables. */
2964 if (!strcmpstart(fmt
->vars
[i
].name
, "__"))
2966 if (minimal
&& option_is_same(fmt
, options
, defaults
, fmt
->vars
[i
].name
))
2968 else if (comment_defaults
&&
2969 option_is_same(fmt
, options
, defaults
, fmt
->vars
[i
].name
))
2972 line
= assigned
= get_assigned_option(fmt
, options
, fmt
->vars
[i
].name
, 1);
2974 for (; line
; line
= line
->next
) {
2976 tor_asprintf(&tmp
, "%s%s %s\n",
2977 comment_option
? "# " : "",
2978 line
->key
, line
->value
);
2979 smartlist_add(elements
, tmp
);
2981 config_free_lines(assigned
);
2985 line
= *(config_line_t
**)STRUCT_VAR_P(options
, fmt
->extra
->var_offset
);
2986 for (; line
; line
= line
->next
) {
2988 tor_asprintf(&tmp
, "%s %s\n", line
->key
, line
->value
);
2989 smartlist_add(elements
, tmp
);
2993 result
= smartlist_join_strings(elements
, "", 0, NULL
);
2994 SMARTLIST_FOREACH(elements
, char *, cp
, tor_free(cp
));
2995 smartlist_free(elements
);
2996 config_free(fmt
, defaults
);
3000 /** Return a string containing a possible configuration file that would give
3001 * the configuration in <b>options</b>. If <b>minimal</b> is true, do not
3002 * include options that are the same as Tor's defaults.
3005 options_dump(const or_options_t
*options
, int minimal
)
3007 return config_dump(&options_format
, options
, minimal
, 0);
3010 /** Return 0 if every element of sl is a string holding a decimal
3011 * representation of a port number, or if sl is NULL.
3012 * Otherwise set *msg and return -1. */
3014 validate_ports_csv(smartlist_t
*sl
, const char *name
, char **msg
)
3022 SMARTLIST_FOREACH(sl
, const char *, cp
,
3025 if (i
< 1 || i
> 65535) {
3026 tor_asprintf(msg
, "Port '%s' out of range in %s", cp
, name
);
3033 /** If <b>value</b> exceeds ROUTER_MAX_DECLARED_BANDWIDTH, write
3034 * a complaint into *<b>msg</b> using string <b>desc</b>, and return -1.
3038 ensure_bandwidth_cap(uint64_t *value
, const char *desc
, char **msg
)
3040 if (*value
> ROUTER_MAX_DECLARED_BANDWIDTH
) {
3041 /* This handles an understandable special case where somebody says "2gb"
3042 * whereas our actual maximum is 2gb-1 (INT_MAX) */
3045 if (*value
> ROUTER_MAX_DECLARED_BANDWIDTH
) {
3046 tor_asprintf(msg
, "%s ("U64_FORMAT
") must be at most %d",
3047 desc
, U64_PRINTF_ARG(*value
),
3048 ROUTER_MAX_DECLARED_BANDWIDTH
);
3054 /** Parse an authority type from <b>options</b>-\>PublishServerDescriptor
3055 * and write it to <b>options</b>-\>_PublishServerDescriptor. Treat "1"
3056 * as "v2,v3" unless BridgeRelay is 1, in which case treat it as "bridge".
3058 * Return 0 on success or -1 if not a recognized authority type (in which
3059 * case the value of _PublishServerDescriptor is undefined). */
3061 compute_publishserverdescriptor(or_options_t
*options
)
3063 smartlist_t
*list
= options
->PublishServerDescriptor
;
3064 dirinfo_type_t
*auth
= &options
->_PublishServerDescriptor
;
3066 if (!list
) /* empty list, answer is none */
3068 SMARTLIST_FOREACH(list
, const char *, string
, {
3069 if (!strcasecmp(string
, "v1"))
3070 *auth
|= V1_DIRINFO
;
3071 else if (!strcmp(string
, "1"))
3072 if (options
->BridgeRelay
)
3073 *auth
|= BRIDGE_DIRINFO
;
3075 *auth
|= V2_DIRINFO
| V3_DIRINFO
;
3076 else if (!strcasecmp(string
, "v2"))
3077 *auth
|= V2_DIRINFO
;
3078 else if (!strcasecmp(string
, "v3"))
3079 *auth
|= V3_DIRINFO
;
3080 else if (!strcasecmp(string
, "bridge"))
3081 *auth
|= BRIDGE_DIRINFO
;
3082 else if (!strcasecmp(string
, "hidserv"))
3084 "PublishServerDescriptor hidserv is invalid. See "
3085 "PublishHidServDescriptors.");
3086 else if (!strcasecmp(string
, "") || !strcmp(string
, "0"))
3094 /** Lowest allowable value for RendPostPeriod; if this is too low, hidden
3095 * services can overload the directory system. */
3096 #define MIN_REND_POST_PERIOD (10*60)
3098 /** Highest allowable value for RendPostPeriod. */
3099 #define MAX_DIR_PERIOD (MIN_ONION_KEY_LIFETIME/2)
3101 /** Lowest allowable value for MaxCircuitDirtiness; if this is too low, Tor
3102 * will generate too many circuits and potentially overload the network. */
3103 #define MIN_MAX_CIRCUIT_DIRTINESS 10
3105 /** Lowest allowable value for CircuitStreamTimeout; if this is too low, Tor
3106 * will generate too many circuits and potentially overload the network. */
3107 #define MIN_CIRCUIT_STREAM_TIMEOUT 10
3109 /** Lowest allowable value for HeartbeatPeriod; if this is too low, we might
3110 * expose more information than we're comfortable with. */
3111 #define MIN_HEARTBEAT_PERIOD (30*60)
3113 /** Return 0 if every setting in <b>options</b> is reasonable, and a
3114 * permissible transition from <b>old_options</b>. Else return -1.
3115 * Should have no side effects, except for normalizing the contents of
3118 * On error, tor_strdup an error explanation into *<b>msg</b>.
3121 * If <b>from_setconf</b>, we were called by the controller, and our
3122 * Log line should stay empty. If it's 0, then give us a default log
3123 * if there are no logs defined.
3126 options_validate(or_options_t
*old_options
, or_options_t
*options
,
3127 int from_setconf
, char **msg
)
3131 const char *uname
= get_uname();
3132 int n_client_ports
=0;
3133 #define REJECT(arg) \
3134 STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
3135 #define COMPLAIN(arg) STMT_BEGIN log(LOG_WARN, LD_CONFIG, arg); STMT_END
3140 if (server_mode(options
) &&
3141 (!strcmpstart(uname
, "Windows 95") ||
3142 !strcmpstart(uname
, "Windows 98") ||
3143 !strcmpstart(uname
, "Windows Me"))) {
3144 log(LOG_WARN
, LD_CONFIG
, "Tor is running as a server, but you are "
3145 "running %s; this probably won't work. See "
3146 "https://wiki.torproject.org/TheOnionRouter/TorFAQ#ServerOS "
3147 "for details.", uname
);
3150 if (options
->ORPort
== 0 && options
->ORListenAddress
!= NULL
)
3151 REJECT("ORPort must be defined if ORListenAddress is defined.");
3153 if (options
->DirPort
== 0 && options
->DirListenAddress
!= NULL
)
3154 REJECT("DirPort must be defined if DirListenAddress is defined.");
3156 if (parse_client_ports(options
, 1, msg
, &n_client_ports
) < 0)
3159 if (validate_data_directory(options
)<0)
3160 REJECT("Invalid DataDirectory");
3162 if (options
->Nickname
== NULL
) {
3163 if (server_mode(options
)) {
3164 options
->Nickname
= tor_strdup(UNNAMED_ROUTER_NICKNAME
);
3167 if (!is_legal_nickname(options
->Nickname
)) {
3169 "Nickname '%s' is wrong length or contains illegal characters.",
3175 if (server_mode(options
) && !options
->ContactInfo
)
3176 log(LOG_NOTICE
, LD_CONFIG
, "Your ContactInfo config option is not set. "
3177 "Please consider setting it, so we can contact you if your server is "
3178 "misconfigured or something else goes wrong.");
3180 /* Special case on first boot if no Log options are given. */
3181 if (!options
->Logs
&& !options
->RunAsDaemon
&& !from_setconf
) {
3182 if (quiet_level
== 0)
3183 config_line_append(&options
->Logs
, "Log", "notice stdout");
3184 else if (quiet_level
== 1)
3185 config_line_append(&options
->Logs
, "Log", "warn stdout");
3188 if (options_init_logs(options
, 1)<0) /* Validate the log(s) */
3189 REJECT("Failed to validate Log options. See logs for details.");
3191 if (authdir_mode(options
)) {
3192 /* confirm that our address isn't broken, so we can complain now */
3194 if (resolve_my_address(LOG_WARN
, options
, &tmp
, NULL
) < 0)
3195 REJECT("Failed to resolve/guess local address. See logs for details.");
3199 if (options
->RunAsDaemon
&& torrc_fname
&& path_is_relative(torrc_fname
))
3200 REJECT("Can't use a relative path to torrc when RunAsDaemon is set.");
3203 if (n_client_ports
== 0 && options
->ORPort
== 0 && !options
->RendConfigLines
)
3204 log(LOG_WARN
, LD_CONFIG
,
3205 "SocksPort, TransPort, NATDPort, DNSPort, and ORPort are all "
3206 "undefined, and there aren't any hidden services configured. "
3207 "Tor will still run, but probably won't do anything.");
3209 #ifndef USE_TRANSPARENT
3210 if (options
->TransPort
|| options
->TransListenAddress
)
3211 REJECT("TransPort and TransListenAddress are disabled in this build.");
3214 if (options
->TokenBucketRefillInterval
<= 0
3215 || options
->TokenBucketRefillInterval
> 1000) {
3216 REJECT("TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
3219 if (options
->AccountingMax
&&
3220 (is_listening_on_low_port(options
->ORPort
, options
->ORListenAddress
) ||
3221 is_listening_on_low_port(options
->DirPort
, options
->DirListenAddress
)))
3223 log(LOG_WARN
, LD_CONFIG
,
3224 "You have set AccountingMax to use hibernation. You have also "
3225 "chosen a low DirPort or OrPort. This combination can make Tor stop "
3226 "working when it tries to re-attach the port after a period of "
3227 "hibernation. Please choose a different port or turn off "
3228 "hibernation unless you know this combination will work on your "
3232 if (options
->ExcludeExitNodes
|| options
->ExcludeNodes
) {
3233 options
->_ExcludeExitNodesUnion
= routerset_new();
3234 routerset_union(options
->_ExcludeExitNodesUnion
,options
->ExcludeExitNodes
);
3235 routerset_union(options
->_ExcludeExitNodesUnion
,options
->ExcludeNodes
);
3238 if (options
->NodeFamilies
) {
3239 options
->NodeFamilySets
= smartlist_create();
3240 for (cl
= options
->NodeFamilies
; cl
; cl
= cl
->next
) {
3241 routerset_t
*rs
= routerset_new();
3242 if (routerset_parse(rs
, cl
->value
, cl
->key
) == 0) {
3243 smartlist_add(options
->NodeFamilySets
, rs
);
3250 if (options
->ExcludeNodes
&& options
->StrictNodes
) {
3251 COMPLAIN("You have asked to exclude certain relays from all positions "
3252 "in your circuits. Expect hidden services and other Tor "
3253 "features to be broken in unpredictable ways.");
3256 if (options
->AuthoritativeDir
) {
3257 if (!options
->ContactInfo
&& !options
->TestingTorNetwork
)
3258 REJECT("Authoritative directory servers must set ContactInfo");
3259 if (options
->V1AuthoritativeDir
&& !options
->RecommendedVersions
)
3260 REJECT("V1 authoritative dir servers must set RecommendedVersions.");
3261 if (!options
->RecommendedClientVersions
)
3262 options
->RecommendedClientVersions
=
3263 config_lines_dup(options
->RecommendedVersions
);
3264 if (!options
->RecommendedServerVersions
)
3265 options
->RecommendedServerVersions
=
3266 config_lines_dup(options
->RecommendedVersions
);
3267 if (options
->VersioningAuthoritativeDir
&&
3268 (!options
->RecommendedClientVersions
||
3269 !options
->RecommendedServerVersions
))
3270 REJECT("Versioning authoritative dir servers must set "
3271 "Recommended*Versions.");
3272 if (options
->UseEntryGuards
) {
3273 log_info(LD_CONFIG
, "Authoritative directory servers can't set "
3274 "UseEntryGuards. Disabling.");
3275 options
->UseEntryGuards
= 0;
3277 if (!options
->DownloadExtraInfo
&& authdir_mode_any_main(options
)) {
3278 log_info(LD_CONFIG
, "Authoritative directories always try to download "
3279 "extra-info documents. Setting DownloadExtraInfo.");
3280 options
->DownloadExtraInfo
= 1;
3282 if (!(options
->BridgeAuthoritativeDir
|| options
->HSAuthoritativeDir
||
3283 options
->V1AuthoritativeDir
|| options
->V2AuthoritativeDir
||
3284 options
->V3AuthoritativeDir
))
3285 REJECT("AuthoritativeDir is set, but none of "
3286 "(Bridge/HS/V1/V2/V3)AuthoritativeDir is set.");
3287 /* If we have a v3bandwidthsfile and it's broken, complain on startup */
3288 if (options
->V3BandwidthsFile
&& !old_options
) {
3289 dirserv_read_measured_bandwidths(options
->V3BandwidthsFile
, NULL
);
3293 if (options
->AuthoritativeDir
&& !options
->DirPort
)
3294 REJECT("Running as authoritative directory, but no DirPort set.");
3296 if (options
->AuthoritativeDir
&& !options
->ORPort
)
3297 REJECT("Running as authoritative directory, but no ORPort set.");
3299 if (options
->AuthoritativeDir
&& options
->ClientOnly
)
3300 REJECT("Running as authoritative directory, but ClientOnly also set.");
3302 if (options
->FetchDirInfoExtraEarly
&& !options
->FetchDirInfoEarly
)
3303 REJECT("FetchDirInfoExtraEarly requires that you also set "
3304 "FetchDirInfoEarly");
3306 if (options
->HSAuthoritativeDir
&& proxy_mode(options
))
3307 REJECT("Running as authoritative v0 HS directory, but also configured "
3310 if (options
->ConnLimit
<= 0) {
3312 "ConnLimit must be greater than 0, but was set to %d",
3313 options
->ConnLimit
);
3317 if (options
->MaxClientCircuitsPending
<= 0 ||
3318 options
->MaxClientCircuitsPending
> MAX_MAX_CLIENT_CIRCUITS_PENDING
) {
3320 "MaxClientCircuitsPending must be between 1 and %d, but "
3321 "was set to %d", MAX_MAX_CLIENT_CIRCUITS_PENDING
,
3322 options
->MaxClientCircuitsPending
);
3326 if (validate_ports_csv(options
->FirewallPorts
, "FirewallPorts", msg
) < 0)
3329 if (validate_ports_csv(options
->LongLivedPorts
, "LongLivedPorts", msg
) < 0)
3332 if (validate_ports_csv(options
->RejectPlaintextPorts
,
3333 "RejectPlaintextPorts", msg
) < 0)
3336 if (validate_ports_csv(options
->WarnPlaintextPorts
,
3337 "WarnPlaintextPorts", msg
) < 0)
3340 if (options
->FascistFirewall
&& !options
->ReachableAddresses
) {
3341 if (options
->FirewallPorts
&& smartlist_len(options
->FirewallPorts
)) {
3342 /* We already have firewall ports set, so migrate them to
3343 * ReachableAddresses, which will set ReachableORAddresses and
