diff options
Diffstat (limited to 'src/app/config/or_options_st.h')
| -rw-r--r-- | src/app/config/or_options_st.h | 1077 |
1 files changed, 1077 insertions, 0 deletions
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h new file mode 100644 index 0000000000..0c0c5d32bb --- /dev/null +++ b/src/app/config/or_options_st.h @@ -0,0 +1,1077 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef TOR_OR_OPTIONS_ST_H +#define TOR_OR_OPTIONS_ST_H + +#include "lib/cc/torint.h" +#include "lib/net/address.h" + +struct smartlist_t; +struct config_line_t; + +/** Enumeration of outbound address configuration types: + * Exit-only, OR-only, or both */ +typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR, + OUTBOUND_ADDR_EXIT_AND_OR, + OUTBOUND_ADDR_MAX} outbound_addr_t; + +/** Configuration options for a Tor process. */ +struct or_options_t { + uint32_t magic_; + + /** What should the tor process actually do? */ + enum { + CMD_RUN_TOR=0, CMD_LIST_FINGERPRINT, CMD_HASH_PASSWORD, + CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS, CMD_DUMP_CONFIG, + CMD_KEYGEN, + CMD_KEY_EXPIRATION, + } command; + char *command_arg; /**< Argument for command-line option. */ + + struct config_line_t *Logs; /**< New-style list of configuration lines + * for logs */ + int LogTimeGranularity; /**< Log resolution in milliseconds. */ + + int LogMessageDomains; /**< Boolean: Should we log the domain(s) in which + * each log message occurs? */ + int TruncateLogFile; /**< Boolean: Should we truncate the log file + before we start writing? */ + char *SyslogIdentityTag; /**< Identity tag to add for syslog logging. */ + char *AndroidIdentityTag; /**< Identity tag to add for Android logging. */ + + char *DebugLogFile; /**< Where to send verbose log messages. */ + char *DataDirectory_option; /**< Where to store long-term data, as + * configured by the user. */ + char *DataDirectory; /**< Where to store long-term data, as modified. */ + int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */ + + char *KeyDirectory_option; /**< Where to store keys, as + * configured by the user. */ + char *KeyDirectory; /**< Where to store keys data, as modified. */ + int KeyDirectoryGroupReadable; /**< Boolean: Is the KeyDirectory g+r? */ + + char *CacheDirectory_option; /**< Where to store cached data, as + * configured by the user. */ + char *CacheDirectory; /**< Where to store cached data, as modified. */ + int CacheDirectoryGroupReadable; /**< Boolean: Is the CacheDirectory g+r? */ + + char *Nickname; /**< OR only: nickname of this onion router. */ + char *Address; /**< OR only: configured address for this onion router. */ + char *PidFile; /**< Where to store PID of Tor process. */ + + routerset_t *ExitNodes; /**< Structure containing nicknames, digests, + * country codes and IP address patterns of ORs to + * consider as exits. */ + routerset_t *EntryNodes;/**< Structure containing nicknames, digests, + * country codes and IP address patterns of ORs to + * consider as entry points. */ + int StrictNodes; /**< Boolean: When none of our EntryNodes or ExitNodes + * are up, or we need to access a node in ExcludeNodes, + * do we just fail instead? */ + routerset_t *ExcludeNodes;/**< Structure containing nicknames, digests, + * country codes and IP address patterns of ORs + * not to use in circuits. But see StrictNodes + * above. */ + routerset_t *ExcludeExitNodes;/**< Structure containing nicknames, digests, + * country codes and IP address patterns of + * ORs not to consider as exits. */ + + /** Union of ExcludeNodes and ExcludeExitNodes */ + routerset_t *ExcludeExitNodesUnion_; + + int DisableAllSwap; /**< Boolean: Attempt to call mlockall() on our + * process for all current and future memory. */ + + struct config_line_t *ExitPolicy; /**< Lists of exit policy components. */ + int ExitPolicyRejectPrivate; /**< Should we not exit to reserved private + * addresses, and our own published addresses? + */ + int ExitPolicyRejectLocalInterfaces; /**< Should we not exit to local + * interface addresses? + * Includes OutboundBindAddresses and + * configured ports. */ + int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */ + struct config_line_t *SocksPolicy; /**< Lists of socks policy components */ + struct config_line_t *DirPolicy; /**< Lists of dir policy components */ + /** Local address to bind outbound sockets */ + struct config_line_t *OutboundBindAddress; + /** Local address to bind outbound relay sockets */ + struct config_line_t *OutboundBindAddressOR; + /** Local address to bind outbound exit sockets */ + struct config_line_t *OutboundBindAddressExit; + /** Addresses derived from the various OutboundBindAddress lines. + * [][0] is IPv4, [][1] is IPv6 + */ + tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]; + /** Directory server only: which versions of + * Tor should we tell users to run? */ + struct config_line_t *RecommendedVersions; + struct config_line_t *RecommendedClientVersions; + struct config_line_t *RecommendedServerVersions; + struct config_line_t *RecommendedPackages; + /** Whether dirservers allow router descriptors with private IPs. */ + int DirAllowPrivateAddresses; + /** Whether routers accept EXTEND cells to routers with private IPs. */ + int ExtendAllowPrivateAddresses; + char *User; /**< Name of user to run Tor as. */ + /** Ports to listen on for OR connections. */ + struct config_line_t *ORPort_lines; + /** Ports to listen on for extended OR connections. */ + struct config_line_t *ExtORPort_lines; + /** Ports to listen on for SOCKS connections. */ + struct config_line_t *SocksPort_lines; + /** Ports to listen on for transparent pf/netfilter connections. */ + struct config_line_t *TransPort_lines; + char *TransProxyType; /**< What kind of transparent proxy + * implementation are we using? */ + /** Parsed value of TransProxyType. */ + enum { + TPT_DEFAULT, + TPT_PF_DIVERT, + TPT_IPFW, + TPT_TPROXY, + } TransProxyType_parsed; + /** Ports to listen on for transparent natd connections. */ + struct config_line_t *NATDPort_lines; + /** Ports to listen on for HTTP Tunnel connections. */ + struct config_line_t *HTTPTunnelPort_lines; + struct config_line_t *ControlPort_lines; /**< Ports to listen on for control + * connections. */ + /** List of Unix Domain Sockets to listen on for control connections. */ + struct config_line_t *ControlSocket; + + int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */ + int UnixSocksGroupWritable; /**< Boolean: Are SOCKS Unix sockets g+rw? */ + /** Ports to listen on for directory connections. */ + struct config_line_t *DirPort_lines; + /** Ports to listen on for DNS requests. */ + struct config_line_t *DNSPort_lines; + + /* MaxMemInQueues value as input by the user. We clean this up to be + * MaxMemInQueues. */ + uint64_t MaxMemInQueues_raw; + uint64_t MaxMemInQueues;/**< If we have more memory than this allocated + * for queues and buffers, run the OOM handler */ + /** Above this value, consider ourselves low on RAM. */ + uint64_t MaxMemInQueues_low_threshold; + + /** @name port booleans + * + * Derived booleans: For server ports and ControlPort, true iff there is a + * non-listener port on an AF_INET or AF_INET6 address of the given type + * configured in one of the _lines options above. + * For client ports, also true if there is a unix socket configured. + * If you are checking for client ports, you may want to use: + * SocksPort_set || TransPort_set || NATDPort_set || DNSPort_set || + * HTTPTunnelPort_set + * rather than SocksPort_set. + * + * @{ + */ + unsigned int ORPort_set : 1; + unsigned int SocksPort_set : 1; + unsigned int TransPort_set : 1; + unsigned int NATDPort_set : 1; + unsigned int ControlPort_set : 1; + unsigned int DirPort_set : 1; + unsigned int DNSPort_set : 1; + unsigned int ExtORPort_set : 1; + unsigned int HTTPTunnelPort_set : 1; + /**@}*/ + + int AssumeReachable; /**< Whether to publish our descriptor regardless. */ + int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */ + int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory + * for version 3 directories? */ + int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative + * directory that's willing to recommend + * versions? */ + int BridgeAuthoritativeDir; /**< Boolean: is this an authoritative directory + * that aggregates bridge descriptors? */ + + /** If set on a bridge relay, it will include this value on a new + * "bridge-distribution-request" line in its bridge descriptor. */ + char *BridgeDistribution; + + /** If set on a bridge authority, it will answer requests on its dirport + * for bridge statuses -- but only if the requests use this password. */ + char *BridgePassword; + /** If BridgePassword is set, this is a SHA256 digest of the basic http + * authenticator for it. Used so we can do a time-independent comparison. */ + char *BridgePassword_AuthDigest_; + + int UseBridges; /**< Boolean: should we start all circuits with a bridge? */ + struct config_line_t *Bridges; /**< List of bootstrap bridge addresses. */ + + struct config_line_t *ClientTransportPlugin; /**< List of client + transport plugins. */ + + struct config_line_t *ServerTransportPlugin; /**< List of client + transport plugins. */ + + /** List of TCP/IP addresses that transports should listen at. */ + struct config_line_t *ServerTransportListenAddr; + + /** List of options that must be passed to pluggable transports. */ + struct config_line_t *ServerTransportOptions; + + int BridgeRelay; /**< Boolean: are we acting as a bridge relay? We make + * this explicit so we can change how we behave in the + * future. */ + + /** Boolean: if we know the bridge's digest, should we get new + * descriptors from the bridge authorities or from the bridge itself? */ + int UpdateBridgesFromAuthority; + + int AvoidDiskWrites; /**< Boolean: should we never cache things to disk? + * Not used yet. */ + int ClientOnly; /**< Boolean: should we never evolve into a server role? */ + + int ReducedConnectionPadding; /**< Boolean: Should we try to keep connections + open shorter and pad them less against + connection-level traffic analysis? */ + /** Autobool: if auto, then connection padding will be negotiated by client + * and server. If 0, it will be fully disabled. If 1, the client will still + * pad to the server regardless of server support. */ + int ConnectionPadding; + + /** To what authority types do we publish our descriptor? Choices are + * "v1", "v2", "v3", "bridge", or "". */ + struct smartlist_t *PublishServerDescriptor; + /** A bitfield of authority types, derived from PublishServerDescriptor. */ + dirinfo_type_t PublishServerDescriptor_; + /** Boolean: do we publish hidden service descriptors to the HS auths? */ + int PublishHidServDescriptors; + int FetchServerDescriptors; /**< Do we fetch server descriptors as normal? */ + int FetchHidServDescriptors; /**< and hidden service descriptors? */ + + int MinUptimeHidServDirectoryV2; /**< As directory authority, accept hidden + * service directories after what time? */ + + int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */ + int AllDirActionsPrivate; /**< Should every directory action be sent + * through a Tor circuit? */ + + /** Run in 'tor2web mode'? (I.e. only make client connections to hidden + * services, and use a single hop for all hidden-service-related + * circuits.) */ + int Tor2webMode; + + /** A routerset that should be used when picking RPs for HS circuits. */ + routerset_t *Tor2webRendezvousPoints; + + /** A routerset that should be used when picking middle nodes for HS + * circuits. */ + routerset_t *HSLayer2Nodes; + + /** A routerset that should be used when picking third-hop nodes for HS + * circuits. */ + routerset_t *HSLayer3Nodes; + + /** Onion