diff options
Diffstat (limited to 'src/app/config/or_options_st.h')
-rw-r--r-- | src/app/config/or_options_st.h | 181 |
1 files changed, 77 insertions, 104 deletions
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 74d2fefa16..bf58205f89 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2020, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -13,11 +13,15 @@ #ifndef TOR_OR_OPTIONS_ST_H #define TOR_OR_OPTIONS_ST_H +#include "core/or/or.h" #include "lib/cc/torint.h" #include "lib/net/address.h" +#include "app/config/tor_cmdline_mode.h" struct smartlist_t; struct config_line_t; +struct config_suite_t; +struct routerset_t; /** Enumeration of outbound address configuration types: * Exit-only, OR-only, or both */ @@ -25,17 +29,18 @@ typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR, OUTBOUND_ADDR_EXIT_AND_OR, OUTBOUND_ADDR_MAX} outbound_addr_t; +/** Which protocol to use for TCPProxy. */ +typedef enum { + /** Use the HAProxy proxy protocol. */ + TCP_PROXY_PROTOCOL_HAPROXY +} tcp_proxy_protocol_t; + /** Configuration options for a Tor process. */ struct or_options_t { uint32_t magic_; /** What should the tor process actually do? */ - enum { - CMD_RUN_TOR=0, CMD_LIST_FINGERPRINT, CMD_HASH_PASSWORD, - CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS, CMD_DUMP_CONFIG, - CMD_KEYGEN, - CMD_KEY_EXPIRATION, - } command; + tor_cmdline_mode_t command; char *command_arg; /**< Argument for command-line option. */ struct config_line_t *Logs; /**< New-style list of configuration lines @@ -69,25 +74,29 @@ struct or_options_t { char *Address; /**< OR only: configured address for this onion router. */ char *PidFile; /**< Where to store PID of Tor process. */ - routerset_t *ExitNodes; /**< Structure containing nicknames, digests, + struct routerset_t *ExitNodes; /**< Structure containing nicknames, digests, * country codes and IP address patterns of ORs to * consider as exits. */ - routerset_t *EntryNodes;/**< Structure containing nicknames, digests, + struct routerset_t *MiddleNodes; /**< Structure containing nicknames, + * digests, country codes and IP address patterns + * of ORs to consider as middles. */ + struct routerset_t *EntryNodes;/**< Structure containing nicknames, digests, * country codes and IP address patterns of ORs to * consider as entry points. */ int StrictNodes; /**< Boolean: When none of our EntryNodes or ExitNodes * are up, or we need to access a node in ExcludeNodes, * do we just fail instead? */ - routerset_t *ExcludeNodes;/**< Structure containing nicknames, digests, - * country codes and IP address patterns of ORs - * not to use in circuits. But see StrictNodes - * above. */ - routerset_t *ExcludeExitNodes;/**< Structure containing nicknames, digests, - * country codes and IP address patterns of - * ORs not to consider as exits. */ + struct routerset_t *ExcludeNodes;/**< Structure containing nicknames, + * digests, country codes and IP address patterns + * of ORs not to use in circuits. But see + * StrictNodes above. */ + struct routerset_t *ExcludeExitNodes;/**< Structure containing nicknames, + * digests, country codes and IP address + * patterns of ORs not to consider as + * exits. */ /** Union of ExcludeNodes and ExcludeExitNodes */ - routerset_t *ExcludeExitNodesUnion_; + struct routerset_t *ExcludeExitNodesUnion_; int DisableAllSwap; /**< Boolean: Attempt to call mlockall() on our * process for all current and future memory. */ @@ -113,12 +122,6 @@ struct or_options_t { * [][0] is IPv4, [][1] is IPv6 */ tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]; - /** Directory server only: which versions of - * Tor should we tell users to run? */ - struct config_line_t *RecommendedVersions; - struct config_line_t *RecommendedClientVersions; - struct config_line_t *RecommendedServerVersions; - struct config_line_t *RecommendedPackages; /** Whether dirservers allow router descriptors with private IPs. */ int DirAllowPrivateAddresses; /** Whether routers accept EXTEND cells to routers with private IPs. */ @@ -193,9 +196,6 @@ struct or_options_t { int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */ int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory * for version 3 directories? */ - int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative - * directory that's willing to recommend - * versions? */ int BridgeAuthoritativeDir; /**< Boolean: is this an authoritative directory * that aggregates bridge descriptors? */ @@ -245,6 +245,17 @@ struct or_options_t { * pad to the server regardless of server support. */ int ConnectionPadding; + /** Boolean: if true, then circuit padding will be negotiated by client + * and server, subject to consenus limits (default). If 0, it will be fully + * disabled. */ + int CircuitPadding; + + /** Boolean: if true, then this client will only use circuit padding + * algorithms that are known to use a low amount of overhead. If false, + * we will use all available circuit padding algorithms. + */ + int ReducedCircuitPadding; + /** To what authority types do we publish our descriptor? Choices are * "v1", "v2", "v3", "bridge", or "". */ struct smartlist_t *PublishServerDescriptor; @@ -255,20 +266,17 @@ struct or_options_t { int FetchServerDescriptors; /**< Do we fetch server descriptors as normal? */ int FetchHidServDescriptors; /**< and hidden service descriptors? */ - int MinUptimeHidServDirectoryV2; /**< As directory authority, accept hidden - * service directories after what time? */ - int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */ int AllDirActionsPrivate; /**< Should every directory action be sent * through a Tor circuit? */ /** A routerset that should be used when picking middle nodes for HS * circuits. */ - routerset_t *HSLayer2Nodes; + struct routerset_t *HSLayer2Nodes; /** A routerset that should be used when picking third-hop nodes for HS * circuits. */ - routerset_t *HSLayer3Nodes; + struct routerset_t *HSLayer3Nodes; /** Onion Services in HiddenServiceSingleHopMode make one-hop (direct) * circuits between the onion service server, and the introduction and @@ -409,6 +417,11 @@ struct or_options_t { char *Socks5ProxyUsername; /**< Username for SOCKS5 authentication, if any */ char *Socks5ProxyPassword; /**< Password for SOCKS5 authentication, if any */ + char *TCPProxy; /**< protocol and hostname:port to use as a proxy, if any. */ + tcp_proxy_protocol_t TCPProxyProtocol; /**< Derived from TCPProxy. */ + tor_addr_t TCPProxyAddr; /**< Derived from TCPProxy. */ + uint16_t TCPProxyPort; /**< Derived from TCPProxy. */ + /** List of configuration lines for replacement directory authorities. * If you just want to replace one class of authority at a time, * use the "Alternate*Authority" options below instead. */ @@ -455,21 +468,6 @@ struct or_options_t { struct smartlist_t *AuthDirRejectCCs; /**@}*/ - int AuthDirListBadExits; /**< True iff we should list bad exits, - * and vote for all other exits as good. */ - int AuthDirMaxServersPerAddr; /**< Do not permit more than this - * number of servers per IP address. */ - int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */ - int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */ - - /** If non-zero, always vote the Fast flag for any relay advertising - * this amount of capacity or more. */ - uint64_t AuthDirFastGuarantee; - - /** If non-zero, this advertised capacity or more is always sufficient - * to satisfy the bandwidth requirement for the Guard flag. */ - uint64_t AuthDirGuardBWGuarantee; - char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting @@ -526,12 +524,8 @@ struct or_options_t { * protocol, is it a warn or an info in our logs? */ int TestSocks; /**< Boolean: when we get a socks connection, do we loudly * log whether it was DNS-leaking or not? */ - int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware - * acceleration where available? */ /** Token Bucket Refill resolution in milliseconds. */ int TokenBucketRefillInterval; - char *AccelName; /**< Optional hardware acceleration engine name. */ - char *AccelDir; /**< Optional hardware acceleration engine search dir. */ /** Boolean: Do we try to enter from a smallish number * of fixed nodes? */ @@ -563,7 +557,9 @@ struct or_options_t { int DirCache; /**< Cache all directory documents and accept requests via * tunnelled dir conns from clients. If 1, enabled (default); - * If 0, disabled. */ + * If 0, disabled. Use dir_server_mode() rather than + * referencing this option directly. (Except for routermode + * and relay_config, which do direct checks.) */ char *VirtualAddrNetworkIPv4; /**< Address and mask to hand out for virtual * MAPADDRESS requests for IPv4 addresses */ @@ -685,14 +681,6 @@ struct or_options_t { /** Location of guardfraction file */ char *GuardfractionFile; - /** Authority only: key=value pairs that we add to our networkstatus - * consensus vote on the 'params' line. */ - char *ConsensusParams; - - /** Authority only: minimum number of measured bandwidths we must see - * before we only believe measured bandwidths to assign flags. */ - int MinMeasuredBWsForAuthToIgnoreAdvertised; - /** The