2014-04-16 22:05:10 +02:00
|
|
|
/* Copyright (c) 2001 Matej Pfajfar.
|
2006-02-09 06:46:49 +01:00
|
|
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
2007-12-12 22:09:01 +01:00
|
|
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
2015-01-02 20:27:39 +01:00
|
|
|
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
/* See LICENSE for licensing information */
|
2005-06-11 07:31:17 +02:00
|
|
|
|
2004-05-10 06:48:13 +02:00
|
|
|
/**
|
2004-11-30 07:17:35 +01:00
|
|
|
* \file config.c
|
|
|
|
* \brief Code to parse and interpret configuration files.
|
2004-05-10 06:48:13 +02:00
|
|
|
**/
|
|
|
|
|
2013-07-18 20:38:31 +02:00
|
|
|
#define CONFIG_PRIVATE
|
2002-06-27 00:45:49 +02:00
|
|
|
#include "or.h"
|
2014-04-28 22:20:58 +02:00
|
|
|
#include "compat.h"
|
2012-10-28 21:13:58 +01:00
|
|
|
#include "addressmap.h"
|
2012-10-02 05:27:51 +02:00
|
|
|
#include "channel.h"
|
2010-07-22 01:21:00 +02:00
|
|
|
#include "circuitbuild.h"
|
2010-07-22 09:46:23 +02:00
|
|
|
#include "circuitlist.h"
|
2012-10-01 10:52:39 +02:00
|
|
|
#include "circuitmux.h"
|
|
|
|
#include "circuitmux_ewma.h"
|
2010-07-22 10:22:51 +02:00
|
|
|
#include "config.h"
|
2010-07-22 10:32:52 +02:00
|
|
|
#include "connection.h"
|
2010-07-22 10:43:02 +02:00
|
|
|
#include "connection_edge.h"
|
2010-08-15 10:01:42 +02:00
|
|
|
#include "connection_or.h"
|
2010-07-22 11:35:09 +02:00
|
|
|
#include "control.h"
|
2012-09-12 23:34:50 +02:00
|
|
|
#include "confparse.h"
|
2010-07-22 11:40:39 +02:00
|
|
|
#include "cpuworker.h"
|
2010-07-22 12:09:49 +02:00
|
|
|
#include "dirserv.h"
|
2010-07-22 12:19:28 +02:00
|
|
|
#include "dirvote.h"
|
2010-07-22 12:24:25 +02:00
|
|
|
#include "dns.h"
|
2012-10-22 20:28:37 +02:00
|
|
|
#include "entrynodes.h"
|
2010-07-21 14:38:52 +02:00
|
|
|
#include "geoip.h"
|
2010-07-22 12:30:46 +02:00
|
|
|
#include "hibernate.h"
|
2010-07-23 19:58:06 +02:00
|
|
|
#include "main.h"
|
2010-07-23 20:18:55 +02:00
|
|
|
#include "networkstatus.h"
|
2012-09-13 19:16:37 +02:00
|
|
|
#include "nodelist.h"
|
2010-07-23 20:51:25 +02:00
|
|
|
#include "policies.h"
|
2010-07-23 21:53:11 +02:00
|
|
|
#include "relay.h"
|
2010-07-22 00:13:51 +02:00
|
|
|
#include "rendclient.h"
|
2010-07-22 00:30:17 +02:00
|
|
|
#include "rendservice.h"
|
2010-07-23 22:57:20 +02:00
|
|
|
#include "rephist.h"
|
2010-07-21 16:17:10 +02:00
|
|
|
#include "router.h"
|
2013-06-17 12:07:14 +02:00
|
|
|
#include "sandbox.h"
|
2011-07-13 18:58:11 +02:00
|
|
|
#include "util.h"
|
2010-07-21 17:08:11 +02:00
|
|
|
#include "routerlist.h"
|
2012-09-13 18:46:39 +02:00
|
|
|
#include "routerset.h"
|
2013-10-14 19:33:36 +02:00
|
|
|
#include "scheduler.h"
|
2012-09-12 23:58:33 +02:00
|
|
|
#include "statefile.h"
|
2011-07-18 02:33:31 +02:00
|
|
|
#include "transports.h"
|
2012-12-05 18:18:18 +01:00
|
|
|
#include "ext_orport.h"
|
2013-09-01 18:38:01 +02:00
|
|
|
#include "torgzip.h"
|
2012-01-31 16:59:42 +01:00
|
|
|
#ifdef _WIN32
|
2004-08-18 05:42:55 +02:00
|
|
|
#include <shlobj.h>
|
|
|
|
#endif
|
2002-10-03 04:17:41 +02:00
|
|
|
|
2011-11-25 05:39:44 +01:00
|
|
|
#include "procmon.h"
|
|
|
|
|
2015-01-09 22:17:50 +01:00
|
|
|
#ifdef HAVE_SYSTEMD
|
|
|
|
# if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
|
|
|
|
/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
|
|
|
|
* Coverity. Here's a kludge to unconfuse it.
|
|
|
|
*/
|
|
|
|
# define __INCLUDE_LEVEL__ 2
|
|
|
|
# endif
|
|
|
|
#include <systemd/sd-daemon.h>
|
|
|
|
#endif
|
|
|
|
|
2011-11-25 05:39:44 +01:00
|
|
|
/* From main.c */
|
|
|
|
extern int quiet_level;
|
|
|
|
|
2008-12-23 18:56:31 +01:00
|
|
|
/** A list of abbreviations and aliases to map command-line options, obsolete
|
|
|
|
* option names, or alternative option names, to their current values. */
|
2012-10-12 18:22:13 +02:00
|
|
|
static config_abbrev_t option_abbrevs_[] = {
|
2012-01-13 18:28:32 +01:00
|
|
|
PLURAL(AuthDirBadDirCC),
|
|
|
|
PLURAL(AuthDirBadExitCC),
|
|
|
|
PLURAL(AuthDirInvalidCC),
|
|
|
|
PLURAL(AuthDirRejectCC),
|
2004-11-09 07:09:06 +01:00
|
|
|
PLURAL(EntryNode),
|
2004-10-27 19:37:01 +02:00
|
|
|
PLURAL(ExcludeNode),
|
|
|
|
PLURAL(FirewallPort),
|
2005-01-12 05:58:23 +01:00
|
|
|
PLURAL(LongLivedPort),
|
2004-10-27 19:37:01 +02:00
|
|
|
PLURAL(HiddenServiceNode),
|
|
|
|
PLURAL(HiddenServiceExcludeNode),
|
2010-10-29 19:41:24 +02:00
|
|
|
PLURAL(NumCPU),
|
2004-10-27 19:37:01 +02:00
|
|
|
PLURAL(RendNode),
|
|
|
|
PLURAL(RendExcludeNode),
|
2004-11-21 00:16:03 +01:00
|
|
|
PLURAL(StrictEntryNode),
|
|
|
|
PLURAL(StrictExitNode),
|
2009-09-18 04:45:54 +02:00
|
|
|
PLURAL(StrictNode),
|
2005-10-18 01:00:08 +02:00
|
|
|
{ "l", "Log", 1, 0},
|
2006-03-19 02:21:59 +01:00
|
|
|
{ "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
|
2007-05-25 16:48:16 +02:00
|
|
|
{ "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
|
|
|
|
{ "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
|
2005-10-17 05:06:00 +02:00
|
|
|
{ "BandwidthRateBytes", "BandwidthRate", 0, 0},
|
|
|
|
{ "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
|
|
|
|
{ "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
|
2012-09-10 21:54:16 +02:00
|
|
|
{ "DirServer", "DirAuthority", 0, 0}, /* XXXX024 later, make this warn? */
|
2005-10-17 05:06:00 +02:00
|
|
|
{ "MaxConn", "ConnLimit", 0, 1},
|
2013-11-20 18:08:14 +01:00
|
|
|
{ "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
|
2005-11-11 18:04:14 +01:00
|
|
|
{ "ORBindAddress", "ORListenAddress", 0, 0},
|
|
|
|
{ "DirBindAddress", "DirListenAddress", 0, 0},
|
|
|
|
{ "SocksBindAddress", "SocksListenAddress", 0, 0},
|
2006-01-10 23:42:44 +01:00
|
|
|
{ "UseHelperNodes", "UseEntryGuards", 0, 0},
|
|
|
|
{ "NumHelperNodes", "NumEntryGuards", 0, 0},
|
|
|
|
{ "UseEntryNodes", "UseEntryGuards", 0, 0},
|
|
|
|
{ "NumEntryNodes", "NumEntryGuards", 0, 0},
|
2006-09-21 23:48:16 +02:00
|
|
|
{ "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
|
|
|
|
{ "SearchDomains", "ServerDNSSearchDomains", 0, 1},
|
2009-09-18 04:45:54 +02:00
|
|
|
{ "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
|
2007-11-11 02:06:16 +01:00
|
|
|
{ "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
|
2007-12-19 05:58:58 +01:00
|
|
|
{ "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
|
2008-02-23 00:20:28 +01:00
|
|
|
{ "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
|
2012-11-23 23:31:53 +01:00
|
|
|
{ "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
|
2012-09-10 16:09:19 +02:00
|
|
|
{ "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
|
2005-12-28 10:07:31 +01:00
|
|
|
{ NULL, NULL, 0, 0},
|
|
|
|
};
|
2008-12-23 18:56:31 +01:00
|
|
|
|
2004-10-27 05:08:04 +02:00
|
|
|
/** An entry for config_vars: "The option <b>name</b> has type
|
|
|
|
* CONFIG_TYPE_<b>conftype</b>, and corresponds to
|
|
|
|
* or_options_t.<b>member</b>"
|
|
|
|
*/
|
2005-12-14 21:40:40 +01:00
|
|
|
#define VAR(name,conftype,member,initvalue) \
|
|
|
|
{ name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
|
2006-01-06 16:43:03 +01:00
|
|
|
initvalue }
|
2007-08-27 20:56:20 +02:00
|
|
|
/** As VAR, but the option name and member name are the same. */
|
|
|
|
#define V(member,conftype,initvalue) \
|
|
|
|
VAR(#member, conftype, member, initvalue)
|
2004-10-27 05:08:04 +02:00
|
|
|
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
|
2006-01-06 16:43:03 +01:00
|
|
|
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
|
2004-10-27 04:30:28 +02:00
|
|
|
|
2012-08-09 21:48:43 +02:00
|
|
|
#define VPORT(member,conftype,initvalue) \
|
|
|
|
VAR(#member, conftype, member ## _lines, initvalue)
|
|
|
|
|
2004-10-27 05:08:04 +02:00
|
|
|
/** Array of configuration options. Until we disallow nonstandard
|
|
|
|
* abbreviations, order is significant, since the first matching option will
|
|
|
|
* be chosen first.
|
|
|
|
*/
|
2012-10-12 18:22:13 +02:00
|
|
|
static config_var_t option_vars_[] = {
|
2007-08-27 20:56:20 +02:00
|
|
|
V(AccountingMax, MEMUNIT, "0 bytes"),
|
2014-09-23 14:46:35 +02:00
|
|
|
VAR("AccountingRule", STRING, AccountingRule_option, "max"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(AccountingStart, STRING, NULL),
|
|
|
|
V(Address, STRING, NULL),
|
2009-08-08 01:26:41 +02:00
|
|
|
V(AllowDotExit, BOOL, "0"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(AllowInvalidNodes, CSV, "middle,rendezvous"),
|
|
|
|
V(AllowNonRFC953Hostnames, BOOL, "0"),
|
2008-09-26 20:58:45 +02:00
|
|
|
V(AllowSingleHopCircuits, BOOL, "0"),
|
|
|
|
V(AllowSingleHopExits, BOOL, "0"),
|
2007-12-12 05:38:54 +01:00
|
|
|
V(AlternateBridgeAuthority, LINELIST, NULL),
|
|
|
|
V(AlternateDirAuthority, LINELIST, NULL),
|
2014-02-11 04:41:52 +01:00
|
|
|
OBSOLETE("AlternateHSAuthority"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(AssumeReachable, BOOL, "0"),
|
2014-09-05 01:37:25 +02:00
|
|
|
OBSOLETE("AuthDirBadDir"),
|
|
|
|
OBSOLETE("AuthDirBadDirCCs"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(AuthDirBadExit, LINELIST, NULL),
|
2012-01-17 03:20:46 +01:00
|
|
|
V(AuthDirBadExitCCs, CSV, ""),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(AuthDirInvalid, LINELIST, NULL),
|
2012-01-17 03:20:46 +01:00
|
|
|
V(AuthDirInvalidCCs, CSV, ""),
|
2011-11-17 04:08:01 +01:00
|
|
|
V(AuthDirFastGuarantee, MEMUNIT, "100 KB"),
|
2014-07-24 06:35:47 +02:00
|
|
|
V(AuthDirGuardBWGuarantee, MEMUNIT, "2 MB"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(AuthDirReject, LINELIST, NULL),
|
2012-01-17 03:20:46 +01:00
|
|
|
V(AuthDirRejectCCs, CSV, ""),
|
2014-09-04 06:25:38 +02:00
|
|
|
OBSOLETE("AuthDirRejectUnlisted"),
|
2014-09-05 01:37:25 +02:00
|
|
|
OBSOLETE("AuthDirListBadDirs"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(AuthDirListBadExits, BOOL, "0"),
|
2008-01-10 17:08:47 +01:00
|
|
|
V(AuthDirMaxServersPerAddr, UINT, "2"),
|
|
|
|
V(AuthDirMaxServersPerAuthAddr,UINT, "5"),
|
2012-09-06 00:17:41 +02:00
|
|
|
V(AuthDirHasIPv6Connectivity, BOOL, "0"),
|
2007-08-27 20:56:20 +02:00
|
|
|
VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"),
|
|
|
|
V(AutomapHostsOnResolve, BOOL, "0"),
|
|
|
|
V(AutomapHostsSuffixes, CSV, ".onion,.exit"),
|
|
|
|
V(AvoidDiskWrites, BOOL, "0"),
|
2012-09-10 09:03:06 +02:00
|
|
|
V(BandwidthBurst, MEMUNIT, "1 GB"),
|
|
|
|
V(BandwidthRate, MEMUNIT, "1 GB"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(BridgeAuthoritativeDir, BOOL, "0"),
|
|
|
|
VAR("Bridge", LINELIST, Bridges, NULL),
|
2007-12-22 11:54:21 +01:00
|
|
|
V(BridgePassword, STRING, NULL),
|
2007-12-17 23:44:11 +01:00
|
|
|
V(BridgeRecordUsageByCountry, BOOL, "1"),
|
2007-12-04 19:35:03 +01:00
|
|
|
V(BridgeRelay, BOOL, "0"),
|
2009-07-05 19:53:25 +02:00
|
|
|
V(CellStatistics, BOOL, "0"),
|
2010-05-08 20:54:29 +02:00
|
|
|
V(LearnCircuitBuildTimeout, BOOL, "1"),
|
2009-09-02 05:27:43 +02:00
|
|
|
V(CircuitBuildTimeout, INTERVAL, "0"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(CircuitIdleTimeout, INTERVAL, "1 hour"),
|
2009-11-22 05:36:36 +01:00
|
|
|
V(CircuitStreamTimeout, INTERVAL, "0"),
|
2009-12-15 19:53:53 +01:00
|
|
|
V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/
|
2007-08-27 20:56:20 +02:00
|
|
|
V(ClientDNSRejectInternalAddresses, BOOL,"1"),
|
|
|
|
V(ClientOnly, BOOL, "0"),
|
2012-08-27 15:03:34 +02:00
|
|
|
V(ClientPreferIPv6ORPort, BOOL, "0"),
|
2011-06-11 17:08:31 +02:00
|
|
|
V(ClientRejectInternalAddresses, BOOL, "1"),
|
2011-07-03 05:23:07 +02:00
|
|
|
V(ClientTransportPlugin, LINELIST, NULL),
|
2012-08-27 15:03:34 +02:00
|
|
|
V(ClientUseIPv6, BOOL, "0"),
|
2009-09-15 10:40:08 +02:00
|
|
|
V(ConsensusParams, STRING, NULL),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(ConnLimit, UINT, "1000"),
|
2010-08-15 14:58:35 +02:00
|
|
|
V(ConnDirectionStatistics, BOOL, "0"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(ConstrainedSockets, BOOL, "0"),
|
|
|
|
V(ConstrainedSockSize, MEMUNIT, "8192"),
|
|
|
|
V(ContactInfo, STRING, NULL),
|
|
|
|
V(ControlListenAddress, LINELIST, NULL),
|
2012-08-09 21:48:43 +02:00
|
|
|
VPORT(ControlPort, LINELIST, NULL),
|
2011-05-13 01:17:48 +02:00
|
|
|
V(ControlPortFileGroupReadable,BOOL, "0"),
|
2011-05-09 18:13:37 +02:00
|
|
|
V(ControlPortWriteToFile, FILENAME, NULL),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(ControlSocket, LINELIST, NULL),
|
2011-05-30 21:31:06 +02:00
|
|
|
V(ControlSocketsGroupWritable, BOOL, "0"),
|
2014-08-11 21:27:04 +02:00
|
|
|
V(SocksSocket, LINELIST, NULL),
|
|
|
|
V(SocksSocketsGroupWritable, BOOL, "0"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(CookieAuthentication, BOOL, "0"),
|
|
|
|
V(CookieAuthFileGroupReadable, BOOL, "0"),
|
|
|
|
V(CookieAuthFile, STRING, NULL),
|
2011-04-05 20:50:32 +02:00
|
|
|
V(CountPrivateBandwidth, BOOL, "0"),
|
2008-06-16 20:09:53 +02:00
|
|
|
V(DataDirectory, FILENAME, NULL),
|
2011-11-28 21:44:10 +01:00
|
|
|
V(DisableNetwork, BOOL, "0"),
|
2011-12-02 22:04:18 +01:00
|
|
|
V(DirAllowPrivateAddresses, BOOL, "0"),
|
2008-06-20 19:03:13 +02:00
|
|
|
V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(DirListenAddress, LINELIST, NULL),
|
|
|
|
V(DirPolicy, LINELIST, NULL),
|
2012-08-09 21:48:43 +02:00
|
|
|
VPORT(DirPort, LINELIST, NULL),
|
2008-12-08 19:00:34 +01:00
|
|
|
V(DirPortFrontPage, FILENAME, NULL),
|
2014-09-11 05:01:18 +02:00
|
|
|
VAR("DirReqStatistics", BOOL, DirReqStatistics_option, "1"),
|
2012-09-10 21:54:16 +02:00
|
|
|
VAR("DirAuthority", LINELIST, DirAuthorities, NULL),
|
2012-09-12 19:56:36 +02:00
|
|
|
V(DirAuthorityFallbackRate, DOUBLE, "1.0"),
|
2009-10-22 06:21:57 +02:00
|
|
|
V(DisableAllSwap, BOOL, "0"),
|
2011-05-30 17:06:51 +02:00
|
|
|
V(DisableDebuggerAttachment, BOOL, "1"),
|
2010-09-28 20:01:45 +02:00
|
|
|
V(DisableIOCP, BOOL, "1"),
|
2014-01-29 21:17:05 +01:00
|
|
|
OBSOLETE("DisableV2DirectoryInfo_"),
|
2012-06-06 18:00:04 +02:00
|
|
|
V(DynamicDHGroups, BOOL, "0"),
|
2012-08-09 21:48:43 +02:00
|
|
|
VPORT(DNSPort, LINELIST, NULL),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(DNSListenAddress, LINELIST, NULL),
|
|
|
|
V(DownloadExtraInfo, BOOL, "0"),
|
2013-05-24 12:01:32 +02:00
|
|
|
V(TestingEnableConnBwEvent, BOOL, "0"),
|
2013-05-24 12:29:42 +02:00
|
|
|
V(TestingEnableCellStatsEvent, BOOL, "0"),
|
2013-05-25 12:21:09 +02:00
|
|
|
V(TestingEnableTbEmptyEvent, BOOL, "0"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(EnforceDistinctSubnets, BOOL, "1"),
|
2008-09-25 22:21:35 +02:00
|
|
|
V(EntryNodes, ROUTERSET, NULL),
|
2009-07-05 20:48:16 +02:00
|
|
|
V(EntryStatistics, BOOL, "0"),
|
2008-06-20 19:03:13 +02:00
|
|
|
V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
|
2008-07-18 20:36:32 +02:00
|
|
|
V(ExcludeNodes, ROUTERSET, NULL),
|
|
|
|
V(ExcludeExitNodes, ROUTERSET, NULL),
|
2008-09-26 20:58:45 +02:00
|
|
|
V(ExcludeSingleHopRelays, BOOL, "1"),
|
2008-09-25 22:21:35 +02:00
|
|
|
V(ExitNodes, ROUTERSET, NULL),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(ExitPolicy, LINELIST, NULL),
|
|
|
|
V(ExitPolicyRejectPrivate, BOOL, "1"),
|
2009-06-24 19:51:45 +02:00
|
|
|
V(ExitPortStatistics, BOOL, "0"),
|
2012-08-27 17:16:44 +02:00
|
|
|
V(ExtendAllowPrivateAddresses, BOOL, "0"),
|
2014-11-13 16:48:15 +01:00
|
|
|
V(ExitRelay, AUTOBOOL, "auto"),
|
2012-03-16 14:40:44 +01:00
|
|
|
VPORT(ExtORPort, LINELIST, NULL),
|
2014-04-28 18:23:18 +02:00
|
|
|
V(ExtORPortCookieAuthFile, STRING, NULL),
|
2014-08-15 14:30:44 +02:00
|
|
|
V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
|
2010-11-09 14:18:00 +01:00
|
|
|
V(ExtraInfoStatistics, BOOL, "1"),
|
2012-09-11 00:13:28 +02:00
|
|
|
V(FallbackDir, LINELIST, NULL),
|
2009-12-15 19:53:53 +01:00
|
|
|
|
2012-10-10 06:08:35 +02:00
|
|
|
OBSOLETE("FallbackNetworkstatusFile"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(FascistFirewall, BOOL, "0"),
|
|
|
|
V(FirewallPorts, CSV, ""),
|
2013-10-31 21:44:14 +01:00
|
|
|
V(FastFirstHopPK, AUTOBOOL, "auto"),
|
2007-12-21 07:08:00 +01:00
|
|
|
V(FetchDirInfoEarly, BOOL, "0"),
|
2009-07-12 03:43:33 +02:00
|
|
|
V(FetchDirInfoExtraEarly, BOOL, "0"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(FetchServerDescriptors, BOOL, "1"),
|
|
|
|
V(FetchHidServDescriptors, BOOL, "1"),
|
|
|
|
V(FetchUselessDescriptors, BOOL, "0"),
|
2014-01-29 21:17:05 +01:00
|
|
|
OBSOLETE("FetchV2Networkstatus"),
|
2013-01-18 00:07:36 +01:00
|
|
|
V(GeoIPExcludeUnknown, AUTOBOOL, "auto"),
|
2012-01-31 16:59:42 +01:00
|
|
|
#ifdef _WIN32
|
2008-06-16 20:09:53 +02:00
|
|
|
V(GeoIPFile, FILENAME, "<default>"),
|
2012-03-01 02:04:45 +01:00
|
|
|
V(GeoIPv6File, FILENAME, "<default>"),
|
2008-05-29 03:22:30 +02:00
|
|
|
#else
|
2008-06-16 20:09:53 +02:00
|
|
|
V(GeoIPFile, FILENAME,
|
|
|
|
SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
|
2012-03-01 02:04:45 +01:00
|
|
|
V(GeoIPv6File, FILENAME,
|
|
|
|
SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
|
2008-05-29 03:22:30 +02:00
|
|
|
#endif
|
2008-11-07 03:06:12 +01:00
|
|
|
OBSOLETE("Group"),
|
2013-02-15 23:24:13 +01:00
|
|
|
V(GuardLifetime, INTERVAL, "0 minutes"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(HardwareAccel, BOOL, "0"),
|
2010-12-01 02:24:03 +01:00
|
|
|
V(HeartbeatPeriod, INTERVAL, "6 hours"),
|
2009-05-24 01:42:44 +02:00
|
|
|
V(AccelName, STRING, NULL),
|
|
|
|
V(AccelDir, FILENAME, NULL),
|
2007-12-09 05:59:27 +01:00
|
|
|
V(HashedControlPassword, LINELIST, NULL),
|
2008-09-11 22:06:04 +02:00
|
|
|
V(HidServDirectoryV2, BOOL, "1"),
|
2005-08-05 03:35:43 +02:00
|
|
|
VAR("HiddenServiceDir", LINELIST_S, RendConfigLines, NULL),
|
2014-08-30 23:14:51 +02:00
|
|
|
VAR("HiddenServiceDirGroupReadable", LINELIST_S, RendConfigLines, NULL),
|
2005-08-05 03:35:43 +02:00
|
|
|
VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL),
|
|
|
|
VAR("HiddenServicePort", LINELIST_S, RendConfigLines, NULL),
|
2007-10-31 21:48:06 +01:00
|
|
|
VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL),
|
2008-08-08 16:36:11 +02:00
|
|
|
VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
|