3344 * ReachableDirAddresses if they aren't set explicitly. */
3345 smartlist_t
*instead
= smartlist_create();
3346 config_line_t
*new_line
= tor_malloc_zero(sizeof(config_line_t
));
3347 new_line
->key
= tor_strdup("ReachableAddresses");
3348 /* If we're configured with the old format, we need to prepend some
3350 SMARTLIST_FOREACH(options
->FirewallPorts
, const char *, portno
,
3352 int p
= atoi(portno
);
3356 tor_snprintf(s
, 16, "*:%d", p
);
3357 smartlist_add(instead
, s
);
3359 new_line
->value
= smartlist_join_strings(instead
,",",0,NULL
);
3360 /* These have been deprecated since 0.1.1.5-alpha-cvs */
3361 log(LOG_NOTICE
, LD_CONFIG
,
3362 "Converting FascistFirewall and FirewallPorts "
3363 "config options to new format: \"ReachableAddresses %s\"",
3365 options
->ReachableAddresses
= new_line
;
3366 SMARTLIST_FOREACH(instead
, char *, cp
, tor_free(cp
));
3367 smartlist_free(instead
);
3369 /* We do not have FirewallPorts set, so add 80 to
3370 * ReachableDirAddresses, and 443 to ReachableORAddresses. */
3371 if (!options
->ReachableDirAddresses
) {
3372 config_line_t
*new_line
= tor_malloc_zero(sizeof(config_line_t
));
3373 new_line
->key
= tor_strdup("ReachableDirAddresses");
3374 new_line
->value
= tor_strdup("*:80");
3375 options
->ReachableDirAddresses
= new_line
;
3376 log(LOG_NOTICE
, LD_CONFIG
, "Converting FascistFirewall config option "
3377 "to new format: \"ReachableDirAddresses *:80\"");
3379 if (!options
->ReachableORAddresses
) {
3380 config_line_t
*new_line
= tor_malloc_zero(sizeof(config_line_t
));
3381 new_line
->key
= tor_strdup("ReachableORAddresses");
3382 new_line
->value
= tor_strdup("*:443");
3383 options
->ReachableORAddresses
= new_line
;
3384 log(LOG_NOTICE
, LD_CONFIG
, "Converting FascistFirewall config option "
3385 "to new format: \"ReachableORAddresses *:443\"");
3390 for (i
=0; i
<3; i
++) {
3391 config_line_t
**linep
=
3392 (i
==0) ? &options
->ReachableAddresses
:
3393 (i
==1) ? &options
->ReachableORAddresses
:
3394 &options
->ReachableDirAddresses
;
3397 /* We need to end with a reject *:*, not an implicit accept *:* */
3399 if (!strcmp((*linep
)->value
, "reject *:*")) /* already there */
3401 linep
= &((*linep
)->next
);
3403 *linep
= tor_malloc_zero(sizeof(config_line_t
));
3404 (*linep
)->key
= tor_strdup(
3405 (i
==0) ? "ReachableAddresses" :
3406 (i
==1) ? "ReachableORAddresses" :
3407 "ReachableDirAddresses");
3408 (*linep
)->value
= tor_strdup("reject *:*");
3414 if ((options
->ReachableAddresses
||
3415 options
->ReachableORAddresses
||
3416 options
->ReachableDirAddresses
) &&
3417 server_mode(options
))
3418 REJECT("Servers must be able to freely connect to the rest "
3419 "of the Internet, so they must not set Reachable*Addresses "
3420 "or FascistFirewall.");
3422 if (options
->UseBridges
&&
3423 server_mode(options
))
3424 REJECT("Servers must be able to freely connect to the rest "
3425 "of the Internet, so they must not set UseBridges.");
3427 /* If both of these are set, we'll end up with funny behavior where we
3428 * demand enough entrynodes be up and running else we won't build
3429 * circuits, yet we never actually use them. */
3430 if (options
->UseBridges
&& options
->EntryNodes
)
3431 REJECT("You cannot set both UseBridges and EntryNodes.");
3433 options
->_AllowInvalid
= 0;
3434 if (options
->AllowInvalidNodes
) {
3435 SMARTLIST_FOREACH(options
->AllowInvalidNodes
, const char *, cp
, {
3436 if (!strcasecmp(cp
, "entry"))
3437 options
->_AllowInvalid
|= ALLOW_INVALID_ENTRY
;
3438 else if (!strcasecmp(cp
, "exit"))
3439 options
->_AllowInvalid
|= ALLOW_INVALID_EXIT
;
3440 else if (!strcasecmp(cp
, "middle"))
3441 options
->_AllowInvalid
|= ALLOW_INVALID_MIDDLE
;
3442 else if (!strcasecmp(cp
, "introduction"))
3443 options
->_AllowInvalid
|= ALLOW_INVALID_INTRODUCTION
;
3444 else if (!strcasecmp(cp
, "rendezvous"))
3445 options
->_AllowInvalid
|= ALLOW_INVALID_RENDEZVOUS
;
3448 "Unrecognized value '%s' in AllowInvalidNodes", cp
);
3454 if (!options
->SafeLogging
||
3455 !strcasecmp(options
->SafeLogging
, "0")) {
3456 options
->_SafeLogging
= SAFELOG_SCRUB_NONE
;
3457 } else if (!strcasecmp(options
->SafeLogging
, "relay")) {
3458 options
->_SafeLogging
= SAFELOG_SCRUB_RELAY
;
3459 } else if (!strcasecmp(options
->SafeLogging
, "1")) {
3460 options
->_SafeLogging
= SAFELOG_SCRUB_ALL
;
3463 "Unrecognized value '%s' in SafeLogging",
3464 escaped(options
->SafeLogging
));
3468 if (compute_publishserverdescriptor(options
) < 0) {
3469 tor_asprintf(msg
, "Unrecognized value in PublishServerDescriptor");
3473 if ((options
->BridgeRelay
3474 || options
->_PublishServerDescriptor
& BRIDGE_DIRINFO
)
3475 && (options
->_PublishServerDescriptor
3476 & (V1_DIRINFO
|V2_DIRINFO
|V3_DIRINFO
))) {
3477 REJECT("Bridges are not supposed to publish router descriptors to the "
3478 "directory authorities. Please correct your "
3479 "PublishServerDescriptor line.");
3482 if (options
->BridgeRelay
&& options
->DirPort
) {
3483 log_warn(LD_CONFIG
, "Can't set a DirPort on a bridge relay; disabling "
3485 options
->DirPort
= 0;
3488 if (options
->MinUptimeHidServDirectoryV2
< 0) {
3489 log_warn(LD_CONFIG
, "MinUptimeHidServDirectoryV2 option must be at "
3490 "least 0 seconds. Changing to 0.");
3491 options
->MinUptimeHidServDirectoryV2
= 0;
3494 if (options
->RendPostPeriod
< MIN_REND_POST_PERIOD
) {
3495 log_warn(LD_CONFIG
, "RendPostPeriod option is too short; "
3496 "raising to %d seconds.", MIN_REND_POST_PERIOD
);
3497 options
->RendPostPeriod
= MIN_REND_POST_PERIOD
;
3500 if (options
->RendPostPeriod
> MAX_DIR_PERIOD
) {
3501 log_warn(LD_CONFIG
, "RendPostPeriod is too large; clipping to %ds.",
3503 options
->RendPostPeriod
= MAX_DIR_PERIOD
;
3506 if (options
->MaxCircuitDirtiness
< MIN_MAX_CIRCUIT_DIRTINESS
) {
3507 log_warn(LD_CONFIG
, "MaxCircuitDirtiness option is too short; "
3508 "raising to %d seconds.", MIN_MAX_CIRCUIT_DIRTINESS
);
3509 options
->MaxCircuitDirtiness
= MIN_MAX_CIRCUIT_DIRTINESS
;
3512 if (options
->CircuitStreamTimeout
&&
3513 options
->CircuitStreamTimeout
< MIN_CIRCUIT_STREAM_TIMEOUT
) {
3514 log_warn(LD_CONFIG
, "CircuitStreamTimeout option is too short; "
3515 "raising to %d seconds.", MIN_CIRCUIT_STREAM_TIMEOUT
);
3516 options
->CircuitStreamTimeout
= MIN_CIRCUIT_STREAM_TIMEOUT
;
3519 if (options
->HeartbeatPeriod
&&
3520 options
->HeartbeatPeriod
< MIN_HEARTBEAT_PERIOD
) {
3521 log_warn(LD_CONFIG
, "HeartbeatPeriod option is too short; "
3522 "raising to %d seconds.", MIN_HEARTBEAT_PERIOD
);
3523 options
->HeartbeatPeriod
= MIN_HEARTBEAT_PERIOD
;
3526 if (options
->KeepalivePeriod
< 1)
3527 REJECT("KeepalivePeriod option must be positive.");
3529 if (ensure_bandwidth_cap(&options
->BandwidthRate
,
3530 "BandwidthRate", msg
) < 0)
3532 if (ensure_bandwidth_cap(&options
->BandwidthBurst
,
3533 "BandwidthBurst", msg
) < 0)
3535 if (ensure_bandwidth_cap(&options
->MaxAdvertisedBandwidth
,
3536 "MaxAdvertisedBandwidth", msg
) < 0)
3538 if (ensure_bandwidth_cap(&options
->RelayBandwidthRate
,
3539 "RelayBandwidthRate", msg
) < 0)
3541 if (ensure_bandwidth_cap(&options
->RelayBandwidthBurst
,
3542 "RelayBandwidthBurst", msg
) < 0)
3544 if (ensure_bandwidth_cap(&options
->PerConnBWRate
,
3545 "PerConnBWRate", msg
) < 0)
3547 if (ensure_bandwidth_cap(&options
->PerConnBWBurst
,
3548 "PerConnBWBurst", msg
) < 0)
3550 if (ensure_bandwidth_cap(&options
->AuthDirFastGuarantee
,
3551 "AuthDirFastGuarantee", msg
) < 0)
3553 if (ensure_bandwidth_cap(&options
->AuthDirGuardBWGuarantee
,
3554 "AuthDirGuardBWGuarantee", msg
) < 0)
3557 if (options
->RelayBandwidthRate
&& !options
->RelayBandwidthBurst
)
3558 options
->RelayBandwidthBurst
= options
->RelayBandwidthRate
;
3559 if (options
->RelayBandwidthBurst
&& !options
->RelayBandwidthRate
)
3560 options
->RelayBandwidthRate
= options
->RelayBandwidthBurst
;
3562 if (server_mode(options
)) {
3563 if (options
->BandwidthRate
< ROUTER_REQUIRED_MIN_BANDWIDTH
) {
3565 "BandwidthRate is set to %d bytes/second. "
3566 "For servers, it must be at least %d.",
3567 (int)options
->BandwidthRate
,
3568 ROUTER_REQUIRED_MIN_BANDWIDTH
);
3570 } else if (options
->MaxAdvertisedBandwidth
<
3571 ROUTER_REQUIRED_MIN_BANDWIDTH
/2) {
3573 "MaxAdvertisedBandwidth is set to %d bytes/second. "
3574 "For servers, it must be at least %d.",
3575 (int)options
->MaxAdvertisedBandwidth
,
3576 ROUTER_REQUIRED_MIN_BANDWIDTH
/2);
3579 if (options
->RelayBandwidthRate
&&
3580 options
->RelayBandwidthRate
< ROUTER_REQUIRED_MIN_BANDWIDTH
) {
3582 "RelayBandwidthRate is set to %d bytes/second. "
3583 "For servers, it must be at least %d.",
3584 (int)options
->RelayBandwidthRate
,
3585 ROUTER_REQUIRED_MIN_BANDWIDTH
);
3590 if (options
->RelayBandwidthRate
> options
->RelayBandwidthBurst
)
3591 REJECT("RelayBandwidthBurst must be at least equal "
3592 "to RelayBandwidthRate.");
3594 if (options
->BandwidthRate
> options
->BandwidthBurst
)
3595 REJECT("BandwidthBurst must be at least equal to BandwidthRate.");
3597 /* if they set relaybandwidth* really high but left bandwidth*
3598 * at the default, raise the defaults. */
3599 if (options
->RelayBandwidthRate
> options
->BandwidthRate
)
3600 options
->BandwidthRate
= options
->RelayBandwidthRate
;
3601 if (options
->RelayBandwidthBurst
> options
->BandwidthBurst
)
3602 options
->BandwidthBurst
= options
->RelayBandwidthBurst
;
3604 if (accounting_parse_options(options
, 1)<0)
3605 REJECT("Failed to parse accounting options. See logs for details.");
3607 if (options
->HTTPProxy
) { /* parse it now */
3608 if (tor_addr_port_lookup(options
->HTTPProxy
,
3609 &options
->HTTPProxyAddr
, &options
->HTTPProxyPort
) < 0)
3610 REJECT("HTTPProxy failed to parse or resolve. Please fix.");
3611 if (options
->HTTPProxyPort
== 0) { /* give it a default */
3612 options
->HTTPProxyPort
= 80;
3616 if (options
->HTTPProxyAuthenticator
) {
3617 if (strlen(options
->HTTPProxyAuthenticator
) >= 512)
3618 REJECT("HTTPProxyAuthenticator is too long (>= 512 chars).");
3621 if (options
->HTTPSProxy
) { /* parse it now */
3622 if (tor_addr_port_lookup(options
->HTTPSProxy
,
3623 &options
->HTTPSProxyAddr
, &options
->HTTPSProxyPort
) <0)
3624 REJECT("HTTPSProxy failed to parse or resolve. Please fix.");
3625 if (options
->HTTPSProxyPort
== 0) { /* give it a default */
3626 options
->HTTPSProxyPort
= 443;
3630 if (options
->HTTPSProxyAuthenticator
) {
3631 if (strlen(options
->HTTPSProxyAuthenticator
) >= 512)
3632 REJECT("HTTPSProxyAuthenticator is too long (>= 512 chars).");
3635 if (options
->Socks4Proxy
) { /* parse it now */
3636 if (tor_addr_port_lookup(options
->Socks4Proxy
,
3637 &options
->Socks4ProxyAddr
,
3638 &options
->Socks4ProxyPort
) <0)
3639 REJECT("Socks4Proxy failed to parse or resolve. Please fix.");
3640 if (options
->Socks4ProxyPort
== 0) { /* give it a default */
3641 options
->Socks4ProxyPort
= 1080;
3645 if (options
->Socks5Proxy
) { /* parse it now */
3646 if (tor_addr_port_lookup(options
->Socks5Proxy
,
3647 &options
->Socks5ProxyAddr
,
3648 &options
->Socks5ProxyPort
) <0)
3649 REJECT("Socks5Proxy failed to parse or resolve. Please fix.");
3650 if (options
->Socks5ProxyPort
== 0) { /* give it a default */
3651 options
->Socks5ProxyPort
= 1080;
3655 /* Check if more than one proxy type has been enabled. */
3656 if (!!options
->Socks4Proxy
+ !!options
->Socks5Proxy
+
3657 !!options
->HTTPSProxy
+ !!options
->ClientTransportPlugin
> 1)
3658 REJECT("You have configured more than one proxy type. "
3659 "(Socks4Proxy|Socks5Proxy|HTTPSProxy|ClientTransportPlugin)");
3661 if (options
->Socks5ProxyUsername
) {
3664 len
= strlen(options
->Socks5ProxyUsername
);
3665 if (len
< 1 || len
> 255)
3666 REJECT("Socks5ProxyUsername must be between 1 and 255 characters.");
3668 if (!options
->Socks5ProxyPassword
)
3669 REJECT("Socks5ProxyPassword must be included with Socks5ProxyUsername.");
3671 len
= strlen(options
->Socks5ProxyPassword
);
3672 if (len
< 1 || len
> 255)
3673 REJECT("Socks5ProxyPassword must be between 1 and 255 characters.");
3674 } else if (options
->Socks5ProxyPassword
)
3675 REJECT("Socks5ProxyPassword must be included with Socks5ProxyUsername.");
3677 if (options
->HashedControlPassword
) {
3678 smartlist_t
*sl
= decode_hashed_passwords(options
->HashedControlPassword
);
3680 REJECT("Bad HashedControlPassword: wrong length or bad encoding");
3682 SMARTLIST_FOREACH(sl
, char*, cp
, tor_free(cp
));
3687 if (options
->HashedControlSessionPassword
) {
3688 smartlist_t
*sl
= decode_hashed_passwords(
3689 options
->HashedControlSessionPassword
);
3691 REJECT("Bad HashedControlSessionPassword: wrong length or bad encoding");
3693 SMARTLIST_FOREACH(sl
, char*, cp
, tor_free(cp
));
3698 if (options
->OwningControllerProcess
) {
3699 const char *validate_pspec_msg
= NULL
;
3700 if (tor_validate_process_specifier(options
->OwningControllerProcess
,
3701 &validate_pspec_msg
)) {
3702 tor_asprintf(msg
, "Bad OwningControllerProcess: %s",
3703 validate_pspec_msg
);
3708 if (options
->ControlListenAddress
) {
3709 int all_are_local
= 1;
3711 for (ln
= options
->ControlListenAddress
; ln
; ln
= ln
->next
) {
3712 if (strcmpstart(ln
->value
, "127."))
