1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
8 * \file or_options_st.h
10 * \brief The or_options_t structure, which represents Tor's configuration.
13 #ifndef TOR_OR_OPTIONS_ST_H
14 #define TOR_OR_OPTIONS_ST_H
16 #include "core/or/or.h"
17 #include "lib/cc/torint.h"
18 #include "lib/net/address.h"
19 #include "app/config/tor_cmdline_mode.h"
23 struct config_suite_t
;
26 /** Enumeration of outbound address configuration types:
27 * Exit-only, OR-only, PT-only, or any of them */
29 /** Outbound IP address for Exit connections. Controlled by the
30 * `OutboundBindAddressExit` configuration entry in torrc. */
33 /** Outbound IP address for OR connections. Controlled by the
34 * `OutboundBindAddressOR` configuration entry in torrc. */
37 /** Outbound IP address for PT connections. Controlled by the
38 * `OutboundBindAddressPT` configuration entry in torrc. */
41 /** Outbound IP address for any outgoing connections. Controlled by the
42 * OutboundBindAddress configuration entry in torrc. This value is used as
43 * fallback if the more specific OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR, and
44 * OUTBOUND_ADDR_PT are unset. */
47 /** Max value for this enum. Must be the last element in this enum. */
51 /** Which protocol to use for TCPProxy. */
53 /** Use the HAProxy proxy protocol. */
54 TCP_PROXY_PROTOCOL_HAPROXY
55 } tcp_proxy_protocol_t
;
57 /** Enumeration of available time formats for output of --key-expiration */
59 KEY_EXPIRATION_FORMAT_ISO8601
= 0,
60 KEY_EXPIRATION_FORMAT_TIMESTAMP
61 } key_expiration_format_t
;
63 /** Configuration options for a Tor process. */
67 /** What should the tor process actually do? */
68 tor_cmdline_mode_t command
;
69 char *command_arg
; /**< Argument for command-line option. */
71 struct config_line_t
*Logs
; /**< New-style list of configuration lines
73 int LogTimeGranularity
; /**< Log resolution in milliseconds. */
75 int LogMessageDomains
; /**< Boolean: Should we log the domain(s) in which
76 * each log message occurs? */
77 int TruncateLogFile
; /**< Boolean: Should we truncate the log file
78 before we start writing? */
79 char *SyslogIdentityTag
; /**< Identity tag to add for syslog logging. */
81 char *DebugLogFile
; /**< Where to send verbose log messages. */
82 char *DataDirectory_option
; /**< Where to store long-term data, as
83 * configured by the user. */
84 char *DataDirectory
; /**< Where to store long-term data, as modified. */
85 int DataDirectoryGroupReadable
; /**< Boolean: Is the DataDirectory g+r? */
87 char *KeyDirectory_option
; /**< Where to store keys, as
88 * configured by the user. */
89 char *KeyDirectory
; /**< Where to store keys data, as modified. */
90 int KeyDirectoryGroupReadable
; /**< Boolean: Is the KeyDirectory g+r? */
92 char *CacheDirectory_option
; /**< Where to store cached data, as
93 * configured by the user. */
94 char *CacheDirectory
; /**< Where to store cached data, as modified. */
95 int CacheDirectoryGroupReadable
; /**< Boolean: Is the CacheDirectory g+r? */
97 char *Nickname
; /**< OR only: nickname of this onion router. */
98 /** OR only: configured address for this onion router. Up to two times this
99 * options is accepted as in IPv4 and IPv6. */
100 struct config_line_t
*Address
;
102 /** Boolean: If set, disable IPv6 address resolution, IPv6 ORPorts, IPv6
103 * reachability checks, and publishing an IPv6 ORPort in its descriptor. */
104 int AddressDisableIPv6
;
106 char *PidFile
; /**< Where to store PID of Tor process. */
108 struct routerset_t
*ExitNodes
; /**< Structure containing nicknames, digests,
109 * country codes and IP address patterns of ORs to
110 * consider as exits. */
111 struct routerset_t
*MiddleNodes
; /**< Structure containing nicknames,
112 * digests, country codes and IP address patterns
113 * of ORs to consider as middles. */
114 struct routerset_t
*EntryNodes
;/**< Structure containing nicknames, digests,
115 * country codes and IP address patterns of ORs to
116 * consider as entry points. */
117 int StrictNodes
; /**< Boolean: When none of our EntryNodes or ExitNodes
118 * are up, or we need to access a node in ExcludeNodes,
119 * do we just fail instead? */
120 struct routerset_t
*ExcludeNodes
;/**< Structure containing nicknames,
121 * digests, country codes and IP address patterns
122 * of ORs not to use in circuits. But see
123 * StrictNodes above. */
124 struct routerset_t
*ExcludeExitNodes
;/**< Structure containing nicknames,
125 * digests, country codes and IP address
126 * patterns of ORs not to consider as
129 /** Union of ExcludeNodes and ExcludeExitNodes */
130 struct routerset_t
*ExcludeExitNodesUnion_
;
132 int DisableAllSwap
; /**< Boolean: Attempt to call mlockall() on our
133 * process for all current and future memory. */
135 struct config_line_t
*ExitPolicy
; /**< Lists of exit policy components. */
136 int ExitPolicyRejectPrivate
; /**< Should we not exit to reserved private
137 * addresses, and our own published addresses?
139 int ExitPolicyRejectLocalInterfaces
; /**< Should we not exit to local
140 * interface addresses?
141 * Includes OutboundBindAddresses and
142 * configured ports. */
143 int ReducedExitPolicy
; /**<Should we use the Reduced Exit Policy? */
144 struct config_line_t
*SocksPolicy
; /**< Lists of socks policy components */
145 struct config_line_t
*DirPolicy
; /**< Lists of dir policy components */
146 /** Local address to bind outbound sockets */
147 struct config_line_t
*OutboundBindAddress
;
148 /** Local address to bind outbound relay sockets */
149 struct config_line_t
*OutboundBindAddressOR
;
150 /** Local address to bind outbound exit sockets */
151 struct config_line_t
*OutboundBindAddressExit
;
152 /** Local address to bind outbound PT sockets */
153 struct config_line_t
*OutboundBindAddressPT
;
154 /** Addresses derived from the various OutboundBindAddress lines.