2014-12-02 13:20:35 +01:00
|
|
|
V(HiddenServiceStatistics, BOOL, "0"),
|
2008-08-12 18:12:26 +02:00
|
|
|
V(HidServAuth, LINELIST, NULL),
|
2011-12-24 09:46:37 +01:00
|
|
|
V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
|
2011-12-24 13:55:20 +01:00
|
|
|
V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
|
2010-10-29 19:41:24 +02:00
|
|
|
V(HTTPProxy, STRING, NULL),
|
|
|
|
V(HTTPProxyAuthenticator, STRING, NULL),
|
|
|
|
V(HTTPSProxy, STRING, NULL),
|
|
|
|
V(HTTPSProxyAuthenticator, STRING, NULL),
|
2012-10-25 06:20:41 +02:00
|
|
|
V(IPv6Exit, BOOL, "0"),
|
2011-07-13 18:58:11 +02:00
|
|
|
VAR("ServerTransportPlugin", LINELIST, ServerTransportPlugin, NULL),
|
2012-10-30 03:17:13 +01:00
|
|
|
V(ServerTransportListenAddr, LINELIST, NULL),
|
2013-06-12 14:28:31 +02:00
|
|
|
V(ServerTransportOptions, LINELIST, NULL),
|
2009-06-19 01:59:18 +02:00
|
|
|
V(Socks4Proxy, STRING, NULL),
|
|
|
|
V(Socks5Proxy, STRING, NULL),
|
|
|
|
V(Socks5ProxyUsername, STRING, NULL),
|
|
|
|
V(Socks5ProxyPassword, STRING, NULL),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(KeepalivePeriod, INTERVAL, "5 minutes"),
|
|
|
|
VAR("Log", LINELIST, Logs, NULL),
|
2011-01-25 21:53:15 +01:00
|
|
|
V(LogMessageDomains, BOOL, "0"),
|
2010-08-27 08:13:54 +02:00
|
|
|
V(LogTimeGranularity, MSEC_INTERVAL, "1 second"),
|
2014-03-23 17:24:26 +01:00
|
|
|
V(TruncateLogFile, BOOL, "0"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(LongLivedPorts, CSV,
|
2011-06-20 21:29:22 +02:00
|
|
|
"21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
|
2007-08-27 20:56:20 +02:00
|
|
|
VAR("MapAddress", LINELIST, AddressMap, NULL),
|
|
|
|
V(MaxAdvertisedBandwidth, MEMUNIT, "1 GB"),
|
|
|
|
V(MaxCircuitDirtiness, INTERVAL, "10 minutes"),
|
2011-07-07 20:54:54 +02:00
|
|
|
V(MaxClientCircuitsPending, UINT, "32"),
|
2014-04-28 18:25:52 +02:00
|
|
|
VAR("MaxMemInQueues", MEMUNIT, MaxMemInQueues_raw, "0"),
|
2012-12-27 00:08:01 +01:00
|
|
|
OBSOLETE("MaxOnionsPending"),
|
|
|
|
V(MaxOnionQueueDelay, MSEC_INTERVAL, "1750 msec"),
|
2013-03-18 19:15:21 +01:00
|
|
|
V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(MyFamily, STRING, NULL),
|
|
|
|
V(NewCircuitPeriod, INTERVAL, "30 seconds"),
|
2014-09-04 23:16:51 +02:00
|
|
|
OBSOLETE("NamingAuthoritativeDirectory"),
|
2010-10-30 06:08:47 +02:00
|
|
|
V(NATDListenAddress, LINELIST, NULL),
|
2012-08-09 21:48:43 +02:00
|
|
|
VPORT(NATDPort, LINELIST, NULL),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(Nickname, STRING, NULL),
|
2014-03-05 20:35:07 +01:00
|
|
|
V(PredictedPortsRelevanceTime, INTERVAL, "1 hour"),
|
2010-06-03 12:52:34 +02:00
|
|
|
V(WarnUnsafeSocks, BOOL, "1"),
|
2007-08-27 20:56:20 +02:00
|
|
|
VAR("NodeFamily", LINELIST, NodeFamilies, NULL),
|
2010-11-15 20:14:13 +01:00
|
|
|
V(NumCPUs, UINT, "0"),
|
2013-07-30 18:05:39 +02:00
|
|
|
V(NumDirectoryGuards, UINT, "0"),
|
2014-07-23 18:23:49 +02:00
|
|
|
V(NumEntryGuards, UINT, "0"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(ORListenAddress, LINELIST, NULL),
|
2012-08-09 21:48:43 +02:00
|
|
|
VPORT(ORPort, LINELIST, NULL),
|
2012-09-20 17:09:25 +02:00
|
|
|
V(OutboundBindAddress, LINELIST, NULL),
|
2012-05-04 05:15:34 +02:00
|
|
|
|
2012-11-01 02:49:49 +01:00
|
|
|
OBSOLETE("PathBiasDisableRate"),
|
2012-05-04 05:15:34 +02:00
|
|
|
V(PathBiasCircThreshold, INT, "-1"),
|
|
|
|
V(PathBiasNoticeRate, DOUBLE, "-1"),
|
2012-10-25 03:03:09 +02:00
|
|
|
V(PathBiasWarnRate, DOUBLE, "-1"),
|
2012-11-01 02:49:49 +01:00
|
|
|
V(PathBiasExtremeRate, DOUBLE, "-1"),
|
2012-05-04 05:15:34 +02:00
|
|
|
V(PathBiasScaleThreshold, INT, "-1"),
|
2013-01-30 23:40:46 +01:00
|
|
|
OBSOLETE("PathBiasScaleFactor"),
|
|
|
|
OBSOLETE("PathBiasMultFactor"),
|
2012-12-18 21:39:03 +01:00
|
|
|
V(PathBiasDropGuards, AUTOBOOL, "0"),
|
2013-01-19 04:37:16 +01:00
|
|
|
OBSOLETE("PathBiasUseCloseCounts"),
|
|
|
|
|
|
|
|
V(PathBiasUseThreshold, INT, "-1"),
|
|
|
|
V(PathBiasNoticeUseRate, DOUBLE, "-1"),
|
|
|
|
V(PathBiasExtremeUseRate, DOUBLE, "-1"),
|
|
|
|
V(PathBiasScaleUseThreshold, INT, "-1"),
|
2012-05-04 05:15:34 +02:00
|
|
|
|
2013-01-29 17:05:13 +01:00
|
|
|
V(PathsNeededToBuildCircuits, DOUBLE, "-1"),
|
2009-12-30 05:13:03 +01:00
|
|
|
V(PerConnBWBurst, MEMUNIT, "0"),
|
|
|
|
V(PerConnBWRate, MEMUNIT, "0"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(PidFile, STRING, NULL),
|
2008-06-14 18:01:29 +02:00
|
|
|
V(TestingTorNetwork, BOOL, "0"),
|
2013-03-20 19:16:41 +01:00
|
|
|
V(TestingMinExitFlagThreshold, MEMUNIT, "0"),
|
2013-03-20 18:34:57 +01:00
|
|
|
V(TestingMinFastFlagThreshold, MEMUNIT, "0"),
|
2011-07-20 16:38:00 +02:00
|
|
|
V(OptimisticData, AUTOBOOL, "auto"),
|
2010-06-16 20:47:06 +02:00
|
|
|
V(PortForwarding, BOOL, "0"),
|
|
|
|
V(PortForwardingHelper, FILENAME, "tor-fw-helper"),
|
2014-02-11 17:10:55 +01:00
|
|
|
OBSOLETE("PreferTunneledDirConns"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(ProtocolWarnings, BOOL, "0"),
|
2007-12-22 09:27:42 +01:00
|
|
|
V(PublishServerDescriptor, CSV, "1"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(PublishHidServDescriptors, BOOL, "1"),
|
|
|
|
V(ReachableAddresses, LINELIST, NULL),
|
|
|
|
V(ReachableDirAddresses, LINELIST, NULL),
|
|
|
|
V(ReachableORAddresses, LINELIST, NULL),
|
|
|
|
V(RecommendedVersions, LINELIST, NULL),
|
|
|
|
V(RecommendedClientVersions, LINELIST, NULL),
|
|
|
|
V(RecommendedServerVersions, LINELIST, NULL),
|
2010-11-08 19:34:40 +01:00
|
|
|
V(RefuseUnknownExits, AUTOBOOL, "auto"),
|
2008-01-20 06:54:15 +01:00
|
|
|
V(RejectPlaintextPorts, CSV, ""),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(RelayBandwidthBurst, MEMUNIT, "0"),
|
|
|
|
V(RelayBandwidthRate, MEMUNIT, "0"),
|
|
|
|
V(RendPostPeriod, INTERVAL, "1 hour"),
|
|
|
|
V(RephistTrackTime, INTERVAL, "24 hours"),
|
|
|
|
V(RunAsDaemon, BOOL, "0"),
|
2010-10-30 00:03:31 +02:00
|
|
|
OBSOLETE("RunTesting"), // currently unused
|
2013-06-17 12:07:14 +02:00
|
|
|
V(Sandbox, BOOL, "0"),
|
2009-09-28 15:08:32 +02:00
|
|
|
V(SafeLogging, STRING, "1"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(SafeSocks, BOOL, "0"),
|
2008-12-17 23:58:14 +01:00
|
|
|
V(ServerDNSAllowBrokenConfig, BOOL, "1"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
|
|
|
|
V(ServerDNSDetectHijacking, BOOL, "1"),
|
2008-10-29 20:20:02 +01:00
|
|
|
V(ServerDNSRandomizeCase, BOOL, "1"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(ServerDNSResolvConfFile, STRING, NULL),
|
|
|
|
V(ServerDNSSearchDomains, BOOL, "0"),
|
|
|
|
V(ServerDNSTestAddresses, CSV,
|
2006-12-28 22:29:11 +01:00
|
|
|
"www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
|
2014-11-28 04:51:13 +01:00
|
|
|
V(SchedulerLowWaterMark__, MEMUNIT, "100 MB"),
|
|
|
|
V(SchedulerHighWaterMark__, MEMUNIT, "101 MB"),
|
|
|
|
V(SchedulerMaxFlushCells__, UINT, "1000"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(ShutdownWaitLength, INTERVAL, "30 seconds"),
|
|
|
|
V(SocksListenAddress, LINELIST, NULL),
|
|
|
|
V(SocksPolicy, LINELIST, NULL),
|
2012-08-09 21:48:43 +02:00
|
|
|
VPORT(SocksPort, LINELIST, NULL),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(SocksTimeout, INTERVAL, "2 minutes"),
|
2013-03-09 23:16:11 +01:00
|
|
|
V(SSLKeyLifetime, INTERVAL, "0"),
|
2014-08-18 19:03:21 +02:00
|
|
|
OBSOLETE("StrictEntryNodes"),
|
|
|
|
OBSOLETE("StrictExitNodes"),
|
2009-09-18 04:45:54 +02:00
|
|
|
V(StrictNodes, BOOL, "0"),
|
2014-11-17 17:52:10 +01:00
|
|
|
OBSOLETE("Support022HiddenServices"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(TestSocks, BOOL, "0"),
|
2011-09-28 21:38:36 +02:00
|
|
|
V(TokenBucketRefillInterval, MSEC_INTERVAL, "100 msec"),
|
2011-06-01 16:03:01 +02:00
|
|
|
V(Tor2webMode, BOOL, "0"),
|
2012-12-26 02:04:54 +01:00
|
|
|
V(TLSECGroup, STRING, NULL),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(TrackHostExits, CSV, NULL),
|
|
|
|
V(TrackHostExitsExpire, INTERVAL, "30 minutes"),
|
|
|
|
V(TransListenAddress, LINELIST, NULL),
|
2012-08-09 21:48:43 +02:00
|
|
|
VPORT(TransPort, LINELIST, NULL),
|
2014-02-03 19:56:19 +01:00
|
|
|
V(TransProxyType, STRING, "default"),
|
2014-02-11 17:10:55 +01:00
|
|
|
OBSOLETE("TunnelDirConns"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(UpdateBridgesFromAuthority, BOOL, "0"),
|
2011-06-17 22:45:53 +02:00
|
|
|
V(UseBridges, BOOL, "0"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(UseEntryGuards, BOOL, "1"),
|
2012-12-11 19:05:35 +01:00
|
|
|
V(UseEntryGuardsAsDirGuards, BOOL, "1"),
|
2011-07-11 22:54:43 +02:00
|
|
|
V(UseMicrodescriptors, AUTOBOOL, "auto"),
|
2013-04-19 04:35:15 +02:00
|
|
|
V(UseNTorHandshake, AUTOBOOL, "1"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(User, STRING, NULL),
|
2011-11-18 23:43:03 +01:00
|
|
|
V(UserspaceIOCPBuffers, BOOL, "0"),
|
2014-03-17 17:38:22 +01:00
|
|
|
OBSOLETE("V1AuthoritativeDirectory"),
|
2014-01-29 21:17:05 +01:00
|
|
|
OBSOLETE("V2AuthoritativeDirectory"),
|
2007-05-22 19:58:25 +02:00
|
|
|
VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"),
|
2008-06-20 19:03:13 +02:00
|
|
|
V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
|
|
|
|
V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
|
|
|
|
V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
|
2013-06-05 15:48:57 +02:00
|
|
|
V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
|
2007-08-27 20:56:20 +02:00
|
|
|
V(V3AuthVotingInterval, INTERVAL, "1 hour"),
|
|
|
|
V(V3AuthVoteDelay, INTERVAL, "5 minutes"),
|
|
|
|
V(V3AuthDistDelay, INTERVAL, "5 minutes"),
|
|
|
|
V(V3AuthNIntervalsValid, UINT, "3"),
|
2008-05-12 04:14:01 +02:00
|
|
|
V(V3AuthUseLegacyKey, BOOL, "0"),
|
2009-07-31 06:33:53 +02:00
|
|
|
V(V3BandwidthsFile, FILENAME, NULL),
|
2005-10-08 07:47:58 +02:00
|
|
|
VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
|
2012-11-23 23:31:53 +01:00
|
|
|
V(VirtualAddrNetworkIPv4, STRING, "127.192.0.0/10"),
|
|
|
|
V(VirtualAddrNetworkIPv6, STRING, "[FE80::]/10"),
|
2008-01-20 06:54:15 +01:00
|
|
|
V(WarnPlaintextPorts, CSV, "23,109,110,143"),
|
2012-09-10 16:09:19 +02:00
|
|
|
V(UseFilteringSSLBufferevents, BOOL, "0"),
|
2008-12-10 23:17:02 +01:00
|
|
|
VAR("__ReloadTorrcOnSIGHUP", BOOL, ReloadTorrcOnSIGHUP, "1"),
|
2007-08-27 20:56:20 +02:00
|
|
|
VAR("__AllDirActionsPrivate", BOOL, AllDirActionsPrivate, "0"),
|
|
|
|
VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
|
|
|
|
VAR("__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached, "0"),
|
2008-02-17 19:45:07 +01:00
|
|
|
VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
|
|
|
|
NULL),
|
2011-05-15 17:23:04 +02:00
|
|
|
VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
|
2015-01-14 13:47:54 +01:00
|
|
|
V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
|
2011-05-10 11:06:07 +02:00
|
|
|
V(VoteOnHidServDirectoriesV2, BOOL, "1"),
|
2013-05-16 12:08:48 +02:00
|
|
|
V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 60, 60, 120, "
|
|
|
|
"300, 900, 2147483647"),
|
|
|
|
V(TestingClientDownloadSchedule, CSV_INTERVAL, "0, 0, 60, 300, 600, "
|
|
|
|
"2147483647"),
|
|
|
|
V(TestingServerConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 60, "
|
|
|
|
"300, 600, 1800, 1800, 1800, 1800, "
|
|
|
|
"1800, 3600, 7200"),
|
|
|
|
V(TestingClientConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 60, "
|
|
|
|
"300, 600, 1800, 3600, 3600, 3600, "
|
|
|
|
"10800, 21600, 43200"),
|
|
|
|
V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "3600, 900, 900, 3600"),
|
|
|
|
V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
|
|
|
|
V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
|
|
|
|
V(TestingConsensusMaxDownloadTries, UINT, "8"),
|
|
|
|
V(TestingDescriptorMaxDownloadTries, UINT, "8"),
|
|
|
|
V(TestingMicrodescMaxDownloadTries, UINT, "8"),
|
|
|
|
V(TestingCertMaxDownloadTries, UINT, "8"),
|
2014-10-01 09:44:21 +02:00
|
|
|
V(TestingDirAuthVoteExit, ROUTERSET, NULL),
|
2013-10-07 09:28:44 +02:00
|
|
|
V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
|
2015-01-10 11:43:31 +01:00
|
|
|
V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
|
2012-10-12 18:22:13 +02:00
|
|
|
VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
|
2009-12-10 17:12:42 +01:00
|
|
|
|
2006-01-06 16:43:03 +01:00
|
|
|
{ NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
|
2004-10-27 04:30:28 +02:00
|
|
|
};
|
2008-06-14 18:01:29 +02:00
|
|
|
|
2008-12-23 18:56:31 +01:00
|
|
|
/** Override default values with these if the user sets the TestingTorNetwork
|
|
|
|
* option. */
|
2011-06-14 19:01:38 +02:00
|
|
|
static const config_var_t testing_tor_network_defaults[] = {
|
2012-09-03 08:09:39 +02:00
|
|
|
V(ServerDNSAllowBrokenConfig, BOOL, "1"),
|
2008-06-14 18:01:29 +02:00
|
|
|
V(DirAllowPrivateAddresses, BOOL, "1"),
|
|
|
|
V(EnforceDistinctSubnets, BOOL, "0"),
|
|
|
|
V(AssumeReachable, BOOL, "1"),
|
|
|
|
V(AuthDirMaxServersPerAddr, UINT, "0"),
|
|
|
|
V(AuthDirMaxServersPerAuthAddr,UINT, "0"),
|
|
|
|
V(ClientDNSRejectInternalAddresses, BOOL,"0"),
|
2011-01-26 17:35:24 +01:00
|
|
|
V(ClientRejectInternalAddresses, BOOL, "0"),
|
2011-04-05 20:50:32 +02:00
|
|
|
V(CountPrivateBandwidth, BOOL, "1"),
|
2008-06-14 18:01:29 +02:00
|
|
|
V(ExitPolicyRejectPrivate, BOOL, "0"),
|
2012-08-27 17:16:44 +02:00
|
|
|
V(ExtendAllowPrivateAddresses, BOOL, "1"),
|
2008-06-14 18:01:29 +02:00
|
|
|
V(V3AuthVotingInterval, INTERVAL, "5 minutes"),
|
|
|
|
V(V3AuthVoteDelay, INTERVAL, "20 seconds"),
|
|
|
|
V(V3AuthDistDelay, INTERVAL, "20 seconds"),
|
2014-12-20 11:53:00 +01:00
|
|
|
V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
|
2008-06-20 19:03:13 +02:00
|
|
|
V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
|
|
|
|
V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
|
2013-06-05 15:48:57 +02:00
|
|
|
V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
|
2008-06-20 19:03:13 +02:00
|
|
|
V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
|
|
|
|
V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
|
2010-10-26 18:37:57 +02:00
|
|
|
V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
|
2013-05-16 12:08:48 +02:00
|
|
|
V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 5, 10, 15, "
|
|
|
|
"20, 30, 60"),
|
|
|
|
V(TestingClientDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, 15, 20, "
|
|
|
|
"30, 60"),
|
|
|
|
V(TestingServerConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, "
|
|
|
|
"15, 20, 30, 60"),
|
|
|
|
V(TestingClientConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, "
|
|
|
|
"15, 20, 30, 60"),
|
|
|
|
V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "60, 30, 30, 60"),
|
|
|
|
V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
|
|
|
|
V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
|
|
|
|
V(TestingConsensusMaxDownloadTries, UINT, "80"),
|
|
|
|
V(TestingDescriptorMaxDownloadTries, UINT, "80"),
|
|
|
|
V(TestingMicrodescMaxDownloadTries, UINT, "80"),
|
|
|
|
V(TestingCertMaxDownloadTries, UINT, "80"),
|
2013-05-24 12:01:32 +02:00
|
|
|
V(TestingEnableConnBwEvent, BOOL, "1"),
|
2013-05-24 12:29:42 +02:00
|
|
|
V(TestingEnableCellStatsEvent, BOOL, "1"),
|
2013-05-25 12:21:09 +02:00
|
|
|
V(TestingEnableTbEmptyEvent, BOOL, "1"),
|
2012-10-12 18:22:13 +02:00
|
|
|
VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
|
2015-01-05 02:10:53 +01:00
|
|
|
V(RendPostPeriod, INTERVAL, "2 minutes"),
|
2011-04-05 20:50:32 +02:00
|
|
|
|
2008-06-14 18:01:29 +02:00
|
|
|
{ NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
|
|
|
|
};
|
2005-07-28 21:01:48 +02:00
|
|
|
|
2004-10-27 04:30:28 +02:00
|
|
|
#undef VAR
|
2007-08-27 20:56:20 +02:00
|
|
|
#undef V
|
2004-10-27 04:30:28 +02:00
|
|
|
#undef OBSOLETE
|
|
|
|
|
2012-01-31 16:59:42 +01:00
|
|
|
#ifdef _WIN32
|
2008-06-04 09:08:05 +02:00
|
|
|
static char *get_windows_conf_root(void);
|
|
|
|
#endif
|
2011-06-14 19:01:38 +02:00
|
|
|
static int options_act_reversible(const or_options_t *old_options, char **msg);
|
|
|
|
static int options_act(const or_options_t *old_options);
|
|
|
|
static int options_transition_allowed(const or_options_t *old,
|
|
|
|
const or_options_t *new,
|
2006-03-26 08:51:26 +02:00
|
|
|
char **msg);
|
2011-06-14 19:01:38 +02:00
|
|
|
static int options_transition_affects_workers(
|
|
|
|
const or_options_t *old_options, const or_options_t *new_options);
|
|
|
|
static int options_transition_affects_descriptor(
|
|
|
|
const or_options_t *old_options, const or_options_t *new_options);
|
2013-08-31 06:12:36 +02:00
|
|
|
static int check_nickname_list(char **lst, const char *name, char **msg);
|
2012-10-30 03:17:13 +01:00
|
|
|
static char *get_bindaddr_from_transport_listen_line(const char *line,
|
|
|
|
const char *transport);
|
2012-09-10 22:33:19 +02:00
|
|
|
static int parse_dir_authority_line(const char *line,
|
2010-11-08 20:27:36 +01:00
|
|
|
dirinfo_type_t required_type,
|
2007-12-12 05:38:54 +01:00
|
|
|
int validate_only);
|
2012-09-11 00:13:28 +02:00
|
|
|
static int parse_dir_fallback_line(const char *line,
|
|
|
|
int validate_only);
|
2011-07-06 22:03:47 +02:00
|
|
|
static void port_cfg_free(port_cfg_t *port);
|
2012-08-09 21:48:43 +02:00
|
|
|
static int parse_ports(or_options_t *options, int validate_only,
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
char **msg_out, int *n_ports_out);
|
2011-11-08 22:10:38 +01:00
|
|
|
static int check_server_ports(const smartlist_t *ports,
|
|
|
|
const or_options_t *options);
|
|
|
|
|
2004-11-09 06:35:49 +01:00
|
|
|
static int validate_data_directory(or_options_t *options);
|
2011-06-14 19:01:38 +02:00
|
|
|
static int write_configuration_file(const char *fname,
|
|
|
|
const or_options_t *options);
|
2014-03-23 17:24:26 +01:00
|
|
|
static int options_init_logs(const or_options_t *old_options,
|
|
|
|
or_options_t *options, int validate_only);
|
2003-09-08 07:16:18 +02:00
|
|
|
|
2010-09-28 20:01:45 +02:00
|
|
|
static void init_libevent(const or_options_t *options);
|
2005-12-08 19:56:32 +01:00
|
|
|