3715 if (!all_are_local
) {
3716 if (!options
->HashedControlPassword
&&
3717 !options
->HashedControlSessionPassword
&&
3718 !options
->CookieAuthentication
) {
3720 "You have a ControlListenAddress set to accept "
3721 "unauthenticated connections from a non-local address. "
3722 "This means that programs not running on your computer "
3723 "can reconfigure your Tor, without even having to guess a "
3724 "password. That's so bad that I'm closing your ControlPort "
3725 "for you. If you need to control your Tor remotely, try "
3726 "enabling authentication and using a tool like stunnel or "
3727 "ssh to encrypt remote access.");
3728 options
->ControlPort
= 0;
3730 log_warn(LD_CONFIG
, "You have a ControlListenAddress set to accept "
3731 "connections from a non-local address. This means that "
3732 "programs not running on your computer can reconfigure your "
3733 "Tor. That's pretty bad, since the controller "
3734 "protocol isn't encrypted! Maybe you should just listen on "
3735 "127.0.0.1 and use a tool like stunnel or ssh to encrypt "
3736 "remote connections to your control port.");
3741 if (options
->ControlPort
&& !options
->HashedControlPassword
&&
3742 !options
->HashedControlSessionPassword
&&
3743 !options
->CookieAuthentication
) {
3744 log_warn(LD_CONFIG
, "ControlPort is open, but no authentication method "
3745 "has been configured. This means that any program on your "
3746 "computer can reconfigure your Tor. That's bad! You should "
3747 "upgrade your Tor controller as soon as possible.");
3750 if (options
->CookieAuthFileGroupReadable
&& !options
->CookieAuthFile
) {
3751 log_warn(LD_CONFIG
, "CookieAuthFileGroupReadable is set, but will have "
3752 "no effect: you must specify an explicit CookieAuthFile to "
3753 "have it group-readable.");
3756 if (options
->UseEntryGuards
&& ! options
->NumEntryGuards
)
3757 REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0");
3759 if (check_nickname_list(options
->MyFamily
, "MyFamily", msg
))
3761 for (cl
= options
->NodeFamilies
; cl
; cl
= cl
->next
) {
3762 routerset_t
*rs
= routerset_new();
3763 if (routerset_parse(rs
, cl
->value
, cl
->key
)) {
3770 if (validate_addr_policies(options
, msg
) < 0)
3773 if (validate_dir_authorities(options
, old_options
) < 0)
3774 REJECT("Directory authority line did not parse. See logs for details.");
3776 if (options
->UseBridges
&& !options
->Bridges
)
3777 REJECT("If you set UseBridges, you must specify at least one bridge.");
3778 if (options
->UseBridges
&& !options
->TunnelDirConns
)
3779 REJECT("If you set UseBridges, you must set TunnelDirConns.");
3781 for (cl
= options
->Bridges
; cl
; cl
= cl
->next
) {
3782 if (parse_bridge_line(cl
->value
, 1)<0)
3783 REJECT("Bridge line did not parse. See logs for details.");
3786 for (cl
= options
->ClientTransportPlugin
; cl
; cl
= cl
->next
) {
3787 if (parse_client_transport_line(cl
->value
, 1)<0)
3788 REJECT("Transport line did not parse. See logs for details.");
3791 for (cl
= options
->ServerTransportPlugin
; cl
; cl
= cl
->next
) {
3792 if (parse_server_transport_line(cl
->value
, 1)<0)
3793 REJECT("Server transport line did not parse. See logs for details.");
3796 if (options
->ConstrainedSockets
) {
3797 /* If the user wants to constrain socket buffer use, make sure the desired
3798 * limit is between MIN|MAX_TCPSOCK_BUFFER in k increments. */
3799 if (options
->ConstrainedSockSize
< MIN_CONSTRAINED_TCP_BUFFER
||
3800 options
->ConstrainedSockSize
> MAX_CONSTRAINED_TCP_BUFFER
||
3801 options
->ConstrainedSockSize
% 1024) {
3803 "ConstrainedSockSize is invalid. Must be a value between %d and %d "
3804 "in 1024 byte increments.",
3805 MIN_CONSTRAINED_TCP_BUFFER
, MAX_CONSTRAINED_TCP_BUFFER
);
3808 if (options
->DirPort
) {
3809 /* Providing cached directory entries while system TCP buffers are scarce
3810 * will exacerbate the socket errors. Suggest that this be disabled. */
3811 COMPLAIN("You have requested constrained socket buffers while also "
3812 "serving directory entries via DirPort. It is strongly "
3813 "suggested that you disable serving directory requests when "
3814 "system TCP buffer resources are scarce.");
3818 if (options
->V3AuthVoteDelay
+ options
->V3AuthDistDelay
>=
3819 options
->V3AuthVotingInterval
/2) {
3820 REJECT("V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
3821 "V3AuthVotingInterval");
3823 if (options
->V3AuthVoteDelay
< MIN_VOTE_SECONDS
)
3824 REJECT("V3AuthVoteDelay is way too low.");
3825 if (options
->V3AuthDistDelay
< MIN_DIST_SECONDS
)
3826 REJECT("V3AuthDistDelay is way too low.");
3828 if (options
->V3AuthNIntervalsValid
< 2)
3829 REJECT("V3AuthNIntervalsValid must be at least 2.");
3831 if (options
->V3AuthVotingInterval
< MIN_VOTE_INTERVAL
) {
3832 REJECT("V3AuthVotingInterval is insanely low.");
3833 } else if (options
->V3AuthVotingInterval
> 24*60*60) {
3834 REJECT("V3AuthVotingInterval is insanely high.");
3835 } else if (((24*60*60) % options
->V3AuthVotingInterval
) != 0) {
3836 COMPLAIN("V3AuthVotingInterval does not divide evenly into 24 hours.");
3839 if (rend_config_services(options
, 1) < 0)
3840 REJECT("Failed to configure rendezvous options. See logs for details.");
3842 /* Parse client-side authorization for hidden services. */
3843 if (rend_parse_service_authorization(options
, 1) < 0)
3844 REJECT("Failed to configure client authorization for hidden services. "
3845 "See logs for details.");
3847 if (parse_virtual_addr_network(options
->VirtualAddrNetwork
, 1, NULL
)<0)
3850 if (options
->PreferTunneledDirConns
&& !options
->TunnelDirConns
)
3851 REJECT("Must set TunnelDirConns if PreferTunneledDirConns is set.");
3853 if ((options
->Socks4Proxy
|| options
->Socks5Proxy
) &&
3854 !options
->HTTPProxy
&& !options
->PreferTunneledDirConns
)
3855 REJECT("When Socks4Proxy or Socks5Proxy is configured, "
3856 "PreferTunneledDirConns and TunnelDirConns must both be "
3857 "set to 1, or HTTPProxy must be configured.");
3859 if (options
->AutomapHostsSuffixes
) {
3860 SMARTLIST_FOREACH(options
->AutomapHostsSuffixes
, char *, suf
,
3862 size_t len
= strlen(suf
);
3863 if (len
&& suf
[len
-1] == '.')
3868 if (options
->TestingTorNetwork
&& !options
->DirServers
) {
3869 REJECT("TestingTorNetwork may only be configured in combination with "
3870 "a non-default set of DirServers.");
3873 if (options
->AllowSingleHopExits
&& !options
->DirServers
) {
3874 COMPLAIN("You have set AllowSingleHopExits; now your relay will allow "
3875 "others to make one-hop exits. However, since by default most "
3876 "clients avoid relays that set this option, most clients will "
3880 /*XXXX023 checking for defaults manually like this is a bit fragile.*/
3882 /* Keep changes to hard-coded values synchronous to man page and default
3884 if (options
->TestingV3AuthInitialVotingInterval
!= 30*60 &&
3885 !options
->TestingTorNetwork
&& !options
->_UsingTestNetworkDefaults
) {
3886 REJECT("TestingV3AuthInitialVotingInterval may only be changed in testing "
3888 } else if (options
->TestingV3AuthInitialVotingInterval
< MIN_VOTE_INTERVAL
) {
3889 REJECT("TestingV3AuthInitialVotingInterval is insanely low.");
3890 } else if (((30*60) % options
->TestingV3AuthInitialVotingInterval
) != 0) {
3891 REJECT("TestingV3AuthInitialVotingInterval does not divide evenly into "
3895 if (options
->TestingV3AuthInitialVoteDelay
!= 5*60 &&
3896 !options
->TestingTorNetwork
&& !options
->_UsingTestNetworkDefaults
) {
3898 REJECT("TestingV3AuthInitialVoteDelay may only be changed in testing "
3900 } else if (options
->TestingV3AuthInitialVoteDelay
< MIN_VOTE_SECONDS
) {
3901 REJECT("TestingV3AuthInitialVoteDelay is way too low.");
3904 if (options
->TestingV3AuthInitialDistDelay
!= 5*60 &&
3905 !options
->TestingTorNetwork
&& !options
->_UsingTestNetworkDefaults
) {
3906 REJECT("TestingV3AuthInitialDistDelay may only be changed in testing "
3908 } else if (options
->TestingV3AuthInitialDistDelay
< MIN_DIST_SECONDS
) {
3909 REJECT("TestingV3AuthInitialDistDelay is way too low.");
3912 if (options
->TestingV3AuthInitialVoteDelay
+
3913 options
->TestingV3AuthInitialDistDelay
>=
3914 options
->TestingV3AuthInitialVotingInterval
/2) {
3915 REJECT("TestingV3AuthInitialVoteDelay plus TestingV3AuthInitialDistDelay "
3916 "must be less than half TestingV3AuthInitialVotingInterval");
3919 if (options
->TestingAuthDirTimeToLearnReachability
!= 30*60 &&
3920 !options
->TestingTorNetwork
&& !options
->_UsingTestNetworkDefaults
) {
3921 REJECT("TestingAuthDirTimeToLearnReachability may only be changed in "
3922 "testing Tor networks!");
3923 } else if (options
->TestingAuthDirTimeToLearnReachability
< 0) {
3924 REJECT("TestingAuthDirTimeToLearnReachability must be non-negative.");
3925 } else if (options
->TestingAuthDirTimeToLearnReachability
> 2*60*60) {
3926 COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high.");
3929 if (options
->TestingEstimatedDescriptorPropagationTime
!= 10*60 &&
3930 !options
->TestingTorNetwork
&& !options
->_UsingTestNetworkDefaults
) {
3931 REJECT("TestingEstimatedDescriptorPropagationTime may only be changed in "
3932 "testing Tor networks!");
3933 } else if (options
->TestingEstimatedDescriptorPropagationTime
< 0) {
3934 REJECT("TestingEstimatedDescriptorPropagationTime must be non-negative.");
3935 } else if (options
->TestingEstimatedDescriptorPropagationTime
> 60*60) {
3936 COMPLAIN("TestingEstimatedDescriptorPropagationTime is insanely high.");
3939 if (options
->TestingTorNetwork
) {
3940 log_warn(LD_CONFIG
, "TestingTorNetwork is set. This will make your node "
3941 "almost unusable in the public Tor network, and is "
3942 "therefore only advised if you are building a "
3943 "testing Tor network!");
3946 if (options
->AccelName
&& !options
->HardwareAccel
)
3947 options
->HardwareAccel
= 1;
3948 if (options
->AccelDir
&& !options
->AccelName
)
3949 REJECT("Can't use hardware crypto accelerator dir without engine name.");
3951 if (options
->PublishServerDescriptor
)
3952 SMARTLIST_FOREACH(options
->PublishServerDescriptor
, const char *, pubdes
, {
3953 if (!strcmp(pubdes
, "1") || !strcmp(pubdes
, "0"))
3954 if (smartlist_len(options
->PublishServerDescriptor
) > 1) {
3955 COMPLAIN("You have passed a list of multiple arguments to the "
3956 "PublishServerDescriptor option that includes 0 or 1. "
3957 "0 or 1 should only be used as the sole argument. "
3958 "This configuration will be rejected in a future release.");
3963 if (options
->BridgeRelay
== 1 && options
->ORPort
== 0)
3964 REJECT("BridgeRelay is 1, ORPort is 0. This is an invalid combination.");
3971 /** Helper: return true iff s1 and s2 are both NULL, or both non-NULL
3974 opt_streq(const char *s1
, const char *s2
)
3976 return 0 == strcmp_opt(s1
, s2
);
3979 /** Check if any of the previous options have changed but aren't allowed to. */
3981 options_transition_allowed(const or_options_t
*old
,
3982 const or_options_t
*new_val
,
3988 if (!opt_streq(old
->PidFile
, new_val
->PidFile
)) {
3989 *msg
= tor_strdup("PidFile is not allowed to change.");
3993 if (old
->RunAsDaemon
!= new_val
->RunAsDaemon
) {
3994 *msg
= tor_strdup("While Tor is running, changing RunAsDaemon "
3999 if (strcmp(old
->DataDirectory
,new_val
->DataDirectory
)!=0) {
4001 "While Tor is running, changing DataDirectory "
4002 "(\"%s\"->\"%s\") is not allowed.",
4003 old
->DataDirectory
, new_val
->DataDirectory
);
4007 if (!opt_streq(old
->User
, new_val
->User
)) {
4008 *msg
= tor_strdup("While Tor is running, changing User is not allowed.");
4012 if ((old
->HardwareAccel
!= new_val
->HardwareAccel
)
4013 || !opt_streq(old
->AccelName
, new_val
->AccelName
)
4014 || !opt_streq(old
->AccelDir
, new_val
->AccelDir
)) {
4015 *msg
= tor_strdup("While Tor is running, changing OpenSSL hardware "
4016 "acceleration engine is not allowed.");
4020 if (old
->TestingTorNetwork
!= new_val
->TestingTorNetwork
) {
4021 *msg
= tor_strdup("While Tor is running, changing TestingTorNetwork "
4026 if (old
->DisableAllSwap
!= new_val
->DisableAllSwap
) {
4027 *msg
= tor_strdup("While Tor is running, changing DisableAllSwap "
4032 if (old
->TokenBucketRefillInterval
!= new_val
->TokenBucketRefillInterval
) {
4033 *msg
= tor_strdup("While Tor is running, changing TokenBucketRefill"
4034 "Interval is not allowed");
4038 if (old
->DisableIOCP
!= new_val
->DisableIOCP
) {
4039 *msg
= tor_strdup("While Tor is running, changing DisableIOCP "
4047 /** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
4048 * will require us to rotate the CPU and DNS workers; else return 0. */
4050 options_transition_affects_workers(const or_options_t
*old_options
,
4051 const or_options_t
*new_options
)
4053 if (!opt_streq(old_options
->DataDirectory
, new_options
->DataDirectory
) ||
4054 old_options
->NumCPUs
!= new_options
->NumCPUs
||
4055 old_options
->ORPort
!= new_options
->ORPort
||
4056 old_options
->ServerDNSSearchDomains
!=
4057 new_options
->ServerDNSSearchDomains
||
4058 old_options
->_SafeLogging
!= new_options
->_SafeLogging
||
4059 old_options
->ClientOnly
!= new_options
->ClientOnly
||
4060 public_server_mode(old_options
) != public_server_mode(new_options
) ||
4061 !config_lines_eq(old_options
->Logs
, new_options
->Logs
) ||
4062 old_options
->LogMessageDomains
!= new_options
->LogMessageDomains
)
4065 /* Check whether log options match. */
4067 /* Nothing that changed matters. */
4071 /** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
4072 * will require us to generate a new descriptor; else return 0. */
4074 options_transition_affects_descriptor(const or_options_t
*old_options
,
4075 const or_options_t
*new_options
)
4077 /* XXX We can be smarter here. If your DirPort isn't being
4078 * published and you just turned it off, no need to republish. Etc. */
4079 if (!opt_streq(old_options
->DataDirectory
, new_options
->DataDirectory
) ||
4080 !opt_streq(old_options
->Nickname
,new_options
->Nickname
) ||
4081 !opt_streq(old_options
->Address
,new_options
->Address
) ||
4082 !config_lines_eq(old_options
->ExitPolicy
,new_options
->ExitPolicy
) ||
4083 old_options
->ExitPolicyRejectPrivate
!=
4084 new_options
->ExitPolicyRejectPrivate
||
4085 old_options
->ORPort
!= new_options
->ORPort
||
4086 old_options
->DirPort
!= new_options
->DirPort
||
4087 old_options
->ClientOnly
!= new_options
->ClientOnly
||
4088 old_options
->_PublishServerDescriptor
!=
4089 new_options
->_PublishServerDescriptor
||
4090 get_effective_bwrate(old_options
) != get_effective_bwrate(new_options
) ||
4091 get_effective_bwburst(old_options
) !=
4092 get_effective_bwburst(new_options
) ||
4093 !opt_streq(old_options
->ContactInfo
, new_options
->ContactInfo
) ||
4094 !opt_streq(old_options
->MyFamily
, new_options
->MyFamily
) ||
4095 !opt_streq(old_options
->AccountingStart
, new_options
->AccountingStart
) ||
4096 old_options
->AccountingMax
!= new_options
->AccountingMax
||
4097 public_server_mode(old_options
) != public_server_mode(new_options
))
4104 /** Return the directory on windows where we expect to find our application
4107 get_windows_conf_root(void)
4109 static int is_set
= 0;
4110 static char path
[MAX_PATH
+1];
4111 TCHAR tpath
[MAX_PATH
] = {0};
4120 /* Find X:\documents and settings\username\application data\ .