155 * [][0] is IPv4, [][1] is IPv6
157 tor_addr_t OutboundBindAddresses
[OUTBOUND_ADDR_MAX
][2];
158 /** Whether dirservers allow router descriptors with private IPs. */
159 int DirAllowPrivateAddresses
;
160 /** Whether routers accept EXTEND cells to routers with private IPs. */
161 int ExtendAllowPrivateAddresses
;
162 char *User
; /**< Name of user to run Tor as. */
163 /** Ports to listen on for OR connections. */
164 struct config_line_t
*ORPort_lines
;
165 /** Ports to listen on for extended OR connections. */
166 struct config_line_t
*ExtORPort_lines
;
167 /** Ports to listen on for Metrics connections. */
168 struct config_line_t
*MetricsPort_lines
;
169 /** Ports to listen on for SOCKS connections. */
170 struct config_line_t
*SocksPort_lines
;
171 /** Ports to listen on for transparent pf/netfilter connections. */
172 struct config_line_t
*TransPort_lines
;
173 char *TransProxyType
; /**< What kind of transparent proxy
174 * implementation are we using? */
175 /** Parsed value of TransProxyType. */
181 } TransProxyType_parsed
;
182 /** Ports to listen on for transparent natd connections. */
183 struct config_line_t
*NATDPort_lines
;
184 /** Ports to listen on for HTTP Tunnel connections. */
185 struct config_line_t
*HTTPTunnelPort_lines
;
186 struct config_line_t
*ControlPort_lines
; /**< Ports to listen on for control
188 /** List of Unix Domain Sockets to listen on for control connections. */
189 struct config_line_t
*ControlSocket
;
191 int ControlSocketsGroupWritable
; /**< Boolean: Are control sockets g+rw? */
192 int UnixSocksGroupWritable
; /**< Boolean: Are SOCKS Unix sockets g+rw? */
193 /** Ports to listen on for directory connections. */
194 struct config_line_t
*DirPort_lines
;
195 /** Ports to listen on for DNS requests. */
196 struct config_line_t
*DNSPort_lines
;
198 /* MaxMemInQueues value as input by the user. We clean this up to be
200 uint64_t MaxMemInQueues_raw
;
201 uint64_t MaxMemInQueues
;/**< If we have more memory than this allocated
202 * for queues and buffers, run the OOM handler */
203 /** Above this value, consider ourselves low on RAM. */
204 uint64_t MaxMemInQueues_low_threshold
;
206 /** @name port booleans
208 * Derived booleans: For server ports and ControlPort, true iff there is a
209 * non-listener port on an AF_INET or AF_INET6 address of the given type
210 * configured in one of the _lines options above.
211 * For client ports, also true if there is a unix socket configured.
212 * If you are checking for client ports, you may want to use:
213 * SocksPort_set || TransPort_set || NATDPort_set || DNSPort_set ||
215 * rather than SocksPort_set.
219 unsigned int ORPort_set
: 1;
220 unsigned int SocksPort_set
: 1;
221 unsigned int TransPort_set
: 1;
222 unsigned int NATDPort_set
: 1;
223 unsigned int ControlPort_set
: 1;
224 unsigned int DirPort_set
: 1;
225 unsigned int DNSPort_set
: 1;
226 unsigned int ExtORPort_set
: 1;
227 unsigned int HTTPTunnelPort_set
: 1;
228 unsigned int MetricsPort_set
: 1;
231 /** Whether to publish our descriptor regardless of all our self-tests
234 /** Whether to publish our descriptor regardless of IPv6 self-tests.
236 * This is an autobool; when set to AUTO, it uses AssumeReachable.
238 int AssumeReachableIPv6
;
239 int AuthoritativeDir
; /**< Boolean: is this an authoritative directory? */
240 int V3AuthoritativeDir
; /**< Boolean: is this an authoritative directory
241 * for version 3 directories? */
242 int BridgeAuthoritativeDir
; /**< Boolean: is this an authoritative directory
243 * that aggregates bridge descriptors? */
245 /** If set on a bridge relay, it will include this value on a new
246 * "bridge-distribution-request" line in its bridge descriptor. */
247 char *BridgeDistribution
;
249 /** If set on a bridge authority, it will answer requests on its dirport
250 * for bridge statuses -- but only if the requests use this password. */
251 char *BridgePassword
;
252 /** If BridgePassword is set, this is a SHA256 digest of the basic http
253 * authenticator for it. Used so we can do a time-independent comparison. */
254 char *BridgePassword_AuthDigest_
;
256 int UseBridges
; /**< Boolean: should we start all circuits with a bridge? */
257 struct config_line_t
*Bridges
; /**< List of bootstrap bridge addresses. */
259 struct config_line_t
*ClientTransportPlugin
; /**< List of client
260 transport plugins. */
262 struct config_line_t
*ServerTransportPlugin
; /**< List of client
263 transport plugins. */
265 /** List of TCP/IP addresses that transports should listen at. */
266 struct config_line_t
*ServerTransportListenAddr
;
268 /** List of options that must be passed to pluggable transports. */
269 struct config_line_t
*ServerTransportOptions
;
271 int BridgeRelay
; /**< Boolean: are we acting as a bridge relay? We make
272 * this explicit so we can change how we behave in the
275 /** Boolean: if we know the bridge's digest, should we get new
276 * descriptors from the bridge authorities or from the bridge itself? */
277 int UpdateBridgesFromAuthority
;
279 int AvoidDiskWrites
; /**< Boolean: should we never cache things to disk?