static int opt_streq(const char *s1, const char *s2);
|
2012-09-20 17:09:25 +02:00
|
|
|
static int parse_outbound_addresses(or_options_t *options, int validate_only,
|
|
|
|
char **msg);
|
2012-10-20 19:35:00 +02:00
|
|
|
static void config_maybe_load_geoip_files_(const or_options_t *options,
|
|
|
|
const or_options_t *old_options);
|
2013-09-02 21:00:09 +02:00
|
|
|
static int options_validate_cb(void *old_options, void *options,
|
|
|
|
void *default_options,
|
|
|
|
int from_setconf, char **msg);
|
2014-04-03 18:06:44 +02:00
|
|
|
static uint64_t compute_real_max_mem_in_queues(const uint64_t val,
|
|
|
|
int log_guess);
|
2004-11-20 01:37:00 +01:00
|
|
|
|
2007-02-16 19:12:47 +01:00
|
|
|
/** Magic value for or_options_t. */
|
2005-07-22 22:37:42 +02:00
|
|
|
#define OR_OPTIONS_MAGIC 9090909
|
|
|
|
|
2007-02-16 19:12:47 +01:00
|
|
|
/** Configuration format for or_options_t. */
|
2013-07-18 20:38:31 +02:00
|
|
|
STATIC config_format_t options_format = {
|
2005-07-22 22:37:42 +02:00
|
|
|
sizeof(or_options_t),
|
|
|
|
OR_OPTIONS_MAGIC,
|
2012-10-12 18:22:13 +02:00
|
|
|
STRUCT_OFFSET(or_options_t, magic_),
|
|
|
|
option_abbrevs_,
|
|
|
|
option_vars_,
|
2013-09-02 21:00:09 +02:00
|
|
|
options_validate_cb,
|
2006-02-12 23:28:30 +01:00
|
|
|
NULL
|
2005-07-28 21:01:48 +02:00
|
|
|
};
|
|
|
|
|
2004-11-06 06:18:11 +01:00
|
|
|
/*
|
|
|
|
* Functions to read and write the global options pointer.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/** Command-line and config-file options. */
|
2005-07-28 21:01:48 +02:00
|
|
|
static or_options_t *global_options = NULL;
|
2012-06-05 00:50:13 +02:00
|
|
|
/** The fallback options_t object; this is where we look for options not
|
|
|
|
* in torrc before we fall back to Tor's defaults. */
|
2011-11-28 04:25:52 +01:00
|
|
|
static or_options_t *global_default_options = NULL;
|
2004-11-15 04:53:03 +01:00
|
|
|
/** Name of most recently read torrc file. */
|
2005-08-10 20:05:20 +02:00
|
|
|
static char *torrc_fname = NULL;
|
2012-06-05 00:50:13 +02:00
|
|
|
/** Name of the most recently read torrc-defaults file.*/
|
2011-11-28 04:25:52 +01:00
|
|
|
static char *torrc_defaults_fname;
|
2013-09-16 19:05:04 +02:00
|
|
|
/** Configuration options set by command line. */
|
2008-03-10 13:41:40 +01:00
|
|
|
static config_line_t *global_cmdline_options = NULL;
|
2013-09-16 19:05:04 +02:00
|
|
|
/** Non-configuration options set by the command line */
|
|
|
|
static config_line_t *global_cmdline_only_options = NULL;
|
|
|
|
/** Boolean: Have we parsed the command line? */
|
|
|
|
static int have_parsed_cmdline = 0;
|
2008-12-07 02:34:45 +01:00
|
|
|
/** Contents of most recently read DirPortFrontPage file. */
|
2008-12-07 02:21:19 +01:00
|
|
|
static char *global_dirfrontpagecontents = NULL;
|
2011-11-08 22:10:38 +01:00
|
|
|
/** List of port_cfg_t for all configured ports. */
|
|
|
|
static smartlist_t *configured_ports = NULL;
|
2008-12-07 02:21:19 +01:00
|
|
|
|
|
|
|
/** Return the contents of our frontpage string, or NULL if not configured. */
|
|
|
|
const char *
|
|
|
|
get_dirportfrontpage(void)
|
|
|
|
{
|
|
|
|
return global_dirfrontpagecontents;
|
|
|
|
}
|
2004-11-06 06:18:11 +01:00
|
|
|
|
2004-11-09 00:12:40 +01:00
|
|
|
/** Return the currently configured options. */
|
|
|
|
or_options_t *
|
2011-06-14 19:01:38 +02:00
|
|
|
get_options_mutable(void)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2004-11-06 06:18:11 +01:00
|
|
|
tor_assert(global_options);
|
|
|
|
return global_options;
|
|
|
|
}
|
2004-11-09 00:12:40 +01:00
|
|
|
|
2011-06-14 19:01:38 +02:00
|
|
|
/** Returns the currently configured options */
|
2014-04-15 14:20:34 +02:00
|
|
|
MOCK_IMPL(const or_options_t *,
|
|
|
|
get_options,(void))
|
2011-06-14 19:01:38 +02:00
|
|
|
{
|
|
|
|
return get_options_mutable();
|
|
|
|
}
|
|
|
|
|
2005-08-22 02:18:45 +02:00
|
|
|
/** Change the current global options to contain <b>new_val</b> instead of
|
|
|
|
* their current value; take action based on the new value; free the old value
|
2008-03-13 16:11:56 +01:00
|
|
|
* as necessary. Returns 0 on success, -1 on failure.
|
2004-11-09 00:12:40 +01:00
|
|
|
*/
|
2005-09-14 04:36:29 +02:00
|
|
|
int
|
2006-03-26 08:51:26 +02:00
|
|
|
set_options(or_options_t *new_val, char **msg)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2011-08-08 01:38:53 +02:00
|
|
|
int i;
|
|
|
|
smartlist_t *elements;
|
|
|
|
config_line_t *line;
|
2005-08-22 02:18:45 +02:00
|
|
|
or_options_t *old_options = global_options;
|
2004-11-09 00:12:40 +01:00
|
|
|
global_options = new_val;
|
2005-08-26 22:26:20 +02:00
|
|
|
/* Note that we pass the *old* options below, for comparison. It
|
|
|
|
* pulls the new options directly out of global_options. */
|
2006-03-26 08:51:26 +02:00
|
|
|
if (options_act_reversible(old_options, msg)<0) {
|
|
|
|
tor_assert(*msg);
|
2005-09-14 04:36:29 +02:00
|
|
|
global_options = old_options;
|
|
|
|
return -1;
|
|
|
|
}
|
2005-08-22 02:18:45 +02:00
|
|
|
if (options_act(old_options) < 0) { /* acting on the options failed. die. */
|
2006-03-26 08:51:26 +02:00
|
|
|
log_err(LD_BUG,
|
2006-02-13 10:02:35 +01:00
|
|
|
"Acting on config options left us in a broken state. Dying.");
|
2005-08-22 02:18:45 +02:00
|
|
|
exit(1);
|
|
|
|
}
|
2011-08-08 01:38:53 +02:00
|
|
|
/* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
|
|
|
|
* just starting up then the old_options will be undefined. */
|
2012-04-11 20:47:42 +02:00
|
|
|
if (old_options && old_options != global_options) {
|
2012-01-18 21:53:30 +01:00
|
|
|
elements = smartlist_new();
|
2011-08-08 01:38:53 +02:00
|
|
|
for (i=0; options_format.vars[i].name; ++i) {
|
2011-08-17 16:46:22 +02:00
|
|
|
const config_var_t *var = &options_format.vars[i];
|
|
|
|
const char *var_name = var->name;
|
2011-08-16 03:28:38 +02:00
|
|
|
if (var->type == CONFIG_TYPE_LINELIST_S ||
|
|
|
|
var->type == CONFIG_TYPE_OBSOLETE) {
|
|
|
|
continue;
|
|
|
|
}
|
2012-09-12 23:34:50 +02:00
|
|
|
if (!config_is_same(&options_format, new_val, old_options, var_name)) {
|
|
|
|
line = config_get_assigned_option(&options_format, new_val,
|
|
|
|
var_name, 1);
|
2011-08-08 01:38:53 +02:00
|
|
|
|
|
|
|
if (line) {
|
2013-02-11 22:12:49 +01:00
|
|
|
config_line_t *next;
|
|
|
|
for (; line; line = next) {
|
|
|
|
next = line->next;
|
2011-08-08 16:19:06 +02:00
|
|
|
smartlist_add(elements, line->key);
|
|
|
|
smartlist_add(elements, line->value);
|
2013-02-11 22:12:49 +01:00
|
|
|
tor_free(line);
|
2011-08-08 01:38:53 +02:00
|
|
|
}
|
|
|
|
} else {
|
2013-04-17 17:34:15 +02:00
|
|
|
smartlist_add(elements, tor_strdup(options_format.vars[i].name));
|
2011-08-08 16:19:06 +02:00
|
|
|
smartlist_add(elements, NULL);
|
2011-08-08 01:38:53 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2011-08-08 16:19:06 +02:00
|
|
|
control_event_conf_changed(elements);
|
2013-04-17 17:34:15 +02:00
|
|
|
SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
|
2011-08-08 01:38:53 +02:00
|
|
|
smartlist_free(elements);
|
|
|
|
}
|
2012-04-11 20:47:42 +02:00
|
|
|
|
|
|
|
if (old_options != global_options)
|
|
|
|
config_free(&options_format, old_options);
|
2005-09-14 04:36:29 +02:00
|
|
|
|
|
|
|
return 0;
|
2004-11-09 05:28:18 +01:00
|
|
|
}
|
|
|
|
|
2009-06-12 19:38:37 +02:00
|
|
|
extern const char tor_git_revision[]; /* from tor_main.c */
|
2007-05-22 17:48:46 +02:00
|
|
|
|
2008-12-23 18:56:31 +01:00
|
|
|
/** The version of this Tor process, as parsed. */
|
2012-01-11 20:02:59 +01:00
|
|
|
static char *the_tor_version = NULL;
|
2012-06-05 06:17:54 +02:00
|
|
|
/** A shorter version of this Tor process's version, for export in our router
|
|
|
|
* descriptor. (Does not include the git version, if any.) */
|
2012-05-12 00:06:12 +02:00
|
|
|
static char *the_short_tor_version = NULL;
|
2007-07-17 11:26:45 +02:00
|
|
|
|
2008-12-23 18:56:31 +01:00
|
|
|
/** Return the current Tor version. */
|
2007-05-22 17:48:46 +02:00
|
|
|
const char *
|
|
|
|
get_version(void)
|
|
|
|
{
|
2012-01-11 20:02:59 +01:00
|
|
|
if (the_tor_version == NULL) {
|
2009-06-12 19:38:37 +02:00
|
|
|
if (strlen(tor_git_revision)) {
|
2012-05-12 00:06:12 +02:00
|
|
|
tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
|
|
|
|
tor_git_revision);
|
2007-05-22 17:48:46 +02:00
|
|
|
} else {
|
2012-05-12 00:06:12 +02:00
|
|
|
the_tor_version = tor_strdup(get_short_version());
|
2007-05-22 17:48:46 +02:00
|
|
|
}
|
|
|
|
}
|
2012-01-11 20:02:59 +01:00
|
|
|
return the_tor_version;
|
2007-05-22 17:48:46 +02:00
|
|
|
}
|
|
|
|
|
2012-05-12 00:06:12 +02:00
|
|
|
/** Return the current Tor version, without any git tag. */
|
|
|
|
const char *
|
|
|
|
get_short_version(void)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (the_short_tor_version == NULL) {
|
|
|
|
#ifdef TOR_BUILD_TAG
|
|
|
|
tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
|
|
|
|
#else
|
|
|
|
the_short_tor_version = tor_strdup(VERSION);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
return the_short_tor_version;
|
|
|
|
}
|
|
|
|
|
2008-09-25 22:21:35 +02:00
|
|
|
/** Release additional memory allocated in options
|
|
|
|
*/
|
2013-07-18 20:38:31 +02:00
|
|
|
STATIC void
|
2008-09-25 22:21:35 +02:00
|
|
|
or_options_free(or_options_t *options)
|
|
|
|
{
|
2009-09-28 16:37:01 +02:00
|
|
|
if (!options)
|
|
|
|
return;
|
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
routerset_free(options->ExcludeExitNodesUnion_);
|
2010-10-01 00:25:25 +02:00
|
|
|
if (options->NodeFamilySets) {
|
|
|
|
SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
|
|
|
|
rs, routerset_free(rs));
|
|
|
|
smartlist_free(options->NodeFamilySets);
|
|
|
|
}
|
2012-10-12 18:22:13 +02:00
|
|
|
tor_free(options->BridgePassword_AuthDigest_);
|
2013-08-25 18:03:57 +02:00
|
|
|
tor_free(options->command_arg);
|
2008-09-25 22:21:35 +02:00
|
|
|
config_free(&options_format, options);
|
|
|
|
}
|
|
|
|
|
2006-03-17 06:50:41 +01:00
|
|
|
/** Release all memory and resources held by global configuration structures.
|
|
|
|
*/
|
2005-02-11 02:26:47 +01:00
|
|
|
void
|
|
|
|
config_free_all(void)
|
|
|
|
{
|
2009-12-12 08:07:59 +01:00
|
|
|
or_options_free(global_options);
|
|
|
|
global_options = NULL;
|
2011-11-28 04:25:52 +01:00
|
|
|
or_options_free(global_default_options);
|
|
|
|
global_default_options = NULL;
|
2009-12-12 08:07:59 +01:00
|
|
|
|
|
|
|
config_free_lines(global_cmdline_options);
|
|
|
|
global_cmdline_options = NULL;
|
|
|
|
|
2013-09-16 19:05:04 +02:00
|
|
|
config_free_lines(global_cmdline_only_options);
|
|
|
|
global_cmdline_only_options = NULL;
|
|
|
|
|
2011-11-08 22:10:38 +01:00
|
|
|
if (configured_ports) {
|
|
|
|
SMARTLIST_FOREACH(configured_ports,
|
2012-11-25 20:57:10 +01:00
|
|
|
port_cfg_t *, p, port_cfg_free(p));
|
2011-11-08 22:10:38 +01:00
|
|
|
smartlist_free(configured_ports);
|
|
|
|
configured_ports = NULL;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
}
|
|
|
|
|
2005-08-10 20:05:20 +02:00
|
|
|
tor_free(torrc_fname);
|
2011-11-28 04:25:52 +01:00
|
|
|
tor_free(torrc_defaults_fname);
|
2012-01-11 20:02:59 +01:00
|
|
|
tor_free(the_tor_version);
|
2008-12-07 02:21:19 +01:00
|
|
|
tor_free(global_dirfrontpagecontents);
|
2012-10-03 18:46:09 +02:00
|
|
|
|
|
|
|
tor_free(the_short_tor_version);
|
|
|
|
tor_free(the_tor_version);
|
2005-02-11 02:26:47 +01:00
|
|
|
}
|
|
|
|
|
2009-12-15 23:23:36 +01:00
|
|
|
/** Make <b>address</b> -- a piece of information related to our operation as
|
|
|
|
* a client -- safe to log according to the settings in options->SafeLogging,
|
|
|
|
* and return it.
|
|
|
|
*
|
|
|
|
* (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
|
2005-05-03 12:04:08 +02:00
|
|
|
*/
|
|
|
|
const char *
|
2009-12-15 23:23:36 +01:00
|
|
|
safe_str_client(const char *address)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2007-08-14 22:19:46 +02:00
|
|
|
tor_assert(address);
|
2012-10-12 18:22:13 +02:00
|
|
|
if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
|
2009-09-28 15:08:32 +02:00
|
|
|
return "[scrubbed]";
|
|
|
|
else
|
|
|
|
return address;
|
|
|
|
}
|
|
|
|
|
2009-12-15 23:23:36 +01:00
|
|
|
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
|
|
|
|
* -- safe to log according to the settings in options->SafeLogging, and
|
|
|
|
* return it.
|
|
|
|
*
|
|
|
|
* (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
|
|
|
|
* otherwise.)
|
2005-05-03 12:04:08 +02:00
|
|
|
*/
|
|
|
|
const char *
|
2005-06-11 20:52:12 +02:00
|
|
|
safe_str(const char *address)
|
|
|
|
{
|
2007-08-14 22:19:46 +02:00
|
|
|
tor_assert(address);
|
2012-10-12 18:22:13 +02:00
|
|
|
if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
|
2005-05-03 12:04:08 +02:00
|
|
|
return "[scrubbed]";
|
|
|
|
else
|
|
|
|
return address;
|
|
|
|
}
|
|
|
|
|
2009-12-15 23:23:36 +01:00
|
|
|
/** Equivalent to escaped(safe_str_client(address)). See reentrancy note on
|
2006-09-21 23:48:11 +02:00
|
|
|
* escaped(): don't use this outside the main thread, or twice in the same
|
|
|
|
* log statement. */
|
2006-03-05 10:50:26 +01:00
|
|
|
const char *
|
2009-12-15 23:23:36 +01:00
|
|
|
escaped_safe_str_client(const char *address)
|
2006-03-05 10:50:26 +01:00
|
|
|
{
|
2012-10-12 18:22:13 +02:00
|
|
|
if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
|
2009-09-28 15:08:32 +02:00
|
|
|
return "[scrubbed]";
|
|
|
|
else
|
|
|
|
return escaped(address);
|
|
|
|
}
|
|
|
|
|
2006-09-25 07:24:43 +02:00
|
|
|
/** Equivalent to escaped(safe_str(address)). See reentrancy note on
|
2006-09-21 23:48:11 +02:00
|
|
|
* escaped(): don't use this outside the main thread, or twice in the same
|
|
|
|
* log statement. */
|
2006-03-05 10:50:26 +01:00
|
|
|
const char *
|
|
|
|
escaped_safe_str(const char *address)
|
|
|
|
{
|
2012-10-12 18:22:13 +02:00
|
|
|
if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
|
2006-03-05 10:50:26 +01:00
|
|
|
return "[scrubbed]";
|
|
|
|
else
|
|
|
|
return escaped(address);
|
|
|
|
}
|
|
|
|
|
2007-12-12 05:38:54 +01:00
|
|
|
/** Add the default directory authorities directly into the trusted dir list,
|
2014-10-01 10:54:26 +02:00
|
|
|
* but only add them insofar as they share bits with <b>type</b>.
|
|
|
|
* Each authority's bits are restricted to the bits shared with <b>type</b>.
|
|
|
|
* If <b>type</b> is ALL_DIRINFO or NO_DIRINFO (zero), add all authorities. */
|
2005-11-18 03:47:09 +01:00
|
|
|
static void
|
2010-11-08 20:27:36 +01:00
|
|
|
add_default_trusted_dir_authorities(dirinfo_type_t type)
|
2005-11-18 03:47:09 +01:00
|
|
|
{
|
2006-03-18 23:37:27 +01:00
|
|
|
int i;
|
2012-09-11 00:13:28 +02:00
|
|
|
const char *authorities[] = {
|
2014-01-30 12:48:49 +01:00
|
|
|
"moria1 orport=9101 "
|
2010-01-19 20:12:39 +01:00
|
|
|
"v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
|
|
|
|
"128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
|
2014-11-24 07:34:17 +01:00
|
|
|
"tor26 orport=443 "
|
|
|
|
"v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
|
2007-09-20 23:36:56 +02:00
|
|
|
"86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
|
2014-11-24 07:34:17 +01:00
|
|
|
"dizum orport=443 "
|
|
|
|
"v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
|
2008-04-23 02:31:20 +02:00
|
|
|
"194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
|
2014-11-24 07:34:17 +01:00
|
|
|
"Tonga orport=443 bridge "
|
|
|
|
"82.94.251.203:80 4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
|
2014-01-30 12:48:49 +01:00
|
|
|
"gabelmoo orport=443 "
|
2010-01-19 20:12:39 +01:00
|
|
|
"v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
|
2014-09-19 13:40:37 +02:00
|
|
|
"131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
|
2014-01-30 12:48:49 +01:00
|
|
|
"dannenberg orport=443 "
|
2008-01-22 23:38:38 +01:00
|
|
|
"v3ident=585769C78764D58426B8B52B6651A5A71137189A "
|
2010-02-12 20:31:08 +01:00
|
|
|
"193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
|
2014-11-24 07:34:17 +01:00
|
|
|
"urras orport=80 "
|
|
|
|
"v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
|
2009-08-10 07:32:51 +02:00
|
|
|
"208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
|
2014-01-30 12:48:49 +01:00
|
|
|
"maatuska orport=80 "
|
2010-06-10 16:56:08 +02:00
|
|
|
"v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
|
2012-02-29 19:22:41 +01:00
|
|
|
"171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
|
2014-01-30 12:48:49 +01:00
|
|
|
"Faravahar orport=443 "
|
2012-09-22 15:10:37 +02:00
|
|
|
"v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 "
|
|
|
|
"154.35.32.5:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
|
2014-11-12 21:29:39 +01:00
|
|
|
"longclaw orport=443 "
|
2014-11-09 21:48:56 +01:00
|
|
|
"v3ident=23D15D965BC35114467363C165C4F724B64B4F66 "
|
2014-11-19 23:22:25 +01:00
|
|
|
"199.254.238.52:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",
|
2006-03-18 23:37:27 +01:00
|
|
|
NULL
|
2005-12-14 21:40:40 +01:00
|
|
|
};
|
2012-09-11 00:13:28 +02:00
|
|
|
for (i=0; authorities[i]; i++) {
|
|
|
|
if (parse_dir_authority_line(authorities[i], type, 0)<0) {
|
|
|
|
log_err(LD_BUG, "Couldn't parse internal DirAuthority line %s",
|
|
|
|
authorities[i]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Add the default fallback directory servers into the fallback directory
|
|
|
|
* server list. */
|
|
|
|
static void
|
|
|
|
add_default_fallback_dir_servers(void)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
const char *fallback[] = {
|
|
|
|
NULL
|
|
|
|
};
|
|
|
|
for (i=0; fallback[i]; i++) {
|
|
|
|
if (parse_dir_fallback_line(fallback[i], 0)<0) {
|
|
|
|
log_err(LD_BUG, "Couldn't parse internal FallbackDir line %s",
|
|
|
|
fallback[i]);
|
2008-01-14 20:00:23 +01:00
|
|
|
}
|
|
|
|
}
|
2007-12-12 05:38:54 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/** Look at all the config options for using alternate directory
|
|
|
|
* authorities, and make sure none of them are broken. Also, warn the
|
|
|
|
* user if we changed any dangerous ones.