4121 * We would use SHGetSpecialFolder path, but that wasn't added until IE4.
4123 #ifdef ENABLE_LOCAL_APPDATA
4124 #define APPDATA_PATH CSIDL_LOCAL_APPDATA
4126 #define APPDATA_PATH CSIDL_APPDATA
4128 if (!SUCCEEDED(SHGetSpecialFolderLocation(NULL
, APPDATA_PATH
, &idl
))) {
4129 getcwd(path
,MAX_PATH
);
4132 "I couldn't find your application data folder: are you "
4133 "running an ancient version of Windows 95? Defaulting to \"%s\"",
4137 /* Convert the path from an "ID List" (whatever that is!) to a path. */
4138 result
= SHGetPathFromIDList(idl
, tpath
);
4140 wcstombs(path
,tpath
,MAX_PATH
);
4142 strlcpy(path
,tpath
,sizeof(path
));
4145 /* Now we need to free the memory that the path-idl was stored in. In
4146 * typical Windows fashion, we can't just call 'free()' on it. */
4149 m
->lpVtbl
->Free(m
, idl
);
4150 m
->lpVtbl
->Release(m
);
4152 if (!SUCCEEDED(result
)) {
4155 strlcat(path
,"\\tor",MAX_PATH
);
4161 /** Return the default location for our torrc file. */
4163 get_default_conf_file(void)
4166 static char path
[MAX_PATH
+1];
4167 strlcpy(path
, get_windows_conf_root(), MAX_PATH
);
4168 strlcat(path
,"\\torrc",MAX_PATH
);
4171 return (CONFDIR
"/torrc");
4175 /** Verify whether lst is a string containing valid-looking comma-separated
4176 * nicknames, or NULL. Return 0 on success. Warn and return -1 on failure.
4179 check_nickname_list(const char *lst
, const char *name
, char **msg
)
4186 sl
= smartlist_create();
4188 smartlist_split_string(sl
, lst
, ",",
4189 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
|SPLIT_STRIP_SPACE
, 0);
4191 SMARTLIST_FOREACH(sl
, const char *, s
,
4193 if (!is_legal_nickname_or_hexdigest(s
)) {
4194 tor_asprintf(msg
, "Invalid nickname '%s' in %s line", s
, name
);
4199 SMARTLIST_FOREACH(sl
, char *, s
, tor_free(s
));
4204 /** Learn config file name from command line arguments, or use the default */
4206 find_torrc_filename(int argc
, char **argv
,
4207 int *using_default_torrc
, int *ignore_missing_torrc
)
4212 for (i
= 1; i
< argc
; ++i
) {
4213 if (i
< argc
-1 && !strcmp(argv
[i
],"-f")) {
4215 log(LOG_WARN
, LD_CONFIG
, "Duplicate -f options on command line.");
4218 fname
= expand_filename(argv
[i
+1]);
4219 *using_default_torrc
= 0;
4221 } else if (!strcmp(argv
[i
],"--ignore-missing-torrc")) {
4222 *ignore_missing_torrc
= 1;
4226 if (*using_default_torrc
) {
4227 /* didn't find one, try CONFDIR */
4228 const char *dflt
= get_default_conf_file();
4229 if (dflt
&& file_status(dflt
) == FN_FILE
) {
4230 fname
= tor_strdup(dflt
);
4234 fn
= expand_filename("~/.torrc");
4235 if (fn
&& file_status(fn
) == FN_FILE
) {
4239 fname
= tor_strdup(dflt
);
4242 fname
= tor_strdup(dflt
);
4249 /** Load torrc from disk, setting torrc_fname if successful */
4251 load_torrc_from_disk(int argc
, char **argv
)
4255 int using_default_torrc
= 1;
4256 int ignore_missing_torrc
= 0;
4258 fname
= find_torrc_filename(argc
, argv
,
4259 &using_default_torrc
, &ignore_missing_torrc
);
4261 log(LOG_DEBUG
, LD_CONFIG
, "Opening config file \"%s\"", fname
);
4263 tor_free(torrc_fname
);
4264 torrc_fname
= fname
;
4266 /* Open config file */
4267 if (file_status(fname
) != FN_FILE
||
4268 !(cf
= read_file_to_str(fname
,0,NULL
))) {
4269 if (using_default_torrc
== 1 || ignore_missing_torrc
) {
4270 log(LOG_NOTICE
, LD_CONFIG
, "Configuration file \"%s\" not present, "
4271 "using reasonable defaults.", fname
);
4272 tor_free(fname
); /* sets fname to NULL */
4274 cf
= tor_strdup("");
4276 log(LOG_WARN
, LD_CONFIG
,
4277 "Unable to open configuration file \"%s\".", fname
);
4281 log(LOG_NOTICE
, LD_CONFIG
, "Read configuration file \"%s\".", fname
);
4291 /** Read a configuration file into <b>options</b>, finding the configuration
4292 * file location based on the command line. After loading the file
4293 * call options_init_from_string() to load the config.
4294 * Return 0 if success, -1 if failure. */
4296 options_init_from_torrc(int argc
, char **argv
)
4299 int i
, retval
, command
;
4300 static char **backup_argv
;
4301 static int backup_argc
;
4302 char *command_arg
= NULL
;
4305 if (argv
) { /* first time we're called. save command line args */
4308 } else { /* we're reloading. need to clean up old options first. */
4312 if (argc
> 1 && (!strcmp(argv
[1], "-h") || !strcmp(argv
[1],"--help"))) {
4316 if (argc
> 1 && !strcmp(argv
[1], "--list-torrc-options")) {
4317 /* For documenting validating whether we've documented everything. */
4318 list_torrc_options();
4322 if (argc
> 1 && (!strcmp(argv
[1],"--version"))) {
4323 printf("Tor version %s.\n",get_version());
4326 if (argc
> 1 && (!strcmp(argv
[1],"--digests"))) {
4327 printf("Tor version %s.\n",get_version());
4328 printf("%s", libor_get_digests());
4329 printf("%s", tor_get_digests());
4333 /* Go through command-line variables */
4334 if (!global_cmdline_options
) {
4335 /* Or we could redo the list every time we pass this place.
4336 * It does not really matter */
4337 if (config_get_commandlines(argc
, argv
, &global_cmdline_options
) < 0) {
4342 command
= CMD_RUN_TOR
;
4343 for (i
= 1; i
< argc
; ++i
) {
4344 if (!strcmp(argv
[i
],"--list-fingerprint")) {
4345 command
= CMD_LIST_FINGERPRINT
;
4346 } else if (!strcmp(argv
[i
],"--hash-password")) {
4347 command
= CMD_HASH_PASSWORD
;
4348 command_arg
= tor_strdup( (i
< argc
-1) ? argv
[i
+1] : "");
4350 } else if (!strcmp(argv
[i
],"--verify-config")) {
4351 command
= CMD_VERIFY_CONFIG
;
4355 if (command
== CMD_HASH_PASSWORD
) {
4356 cf
= tor_strdup("");
4358 cf
= load_torrc_from_disk(argc
, argv
);
4363 retval
= options_init_from_string(cf
, command
, command_arg
, &errmsg
);
4372 log(LOG_WARN
,LD_CONFIG
,"%s", errmsg
);
4378 /** Load the options from the configuration in <b>cf</b>, validate
4379 * them for consistency and take actions based on them.
4381 * Return 0 if success, negative on error:
4382 * * -1 for general errors.
4383 * * -2 for failure to parse/validate,
4384 * * -3 for transition not allowed
4385 * * -4 for error while setting the new options
4388 options_init_from_string(const char *cf
,
4389 int command
, const char *command_arg
,
4392 or_options_t
*oldoptions
, *newoptions
;
4395 setopt_err_t err
= SETOPT_ERR_MISC
;
4398 oldoptions
= global_options
; /* get_options unfortunately asserts if
4399 this is the first time we run*/
4401 newoptions
= tor_malloc_zero(sizeof(or_options_t
));
4402 newoptions
->_magic
= OR_OPTIONS_MAGIC
;
4403 options_init(newoptions
);
4404 newoptions
->command
= command
;
4405 newoptions
->command_arg
= command_arg
;
4407 /* get config lines, assign them */
4408 retval
= config_get_lines(cf
, &cl
);
4410 err
= SETOPT_ERR_PARSE
;
4413 retval
= config_assign(&options_format
, newoptions
, cl
, 0, 0, msg
);
4414 config_free_lines(cl
);
4416 err
= SETOPT_ERR_PARSE
;
4420 /* Go through command-line variables too */
4421 retval
= config_assign(&options_format
, newoptions
,
4422 global_cmdline_options
, 0, 0, msg
);
4424 err
= SETOPT_ERR_PARSE
;
4428 /* If this is a testing network configuration, change defaults
4429 * for a list of dependent config options, re-initialize newoptions
4430 * with the new defaults, and assign all options to it second time. */
4431 if (newoptions
->TestingTorNetwork
) {
4432 /* XXXX this is a bit of a kludge. perhaps there's a better way to do
4433 * this? We could, for example, make the parsing algorithm do two passes
4434 * over the configuration. If it finds any "suite" options like
4435 * TestingTorNetwork, it could change the defaults before its second pass.
4436 * Not urgent so long as this seems to work, but at any sign of trouble,
4437 * let's clean it up. -NM */
4439 /* Change defaults. */
4441 for (i
= 0; testing_tor_network_defaults
[i
].name
; ++i
) {
4442 const config_var_t
*new_var
= &testing_tor_network_defaults
[i
];
4443 config_var_t
*old_var
=
4444 config_find_option_mutable(&options_format
, new_var
->name
);
4445 tor_assert(new_var
);
4446 tor_assert(old_var
);
4447 old_var
->initvalue
= new_var
->initvalue
;
4450 /* Clear newoptions and re-initialize them with new defaults. */
4451 config_free(&options_format
, newoptions
);
4452 newoptions
= tor_malloc_zero(sizeof(or_options_t
));
4453 newoptions
->_magic
= OR_OPTIONS_MAGIC
;
4454 options_init(newoptions
);
4455 newoptions
->command
= command
;
4456 newoptions
->command_arg
= command_arg
;
4458 /* Assign all options a second time. */
4459 retval
= config_get_lines(cf
, &cl
);
4461 err
= SETOPT_ERR_PARSE
;
4464 retval
= config_assign(&options_format
, newoptions
, cl
, 0, 0, msg
);
4465 config_free_lines(cl
);
4467 err
= SETOPT_ERR_PARSE
;
4470 retval
= config_assign(&options_format
, newoptions
,
4471 global_cmdline_options
, 0, 0, msg
);
4473 err
= SETOPT_ERR_PARSE
;
4478 /* Validate newoptions */
4479 if (options_validate(oldoptions
, newoptions
, 0, msg
) < 0) {
4480 err
= SETOPT_ERR_PARSE
; /*XXX make this a separate return value.*/
4484 if (options_transition_allowed(oldoptions
, newoptions
, msg
) < 0) {
4485 err
= SETOPT_ERR_TRANSITION
;
4489 if (set_options(newoptions
, msg
)) {
4490 err
= SETOPT_ERR_SETTING
;
4491 goto err
; /* frees and replaces old options */
4497 config_free(&options_format
, newoptions
);
4499 char *old_msg
= *msg
;
4500 tor_asprintf(msg
, "Failed to parse/validate config: %s", old_msg
);
4506 /** Return the location for our configuration file.