Services in HiddenServiceSingleHopMode make one-hop (direct) + * circuits between the onion service server, and the introduction and + * rendezvous points. (Onion service descriptors are still posted using + * 3-hop paths, to avoid onion service directories blocking the service.) + * This option makes every hidden service instance hosted by + * this tor instance a Single Onion Service. + * HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be + * set to 1. + * Use rend_service_allow_non_anonymous_connection() or + * rend_service_reveal_startup_time() instead of using this option directly. + */ + int HiddenServiceSingleHopMode; + /* Makes hidden service clients and servers non-anonymous on this tor + * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables + * non-anonymous behaviour in the hidden service protocol. + * Use rend_service_non_anonymous_mode_enabled() instead of using this option + * directly. + */ + int HiddenServiceNonAnonymousMode; + + int ConnLimit; /**< Demanded minimum number of simultaneous connections. */ + int ConnLimit_; /**< Maximum allowed number of simultaneous connections. */ + int ConnLimit_high_thresh; /**< start trying to lower socket usage if we + * have this many. */ + int ConnLimit_low_thresh; /**< try to get down to here after socket + * exhaustion. */ + int RunAsDaemon; /**< If true, run in the background. (Unix only) */ + int FascistFirewall; /**< Whether to prefer ORs reachable on open ports. */ + struct smartlist_t *FirewallPorts; /**< Which ports our firewall allows + * (strings). */ + /** IP:ports our firewall allows. */ + struct config_line_t *ReachableAddresses; + struct config_line_t *ReachableORAddresses; /**< IP:ports for OR conns. */ + struct config_line_t *ReachableDirAddresses; /**< IP:ports for Dir conns. */ + + int ConstrainedSockets; /**< Shrink xmit and recv socket buffers. */ + uint64_t ConstrainedSockSize; /**< Size of constrained buffers. */ + + /** Whether we should drop exit streams from Tors that we don't know are + * relays. One of "0" (never refuse), "1" (always refuse), or "-1" (do + * what the consensus says, defaulting to 'refuse' if the consensus says + * nothing). */ + int RefuseUnknownExits; + + /** Application ports that require all nodes in circ to have sufficient + * uptime. */ + struct smartlist_t *LongLivedPorts; + /** Application ports that are likely to be unencrypted and + * unauthenticated; we reject requests for them to prevent the + * user from screwing up and leaking plaintext secrets to an + * observer somewhere on the Internet. */ + struct smartlist_t *RejectPlaintextPorts; + /** Related to RejectPlaintextPorts above, except this config option + * controls whether we warn (in the log and via a controller status + * event) every time a risky connection is attempted. */ + struct smartlist_t *WarnPlaintextPorts; + /** Should we try to reuse the same exit node for a given host */ + struct smartlist_t *TrackHostExits; + int TrackHostExitsExpire; /**< Number of seconds until we expire an + * addressmap */ + struct config_line_t *AddressMap; /**< List of address map directives. */ + int AutomapHostsOnResolve; /**< If true, when we get a resolve request for a + * hostname ending with one of the suffixes in + * <b>AutomapHostsSuffixes</b>, map it to a + * virtual address. */ + /** List of suffixes for <b>AutomapHostsOnResolve</b>. The special value + * "." means "match everything." */ + struct smartlist_t *AutomapHostsSuffixes; + int RendPostPeriod; /**< How often do we post each rendezvous service + * descriptor? Remember to publish them independently. */ + int KeepalivePeriod; /**< How often do we send padding cells to keep + * connections alive? */ + int SocksTimeout; /**< How long do we let a socks connection wait + * unattached before we fail it? */ + int LearnCircuitBuildTimeout; /**< If non-zero, we attempt to learn a value + * for CircuitBuildTimeout based on timeout + * history. Use circuit_build_times_disabled() + * rather than checking this value directly. */ + int CircuitBuildTimeout; /**< Cull non-open circuits that were born at + * least this many seconds ago. Used until + * adaptive algorithm learns a new value. */ + int CircuitsAvailableTimeout; /**< Try to have an open circuit for at + least this long after last activity */ + int CircuitStreamTimeout; /**< If non-zero, detach streams from circuits + * and try a new circuit if the stream has been + * waiting for this many seconds. If zero, use + * our default internal timeout schedule. */ + int MaxOnionQueueDelay; /*< DOCDOC */ + int NewCircuitPeriod; /**< How long do we use a circuit before building + * a new one? */ + int MaxCircuitDirtiness; /**< Never use circs that were first used more than + this interval ago. */ + uint64_t BandwidthRate; /**< How much bandwidth, on average, are we willing + * to use in a second? */ + uint64_t BandwidthBurst; /**< How much bandwidth, at maximum, are we willing + * to use in a second? */ + uint64_t MaxAdvertisedBandwidth; /**< How much bandwidth are we willing to + * tell other nodes we have? */ + uint64_t RelayBandwidthRate; /**< How much bandwidth, on average, are we + * willing to use for all relayed conns? */ + uint64_t RelayBandwidthBurst; /**< How much bandwidth, at maximum, will we + * use in a second for all relayed conns? */ + uint64_t PerConnBWRate; /**< Long-term bw on a single TLS conn, if set. */ + uint64_t PerConnBWBurst; /**< Allowed burst on a single TLS conn, if set. */ + int NumCPUs; /**< How many CPUs should we try to use? */ + struct config_line_t *RendConfigLines; /**< List of configuration lines + * for rendezvous services. */ + struct config_line_t *HidServAuth; /**< List of configuration lines for + * client-side authorizations for hidden + * services */ + char *ContactInfo; /**< Contact info to be published in the directory. */ + + int