length of time that we think an initial consensus should be fresh. * Only altered on testing networks. */ int TestingV3AuthInitialVotingInterval; @@ -709,16 +697,6 @@ struct or_options_t { voting. Only altered on testing networks. */ int TestingV3AuthVotingStartOffset; - /** If an authority has been around for less than this amount of time, it - * does not believe its reachability information is accurate. Only - * altered on testing networks. */ - int TestingAuthDirTimeToLearnReachability; - - /** Clients don't download any descriptor this recent, since it will - * probably not have propagated to enough caches. Only altered on testing - * networks. */ - int TestingEstimatedDescriptorPropagationTime; - /** Schedule for when servers should download things in general. Only * altered on testing networks. */ int TestingServerDownloadInitialDelay; @@ -792,27 +770,6 @@ struct or_options_t { * of certain configuration options. */ int TestingTorNetwork; - /** Minimum value for the Exit flag threshold on testing networks. */ - uint64_t TestingMinExitFlagThreshold; - - /** Minimum value for the Fast flag threshold on testing networks. */ - uint64_t TestingMinFastFlagThreshold; - - /** Relays in a testing network which should be voted Exit - * regardless of exit policy. */ - routerset_t *TestingDirAuthVoteExit; - int TestingDirAuthVoteExitIsStrict; - - /** Relays in a testing network which should be voted Guard - * regardless of uptime and bandwidth. */ - routerset_t *TestingDirAuthVoteGuard; - int TestingDirAuthVoteGuardIsStrict; - - /** Relays in a testing network which should be voted HSDir - * regardless of uptime and DirPort. */ - routerset_t *TestingDirAuthVoteHSDir; - int TestingDirAuthVoteHSDirIsStrict; - /** Enable CONN_BW events. Only altered on testing networks. */ int TestingEnableConnBwEvent; @@ -837,7 +794,7 @@ struct or_options_t { * to make this false. */ int ReloadTorrcOnSIGHUP; - /* The main parameter for picking circuits within a connection. + /** The main parameter for picking circuits within a connection. * * If this value is positive, when picking a cell to relay on a connection, * we always relay from the circuit whose weighted cell count is lowest. @@ -991,12 +948,6 @@ struct or_options_t { */ uint64_t MaxUnparseableDescSizeToLog; - /** Bool (default: 1): Switch for the shared random protocol. Only - * relevant to a directory authority. If off, the authority won't - * participate in the protocol. If on (default), a flag is added to the - * vote indicating participation. */ - int AuthDirSharedRandomness; - /** If 1, we skip all OOS checks. */ int DisableOOSCheck; @@ -1004,11 +955,6 @@ struct or_options_t { * If -1, we should do whatever the consensus parameter says. */ int ExtendByEd25519ID; - /** Bool (default: 1): When testing routerinfos as a directory authority, - * do we enforce Ed25519 identity match? */ - /* NOTE: remove this option someday. */ - int AuthDirTestEd25519LinkKeys; - /** Bool (default: 0): Tells if a %include was used on torrc */ int IncludeUsed; @@ -1033,7 +979,7 @@ struct or_options_t { /** The list of scheduler type string ordered by priority that is first one * has to be tried first. Default: KIST,KISTLite,Vanilla */ struct smartlist_t *Schedulers; - /* An ordered list of scheduler_types mapped from Schedulers. */ + /** An ordered list of scheduler_types mapped from Schedulers. */ struct smartlist_t *SchedulerTypes_; /** List of files that were opened by %include in torrc and torrc-defaults */ @@ -1072,6 +1018,33 @@ struct or_options_t { /** Autobool: Do we refuse single hop client rendezvous? */ int DoSRefuseSingleHopClientRendezvous; + + /** Interval: how long without activity does it take for a client + * to become dormant? + **/ + int DormantClientTimeout; + + /** Boolean: true if having an idle stream is sufficient to prevent a client + * from becoming dormant. + **/ + int DormantTimeoutDisabledByIdleStreams; + + /** Boolean: true if Tor should be dormant the first time it starts with + * a datadirectory; false otherwise. */ + int DormantOnFirstStartup; + /** + * Boolean: true if Tor should treat every startup event as cancelling + * a possible previous dormant state. + **/ + int DormantCanceledByStartup; + + /** + * Configuration objects for individual modules. + * + * Never access this field or its members directly: instead, use the module + * in question to get its relevant configuration object. + */ + struct config_suite_t *subconfigs_; }; -#endif +#endif /* !defined(TOR_OR_OPTIONS_ST_H) */ |