4509 get_torrc_fname(void)
4514 return get_default_conf_file();
4517 /** Adjust the address map based on the MapAddress elements in the
4518 * configuration <b>options</b>
4521 config_register_addressmaps(const or_options_t
*options
)
4527 addressmap_clear_configured();
4528 elts
= smartlist_create();
4529 for (opt
= options
->AddressMap
; opt
; opt
= opt
->next
) {
4530 smartlist_split_string(elts
, opt
->value
, NULL
,
4531 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 2);
4532 if (smartlist_len(elts
) >= 2) {
4533 from
= smartlist_get(elts
,0);
4534 to
= smartlist_get(elts
,1);
4535 if (address_is_invalid_destination(to
, 1)) {
4537 "Skipping invalid argument '%s' to MapAddress", to
);
4539 addressmap_register(from
, tor_strdup(to
), 0, ADDRMAPSRC_TORRC
);
4540 if (smartlist_len(elts
)>2) {
4541 log_warn(LD_CONFIG
,"Ignoring extra arguments to MapAddress.");
4545 log_warn(LD_CONFIG
,"MapAddress '%s' has too few arguments. Ignoring.",
4548 SMARTLIST_FOREACH(elts
, char*, cp
, tor_free(cp
));
4549 smartlist_clear(elts
);
4551 smartlist_free(elts
);
4555 * Initialize the logs based on the configuration file.
4558 options_init_logs(or_options_t
*options
, int validate_only
)
4567 options
->RunAsDaemon
;
4570 if (options
->LogTimeGranularity
<= 0) {
4571 log_warn(LD_CONFIG
, "Log time granularity '%d' has to be positive.",
4572 options
->LogTimeGranularity
);
4574 } else if (1000 % options
->LogTimeGranularity
!= 0 &&
4575 options
->LogTimeGranularity
% 1000 != 0) {
4576 int granularity
= options
->LogTimeGranularity
;
4577 if (granularity
< 40) {
4579 while (1000 % granularity
!= 0);
4580 } else if (granularity
< 1000) {
4581 granularity
= 1000 / granularity
;
4582 while (1000 % granularity
!= 0)
4584 granularity
= 1000 / granularity
;
4586 granularity
= 1000 * ((granularity
/ 1000) + 1);
4588 log_warn(LD_CONFIG
, "Log time granularity '%d' has to be either a "
4589 "divisor or a multiple of 1 second. Changing to "
4591 options
->LogTimeGranularity
, granularity
);
4593 set_log_time_granularity(granularity
);
4596 set_log_time_granularity(options
->LogTimeGranularity
);
4600 elts
= smartlist_create();
4602 for (opt
= options
->Logs
; opt
; opt
= opt
->next
) {
4603 log_severity_list_t
*severity
;
4604 const char *cfg
= opt
->value
;
4605 severity
= tor_malloc_zero(sizeof(log_severity_list_t
));
4606 if (parse_log_severity_config(&cfg
, severity
) < 0) {
4607 log_warn(LD_CONFIG
, "Couldn't parse log levels in Log option 'Log %s'",
4609 ok
= 0; goto cleanup
;
4612 smartlist_split_string(elts
, cfg
, NULL
,
4613 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 2);
4615 if (smartlist_len(elts
) == 0)
4616 smartlist_add(elts
, tor_strdup("stdout"));
4618 if (smartlist_len(elts
) == 1 &&
4619 (!strcasecmp(smartlist_get(elts
,0), "stdout") ||
4620 !strcasecmp(smartlist_get(elts
,0), "stderr"))) {
4621 int err
= smartlist_len(elts
) &&
4622 !strcasecmp(smartlist_get(elts
,0), "stderr");
4623 if (!validate_only
) {
4626 "Can't log to %s with RunAsDaemon set; skipping stdout",
4627 err
?"stderr":"stdout");
4629 add_stream_log(severity
, err
?"<stderr>":"<stdout>",
4630 fileno(err
?stderr
:stdout
));
4635 if (smartlist_len(elts
) == 1 &&
4636 !strcasecmp(smartlist_get(elts
,0), "syslog")) {
4637 #ifdef HAVE_SYSLOG_H
4638 if (!validate_only
) {
4639 add_syslog_log(severity
);
4642 log_warn(LD_CONFIG
, "Syslog is not supported on this system. Sorry.");
4647 if (smartlist_len(elts
) == 2 &&
4648 !strcasecmp(smartlist_get(elts
,0), "file")) {
4649 if (!validate_only
) {
4650 char *fname
= expand_filename(smartlist_get(elts
, 1));
4651 if (add_file_log(severity
, fname
) < 0) {
4652 log_warn(LD_CONFIG
, "Couldn't open file for 'Log %s': %s",
4653 opt
->value
, strerror(errno
));
4661 log_warn(LD_CONFIG
, "Bad syntax on file Log option 'Log %s'",
4663 ok
= 0; goto cleanup
;
4666 SMARTLIST_FOREACH(elts
, char*, cp
, tor_free(cp
));
4667 smartlist_clear(elts
);
4670 smartlist_free(elts
);
4672 if (ok
&& !validate_only
)
4673 logs_set_domain_logging(options
->LogMessageDomains
);
4678 /** Read the contents of a Bridge line from <b>line</b>. Return 0
4679 * if the line is well-formed, and -1 if it isn't. If
4680 * <b>validate_only</b> is 0, and the line is well-formed, then add
4681 * the bridge described in the line to our internal bridge list. */
4683 parse_bridge_line(const char *line
, int validate_only
)
4685 smartlist_t
*items
= NULL
;
4687 char *addrport
=NULL
, *fingerprint
=NULL
;
4688 char *transport_name
=NULL
;
4692 char digest
[DIGEST_LEN
];
4694 items
= smartlist_create();
4695 smartlist_split_string(items
, line
, NULL
,
4696 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, -1);
4697 if (smartlist_len(items
) < 1) {
4698 log_warn(LD_CONFIG
, "Too few arguments to Bridge line.");
4702 /* field1 is either a transport name or addrport */
4703 field1
= smartlist_get(items
, 0);
4704 smartlist_del_keeporder(items
, 0);
4706 if (!(strstr(field1
, ".") || strstr(field1
, ":"))) {
4707 /* new-style bridge line */
4708 transport_name
= field1
;
4709 if (smartlist_len(items
) < 1) {
4710 log_warn(LD_CONFIG
, "Too few items to Bridge line.");
4713 addrport
= smartlist_get(items
, 0);
4714 smartlist_del_keeporder(items
, 0);
4719 if (tor_addr_port_lookup(addrport
, &addr
, &port
)<0) {
4720 log_warn(LD_CONFIG
, "Error parsing Bridge address '%s'", addrport
);
4725 "Bridge address '%s' has no port; using default port 443.",
4730 if (smartlist_len(items
)) {
4731 fingerprint
= smartlist_join_strings(items
, "", 0, NULL
);
4732 if (strlen(fingerprint
) != HEX_DIGEST_LEN
) {
4733 log_warn(LD_CONFIG
, "Key digest for Bridge is wrong length.");
4736 if (base16_decode(digest
, DIGEST_LEN
, fingerprint
, HEX_DIGEST_LEN
)<0) {
4737 log_warn(LD_CONFIG
, "Unable to decode Bridge key digest.");
4742 if (!validate_only
) {
4743 log_debug(LD_DIR
, "Bridge at %s:%d (transport: %s) (%s)",
4744 fmt_addr(&addr
), (int)port
,
4745 transport_name
? transport_name
: "no transport",
4746 fingerprint
? fingerprint
: "no key listed");
4747 bridge_add_from_config(&addr
, port
,
4748 fingerprint
? digest
: NULL
, transport_name
);
4758 SMARTLIST_FOREACH(items
, char*, s
, tor_free(s
));
4759 smartlist_free(items
);
4761 tor_free(transport_name
);
4762 tor_free(fingerprint
);
4766 /** Read the contents of a ClientTransportPlugin line from
4767 * <b>line</b>. Return 0 if the line is well-formed, and -1 if it
4770 * If <b>validate_only</b> is 0, and the line is well-formed:
4771 * - If it's an external proxy line, add the transport described in the line to
4772 * our internal transport list.
4773 * - If it's a managed proxy line, launch the managed proxy. */
4775 parse_client_transport_line(const char *line
, int validate_only
)
4777 smartlist_t
*items
= NULL
;
4781 const char *transports
=NULL
;
4782 smartlist_t
*transport_list
=NULL
;
4783 char *addrport
=NULL
;
4786 int socks_ver
=PROXY_NONE
;
4788 /* managed proxy options */
4790 char **proxy_argv
=NULL
;
4796 items
= smartlist_create();
4797 smartlist_split_string(items
, line
, NULL
,
4798 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, -1);
4800 line_length
= smartlist_len(items
);
4801 if (line_length
< 3) {
4802 log_warn(LD_CONFIG
, "Too few arguments on ClientTransportPlugin line.");
4806 /* Get the first line element, split it to commas into
4807 transport_list (in case it's multiple transports) and validate
4808 the transport names. */
4809 transports
= smartlist_get(items
, 0);
4810 transport_list
= smartlist_create();
4811 smartlist_split_string(transport_list
, transports
, ",",
4812 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
4813 SMARTLIST_FOREACH_BEGIN(transport_list
, const char *, transport_name
) {
4814 if (!string_is_C_identifier(transport_name
)) {
4815 log_warn(LD_CONFIG
, "Transport name is not a C identifier (%s).",
4819 } SMARTLIST_FOREACH_END(transport_name
);
4821 /* field2 is either a SOCKS version or "exec" */
4822 field2
= smartlist_get(items
, 1);
4824 if (!strcmp(field2
,"socks4")) {
4825 socks_ver
= PROXY_SOCKS4
;
4826 } else if (!strcmp(field2
,"socks5")) {
4827 socks_ver
= PROXY_SOCKS5
;
4828 } else if (!strcmp(field2
,"exec")) {
4831 log_warn(LD_CONFIG
, "Strange ClientTransportPlugin field '%s'.",
4836 if (is_managed
) { /* managed */
4837 if (!validate_only
) { /* if we are not just validating, use the
4838 rest of the line as the argv of the proxy
4840 proxy_argc
= line_length
-2;
4841 tor_assert(proxy_argc
> 0);
4842 proxy_argv
= tor_malloc_zero(sizeof(char*)*(proxy_argc
+1));
4844 for (i
=0;i
<proxy_argc
;i
++) { /* store arguments */
4845 *tmp
++ = smartlist_get(items
, 2);
4846 smartlist_del_keeporder(items
, 2);
4848 *tmp
= NULL
; /*terminated with NUL pointer, just like execve() likes it*/
4850 /* kickstart the thing */
4851 pt_kickstart_client_proxy(transport_list
, proxy_argv
);
4853 } else { /* external */
4854 if (smartlist_len(transport_list
) != 1) {
4855 log_warn(LD_CONFIG
, "You can't have an external proxy with "
4856 "more than one transports.");
4860 addrport
= smartlist_get(items
, 2);
4862 if (tor_addr_port_lookup(addrport
, &addr
, &port
)<0) {
4863 log_warn(LD_CONFIG
, "Error parsing transport "
4864 "address '%s'", addrport
);
4869 "Transport address '%s' has no port.", addrport
);
4873 if (!validate_only
) {
4874 transport_add_from_config(&addr
, port
, smartlist_get(transport_list
, 0),
4877 log_info(LD_DIR
, "Transport '%s' found at %s:%d",
4878 transports
, fmt_addr(&addr
), (int)port
);
4889 SMARTLIST_FOREACH(items
, char*, s
, tor_free(s
));
4890 smartlist_free(items
);
4891 if (transport_list
) {
4892 SMARTLIST_FOREACH(transport_list
, char*, s
, tor_free(s
));
4893 smartlist_free(transport_list
);
4899 /** Read the contents of a ServerTransportPlugin line from
4900 * <b>line</b>. Return 0 if the line is well-formed, and -1 if it
4902 * If <b>validate_only</b> is 0, the line is well-formed, and it's a
4903 * managed proxy line, launch the managed proxy. */
4905 parse_server_transport_line(const char *line
, int validate_only
)
4907 smartlist_t
*items
= NULL
;
4909 const char *transports
=NULL
;
4910 smartlist_t
*transport_list
=NULL
;
4912 char *addrport
=NULL
;
4916 /* managed proxy options */
4918 char **proxy_argv
=NULL
;
4924 items
= smartlist_create();
4925 smartlist_split_string(items
, line
, NULL
,
4926 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, -1);
4928 line_length
= smartlist_len(items
);
4929 if (line_length
< 3) {
4930 log_warn(LD_CONFIG
, "Too few arguments on ServerTransportPlugin line.");
4934 /* Get the first line element, split it to commas into
4935 transport_list (in case it's multiple transports) and validate
4936 the transport names. */
4937 transports
= smartlist_get(items
, 0);
4938 transport_list
= smartlist_create();
4939 smartlist_split_string(transport_list
, transports
, ",",
4940 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
4941 SMARTLIST_FOREACH_BEGIN(transport_list
, const char *, transport_name
) {
4942 if (!string_is_C_identifier(transport_name
)) {
4943 log_warn(LD_CONFIG
, "Transport name is not a C identifier (%s).",
4947 } SMARTLIST_FOREACH_END(transport_name
);
4949 type
= smartlist_get(items
, 1);
4951 if (!strcmp(type
, "exec")) {
4953 } else if (!strcmp(type
, "proxy")) {
4956 log_warn(LD_CONFIG
, "Strange ServerTransportPlugin type '%s'", type
);
4960 if (is_managed
) { /* managed */
4961 if (!validate_only
) {
4962 proxy_argc
= line_length
-2;
4963 tor_assert(proxy_argc
> 0);
4964 proxy_argv
= tor_malloc_zero(sizeof(char*)*(proxy_argc
+1));
4967 for (i
=0;i
<proxy_argc
;i
++) { /* store arguments */
4968 *tmp
++ = smartlist_get(items
, 2);
4969 smartlist_del_keeporder(items
, 2);
4971 *tmp
= NULL
; /*terminated with NUL pointer, just like execve() likes it*/
4973 /* kickstart the thing */
4974 pt_kickstart_server_proxy(transport_list
, proxy_argv
);
4976 } else { /* external */
4977 if (smartlist_len(transport_list
) != 1) {
4978 log_warn(LD_CONFIG
, "You can't have an external proxy with "
4979 "more than one transports.");
4983 addrport
= smartlist_get(items
, 2);
4985 if (tor_addr_port_lookup(addrport
, &addr
, &port
)<0) {
4986 log_warn(LD_CONFIG
, "Error parsing transport "
4987 "address '%s'", addrport
);
4992 "Transport address '%s' has no port.", addrport
);
4996 if (!validate_only
) {
4997 log_info(LD_DIR
, "Server transport '%s' at %s:%d.",
4998 transports
, fmt_addr(&addr
), (int)port
);
5009 SMARTLIST_FOREACH(items
, char*, s
, tor_free(s
));
5010 smartlist_free(items
);
5011 if (transport_list
) {
5012 SMARTLIST_FOREACH(transport_list
, char*, s
, tor_free(s
));
5013 smartlist_free(transport_list
);
5019 /** Read the contents of a DirServer line from <b>line</b>. If