281 int ClientOnly
; /**< Boolean: should we never evolve into a server role? */
283 int ReducedConnectionPadding
; /**< Boolean: Should we try to keep connections
284 open shorter and pad them less against
285 connection-level traffic analysis? */
286 /** Autobool: if auto, then connection padding will be negotiated by client
287 * and server. If 0, it will be fully disabled. If 1, the client will still
288 * pad to the server regardless of server support. */
289 int ConnectionPadding
;
291 /** Boolean: if true, then circuit padding will be negotiated by client
292 * and server, subject to consenus limits (default). If 0, it will be fully
296 /** Boolean: if true, then this client will discard cached bridge
297 * descriptors on a setconf or other config change that impacts guards
298 * or bridges (see options_transition_affects_guards() for exactly which
299 * config changes trigger it). Useful for tools that test bridge
300 * reachability by fetching fresh descriptors. */
301 int ReconfigDropsBridgeDescs
;
303 /** Boolean: if true, then this client will only use circuit padding
304 * algorithms that are known to use a low amount of overhead. If false,
305 * we will use all available circuit padding algorithms.
307 int ReducedCircuitPadding
;
309 /** To what authority types do we publish our descriptor? Choices are
310 * "v1", "v2", "v3", "bridge", or "". */
311 struct smartlist_t
*PublishServerDescriptor
;
312 /** A bitfield of authority types, derived from PublishServerDescriptor. */
313 dirinfo_type_t PublishServerDescriptor_
;
314 /** Boolean: do we publish hidden service descriptors to the HS auths? */
315 int PublishHidServDescriptors
;
316 int FetchServerDescriptors
; /**< Do we fetch server descriptors as normal? */
317 int FetchHidServDescriptors
; /**< and hidden service descriptors? */
319 int FetchUselessDescriptors
; /**< Do we fetch non-running descriptors too? */
320 int AllDirActionsPrivate
; /**< Should every directory action be sent
321 * through a Tor circuit? */
323 /** A routerset that should be used when picking middle nodes for HS
325 struct routerset_t
*HSLayer2Nodes
;
327 /** A routerset that should be used when picking third-hop nodes for HS
329 struct routerset_t
*HSLayer3Nodes
;
331 /** Onion Services in HiddenServiceSingleHopMode make one-hop (direct)
332 * circuits between the onion service server, and the introduction and
333 * rendezvous points. (Onion service descriptors are still posted using
334 * 3-hop paths, to avoid onion service directories blocking the service.)
335 * This option makes every hidden service instance hosted by
336 * this tor instance a Single Onion Service.
337 * HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be
339 * Use rend_service_allow_non_anonymous_connection() or
340 * rend_service_reveal_startup_time() instead of using this option directly.
342 int HiddenServiceSingleHopMode
;
343 /* Makes hidden service clients and servers non-anonymous on this tor
344 * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables
345 * non-anonymous behaviour in the hidden service protocol.
346 * Use hs_service_non_anonymous_mode_enabled() instead of using this option
349 int HiddenServiceNonAnonymousMode
;
351 int ConnLimit
; /**< Demanded minimum number of simultaneous connections. */
352 int ConnLimit_
; /**< Maximum allowed number of simultaneous connections. */
353 int ConnLimit_high_thresh
; /**< start trying to lower socket usage if we
355 int ConnLimit_low_thresh
; /**< try to get down to here after socket
357 int RunAsDaemon
; /**< If true, run in the background. (Unix only) */
358 int FascistFirewall
; /**< Whether to prefer ORs reachable on open ports. */
359 struct smartlist_t
*FirewallPorts
; /**< Which ports our firewall allows
361 /** IP:ports our firewall allows. */
362 struct config_line_t
*ReachableAddresses
;
363 struct config_line_t
*ReachableORAddresses
; /**< IP:ports for OR conns. */
364 struct config_line_t
*ReachableDirAddresses
; /**< IP:ports for Dir conns. */
366 int ConstrainedSockets
; /**< Shrink xmit and recv socket buffers. */
367 uint64_t ConstrainedSockSize
; /**< Size of constrained buffers. */
369 /** Whether we should drop exit streams from Tors that we don't know are
370 * relays. One of "0" (never refuse), "1" (always refuse), or "-1" (do
371 * what the consensus says, defaulting to 'refuse' if the consensus says
373 int RefuseUnknownExits
;
375 /** Application ports that require all nodes in circ to have sufficient
377 struct smartlist_t
*LongLivedPorts
;
378 /** Application ports that are likely to be unencrypted and
379 * unauthenticated; we reject requests for them to prevent the
380 * user from screwing up and leaking plaintext secrets to an
381 * observer somewhere on the Internet. */
382 struct smartlist_t
*RejectPlaintextPorts
;
383 /** Related to RejectPlaintextPorts above, except this config option
384 * controls whether we warn (in the log and via a controller status
385 * event) every time a risky connection is attempted. */
386 struct smartlist_t
*WarnPlaintextPorts
;
387 /** Should we try to reuse the same exit node for a given host */
388 struct smartlist_t
*TrackHostExits
;
389 int TrackHostExitsExpire
; /**< Number of seconds until we expire an
391 struct config_line_t
*AddressMap
; /**< List of address map directives. */
392 int AutomapHostsOnResolve
; /**< If true, when we get a resolve request for a
393 * hostname ending with one of the suffixes in
394 * <b>AutomapHostsSuffixes</b>, map it to a
395 * virtual address. */
396 /** List of suffixes for <b>AutomapHostsOnResolve</b>. The special value
397 * "." means "match everything." */
398 struct smartlist_t
*AutomapHostsSuffixes
;
399 int RendPostPeriod
; /**< How often do we post each rendezvous service
400 * descriptor? Remember to publish them independently. */
401 int KeepalivePeriod
; /**< How often do we send padding cells to keep
402 * connections alive? */
403 int SocksTimeout