|
|
|
|
*/
|
|
|
|
static int
|
2012-09-11 00:13:28 +02:00
|
|
|
validate_dir_servers(or_options_t *options, or_options_t *old_options)
|
2007-12-12 05:38:54 +01:00
|
|
|
{
|
|
|
|
config_line_t *cl;
|
|
|
|
|
2012-09-10 21:54:16 +02:00
|
|
|
if (options->DirAuthorities &&
|
2014-02-11 04:41:52 +01:00
|
|
|
(options->AlternateDirAuthority || options->AlternateBridgeAuthority)) {
|
2007-12-12 05:38:54 +01:00
|
|
|
log_warn(LD_CONFIG,
|
2012-09-10 21:54:16 +02:00
|
|
|
"You cannot set both DirAuthority and Alternate*Authority.");
|
2007-12-12 05:38:54 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* do we want to complain to the user about being partitionable? */
|
2012-09-10 21:54:16 +02:00
|
|
|
if ((options->DirAuthorities &&
|
2007-12-12 05:38:54 +01:00
|
|
|
(!old_options ||
|
2012-12-13 18:44:17 +01:00
|
|
|
!config_lines_eq(options->DirAuthorities,
|
|
|
|
old_options->DirAuthorities))) ||
|
2007-12-12 05:38:54 +01:00
|
|
|
(options->AlternateDirAuthority &&
|
|
|
|
(!old_options ||
|
|
|
|
!config_lines_eq(options->AlternateDirAuthority,
|
|
|
|
old_options->AlternateDirAuthority)))) {
|
|
|
|
log_warn(LD_CONFIG,
|
2012-09-10 21:54:16 +02:00
|
|
|
"You have used DirAuthority or AlternateDirAuthority to "
|
2007-12-12 05:38:54 +01:00
|
|
|
"specify alternate directory authorities in "
|
|
|
|
"your configuration. This is potentially dangerous: it can "
|
|
|
|
"make you look different from all other Tor users, and hurt "
|
|
|
|
"your anonymity. Even if you've specified the same "
|
|
|
|
"authorities as Tor uses by default, the defaults could "
|
|
|
|
"change in the future. Be sure you know what you're doing.");
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Now go through the four ways you can configure an alternate
|
|
|
|
* set of directory authorities, and make sure none are broken. */
|
2012-09-10 21:54:16 +02:00
|
|
|
for (cl = options->DirAuthorities; cl; cl = cl->next)
|
2012-09-10 22:33:19 +02:00
|
|
|
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
|
2007-12-12 05:38:54 +01:00
|
|
|
return -1;
|
|
|
|
for (cl = options->AlternateBridgeAuthority; cl; cl = cl->next)
|
2012-09-10 22:33:19 +02:00
|
|
|
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
|
2007-12-12 05:38:54 +01:00
|
|
|
return -1;
|
|
|
|
for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
|
2012-09-10 22:33:19 +02:00
|
|
|
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
|
2007-12-12 05:38:54 +01:00
|
|
|
return -1;
|
2012-09-11 00:13:28 +02:00
|
|
|
for (cl = options->FallbackDir; cl; cl = cl->next)
|
|
|
|
if (parse_dir_fallback_line(cl->value, 1)<0)
|
|
|
|
return -1;
|
2007-12-12 05:38:54 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Look at all the config options and assign new dir authorities
|
|
|
|
* as appropriate.
|
|
|
|
*/
|
|
|
|
static int
|
2012-09-11 00:13:28 +02:00
|
|
|
consider_adding_dir_servers(const or_options_t *options,
|
|
|
|
const or_options_t *old_options)
|
2007-12-12 05:38:54 +01:00
|
|
|
{
|
|
|
|
config_line_t *cl;
|
|
|
|
int need_to_update =
|
2012-09-10 21:23:39 +02:00
|
|
|
!smartlist_len(router_get_trusted_dir_servers()) ||
|
|
|
|
!smartlist_len(router_get_fallback_dir_servers()) || !old_options ||
|
2012-09-10 21:54:16 +02:00
|
|
|
!config_lines_eq(options->DirAuthorities, old_options->DirAuthorities) ||
|
2012-09-11 00:13:28 +02:00
|
|
|
!config_lines_eq(options->FallbackDir, old_options->FallbackDir) ||
|
2007-12-12 05:38:54 +01:00
|
|
|
!config_lines_eq(options->AlternateBridgeAuthority,
|
|
|
|
old_options->AlternateBridgeAuthority) ||
|
|
|
|
!config_lines_eq(options->AlternateDirAuthority,
|
2014-02-11 04:41:52 +01:00
|
|
|
old_options->AlternateDirAuthority);
|
2007-12-12 05:38:54 +01:00
|
|
|
|
|
|
|
if (!need_to_update)
|
|
|
|
return 0; /* all done */
|
|
|
|
|
|
|
|
/* Start from a clean slate. */
|
2012-09-10 21:23:39 +02:00
|
|
|
clear_dir_servers();
|
2007-12-12 05:38:54 +01:00
|
|
|
|
2012-09-10 21:54:16 +02:00
|
|
|
if (!options->DirAuthorities) {
|
2007-12-12 05:38:54 +01:00
|
|
|
/* then we may want some of the defaults */
|
2010-11-08 20:35:02 +01:00
|
|
|
dirinfo_type_t type = NO_DIRINFO;
|
2007-12-12 05:38:54 +01:00
|
|
|
if (!options->AlternateBridgeAuthority)
|
2010-11-08 20:35:02 +01:00
|
|
|
type |= BRIDGE_DIRINFO;
|
2007-12-12 05:38:54 +01:00
|
|
|
if (!options->AlternateDirAuthority)
|
2014-03-17 17:38:22 +01:00
|
|
|
type |= V3_DIRINFO | EXTRAINFO_DIRINFO | MICRODESC_DIRINFO;
|
2014-10-01 10:37:19 +02:00
|
|
|
/* if type == NO_DIRINFO, we don't want to add any of the
|
|
|
|
* default authorities, because we've replaced them all */
|
|
|
|
if (type != NO_DIRINFO)
|
|
|
|
add_default_trusted_dir_authorities(type);
|
2007-12-12 05:38:54 +01:00
|
|
|
}
|
2012-09-11 00:13:28 +02:00
|
|
|
if (!options->FallbackDir)
|
|
|
|
add_default_fallback_dir_servers();
|
2007-12-12 05:38:54 +01:00
|
|
|
|
2012-09-10 21:54:16 +02:00
|
|
|
for (cl = options->DirAuthorities; cl; cl = cl->next)
|
2012-09-10 22:33:19 +02:00
|
|
|
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
|
2007-12-12 05:38:54 +01:00
|
|
|
return -1;
|
|
|
|
for (cl = options->AlternateBridgeAuthority; cl; cl = cl->next)
|
2012-09-10 22:33:19 +02:00
|
|
|
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
|
2007-12-12 05:38:54 +01:00
|
|
|
return -1;
|
|
|
|
for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
|
2012-09-10 22:33:19 +02:00
|
|
|
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
|
2007-12-12 05:38:54 +01:00
|
|
|
return -1;
|
2012-09-11 00:13:28 +02:00
|
|
|
for (cl = options->FallbackDir; cl; cl = cl->next)
|
|
|
|
if (parse_dir_fallback_line(cl->value, 0)<0)
|
|
|
|
return -1;
|
2007-12-12 05:38:54 +01:00
|
|
|
return 0;
|
2005-11-18 03:47:09 +01:00
|
|
|
}
|
|
|
|
|
2005-09-14 04:36:29 +02:00
|
|
|
/** Fetch the active option list, and take actions based on it. All of the
|
|
|
|
* things we do should survive being done repeatedly. If present,
|
|
|
|
* <b>old_options</b> contains the previous value of the options.
|
|
|
|
*
|
|
|
|
* Return 0 if all goes well, return -1 if things went badly.
|
|
|
|
*/
|
|
|
|
static int
|
2011-06-14 19:01:38 +02:00
|
|
|
options_act_reversible(const or_options_t *old_options, char **msg)
|
2005-09-14 04:36:29 +02:00
|
|
|
{
|
2012-01-18 21:53:30 +01:00
|
|
|
smartlist_t *new_listeners = smartlist_new();
|
|
|
|
smartlist_t *replaced_listeners = smartlist_new();
|
2005-09-14 04:36:29 +02:00
|
|
|
static int libevent_initialized = 0;
|
2011-06-14 19:01:38 +02:00
|
|
|
or_options_t *options = get_options_mutable();
|
2005-09-14 04:36:29 +02:00
|
|
|
int running_tor = options->command == CMD_RUN_TOR;
|
|
|
|
int set_conn_limit = 0;
|
|
|
|
int r = -1;
|
2014-09-11 05:30:37 +02:00
|
|
|
int logs_marked = 0, logs_initialized = 0;
|
2013-06-13 18:29:14 +02:00
|
|
|
int old_min_log_level = get_min_log_level();
|
2005-09-14 04:36:29 +02:00
|
|
|
|
2007-06-04 01:00:26 +02:00
|
|
|
/* Daemonize _first_, since we only want to open most of this stuff in
|
2007-08-27 17:33:58 +02:00
|
|
|
* the subprocess. Libevent bases can't be reliably inherited across
|
|
|
|
* processes. */
|
2005-09-14 04:36:29 +02:00
|
|
|
if (running_tor && options->RunAsDaemon) {
|
|
|
|
/* No need to roll back, since you can't change the value. */
|
|
|
|
start_daemon();
|
|
|
|
}
|
|
|
|
|
2015-01-09 22:17:50 +01:00
|
|
|
#ifdef HAVE_SYSTEMD
|
|
|
|
/* Our PID may have changed, inform supervisor */
|
|
|
|
sd_notifyf(0, "MAINPID=%ld\n", (long int)getpid());
|
|
|
|
#endif
|
|
|
|
|
2007-06-05 22:54:49 +02:00
|
|
|
#ifndef HAVE_SYS_UN_H
|
2011-04-23 02:57:53 +02:00
|
|
|
if (options->ControlSocket || options->ControlSocketsGroupWritable) {
|
|
|
|
*msg = tor_strdup("Unix domain sockets (ControlSocket) not supported "
|
|
|
|
"on this OS/with this build.");
|
|
|
|
goto rollback;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
if (options->ControlSocketsGroupWritable && !options->ControlSocket) {
|
|
|
|
*msg = tor_strdup("Setting ControlSocketGroupWritable without setting"
|
|
|
|
"a ControlSocket makes no sense.");
|
2007-06-05 22:54:49 +02:00
|
|
|
goto rollback;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2014-08-11 21:27:04 +02:00
|
|
|
#ifndef HAVE_SYS_UN_H
|
|
|
|
if (options->SocksSocket || options->SocksSocketsGroupWritable) {
|
|
|
|
*msg = tor_strdup("Unix domain sockets (SocksSocket) not supported "
|
|
|
|
"on this OS/with this build.");
|
|
|
|
goto rollback;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
if (options->SocksSocketsGroupWritable && !options->SocksSocket) {
|
|
|
|
*msg = tor_strdup("Setting SocksSocketGroupWritable without setting"
|
|
|
|
"a SocksSocket makes no sense.");
|
|
|
|
goto rollback;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2007-06-04 01:08:07 +02:00
|
|
|
if (running_tor) {
|
2011-11-08 22:10:38 +01:00
|
|
|
int n_ports=0;
|
2007-06-04 01:08:07 +02:00
|
|
|
/* We need to set the connection limit before we can open the listeners. */
|
2014-04-16 22:05:10 +02:00
|
|
|
if (! sandbox_is_active()) {
|
|
|
|
if (set_max_file_descriptors((unsigned)options->ConnLimit,
|
|
|
|
&options->ConnLimit_) < 0) {
|
|
|
|
*msg = tor_strdup("Problem with ConnLimit value. "
|
|
|
|
"See logs for details.");
|
|
|
|
goto rollback;
|
|
|
|
}
|
|
|
|
set_conn_limit = 1;
|
|
|
|
} else {
|
|
|
|
tor_assert(old_options);
|
|
|
|
options->ConnLimit_ = old_options->ConnLimit_;
|
2007-06-04 01:08:07 +02:00
|
|
|
}
|
2007-06-04 01:00:26 +02:00
|
|
|
|
2007-06-04 01:08:07 +02:00
|
|
|
/* Set up libevent. (We need to do this before we can register the
|
|
|
|
* listeners as listeners.) */
|
|
|
|
if (running_tor && !libevent_initialized) {
|
2010-09-28 20:01:45 +02:00
|
|
|
init_libevent(options);
|
2007-06-04 01:08:07 +02:00
|
|
|
libevent_initialized = 1;
|
2013-10-14 19:33:36 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialize the scheduler - this has to come after
|
|
|
|
* options_init_from_torrc() sets up libevent - why yes, that seems
|
|
|
|
* completely sensible to hide the libevent setup in the option parsing
|
|
|
|
* code! It also needs to happen before init_keys(), so it needs to
|
|
|
|
* happen here too. How yucky. */
|
|
|
|
scheduler_init();
|
2007-06-04 01:08:07 +02:00
|
|
|
}
|
2007-06-04 01:00:26 +02:00
|
|
|
|
2011-11-08 22:10:38 +01:00
|
|
|
/* Adjust the port configuration so we can launch listeners. */
|
|
|
|
if (parse_ports(options, 0, msg, &n_ports)) {
|
2011-10-06 18:54:34 +02:00
|
|
|
if (!*msg)
|
2011-11-08 22:10:38 +01:00
|
|
|
*msg = tor_strdup("Unexpected problem parsing port config");
|
2011-10-06 18:54:34 +02:00
|
|
|
goto rollback;
|
|
|
|
}
|
2011-07-20 19:35:02 +02:00
|
|
|
|
2011-10-11 02:40:06 +02:00
|
|
|
/* Set the hibernation state appropriately.*/
|
|
|
|
consider_hibernation(time(NULL));
|
|
|
|
|
2007-06-04 01:08:07 +02:00
|
|
|
/* Launch the listeners. (We do this before we setuid, so we can bind to
|
2011-11-28 21:44:10 +01:00
|
|
|
* ports under 1024.) We don't want to rebind if we're hibernating. If
|
|
|
|
* networking is disabled, this will close all but the control listeners,
|
|
|
|
* but disable those. */
|
2010-08-01 04:35:20 +02:00
|
|
|
if (!we_are_hibernating()) {
|
2012-04-19 05:32:02 +02:00
|
|
|
if (retry_all_listeners(replaced_listeners, new_listeners,
|
|
|
|
options->DisableNetwork) < 0) {
|
2010-08-01 04:35:20 +02:00
|
|
|
*msg = tor_strdup("Failed to bind one of the listener ports.");
|
|
|
|
goto rollback;
|
|
|
|
}
|
2007-06-04 01:08:07 +02:00
|
|
|
}
|
2011-11-28 21:44:10 +01:00
|
|
|
if (options->DisableNetwork) {
|
|
|
|
/* Aggressively close non-controller stuff, NOW */
|
2011-11-28 22:07:13 +01:00
|
|
|
log_notice(LD_NET, "DisableNetwork is set. Tor will not make or accept "
|
|
|
|
"non-control network connections. Shutting down all existing "
|
|
|
|
"connections.");
|
2011-11-28 21:44:10 +01:00
|
|
|
connection_mark_all_noncontrol_connections();
|
2014-11-20 17:51:36 +01:00
|
|
|
/* We can't complete circuits until the network is re-enabled. */
|
2014-11-20 18:03:46 +01:00
|
|
|
note_that_we_maybe_cant_complete_circuits();
|
2011-11-28 21:44:10 +01:00
|
|
|
}
|
2007-06-04 01:00:26 +02:00
|
|
|
}
|
|
|
|
|
2008-08-06 18:32:17 +02:00
|
|
|
#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
|
|
|
|
/* Open /dev/pf before dropping privileges. */
|
2014-04-03 22:41:54 +02:00
|
|
|
if (options->TransPort_set &&
|
|
|
|
options->TransProxyType_parsed == TPT_DEFAULT) {
|
2008-08-06 18:32:17 +02:00
|
|
|
if (get_pf_socket() < 0) {
|
|
|
|
*msg = tor_strdup("Unable to open /dev/pf for transparent proxy.");
|
|
|
|
goto rollback;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2009-10-22 06:21:57 +02:00
|
|
|
/* Attempt to lock all current and future memory with mlockall() only once */
|
|
|
|
if (options->DisableAllSwap) {
|
|
|
|
if (tor_mlockall() == -1) {
|
|
|
|
*msg = tor_strdup("DisableAllSwap failure. Do you have proper "
|
|
|
|
"permissions?");
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-09-14 04:36:29 +02:00
|
|
|
/* Setuid/setgid as appropriate */
|
2008-11-07 03:06:12 +01:00
|
|
|
if (options->User) {
|
|
|
|
if (switch_id(options->User) != 0) {
|
2005-09-14 04:36:29 +02:00
|
|
|
/* No need to roll back, since you can't change the value. */
|
2008-11-07 03:06:12 +01:00
|
|
|
*msg = tor_strdup("Problem with User value. See logs for details.");
|
2005-09-14 04:36:29 +02:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Ensure data directory is private; create if possible. */
|
2007-12-20 07:15:09 +01:00
|
|
|
if (check_private_dir(options->DataDirectory,
|
2011-06-14 18:18:32 +02:00
|
|
|
running_tor ? CPD_CREATE : CPD_CHECK,
|
|
|
|
options->User)<0) {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg,
|
2006-03-26 08:51:26 +02:00
|
|
|
"Couldn't access/create private data directory \"%s\"",
|
|
|
|
options->DataDirectory);
|
2005-09-14 04:36:29 +02:00
|
|
|
goto done;
|
2006-03-26 08:51:26 +02:00
|
|
|
/* No need to roll back, since you can't change the value. */
|
2005-09-14 04:36:29 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Bail out at this point if we're not going to be a client or server:
|
2006-03-26 08:51:26 +02:00
|
|
|
* we don't run Tor itself. */
|
2007-06-04 01:08:07 +02:00
|
|
|
if (!running_tor)
|
2005-09-14 04:36:29 +02:00
|
|
|
goto commit;
|
|
|
|
|
2014-05-20 21:21:27 +02:00
|
|
|
mark_logs_temp(); /* Close current logs once new logs are open. */
|
|
|
|
logs_marked = 1;
|
2014-03-23 17:24:26 +01:00
|
|
|
/* Configure the tor_log(s) */
|
|
|
|
if (options_init_logs(old_options, options, 0)<0) {
|
2014-05-20 21:21:27 +02:00
|
|
|
*msg = tor_strdup("Failed to init Log options. See logs for details.");
|
|
|
|
goto rollback;
|
2006-03-26 08:51:26 +02:00
|
|
|
}
|
2014-09-11 05:30:37 +02:00
|
|
|
logs_initialized = 1;
|
2006-01-11 20:40:14 +01:00
|
|
|
|
2005-09-14 04:36:29 +02:00
|
|
|
commit:
|
|
|
|
r = 0;
|
2006-01-11 20:40:14 +01:00
|
|
|
if (logs_marked) {
|
2008-03-05 23:31:39 +01:00
|
|
|
log_severity_list_t *severity =
|
|
|
|
tor_malloc_zero(sizeof(log_severity_list_t));
|
2006-01-11 20:40:14 +01:00
|
|
|
close_temp_logs();
|
2008-03-05 23:31:39 +01:00
|
|
|
add_callback_log(severity, control_event_logmsg);
|
2006-01-11 20:40:14 +01:00
|
|
|
control_adjust_event_log_severity();
|
2008-03-08 02:11:54 +01:00
|
|
|
tor_free(severity);
|
2013-07-29 19:30:49 +02:00
|
|
|
tor_log_update_sigsafe_err_fds();
|
2006-01-11 20:40:14 +01:00
|
|
|
}
|
2014-09-11 05:30:37 +02:00
|
|
|
if (logs_initialized) {
|
|
|
|
flush_log_messages_from_startup();
|
|
|
|
}
|
2014-02-12 21:32:50 +01:00
|
|
|
|
|
|
|
{
|
|
|
|
const char *badness = NULL;
|
|
|
|
int bad_safelog = 0, bad_severity = 0, new_badness = 0;
|
|
|
|
if (options->SafeLogging_ != SAFELOG_SCRUB_ALL) {
|
|
|
|
bad_safelog = 1;
|
|
|
|
if (!old_options || old_options->SafeLogging_ != options->SafeLogging_)
|
|
|
|
new_badness = 1;
|
|
|
|
}
|
|
|
|
if (get_min_log_level() >= LOG_INFO) {
|
|
|
|
bad_severity = 1;
|
|
|
|
if (get_min_log_level() != old_min_log_level)
|
|
|
|
new_badness = 1;
|
|
|
|
}
|
|
|
|
if (bad_safelog && bad_severity)
|
|
|
|
badness = "you disabled SafeLogging, and "
|
|
|
|
"you're logging more than \"notice\"";
|
|
|
|
else if (bad_safelog)
|
|
|
|
badness = "you disabled SafeLogging";
|
|
|
|
else
|
|
|
|
badness = "you're logging more than \"notice\"";
|
|
|
|
if (new_badness)
|
|
|
|
log_warn(LD_GENERAL, "Your log may contain sensitive information - %s. "
|
|
|
|
"Don't log unless it serves an important reason. "
|
|
|
|
"Overwrite the log afterwards.", badness);
|
2013-06-13 18:29:14 +02:00
|
|
|
}
|
|
|
|
|
2005-09-14 04:36:29 +02:00
|
|
|
SMARTLIST_FOREACH(replaced_listeners, connection_t *, conn,
|
|
|
|
{
|
2014-04-16 05:35:31 +02:00
|
|
|
int marked = conn->marked_for_close;
|
2006-02-13 10:02:35 +01:00
|
|
|
log_notice(LD_NET, "Closing old %s on %s:%d",
|
|
|
|
conn_type_to_string(conn->type), conn->address, conn->port);
|
2005-09-14 04:36:29 +02:00
|
|
|
connection_close_immediate(conn);
|
2014-04-16 05:35:31 +02:00
|
|
|
if (!marked) {
|
|
|
|
connection_mark_for_close(conn);
|
|
|
|
}
|
2005-09-14 04:36:29 +02:00
|
|
|
});
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
rollback:
|
|
|
|
r = -1;
|
2006-03-26 08:51:26 +02:00
|
|
|
tor_assert(*msg);
|
2005-09-14 04:36:29 +02:00
|
|
|
|
2006-01-11 20:40:14 +01:00
|
|
|
if (logs_marked) {
|
|
|
|
rollback_log_changes();
|
|
|
|
control_adjust_event_log_severity();
|
|
|
|
}
|
|
|
|
|
2005-09-14 04:36:29 +02:00
|
|
|
if (set_conn_limit && old_options)
|
2008-02-20 23:28:26 +01:00
|
|
|
set_max_file_descriptors((unsigned)old_options->ConnLimit,
|
2012-10-12 18:22:13 +02:00
|
|
|
&options->ConnLimit_);
|
2005-09-14 04:36:29 +02:00
|
|
|
|
|
|
|
SMARTLIST_FOREACH(new_listeners, connection_t *, conn,
|
|
|
|
{
|
2012-06-16 08:29:03 +02:00
|
|
|
log_notice(LD_NET, "Closing partially-constructed %s on %s:%d",
|
2006-02-13 10:02:35 +01:00
|
|
|
conn_type_to_string(conn->type), conn->address, conn->port);
|
2005-09-14 04:36:29 +02:00
|
|
|
connection_close_immediate(conn);
|
|
|
|
connection_mark_for_close(conn);
|
|
|
|
});
|
|
|
|
|
|
|
|
done:
|
|
|
|
smartlist_free(new_listeners);
|
|
|
|
smartlist_free(replaced_listeners);
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2008-12-17 23:58:20 +01:00
|
|
|
/** If we need to have a GEOIP ip-to-country map to run with our configured
|
|
|
|
* options, return 1 and set *<b>reason_out</b> to a description of why. */
|
2008-09-25 23:06:32 +02:00
|
|
|
int
|
2011-06-14 19:01:38 +02:00
|
|
|
options_need_geoip_info(const or_options_t *options, const char **reason_out)
|
2008-09-25 23:06:32 +02:00
|
|
|
{
|
|
|
|
int bridge_usage =
|
|
|
|
options->BridgeRelay && options->BridgeRecordUsageByCountry;
|
|
|
|
int routerset_usage =
|
|
|
|
routerset_needs_geoip(options->EntryNodes) ||
|
|
|
|
routerset_needs_geoip(options->ExitNodes) ||
|
|
|
|
routerset_needs_geoip(options->ExcludeExitNodes) ||
|
|
|
|
routerset_needs_geoip(options->ExcludeNodes);
|
|
|
|
|
|
|
|
if (routerset_usage && reason_out) {
|
|
|
|
*reason_out = "We've been configured to use (or avoid) nodes in certain "
|
2009-05-22 07:19:55 +02:00
|
|
|
"countries, and we need GEOIP information to figure out which ones they "
|
2008-09-25 23:06:32 +02:00
|
|
|
"are.";
|
|
|
|
} else if (bridge_usage && reason_out) {
|
|
|
|
*reason_out = "We've been configured to see which countries can access "
|
|
|
|
"us as a bridge, and we need GEOIP information to tell which countries "
|
|
|
|
"clients are in.";
|
|
|
|
}
|
|
|
|
return bridge_usage || routerset_usage;
|
|
|
|
}
|
|
|
|
|
2009-07-07 18:04:00 +02:00
|
|
|
/** Return the bandwidthrate that we are going to report to the authorities
|
|
|
|
* based on the config options. */
|
2009-07-29 00:34:35 +02:00
|
|
|
uint32_t
|
2011-06-14 19:01:38 +02:00
|
|
|
get_effective_bwrate(const or_options_t *options)
|
2009-07-07 18:04:00 +02:00
|
|
|
{
|
2009-07-30 15:15:07 +02:00
|
|
|
uint64_t bw = options->BandwidthRate;
|
2009-07-07 18:04:00 +02:00
|
|
|
if (bw > options->MaxAdvertisedBandwidth)
|
2009-07-30 15:15:07 +02:00
|
|
|
bw = options->MaxAdvertisedBandwidth;
|
2009-07-07 18:04:00 +02:00
|
|
|
if (options->RelayBandwidthRate > 0 && bw > options->RelayBandwidthRate)
|
2009-07-30 15:15:07 +02:00
|
|
|
bw = options->RelayBandwidthRate;
|
2009-07-30 16:14:12 +02:00
|
|
|
/* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
|
|
|
|
return (uint32_t)bw;
|
2009-07-07 18:04:00 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/** Return the bandwidthburst that we are going to report to the authorities
|
|
|
|
* based on the config options. */
|
2009-07-29 00:34:35 +02:00
|
|
|
uint32_t
|
2011-06-14 19:01:38 +02:00
|
|
|
get_effective_bwburst(const or_options_t *options)
|
2009-07-07 18:04:00 +02:00
|
|
|
{
|
2009-07-30 15:15:07 +02:00
|
|
|
uint64_t bw = options->BandwidthBurst;
|
2009-07-07 18:04:00 +02:00
|
|
|
if (options->RelayBandwidthBurst > 0 && bw > options->RelayBandwidthBurst)
|
2009-07-30 15:15:07 +02:00
|
|
|
bw = options->RelayBandwidthBurst;
|
2009-07-30 16:14:12 +02:00
|
|
|
/* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
|
|
|
|
return (uint32_t)bw;
|
2009-07-07 18:04:00 +02:00
|
|
|
}
|
|
|
|
|
2011-11-24 06:40:02 +01:00
|
|
|
/** Return True if any changes from <b>old_options</b> to
|
|
|
|
* <b>new_options</b> needs us to refresh our TLS context. */
|
|
|
|
static int
|
|
|
|
options_transition_requires_fresh_tls_context(const or_options_t *old_options,
|
|
|
|
const or_options_t *new_options)
|
|
|
|
{
|
|
|
|
tor_assert(new_options);
|
|
|
|
|
|
|
|
if (!old_options)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if ((old_options->DynamicDHGroups != new_options->DynamicDHGroups)) {
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2012-12-26 02:04:54 +01:00
|
|
|
if (!opt_streq(old_options->TLSECGroup, new_options->TLSECGroup))
|
|
|
|
return 1;
|
|
|
|
|
2011-11-24 06:40:02 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-08-22 02:18:45 +02:00
|
|
|
/** Fetch the active option list, and take actions based on it. All of the
|
|
|
|
* things we do should survive being done repeatedly. If present,
|
|
|
|
* <b>old_options</b> contains the previous value of the options.