HeartbeatPeriod; /**< Log heartbeat messages after this many seconds + * have passed. */ + int MainloopStats; /**< Log main loop statistics as part of the + * heartbeat messages. */ + + char *HTTPProxy; /**< hostname[:port] to use as http proxy, if any. */ + tor_addr_t HTTPProxyAddr; /**< Parsed IPv4 addr for http proxy, if any. */ + uint16_t HTTPProxyPort; /**< Parsed port for http proxy, if any. */ + char *HTTPProxyAuthenticator; /**< username:password string, if any. */ + + char *HTTPSProxy; /**< hostname[:port] to use as https proxy, if any. */ + tor_addr_t HTTPSProxyAddr; /**< Parsed addr for https proxy, if any. */ + uint16_t HTTPSProxyPort; /**< Parsed port for https proxy, if any. */ + char *HTTPSProxyAuthenticator; /**< username:password string, if any. */ + + char *Socks4Proxy; /**< hostname:port to use as a SOCKS4 proxy, if any. */ + tor_addr_t Socks4ProxyAddr; /**< Derived from Socks4Proxy. */ + uint16_t Socks4ProxyPort; /**< Derived from Socks4Proxy. */ + + char *Socks5Proxy; /**< hostname:port to use as a SOCKS5 proxy, if any. */ + tor_addr_t Socks5ProxyAddr; /**< Derived from Sock5Proxy. */ + uint16_t Socks5ProxyPort; /**< Derived from Socks5Proxy. */ + char *Socks5ProxyUsername; /**< Username for SOCKS5 authentication, if any */ + char *Socks5ProxyPassword; /**< Password for SOCKS5 authentication, if any */ + + /** List of configuration lines for replacement directory authorities. + * If you just want to replace one class of authority at a time, + * use the "Alternate*Authority" options below instead. */ + struct config_line_t *DirAuthorities; + + /** List of fallback directory servers */ + struct config_line_t *FallbackDir; + /** Whether to use the default hard-coded FallbackDirs */ + int UseDefaultFallbackDirs; + + /** Weight to apply to all directory authority rates if considering them + * along with fallbackdirs */ + double DirAuthorityFallbackRate; + + /** If set, use these main (currently v3) directory authorities and + * not the default ones. */ + struct config_line_t *AlternateDirAuthority; + + /** If set, use these bridge authorities and not the default one. */ + struct config_line_t *AlternateBridgeAuthority; + + struct config_line_t *MyFamily_lines; /**< Declared family for this OR. */ + struct config_line_t *MyFamily; /**< Declared family for this OR, + normalized */ + struct config_line_t *NodeFamilies; /**< List of config lines for + * node families */ + /** List of parsed NodeFamilies values. */ + struct smartlist_t *NodeFamilySets; + struct config_line_t *AuthDirBadExit; /**< Address policy for descriptors to + * mark as bad exits. */ + struct config_line_t *AuthDirReject; /**< Address policy for descriptors to + * reject. */ + struct config_line_t *AuthDirInvalid; /**< Address policy for descriptors to + * never mark as valid. */ + /** @name AuthDir...CC + * + * Lists of country codes to mark as BadExit, or Invalid, or to + * reject entirely. + * + * @{ + */ + struct smartlist_t *AuthDirBadExitCCs; + struct smartlist_t *AuthDirInvalidCCs; + struct smartlist_t *AuthDirRejectCCs; + /**@}*/ + + int AuthDirListBadExits; /**< True iff we should list bad exits, + * and vote for all other exits as good. */ + int AuthDirMaxServersPerAddr; /**< Do not permit more than this + * number of servers per IP address. */ + int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */ + int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */ + + /** If non-zero, always vote the Fast flag for any relay advertising + * this amount of capacity or more. */ + uint64_t AuthDirFastGuarantee; + + /** If non-zero, this advertised capacity or more is always sufficient + * to satisfy the bandwidth requirement for the Guard flag. */ + uint64_t AuthDirGuardBWGuarantee; + + char *AccountingStart; /**< How long is the accounting interval, and when + * does it start? */ + uint64_t AccountingMax; /**< How many bytes do we allow per accounting + * interval before hibernation? 0 for "never + * hibernate." */ + /** How do we determine when our AccountingMax has been reached? + * "max" for when in or out reaches AccountingMax + * "sum" for when in plus out reaches AccountingMax + * "in" for when in reaches AccountingMax + * "out" for when out reaches AccountingMax */ + char *AccountingRule_option; + enum { ACCT_MAX, ACCT_SUM, ACCT_IN, ACCT_OUT } AccountingRule; + + /** Base64-encoded hash of accepted passwords for the control system. */ + struct config_line_t *HashedControlPassword; + /** As HashedControlPassword, but not saved. */ + struct config_line_t *HashedControlSessionPassword; + + int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for + * the control system? */ + char *CookieAuthFile; /**< Filesystem location of a ControlPort + * authentication cookie. */ + char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended + * ORPort authentication cookie. */ + int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */ + int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the + * ExtORPortCookieAuthFile g+r? */ + int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to + * circuits itself (0), or does it expect a controller + * to cope? (1) */ + int DisablePredictedCircuits; /**< Boolean: does Tor preemptively + * make circuits in the background (0), + * or not (1)? */ + + /** Process specifier for a controller that ‘owns’ this Tor + * instance. Tor will terminate if its owning controller does. */ + char *OwningControllerProcess; + /** FD specifier for a controller that owns this Tor instance. */ + int OwningControllerFD; + + int ShutdownWaitLength; /**< When we get a SIGINT and we're a server, how + * long do we wait before exiting? */ + char *SafeLogging; /**< Contains "relay", "1", "0" (meaning no scrubbing). */ + + /* Derived from SafeLogging */ + enum { + SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE + } SafeLogging_; + + int