; /**< How long do we let a socks connection wait
404 * unattached before we fail it? */
405 int LearnCircuitBuildTimeout
; /**< If non-zero, we attempt to learn a value
406 * for CircuitBuildTimeout based on timeout
407 * history. Use circuit_build_times_disabled()
408 * rather than checking this value directly. */
409 int CircuitBuildTimeout
; /**< Cull non-open circuits that were born at
410 * least this many seconds ago. Used until
411 * adaptive algorithm learns a new value. */
412 int CircuitsAvailableTimeout
; /**< Try to have an open circuit for at
413 least this long after last activity */
414 int CircuitStreamTimeout
; /**< If non-zero, detach streams from circuits
415 * and try a new circuit if the stream has been
416 * waiting for this many seconds. If zero, use
417 * our default internal timeout schedule. */
418 int MaxOnionQueueDelay
; /*< DOCDOC */
419 int NewCircuitPeriod
; /**< How long do we use a circuit before building
421 int MaxCircuitDirtiness
; /**< Never use circs that were first used more than
422 this interval ago. */
423 uint64_t BandwidthRate
; /**< How much bandwidth, on average, are we willing
424 * to use in a second? */
425 uint64_t BandwidthBurst
; /**< How much bandwidth, at maximum, are we willing
426 * to use in a second? */
427 uint64_t MaxAdvertisedBandwidth
; /**< How much bandwidth are we willing to
428 * tell other nodes we have? */
429 uint64_t RelayBandwidthRate
; /**< How much bandwidth, on average, are we
430 * willing to use for all relayed conns? */
431 uint64_t RelayBandwidthBurst
; /**< How much bandwidth, at maximum, will we
432 * use in a second for all relayed conns? */
433 uint64_t PerConnBWRate
; /**< Long-term bw on a single TLS conn, if set. */
434 uint64_t PerConnBWBurst
; /**< Allowed burst on a single TLS conn, if set. */
435 int NumCPUs
; /**< How many CPUs should we try to use? */
436 struct config_line_t
*RendConfigLines
; /**< List of configuration lines
437 * for rendezvous services. */
438 char *ClientOnionAuthDir
; /**< Directory to keep client
439 * onion service authorization secret keys */
440 char *ContactInfo
; /**< Contact info to be published in the directory. */
442 int HeartbeatPeriod
; /**< Log heartbeat messages after this many seconds
444 int MainloopStats
; /**< Log main loop statistics as part of the
445 * heartbeat messages. */
447 char *HTTPProxy
; /**< hostname[:port] to use as http proxy, if any. */
448 tor_addr_t HTTPProxyAddr
; /**< Parsed IPv4 addr for http proxy, if any. */
449 uint16_t HTTPProxyPort
; /**< Parsed port for http proxy, if any. */
450 char *HTTPProxyAuthenticator
; /**< username:password string, if any. */
452 char *HTTPSProxy
; /**< hostname[:port] to use as https proxy, if any. */
453 tor_addr_t HTTPSProxyAddr
; /**< Parsed addr for https proxy, if any. */
454 uint16_t HTTPSProxyPort
; /**< Parsed port for https proxy, if any. */
455 char *HTTPSProxyAuthenticator
; /**< username:password string, if any. */
457 char *Socks4Proxy
; /**< hostname:port to use as a SOCKS4 proxy, if any. */
458 tor_addr_t Socks4ProxyAddr
; /**< Derived from Socks4Proxy. */
459 uint16_t Socks4ProxyPort
; /**< Derived from Socks4Proxy. */
461 char *Socks5Proxy
; /**< hostname:port to use as a SOCKS5 proxy, if any. */
462 tor_addr_t Socks5ProxyAddr
; /**< Derived from Sock5Proxy. */
463 uint16_t Socks5ProxyPort
; /**< Derived from Socks5Proxy. */
464 char *Socks5ProxyUsername
; /**< Username for SOCKS5 authentication, if any */
465 char *Socks5ProxyPassword
; /**< Password for SOCKS5 authentication, if any */
467 char *TCPProxy
; /**< protocol and hostname:port to use as a proxy, if any. */
468 tcp_proxy_protocol_t TCPProxyProtocol
; /**< Derived from TCPProxy. */
469 tor_addr_t TCPProxyAddr
; /**< Derived from TCPProxy. */
470 uint16_t TCPProxyPort
; /**< Derived from TCPProxy. */
472 /** List of configuration lines for replacement directory authorities.
473 * If you just want to replace one class of authority at a time,
474 * use the "Alternate*Authority" options below instead. */
475 struct config_line_t
*DirAuthorities
;
477 /** List of fallback directory servers */
478 struct config_line_t
*FallbackDir
;
479 /** Whether to use the default hard-coded FallbackDirs */
480 int UseDefaultFallbackDirs
;
482 /** Weight to apply to all directory authority rates if considering them
483 * along with fallbackdirs */
484 double DirAuthorityFallbackRate
;
486 /** If set, use these main (currently v3) directory authorities and
487 * not the default ones. */
488 struct config_line_t
*AlternateDirAuthority
;
490 /** If set, use these bridge authorities and not the default one. */
491 struct config_line_t
*AlternateBridgeAuthority
;
493 struct config_line_t
*MyFamily_lines
; /**< Declared family for this OR. */
494 struct config_line_t
*MyFamily
; /**< Declared family for this OR,
496 struct config_line_t
*NodeFamilies
; /**< List of config lines for
498 /** List of parsed NodeFamilies values. */
499 struct smartlist_t
*NodeFamilySets
;
500 struct config_line_t
*AuthDirBadExit
; /**< Address policy for descriptors to
501 * mark as bad exits. */
502 /** Address policy for descriptors to mark as only suitable for the
503 * middle position in circuits. */
504 struct config_line_t
*AuthDirMiddleOnly
;
505 struct config_line_t
*AuthDirReject
; /**< Address policy for descriptors to
507 struct config_line_t
*AuthDirInvalid
; /**< Address policy for descriptors to
508 * never mark as valid. */
509 /** @name AuthDir...CC
511 * Lists of country codes to mark as BadExit, or Invalid, or to
516 struct smartlist_t
*AuthDirBadExitCCs
;
517 struct smartlist_t
*AuthDirInvalidCCs
;
518 struct smartlist_t
*AuthDirMiddleOnlyCCs
;
519 struct smartlist_t
*AuthDirRejectCCs
;
522 char *AccountingStart
; /**< How long is the accounting interval, and when
524 uint64_t AccountingMax
; /**< How many bytes do we allow per accounting
525 * interval before hibernation? 0 for "never
527 /** How do we determine when our AccountingMax has been reached?