|
2004-12-31 22:47:54 +01:00
|
|
|
*
|
2005-08-22 02:18:45 +02:00
|
|
|
* Return 0 if all goes well, return -1 if it's time to die.
|
2004-12-31 22:47:54 +01:00
|
|
|
*
|
2006-03-26 08:51:26 +02:00
|
|
|
* Note: We haven't moved all the "act on new configuration" logic
|
2004-12-31 22:47:54 +01:00
|
|
|
* here yet. Some is still in do_hup() and other places.
|
2004-11-09 05:28:18 +01:00
|
|
|
*/
|
2005-08-22 02:18:45 +02:00
|
|
|
static int
|
2011-06-14 19:01:38 +02:00
|
|
|
options_act(const or_options_t *old_options)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2005-07-22 23:12:10 +02:00
|
|
|
config_line_t *cl;
|
2011-06-14 19:01:38 +02:00
|
|
|
or_options_t *options = get_options_mutable();
|
2005-08-27 01:22:27 +02:00
|
|
|
int running_tor = options->command == CMD_RUN_TOR;
|
2012-09-28 18:03:37 +02:00
|
|
|
char *msg=NULL;
|
2011-05-23 22:38:35 +02:00
|
|
|
const int transition_affects_workers =
|
|
|
|
old_options && options_transition_affects_workers(old_options, options);
|
2012-10-02 05:27:51 +02:00
|
|
|
int old_ewma_enabled;
|
2004-11-09 00:12:40 +01:00
|
|
|
|
2011-12-08 09:19:09 +01:00
|
|
|
/* disable ptrace and later, other basic debugging techniques */
|
|
|
|
{
|
|
|
|
/* Remember if we already disabled debugger attachment */
|
|
|
|
static int disabled_debugger_attach = 0;
|
|
|
|
/* Remember if we already warned about being configured not to disable
|
|
|
|
* debugger attachment */
|
|
|
|
static int warned_debugger_attach = 0;
|
2012-03-22 12:50:44 +01:00
|
|
|
/* Don't disable debugger attachment when we're running the unit tests. */
|
|
|
|
if (options->DisableDebuggerAttachment && !disabled_debugger_attach &&
|
|
|
|
running_tor) {
|
2011-12-08 09:19:09 +01:00
|
|
|
int ok = tor_disable_debugger_attach();
|
|
|
|
if (warned_debugger_attach && ok == 1) {
|
|
|
|
log_notice(LD_CONFIG, "Disabled attaching debuggers for unprivileged "
|
|
|
|
"users.");
|
|
|
|
}
|
|
|
|
disabled_debugger_attach = (ok == 1);
|
|
|
|
} else if (!options->DisableDebuggerAttachment &&
|
|
|
|
!warned_debugger_attach) {
|
|
|
|
log_notice(LD_CONFIG, "Not disabling debugger attaching for "
|
|
|
|
"unprivileged users.");
|
|
|
|
warned_debugger_attach = 1;
|
|
|
|
}
|
2011-05-30 17:06:51 +02:00
|
|
|
}
|
2011-11-25 05:45:47 +01:00
|
|
|
|
2013-09-02 20:25:08 +02:00
|
|
|
/* Write control ports to disk as appropriate */
|
|
|
|
control_ports_write_to_file();
|
|
|
|
|
2008-09-01 22:06:26 +02:00
|
|
|
if (running_tor && !have_lockfile()) {
|
|
|
|
if (try_locking(options, 1) < 0)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2012-09-11 00:13:28 +02:00
|
|
|
if (consider_adding_dir_servers(options, old_options) < 0)
|
2007-12-12 05:38:54 +01:00
|
|
|
return -1;
|
2004-11-09 00:12:40 +01:00
|
|
|
|
2011-11-24 01:46:38 +01:00
|
|
|
#ifdef NON_ANONYMOUS_MODE_ENABLED
|
2013-02-01 21:43:37 +01:00
|
|
|
log_warn(LD_GENERAL, "This copy of Tor was compiled to run in a "
|
2011-11-24 01:46:38 +01:00
|
|
|
"non-anonymous mode. It will provide NO ANONYMITY.");
|
|
|
|
#endif
|
|
|
|
|
2011-11-24 01:58:15 +01:00
|
|
|
#ifdef ENABLE_TOR2WEB_MODE
|
|
|
|
if (!options->Tor2webMode) {
|
|
|
|
log_err(LD_CONFIG, "This copy of Tor was compiled to run in "
|
|
|
|
"'tor2web mode'. It can only be run with the Tor2webMode torrc "
|
|
|
|
"option enabled.");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
if (options->Tor2webMode) {
|
|
|
|
log_err(LD_CONFIG, "This copy of Tor was not compiled to run in "
|
|
|
|
"'tor2web mode'. It cannot be run with the Tor2webMode torrc "
|
2011-11-24 10:28:38 +01:00
|
|
|
"option enabled. To enable Tor2webMode recompile with the "
|
|
|
|
"--enable-tor2webmode option.");
|
2011-11-24 01:58:15 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2014-03-08 13:22:47 +01:00
|
|
|
/* If we are a bridge with a pluggable transport proxy but no
|
|
|
|
Extended ORPort, inform the user that she is missing out. */
|
|
|
|
if (server_mode(options) && options->ServerTransportPlugin &&
|
|
|
|
!options->ExtORPort_lines) {
|
|
|
|
log_notice(LD_CONFIG, "We use pluggable transports but the Extended "
|
|
|
|
"ORPort is disabled. Tor and your pluggable transports proxy "
|
|
|
|
"communicate with each other via the Extended ORPort so it "
|
|
|
|
"is suggested you enable it: it will also allow your Bridge "
|
|
|
|
"to collect statistics about its clients that use pluggable "
|
|
|
|
"transports. Please enable it using the ExtORPort torrc option "
|
|
|
|
"(e.g. set 'ExtORPort auto').");
|
|
|
|
}
|
|
|
|
|
2007-05-08 13:28:05 +02:00
|
|
|
if (options->Bridges) {
|
2011-05-15 18:46:26 +02:00
|
|
|
mark_bridge_list();
|
2007-05-08 13:28:05 +02:00
|
|
|
for (cl = options->Bridges; cl; cl = cl->next) {
|
2013-02-11 14:43:20 +01:00
|
|
|
bridge_line_t *bridge_line = parse_bridge_line(cl->value);
|
|
|
|
if (!bridge_line) {
|
2007-05-13 11:25:06 +02:00
|
|
|
log_warn(LD_BUG,
|
|
|
|
"Previously validated Bridge line could not be added!");
|
2007-05-08 13:28:05 +02:00
|
|
|
return -1;
|
|
|
|
}
|
2013-02-11 14:43:20 +01:00
|
|
|
bridge_add_from_config(bridge_line);
|
2007-05-08 13:28:05 +02:00
|
|
|
}
|
2011-05-15 18:46:26 +02:00
|
|
|
sweep_bridge_list();
|
2007-05-08 13:28:05 +02:00
|
|
|
}
|
|
|
|
|
2005-08-27 01:22:27 +02:00
|
|
|
if (running_tor && rend_config_services(options, 0)<0) {
|
2007-05-13 11:25:06 +02:00
|
|
|
log_warn(LD_BUG,
|
2007-03-04 21:11:46 +01:00
|
|
|
"Previously validated hidden services line could not be added!");
|
2004-11-09 05:28:18 +01:00
|
|
|
return -1;
|
2004-11-09 00:12:40 +01:00
|
|
|
}
|
2004-11-09 05:28:18 +01:00
|
|
|
|
2008-08-12 18:12:26 +02:00
|
|
|
if (running_tor && rend_parse_service_authorization(options, 0) < 0) {
|
|
|
|
log_warn(LD_BUG, "Previously validated client authorization for "
|
|
|
|
"hidden services could not be added!");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2005-07-28 21:01:48 +02:00
|
|
|
/* Load state */
|
2012-09-12 23:58:33 +02:00
|
|
|
if (! or_state_loaded() && running_tor) {
|
2005-07-28 21:01:48 +02:00
|
|
|
if (or_state_load())
|
|
|
|
return -1;
|
2007-09-13 19:01:08 +02:00
|
|
|
rep_hist_load_mtbf_data(time(NULL));
|
2007-08-20 17:59:31 +02:00
|
|
|
}
|
|
|
|
|
2011-09-11 20:28:47 +02:00
|
|
|
mark_transport_list();
|
|
|
|
pt_prepare_proxy_list_for_config_read();
|
2014-09-24 11:39:15 +02:00
|
|
|
if (!options->DisableNetwork) {
|
|
|
|
if (options->ClientTransportPlugin) {
|
|
|
|
for (cl = options->ClientTransportPlugin; cl; cl = cl->next) {
|
2014-11-04 15:49:35 +01:00
|
|
|
if (parse_transport_line(options, cl->value, 0, 0) < 0) {
|
2014-09-24 11:39:15 +02:00
|
|
|
log_warn(LD_BUG,
|
|
|
|
"Previously validated ClientTransportPlugin line "
|
|
|
|
"could not be added!");
|
|
|
|
return -1;
|
|
|
|
}
|
2011-08-07 18:05:40 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-09-24 11:39:15 +02:00
|
|
|
if (options->ServerTransportPlugin && server_mode(options)) {
|
|
|
|
for (cl = options->ServerTransportPlugin; cl; cl = cl->next) {
|
2014-11-04 15:49:35 +01:00
|
|
|
if (parse_transport_line(options, cl->value, 0, 1) < 0) {
|
2014-09-24 11:39:15 +02:00
|
|
|
log_warn(LD_BUG,
|
|
|
|
"Previously validated ServerTransportPlugin line "
|
|
|
|
"could not be added!");
|
|
|
|
return -1;
|
|
|
|
}
|
2011-08-07 18:05:40 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2011-09-11 20:28:47 +02:00
|
|
|
sweep_transport_list();
|
|
|
|
sweep_proxy_list();
|
2011-08-07 18:05:40 +02:00
|
|
|
|
2014-04-08 17:59:46 +02:00
|
|
|
/* Start the PT proxy configuration. By doing this configuration
|
|
|
|
here, we also figure out which proxies need to be restarted and
|
|
|
|
which not. */
|
|
|
|
if (pt_proxies_configuration_pending() && !net_is_disabled())
|
|
|
|
pt_configure_remaining_proxies();
|
|
|
|
|
2007-01-11 00:48:24 +01:00
|
|
|
/* Bail out at this point if we're not going to be a client or server:
|
|
|
|
* we want to not fork, and to log stuff to stderr. */
|
2007-12-09 04:38:57 +01:00
|
|
|
if (!running_tor)
|
2007-01-11 00:48:24 +01:00
|
|
|
return 0;
|
|
|
|
|
2004-11-09 05:28:18 +01:00
|
|
|
/* Finish backgrounding the process */
|
2009-05-24 23:01:30 +02:00
|
|
|
if (options->RunAsDaemon) {
|
2004-11-09 19:22:17 +01:00
|
|
|
/* We may be calling this for the n'th time (on SIGHUP), but it's safe. */
|
2005-04-06 21:07:38 +02:00
|
|
|
finish_daemon(options->DataDirectory);
|
2004-11-09 05:28:18 +01:00
|
|
|
}
|
|
|
|
|
2011-11-23 23:39:46 +01:00
|
|
|
/* If needed, generate a new TLS DH prime according to the current torrc. */
|
2012-04-08 01:07:53 +02:00
|
|
|
if (server_mode(options) && options->DynamicDHGroups) {
|
|
|
|
char *keydir = get_datadir_fname("keys");
|
|
|
|
if (check_private_dir(keydir, CPD_CREATE, options->User)) {
|
|
|
|
tor_free(keydir);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
tor_free(keydir);
|
|
|
|
|
|
|
|
if (!old_options || !old_options->DynamicDHGroups) {
|
|
|
|
char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
|
|
|
|
crypto_set_tls_dh_prime(fname);
|
|
|
|
tor_free(fname);
|
2011-11-23 23:39:46 +01:00
|
|
|
}
|
2011-11-25 17:44:43 +01:00
|
|
|
} else { /* clients don't need a dynamic DH prime. */
|
|
|
|
crypto_set_tls_dh_prime(NULL);
|
2011-11-23 23:39:46 +01:00
|
|
|
}
|
|
|
|
|
2011-05-31 05:50:37 +02:00
|
|
|
/* We want to reinit keys as needed before we do much of anything else:
|
|
|
|
keys are important, and other things can depend on them. */
|
|
|
|
if (transition_affects_workers ||
|
|
|
|
(options->V3AuthoritativeDir && (!old_options ||
|
|
|
|
!old_options->V3AuthoritativeDir))) {
|
|
|
|
if (init_keys() < 0) {
|
|
|
|
log_warn(LD_BUG,"Error initializing keys; exiting");
|
|
|
|
return -1;
|
|
|
|
}
|
2011-11-24 06:40:02 +01:00
|
|
|
} else if (old_options &&
|
|
|
|
options_transition_requires_fresh_tls_context(old_options,
|
|
|
|
options)) {
|
|
|
|
if (router_initialize_tls_context() < 0) {
|
|
|
|
log_warn(LD_BUG,"Error initializing TLS context.");
|
|
|
|
return -1;
|
|
|
|
}
|
2011-05-31 05:50:37 +02:00
|
|
|
}
|
|
|
|
|
2009-05-27 23:55:51 +02:00
|
|
|
/* Write our PID to the PID file. If we do not have write permissions we
|
2004-11-09 05:28:18 +01:00
|
|
|
* will log a warning */
|
2014-04-16 22:26:20 +02:00
|
|
|
if (options->PidFile && !sandbox_is_active()) {
|
2004-11-09 05:28:18 +01:00
|
|
|
write_pidfile(options->PidFile);
|
2014-04-16 22:26:20 +02:00
|
|
|
}
|
2004-11-09 05:28:18 +01:00
|
|
|
|
2005-02-22 01:53:08 +01:00
|
|
|
/* Register addressmap directives */
|
|
|
|
config_register_addressmaps(options);
|
2012-11-23 23:31:53 +01:00
|
|
|
parse_virtual_addr_network(options->VirtualAddrNetworkIPv4, AF_INET,0,NULL);
|
|
|
|
parse_virtual_addr_network(options->VirtualAddrNetworkIPv6, AF_INET6,0,NULL);
|
2005-02-22 01:53:08 +01:00
|
|
|
|
2004-11-12 20:39:13 +01:00
|
|
|
/* Update address policies. */
|
2008-02-05 22:39:32 +01:00
|
|
|
if (policies_parse_from_options(options) < 0) {
|
|
|
|
/* This should be impossible, but let's be sure. */
|
|
|
|
log_warn(LD_BUG,"Error parsing already-validated policy options.");
|
|
|
|
return -1;
|
|
|
|
}
|
2004-11-12 20:39:13 +01:00
|
|
|
|
2012-12-05 18:16:04 +01:00
|
|
|
if (init_control_cookie_authentication(options->CookieAuthentication) < 0) {
|
2012-12-05 17:19:44 +01:00
|
|
|
log_warn(LD_CONFIG,"Error creating control cookie authentication file.");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If we have an ExtORPort, initialize its auth cookie. */
|
2012-12-05 18:19:24 +01:00
|
|
|
if (init_ext_or_cookie_authentication(!!options->ExtORPort_lines) < 0) {
|
2012-12-05 17:19:44 +01:00
|
|
|
log_warn(LD_CONFIG,"Error creating Extended ORPort cookie file.");
|
2007-08-15 17:26:14 +02:00
|
|
|
return -1;
|
|
|
|
}
|
2004-11-12 17:39:03 +01:00
|
|
|
|
2011-05-16 19:25:59 +02:00
|
|
|
monitor_owning_controller_process(options->OwningControllerProcess);
|
2011-05-15 17:23:04 +02:00
|
|
|
|
2004-11-09 05:28:18 +01:00
|
|
|
/* reload keys as needed for rendezvous services. */
|
2012-06-18 18:43:20 +02:00
|
|
|
if (rend_service_load_all_keys()<0) {
|
2007-05-13 11:25:06 +02:00
|
|
|
log_warn(LD_GENERAL,"Error loading rendezvous service keys");
|
2004-11-09 05:28:18 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2014-10-07 18:53:57 +02:00
|
|
|
/* Set up scheduler thresholds */
|
2014-11-28 04:51:13 +01:00
|
|
|
scheduler_set_watermarks((uint32_t)options->SchedulerLowWaterMark__,
|
|
|
|
(uint32_t)options->SchedulerHighWaterMark__,
|
|
|
|
(options->SchedulerMaxFlushCells__ > 0) ?
