diff options
Diffstat (limited to 'src/or/config.c')
| -rw-r--r-- | src/or/config.c | 125 |
1 files changed, 96 insertions, 29 deletions
diff --git a/src/or/config.c b/src/or/config.c index 2947d1cf17..31695baa73 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2012, The Tor Project, Inc. */ + * Copyright (c) 2007-2013, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -242,6 +242,7 @@ static config_var_t option_vars_[] = { V(FetchHidServDescriptors, BOOL, "1"), V(FetchUselessDescriptors, BOOL, "0"), V(FetchV2Networkstatus, BOOL, "0"), + V(GeoIPExcludeUnknown, AUTOBOOL, "auto"), #ifdef _WIN32 V(GeoIPFile, FILENAME, "<default>"), V(GeoIPv6File, FILENAME, "<default>"), @@ -296,7 +297,8 @@ static config_var_t option_vars_[] = { V(MaxAdvertisedBandwidth, MEMUNIT, "1 GB"), V(MaxCircuitDirtiness, INTERVAL, "10 minutes"), V(MaxClientCircuitsPending, UINT, "32"), - V(MaxOnionsPending, UINT, "100"), + OBSOLETE("MaxOnionsPending"), + V(MaxOnionQueueDelay, MSEC_INTERVAL, "1750 msec"), OBSOLETE("MonthlyAccountingStart"), V(MyFamily, STRING, NULL), V(NewCircuitPeriod, INTERVAL, "30 seconds"), @@ -320,11 +322,17 @@ static config_var_t option_vars_[] = { V(PathBiasWarnRate, DOUBLE, "-1"), V(PathBiasExtremeRate, DOUBLE, "-1"), V(PathBiasScaleThreshold, INT, "-1"), - V(PathBiasScaleFactor, INT, "-1"), - V(PathBiasMultFactor, INT, "-1"), + OBSOLETE("PathBiasScaleFactor"), + OBSOLETE("PathBiasMultFactor"), V(PathBiasDropGuards, AUTOBOOL, "0"), - V(PathBiasUseCloseCounts, AUTOBOOL, "1"), + OBSOLETE("PathBiasUseCloseCounts"), + V(PathBiasUseThreshold, INT, "-1"), + V(PathBiasNoticeUseRate, DOUBLE, "-1"), + V(PathBiasExtremeUseRate, DOUBLE, "-1"), + V(PathBiasScaleUseThreshold, INT, "-1"), + + V(PathsNeededToBuildCircuits, DOUBLE, "-1"), OBSOLETE("PathlenCoinWeight"), V(PerConnBWBurst, MEMUNIT, "0"), V(PerConnBWRate, MEMUNIT, "0"), @@ -390,6 +398,7 @@ static config_var_t option_vars_[] = { V(UseEntryGuards, BOOL, "1"), V(UseEntryGuardsAsDirGuards, BOOL, "1"), V(UseMicrodescriptors, AUTOBOOL, "auto"), + V(UseNTorHandshake, AUTOBOOL, "auto"), V(User, STRING, NULL), V(UserspaceIOCPBuffers, BOOL, "0"), VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"), @@ -1084,7 +1093,7 @@ options_act_reversible(const or_options_t *old_options, char **msg) mark_logs_temp(); /* Close current logs once new logs are open. */ logs_marked = 1; - if (options_init_logs(options, 0)<0) { /* Configure the log(s) */ + if (options_init_logs(options, 0)<0) { /* Configure the tor_log(s) */ *msg = tor_strdup("Failed to init Log options. See logs for details."); goto rollback; } @@ -1260,7 +1269,7 @@ options_act(const or_options_t *old_options) return -1; #ifdef NON_ANONYMOUS_MODE_ENABLED - log(LOG_WARN, LD_GENERAL, "This copy of Tor was compiled to run in a " + log_warn(LD_GENERAL, "This copy of Tor was compiled to run in a " "non-anonymous mode. It will provide NO ANONYMITY."); #endif @@ -1566,6 +1575,18 @@ options_act(const or_options_t *old_options) config_maybe_load_geoip_files_(options, old_options); + if (geoip_is_loaded(AF_INET) && options->GeoIPExcludeUnknown) { + /* ExcludeUnknown is true or "auto" */ + const int is_auto = options->GeoIPExcludeUnknown == -1; + int changed; + + changed = routerset_add_unknown_ccs(&options->ExcludeNodes, is_auto); + changed += routerset_add_unknown_ccs(&options->ExcludeExitNodes, is_auto); + + if (changed) + routerset_add_unknown_ccs(&options->ExcludeExitNodesUnion_, is_auto); + } + if (options->CellStatistics || options->DirReqStatistics || options->EntryStatistics || options->ExitPortStatistics || options->ConnDirectionStatistics || @@ -1762,7 +1783,7 @@ config_get_commandlines(int argc, char **argv, config_line_t **result) (*new)->value = want_arg ? tor_strdup(argv[i+1]) : tor_strdup(""); (*new)->command = command; (*new)->next = NULL; - log(LOG_DEBUG, LD_CONFIG, "command line: parsed keyword '%s', value '%s'", + log_debug(LD_CONFIG, "command line: parsed keyword '%s', value '%s'", (*new)->key, (*new)->value); new = &((*new)->next); @@ -1845,7 +1866,7 @@ print_usage(void) printf( "Copyright (c) 2001-2004, Roger Dingledine\n" "Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n" -"Copyright (c) 2007-2012, The Tor Project, Inc.\n\n" +"Copyright (c) 2007-2013, The Tor Project, Inc.\n\n" "tor -f <torrc> [args]\n" "See man page for options, or https://www.torproject.org/ for " "documentation.\n"); @@ -2210,7 +2231,7 @@ options_validate(or_options_t *old_options, or_options_t *options, int n_ports=0; #define REJECT(arg) \ STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END -#define COMPLAIN(arg) STMT_BEGIN log(LOG_WARN, LD_CONFIG, arg); STMT_END +#define COMPLAIN(arg) STMT_BEGIN log_warn(LD_CONFIG, arg); STMT_END tor_assert(msg); *msg = NULL; @@ -2219,7 +2240,7 @@ options_validate(or_options_t *old_options, or_options_t *options, (!strcmpstart(uname, "Windows 95") || !strcmpstart(uname, "Windows 98") || !strcmpstart(uname, "Windows Me"))) { - log(LOG_WARN, LD_CONFIG, "Tor is running as a server, but you are " + log_warn(LD_CONFIG, "Tor is running as a server, but you are " "running %s; this probably won't work. See " "https://wiki.torproject.org/TheOnionRouter/TorFAQ#ServerOS " "for details.", uname); @@ -2248,7 +2269,7 @@ options_validate(or_options_t *old_options, or_options_t *options, } if (server_mode(options) && !options->ContactInfo) - log(LOG_NOTICE, LD_CONFIG, "Your ContactInfo config option is not set. " + log_notice(LD_CONFIG, "Your ContactInfo config option is not set. " "Please consider setting it, so we can contact you if your server is " "misconfigured or something else goes wrong."); @@ -2260,7 +2281,7 @@ options_validate(or_options_t *old_options, or_options_t *options, config_line_append(&options->Logs, "Log", "warn stdout"); } - if (options_init_logs(options, 1)<0) /* Validate the log(s) */ + if (options_init_logs(options, 1)<0) /* Validate the tor_log(s) */ REJECT("Failed to validate Log options. See logs for details."); if (authdir_mode(options)) { @@ -2278,7 +2299,7 @@ options_validate(or_options_t *old_options, or_options_t *options, /* XXXX require that the only port not be DirPort? */ /* XXXX require that at least one port be listened-upon. */ if (n_ports == 0 && !options->RendConfigLines) - log(LOG_WARN, LD_CONFIG, + log_warn(LD_CONFIG, "SocksPort, TransPort, NATDPort, DNSPort, and ORPort are all " "undefined, and there aren't any hidden services configured. " "Tor