diff options
Diffstat (limited to 'src/app/config')
| -rw-r--r-- | src/app/config/config.c | 120 | ||||
| -rw-r--r-- | src/app/config/config.h | 4 | ||||
| -rw-r--r-- | src/app/config/include.am | 21 | ||||
| -rw-r--r-- | src/app/config/or_options_st.h | 51 | ||||
| -rw-r--r-- | src/app/config/or_state_st.h | 2 | ||||
| -rw-r--r-- | src/app/config/quiet_level.c | 2 | ||||
| -rw-r--r-- | src/app/config/quiet_level.h | 2 | ||||
| -rw-r--r-- | src/app/config/statefile.c | 2 | ||||
| -rw-r--r-- | src/app/config/statefile.h | 2 | ||||
| -rw-r--r-- | src/app/config/testnet.inc | 1 | ||||
| -rw-r--r-- | src/app/config/tor_cmdline_mode.h | 2 |
11 files changed, 157 insertions, 52 deletions
diff --git a/src/app/config/config.c b/src/app/config/config.c index 1bfb41f48f..bc65977b20 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2020, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -88,7 +88,7 @@ #include "feature/control/control.h" #include "feature/control/control_auth.h" #include "feature/control/control_events.h" -#include "feature/dircache/dirserv.h" +#include "feature/dirclient/dirclient_modes.h" #include "feature/hibernate/hibernate.h" #include "feature/hs/hs_config.h" #include "feature/nodelist/dirlist.h" @@ -444,7 +444,7 @@ static const config_var_t option_vars_[] = { V(EnforceDistinctSubnets, BOOL, "1"), V_D(EntryNodes, ROUTERSET, NULL), V(EntryStatistics, BOOL, "0"), - V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"), + OBSOLETE("TestingEstimatedDescriptorPropagationTime"), V_D(ExcludeNodes, ROUTERSET, NULL), V_D(ExcludeExitNodes, ROUTERSET, NULL), OBSOLETE("ExcludeSingleHopRelays"), @@ -531,6 +531,7 @@ static const config_var_t option_vars_[] = { V(Socks5Proxy, STRING, NULL), V(Socks5ProxyUsername, STRING, NULL), V(Socks5ProxyPassword, STRING, NULL), + V(TCPProxy, STRING, NULL), VAR_IMMUTABLE("KeyDirectory", FILENAME, KeyDirectory_option, NULL), V(KeyDirectoryGroupReadable, AUTOBOOL, "auto"), VAR_D("HSLayer2Nodes", ROUTERSET, HSLayer2Nodes, NULL), @@ -807,6 +808,11 @@ static const config_deprecation_t option_deprecation_notes_[] = { "effect on clients since 0.2.8." }, /* End of options deprecated since 0.3.2.2-alpha. */ + /* Options deprecated since 0.4.3.1-alpha. */ + { "ClientAutoIPv6ORPort", "This option is unreliable if a connection isn't " + "reliably dual-stack."}, + /* End of options deprecated since 0.4.3.1-alpha. */ + { NULL, NULL } }; @@ -2395,10 +2401,10 @@ options_act,(const or_options_t *old_options)) /* We may need to reschedule some directory stuff if our status changed. */ if (old_options) { - if (!bool_eq(directory_fetches_dir_info_early(options), - directory_fetches_dir_info_early(old_options)) || - !bool_eq(directory_fetches_dir_info_later(options), - directory_fetches_dir_info_later(old_options)) || + if (!bool_eq(dirclient_fetches_dir_info_early(options), + dirclient_fetches_dir_info_early(old_options)) || + !bool_eq(dirclient_fetches_dir_info_later(options), + dirclient_fetches_dir_info_later(old_options)) || !config_lines_eq(old_options->Bridges, options->Bridges)) { /* Make sure update_router_have_minimum_dir_info() gets called. */ router_dir_info_changed(); @@ -2667,7 +2673,7 @@ print_usage(void) printf( "Copyright (c) 2001-2004, Roger Dingledine\n" "Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n" -"Copyright (c) 2007-2019, The Tor Project, Inc.\n\n" +"Copyright (c) 2007-2020, The Tor Project, Inc.\n\n" "tor -f <torrc> [args]\n" "See man page for options, or https://www.torproject.org/ for " "documentation.\n"); @@ -2709,6 +2715,9 @@ list_enabled_modules(void) { printf("%s: %s\n", "relay", have_module_relay() ? "yes" : "no"); printf("%s: %s\n", "dirauth", have_module_dirauth() ? "yes" : "no"); + // We don't list dircache, because it cannot be enabled or disabled + // independently from relay. Listing it here would proliferate + // test variants in test_parseconf.sh to no useful purpose. } /** Last value actually set by resolve_my_address. */ @@ -3915,19 +3924,28 @@ options_validate_cb(const void *old_options_, void *options_, char **msg) } } + if (options->TCPProxy) { + int res = parse_tcp_proxy_line(options->TCPProxy, options, msg); + if (res < 0) { + return res; + } + } + /* Check if more than one exclusive proxy type has been enabled. */ if (!!options->Socks4Proxy + !!options->Socks5Proxy + - !!options->HTTPSProxy > 1) + !!options->HTTPSProxy + !!options->TCPProxy > 1) REJECT("You have configured more than one proxy type. " - "(Socks4Proxy|Socks5Proxy|HTTPSProxy)"); + "(Socks4Proxy|Socks5Proxy|HTTPSProxy|TCPProxy)"); /* Check if the proxies will give surprising behavior. */ if (options->HTTPProxy && !