|
|
|
|
options->SchedulerMaxFlushCells__ : 1000);
|
2014-10-07 18:53:57 +02:00
|
|
|
|
2004-11-14 23:21:23 +01:00
|
|
|
/* Set up accounting */
|
2004-11-22 22:56:51 +01:00
|
|
|
if (accounting_parse_options(options, 0)<0) {
|
2007-05-13 11:25:06 +02:00
|
|
|
log_warn(LD_CONFIG,"Error in accounting options");
|
2004-11-22 22:56:51 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2004-11-15 05:01:31 +01:00
|
|
|
if (accounting_is_enabled(options))
|
2004-11-14 23:21:23 +01:00
|
|
|
configure_accounting(time(NULL));
|
|
|
|
|
2010-02-22 19:59:34 +01:00
|
|
|
#ifdef USE_BUFFEREVENTS
|
|
|
|
/* If we're using the bufferevents implementation and our rate limits
|
|
|
|
* changed, we need to tell the rate-limiting system about it. */
|
|
|
|
if (!old_options ||
|
|
|
|
old_options->BandwidthRate != options->BandwidthRate ||
|
|
|
|
old_options->BandwidthBurst != options->BandwidthBurst ||
|
|
|
|
old_options->RelayBandwidthRate != options->RelayBandwidthRate ||
|
|
|
|
old_options->RelayBandwidthBurst != options->RelayBandwidthBurst)
|
|
|
|
connection_bucket_init();
|
|
|
|
#endif
|
|
|
|
|
2012-10-02 05:27:51 +02:00
|
|
|
old_ewma_enabled = cell_ewma_enabled();
|
2009-12-12 06:49:48 +01:00
|
|
|
/* Change the cell EWMA settings */
|
2009-12-15 19:53:53 +01:00
|
|
|
cell_ewma_set_scale_factor(options, networkstatus_get_latest_consensus());
|
2012-10-02 05:27:51 +02:00
|
|
|
/* If we just enabled ewma, set the cmux policy on all active channels */
|
|
|
|
if (cell_ewma_enabled() && !old_ewma_enabled) {
|
|
|
|
channel_set_cmux_policy_everywhere(&ewma_policy);
|
|
|
|
} else if (!cell_ewma_enabled() && old_ewma_enabled) {
|
|
|
|
/* Turn it off everywhere */
|
|
|
|
channel_set_cmux_policy_everywhere(NULL);
|
|
|
|
}
|
|
|
|
|
2012-04-01 04:51:28 +02:00
|
|
|
/* Update the BridgePassword's hashed version as needed. We store this as a
|
|
|
|
* digest so that we can do side-channel-proof comparisons on it.
|
|
|
|
*/
|
|
|
|
if (options->BridgePassword) {
|
|
|
|
char *http_authenticator;
|
|
|
|
http_authenticator = alloc_http_authenticator(options->BridgePassword);
|
|
|
|
if (!http_authenticator) {
|
|
|
|
log_warn(LD_BUG, "Unable to allocate HTTP authenticator. Not setting "
|
|
|
|
"BridgePassword.");
|
|
|
|
return -1;
|
|
|
|
}
|
2012-10-12 18:22:13 +02:00
|
|
|
options->BridgePassword_AuthDigest_ = tor_malloc(DIGEST256_LEN);
|
|
|
|
crypto_digest256(options->BridgePassword_AuthDigest_,
|
2012-04-01 04:51:28 +02:00
|
|
|
http_authenticator, strlen(http_authenticator),
|
|
|
|
DIGEST_SHA256);
|
|
|
|
tor_free(http_authenticator);
|
|
|
|
}
|
|
|
|
|
2012-09-20 17:09:25 +02:00
|
|
|
if (parse_outbound_addresses(options, 0, &msg) < 0) {
|
|
|
|
log_warn(LD_BUG, "Failed parsing oubound bind addresses: %s", msg);
|
|
|
|
tor_free(msg);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2014-07-16 11:14:59 +02:00
|
|
|
config_maybe_load_geoip_files_(options, old_options);
|
|
|
|
|
|
|
|
if (geoip_is_loaded(AF_INET) && options->GeoIPExcludeUnknown) {
|
|
|
|
/* ExcludeUnknown is true or "auto" */
|
|
|
|
const int is_auto = options->GeoIPExcludeUnknown == -1;
|
|
|
|
int changed;
|
|
|
|
|
|
|
|
changed = routerset_add_unknown_ccs(&options->ExcludeNodes, is_auto);
|
|
|
|
changed += routerset_add_unknown_ccs(&options->ExcludeExitNodes, is_auto);
|
|
|
|
|
|
|
|
if (changed)
|
|
|
|
routerset_add_unknown_ccs(&options->ExcludeExitNodesUnion_, is_auto);
|
|
|
|
}
|
|
|
|
|
2005-08-22 02:18:45 +02:00
|
|
|
/* Check for transitions that need action. */
|
|
|
|
if (old_options) {
|
2011-05-13 22:22:58 +02:00
|
|
|
int revise_trackexithosts = 0;
|
2011-05-13 22:59:31 +02:00
|
|
|
int revise_automap_entries = 0;
|
2009-09-20 03:03:49 +02:00
|
|
|
if ((options->UseEntryGuards && !old_options->UseEntryGuards) ||
|
2011-05-18 02:51:47 +02:00
|
|
|
options->UseBridges != old_options->UseBridges ||
|
|
|
|
(options->UseBridges &&
|
|
|
|
!config_lines_eq(options->Bridges, old_options->Bridges)) ||
|
2011-04-04 01:13:36 +02:00
|
|
|
!routerset_equal(old_options->ExcludeNodes,options->ExcludeNodes) ||
|
|
|
|
!routerset_equal(old_options->ExcludeExitNodes,
|
|
|
|
options->ExcludeExitNodes) ||
|
|
|
|
!routerset_equal(old_options->EntryNodes, options->EntryNodes) ||
|
|
|
|
!routerset_equal(old_options->ExitNodes, options->ExitNodes) ||
|
2009-09-20 03:52:57 +02:00
|
|
|
options->StrictNodes != old_options->StrictNodes) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_CIRC,
|
2011-05-18 02:51:47 +02:00
|
|
|
"Changed to using entry guards or bridges, or changed "
|
|
|
|
"preferred or excluded node lists. "
|
|
|
|
"Abandoning previous circuits.");
|
2005-10-06 01:02:40 +02:00
|
|
|
circuit_mark_all_unused_circs();
|
2013-02-20 00:37:03 +01:00
|
|
|
circuit_mark_all_dirty_circs_as_unusable();
|
2011-05-13 22:22:58 +02:00
|
|
|
revise_trackexithosts = 1;
|
2005-10-06 01:02:40 +02:00
|
|
|
}
|
|
|
|
|
2011-05-13 22:22:58 +02:00
|
|
|
if (!smartlist_strings_eq(old_options->TrackHostExits,
|
|
|
|
options->TrackHostExits))
|
|
|
|
revise_trackexithosts = 1;
|
|
|
|
|
|
|
|
if (revise_trackexithosts)
|
2011-04-04 01:43:47 +02:00
|
|
|
addressmap_clear_excluded_trackexithosts(options);
|
2011-05-13 22:22:58 +02:00
|
|
|
|
2011-05-16 02:12:01 +02:00
|
|
|
if (!options->AutomapHostsOnResolve) {
|
|
|
|
if (old_options->AutomapHostsOnResolve)
|
|
|
|
revise_automap_entries = 1;
|
|
|
|
} else {
|
2011-05-13 22:59:31 +02:00
|
|
|
if (!smartlist_strings_eq(old_options->AutomapHostsSuffixes,
|
|
|
|
options->AutomapHostsSuffixes))
|
|
|
|
revise_automap_entries = 1;
|
2012-11-23 23:31:53 +01:00
|
|
|
else if (!opt_streq(old_options->VirtualAddrNetworkIPv4,
|
|
|
|
options->VirtualAddrNetworkIPv4) ||
|
|
|
|
!opt_streq(old_options->VirtualAddrNetworkIPv6,
|
|
|
|
options->VirtualAddrNetworkIPv6))
|
2011-05-13 22:59:31 +02:00
|
|
|
revise_automap_entries = 1;
|
2005-10-06 01:02:40 +02:00
|
|
|
}
|
|
|
|
|
2011-05-13 22:59:31 +02:00
|
|
|
if (revise_automap_entries)
|
|
|
|
addressmap_clear_invalid_automaps(options);
|
|
|
|
|
2010-07-08 14:29:04 +02:00
|
|
|
/* How long should we delay counting bridge stats after becoming a bridge?
|
|
|
|
* We use this so we don't count people who used our bridge thinking it is
|
|
|
|
* a relay. If you change this, don't forget to change the log message
|
2010-08-18 22:12:44 +02:00
|
|
|
* below. It's 4 hours (the time it takes to stop being used by clients)
|
|
|
|
* plus some extra time for clock skew. */
|
|
|
|
#define RELAY_BRIDGE_STATS_DELAY (6 * 60 * 60)
|
2010-07-08 14:29:04 +02:00
|
|
|
|
2009-05-12 21:35:53 +02:00
|
|
|
if (! bool_eq(options->BridgeRelay, old_options->BridgeRelay)) {
|
2010-07-08 14:29:04 +02:00
|
|
|
int was_relay = 0;
|
2010-06-21 18:52:46 +02:00
|
|
|
if (options->BridgeRelay) {
|
2010-07-08 14:29:04 +02:00
|
|
|
time_t int_start = time(NULL);
|
2012-08-09 22:02:57 +02:00
|
|
|
if (config_lines_eq(old_options->ORPort_lines,options->ORPort_lines)) {
|
2010-07-08 14:29:04 +02:00
|
|
|
int_start += RELAY_BRIDGE_STATS_DELAY;
|
|
|
|
was_relay = 1;
|
|
|
|
}
|
|
|
|
geoip_bridge_stats_init(int_start);
|
2010-06-21 18:52:46 +02:00
|
|
|
log_info(LD_CONFIG, "We are acting as a bridge now. Starting new "
|
2010-08-18 22:12:44 +02:00
|
|
|
"GeoIP stats interval%s.", was_relay ? " in 6 "
|
2010-07-08 14:29:04 +02:00
|
|
|
"hours from now" : "");
|
2010-06-21 18:52:46 +02:00
|
|
|
} else {
|
|
|
|
geoip_bridge_stats_term();
|
|
|
|
log_info(LD_GENERAL, "We are no longer acting as a bridge. "
|
|
|
|
"Forgetting GeoIP stats.");
|
|
|
|
}
|
2009-05-12 21:35:53 +02:00
|
|
|
}
|
|
|
|
|
2011-05-23 22:38:35 +02:00
|
|
|
if (transition_affects_workers) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_GENERAL,
|
|
|
|
"Worker-related options changed. Rotating workers.");
|
2011-01-25 15:28:58 +01:00
|
|
|
|
2006-01-17 05:01:32 +01:00
|
|
|
if (server_mode(options) && !server_mode(old_options)) {
|
2006-12-28 22:29:20 +01:00
|
|
|
ip_address_changed(0);
|
2014-11-20 18:03:46 +01:00
|
|
|
if (have_completed_a_circuit() || !any_predicted_circuits(time(NULL)))
|
2006-01-17 05:01:32 +01:00
|
|
|
inform_testing_reachability();
|
|
|
|
}
|
2005-08-22 02:18:45 +02:00
|
|
|
cpuworkers_rotate();
|
2007-02-02 19:58:04 +01:00
|
|
|
if (dns_reset())
|
|
|
|
return -1;
|
2007-03-05 03:40:58 +01:00
|
|
|
} else {
|
2007-02-02 19:58:04 +01:00
|
|
|
if (dns_reset())
|
|
|
|
return -1;
|
2006-08-28 05:15:55 +02:00
|
|
|
}
|
2007-08-14 22:19:40 +02:00
|
|
|
|
2010-08-15 10:01:42 +02:00
|
|
|
if (options->PerConnBWRate != old_options->PerConnBWRate ||
|
|
|
|
options->PerConnBWBurst != old_options->PerConnBWBurst)
|
|
|
|
connection_or_update_token_buckets(get_connection_array(), options);
|
2005-08-22 02:18:45 +02:00
|
|
|
}
|
|
|
|
|
2014-09-11 05:01:18 +02:00
|
|
|
/* Only collect directory-request statistics on relays and bridges. */
|
|
|
|
options->DirReqStatistics = options->DirReqStatistics_option &&
|
|
|
|
server_mode(options);
|
|
|
|
|
2010-06-21 18:52:46 +02:00
|
|
|
if (options->CellStatistics || options->DirReqStatistics ||
|
2010-08-02 15:06:14 +02:00
|
|
|
options->EntryStatistics || options->ExitPortStatistics ||
|
2011-10-07 02:39:48 +02:00
|
|
|
options->ConnDirectionStatistics ||
|
2014-12-02 13:20:35 +01:00
|
|
|
options->HiddenServiceStatistics ||
|
2011-10-07 02:39:48 +02:00
|
|
|
options->BridgeAuthoritativeDir) {
|
2010-06-21 18:52:46 +02:00
|
|
|
time_t now = time(NULL);
|
2010-11-09 14:18:00 +01:00
|
|
|
int print_notice = 0;
|
2011-11-19 00:50:03 +01:00
|
|
|
|
2013-12-18 18:00:17 +01:00
|
|
|
/* Only collect other relay-only statistics on relays. */
|
|
|
|
if (!public_server_mode(options)) {
|
|
|
|
options->CellStatistics = 0;
|
2011-11-19 00:50:03 +01:00
|
|
|
options->EntryStatistics = 0;
|
2014-12-02 13:20:35 +01:00
|
|
|
options->HiddenServiceStatistics = 0;
|
2011-11-19 00:50:03 +01:00
|
|
|
options->ExitPortStatistics = 0;
|
|
|
|
}
|
|
|
|
|
2010-06-21 18:52:46 +02:00
|
|
|
if ((!old_options || !old_options->CellStatistics) &&
|
2010-11-09 14:18:00 +01:00
|
|
|
options->CellStatistics) {
|
2010-06-21 18:52:46 +02:00
|
|
|
rep_hist_buffer_stats_init(now);
|
2010-11-09 14:18:00 +01:00
|
|
|
print_notice = 1;
|
|
|
|
}
|
2010-06-21 18:52:46 +02:00
|
|
|
if ((!old_options || !old_options->DirReqStatistics) &&
|
2010-11-09 14:18:00 +01:00
|
|
|
options->DirReqStatistics) {
|
2012-10-20 18:48:58 +02:00
|
|
|
if (geoip_is_loaded(AF_INET)) {
|
2010-11-09 14:18:00 +01:00
|
|
|
geoip_dirreq_stats_init(now);
|
|
|
|
print_notice = 1;
|
|
|
|
} else {
|
2014-09-11 05:01:18 +02:00
|
|
|
/* disable statistics collection since we have no geoip file */
|
2010-12-22 08:34:41 +01:00
|
|
|
options->DirReqStatistics = 0;
|
2012-08-09 21:48:43 +02:00
|
|
|
if (options->ORPort_set)
|
2011-02-06 00:25:33 +01:00
|
|
|
log_notice(LD_CONFIG, "Configured to measure directory request "
|
|
|
|
"statistics, but no GeoIP database found. "
|
|
|
|
"Please specify a GeoIP database using the "
|
|
|
|
"GeoIPFile option.");
|
2010-11-09 14:18:00 +01:00
|
|
|
}
|
|
|
|
}
|
2010-06-21 18:52:46 +02:00
|
|
|
if ((!old_options || !old_options->EntryStatistics) &&
|
2010-11-09 14:18:00 +01:00
|
|
|
options->EntryStatistics && !should_record_bridge_info(options)) {
|
2012-10-20 18:48:58 +02:00
|
|
|
if (geoip_is_loaded(AF_INET) || geoip_is_loaded(AF_INET6)) {
|
2010-11-09 14:18:00 +01:00
|
|
|
geoip_entry_stats_init(now);
|
|
|
|
print_notice = 1;
|
|
|
|
} else {
|
2010-12-22 08:34:41 +01:00
|
|
|
options->EntryStatistics = 0;
|
2010-11-09 14:18:00 +01:00
|
|
|
log_notice(LD_CONFIG, "Configured to measure entry node "
|
2011-02-06 00:25:33 +01:00
|
|
|
"statistics, but no GeoIP database found. "
|
2010-11-09 14:18:00 +01:00
|
|
|
"Please specify a GeoIP database using the "
|
2011-02-06 00:25:33 +01:00
|
|
|
"GeoIPFile option.");
|
2010-11-09 14:18:00 +01:00
|
|
|
}
|
|
|
|
}
|
2010-06-21 18:52:46 +02:00
|
|
|
if ((!old_options || !old_options->ExitPortStatistics) &&
|
2010-11-09 14:18:00 +01:00
|
|
|
options->ExitPortStatistics) {
|
2010-06-21 18:52:46 +02:00
|
|
|
rep_hist_exit_stats_init(now);
|
2010-11-09 14:18:00 +01:00
|
|
|
print_notice = 1;
|
|
|
|
}
|
2010-08-15 14:58:35 +02:00
|
|
|
if ((!old_options || !old_options->ConnDirectionStatistics) &&
|
2010-12-21 22:01:00 +01:00
|
|
|
options->ConnDirectionStatistics) {
|
2010-08-02 15:06:14 +02:00
|
|
|
rep_hist_conn_stats_init(now);
|
2010-12-21 22:01:00 +01:00
|
|
|
}
|
2014-12-02 13:20:35 +01:00
|
|
|
if ((!old_options || !old_options->HiddenServiceStatistics) &&
|
|
|
|
options->HiddenServiceStatistics) {
|
|
|
|
log_info(LD_CONFIG, "Configured to measure hidden service statistics.");
|
|
|
|
rep_hist_hs_stats_init(now);
|
|
|
|
}
|
2011-10-24 12:51:00 +02:00
|
|
|
if ((!old_options || !old_options->BridgeAuthoritativeDir) &&
|
|
|
|
options->BridgeAuthoritativeDir) {
|
2011-10-07 02:39:48 +02:00
|
|
|
rep_hist_desc_stats_init(now);
|
|
|
|
print_notice = 1;
|
|
|
|
}
|
2010-11-09 14:18:00 +01:00
|
|
|
if (print_notice)
|
2010-06-21 18:52:46 +02:00
|
|
|
log_notice(LD_CONFIG, "Configured to measure statistics. Look for "
|
|
|
|
"the *-stats files that will first be written to the "
|
|
|
|
"data directory in 24 hours from now.");
|
|
|
|
}
|
|
|
|
|
2014-12-02 13:20:35 +01:00
|
|
|
/* If we used to have statistics enabled but we just disabled them,
|
|
|
|
stop gathering them. */
|
2010-06-21 18:52:46 +02:00
|
|
|
if (old_options && old_options->CellStatistics &&
|
|
|
|
!options->CellStatistics)
|
|
|
|
rep_hist_buffer_stats_term();
|
|
|
|
if (old_options && old_options->DirReqStatistics &&
|
|
|
|
!options->DirReqStatistics)
|
|
|
|
geoip_dirreq_stats_term();
|
|
|
|
if (old_options && old_options->EntryStatistics &&
|
|
|
|
!options->EntryStatistics)
|
|
|
|
geoip_entry_stats_term();
|
2014-12-02 13:20:35 +01:00
|
|
|
if (old_options && old_options->HiddenServiceStatistics &&
|
|
|
|
!options->HiddenServiceStatistics)
|
|
|
|
rep_hist_hs_stats_term();
|
2010-06-21 18:52:46 +02:00
|
|
|
if (old_options && old_options->ExitPortStatistics &&
|
|
|
|
!options->ExitPortStatistics)
|
|
|
|
rep_hist_exit_stats_term();
|
2010-08-15 14:58:35 +02:00
|
|
|
if (old_options && old_options->ConnDirectionStatistics &&
|
|
|
|
!options->ConnDirectionStatistics)
|
2010-08-02 15:06:14 +02:00
|
|
|
rep_hist_conn_stats_term();
|
2011-10-07 02:39:48 +02:00
|
|
|
if (old_options && old_options->BridgeAuthoritativeDir &&
|
|
|
|
!options->BridgeAuthoritativeDir)
|
|
|
|
rep_hist_desc_stats_term();
|
2010-06-21 18:52:46 +02:00
|
|
|
|
2005-12-31 07:32:57 +01:00
|
|
|
/* Check if we need to parse and add the EntryNodes config option. */
|
2006-01-02 06:14:21 +01:00
|
|
|
if (options->EntryNodes &&
|
|
|
|
(!old_options ||
|
2009-10-18 00:54:20 +02:00
|
|
|
!routerset_equal(old_options->EntryNodes,options->EntryNodes) ||
|
|
|
|
!routerset_equal(old_options->ExcludeNodes,options->ExcludeNodes)))
|
2005-12-31 07:32:57 +01:00
|
|
|
entry_nodes_should_be_added();
|
|
|
|
|
2004-11-13 17:53:48 +01:00
|
|
|
/* Since our options changed, we might need to regenerate and upload our
|
2005-08-22 02:18:45 +02:00
|
|
|
* server descriptor.