5020 * <b>validate_only</b> is 0, and the line is well-formed, and it
5021 * shares any bits with <b>required_type</b> or <b>required_type</b>
5022 * is 0, then add the dirserver described in the line (minus whatever
5023 * bits it's missing) as a valid authority. Return 0 on success,
5024 * or -1 if the line isn't well-formed or if we can't add it. */
5026 parse_dir_server_line(const char *line
, dirinfo_type_t required_type
,
5029 smartlist_t
*items
= NULL
;
5031 char *addrport
=NULL
, *address
=NULL
, *nickname
=NULL
, *fingerprint
=NULL
;
5032 uint16_t dir_port
= 0, or_port
= 0;
5033 char digest
[DIGEST_LEN
];
5034 char v3_digest
[DIGEST_LEN
];
5035 dirinfo_type_t type
= V2_DIRINFO
;
5036 int is_not_hidserv_authority
= 0, is_not_v2_authority
= 0;
5038 items
= smartlist_create();
5039 smartlist_split_string(items
, line
, NULL
,
5040 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, -1);
5041 if (smartlist_len(items
) < 1) {
5042 log_warn(LD_CONFIG
, "No arguments on DirServer line.");
5046 if (is_legal_nickname(smartlist_get(items
, 0))) {
5047 nickname
= smartlist_get(items
, 0);
5048 smartlist_del_keeporder(items
, 0);
5051 while (smartlist_len(items
)) {
5052 char *flag
= smartlist_get(items
, 0);
5053 if (TOR_ISDIGIT(flag
[0]))
5055 if (!strcasecmp(flag
, "v1")) {
5056 type
|= (V1_DIRINFO
| HIDSERV_DIRINFO
);
5057 } else if (!strcasecmp(flag
, "hs")) {
5058 type
|= HIDSERV_DIRINFO
;
5059 } else if (!strcasecmp(flag
, "no-hs")) {
5060 is_not_hidserv_authority
= 1;
5061 } else if (!strcasecmp(flag
, "bridge")) {
5062 type
|= BRIDGE_DIRINFO
;
5063 } else if (!strcasecmp(flag
, "no-v2")) {
5064 is_not_v2_authority
= 1;
5065 } else if (!strcasecmpstart(flag
, "orport=")) {
5067 char *portstring
= flag
+ strlen("orport=");
5068 or_port
= (uint16_t) tor_parse_long(portstring
, 10, 1, 65535, &ok
, NULL
);
5070 log_warn(LD_CONFIG
, "Invalid orport '%s' on DirServer line.",
5072 } else if (!strcasecmpstart(flag
, "v3ident=")) {
5073 char *idstr
= flag
+ strlen("v3ident=");
5074 if (strlen(idstr
) != HEX_DIGEST_LEN
||
5075 base16_decode(v3_digest
, DIGEST_LEN
, idstr
, HEX_DIGEST_LEN
)<0) {
5076 log_warn(LD_CONFIG
, "Bad v3 identity digest '%s' on DirServer line",
5079 type
|= V3_DIRINFO
|EXTRAINFO_DIRINFO
|MICRODESC_DIRINFO
;
5082 log_warn(LD_CONFIG
, "Unrecognized flag '%s' on DirServer line",
5086 smartlist_del_keeporder(items
, 0);
5088 if (is_not_hidserv_authority
)
5089 type
&= ~HIDSERV_DIRINFO
;
5090 if (is_not_v2_authority
)
5091 type
&= ~V2_DIRINFO
;
5093 if (smartlist_len(items
) < 2) {
5094 log_warn(LD_CONFIG
, "Too few arguments to DirServer line.");
5097 addrport
= smartlist_get(items
, 0);
5098 smartlist_del_keeporder(items
, 0);
5099 if (addr_port_lookup(LOG_WARN
, addrport
, &address
, NULL
, &dir_port
)<0) {
5100 log_warn(LD_CONFIG
, "Error parsing DirServer address '%s'", addrport
);
5104 log_warn(LD_CONFIG
, "Missing port in DirServer address '%s'",addrport
);
5108 fingerprint
= smartlist_join_strings(items
, "", 0, NULL
);
5109 if (strlen(fingerprint
) != HEX_DIGEST_LEN
) {
5110 log_warn(LD_CONFIG
, "Key digest for DirServer is wrong length %d.",
5111 (int)strlen(fingerprint
));
5114 if (!strcmp(fingerprint
, "E623F7625FBE0C87820F11EC5F6D5377ED816294")) {
5115 /* a known bad fingerprint. refuse to use it. We can remove this
5116 * clause once Tor 0.1.2.17 is obsolete. */
5117 log_warn(LD_CONFIG
, "Dangerous dirserver line. To correct, erase your "
5118 "torrc file (%s), or reinstall Tor and use the default torrc.",
5122 if (base16_decode(digest
, DIGEST_LEN
, fingerprint
, HEX_DIGEST_LEN
)<0) {
5123 log_warn(LD_CONFIG
, "Unable to decode DirServer key digest.");
5127 if (!validate_only
&& (!required_type
|| required_type
& type
)) {
5129 type
&= required_type
; /* pare down what we think of them as an
5131 log_debug(LD_DIR
, "Trusted %d dirserver at %s:%d (%s)", (int)type
,
5132 address
, (int)dir_port
, (char*)smartlist_get(items
,0));
5133 if (!add_trusted_dir_server(nickname
, address
, dir_port
, or_port
,
5134 digest
, v3_digest
, type
))
5145 SMARTLIST_FOREACH(items
, char*, s
, tor_free(s
));
5146 smartlist_free(items
);
5150 tor_free(fingerprint
);
5154 /** Free all storage held in <b>port</b> */
5156 port_cfg_free(port_cfg_t
*port
)
5161 /** Warn for every port in <b>ports</b> that is on a publicly routable
5164 warn_nonlocal_client_ports(const smartlist_t
*ports
, const char *portname
)
5166 SMARTLIST_FOREACH_BEGIN(ports
, const port_cfg_t
*, port
) {
5167 if (port
->is_unix_addr
) {
5168 /* Unix sockets aren't accessible over a network. */
5169 } else if (!tor_addr_is_internal(&port
->addr
, 1)) {
5170 log_warn(LD_CONFIG
, "You specified a public address for %sPort. "
5171 "Other people on the Internet might find your computer and "
5172 "use it as an open proxy. Please don't allow this unless you "
5173 "have a good reason.", portname
);
5174 } else if (!tor_addr_is_loopback(&port
->addr
)) {
5175 log_notice(LD_CONFIG
, "You configured a non-loopback address for "
5176 "%sPort. This allows everybody on your local network to use "
5177 "your machine as a proxy. Make sure this is what you wanted.",
5180 } SMARTLIST_FOREACH_END(port
);
5183 #define CL_PORT_NO_OPTIONS (1u<<0)
5184 #define CL_PORT_WARN_NONLOCAL (1u<<1)
5185 #define CL_PORT_ALLOW_EXTRA_LISTENADDR (1u<<2)
5188 * Parse port configuration for a single client port type.
5190 * Read entries of the "FooPort" type from the list <b>ports</b>, and
5191 * entries of the "FooListenAddress" type from the list
5192 * <b>listenaddrs</b>. Two syntaxes are supported: a legacy syntax
5193 * where FooPort is at most a single entry containing a port number and
5194 * where FooListenAddress has any number of address:port combinations;
5195 * and a new syntax where there are no FooListenAddress entries and
5196 * where FooPort can have any number of entries of the format
5197 * "[Address:][Port] IsolationOptions".
5199 * In log messages, describe the port type as <b>portname</b>.
5201 * If no address is specified, default to <b>defaultaddr</b>. If no
5202 * FooPort is given, default to defaultport (if 0, there is no default).
5204 * If CL_PORT_NO_OPTIONS is set in <b>flags</b>, do not allow stream
5205 * isolation options in the FooPort entries.
5207 * If CL_PORT_WARN_NONLOCAL is set in <b>flags</b>, warn if any of the
5208 * ports are not on a local address.
5210 * Unless CL_PORT_ALLOW_EXTRA_LISTENADDR is set in <b>flags</b>, warn
5211 * if FooListenAddress is set but FooPort is 0.
5213 * On success, if <b>out</b> is given, add a new port_cfg_t entry to
5214 * <b>out</b> for every port that the client should listen on. Return 0
5215 * on success, -1 on failure.
5218 parse_client_port_config(smartlist_t
*out
,
5219 const config_line_t
*ports
,
5220 const config_line_t
*listenaddrs
,
5221 const char *portname
,
5223 const char *defaultaddr
,
5229 const unsigned allow_client_options
= !(flags
& CL_PORT_NO_OPTIONS
);
5230 const unsigned warn_nonlocal
= flags
& CL_PORT_WARN_NONLOCAL
;
5231 const unsigned allow_spurious_listenaddr
=
5232 flags
& CL_PORT_ALLOW_EXTRA_LISTENADDR
;
5234 /* FooListenAddress is deprecated; let's make it work like it used to work,
5237 int mainport
= defaultport
;
5239 if (ports
&& ports
->next
) {
5240 log_warn(LD_CONFIG
, "%sListenAddress can't be used when there are "
5241 "multiple %sPort lines", portname
, portname
);
5244 if (!strcmp(ports
->value
, "auto")) {
5245 mainport
= CFG_AUTO_PORT
;
5248 mainport
= (int)tor_parse_long(ports
->value
, 10, 0, 65535, &ok
, NULL
);
5250 log_warn(LD_CONFIG
, "%sListenAddress can only be used with a single "
5251 "%sPort with value \"auto\" or 1-65535.",
5252 portname
, portname
);
5258 if (mainport
== 0) {
5259 if (allow_spurious_listenaddr
)
5261 log_warn(LD_CONFIG
, "%sPort must be defined if %sListenAddress is used",
5262 portname
, portname
);
5266 for (; listenaddrs
; listenaddrs
= listenaddrs
->next
) {
5269 if (tor_addr_port_lookup(listenaddrs
->value
, &addr
, &port
) < 0) {
5270 log_warn(LD_CONFIG
, "Unable to parse %sListenAddress '%s'",
5271 portname
, listenaddrs
->value
);
5275 port_cfg_t
*cfg
= tor_malloc_zero(sizeof(port_cfg_t
));
5276 cfg
->type
= listener_type
;
5277 cfg
->port
= port
? port
: mainport
;
5278 tor_addr_copy(&cfg
->addr
, &addr
);
5279 cfg
->session_group
= SESSION_GROUP_UNSET
;
5280 cfg
->isolation_flags
= ISO_DEFAULT
;
5281 smartlist_add(out
, cfg
);
5285 if (warn_nonlocal
&& out
)
5286 warn_nonlocal_client_ports(out
, portname
);
5288 } /* end if (listenaddrs) */
5290 /* No ListenAddress lines. If there's no FooPort, then maybe make a default
5293 if (defaultport
&& out
) {
5294 port_cfg_t
*cfg
= tor_malloc_zero(sizeof(port_cfg_t
));
5295 cfg
->type
= listener_type
;
5296 cfg
->port
= defaultport
;
5297 tor_addr_parse(&cfg
->addr
, defaultaddr
);
5298 cfg
->session_group
= SESSION_GROUP_UNSET
;
5299 cfg
->isolation_flags
= ISO_DEFAULT
;
5300 smartlist_add(out
, cfg
);
5305 /* At last we can actually parse the FooPort lines. The syntax is:
5306 * [Addr:](Port|auto) [Options].*/
5307 elts
= smartlist_create();
5309 for (; ports
; ports
= ports
->next
) {
5312 int sessiongroup
= SESSION_GROUP_UNSET
;
5313 unsigned isolation
= ISO_DEFAULT
;
5319 smartlist_split_string(elts
, ports
->value
, NULL
,
5320 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
5321 if (smartlist_len(elts
) == 0) {
5322 log_warn(LD_CONFIG
, "Invalid %sPort line with no value", portname
);
5326 if (!allow_client_options
&& smartlist_len(elts
) > 1) {
5327 log_warn(LD_CONFIG
, "Too many options on %sPort line", portname
);
5331 /* Now parse the addr/port value */
5332 addrport
= smartlist_get(elts
, 0);
5333 if (!strcmp(addrport
, "auto")) {
5334 port
= CFG_AUTO_PORT
;
5335 tor_addr_parse(&addr
, defaultaddr
);
5336 } else if (!strcasecmpend(addrport
, ":auto")) {
5337 char *addrtmp
= tor_strndup(addrport
, strlen(addrport
)-5);
5338 port
= CFG_AUTO_PORT
;
5339 if (tor_addr_port_lookup(addrtmp
, &addr
, &ptmp
)<0 || ptmp
) {
5340 log_warn(LD_CONFIG
, "Invalid address '%s' for %sPort",
5341 escaped(addrport
), portname
);
5346 /* Try parsing integer port before address, because, who knows?
5347 "9050" might be a valid address. */
5348 port
= (int) tor_parse_long(addrport
, 10, 0, 65535, &ok
, NULL
);
5350 tor_addr_parse(&addr
, defaultaddr
);
5351 } else if (tor_addr_port_lookup(addrport
, &addr
, &ptmp
) == 0) {
5353 log_warn(LD_CONFIG
, "%sPort line has address but no port", portname
);
5358 log_warn(LD_CONFIG
, "Couldn't parse address '%s' for %sPort",
5359 escaped(addrport
), portname
);
5364 /* Now parse the rest of the options, if any. */
5365 SMARTLIST_FOREACH_BEGIN(elts
, char *, elt
) {
5366 int no
= 0, isoflag
= 0;
5367 const char *elt_orig
= elt
;
5368 if (elt_sl_idx
== 0)
5369 continue; /* Skip addr:port */
5370 if (!strcasecmpstart(elt
, "SessionGroup=")) {
5371 int group
= (int)tor_parse_long(elt
+strlen("SessionGroup="),
5372 10, 0, INT_MAX
, &ok
, NULL
);
5374 log_warn(LD_CONFIG
, "Invalid %sPort option '%s'",
5375 portname
, escaped(elt
));
5378 if (sessiongroup
>= 0) {
5379 log_warn(LD_CONFIG
, "Multiple SessionGroup options on %sPort",
5383 sessiongroup
= group
;
5387 if (!strcasecmpstart(elt
, "No")) {
5391 if (!strcasecmpend(elt
, "s"))
5392 elt
[strlen(elt
)-1] = '\0'; /* kill plurals. */
5394 if (!strcasecmp(elt
, "IsolateDestPort")) {
5395 isoflag
= ISO_DESTPORT
;
5396 } else if (!strcasecmp(elt
, "IsolateDestAddr")) {
5397 isoflag
= ISO_DESTADDR
;
5398 } else if (!strcasecmp(elt
, "IsolateSOCKSAuth")) {
5399 isoflag
= ISO_SOCKSAUTH
;
5400 } else if (!strcasecmp(elt
, "IsolateClientProtocol")) {
5401 isoflag
= ISO_CLIENTPROTO
;
5402 } else if (!strcasecmp(elt
, "IsolateClientAddr")) {
5403 isoflag
= ISO_CLIENTADDR
;
5405 log_warn(LD_CONFIG
, "Unrecognized %sPort option '%s'",
5406 portname
, escaped(elt_orig
));
5410 isolation
&= ~isoflag
;
5412 isolation
|= isoflag
;
5414 } SMARTLIST_FOREACH_END(elt
);
5417 port_cfg_t
*cfg
= tor_malloc_zero(sizeof(port_cfg_t
));
5418 cfg
->type
= listener_type
;
5420 tor_addr_copy(&cfg
->addr
, &addr
);
5421 cfg
->session_group
= sessiongroup
;
5422 cfg
->isolation_flags
= isolation
;
5423 smartlist_add(out
, cfg
);
5425 SMARTLIST_FOREACH(elts
, char *, cp
, tor_free(cp
));
5426 smartlist_clear(elts
);
5429 if (warn_nonlocal
&& out
)
5430 warn_nonlocal_client_ports(out
, portname
);
5434 SMARTLIST_FOREACH(elts
, char *, cp
, tor_free(cp
));
5435 smartlist_free(elts
);
5439 /** Parse all client port types (Socks, DNS, Trans, NATD) from
5440 * <b>options</b>. On success, set *<b>n_ports_out</b> to the number of
5441 * ports that are listed and return 0. On failure, set *<b>msg</b> to a
5442 * description of the problem and return -1.