Sandbox; /**< Boolean: should sandboxing be enabled? */ + int SafeSocks; /**< Boolean: should we outright refuse application + * connections that use socks4 or socks5-with-local-dns? */ + int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor + * protocol, is it a warn or an info in our logs? */ + int TestSocks; /**< Boolean: when we get a socks connection, do we loudly + * log whether it was DNS-leaking or not? */ + int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware + * acceleration where available? */ + /** Token Bucket Refill resolution in milliseconds. */ + int TokenBucketRefillInterval; + char *AccelName; /**< Optional hardware acceleration engine name. */ + char *AccelDir; /**< Optional hardware acceleration engine search dir. */ + + /** Boolean: Do we try to enter from a smallish number + * of fixed nodes? */ + int UseEntryGuards_option; + /** Internal variable to remember whether we're actually acting on + * UseEntryGuards_option -- when we're a non-anonymous Tor2web client or + * Single Onion Service, it is always false, otherwise we use the value of + * UseEntryGuards_option. */ + int UseEntryGuards; + + int NumEntryGuards; /**< How many entry guards do we try to establish? */ + + /** If 1, we use any guardfraction information we see in the + * consensus. If 0, we don't. If -1, let the consensus parameter + * decide. */ + int UseGuardFraction; + + int NumDirectoryGuards; /**< How many dir guards do we try to establish? + * If 0, use value from NumEntryGuards. */ + int NumPrimaryGuards; /**< How many primary guards do we want? */ + + int RephistTrackTime; /**< How many seconds do we keep rephist info? */ + /** Should we always fetch our dir info on the mirror schedule (which + * means directly from the authorities) no matter our other config? */ + int FetchDirInfoEarly; + + /** Should we fetch our dir info at the start of the consensus period? */ + int FetchDirInfoExtraEarly; + + int DirCache; /**< Cache all directory documents and accept requests via + * tunnelled dir conns from clients. If 1, enabled (default); + * If 0, disabled. */ + + char *VirtualAddrNetworkIPv4; /**< Address and mask to hand out for virtual + * MAPADDRESS requests for IPv4 addresses */ + char *VirtualAddrNetworkIPv6; /**< Address and mask to hand out for virtual + * MAPADDRESS requests for IPv6 addresses */ + int ServerDNSSearchDomains; /**< Boolean: If set, we don't force exit + * addresses to be FQDNs, but rather search for them in + * the local domains. */ + int ServerDNSDetectHijacking; /**< Boolean: If true, check for DNS failure + * hijacking. */ + int ServerDNSRandomizeCase; /**< Boolean: Use the 0x20-hack to prevent + * DNS poisoning attacks. */ + char *ServerDNSResolvConfFile; /**< If provided, we configure our internal + * resolver from the file here rather than from + * /etc/resolv.conf (Unix) or the registry (Windows). */ + char *DirPortFrontPage; /**< This is a full path to a file with an html + disclaimer. This allows a server administrator to show + that they're running Tor and anyone visiting their server + will know this without any specialized knowledge. */ + int DisableDebuggerAttachment; /**< Currently Linux only specific attempt to + disable ptrace; needs BSD testing. */ + /** Boolean: if set, we start even if our resolv.conf file is missing + * or broken. */ + int ServerDNSAllowBrokenConfig; + /** Boolean: if set, then even connections to private addresses will get + * rate-limited. */ + int CountPrivateBandwidth; + /** A list of addresses that definitely should be resolvable. Used for + * testing our DNS server. */ + struct smartlist_t *ServerDNSTestAddresses; + int EnforceDistinctSubnets; /**< If true, don't allow multiple routers in the + * same network zone in the same circuit. */ + int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames + * with weird characters. */ + /** If true, we try resolving hostnames with weird characters. */ + int ServerDNSAllowNonRFC953Hostnames; + + /** If true, we try to download extra-info documents (and we serve them, + * if we are a cache). For authorities, this is always true. */ + int DownloadExtraInfo; + + /** If true, we're configured to collect statistics on clients + * requesting network statuses from us as directory. */ + int DirReqStatistics_option; + /** Internal variable to remember whether we're actually acting on + * DirReqStatistics_option -- yes if it's set and we're a server, else no. */ + int DirReqStatistics; + + /** If true, the user wants us to collect statistics on port usage. */ + int ExitPortStatistics; + + /** If true, the user wants us to collect connection statistics. */ + int ConnDirectionStatistics; + + /** If true, the user wants us to collect cell statistics. */ + int CellStatistics; + + /** If true, the user wants us to collect padding statistics. */ + int PaddingStatistics; + + /** If true, the user wants us to collect statistics as entry node. */ + int EntryStatistics; + + /** If true, the user wants us to collect statistics as hidden service + * directory, introduction point, or rendezvous point. */ + int HiddenServiceStatistics_option; + /** Internal variable to remember whether we're actually acting on + * HiddenServiceStatistics_option -- yes if it's set and we're a server, + * else no. */ + int HiddenServiceStatistics; + + /** If true, include statistics file contents in extra-info documents. */ + int ExtraInfoStatistics; + + /** If true, do not believe anybody who tells us that a domain resolves + * to an internal address, or that an internal address has a PTR mapping. + * Helps avoid some cross-site attacks. */ + int ClientDNSRejectInternalAddresses; + + /** If true, do not accept any requests to connect to internal addresses + * over randomly chosen exits. */ + int ClientRejectInternalAddresses; + + /** If true, clients may connect over IPv4. If