528 * "max" for when in or out reaches AccountingMax
529 * "sum" for when in plus out reaches AccountingMax
530 * "in" for when in reaches AccountingMax
531 * "out" for when out reaches AccountingMax */
532 char *AccountingRule_option
;
533 enum { ACCT_MAX
, ACCT_SUM
, ACCT_IN
, ACCT_OUT
} AccountingRule
;
535 /** Base64-encoded hash of accepted passwords for the control system. */
536 struct config_line_t
*HashedControlPassword
;
537 /** As HashedControlPassword, but not saved. */
538 struct config_line_t
*HashedControlSessionPassword
;
540 int CookieAuthentication
; /**< Boolean: do we enable cookie-based auth for
541 * the control system? */
542 char *CookieAuthFile
; /**< Filesystem location of a ControlPort
543 * authentication cookie. */
544 char *ExtORPortCookieAuthFile
; /**< Filesystem location of Extended
545 * ORPort authentication cookie. */
546 int CookieAuthFileGroupReadable
; /**< Boolean: Is the CookieAuthFile g+r? */
547 int ExtORPortCookieAuthFileGroupReadable
; /**< Boolean: Is the
548 * ExtORPortCookieAuthFile g+r? */
549 int LeaveStreamsUnattached
; /**< Boolean: Does Tor attach new streams to
550 * circuits itself (0), or does it expect a controller
552 int DisablePredictedCircuits
; /**< Boolean: does Tor preemptively
553 * make circuits in the background (0),
556 /** Process specifier for a controller that ‘owns’ this Tor
557 * instance. Tor will terminate if its owning controller does. */
558 char *OwningControllerProcess
;
559 /** FD specifier for a controller that owns this Tor instance. */
560 uint64_t OwningControllerFD
;
562 int ShutdownWaitLength
; /**< When we get a SIGINT and we're a server, how
563 * long do we wait before exiting? */
564 char *SafeLogging
; /**< Contains "relay", "1", "0" (meaning no scrubbing). */
566 /* Derived from SafeLogging */
568 SAFELOG_SCRUB_ALL
, SAFELOG_SCRUB_RELAY
, SAFELOG_SCRUB_NONE
571 int Sandbox
; /**< Boolean: should sandboxing be enabled? */
572 int SafeSocks
; /**< Boolean: should we outright refuse application
573 * connections that use socks4 or socks5-with-local-dns? */
574 int ProtocolWarnings
; /**< Boolean: when other parties screw up the Tor
575 * protocol, is it a warn or an info in our logs? */
576 int TestSocks
; /**< Boolean: when we get a socks connection, do we loudly
577 * log whether it was DNS-leaking or not? */
578 /** Token Bucket Refill resolution in milliseconds. */
579 int TokenBucketRefillInterval
;
581 /** Boolean: Do we try to enter from a smallish number
583 int UseEntryGuards_option
;
584 /** Internal variable to remember whether we're actually acting on
585 * UseEntryGuards_option -- when we're a non-anonymous Single Onion Service,
586 * it is always false, otherwise we use the value of UseEntryGuards_option.
590 int NumEntryGuards
; /**< How many entry guards do we try to establish? */
592 /** If 1, we use any guardfraction information we see in the
593 * consensus. If 0, we don't. If -1, let the consensus parameter
595 int UseGuardFraction
;
597 int NumDirectoryGuards
; /**< How many dir guards do we try to establish?
598 * If 0, use value from NumEntryGuards. */
599 int NumPrimaryGuards
; /**< How many primary guards do we want? */
601 /** Boolean: Switch to toggle the vanguards-lite subsystem */
602 int VanguardsLiteEnabled
;
604 /** Boolean: Switch to override consensus to enable congestion control */
605 int AlwaysCongestionControl
;
607 int RephistTrackTime
; /**< How many seconds do we keep rephist info? */
608 /** Should we always fetch our dir info on the mirror schedule (which
609 * means directly from the authorities) no matter our other config? */
610 int FetchDirInfoEarly
;
612 /** Should we fetch our dir info at the start of the consensus period? */
613 int FetchDirInfoExtraEarly
;
615 int DirCache
; /**< Cache all directory documents and accept requests via
616 * tunnelled dir conns from clients. If 1, enabled (default);
617 * If 0, disabled. Use dir_server_mode() rather than
618 * referencing this option directly. (Except for routermode
619 * and relay_config, which do direct checks.) */
621 char *VirtualAddrNetworkIPv4
; /**< Address and mask to hand out for virtual
622 * MAPADDRESS requests for IPv4 addresses */
623 char *VirtualAddrNetworkIPv6
; /**< Address and mask to hand out for virtual
624 * MAPADDRESS requests for IPv6 addresses */
625 int ServerDNSSearchDomains
; /**< Boolean: If set, we don't force exit
626 * addresses to be FQDNs, but rather search for them in
627 * the local domains. */
628 int ServerDNSDetectHijacking
; /**< Boolean: If true, check for DNS failure
630 int ServerDNSRandomizeCase
; /**< Boolean: Use the 0x20-hack to prevent
631 * DNS poisoning attacks. */
632 char *ServerDNSResolvConfFile
; /**< If provided, we configure our internal
633 * resolver from the file here rather than from
634 * /etc/resolv.conf (Unix) or the registry (Windows). */
635 char *DirPortFrontPage
; /**< This is a full path to a file with an html
636 disclaimer. This allows a server administrator to show
637 that they're running Tor and anyone visiting their server
638 will know this without any specialized knowledge. */
639 int DisableDebuggerAttachment
; /**< Currently Linux only specific attempt to
640 disable ptrace; needs BSD testing. */
641 /** Boolean: if set, we start even if our resolv.conf file is missing
643 int ServerDNSAllowBrokenConfig
;
644 /** Boolean: if set, then even connections to private addresses will get
646 int CountPrivateBandwidth
;
647 /** A list of addresses that definitely should be resolvable. Used for
648 * testing our DNS server. */
649 struct smartlist_t
*ServerDNSTestAddresses
;
650 int EnforceDistinctSubnets
; /**< If true, don't allow multiple routers in the
651 * same network zone in the same circuit. */