5444 * If <b>validate_only</b> is false, set configured_client_ports to the
5445 * new list of ports parsed from <b>options</b>.
5448 parse_client_ports(const or_options_t
*options
, int validate_only
,
5449 char **msg
, int *n_ports_out
)
5454 ports
= smartlist_create();
5458 if (parse_client_port_config(ports
,
5459 options
->SocksPort
, options
->SocksListenAddress
,
5460 "Socks", CONN_TYPE_AP_LISTENER
,
5462 CL_PORT_WARN_NONLOCAL
|CL_PORT_ALLOW_EXTRA_LISTENADDR
) < 0) {
5463 *msg
= tor_strdup("Invalid SocksPort/SocksListenAddress configuration");
5466 if (parse_client_port_config(ports
,
5467 options
->DNSPort
, options
->DNSListenAddress
,
5468 "DNS", CONN_TYPE_AP_DNS_LISTENER
,
5470 CL_PORT_WARN_NONLOCAL
) < 0) {
5471 *msg
= tor_strdup("Invalid DNSPort/DNSListenAddress configuration");
5474 if (parse_client_port_config(ports
,
5475 options
->TransPort
, options
->TransListenAddress
,
5476 "Trans", CONN_TYPE_AP_TRANS_LISTENER
,
5478 CL_PORT_WARN_NONLOCAL
) < 0) {
5479 *msg
= tor_strdup("Invalid TransPort/TransListenAddress configuration");
5482 if (parse_client_port_config(ports
,
5483 options
->NATDPort
, options
->NATDListenAddress
,
5484 "NATD", CONN_TYPE_AP_NATD_LISTENER
,
5486 CL_PORT_WARN_NONLOCAL
) < 0) {
5487 *msg
= tor_strdup("Invalid NatdPort/NatdListenAddress configuration");
5491 *n_ports_out
= smartlist_len(ports
);
5493 if (!validate_only
) {
5494 if (configured_client_ports
) {
5495 SMARTLIST_FOREACH(configured_client_ports
,
5496 port_cfg_t
*, p
, port_cfg_free(p
));
5497 smartlist_free(configured_client_ports
);
5499 configured_client_ports
= ports
;
5500 ports
= NULL
; /* prevent free below. */
5506 SMARTLIST_FOREACH(ports
, port_cfg_t
*, p
, port_cfg_free(p
));
5507 smartlist_free(ports
);
5512 /** Return a list of port_cfg_t for client ports parsed from the
5515 get_configured_client_ports(void)
5517 if (!configured_client_ports
)
5518 configured_client_ports
= smartlist_create();
5519 return configured_client_ports
;
5522 /** Adjust the value of options->DataDirectory, or fill it in if it's
5523 * absent. Return 0 on success, -1 on failure. */
5525 normalize_data_directory(or_options_t
*options
)
5529 if (options
->DataDirectory
)
5530 return 0; /* all set */
5531 p
= tor_malloc(MAX_PATH
);
5532 strlcpy(p
,get_windows_conf_root(),MAX_PATH
);
5533 options
->DataDirectory
= p
;
5536 const char *d
= options
->DataDirectory
;
5540 if (strncmp(d
,"~/",2) == 0) {
5541 char *fn
= expand_filename(d
);
5543 log_warn(LD_CONFIG
,"Failed to expand filename \"%s\".", d
);
5546 if (!options
->DataDirectory
&& !strcmp(fn
,"/.tor")) {
5547 /* If our homedir is /, we probably don't want to use it. */
5548 /* Default to LOCALSTATEDIR/tor which is probably closer to what we
5551 "Default DataDirectory is \"~/.tor\". This expands to "
5552 "\"%s\", which is probably not what you want. Using "
5553 "\"%s"PATH_SEPARATOR
"tor\" instead
", fn, LOCALSTATEDIR);
5555 fn = tor_strdup(LOCALSTATEDIR PATH_SEPARATOR "tor
");
5557 tor_free(options->DataDirectory);
5558 options->DataDirectory = fn;
5564 /** Check and normalize the value of options->DataDirectory; return 0 if it
5565 * is sane, -1 otherwise. */
5567 validate_data_directory(or_options_t *options)
5569 if (normalize_data_directory(options) < 0)
5571 tor_assert(options->DataDirectory);
5572 if (strlen(options->DataDirectory) > (512-128)) {
5573 log_warn(LD_CONFIG, "DataDirectory is too
long.");
5579 /** This string must remain the same forevermore. It is how we
5580 * recognize that the torrc file doesn't need to be backed up. */
5581 #define GENERATED_FILE_PREFIX "# This file was generated by Tor; " \
5582 "if you edit it, comments will not be preserved"
5583 /** This string can change; it tries to give the reader an idea
5584 * that editing this file by hand is not a good plan. */
5585 #define GENERATED_FILE_COMMENT "# The old torrc file was renamed " \
5586 "to torrc.orig.1 or similar, and Tor will ignore it"
5588 /** Save a configuration file for the configuration in <b>options</b>
5589 * into the file <b>fname</b>. If the file already exists, and
5590 * doesn't begin with GENERATED_FILE_PREFIX, rename it. Otherwise
5591 * replace it. Return 0 on success, -1 on failure. */
5593 write_configuration_file(const char *fname, const or_options_t *options)
5595 char *old_val=NULL, *new_val=NULL, *new_conf=NULL;
5596 int rename_old = 0, r;
5600 switch (file_status(fname)) {
5602 old_val = read_file_to_str(fname, 0, NULL);
5603 if (!old_val || strcmpstart(old_val, GENERATED_FILE_PREFIX)) {
5614 "Config file \"%s\" is not a file? Failing.", fname);
5618 if (!(new_conf = options_dump(options, 1))) {
5619 log_warn(LD_BUG, "Couldn't get configuration string");
5623 tor_asprintf(&new_val, "%s\n%s\n\n%s",
5624 GENERATED_FILE_PREFIX, GENERATED_FILE_COMMENT, new_conf);
5628 size_t fn_tmp_len = strlen(fname)+32;
5630 tor_assert(fn_tmp_len > strlen(fname)); /*check for overflow*/
5631 fn_tmp = tor_malloc(fn_tmp_len);
5633 if (tor_snprintf(fn_tmp, fn_tmp_len, "%s.orig.%d", fname, i)<0) {
5634 log_warn(LD_BUG, "tor_snprintf failed inexplicably");
5638 if (file_status(fn_tmp) == FN_NOENT)
5642 log_notice(LD_CONFIG, "Renaming old configuration file to \"%s\"", fn_tmp);
5643 if (rename(fname, fn_tmp) < 0) {
5645 "Couldn't rename configuration file \"%s\" to \"%s\": %s",
5646 fname, fn_tmp, strerror(errno));
5653 if (write_str_to_file(fname, new_val, 0) < 0)
5667 * Save the current configuration file value to disk. Return 0 on
5668 * success, -1 on failure.
5671 options_save_current(void)
5673 /* This fails if we can't write to our configuration file.
5675 * If we try falling back to datadirectory or something, we have a better
5676 * chance of saving the configuration, but a better chance of doing
5677 * something the user never expected. */
5678 return write_configuration_file(get_torrc_fname(), get_options());
5681 /** Mapping from a unit name to a multiplier for converting that unit into a
5682 * base unit. Used by config_parse_unit. */
5683 struct unit_table_t {
5684 const char *unit; /**< The name of the unit */
5685 uint64_t multiplier; /**< How many of the base unit appear in this unit */
5688 /** Table to map the names of memory units to the number of bytes they
5690 static struct unit_table_t memory_units[] = {
5697 { "kbytes", 1<<10 },
5698 { "kilobyte", 1<<10 },
5699 { "kilobytes", 1<<10 },
5703 { "mbytes", 1<<20 },
5704 { "megabyte", 1<<20 },
5705 { "megabytes", 1<<20 },
5708 { "gbytes", 1<<30 },
5709 { "gigabyte", 1<<30 },
5710 { "gigabytes", 1<<30 },
5711 { "tb", U64_LITERAL(1)<<40 },
5712 { "terabyte", U64_LITERAL(1)<<40 },
5713 { "terabytes", U64_LITERAL(1)<<40 },
5717 /** Table to map the names of time units to the number of seconds they
5719 static struct unit_table_t time_units[] = {
5727 { "day", 24*60*60 },
5728 { "days", 24*60*60 },
5729 { "week", 7*24*60*60 },
5730 { "weeks", 7*24*60*60 },
5734 /** Table to map the names of time units to the number of milliseconds
5736 static struct unit_table_t time_msec_units[] = {
5739 { "millisecond", 1 },
5740 { "milliseconds", 1 },
5742 { "seconds", 1000 },
5743 { "minute", 60*1000 },
5744 { "minutes", 60*1000 },
5745 { "hour", 60*60*1000 },
5746 { "hours", 60*60*1000 },
5747 { "day", 24*60*60*1000 },
5748 { "days", 24*60*60*1000 },
5749 { "week", 7*24*60*60*1000 },
5750 { "weeks", 7*24*60*60*1000 },
5754 /** Parse a string <b>val</b> containing a number, zero or more
5755 * spaces, and an optional unit string. If the unit appears in the
5756 * table <b>u</b>, then multiply the number by the unit multiplier.
5757 * On success, set *<b>ok</b> to 1 and return this product.
5758 * Otherwise, set *<b>ok</b> to 0.
5761 config_parse_units(const char *val, struct unit_table_t *u, int *ok)
5770 v = tor_parse_uint64(val, 10, 0, UINT64_MAX, ok, &cp);
5771 if (!*ok || (cp && *cp == '.')) {
5772 d = tor_parse_double(val, 0, UINT64_MAX, ok, &cp);
5780 v = use_float ? DBL_TO_U64(d) : v;
5784 cp = (char*) eat_whitespace(cp);
5786 for ( ;u->unit;++u) {
5787 if (!strcasecmp(u->unit, cp)) {
5789 v = u->multiplier * d;
5796 log_warn(LD_CONFIG, "Unknown unit '%s'.", cp);
5806 /** Parse a string in the format "number unit", where unit is a unit of
5807 * information (byte, KB, M, etc). On success, set *<b>ok</b> to true
5808 * and return the number of bytes specified. Otherwise, set
5809 * *<b>ok</b> to false and return 0. */
5811 config_parse_memunit(const char *s, int *ok)
5813 uint64_t u = config_parse_units(s, memory_units, ok);
5817 /** Parse a string in the format "number unit", where unit is a unit of
5818 * time in milliseconds. On success, set *<b>ok</b> to true and return
5819 * the number of milliseconds in the provided interval. Otherwise, set
5820 * *<b>ok</b> to 0 and return -1. */
5822 config_parse_msec_interval(const char *s, int *ok)
5825 r = config_parse_units(s, time_msec_units, ok);
5829 log_warn(LD_CONFIG, "Msec interval '%s' is too long", s);
5836 /** Parse a string in the format "number unit", where unit is a unit of time.
5837 * On success, set *<b>ok</b> to true and return the number of seconds in
5838 * the provided interval. Otherwise, set *<b>ok</b> to 0 and return -1.
5841 config_parse_interval(const char *s, int *ok)
5844 r = config_parse_units(s, time_units, ok);
5848 log_warn(LD_CONFIG, "Interval '%s' is too long", s);
5855 /** Return the number of cpus configured in <b>options</b>. If we are
5856 * told to auto-detect the number of cpus, return the auto-detected number. */
5858 get_num_cpus(const or_options_t *options)
5860 if (options->NumCPUs == 0) {
5861 int n = compute_num_cpus();
5862 return (n >= 1) ? n : 1;
5864 return options->NumCPUs;
5869 * Initialize the libevent library.
5872 init_libevent(const or_options_t *options)
5874 const char *badness=NULL;
5875 tor_libevent_cfg cfg;
5877 tor_assert(options);
5879 configure_libevent_logging();
5880 /* If the kernel complains that some method (say, epoll) doesn't
5881 * exist, we don't care about it, since libevent will cope.
5883 suppress_libevent_log_msg("Function not implemented");
5885 tor_check_libevent_header_compatibility();
5887 memset(&cfg, 0, sizeof(cfg));
5888 cfg.disable_iocp = options->DisableIOCP;
5889 cfg.num_cpus = get_num_cpus(options);
5890 cfg.msec_per_tick = options->TokenBucketRefillInterval;
5892 tor_libevent_initialize(&cfg);
5894 suppress_libevent_log_msg(NULL);
5896 tor_check_libevent_version(tor_libevent_get_method(),
5897 get_options()->ORPort != 0,
5900 const char *v = tor_libevent_get_version_str();
5901 const char *m = tor_libevent_get_method();
5902 control_event_general_status(LOG_WARN,
5903 "BAD_LIBEVENT VERSION=%s METHOD=%s BADNESS=%s RECOVERED=NO",
5908 /** Return the persistent state struct for this Tor. */
5912 tor_assert(global_state);
5913 return global_state;
5916 /** Return a newly allocated string holding a filename relative to the data
5917 * directory. If <b>sub1</b> is present, it is the first path component after
5918 * the data directory. If <b>sub2</b> is also present, it is the second path
5919 * component after the data directory. If <b>suffix</b> is present, it
5920 * is appended to the filename.
5923 * get_datadir_fname2_suffix("a", NULL, NULL) -> $DATADIR/a
5924 * get_datadir_fname2_suffix("a", NULL, ".tmp") -> $DATADIR/a.tmp
5925 * get_datadir_fname2_suffix("a", "b", ".tmp") -> $DATADIR/a/b/.tmp
5926 * get_datadir_fname2_suffix("a", "b", NULL) -> $DATADIR/a/b
5928 * Note: Consider using the get_datadir_fname* macros in or.h.
5931 options_get_datadir_fname2_suffix(const or_options_t *options,
5932 const char *sub1, const char *sub2,
5937 tor_assert(options);
5938 tor_assert(options->DataDirectory);
5939 tor_assert(sub1 || !sub2); /* If sub2 is present, sub1 must be present. */
5940 len = strlen(options->DataDirectory);
5942 len += strlen(sub1)+1;
5944 len += strlen(sub2)+1;
5947 len += strlen(suffix);
5949 fname = tor_malloc(len);
5952 tor_snprintf(fname, len, "%s"PATH_SEPARATOR"%s"PATH_SEPARATOR"%s",
5953 options->DataDirectory, sub1, sub2);
5955 tor_snprintf(fname, len, "%s"PATH_SEPARATOR"%s",
5956 options->DataDirectory, sub1);
5959 strlcpy(fname, options->DataDirectory, len);
5962 strlcat(fname, suffix, len);
5966 /** Return true if <b>line</b> is a valid state TransportProxy line.