(options->Socks4Proxy || options->Socks5Proxy || - options->HTTPSProxy)) { - log_warn(LD_CONFIG, "HTTPProxy configured, but no SOCKS proxy or " - "HTTPS proxy configured. Watch out: this configuration will " - "proxy unencrypted directory connections only."); + options->HTTPSProxy || + options->TCPProxy)) { + log_warn(LD_CONFIG, "HTTPProxy configured, but no SOCKS proxy, " + "HTTPS proxy, or any other TCP proxy configured. Watch out: " + "this configuration will proxy unencrypted directory " + "connections only."); } if (options->Socks5ProxyUsername) { @@ -4098,7 +4116,6 @@ options_validate_cb(const void *old_options_, void *options_, char **msg) CHECK_DEFAULT(TestingV3AuthInitialDistDelay); CHECK_DEFAULT(TestingV3AuthVotingStartOffset); CHECK_DEFAULT(TestingAuthDirTimeToLearnReachability); - CHECK_DEFAULT(TestingEstimatedDescriptorPropagationTime); CHECK_DEFAULT(TestingServerDownloadInitialDelay); CHECK_DEFAULT(TestingClientDownloadInitialDelay); CHECK_DEFAULT(TestingServerConsensusDownloadInitialDelay); @@ -4126,12 +4143,6 @@ options_validate_cb(const void *old_options_, void *options_, char **msg) if (options_validate_dirauth_testing(old_options, options, msg) < 0) return -1; - if (options->TestingEstimatedDescriptorPropagationTime < 0) { - REJECT("TestingEstimatedDescriptorPropagationTime must be non-negative."); - } else if (options->TestingEstimatedDescriptorPropagationTime > 60*60) { - COMPLAIN("TestingEstimatedDescriptorPropagationTime is insanely high."); - } - if (options->TestingClientMaxIntervalWithoutRequest < 1) { REJECT("TestingClientMaxIntervalWithoutRequest is way too low."); } else if (options->TestingClientMaxIntervalWithoutRequest > 3600) { @@ -5330,6 +5341,68 @@ parse_bridge_line(const char *line) return bridge_line; } +/** Parse the contents of a TCPProxy line from <b>line</b> and put it + * in <b>options</b>. Return 0 if the line is well-formed, and -1 if it + * isn't. + * + * This will mutate only options->TCPProxyProtocol, options->TCPProxyAddr, + * and options->TCPProxyPort. + * + * On error, tor_strdup an error explanation into *<b>msg</b>. + */ +STATIC int +parse_tcp_proxy_line(const char *line, or_options_t *options, char **msg) +{ + int ret = 0; + tor_assert(line); + tor_assert(options); + tor_assert(msg); + + smartlist_t *sl = smartlist_new(); + /* Split between the protocol and the address/port. */ + smartlist_split_string(sl, line, " ", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2); + + /* The address/port is not specified. */ + if (smartlist_len(sl) < 2) { + *msg = tor_strdup("TCPProxy has no address/port. Please fix."); + goto err; + } + + char *protocol_string = smartlist_get(sl, 0); + char *addrport_string = smartlist_get(sl, 1); + + /* The only currently supported protocol is 'haproxy'. */ + if (strcasecmp(protocol_string, "haproxy")) { + *msg = tor_strdup("TCPProxy protocol is not supported. Currently " + "the only supported protocol is 'haproxy'. " + "Please fix."); + goto err; + } else { + /* Otherwise, set the correct protocol. */ + options->TCPProxyProtocol = TCP_PROXY_PROTOCOL_HAPROXY; + } + + /* Parse the address/port. */ + if (tor_addr_port_lookup(addrport_string, &options->TCPProxyAddr, + &options->TCPProxyPort) < 0) { + *msg = tor_strdup("TCPProxy address/port failed to parse or resolve. " + "Please fix."); + goto err; + } + + /* Success. */ + ret = 0; + goto end; + + err: + ret = -1; + end: + SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp)); + smartlist_free(sl); + return ret; +} + /** Read the contents of a ClientTransportPlugin or ServerTransportPlugin * line from <b>line</b>, depending on the value of <b>server</b>. Return 0 * if the line is well-formed, and -1 if it isn't. @@ -5477,9 +5550,10 @@ pt_parse_transport_line(const or_options_t *options, /* ClientTransportPlugins connecting through a proxy is managed only. */ if (!server && (options->Socks4Proxy || options->Socks5Proxy || - options->HTTPSProxy)) { + options->HTTPSProxy || options->TCPProxy)) { log_warn(LD_CONFIG, "You have configured an external proxy with another " - "proxy type. (Socks4Proxy|Socks5Proxy|HTTPSProxy)"); + "proxy type. (Socks4Proxy|Socks5Proxy|HTTPSProxy|" + "TCPProxy)"); goto err; } diff --git a/src/app/config/config.h b/src/app/config/config.h index 15c9352467..04d877e9da 100644 --- a/src/app/config/config.h +++ b/src/app/config/config.