will still run, but probably won't do anything."); @@ -2385,6 +2406,18 @@ options_validate(or_options_t *old_options, or_options_t *options, return -1; } + if (options->PathsNeededToBuildCircuits >= 0.0) { + if (options->PathsNeededToBuildCircuits < 0.25) { + log_warn(LD_CONFIG, "PathsNeededToBuildCircuits is too low. Increasing " + "to 0.25"); + options->PathsNeededToBuildCircuits = 0.25; + } else if (options->PathsNeededToBuildCircuits < 0.95) { + log_warn(LD_CONFIG, "PathsNeededToBuildCircuits is too high. Decreasing " + "to 0.95"); + options->PathsNeededToBuildCircuits = 0.95; + } + } + if (options->MaxClientCircuitsPending <= 0 || options->MaxClientCircuitsPending > MAX_MAX_CLIENT_CIRCUITS_PENDING) { tor_asprintf(msg, @@ -2426,7 +2459,7 @@ options_validate(or_options_t *old_options, or_options_t *options, }); new_line->value = smartlist_join_strings(instead,",",0,NULL); /* These have been deprecated since 0.1.1.5-alpha-cvs */ - log(LOG_NOTICE, LD_CONFIG, + log_notice(LD_CONFIG, "Converting FascistFirewall and FirewallPorts " "config options to new format: \"ReachableAddresses %s\"", new_line->value); @@ -2441,7 +2474,7 @@ options_validate(or_options_t *old_options, or_options_t *options, new_line->key = tor_strdup("ReachableDirAddresses"); new_line->value = tor_strdup("*:80"); options->ReachableDirAddresses = new_line; - log(LOG_NOTICE, LD_CONFIG, "Converting FascistFirewall config option " + log_notice(LD_CONFIG, "Converting FascistFirewall config option " "to new format: \"ReachableDirAddresses *:80\""); } if (!options->ReachableORAddresses) { @@ -2449,7 +2482,7 @@ options_validate(or_options_t *old_options, or_options_t *options, new_line->key = tor_strdup("ReachableORAddresses"); new_line->value = tor_strdup("*:443"); options->ReachableORAddresses = new_line; - log(LOG_NOTICE, LD_CONFIG, "Converting FascistFirewall config option " + log_notice(LD_CONFIG, "Converting FascistFirewall config option " "to new format: \"ReachableORAddresses *:443\""); } } @@ -2629,6 +2662,37 @@ options_validate(or_options_t *old_options, or_options_t *options, RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT ); } + if (options->PathBiasNoticeRate > 1.0) { + tor_asprintf(msg, + "PathBiasNoticeRate is too high. " + "It must be between 0 and 1.0"); + return -1; + } + if (options->PathBiasWarnRate > 1.0) { + tor_asprintf(msg, + "PathBiasWarnRate is too high. " + "It must be between 0 and 1.0"); + return -1; + } + if (options->PathBiasExtremeRate > 1.0) { + tor_asprintf(msg, + "PathBiasExtremeRate is too high. " + "It must be between 0 and 1.0"); + return -1; + } + if (options->PathBiasNoticeUseRate > 1.0) { + tor_asprintf(msg, + "PathBiasNoticeUseRate is too high. " + "It must be between 0 and 1.0"); + return -1; + } + if (options->PathBiasExtremeUseRate > 1.0) { + tor_asprintf(msg, + "PathBiasExtremeUseRate is too high. " + "It must be between 0 and 1.0"); + return -1; + } + if (options->MaxCircuitDirtiness < MIN_MAX_CIRCUIT_DIRTINESS) { log_warn(LD_CONFIG, "MaxCircuitDirtiness option is too short; " "raising to %d seconds.", MIN_MAX_CIRCUIT_DIRTINESS); @@ -3403,7 +3467,7 @@ find_torrc_filename(int argc, char **argv, for (i = 1; i < argc; ++i) { if (i < argc-1 && !strcmp(argv[i],fname_opt)) { if (fname) { - log(LOG_WARN, LD_CONFIG, "Duplicate %s options on command line.", + log_warn(LD_CONFIG, "Duplicate %s options on command line.", fname_opt); tor_free(fname); } @@ -3466,7 +3530,7 @@ load_torrc_from_disk(int argc, char **argv, int defaults_file) fname = find_torrc_filename(argc, argv, defaults_file, &using_default_torrc, &ignore_missing_torrc); tor_assert(fname); - log(LOG_DEBUG, LD_CONFIG, "Opening config file \"%s\"", fname); + log_debug(LD_CONFIG, "Opening config file \"%s\"", fname); tor_free(*fname_var); *fname_var = fname; @@ -3476,18 +3540,18 @@ load_torrc_from_disk(int argc, char **argv, int defaults_file) !(cf = read_file_to_str(fname,0,NULL))) { if (using_default_torrc == 1 || ignore_missing_torrc) { if (!defaults_file) - log(LOG_NOTICE, LD_CONFIG, "Configuration file \"%s\" not present, " + log_notice(LD_CONFIG, "Configuration file \"%s\" not present, " "using reasonable defaults.", fname); tor_free(fname); /* sets fname to NULL */ *fname_var = NULL; cf = tor_strdup(""); } else { - log(LOG_WARN, LD_CONFIG, + log_warn(LD_CONFIG, "Unable to open configuration file \"%s\".", fname); goto err; } } else { - log(LOG_NOTICE, LD_CONFIG, "Read configuration file \"%s\".", fname); + log_notice(LD_CONFIG, "Read configuration file \"%s\".", fname); } return cf; @@ -3579,7 +3643,7 @@ options_init_from_torrc(int argc, char **argv) tor_free(cf); tor_free(cf_defaults); if (errmsg) { - log(LOG_WARN,LD_CONFIG,"%s", errmsg); + log_warn(LD_CONFIG,"%s", errmsg); tor_free(errmsg); } return retval < 0 ? -1 : 0; @@ -4633,12 +4697,15 @@ port_cfg_free(port_cfg_t *port) tor_free(port); } -/** Warn for every port in <b>ports</b> that is on a publicly routable - * address. */ +/** Warn for every port in <b>ports</b> of type <b>listener_type</b> that is + * on a publicly routable address. */ static void -warn_nonlocal_client_ports(const smartlist_t *ports, const char *portname) +warn_nonlocal_client_ports(const smartlist_t *ports, const char *portname, + int listener_type) { SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) { + if (port->type != listener_type) + continue; if (port->is_unix_addr) { /* Unix sockets aren't accessible over a network. */ } else if (!tor_addr_is_internal(&port->addr, 1)) { @@ -4835,7 +4902,7 @@ parse_port_config(smartlist_t *out, if (is_control) warn_nonlocal_controller_ports(out, forbid_nonlocal); else - warn_nonlocal_client_ports(out, portname); + warn_nonlocal_client_ports(out, portname, listener_type); } return 0; } /* end if (listenaddrs) */ @@ -5101,7 +5168,7 @@ parse_port_config(smartlist_t *out, if (is_control) warn_nonlocal_controller_ports(out, forbid_nonlocal); else - warn_nonlocal_client_ports(out, portname); + warn_nonlocal_client_ports(out, portname, listener_type); } if (got_zero_port && got_nonzero_port) { @@ -5360,7 +5427,7 @@ check_server_ports(const smartlist_t *ports, } if (n_low_port && options->AccountingMax) { - log(LOG_WARN, LD_CONFIG, + log_warn(LD_CONFIG, "You have set AccountingMax to use hibernation. You have also " "chosen a low DirPort or OrPort. This combination can make Tor stop " "working when it tries to re-attach the port after a period of " |