false, they will avoid + * connecting over IPv4. We enforce this for OR and Dir connections. */ + int ClientUseIPv4; + /** If true, clients may connect over IPv6. If false, they will avoid + * connecting over IPv4. We enforce this for OR and Dir connections. + * Use fascist_firewall_use_ipv6() instead of accessing this value + * directly. */ + int ClientUseIPv6; + /** If true, prefer an IPv6 OR port over an IPv4 one for entry node + * connections. If auto, bridge clients prefer IPv6, and other clients + * prefer IPv4. Use node_ipv6_or_preferred() instead of accessing this value + * directly. */ + int ClientPreferIPv6ORPort; + /** If true, prefer an IPv6 directory port over an IPv4 one for direct + * directory connections. If auto, bridge clients prefer IPv6, and other + * clients prefer IPv4. Use fascist_firewall_prefer_ipv6_dirport() instead of + * accessing this value directly. */ + int ClientPreferIPv6DirPort; + + /** The length of time that we think a consensus should be fresh. */ + int V3AuthVotingInterval; + /** The length of time we think it will take to distribute votes. */ + int V3AuthVoteDelay; + /** The length of time we think it will take to distribute signatures. */ + int V3AuthDistDelay; + /** The number of intervals we think a consensus should be valid. */ + int V3AuthNIntervalsValid; + + /** Should advertise and sign consensuses with a legacy key, for key + * migration purposes? */ + int V3AuthUseLegacyKey; + + /** Location of bandwidth measurement file */ + char *V3BandwidthsFile; + + /** Location of guardfraction file */ + char *GuardfractionFile; + + /** Authority only: key=value pairs that we add to our networkstatus + * consensus vote on the 'params' line. */ + char *ConsensusParams; + + /** Authority only: minimum number of measured bandwidths we must see + * before we only believe measured bandwidths to assign flags. */ + int MinMeasuredBWsForAuthToIgnoreAdvertised; + + /** The length of time that we think an initial consensus should be fresh. + * Only altered on testing networks. */ + int TestingV3AuthInitialVotingInterval; + + /** The length of time we think it will take to distribute initial votes. + * Only altered on testing networks. */ + int TestingV3AuthInitialVoteDelay; + + /** The length of time we think it will take to distribute initial + * signatures. Only altered on testing networks.*/ + int TestingV3AuthInitialDistDelay; + + /** Offset in seconds added to the starting time for consensus + voting. Only altered on testing networks. */ + int TestingV3AuthVotingStartOffset; + + /** If an authority has been around for less than this amount of time, it + * does not believe its reachability information is accurate. Only + * altered on testing networks. */ + int TestingAuthDirTimeToLearnReachability; + + /** Clients don't download any descriptor this recent, since it will + * probably not have propagated to enough caches. Only altered on testing + * networks. */ + int TestingEstimatedDescriptorPropagationTime; + + /** Schedule for when servers should download things in general. Only + * altered on testing networks. */ + int TestingServerDownloadInitialDelay; + + /** Schedule for when clients should download things in general. Only + * altered on testing networks. */ + int TestingClientDownloadInitialDelay; + + /** Schedule for when servers should download consensuses. Only altered + * on testing networks. */ + int TestingServerConsensusDownloadInitialDelay; + + /** Schedule for when clients should download consensuses. Only altered + * on testing networks. */ + int TestingClientConsensusDownloadInitialDelay; + + /** Schedule for when clients should download consensuses from authorities + * if they are bootstrapping (that is, they don't have a usable, reasonably + * live consensus). Only used by clients fetching from a list of fallback + * directory mirrors. + * + * This schedule is incremented by (potentially concurrent) connection + * attempts, unlike other schedules, which are incremented by connection + * failures. Only altered on testing networks. */ + int ClientBootstrapConsensusAuthorityDownloadInitialDelay; + + /** Schedule for when clients should download consensuses from fallback + * directory mirrors if they are bootstrapping (that is, they don't have a + * usable, reasonably live consensus). Only used by clients fetching from a + * list of fallback directory mirrors. + * + * This schedule is incremented by (potentially concurrent) connection + * attempts, unlike other schedules, which are incremented by connection + * failures. Only altered on testing networks. */ + int ClientBootstrapConsensusFallbackDownloadInitialDelay; + + /** Schedule for when clients should download consensuses from authorities + * if they are bootstrapping (that is, they don't have a usable, reasonably + * live consensus). Only used by clients which don't have or won't fetch + * from a list of fallback directory mirrors. + * + * This schedule is incremented by (potentially concurrent) connection + * attempts, unlike other schedules, which are incremented by connection + * failures. Only altered on testing networks. */ + int ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay; + + /** Schedule for when clients should download bridge descriptors. Only + * altered on testing networks. */ + int TestingBridgeDownloadInitialDelay; + + /** Schedule for when clients should download bridge descriptors when they + * have no running bridges. Only altered on testing networks. */ + int TestingBridgeBootstrapDownloadInitialDelay; + + /** When directory clients have only a few descriptors to request, they + * batch them until they have more, or until this amount of time has + * passed. Only altered on testing networks. */ + int TestingClientMaxIntervalWithoutRequest; + + /** How long do we let a directory connection stall before expiring + * it? Only