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2020, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -286,6 +286,8 @@ STATIC const struct config_mgr_t *get_options_mgr(void); STATIC void or_options_free_(or_options_t *options); STATIC int options_validate_single_onion(or_options_t *options, char **msg); +STATIC int parse_tcp_proxy_line(const char *line, or_options_t *options, + char **msg); STATIC int consider_adding_dir_servers(const or_options_t *options, const or_options_t *old_options); STATIC void add_default_trusted_dir_authorities(dirinfo_type_t type); diff --git a/src/app/config/include.am b/src/app/config/include.am new file mode 100644 index 0000000000..5d625efecf --- /dev/null +++ b/src/app/config/include.am @@ -0,0 +1,21 @@ + +# ADD_C_FILE: INSERT SOURCES HERE. +LIBTOR_APP_A_SOURCES += \ + src/app/config/config.c \ + src/app/config/quiet_level.c \ + src/app/config/statefile.c + +# ADD_C_FILE: INSERT HEADERS HERE. +noinst_HEADERS += \ + src/app/config/config.h \ + src/app/config/or_options_st.h \ + src/app/config/or_state_st.h \ + src/app/config/quiet_level.h \ + src/app/config/statefile.h \ + src/app/config/tor_cmdline_mode.h + + +noinst_HEADERS += \ + src/app/config/auth_dirs.inc \ + src/app/config/fallback_dirs.inc \ + src/app/config/testnet.inc diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 0e6e825854..35ba15a9e2 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2020, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -13,6 +13,7 @@ #ifndef TOR_OR_OPTIONS_ST_H #define TOR_OR_OPTIONS_ST_H +#include "core/or/or.h" #include "lib/cc/torint.h" #include "lib/net/address.h" #include "app/config/tor_cmdline_mode.h" @@ -20,6 +21,7 @@ struct smartlist_t; struct config_line_t; struct config_suite_t; +struct routerset_t; /** Enumeration of outbound address configuration types: * Exit-only, OR-only, or both */ @@ -27,6 +29,12 @@ typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR, OUTBOUND_ADDR_EXIT_AND_OR, OUTBOUND_ADDR_MAX} outbound_addr_t; +/** Which protocol to use for TCPProxy. */ +typedef enum { + /** Use the HAProxy proxy protocol. */ + TCP_PROXY_PROTOCOL_HAPROXY +} tcp_proxy_protocol_t; + /** Configuration options for a Tor process. */ struct or_options_t { uint32_t magic_; @@ -66,28 +74,29 @@ struct or_options_t { char *Address; /**< OR only: configured address for this onion router. */ char *PidFile; /**< Where to store PID of Tor process. */ - routerset_t *ExitNodes; /**< Structure containing nicknames, digests, + struct routerset_t *ExitNodes; /**< Structure containing nicknames, digests, * country codes and IP address patterns of ORs to * consider as exits. */ - routerset_t *MiddleNodes; /**< Structure containing nicknames, digests, - * country codes and IP address patterns of ORs to - * consider as middles. */ - routerset_t *EntryNodes;/**< Structure containing nicknames, digests, + struct routerset_t *MiddleNodes; /**< Structure containing nicknames, + * digests, country codes and IP address patterns + * of ORs to consider as middles. */ + struct routerset_t *EntryNodes;/**< Structure containing nicknames, digests, * country codes and IP address patterns of ORs to * consider as entry points. */ int StrictNodes; /**< Boolean: When none of our EntryNodes or ExitNodes * are up, or we need to access a node in ExcludeNodes, * do we just fail instead? */ - routerset_t *ExcludeNodes;/**< Structure containing nicknames, digests, - * country codes and IP address patterns of ORs - * not to use in circuits. But see StrictNodes - * above. */ - routerset_t *ExcludeExitNodes;/**< Structure containing nicknames, digests, - * country codes and IP address patterns of - * ORs not to consider as exits. */ + struct routerset_t *ExcludeNodes;/**< Structure containing nicknames, + * digests, country codes and IP address patterns + * of ORs not to use