|
2004-11-13 17:53:48 +01:00
|
|
|
*/
|
2005-12-14 21:40:40 +01:00
|
|
|
if (!old_options ||
|
|
|
|
options_transition_affects_descriptor(old_options, options))
|
2011-05-20 05:36:20 +02:00
|
|
|
mark_my_descriptor_dirty("config change");
|
2004-11-13 17:53:48 +01:00
|
|
|
|
2007-10-22 18:32:04 +02:00
|
|
|
/* We may need to reschedule some directory stuff if our status changed. */
|
2007-10-23 00:54:28 +02:00
|
|
|
if (old_options) {
|
|
|
|
if (authdir_mode_v3(options) && !authdir_mode_v3(old_options))
|
|
|
|
dirvote_recalculate_timing(options, time(NULL));
|
2007-12-21 07:08:00 +01:00
|
|
|
if (!bool_eq(directory_fetches_dir_info_early(options),
|
|
|
|
directory_fetches_dir_info_early(old_options)) ||
|
|
|
|
!bool_eq(directory_fetches_dir_info_later(options),
|
|
|
|
directory_fetches_dir_info_later(old_options))) {
|
2014-12-25 12:26:04 +01:00
|
|
|
/* Make sure update_router_have_minimum_dir_info() gets called. */
|
2007-10-23 00:54:28 +02:00
|
|
|
router_dir_info_changed();
|
|
|
|
/* We might need to download a new consensus status later or sooner than
|
|
|
|
* we had expected. */
|
|
|
|
update_consensus_networkstatus_fetch_time(time(NULL));
|
|
|
|
}
|
2007-10-22 18:32:04 +02:00
|
|
|
}
|
|
|
|
|
2009-05-27 23:55:51 +02:00
|
|
|
/* Load the webpage we're going to serve every time someone asks for '/' on
|
2008-12-07 02:21:19 +01:00
|
|
|
our DirPort. */
|
|
|
|
tor_free(global_dirfrontpagecontents);
|
|
|
|
if (options->DirPortFrontPage) {
|
|
|
|
global_dirfrontpagecontents =
|
|
|
|
read_file_to_str(options->DirPortFrontPage, 0, NULL);
|
2008-12-07 02:51:56 +01:00
|
|
|
if (!global_dirfrontpagecontents) {
|
2008-12-07 02:48:30 +01:00
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"DirPortFrontPage file '%s' not found. Continuing anyway.",
|
|
|
|
options->DirPortFrontPage);
|
|
|
|
}
|
2008-12-07 02:21:19 +01:00
|
|
|
}
|
|
|
|
|
2004-11-09 05:28:18 +01:00
|
|
|
return 0;
|
2004-11-06 06:18:11 +01:00
|
|
|
}
|
|
|
|
|
2013-08-25 19:07:31 +02:00
|
|
|
static const struct {
|
|
|
|
const char *name;
|
|
|
|
int takes_argument;
|
|
|
|
} CMDLINE_ONLY_OPTIONS[] = {
|
|
|
|
{ "-f", 1 },
|
2013-11-03 17:53:41 +01:00
|
|
|
{ "--allow-missing-torrc", 0 },
|
2013-08-25 19:07:31 +02:00
|
|
|
{ "--defaults-torrc", 1 },
|
|
|
|
{ "--hash-password", 1 },
|
2013-09-03 16:30:50 +02:00
|
|
|
{ "--dump-config", 1 },
|
2013-08-25 19:07:31 +02:00
|
|
|
{ "--list-fingerprint", 0 },
|
|
|
|
{ "--verify-config", 0 },
|
|
|
|
{ "--ignore-missing-torrc", 0 },
|
|
|
|
{ "--quiet", 0 },
|
|
|
|
{ "--hush", 0 },
|
|
|
|
{ "--version", 0 },
|
2013-09-13 18:55:53 +02:00
|
|
|
{ "--library-versions", 0 },
|
2013-08-25 19:07:31 +02:00
|
|
|
{ "-h", 0 },
|
|
|
|
{ "--help", 0 },
|
|
|
|
{ "--list-torrc-options", 0 },
|
|
|
|
{ "--digests", 0 },
|
|
|
|
{ "--nt-service", 0 },
|
|
|
|
{ "-nt-service", 0 },
|
|
|
|
{ NULL, 0 },
|
|
|
|
};
|
|
|
|
|
2013-08-25 18:03:57 +02:00
|
|
|
/** Helper: Read a list of configuration options from the command line. If
|
2013-08-25 18:49:16 +02:00
|
|
|
* successful, or if ignore_errors is set, put them in *<b>result</b>, put the
|
|
|
|
* commandline-only options in *<b>cmdline_result</b>, and return 0;
|
|
|
|
* otherwise, return -1 and leave *<b>result</b> and <b>cmdline_result</b>
|
|
|
|
* alone. */
|
|
|
|
int
|
|
|
|
config_parse_commandline(int argc, char **argv, int ignore_errors,
|
|
|
|
config_line_t **result,
|
|
|
|
config_line_t **cmdline_result)
|
2004-10-14 04:47:09 +02:00
|
|
|
{
|
2013-08-25 18:03:57 +02:00
|
|
|
config_line_t *param = NULL;
|
|
|
|
|
2005-07-22 23:12:10 +02:00
|
|
|
config_line_t *front = NULL;
|
|
|
|
config_line_t **new = &front;
|
2013-08-25 18:03:57 +02:00
|
|
|
|
|
|
|
config_line_t *front_cmdline = NULL;
|
|
|
|
config_line_t **new_cmdline = &front_cmdline;
|
|
|
|
|
|
|
|
char *s, *arg;
|
2002-11-23 07:49:01 +01:00
|
|
|
int i = 1;
|
|
|
|
|
2005-09-10 06:40:27 +02:00
|
|
|
while (i < argc) {
|
2011-11-28 03:32:51 +01:00
|
|
|
unsigned command = CONFIG_LINE_NORMAL;
|
|
|
|
int want_arg = 1;
|
2013-08-25 18:03:57 +02:00
|
|
|
int is_cmdline = 0;
|
2013-08-25 19:07:31 +02:00
|
|
|
int j;
|
2011-11-28 03:32:51 +01:00
|
|
|
|
2013-08-25 19:07:31 +02:00
|
|
|
for (j = 0; CMDLINE_ONLY_OPTIONS[j].name != NULL; ++j) {
|
|
|
|
if (!strcmp(argv[i], CMDLINE_ONLY_OPTIONS[j].name)) {
|
|
|
|
is_cmdline = 1;
|
|
|
|
want_arg = CMDLINE_ONLY_OPTIONS[j].takes_argument;
|
|
|
|
break;
|
|
|
|
}
|
2002-11-23 07:49:01 +01:00
|
|
|
}
|
2007-11-01 05:38:43 +01:00
|
|
|
|
2002-11-23 07:49:01 +01:00
|
|
|
s = argv[i];
|
2004-10-14 04:47:09 +02:00
|
|
|
|
2009-10-27 17:50:24 +01:00
|
|
|
/* Each keyword may be prefixed with one or two dashes. */
|
|
|
|
if (*s == '-')
|
|
|
|
s++;
|
|
|
|
if (*s == '-')
|
2002-11-23 07:49:01 +01:00
|
|
|
s++;
|
2011-11-28 03:32:51 +01:00
|
|
|
/* Figure out the command, if any. */
|
|
|
|
if (*s == '+') {
|
|
|
|
s++;
|
|
|
|
command = CONFIG_LINE_APPEND;
|
|
|
|
} else if (*s == '/') {
|
|
|
|
s++;
|
|
|
|
command = CONFIG_LINE_CLEAR;
|
|
|
|
/* A 'clear' command has no argument. */
|
|
|
|
want_arg = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (want_arg && i == argc-1) {
|
2013-08-25 19:13:18 +02:00
|
|
|
if (ignore_errors) {
|
2013-08-25 18:03:57 +02:00
|
|
|
arg = strdup("");
|
|
|
|
} else {
|
|
|
|
log_warn(LD_CONFIG,"Command-line option '%s' with no value. Failing.",
|
|
|
|
argv[i]);
|
|
|
|
config_free_lines(front);
|
|
|
|
config_free_lines(front_cmdline);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
arg = want_arg ? tor_strdup(argv[i+1]) : strdup("");
|
2011-11-28 03:32:51 +01:00
|
|
|
}
|
2004-10-14 04:47:09 +02:00
|
|
|
|
2013-08-25 18:03:57 +02:00
|
|
|
param = tor_malloc_zero(sizeof(config_line_t));
|
2014-08-27 12:10:35 +02:00
|
|
|
param->key = is_cmdline ? tor_strdup(argv[i]) :
|
|
|
|
tor_strdup(config_expand_abbrev(&options_format, s, 1, 1));
|
2013-08-25 18:03:57 +02:00
|
|
|
param->value = arg;
|
|
|
|
param->command = command;
|
|
|
|
param->next = NULL;
|
2013-02-01 21:43:37 +01:00
|
|
|
log_debug(LD_CONFIG, "command line: parsed keyword '%s', value '%s'",
|
2013-08-25 18:03:57 +02:00
|
|
|
param->key, param->value);
|
|
|
|
|
|
|
|
if (is_cmdline) {
|
|
|
|
*new_cmdline = param;
|
|
|
|
new_cmdline = &((*new_cmdline)->next);
|
|
|
|
} else {
|
|
|
|
*new = param;
|
|
|
|
new = &((*new)->next);
|
|
|
|
}
|
2005-07-11 19:35:36 +02:00
|
|
|
|
2011-11-28 03:32:51 +01:00
|
|
|
i += want_arg ? 2 : 1;
|
2002-11-23 07:49:01 +01:00
|
|
|
}
|
2013-08-25 18:03:57 +02:00
|
|
|
*cmdline_result = front_cmdline;
|
2005-09-10 06:40:27 +02:00
|
|
|
*result = front;
|
|
|
|
return 0;
|
2002-11-23 07:49:01 +01:00
|
|
|
}
|
|
|
|
|
2004-11-09 07:40:32 +01:00
|
|
|
/** Return true iff key is a valid configuration option. */
|
|
|
|
int
|
2005-07-23 03:58:05 +02:00
|
|
|
option_is_recognized(const char *key)
|
2004-11-09 07:40:32 +01:00
|
|
|
{
|
2011-06-14 19:01:38 +02:00
|
|
|
const config_var_t *var = config_find_option(&options_format, key);
|
2004-11-09 07:40:32 +01:00
|
|
|
return (var != NULL);
|
|
|
|
}
|
|
|
|
|
2008-01-15 06:57:14 +01:00
|
|
|
/** Return the canonical name of a configuration option, or NULL
|
|
|
|
* if no such option exists. */
|
2005-07-11 19:35:36 +02:00
|
|
|
const char *
|
2005-07-23 03:58:05 +02:00
|
|
|
option_get_canonical_name(const char *key)
|
2005-07-11 19:35:36 +02:00
|
|
|
{
|
2011-06-14 19:01:38 +02:00
|
|
|
const config_var_t *var = config_find_option(&options_format, key);
|
2008-01-15 06:57:14 +01:00
|
|
|
return var ? var->name : NULL;
|
2005-07-11 19:35:36 +02:00
|
|
|
}
|
|
|
|
|
2009-05-27 23:55:51 +02:00
|
|
|
/** Return a canonical list of the options assigned for key.
|
2004-11-03 19:29:29 +01:00
|
|
|
*/
|
2005-07-22 23:12:10 +02:00
|
|
|
config_line_t *
|
2011-06-14 19:01:38 +02:00
|
|
|
option_get_assignment(const or_options_t *options, const char *key)
|
2005-07-22 22:37:42 +02:00
|
|
|
{
|
2012-09-12 23:34:50 +02:00
|
|
|
return config_get_assigned_option(&options_format, options, key, 1);
|
2002-11-23 07:49:01 +01:00
|
|
|
}
|
|
|
|
|
2004-11-09 18:15:17 +01:00
|
|
|
/** Try assigning <b>list</b> to the global options. You do this by duping
|
2004-11-06 06:18:11 +01:00
|
|
|
* options, assigning list to the new one, then validating it. If it's
|
2004-11-10 01:11:37 +01:00
|
|
|
* ok, then throw out the old one and stick with the new one. Else,
|
2008-03-13 16:11:56 +01:00
|
|
|
* revert to old and return failure. Return SETOPT_OK on success, or
|
|
|
|
* a setopt_err_t on failure.
|
2006-04-08 07:43:52 +02:00
|
|
|
*
|
2006-03-26 08:51:26 +02:00
|
|
|
* If not success, point *<b>msg</b> to a newly allocated string describing
|
|
|
|
* what went wrong.
|
2004-11-06 06:18:11 +01:00
|
|
|
*/
|
2008-03-13 16:11:56 +01:00
|
|
|
setopt_err_t
|
2006-03-26 08:51:26 +02:00
|
|
|
options_trial_assign(config_line_t *list, int use_defaults,
|
|
|
|
int clear_first, char **msg)
|
2004-11-06 06:18:11 +01:00
|
|
|
{
|
2004-11-07 23:59:30 +01:00
|
|
|
int r;
|
2012-09-12 23:34:50 +02:00
|
|
|
or_options_t *trial_options = config_dup(&options_format, get_options());
|
2004-11-06 06:18:11 +01:00
|
|
|
|
2005-09-14 04:07:35 +02:00
|
|
|
if ((r=config_assign(&options_format, trial_options,
|
2006-03-26 10:09:19 +02:00
|
|
|
list, use_defaults, clear_first, msg)) < 0) {
|
2005-08-04 21:56:41 +02:00
|
|
|
config_free(&options_format, trial_options);
|
2004-11-07 23:59:30 +01:00
|
|
|
return r;
|
2004-11-06 06:18:11 +01:00
|
|
|
}
|
|
|
|
|
2013-05-16 12:08:48 +02:00
|
|
|
if (options_validate(get_options_mutable(), trial_options,
|
|
|
|
global_default_options, 1, msg) < 0) {
|
2005-08-04 21:56:41 +02:00
|
|
|
config_free(&options_format, trial_options);
|
2008-12-18 17:11:24 +01:00
|
|
|
return SETOPT_ERR_PARSE; /*XXX make this a separate return value. */
|
2004-11-06 06:18:11 +01:00
|
|
|
}
|
|
|
|
|
2006-03-26 08:51:26 +02:00
|
|
|
if (options_transition_allowed(get_options(), trial_options, msg) < 0) {
|
2005-08-04 21:56:41 +02:00
|
|
|
config_free(&options_format, trial_options);
|
2008-03-13 16:11:56 +01:00
|
|
|
return SETOPT_ERR_TRANSITION;
|
2004-11-06 06:18:11 +01:00
|
|
|
}
|
|
|
|
|
2006-03-26 08:51:26 +02:00
|
|
|
if (set_options(trial_options, msg)<0) {
|
2005-09-14 04:36:29 +02:00
|
|
|
config_free(&options_format, trial_options);
|
2008-03-13 16:11:56 +01:00
|
|
|
return SETOPT_ERR_SETTING;
|
2005-09-14 04:36:29 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* we liked it. put it in place. */
|
2008-03-13 16:11:56 +01:00
|
|
|
return SETOPT_OK;
|
2004-11-06 06:18:11 +01:00
|
|
|
}
|
|
|
|
|
2004-05-10 06:48:13 +02:00
|
|
|
/** Print a usage message for tor. */
|
2004-10-14 04:47:09 +02:00
|
|
|
static void
|
|
|
|
print_usage(void)
|
|
|
|
{
|
2004-11-15 08:29:27 +01:00
|
|
|
printf(
|
2008-02-04 17:54:14 +01:00
|
|
|
"Copyright (c) 2001-2004, Roger Dingledine\n"
|
|
|
|
"Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n"
|
2015-01-02 20:27:39 +01:00
|
|
|
"Copyright (c) 2007-2015, The Tor Project, Inc.\n\n"
|
2004-11-15 08:29:27 +01:00
|
|
|
"tor -f <torrc> [args]\n"
|
2007-12-07 22:27:58 +01:00
|
|
|
"See man page for options, or https://www.torproject.org/ for "
|
|
|
|
"documentation.\n");
|
2003-10-20 03:19:54 +02:00
|
|
|
}
|
|
|
|
|
2006-12-20 18:05:48 +01:00
|
|
|
/** Print all non-obsolete torrc options. */
|
|
|
|
static void
|
|
|
|
list_torrc_options(void)
|
|
|
|
{
|
|
|
|
int i;
|
2012-01-18 21:53:30 +01:00
|
|
|
smartlist_t *lines = smartlist_new();
|
2012-10-12 18:22:13 +02:00
|
|
|
for (i = 0; option_vars_[i].name; ++i) {
|
|
|
|
const config_var_t *var = &option_vars_[i];
|
2006-12-20 18:05:48 +01:00
|
|
|
if (var->type == CONFIG_TYPE_OBSOLETE ||
|
|
|
|
var->type == CONFIG_TYPE_LINELIST_V)
|
|
|
|
continue;
|
|
|
|
printf("%s\n", var->name);
|
|
|
|
}
|
2008-01-16 06:27:19 +01:00
|
|
|
smartlist_free(lines);
|
2006-12-20 18:05:48 +01:00
|
|
|
}
|
|
|
|
|
2006-10-02 23:00:35 +02:00
|
|
|
/** Last value actually set by resolve_my_address. */
|
|
|
|
static uint32_t last_resolved_addr = 0;
|
2013-02-12 10:25:42 +01:00
|
|
|
|
|
|
|
/** Accessor for last_resolved_addr from outside this file. */
|
2013-02-15 22:02:57 +01:00
|
|
|
uint32_t
|
|
|
|
get_last_resolved_addr(void)
|
2013-02-12 10:25:42 +01:00
|
|
|
{
|
|
|
|
return last_resolved_addr;
|
|
|
|
}
|
|
|
|
|
2014-09-29 19:46:30 +02:00
|
|
|
/** Reset last_resolved_addr from outside this file. */
|
|
|
|
void
|
|
|
|
reset_last_resolved_addr(void)
|
|
|
|
{
|
|
|
|
last_resolved_addr = 0;
|
|
|
|
}
|
|
|
|
|
2004-05-10 06:48:13 +02:00
|
|
|
/**
|
2014-04-28 22:20:58 +02:00
|
|
|
* Attempt getting our non-local (as judged by tor_addr_is_internal()
|
|
|
|
* function) IP address using following techniques, listed in
|
|
|
|
* order from best (most desirable, try first) to worst (least
|
|
|
|
* desirable, try if everything else fails).
|
|
|
|
*
|
|
|
|
* First, attempt using <b>options-\>Address</b> to get our
|
|
|
|
* non-local IP address.
|
|
|
|
*
|
|
|
|
* If <b>options-\>Address</b> represents a non-local IP address,
|
|
|
|
* consider it ours.
|
|
|
|
*
|
|
|
|
* If <b>options-\>Address</b> is a DNS name that resolves to
|
|
|
|
* a non-local IP address, consider this IP address ours.
|
|
|
|
*
|
|
|
|
* If <b>options-\>Address</b> is NULL, fall back to getting local
|
|
|
|
* hostname and using it in above-described ways to try and
|
|
|
|
* get our IP address.
|
|
|
|
*
|
|
|
|
* In case local hostname cannot be resolved to a non-local IP
|
|
|
|
* address, try getting an IP address of network interface
|
|
|
|
* in hopes it will be non-local one.
|
|
|
|
*
|
|
|
|
* Fail if one or more of the following is true:
|
|
|
|
* - DNS name in <b>options-\>Address</b> cannot be resolved.
|
|
|
|
* - <b>options-\>Address</b> is a local host address.
|
|
|
|
* - Attempt to getting local hostname fails.
|
|
|
|
* - Attempt to getting network interface address fails.
|
2013-02-10 22:45:48 +01:00
|
|
|
*
|
|
|
|
* Return 0 if all is well, or -1 if we can't find a suitable
|
2005-08-25 22:33:17 +02:00
|
|
|
* public IP address.
|
2013-02-10 22:45:48 +01:00
|
|
|
*
|
|
|
|
* If we are returning 0:
|
|
|
|
* - Put our public IP address (in host order) into *<b>addr_out</b>.
|
|
|
|
* - If <b>method_out</b> is non-NULL, set *<b>method_out</b> to a static
|
|
|
|
* string describing how we arrived at our answer.
|
2014-04-28 22:20:58 +02:00
|
|
|
* - "CONFIGURED" - parsed from IP address string in
|
|
|
|
* <b>options-\>Address</b>
|
|
|
|
* - "RESOLVED" - resolved from DNS name in <b>options-\>Address</b>
|
|
|
|
* - "GETHOSTNAME" - resolved from a local hostname.
|
|
|
|
* - "INTERFACE" - retrieved from a network interface.
|
2013-02-10 22:45:48 +01:00
|
|
|
* - If <b>hostname_out</b> is non-NULL, and we resolved a hostname to
|
|
|
|
* get our address, set *<b>hostname_out</b> to a newly allocated string
|
|
|
|
* holding that hostname. (If we didn't get our address by resolving a
|
|
|
|
* hostname, set *<b>hostname_out</b> to NULL.)
|
|
|
|
*
|
2012-03-27 15:00:34 +02:00
|
|
|
* XXXX ipv6
|
2004-05-10 06:48:13 +02:00
|
|
|
*/
|
2004-10-14 04:47:09 +02:00
|
|
|
int
|
2011-06-14 19:01:38 +02:00
|
|
|
resolve_my_address(int warn_severity, const or_options_t *options,
|
2013-02-10 22:45:48 +01:00
|
|
|
uint32_t *addr_out,
|
2013-02-12 10:25:42 +01:00
|
|
|
const char **method_out, char **hostname_out)
|
2004-10-14 04:47:09 +02:00
|
|
|
{
|
2004-03-14 19:12:59 +01:00
|
|
|
struct in_addr in;
|
2010-03-05 22:04:01 +01:00
|
|
|
uint32_t addr; /* host order */
|
2004-08-16 13:43:18 +02:00
|
|
|
char hostname[256];
|
2013-02-10 22:45:48 +01:00
|
|
|
const char *method_used;
|
|
|
|
const char *hostname_used;
|
2004-03-15 05:57:24 +01:00
|
|
|
int explicit_ip=1;
|
2006-03-14 23:51:15 +01:00
|
|
|
int explicit_hostname=1;
|
2007-01-06 06:42:31 +01:00
|
|
|
int from_interface=0;
|
2010-10-15 23:07:27 +02:00
|
|
|
char *addr_string = NULL;
|
2005-05-09 06:31:00 +02:00
|
|
|
const char *address = options->Address;
|
2006-07-15 22:26:05 +02:00
|
|
|
int notice_severity = warn_severity <= LOG_NOTICE ?
|
|
|
|
LOG_NOTICE : warn_severity;
|
2004-03-14 19:12:59 +01:00
|
|
|
|
2013-11-16 17:29:54 +01:00
|
|
|
tor_addr_t myaddr;
|
2005-08-25 22:33:17 +02:00
|
|
|
tor_assert(addr_out);
|
2004-08-16 13:43:18 +02:00
|
|
|
|
2013-02-10 22:45:48 +01:00
|
|
|
/*
|
|
|
|
* Step one: Fill in 'hostname' to be our best guess.
|
|
|
|
*/
|
|
|
|
|
2005-04-29 20:52:05 +02:00
|
|
|
if (address && *address) {
|
2004-10-14 04:47:09 +02:00
|
|
|
strlcpy(hostname, address, sizeof(hostname));
|
2004-08-16 13:43:18 +02:00
|
|
|
} else { /* then we need to guess our address */
|
2004-03-15 05:57:24 +01:00
|
|
|
explicit_ip = 0; /* it's implicit */
|
2006-03-14 23:51:15 +01:00
|
|
|
explicit_hostname = 0; /* it's implicit */
|
2004-03-14 19:12:59 +01:00
|
|
|
|
2014-04-28 22:20:58 +02:00
|
|
|
if (tor_gethostname(hostname, sizeof(hostname)) < 0) {
|
2006-07-15 22:26:05 +02:00
|
|
|
log_fn(warn_severity, LD_NET,"Error obtaining local hostname");
|
2004-03-14 19:12:59 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2013-02-10 22:45:48 +01:00
|
|
|
log_debug(LD_CONFIG, "Guessed local host name as '%s'", hostname);
|
2004-03-14 19:12:59 +01:00
|
|
|
}
|
|
|
|
|
2013-02-10 22:45:48 +01:00
|
|
|
/*
|
|
|
|
* Step two: Now that we know 'hostname', parse it or resolve it. If
|
|
|
|
* it doesn't parse or resolve, look at the interface address. Set 'addr'
|
|
|
|
* to be our (host-order) 32-bit answer.