altered on testing networks. */ + int TestingDirConnectionMaxStall; + + /** How many simultaneous in-progress connections will we make when trying + * to fetch a consensus before we wait for one to complete, timeout, or + * error out? Only altered on testing networks. */ + int ClientBootstrapConsensusMaxInProgressTries; + + /** If true, we take part in a testing network. Change the defaults of a + * couple of other configuration options and allow to change the values + * of certain configuration options. */ + int TestingTorNetwork; + + /** Minimum value for the Exit flag threshold on testing networks. */ + uint64_t TestingMinExitFlagThreshold; + + /** Minimum value for the Fast flag threshold on testing networks. */ + uint64_t TestingMinFastFlagThreshold; + + /** Relays in a testing network which should be voted Exit + * regardless of exit policy. */ + routerset_t *TestingDirAuthVoteExit; + int TestingDirAuthVoteExitIsStrict; + + /** Relays in a testing network which should be voted Guard + * regardless of uptime and bandwidth. */ + routerset_t *TestingDirAuthVoteGuard; + int TestingDirAuthVoteGuardIsStrict; + + /** Relays in a testing network which should be voted HSDir + * regardless of uptime and DirPort. */ + routerset_t *TestingDirAuthVoteHSDir; + int TestingDirAuthVoteHSDirIsStrict; + + /** Enable CONN_BW events. Only altered on testing networks. */ + int TestingEnableConnBwEvent; + + /** Enable CELL_STATS events. Only altered on testing networks. */ + int TestingEnableCellStatsEvent; + + /** If true, and we have GeoIP data, and we're a bridge, keep a per-country + * count of how many client addresses have contacted us so that we can help + * the bridge authority guess which countries have blocked access to us. */ + int BridgeRecordUsageByCountry; + + /** Optionally, IPv4 and IPv6 GeoIP data. */ + char *GeoIPFile; + char *GeoIPv6File; + + /** Autobool: if auto, then any attempt to Exclude{Exit,}Nodes a particular + * country code will exclude all nodes in ?? and A1. If true, all nodes in + * ?? and A1 are excluded. Has no effect if we don't know any GeoIP data. */ + int GeoIPExcludeUnknown; + + /** If true, SIGHUP should reload the torrc. Sometimes controllers want + * to make this false. */ + int ReloadTorrcOnSIGHUP; + + /* The main parameter for picking circuits within a connection. + * + * If this value is positive, when picking a cell to relay on a connection, + * we always relay from the circuit whose weighted cell count is lowest. + * Cells are weighted exponentially such that if one cell is sent + * 'CircuitPriorityHalflife' seconds before another, it counts for half as + * much. + * + * If this value is zero, we're disabling the cell-EWMA algorithm. + * + * If this value is negative, we're using the default approach + * according to either Tor or a parameter set in the consensus. + */ + double CircuitPriorityHalflife; + + /** Set to true if the TestingTorNetwork configuration option is set. + * This is used so that options_validate() has a chance to realize that + * the defaults have changed. */ + int UsingTestNetworkDefaults_; + + /** If 1, we try to use microdescriptors to build circuits. If 0, we don't. + * If -1, Tor decides. */ + int UseMicrodescriptors; + + /** File where we should write the ControlPort. */ + char *ControlPortWriteToFile; + /** Should that file be group-readable? */ + int ControlPortFileGroupReadable; + +#define MAX_MAX_CLIENT_CIRCUITS_PENDING 1024 + /** Maximum number of non-open general-purpose origin circuits to allow at + * once. */ + int MaxClientCircuitsPending; + + /** If 1, we always send optimistic data when it's supported. If 0, we + * never use it. If -1, we do what the consensus says. */ + int OptimisticData; + + /** If 1, we accept and launch no external network connections, except on + * control ports. */ + int DisableNetwork; + + /** + * Parameters for path-bias detection. + * @{ + * These options override the default behavior of Tor's (**currently + * experimental**) path bias detection algorithm. To try to find broken or + * misbehaving guard nodes, Tor looks for nodes where more than a certain + * fraction of circuits through that guard fail to get built. + * + * The PathBiasCircThreshold option controls how many circuits we need to + * build through a guard before we make these checks. The + * PathBiasNoticeRate, PathBiasWarnRate and PathBiasExtremeRate options + * control what fraction of circuits must succeed through a guard so we + * won't write log messages. If less than PathBiasExtremeRate circuits + * succeed *and* PathBiasDropGuards is set to 1, we disable use of that + * guard. + * + * When we have seen more than PathBiasScaleThreshold circuits through a + * guard, we scale our observations by 0.5 (governed by the consensus) so + * that new observations don't get swamped by old ones. + * + * By default, or if a negative value is provided for one of these options, + * Tor uses reasonable defaults from the networkstatus consensus document. + * If no defaults are available there, these options default to 150, .70, + * .50, .30, 0, and 300 respectively. + */ + int PathBiasCircThreshold; + double PathBiasNoticeRate; + double PathBiasWarnRate; + double PathBiasExtremeRate; + int PathBiasDropGuards; + int PathBiasScaleThreshold; + /** @} */ + + /** + * Parameters for path-bias use detection + * @{ + * Similar to the above options, these options override the default behavior + * of Tor's (**currently experimental**) path use bias detection algorithm. + * + * Where as the path bias parameters govern thresholds for successfully + * building circuits, these four path use bias parameters govern thresholds + * only for circuit usage. Circuits which receive no stream usage are not + * counted by this detection algorithm. A used circuit is considered + * successful if it is capable of