652 int AllowNonRFC953Hostnames
; /**< If true, we allow connections to hostnames
653 * with weird characters. */
654 /** If true, we try resolving hostnames with weird characters. */
655 int ServerDNSAllowNonRFC953Hostnames
;
657 /** If true, we try to download extra-info documents (and we serve them,
658 * if we are a cache). For authorities, this is always true. */
659 int DownloadExtraInfo
;
661 /** If true, we're configured to collect statistics on clients
662 * requesting network statuses from us as directory. */
663 int DirReqStatistics_option
;
664 /** Internal variable to remember whether we're actually acting on
665 * DirReqStatistics_option -- yes if it's set and we're a server, else no. */
666 int DirReqStatistics
;
668 /** If true, the user wants us to collect statistics on port usage. */
669 int ExitPortStatistics
;
671 /** If true, the user wants us to collect connection statistics. */
672 int ConnDirectionStatistics
;
674 /** If true, the user wants us to collect cell statistics. */
677 /** If true, the user wants us to collect padding statistics. */
678 int PaddingStatistics
;
680 /** If true, the user wants us to collect statistics as entry node. */
683 /** If true, the user wants us to collect statistics as hidden service
684 * directory, introduction point, or rendezvous point. */
685 int HiddenServiceStatistics_option
;
686 /** Internal variable to remember whether we're actually acting on
687 * HiddenServiceStatistics_option -- yes if it's set and we're a server,
689 int HiddenServiceStatistics
;
691 /** If true, include statistics file contents in extra-info documents. */
692 int ExtraInfoStatistics
;
694 /** If true, include overload statistics in extra-info documents. */
695 int OverloadStatistics
;
697 /** If true, do not believe anybody who tells us that a domain resolves
698 * to an internal address, or that an internal address has a PTR mapping.
699 * Helps avoid some cross-site attacks. */
700 int ClientDNSRejectInternalAddresses
;
702 /** If true, do not accept any requests to connect to internal addresses
703 * over randomly chosen exits. */
704 int ClientRejectInternalAddresses
;
706 /** If true, clients may connect over IPv4. If false, they will avoid
707 * connecting over IPv4. We enforce this for OR and Dir connections. */
709 /** If true, clients may connect over IPv6. If false, they will avoid
710 * connecting over IPv4. We enforce this for OR and Dir connections.
711 * Use reachable_addr_use_ipv6() instead of accessing this value
714 /** If true, prefer an IPv6 OR port over an IPv4 one for entry node
715 * connections. If auto, bridge clients prefer IPv6, and other clients
716 * prefer IPv4. Use node_ipv6_or_preferred() instead of accessing this value
718 int ClientPreferIPv6ORPort
;
719 /** If true, prefer an IPv6 directory port over an IPv4 one for direct
720 * directory connections. If auto, bridge clients prefer IPv6, and other
721 * clients prefer IPv4. Use reachable_addr_prefer_ipv6_dirport() instead of
722 * accessing this value directly. */
723 int ClientPreferIPv6DirPort
;
725 /** The length of time that we think a consensus should be fresh. */
726 int V3AuthVotingInterval
;
727 /** The length of time we think it will take to distribute votes. */
729 /** The length of time we think it will take to distribute signatures. */
731 /** The number of intervals we think a consensus should be valid. */
732 int V3AuthNIntervalsValid
;
734 /** Should advertise and sign consensuses with a legacy key, for key
735 * migration purposes? */
736 int V3AuthUseLegacyKey
;
738 /** Location of bandwidth measurement file */
739 char *V3BandwidthsFile
;
741 /** Location of guardfraction file */
742 char *GuardfractionFile
;
744 /** The length of time that we think an initial consensus should be fresh.
745 * Only altered on testing networks. */
746 int TestingV3AuthInitialVotingInterval
;
748 /** The length of time we think it will take to distribute initial votes.
749 * Only altered on testing networks. */
750 int TestingV3AuthInitialVoteDelay
;
752 /** The length of time we think it will take to distribute initial
753 * signatures. Only altered on testing networks.*/
754 int TestingV3AuthInitialDistDelay
;
756 /** Offset in seconds added to the starting time for consensus
757 voting. Only altered on testing networks. */
758 int TestingV3AuthVotingStartOffset
;
760 /** Schedule for when servers should download things in general. Only
761 * altered on testing networks. */
762 int TestingServerDownloadInitialDelay
;
764 /** Schedule for when clients should download things in general. Only
765 * altered on testing networks. */
766 int TestingClientDownloadInitialDelay
;
768 /** Schedule for when servers should download consensuses. Only altered
769 * on testing networks. */
770 int TestingServerConsensusDownloadInitialDelay
;
772 /** Schedule for when clients should download consensuses. Only altered
773 * on testing networks. */
774 int TestingClientConsensusDownloadInitialDelay
;
776 /** Schedule for when clients should download consensuses from authorities
777 * if they are bootstrapping (that is, they don't have a usable, reasonably
778 * live consensus). Only used by clients fetching from a list of fallback
781 * This schedule is incremented by (potentially concurrent) connection
782 * attempts, unlike other schedules, which are incremented by connection
783 * failures. Only altered on testing networks. */
784 int ClientBootstrapConsensusAuthorityDownloadInitialDelay
;
786 /** Schedule for when clients should download consensuses from fallback
787 * directory mirrors if they are bootstrapping (that is, they don't have a
788 * usable, reasonably live consensus). Only used by clients fetching from a
789 * list of fallback directory mirrors.