5967 * Return false otherwise. */
5969 state_transport_line_is_valid(const char *line)
5971 smartlist_t *items = NULL;
5972 char *addrport=NULL;
5977 items = smartlist_create();
5978 smartlist_split_string(items, line, NULL,
5979 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5981 if (smartlist_len(items) != 2) {
5982 log_warn(LD_CONFIG, "state: Not enough arguments in TransportProxy line.");
5986 addrport = smartlist_get(items, 1);
5987 if (tor_addr_port_lookup(addrport, &addr, &port) < 0) {
5988 log_warn(LD_CONFIG, "state: Could not parse addrport.");
5993 log_warn(LD_CONFIG, "state: Transport line did not contain port.");
6004 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
6005 smartlist_free(items);
6009 /** Return 0 if all TransportProxy lines in <b>state</b> are well
6010 * formed. Otherwise, return -1. */
6012 validate_transports_in_state(or_state_t *state)
6015 config_line_t *line;
6017 for (line = state->TransportProxies ; line ; line = line->next) {
6018 tor_assert(!strcmp(line->key, "TransportProxy"));
6019 if (!state_transport_line_is_valid(line->value))
6024 log_warn(LD_CONFIG, "state: State file seems to be broken.");
6029 /** Return 0 if every setting in <b>state</b> is reasonable, and a
6030 * permissible transition from <b>old_state</b>. Else warn and return -1.
6031 * Should have no side effects, except for normalizing the contents of
6034 /* XXX from_setconf is here because of bug 238 */
6036 or_state_validate(or_state_t *old_state, or_state_t *state,
6037 int from_setconf, char **msg)
6039 /* We don't use these; only options do. Still, we need to match that
6041 (void) from_setconf;
6044 if (entry_guards_parse_state(state, 0, msg)<0)
6047 if (validate_transports_in_state(state)<0)
6053 /** Replace the current persistent state with <b>new_state</b> */
6055 or_state_set(or_state_t *new_state)
6059 tor_assert(new_state);
6060 config_free(&state_format, global_state);
6061 global_state = new_state;
6062 if (entry_guards_parse_state(global_state, 1, &err)<0) {
6063 log_warn(LD_GENERAL,"%s",err);
6067 if (rep_hist_load_state(global_state, &err)<0) {
6068 log_warn(LD_GENERAL,"Unparseable bandwidth history state: %s",err);
6072 if (circuit_build_times_parse_state(&circ_times, global_state) < 0) {
6079 * Save a broken state file to a backup location.
6082 or_state_save_broken(char *fname)
6085 file_status_t status;
6086 size_t len = strlen(fname)+16;
6087 char *fname2 = tor_malloc(len);
6088 for (i = 0; i < 100; ++i) {
6089 tor_snprintf(fname2, len, "%s.%d", fname, i);
6090 status = file_status(fname2);
6091 if (status == FN_NOENT)
6095 log_warn(LD_BUG, "Unable to parse state in \"%s\"; too many saved bad "
6096 "state files to move aside. Discarding the old state file.",
6100 log_warn(LD_BUG, "Unable to parse state in \"%s\". Moving it aside "
6101 "to \"%s\". This could be a bug in Tor; please tell "
6102 "the developers.", fname, fname2);
6103 if (rename(fname, fname2) < 0) {
6104 log_warn(LD_BUG, "Weirdly, I couldn't even move the state aside. The "
6105 "OS gave an error of %s", strerror(errno));
6111 /** Reload the persistent state from disk, generating a new state as needed.
6112 * Return 0 on success, less than 0 on failure.
6117 or_state_t *new_state = NULL;
6118 char *contents = NULL, *fname;
6119 char *errmsg = NULL;
6120 int r = -1, badstate = 0;
6122 fname = get_datadir_fname("state");
6123 switch (file_status(fname)) {
6125 if (!(contents = read_file_to_str(fname, 0, NULL))) {
6126 log_warn(LD_FS, "Unable to read state file \"%s\"", fname);
6135 log_warn(LD_GENERAL,"State file \"%s\" is not a file? Failing.", fname);
6138 new_state = tor_malloc_zero(sizeof(or_state_t));
6139 new_state->_magic = OR_STATE_MAGIC;
6140 config_init(&state_format, new_state);
6142 config_line_t *lines=NULL;
6144 if (config_get_lines(contents, &lines)<0)
6146 assign_retval = config_assign(&state_format, new_state,
6147 lines, 0, 0, &errmsg);
6148 config_free_lines(lines);
6149 if (assign_retval<0)
6152 log_warn(LD_GENERAL, "%s", errmsg);
6157 if (!badstate && or_state_validate(NULL, new_state, 1, &errmsg) < 0)
6161 log_warn(LD_GENERAL, "%s", errmsg);
6165 if (badstate && !contents) {
6166 log_warn(LD_BUG, "Uh oh. We couldn't even validate our own default state."
6167 " This is a bug in Tor.");
6169 } else if (badstate && contents) {
6170 or_state_save_broken(fname);
6173 config_free(&state_format, new_state);
6175 new_state = tor_malloc_zero(sizeof(or_state_t));
6176 new_state->_magic = OR_STATE_MAGIC;
6177 config_init(&state_format, new_state);
6178 } else if (contents) {
6179 log_info(LD_GENERAL, "Loaded state from \"%s\"", fname);
6181 log_info(LD_GENERAL, "Initialized state");
6183 if (or_state_set(new_state) == -1) {
6184 or_state_save_broken(fname);
6188 global_state->next_write = 0;
6189 or_state_save(time(NULL));
6197 config_free(&state_format, new_state);
6202 /** Did the last time we tried to write the state file fail? If so, we
6203 * should consider disabling such features as preemptive circuit generation
6204 * to compute circuit-build-time. */
6205 static int last_state_file_write_failed = 0;
6207 /** Return whether the state file failed to write last time we tried. */
6209 did_last_state_file_write_fail(void)
6211 return last_state_file_write_failed;
6214 /** If writing the state to disk fails, try again after this many seconds. */
6215 #define STATE_WRITE_RETRY_INTERVAL 3600
6217 /** If we're a relay, how often should we checkpoint our state file even
6218 * if nothing else dirties it? This will checkpoint ongoing stats like
6219 * bandwidth used, per-country user stats, etc. */
6220 #define STATE_RELAY_CHECKPOINT_INTERVAL (12*60*60)
6222 /** Write the persistent state to disk. Return 0 for success, <0 on failure. */
6224 or_state_save(time_t now)
6226 char *state, *contents;
6227 char tbuf[ISO_TIME_LEN+1];
6230 tor_assert(global_state);
6232 if (global_state->next_write > now)
6235 /* Call everything else that might dirty the state even more, in order
6236 * to avoid redundant writes. */
6237 entry_guards_update_state(global_state);
6238 rep_hist_update_state(global_state);
6239 circuit_build_times_update_state(&circ_times, global_state);
6240 if (accounting_is_enabled(get_options()))
6241 accounting_run_housekeeping(now);
6243 global_state->LastWritten = now;
6245 tor_free(global_state->TorVersion);
6246 tor_asprintf(&global_state->TorVersion, "Tor %s", get_version());
6248 state = config_dump(&state_format, global_state, 1, 0);
6249 format_local_iso_time(tbuf, now);
6250 tor_asprintf(&contents,
6251 "# Tor state file last generated on %s local time\n"
6252 "# Other times below are in GMT\n"
6253 "# You *do not* need to edit this file.\n\n%s",
6256 fname = get_datadir_fname("state");
6257 if (write_str_to_file(fname, contents, 0)<0) {
6258 log_warn(LD_FS, "Unable to write state to file \"%s\"; "
6259 "will try again later", fname);
6260 last_state_file_write_failed = 1;
6263 /* Try again after STATE_WRITE_RETRY_INTERVAL (or sooner, if the state
6264 * changes sooner). */
6265 global_state->next_write = now + STATE_WRITE_RETRY_INTERVAL;
6269 last_state_file_write_failed = 0;
6270 log_info(LD_GENERAL, "Saved state to \"%s\"", fname);
6274 if (server_mode(get_options()))
6275 global_state->next_write = now + STATE_RELAY_CHECKPOINT_INTERVAL;
6277 global_state->next_write = TIME_MAX;
6282 /** Return the config line for transport <b>transport</b> in the current state.
6283 * Return NULL if there is no config line for <b>transport</b>. */
6284 static config_line_t *
6285 get_transport_in_state_by_name(const char *transport)
6287 or_state_t *or_state = get_or_state();
6288 config_line_t *line;
6289 config_line_t *ret = NULL;
6290 smartlist_t *items = NULL;
6292 for (line = or_state->TransportProxies ; line ; line = line->next) {
6293 tor_assert(!strcmp(line->key, "TransportProxy"));
6295 items = smartlist_create();
6296 smartlist_split_string(items, line->value, NULL,
6297 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
6298 if (smartlist_len(items) != 2) /* broken state */
6301 if (!strcmp(smartlist_get(items, 0), transport)) {
6306 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
6307 smartlist_free(items);
6313 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
6314 smartlist_free(items);
6319 /** Return string containing the address:port part of the
6320 * TransportProxy <b>line</b> for transport <b>transport</b>.
6321 * If the line is corrupted, return NULL. */
6323 get_transport_bindaddr(const char *line, const char *transport)
6325 char *line_tmp = NULL;
6327 if (strlen(line) < strlen(transport) + 2) {
6330 /* line should start with the name of the transport and a space.
6331 (for example, "obfs2 127.0.0.1:47245") */
6332 tor_asprintf(&line_tmp, "%s ", transport);
6333 if (strcmpstart(line, line_tmp))
6337 return (line+strlen(transport)+1);
6345 /** Return a static string containing the address:port a proxy
6346 * transport should bind on. */
6348 get_bindaddr_for_transport(const char *transport)
6350 static const char default_addrport[] = "127.0.0.1:0";
6351 const char *bindaddr = NULL;
6353 config_line_t *line = get_transport_in_state_by_name(transport);
6355 return default_addrport;
6357 bindaddr = get_transport_bindaddr(line->value, transport);
6359 return bindaddr ? bindaddr : default_addrport;
6362 /** Save <b>transport</b> listening on <b>addr</b>:<b>port</b> to
6365 save_transport_to_state(const char *transport,
6366 const tor_addr_t *addr, uint16_t port)
6368 or_state_t *state = get_or_state();
6370 char *transport_addrport=NULL;
6372 /** find where to write on the state */
6373 config_line_t **next, *line;
6375 /* see if this transport is already stored in state */
6376 config_line_t *transport_line =
6377 get_transport_in_state_by_name(transport);
6379 if (transport_line) { /* if transport already exists in state... */
6380 const char *prev_bindaddr = /* get its addrport... */
6381 get_transport_bindaddr(transport_line->value, transport);
6382 tor_asprintf(&transport_addrport, "%s:%d", fmt_addr(addr), (int)port);
6384 /* if transport in state has the same address as this one, life is good */
6385 if (!strcmp(prev_bindaddr, transport_addrport)) {
6386 log_info(LD_CONFIG, "Transport seems to have spawned on its usual "
6389 } else { /* if addrport in state is different than the one we got */
6390 log_info(LD_CONFIG, "Transport seems to have spawned on different "
6391 "address:port. Let's update the state file with the new "
6393 tor_free(transport_line->value); /* free the old line */
6394 tor_asprintf(&transport_line->value, "%s %s:%d", transport,
6396 (int) port); /* replace old addrport line with new line */
6398 } else { /* never seen this one before; save it in state for next time */
6399 log_info(LD_CONFIG, "It's the first time we see this transport. "
6400 "Let's save its address:port");
6401 next = &state->TransportProxies;
6402 /* find the last TransportProxy line in the state and point 'next'
6404 line = state->TransportProxies;
6406 next = &(line->next);
6410 /* allocate space for the new line and fill it in */
6411 *next = line = tor_malloc_zero(sizeof(config_line_t));
6412 line->key = tor_strdup("TransportProxy");
6413 tor_asprintf(&line->value, "%s %s:%d", transport,
6414 fmt_addr(addr), (int) port);
6416 next = &(line->next);
6419 if (!get_options()->AvoidDiskWrites)
6420 or_state_mark_dirty(state, 0);
6423 tor_free(transport_addrport);
6426 /** Given a file name check to see whether the file exists but has not been
6427 * modified for a very long time. If so, remove it. */
6429 remove_file_if_very_old(const char *fname, time_t now)
6431 #define VERY_OLD_FILE_AGE (28*24*60*60)
6434 if (stat(fname, &st)==0 && st.st_mtime < now-VERY_OLD_FILE_AGE) {
6435 char buf[ISO_TIME_LEN+1];
6436 format_local_iso_time(buf, st.st_mtime);
6437 log_notice(LD_GENERAL, "Obsolete file %s hasn't been modified since %s. "
6438 "Removing it.", fname, buf);
6443 /** Helper to implement GETINFO functions about configuration variables (not
6444 * their values). Given a "config/names" question, set *<b>answer</b> to a
6445 * new string describing the supported configuration variables and their
6448 getinfo_helper_config(control_connection_t *conn,
6449 const char *question, char **answer,
6450 const char **errmsg)
6454 if (!strcmp(question, "config/names")) {
6455 smartlist_t *sl = smartlist_create();
6457 for (i = 0; _option_vars[i].name; ++i) {
6458 const config_var_t *var = &_option_vars[i];
6461 switch (var->type) {
6462 case CONFIG_TYPE_STRING: type = "String"; break;
6463 case CONFIG_TYPE_FILENAME: type = "Filename"; break;
6464 case CONFIG_TYPE_UINT: type = "Integer"; break;
6465 case CONFIG_TYPE_PORT: type = "Port"; break;
6466 case CONFIG_TYPE_INTERVAL: type = "TimeInterval"; break;
6467 case CONFIG_TYPE_MSEC_INTERVAL: type = "TimeMsecInterval"; break;
6468 case CONFIG_TYPE_MEMUNIT: type = "DataSize"; break;
6469 case CONFIG_TYPE_DOUBLE: type = "Float"; break;
6470 case CONFIG_TYPE_BOOL: type = "Boolean"; break;
6471 case CONFIG_TYPE_AUTOBOOL: type = "Boolean+Auto"; break;
6472 case CONFIG_TYPE_ISOTIME: type = "Time"; break;
6473 case CONFIG_TYPE_ROUTERSET: type = "RouterList"; break;
6474 case CONFIG_TYPE_CSV: type = "CommaList"; break;
6475 case CONFIG_TYPE_LINELIST: type = "LineList"; break;
6476 case CONFIG_TYPE_LINELIST_S: type = "Dependant"; break;
6477 case CONFIG_TYPE_LINELIST_V: type = "Virtual"; break;
6479 case CONFIG_TYPE_OBSOLETE:
6484 tor_asprintf(&line, "%s %s\n",var->name,type);
6485 smartlist_add(sl, line);
6487 *answer = smartlist_join_strings(sl, "", 0, NULL);
6488 SMARTLIST_FOREACH(sl, char *, c, tor_free(c));