in circuits. But see + * StrictNodes above. */ + struct routerset_t *ExcludeExitNodes;/**< Structure containing nicknames, + * digests, country codes and IP address + * patterns of ORs not to consider as + * exits. */ /** Union of ExcludeNodes and ExcludeExitNodes */ - routerset_t *ExcludeExitNodesUnion_; + struct routerset_t *ExcludeExitNodesUnion_; int DisableAllSwap; /**< Boolean: Attempt to call mlockall() on our * process for all current and future memory. */ @@ -263,11 +272,11 @@ struct or_options_t { /** A routerset that should be used when picking middle nodes for HS * circuits. */ - routerset_t *HSLayer2Nodes; + struct routerset_t *HSLayer2Nodes; /** A routerset that should be used when picking third-hop nodes for HS * circuits. */ - routerset_t *HSLayer3Nodes; + struct routerset_t *HSLayer3Nodes; /** Onion Services in HiddenServiceSingleHopMode make one-hop (direct) * circuits between the onion service server, and the introduction and @@ -408,6 +417,11 @@ struct or_options_t { char *Socks5ProxyUsername; /**< Username for SOCKS5 authentication, if any */ char *Socks5ProxyPassword; /**< Password for SOCKS5 authentication, if any */ + char *TCPProxy; /**< protocol and hostname:port to use as a proxy, if any. */ + tcp_proxy_protocol_t TCPProxyProtocol; /**< Derived from TCPProxy. */ + tor_addr_t TCPProxyAddr; /**< Derived from TCPProxy. */ + uint16_t TCPProxyPort; /**< Derived from TCPProxy. */ + /** List of configuration lines for replacement directory authorities. * If you just want to replace one class of authority at a time, * use the "Alternate*Authority" options below instead. */ @@ -686,11 +700,6 @@ struct or_options_t { voting. Only altered on testing networks. */ int TestingV3AuthVotingStartOffset; - /** Clients don't download any descriptor this recent, since it will - * probably not have propagated to enough caches. Only altered on testing - * networks. */ - int TestingEstimatedDescriptorPropagationTime; - /** Schedule for when servers should download things in general. Only * altered on testing networks. */ int TestingServerDownloadInitialDelay; diff --git a/src/app/config/or_state_st.h b/src/app/config/or_state_st.h index 6bfad3edb5..8c4e9d5e61 100644 --- a/src/app/config/or_state_st.h +++ b/src/app/config/or_state_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2020, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/config/quiet_level.c b/src/app/config/quiet_level.c index 84bc0149b8..4e17978228 100644 --- a/src/app/config/quiet_level.c +++ b/src/app/config/quiet_level.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2020, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/config/quiet_level.h b/src/app/config/quiet_level.h index 03e3f58fb0..3a630b90e7 100644 --- a/src/app/config/quiet_level.h +++ b/src/app/config/quiet_level.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2020, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/config/statefile.c b/src/app/config/statefile.c index af64dd47c8..d9667733cc 100644 --- a/src/app/config/statefile.c +++ b/src/app/config/statefile.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2020, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/config/statefile.h b/src/app/config/statefile.h index 60171f8d13..98d9d2dda1 100644 --- a/src/app/config/statefile.h +++ b/src/app/config/statefile.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2020, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/config/testnet.inc b/src/app/config/testnet.inc index 0ed3c38627..f146a03cd1 100644 --- a/src/app/config/testnet.inc +++ b/src/app/config/testnet.inc @@ -17,7 +17,6 @@ { "TestingV3AuthInitialVoteDelay", "20 seconds" }, { "TestingV3AuthInitialDistDelay", "20 seconds" }, { "TestingAuthDirTimeToLearnReachability", "0 minutes" }, -{ "TestingEstimatedDescriptorPropagationTime", "0 minutes" }, { "MinUptimeHidServDirectoryV2", "0 minutes" }, { "TestingServerDownloadInitialDelay", "0" }, { "TestingClientDownloadInitialDelay", "0" }, diff --git a/src/app/config/tor_cmdline_mode.h b/src/app/config/tor_cmdline_mode.h index b2c43bbb87..30a339a438 100644 --- a/src/app/config/tor_cmdline_mode.h +++ b/src/app/config/tor_cmdline_mode.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2020, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** |