791 * This schedule is incremented by (potentially concurrent) connection
792 * attempts, unlike other schedules, which are incremented by connection
793 * failures. Only altered on testing networks. */
794 int ClientBootstrapConsensusFallbackDownloadInitialDelay
;
796 /** Schedule for when clients should download consensuses from authorities
797 * if they are bootstrapping (that is, they don't have a usable, reasonably
798 * live consensus). Only used by clients which don't have or won't fetch
799 * from a list of fallback directory mirrors.
801 * This schedule is incremented by (potentially concurrent) connection
802 * attempts, unlike other schedules, which are incremented by connection
803 * failures. Only altered on testing networks. */
804 int ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay
;
806 /** Schedule for when clients should download bridge descriptors. Only
807 * altered on testing networks. */
808 int TestingBridgeDownloadInitialDelay
;
810 /** Schedule for when clients should download bridge descriptors when they
811 * have no running bridges. Only altered on testing networks. */
812 int TestingBridgeBootstrapDownloadInitialDelay
;
814 /** When directory clients have only a few descriptors to request, they
815 * batch them until they have more, or until this amount of time has
816 * passed. Only altered on testing networks. */
817 int TestingClientMaxIntervalWithoutRequest
;
819 /** How long do we let a directory connection stall before expiring
820 * it? Only altered on testing networks. */
821 int TestingDirConnectionMaxStall
;
823 /** How many simultaneous in-progress connections will we make when trying
824 * to fetch a consensus before we wait for one to complete, timeout, or
825 * error out? Only altered on testing networks. */
826 int ClientBootstrapConsensusMaxInProgressTries
;
828 /** If true, we take part in a testing network. Change the defaults of a
829 * couple of other configuration options and allow to change the values
830 * of certain configuration options. */
831 int TestingTorNetwork
;
833 /** Enable CONN_BW events. Only altered on testing networks. */
834 int TestingEnableConnBwEvent
;
836 /** Enable CELL_STATS events. Only altered on testing networks. */
837 int TestingEnableCellStatsEvent
;
839 /** If true, and we have GeoIP data, and we're a bridge, keep a per-country
840 * count of how many client addresses have contacted us so that we can help
841 * the bridge authority guess which countries have blocked access to us. */
842 int BridgeRecordUsageByCountry
;
844 /** Optionally, IPv4 and IPv6 GeoIP data. */
848 /** Autobool: if auto, then any attempt to Exclude{Exit,}Nodes a particular
849 * country code will exclude all nodes in ?? and A1. If true, all nodes in
850 * ?? and A1 are excluded. Has no effect if we don't know any GeoIP data. */
851 int GeoIPExcludeUnknown
;
853 /** If true, SIGHUP should reload the torrc. Sometimes controllers want
854 * to make this false. */
855 int ReloadTorrcOnSIGHUP
;
857 /** The main parameter for picking circuits within a connection.
859 * If this value is positive, when picking a cell to relay on a connection,
860 * we always relay from the circuit whose weighted cell count is lowest.
861 * Cells are weighted exponentially such that if one cell is sent
862 * 'CircuitPriorityHalflife' seconds before another, it counts for half as
865 * If this value is zero, we're disabling the cell-EWMA algorithm.
867 * If this value is negative, we're using the default approach
868 * according to either Tor or a parameter set in the consensus.
870 double CircuitPriorityHalflife
;
872 /** Set to true if the TestingTorNetwork configuration option is set.
873 * This is used so that options_validate() has a chance to realize that
874 * the defaults have changed. */
875 int UsingTestNetworkDefaults_
;
877 /** If 1, we try to use microdescriptors to build circuits. If 0, we don't.
878 * If -1, Tor decides. */
879 int UseMicrodescriptors
;
881 /** File where we should write the ControlPort. */
882 char *ControlPortWriteToFile
;
883 /** Should that file be group-readable? */
884 int ControlPortFileGroupReadable
;
886 #define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024
887 /** Maximum number of non-open general-purpose origin circuits to allow at
889 int MaxClientCircuitsPending
;
891 /** If 1, we accept and launch no external network connections, except on
896 * Parameters for path-bias detection.
898 * These options override the default behavior of Tor's (**currently
899 * experimental**) path bias detection algorithm. To try to find broken or
900 * misbehaving guard nodes, Tor looks for nodes where more than a certain
901 * fraction of circuits through that guard fail to get built.
903 * The PathBiasCircThreshold option controls how many circuits we need to
904 * build through a guard before we make these checks. The
905 * PathBiasNoticeRate, PathBiasWarnRate and PathBiasExtremeRate options
906 * control what fraction of circuits must succeed through a guard so we
907 * won't write log messages. If less than PathBiasExtremeRate circuits
908 * succeed *and* PathBiasDropGuards is set to 1, we disable use of that
911 * When we have seen more than PathBiasScaleThreshold circuits through a
912 * guard, we scale our observations by 0.5 (governed by the consensus) so
913 * that new observations don't get swamped by old ones.
915 * By default, or if a negative value is provided for one of these options,
916 * Tor uses reasonable defaults from the networkstatus consensus document.
917 * If no defaults are available there, these options default to 150, .70,
918 * .50, .30, 0, and 300 respectively.
920 int PathBiasCircThreshold
;
921 double PathBiasNoticeRate
;
922 double PathBiasWarnRate
;
923 double PathBiasExtremeRate
;
924 int PathBiasDropGuards
;
925 int PathBiasScaleThreshold
;
929 * Parameters for path-bias use detection
931 * Similar to the above options, these options override the default behavior
932 * of Tor's (**currently experimental**) path use bias detection algorithm.
