1 files changed, 58 insertions, 14 deletions

diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index bf58205f89..4364f145ed 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -24,10 +24,29 @@ struct config_suite_t;
 struct routerset_t;
 
 /** Enumeration of outbound address configuration types:
- * Exit-only, OR-only, or both */
-typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR,
-              OUTBOUND_ADDR_EXIT_AND_OR,
-              OUTBOUND_ADDR_MAX} outbound_addr_t;
+ * Exit-only, OR-only, PT-only, or any of them */
+typedef enum {
+  /** Outbound IP address for Exit connections. Controlled by the
+   * `OutboundBindAddressExit` configuration entry in torrc. */
+  OUTBOUND_ADDR_EXIT,
+
+  /** Outbound IP address for OR connections. Controlled by the
+   * `OutboundBindAddressOR` configuration entry in torrc. */
+  OUTBOUND_ADDR_OR,
+
+  /** Outbound IP address for PT connections. Controlled by the
+   * `OutboundBindAddressPT` configuration entry in torrc. */
+  OUTBOUND_ADDR_PT,
+
+  /** Outbound IP address for any outgoing connections. Controlled by the
+   * OutboundBindAddress configuration entry in torrc. This value is used as
+   * fallback if the more specific OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR, and
+   * OUTBOUND_ADDR_PT are unset. */
+  OUTBOUND_ADDR_ANY,
+
+  /** Max value for this enum. Must be the last element in this enum. */
+  OUTBOUND_ADDR_MAX
+} outbound_addr_t;
 
 /** Which protocol to use for TCPProxy. */
 typedef enum {
@@ -35,6 +54,12 @@ typedef enum {
   TCP_PROXY_PROTOCOL_HAPROXY
 } tcp_proxy_protocol_t;
 
+/** Enumeration of available time formats for output of --key-expiration */
+typedef enum {
+  KEY_EXPIRATION_FORMAT_ISO8601 = 0,
+  KEY_EXPIRATION_FORMAT_TIMESTAMP
+} key_expiration_format_t;
+
 /** Configuration options for a Tor process. */
 struct or_options_t {
   uint32_t magic_;
@@ -52,7 +77,6 @@ struct or_options_t {
   int TruncateLogFile; /**< Boolean: Should we truncate the log file
                             before we start writing? */
   char *SyslogIdentityTag; /**< Identity tag to add for syslog logging. */
-  char *AndroidIdentityTag; /**< Identity tag to add for Android logging. */
 
   char *DebugLogFile; /**< Where to send verbose log messages. */
   char *DataDirectory_option; /**< Where to store long-term data, as
@@ -71,7 +95,14 @@ struct or_options_t {
   int CacheDirectoryGroupReadable; /**< Boolean: Is the CacheDirectory g+r? */
 
   char *Nickname; /**< OR only: nickname of this onion router. */
-  char *Address; /**< OR only: configured address for this onion router. */
+  /** OR only: configured address for this onion router. Up to two times this
+   * options is accepted as in IPv4 and IPv6. */
+  struct config_line_t *Address;
+
+  /** Boolean: If set, disable IPv6 address resolution, IPv6 ORPorts, IPv6
+   * reachability checks, and publishing an IPv6 ORPort in its descriptor. */
+  int AddressDisableIPv6;
+
   char *PidFile; /**< Where to store PID of Tor process. */
 
   struct routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
@@ -118,6 +149,8 @@ struct or_options_t {
   struct config_line_t *OutboundBindAddressOR;
   /** Local address to bind outbound exit sockets */
   struct config_line_t *OutboundBindAddressExit;
+  /** Local address to bind outbound PT sockets */
+  struct config_line_t *OutboundBindAddressPT;
   /** Addresses derived from the various OutboundBindAddress lines.
    * [][0] is IPv4, [][1] is IPv6
    */
@@ -131,6 +164,8 @@ struct or_options_t {
   struct config_line_t *ORPort_lines;
   /** Ports to listen on for extended OR connections. */
   struct config_line_t *ExtORPort_lines;
+  /** Ports to listen on for Metrics connections. */
+  struct config_line_t *MetricsPort_lines;
   /** Ports to listen on for SOCKS connections. */
   struct config_line_t *SocksPort_lines;
   /** Ports to listen on for transparent pf/netfilter connections. */
@@ -190,9 +225,17 @@ struct or_options_t {
   unsigned int DNSPort_set : 1;
   unsigned int ExtORPort_set : 1;
   unsigned int HTTPTunnelPort_set : 1;
+  unsigned int MetricsPort_set : 1;
   /**@}*/
 
-  int AssumeReachable; /**< Whether to publish our descriptor regardless. */
+  /** Whether to publish our descriptor regardless of all our self-tests
+   */
+  int AssumeReachable;
+  /** Whether to publish our descriptor regardless of IPv6 self-tests.
+   *
+   * This is an autobool; when set to AUTO, it uses AssumeReachable.
+   **/
+  int AssumeReachableIPv6;
   int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
   int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
                            * for version 3 directories? */
@@ -648,7 +691,7 @@ struct or_options_t {
   int ClientUseIPv4;
   /** If true, clients may connect over IPv6. If false, they will avoid
    * connecting over IPv4. We enforce this for OR and Dir connections.
-   * Use fascist_firewall_use_ipv6() instead of accessing this value
+   * Use reachable_addr_use_ipv6() instead of accessing this value
    * directly. */
   int ClientUseIPv6;
   /** If true, prefer an IPv6 OR port over an IPv4 one for entry node
@@ -658,7 +701,7 @@ struct or_options_t {
   int ClientPreferIPv6ORPort;
   /** If true, prefer an IPv6 directory port over an IPv4 one for direct
    * directory connections. If auto, bridge clients prefer IPv6, and other
-   * clients prefer IPv4. Use fascist_firewall_prefer_ipv6_dirport() instead of
+   * clients prefer IPv4. Use reachable_addr_prefer_ipv6_dirport() instead of
    * accessing this value directly.  */
   int ClientPreferIPv6DirPort;
 
@@ -828,10 +871,6 @@ struct or_options_t {
    * once. */
   int MaxClientCircuitsPending;
 
-  /** If 1, we always send optimistic data when it's supported.  If 0, we
-   * never use it.  If -1, we do what the consensus says. */
-  int OptimisticData;
-
   /** If 1, we accept and launch no external network connections, except on
    * control ports. */
   int DisableNetwork;
@@ -930,6 +969,8 @@ struct or_options_t {
    * ed25519 identity key except from tor --keygen */
   int OfflineMasterKey;
 
+  key_expiration_format_t key_expiration_format;
+
   enum {
     FORCE_PASSPHRASE_AUTO=0,
     FORCE_PASSPHRASE_ON,
@@ -1000,7 +1041,7 @@ struct or_options_t {
   /** Maximum allowed burst of circuits. Reaching that value, the address is
    * detected as malicious and a defense might be used. */
   int DoSCircuitCreationBurst;
-  /** When an address is marked as malicous, what defense should be used
+  /** When an address is marked as malicious, what defense should be used
    * against it. See the dos_cc_defense_type_t enum. */
   int DoSCircuitCreationDefenseType;
   /** For how much time (in seconds) the defense is applicable for a malicious
@@ -1038,6 +1079,9 @@ struct or_options_t {
    **/
   int DormantCanceledByStartup;
 
+  /** List of policy allowed to query the Metrics port. */
+  struct config_line_t *MetricsPortPolicy;
+
   /**
    * Configuration objects for individual modules.
    *