carrying streams or otherwise receiving + * well-formed responses to RELAY cells. + * + * By default, or if a negative value is provided for one of these options, + * Tor uses reasonable defaults from the networkstatus consensus document. + * If no defaults are available there, these options default to 20, .80, + * .60, and 100, respectively. + */ + int PathBiasUseThreshold; + double PathBiasNoticeUseRate; + double PathBiasExtremeUseRate; + int PathBiasScaleUseThreshold; + /** @} */ + + int IPv6Exit; /**< Do we support exiting to IPv6 addresses? */ + + /** Fraction: */ + double PathsNeededToBuildCircuits; + + /** What expiry time shall we place on our SSL certs? "0" means we + * should guess a suitable value. */ + int SSLKeyLifetime; + + /** How long (seconds) do we keep a guard before picking a new one? */ + int GuardLifetime; + + /** Is this an exit node? This is a tristate, where "1" means "yes, and use + * the default exit policy if none is given" and "0" means "no; exit policy + * is 'reject *'" and "auto" (-1) means "same as 1, but warn the user." + * + * XXXX Eventually, the default will be 0. */ + int ExitRelay; + + /** For how long (seconds) do we declare our signing keys to be valid? */ + int SigningKeyLifetime; + /** For how long (seconds) do we declare our link keys to be valid? */ + int TestingLinkCertLifetime; + /** For how long (seconds) do we declare our auth keys to be valid? */ + int TestingAuthKeyLifetime; + + /** How long before signing keys expire will we try to make a new one? */ + int TestingSigningKeySlop; + /** How long before link keys expire will we try to make a new one? */ + int TestingLinkKeySlop; + /** How long before auth keys expire will we try to make a new one? */ + int TestingAuthKeySlop; + + /** Force use of offline master key features: never generate a master + * ed25519 identity key except from tor --keygen */ + int OfflineMasterKey; + + enum { + FORCE_PASSPHRASE_AUTO=0, + FORCE_PASSPHRASE_ON, + FORCE_PASSPHRASE_OFF + } keygen_force_passphrase; + int use_keygen_passphrase_fd; + int keygen_passphrase_fd; + int change_key_passphrase; + char *master_key_fname; + + /** Autobool: Do we try to retain capabilities if we can? */ + int KeepBindCapabilities; + + /** Maximum total size of unparseable descriptors to log during the + * lifetime of this Tor process. + */ + uint64_t MaxUnparseableDescSizeToLog; + + /** Bool (default: 1): Switch for the shared random protocol. Only + * relevant to a directory authority. If off, the authority won't + * participate in the protocol. If on (default), a flag is added to the + * vote indicating participation. */ + int AuthDirSharedRandomness; + + /** If 1, we skip all OOS checks. */ + int DisableOOSCheck; + + /** Autobool: Should we include Ed25519 identities in extend2 cells? + * If -1, we should do whatever the consensus parameter says. */ + int ExtendByEd25519ID; + + /** Bool (default: 1): When testing routerinfos as a directory authority, + * do we enforce Ed25519 identity match? */ + /* NOTE: remove this option someday. */ + int AuthDirTestEd25519LinkKeys; + + /** Bool (default: 0): Tells if a %include was used on torrc */ + int IncludeUsed; + + /** The seconds after expiration which we as a relay should keep old + * consensuses around so that we can generate diffs from them. If 0, + * use the default. */ + int MaxConsensusAgeForDiffs; + + /** Bool (default: 0). Tells Tor to never try to exec another program. + */ + int NoExec; + + /** Have the KIST scheduler run every X milliseconds. If less than zero, do + * not use the KIST scheduler but use the old vanilla scheduler instead. If + * zero, do what the consensus says and fall back to using KIST as if this is + * set to "10 msec" if the consensus doesn't say anything. */ + int KISTSchedRunInterval; + + /** A multiplier for the KIST per-socket limit calculation. */ + double KISTSockBufSizeFactor; + + /** The list of scheduler type string ordered by priority that is first one + * has to be tried first. Default: KIST,KISTLite,Vanilla */ + struct smartlist_t *Schedulers; + /* An ordered list of scheduler_types mapped from Schedulers. */ + struct smartlist_t *SchedulerTypes_; + + /** List of files that were opened by %include in torrc and torrc-defaults */ + struct smartlist_t *FilesOpenedByIncludes; + + /** If true, Tor shouldn't install any posix signal handlers, since it is + * running embedded inside another process. + */ + int DisableSignalHandlers; + + /** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */ + int DoSCircuitCreationEnabled; + /** Minimum concurrent connection needed from one single address before any + * defense is used. */ + int DoSCircuitCreationMinConnections; + /** Circuit rate used to refill the token bucket. */ + int DoSCircuitCreationRate; + /** Maximum allowed burst of circuits. Reaching that value, the address is + * detected as malicious and a defense might be used. */ + int DoSCircuitCreationBurst; + /** When an address is marked as malicous, what defense should be used + * against it. See the dos_cc_defense_type_t enum. */ + int DoSCircuitCreationDefenseType; + /** For how much time (in seconds) the defense is applicable for a malicious + * address. A random time delta is added to the defense time of an address + * which will be between 1 second and half of this value. */ + int DoSCircuitCreationDefenseTimePeriod; + + /** Autobool: Is the DoS connection mitigation subsystem enabled? */ + int DoSConnectionEnabled; + /** Maximum concurrent connection allowed per address. */ + int DoSConnectionMaxConcurrentCount; + /** When an address is reaches the maximum count, what defense should be + * used against it. See the dos_conn_defense_type_t enum. */ + int DoSConnectionDefenseType; + + /** Autobool: Do we refuse single hop client rendezvous? */ + int DoSRefuseSingleHopClientRendezvous; +}; + +#endif |