934 * Where as the path bias parameters govern thresholds for successfully
935 * building circuits, these four path use bias parameters govern thresholds
936 * only for circuit usage. Circuits which receive no stream usage are not
937 * counted by this detection algorithm. A used circuit is considered
938 * successful if it is capable of carrying streams or otherwise receiving
939 * well-formed responses to RELAY cells.
941 * By default, or if a negative value is provided for one of these options,
942 * Tor uses reasonable defaults from the networkstatus consensus document.
943 * If no defaults are available there, these options default to 20, .80,
944 * .60, and 100, respectively.
946 int PathBiasUseThreshold
;
947 double PathBiasNoticeUseRate
;
948 double PathBiasExtremeUseRate
;
949 int PathBiasScaleUseThreshold
;
952 int IPv6Exit
; /**< Do we support exiting to IPv6 addresses? */
955 double PathsNeededToBuildCircuits
;
957 /** What expiry time shall we place on our SSL certs? "0" means we
958 * should guess a suitable value. */
961 /** How long (seconds) do we keep a guard before picking a new one? */
964 /** Is this an exit node? This is a tristate, where "1" means "yes, and use
965 * the default exit policy if none is given" and "0" means "no; exit policy
966 * is 'reject *'" and "auto" (-1) means "same as 1, but warn the user."
968 * XXXX Eventually, the default will be 0. */
971 /** For how long (seconds) do we declare our signing keys to be valid? */
972 int SigningKeyLifetime
;
973 /** For how long (seconds) do we declare our link keys to be valid? */
974 int TestingLinkCertLifetime
;
975 /** For how long (seconds) do we declare our auth keys to be valid? */
976 int TestingAuthKeyLifetime
;
978 /** How long before signing keys expire will we try to make a new one? */
979 int TestingSigningKeySlop
;
980 /** How long before link keys expire will we try to make a new one? */
981 int TestingLinkKeySlop
;
982 /** How long before auth keys expire will we try to make a new one? */
983 int TestingAuthKeySlop
;
985 /** Force use of offline master key features: never generate a master
986 * ed25519 identity key except from tor --keygen */
987 int OfflineMasterKey
;
989 key_expiration_format_t key_expiration_format
;
992 FORCE_PASSPHRASE_AUTO
=0,
995 } keygen_force_passphrase
;
996 int use_keygen_passphrase_fd
;
997 int keygen_passphrase_fd
;
998 int change_key_passphrase
;
999 char *master_key_fname
;
1001 /** Autobool: Do we try to retain capabilities if we can? */
1002 int KeepBindCapabilities
;
1004 /** Maximum total size of unparseable descriptors to log during the
1005 * lifetime of this Tor process.
1007 uint64_t MaxUnparseableDescSizeToLog
;
1009 /** If 1, we skip all OOS checks. */
1010 int DisableOOSCheck
;
1012 /** Autobool: Should we include Ed25519 identities in extend2 cells?
1013 * If -1, we should do whatever the consensus parameter says. */
1014 int ExtendByEd25519ID
;
1016 /** Bool (default: 0): Tells if a %include was used on torrc */
1019 /** The seconds after expiration which we as a relay should keep old
1020 * consensuses around so that we can generate diffs from them. If 0,
1021 * use the default. */
1022 int MaxConsensusAgeForDiffs
;
1024 /** Bool (default: 0). Tells Tor to never try to exec another program.
1028 /** Have the KIST scheduler run every X milliseconds. If less than zero, do
1029 * not use the KIST scheduler but use the old vanilla scheduler instead. If
1030 * zero, do what the consensus says and fall back to using KIST as if this is
1031 * set to "10 msec" if the consensus doesn't say anything. */
1032 int KISTSchedRunInterval
;
1034 /** A multiplier for the KIST per-socket limit calculation. */
1035 double KISTSockBufSizeFactor
;
1037 /** The list of scheduler type string ordered by priority that is first one
1038 * has to be tried first. Default: KIST,KISTLite,Vanilla */
1039 struct smartlist_t
*Schedulers
;
1040 /** An ordered list of scheduler_types mapped from Schedulers. */
1041 struct smartlist_t
*SchedulerTypes_
;
1043 /** List of files that were opened by %include in torrc and torrc-defaults */
1044 struct smartlist_t
*FilesOpenedByIncludes
;
1046 /** If true, Tor shouldn't install any posix signal handlers, since it is
1047 * running embedded inside another process.
1049 int DisableSignalHandlers
;
1051 /** Interval: how long without activity does it take for a client
1052 * to become dormant?
1054 int DormantClientTimeout
;
1057 * Boolean: If enabled, then we consider the timeout when deciding whether
1058 * to be dormant. If not enabled, then only the SIGNAL ACTIVE/DORMANT
1059 * controls can change our status.
1061 int DormantTimeoutEnabled
;
1063 /** Boolean: true if having an idle stream is sufficient to prevent a client
1064 * from becoming dormant.
1066 int DormantTimeoutDisabledByIdleStreams
;
1068 /** Boolean: true if Tor should be dormant the first time it starts with
1069 * a datadirectory; false otherwise. */
1070 int DormantOnFirstStartup
;
1072 * Boolean: true if Tor should treat every startup event as cancelling
1073 * a possible previous dormant state.
1075 int DormantCanceledByStartup
;
1077 /** List of policy allowed to query the Metrics port. */
1078 struct config_line_t
*MetricsPortPolicy
;
1080 /** How far must we be into the current bandwidth-measurement period to
1081 * report bandwidth observations from this period? */
1082 int TestingMinTimeToReportBandwidth
;
1085 * Configuration objects for individual modules.
1087 * Never access this field or its members directly: instead, use the module
1088 * in question to get its relevant configuration object.
1090 struct config_suite_t
*subconfigs_
;
1093 #endif /* !defined(TOR_OR_OPTIONS_ST_H) */