|
|
|
|
*/
|
2004-03-14 19:12:59 +01:00
|
|
|
|
2004-10-14 04:47:09 +02:00
|
|
|
if (tor_inet_aton(hostname, &in) == 0) {
|
2004-03-15 05:57:24 +01:00
|
|
|
/* then we have to resolve it */
|
|
|
|
explicit_ip = 0;
|
2010-03-05 22:04:01 +01:00
|
|
|
if (tor_lookup_hostname(hostname, &addr)) { /* failed to resolve */
|
|
|
|
uint32_t interface_ip; /* host order */
|
2006-03-14 23:51:15 +01:00
|
|
|
|
|
|
|
if (explicit_hostname) {
|
2006-07-15 22:26:05 +02:00
|
|
|
log_fn(warn_severity, LD_CONFIG,
|
|
|
|
"Could not resolve local Address '%s'. Failing.", hostname);
|
2006-03-14 23:51:15 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2006-07-15 22:26:05 +02:00
|
|
|
log_fn(notice_severity, LD_CONFIG,
|
|
|
|
"Could not resolve guessed local hostname '%s'. "
|
|
|
|
"Trying something else.", hostname);
|
2006-09-09 21:20:27 +02:00
|
|
|
if (get_interface_address(warn_severity, &interface_ip)) {
|
2006-07-15 22:26:05 +02:00
|
|
|
log_fn(warn_severity, LD_CONFIG,
|
|
|
|
"Could not get local interface IP address. Failing.");
|
2006-03-14 23:51:15 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2007-01-06 06:42:31 +01:00
|
|
|
from_interface = 1;
|
2010-10-02 03:31:09 +02:00
|
|
|
addr = interface_ip;
|
2006-07-15 22:26:05 +02:00
|
|
|
log_fn(notice_severity, LD_CONFIG, "Learned IP address '%s' for "
|
2010-10-02 03:31:09 +02:00
|
|
|
"local interface. Using that.", fmt_addr32(addr));
|
2006-03-14 23:51:15 +01:00
|
|
|
strlcpy(hostname, "<guessed from interfaces>", sizeof(hostname));
|
2010-03-05 22:04:01 +01:00
|
|
|
} else { /* resolved hostname into addr */
|
2013-11-20 20:49:17 +01:00
|
|
|
tor_addr_from_ipv4h(&myaddr, addr);
|
2013-11-16 17:29:54 +01:00
|
|
|
|
2006-03-14 23:51:15 +01:00
|
|
|
if (!explicit_hostname &&
|
2013-11-16 17:29:54 +01:00
|
|
|
tor_addr_is_internal(&myaddr, 0)) {
|
2014-02-03 20:31:31 +01:00
|
|
|
tor_addr_t interface_ip;
|
2006-03-14 23:51:15 +01:00
|
|
|
|
2006-07-15 22:26:05 +02:00
|
|
|
log_fn(notice_severity, LD_CONFIG, "Guessed local hostname '%s' "
|
2010-10-02 03:31:09 +02:00
|
|
|
"resolves to a private IP address (%s). Trying something "
|
|
|
|
"else.", hostname, fmt_addr32(addr));
|
2006-03-14 23:51:15 +01:00
|
|
|
|
2014-02-03 20:31:31 +01:00
|
|
|
if (get_interface_address6(warn_severity, AF_INET, &interface_ip)<0) {
|
2006-07-15 22:26:05 +02:00
|
|
|
log_fn(warn_severity, LD_CONFIG,
|
|
|
|
"Could not get local interface IP address. Too bad.");
|
2014-02-03 20:31:31 +01:00
|
|
|
} else if (tor_addr_is_internal(&interface_ip, 0)) {
|
2006-07-15 22:26:05 +02:00
|
|
|
log_fn(notice_severity, LD_CONFIG,
|
|
|
|
"Interface IP address '%s' is a private address too. "
|
2014-02-03 20:31:31 +01:00
|
|
|
"Ignoring.", fmt_addr(&interface_ip));
|
2006-03-14 23:51:15 +01:00
|
|
|
} else {
|
2007-01-06 06:42:31 +01:00
|
|
|
from_interface = 1;
|
2014-02-03 20:31:31 +01:00
|
|
|
addr = tor_addr_to_ipv4h(&interface_ip);
|
2006-07-15 22:26:05 +02:00
|
|
|
log_fn(notice_severity, LD_CONFIG,
|
|
|
|
"Learned IP address '%s' for local interface."
|
2010-10-02 03:31:09 +02:00
|
|
|
" Using that.", fmt_addr32(addr));
|
2006-03-14 23:51:15 +01:00
|
|
|
strlcpy(hostname, "<guessed from interfaces>", sizeof(hostname));
|
|
|
|
}
|
|
|
|
}
|
2004-03-15 05:57:24 +01:00
|
|
|
}
|
2010-11-01 20:52:43 +01:00
|
|
|
} else {
|
|
|
|
addr = ntohl(in.s_addr); /* set addr so that addr_string is not
|
|
|
|
* illformed */
|
2004-03-14 19:12:59 +01:00
|
|
|
}
|
2004-10-14 04:47:09 +02:00
|
|
|
|
2013-02-10 22:45:48 +01:00
|
|
|
/*
|
|
|
|
* Step three: Check whether 'addr' is an internal IP address, and error
|
|
|
|
* out if it is and we don't want that.
|
|
|
|
*/
|
|
|
|
|
2013-11-20 20:49:17 +01:00
|
|
|
tor_addr_from_ipv4h(&myaddr,addr);
|
2013-11-16 17:29:54 +01:00
|
|
|
|
2010-10-15 23:07:27 +02:00
|
|
|
addr_string = tor_dup_ip(addr);
|
2013-11-16 17:29:54 +01:00
|
|
|
if (tor_addr_is_internal(&myaddr, 0)) {
|
2005-06-08 22:32:22 +02:00
|
|
|
/* make sure we're ok with publishing an internal IP */
|
2012-09-10 21:54:16 +02:00
|
|
|
if (!options->DirAuthorities && !options->AlternateDirAuthority) {
|
|
|
|
/* if they are using the default authorities, disallow internal IPs
|
2005-12-14 21:40:40 +01:00
|
|
|
* always. */
|
2006-07-15 22:26:05 +02:00
|
|
|
log_fn(warn_severity, LD_CONFIG,
|
|
|
|
"Address '%s' resolves to private IP address '%s'. "
|
2012-12-13 18:44:17 +01:00
|
|
|
"Tor servers that use the default DirAuthorities must have "
|
|
|
|
"public IP addresses.", hostname, addr_string);
|
2010-10-15 23:07:27 +02:00
|
|
|
tor_free(addr_string);
|
2005-05-09 06:31:00 +02:00
|
|
|
return -1;
|
2005-06-08 22:32:22 +02:00
|
|
|
}
|
|
|
|
if (!explicit_ip) {
|
2012-09-10 21:54:16 +02:00
|
|
|
/* even if they've set their own authorities, require an explicit IP if
|
2005-06-08 22:32:22 +02:00
|
|
|
* they're using an internal address. */
|
2006-07-15 22:26:05 +02:00
|
|
|
log_fn(warn_severity, LD_CONFIG, "Address '%s' resolves to private "
|
|
|
|
"IP address '%s'. Please set the Address config option to be "
|
2010-10-15 23:07:27 +02:00
|
|
|
"the IP address you want to use.", hostname, addr_string);
|
|
|
|
tor_free(addr_string);
|
2005-06-08 22:32:22 +02:00
|
|
|
return -1;
|
|
|
|
}
|
2004-03-14 19:12:59 +01:00
|
|
|
}
|
2004-10-14 04:47:09 +02:00
|
|
|
|
2013-02-10 22:45:48 +01:00
|
|
|
/*
|
|
|
|
* Step four: We have a winner! 'addr' is our answer for sure, and
|
|
|
|
* 'addr_string' is its string form. Fill out the various fields to
|
|
|
|
* say how we decided it.
|
|
|
|
*/
|
|
|
|
|
|
|
|
log_debug(LD_CONFIG, "Resolved Address to '%s'.", addr_string);
|
|
|
|
|
|
|
|
if (explicit_ip) {
|
|
|
|
method_used = "CONFIGURED";
|
|
|
|
hostname_used = NULL;
|
|
|
|
} else if (explicit_hostname) {
|
|
|
|
method_used = "RESOLVED";
|
|
|
|
hostname_used = hostname;
|
|
|
|
} else if (from_interface) {
|
|
|
|
method_used = "INTERFACE";
|
|
|
|
hostname_used = NULL;
|
|
|
|
} else {
|
|
|
|
method_used = "GETHOSTNAME";
|
|
|
|
hostname_used = hostname;
|
|
|
|
}
|
|
|
|
|
2010-10-02 03:31:09 +02:00
|
|
|
*addr_out = addr;
|
2013-02-10 22:45:48 +01:00
|
|
|
if (method_out)
|
|
|
|
*method_out = method_used;
|
|
|
|
if (hostname_out)
|
|
|
|
*hostname_out = hostname_used ? tor_strdup(hostname_used) : NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Step five: Check if the answer has changed since last time (or if
|
|
|
|
* there was no last time), and if so call various functions to keep
|
|
|
|
* us up-to-date.
|
|
|
|
*/
|
|
|
|
|
2006-10-02 23:00:35 +02:00
|
|
|
if (last_resolved_addr && last_resolved_addr != *addr_out) {
|
2006-07-15 22:26:05 +02:00
|
|
|
/* Leave this as a notice, regardless of the requested severity,
|
|
|
|
* at least until dynamic IP address support becomes bulletproof. */
|
2007-11-22 02:38:54 +01:00
|
|
|
log_notice(LD_NET,
|
2013-02-10 22:45:48 +01:00
|
|
|
"Your IP address seems to have changed to %s "
|
2013-02-11 19:05:27 +01:00
|
|
|
"(METHOD=%s%s%s). Updating.",
|
2013-02-10 22:45:48 +01:00
|
|
|
addr_string, method_used,
|
2013-02-11 19:05:27 +01:00
|
|
|
hostname_used ? " HOSTNAME=" : "",
|
2013-02-10 22:45:48 +01:00
|
|
|
hostname_used ? hostname_used : "");
|
2006-12-28 22:29:20 +01:00
|
|
|
ip_address_changed(0);
|
2005-02-27 10:47:01 +01:00
|
|
|
}
|
2013-02-10 22:45:48 +01:00
|
|
|
|
2007-01-06 06:42:31 +01:00
|
|
|
if (last_resolved_addr != *addr_out) {
|
|
|
|
control_event_server_status(LOG_NOTICE,
|
2013-02-11 19:05:27 +01:00
|
|
|
"EXTERNAL_ADDRESS ADDRESS=%s METHOD=%s%s%s",
|
2013-02-10 22:45:48 +01:00
|
|
|
addr_string, method_used,
|
2013-02-11 19:05:27 +01:00
|
|
|
hostname_used ? " HOSTNAME=" : "",
|
2013-02-10 22:45:48 +01:00
|
|
|
hostname_used ? hostname_used : "");
|
2007-01-06 06:42:31 +01:00
|
|
|
}
|
2006-10-02 23:00:35 +02:00
|
|
|
last_resolved_addr = *addr_out;
|
2013-02-10 22:45:48 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* And finally, clean up and return success.
|
|
|
|
*/
|
|
|
|
|
2010-10-15 23:07:27 +02:00
|
|
|
tor_free(addr_string);
|
2004-03-14 19:12:59 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2008-08-05 22:08:19 +02:00
|
|
|
/** Return true iff <b>addr</b> is judged to be on the same network as us, or
|
|
|
|
* on a private network.
|
2006-10-02 23:00:35 +02:00
|
|
|
*/
|
2014-01-23 13:52:59 +01:00
|
|
|
MOCK_IMPL(int,
|
|
|
|
is_local_addr, (const tor_addr_t *addr))
|
2006-10-02 23:00:35 +02:00
|
|
|
{
|
2008-08-05 22:08:19 +02:00
|
|
|
if (tor_addr_is_internal(addr, 0))
|
2006-10-02 23:00:35 +02:00
|
|
|
return 1;
|
2006-10-03 07:45:58 +02:00
|
|
|
/* Check whether ip is on the same /24 as we are. */
|
|
|
|
if (get_options()->EnforceDistinctSubnets == 0)
|
|
|
|
return 0;
|
2008-08-05 22:08:19 +02:00
|
|
|
if (tor_addr_family(addr) == AF_INET) {
|
2011-03-25 21:01:16 +01:00
|
|
|
/*XXXX023 IP6 what corresponds to an /24? */
|
2008-08-05 22:08:19 +02:00
|
|
|
uint32_t ip = tor_addr_to_ipv4h(addr);
|
|
|
|
|
|
|
|
/* It's possible that this next check will hit before the first time
|
|
|
|
* resolve_my_address actually succeeds. (For clients, it is likely that
|
|
|
|
* resolve_my_address will never be called at all). In those cases,
|
|
|
|
* last_resolved_addr will be 0, and so checking to see whether ip is on
|
|
|
|
* the same /24 as last_resolved_addr will be the same as checking whether
|
2013-11-16 17:29:54 +01:00
|
|
|
* it was on net 0, which is already done by tor_addr_is_internal.
|
2008-08-05 22:08:19 +02:00
|
|
|
*/
|
2009-09-01 05:23:47 +02:00
|
|
|
if ((last_resolved_addr & (uint32_t)0xffffff00ul)
|
|
|
|
== (ip & (uint32_t)0xffffff00ul))
|
2008-08-05 22:08:19 +02:00
|
|
|
return 1;
|
|
|
|
}
|
2006-10-02 23:00:35 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-08-09 20:49:43 +02:00
|
|
|
/** Return a new empty or_options_t. Used for testing. */
|
|
|
|
or_options_t *
|
|
|
|
options_new(void)
|
|
|
|
{
|
2012-09-03 14:45:24 +02:00
|
|
|
return config_new(&options_format);
|
2005-08-09 20:49:43 +02:00
|
|
|
}
|
|
|
|
|
2004-10-14 04:47:09 +02:00
|
|
|
/** Set <b>options</b> to hold reasonable defaults for most options.
|
|
|
|
* Each option defaults to zero. */
|
2004-11-06 06:18:11 +01:00
|
|
|
void
|
|
|
|
options_init(or_options_t *options)
|
2005-07-22 22:37:42 +02:00
|
|
|
{
|
2005-08-04 21:56:41 +02:00
|
|
|
config_init(&options_format, options);
|
2005-07-22 22:37:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/** Return a string containing a possible configuration file that would give
|
|
|
|
* the configuration in <b>options</b>. If <b>minimal</b> is true, do not
|
|
|
|
* include options that are the same as Tor's defaults.
|
|
|
|
*/
|
2009-12-14 01:21:06 +01:00
|
|
|
char *
|
2013-09-03 16:30:50 +02:00
|
|
|
options_dump(const or_options_t *options, int how_to_dump)
|
2005-07-22 22:37:42 +02:00
|
|
|
{
|
2013-09-03 16:30:50 +02:00
|
|
|
const or_options_t *use_defaults;
|
|
|
|
int minimal;
|
|
|
|
switch (how_to_dump) {
|
|
|
|
case OPTIONS_DUMP_MINIMAL:
|
|
|
|
use_defaults = global_default_options;
|
|
|
|
minimal = 1;
|
|
|
|
break;
|
|
|
|
case OPTIONS_DUMP_DEFAULTS:
|
|
|
|
use_defaults = NULL;
|
|
|
|
minimal = 1;
|
|
|
|
break;
|
|
|
|
case OPTIONS_DUMP_ALL:
|
|
|
|
use_defaults = NULL;
|
|
|
|
minimal = 0;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
log_warn(LD_BUG, "Bogus value for how_to_dump==%d", how_to_dump);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return config_dump(&options_format, use_defaults, options, minimal, 0);
|
2005-07-22 22:37:42 +02:00
|
|
|
}
|
|
|
|
|
2007-02-02 21:06:43 +01:00
|
|
|
/** Return 0 if every element of sl is a string holding a decimal
|
2005-08-07 23:58:23 +02:00
|
|
|
* representation of a port number, or if sl is NULL.
|
2006-03-26 08:51:26 +02:00
|
|
|
* Otherwise set *msg and return -1. */
|
2005-01-12 05:58:23 +01:00
|
|
|
static int
|
2006-03-26 08:51:26 +02:00
|
|
|
validate_ports_csv(smartlist_t *sl, const char *name, char **msg)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2005-01-12 05:58:23 +01:00
|
|
|
int i;
|
|
|
|
tor_assert(name);
|
|
|
|
|
2005-02-05 22:42:46 +01:00
|
|
|
if (!sl)
|
2005-01-12 05:58:23 +01:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
SMARTLIST_FOREACH(sl, const char *, cp,
|
|
|
|
{
|
|
|
|
i = atoi(cp);
|
|
|
|
if (i < 1 || i > 65535) {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg, "Port '%s' out of range in %s", cp, name);
|
2006-03-26 08:51:26 +02:00
|
|
|
return -1;
|
2005-01-12 05:58:23 +01:00
|
|
|
}
|
|
|
|
});
|
2006-03-26 08:51:26 +02:00
|
|
|
return 0;
|
2005-01-12 05:58:23 +01:00
|
|
|
}
|
|
|
|
|
2007-05-04 11:20:13 +02:00
|
|
|
/** If <b>value</b> exceeds ROUTER_MAX_DECLARED_BANDWIDTH, write
|
|
|
|
* a complaint into *<b>msg</b> using string <b>desc</b>, and return -1.
|
|
|
|
* Else return 0.
|
|
|
|
*/
|
|
|
|
static int
|
2007-05-30 09:18:00 +02:00
|
|
|
ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg)
|
2007-05-04 11:20:13 +02:00
|
|
|
{
|
2007-05-31 20:48:31 +02:00
|
|
|
if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
|
2007-05-30 09:18:00 +02:00
|
|
|
/* This handles an understandable special case where somebody says "2gb"
|
|
|
|
* whereas our actual maximum is 2gb-1 (INT_MAX) */
|
|
|
|
--*value;
|
|
|
|
}
|
|
|
|
if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg, "%s ("U64_FORMAT") must be at most %d",
|
|
|
|
desc, U64_PRINTF_ARG(*value),
|
|
|
|
ROUTER_MAX_DECLARED_BANDWIDTH);
|
2007-05-04 11:20:13 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2007-12-22 10:04:46 +01:00
|
|
|
/** Parse an authority type from <b>options</b>-\>PublishServerDescriptor
|
2012-10-12 18:22:13 +02:00
|
|
|
* and write it to <b>options</b>-\>PublishServerDescriptor_. Treat "1"
|
2014-01-30 12:48:49 +01:00
|
|
|
* as "v3" unless BridgeRelay is 1, in which case treat it as "bridge".
|
2007-12-22 10:04:46 +01:00
|
|
|
* Treat "0" as "".
|
2007-10-16 05:26:39 +02:00
|
|
|
* Return 0 on success or -1 if not a recognized authority type (in which
|
2012-10-12 18:22:13 +02:00
|
|
|
* case the value of PublishServerDescriptor_ is undefined). */
|
2007-05-08 11:09:26 +02:00
|
|
|
static int
|
2007-12-22 10:04:46 +01:00
|
|
|
compute_publishserverdescriptor(or_options_t *options)
|
2007-05-08 11:09:26 +02:00
|
|
|
{
|
2007-12-22 10:04:46 +01:00
|
|
|
smartlist_t *list = options->PublishServerDescriptor;
|
2012-10-12 18:22:13 +02:00
|
|
|
dirinfo_type_t *auth = &options->PublishServerDescriptor_;
|
2010-11-08 20:35:02 +01:00
|
|
|
*auth = NO_DIRINFO;
|
2007-07-30 10:42:47 +02:00
|
|
|
if (!list) /* empty list, answer is none */
|
|
|
|
return 0;
|
2012-07-17 15:33:38 +02:00
|
|
|
SMARTLIST_FOREACH_BEGIN(list, const char *, string) {
|
2007-05-09 06:15:46 +02:00
|
|
|
if (!strcasecmp(string, "v1"))
|
2014-03-17 17:38:22 +01:00
|
|
|
log_warn(LD_CONFIG, "PublishServerDescriptor v1 has no effect, because "
|
|
|
|
"there are no v1 directory authorities anymore.");
|
2007-12-22 10:04:46 +01:00
|
|
|
else if (!strcmp(string, "1"))
|
|
|
|
if (options->BridgeRelay)
|
2010-11-08 20:35:02 +01:00
|
|
|
*auth |= BRIDGE_DIRINFO;
|
2007-12-22 10:04:46 +01:00
|
|
|
else
|
2014-01-29 21:17:05 +01:00
|
|
|
*auth |= V3_DIRINFO;
|
2007-05-09 06:15:46 +02:00
|
|
|
else if (!strcasecmp(string, "v2"))
|
2014-03-17 17:38:22 +01:00
|
|
|
log_warn(LD_CONFIG, "PublishServerDescriptor v2 has no effect, because "
|
|
|
|
"there are no v2 directory authorities anymore.");
|
2007-05-22 19:58:25 +02:00
|
|
|
else if (!strcasecmp(string, "v3"))
|
2010-11-08 20:35:02 +01:00
|
|
|
*auth |= V3_DIRINFO;
|
2007-05-09 06:15:46 +02:00
|
|
|
else if (!strcasecmp(string, "bridge"))
|
2010-11-08 20:35:02 +01:00
|
|
|
*auth |= BRIDGE_DIRINFO;
|
2007-05-09 06:15:46 +02:00
|
|
|
else if (!strcasecmp(string, "hidserv"))
|
2011-01-18 12:54:56 +01:00
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"PublishServerDescriptor hidserv is invalid. See "
|
|
|
|
"PublishHidServDescriptors.");
|
2007-12-22 10:04:46 +01:00
|
|
|
else if (!strcasecmp(string, "") || !strcmp(string, "0"))
|
2007-05-09 06:15:46 +02:00
|
|
|
/* no authority */;
|
|
|
|
else
|
2007-10-16 05:26:39 +02:00
|
|
|
return -1;
|
2012-07-17 15:33:38 +02:00
|
|
|
} SMARTLIST_FOREACH_END(string);
|
2007-05-08 11:09:26 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-03-12 23:48:18 +01:00
|
|
|
/** Lowest allowable value for RendPostPeriod; if this is too low, hidden
|
|
|
|
* services can overload the directory system. */
|
2007-03-01 01:41:28 +01:00
|
|
|
#define MIN_REND_POST_PERIOD (10*60)
|
2015-01-05 02:10:53 +01:00
|
|
|
#define MIN_REND_POST_PERIOD_TESTING (5)
|
2006-03-12 23:48:18 +01:00
|
|
|
|
2014-03-05 20:35:07 +01:00
|
|
|
/** Higest allowable value for PredictedPortsRelevanceTime; if this is
|
2013-09-25 01:45:00 +02:00
|
|
|
* too high, our selection of exits will decrease for an extended
|
|
|
|
* period of time to an uncomfortable level .*/
|
2014-03-05 20:25:38 +01:00
|
|
|
#define MAX_PREDICTED_CIRCS_RELEVANCE (60*60)
|
2013-09-25 01:45:00 +02:00
|
|
|
|
2006-12-15 22:27:19 +01:00
|
|
|
/** Highest allowable value for RendPostPeriod. */
|
2006-03-12 23:48:18 +01:00
|
|
|
#define MAX_DIR_PERIOD (MIN_ONION_KEY_LIFETIME/2)
|
|
|
|
|
2008-12-17 23:32:17 +01:00
|
|
|
/** Lowest allowable value for MaxCircuitDirtiness; if this is too low, Tor
|
|
|
|
* will generate too many circuits and potentially overload the network. */
|
|
|
|
#define MIN_MAX_CIRCUIT_DIRTINESS 10
|
|
|
|
|
2013-08-21 17:35:00 +02:00
|
|
|
/** Highest allowable value for MaxCircuitDirtiness: prevents time_t
|
|
|
|
* overflows. */
|
|
|
|
#define MAX_MAX_CIRCUIT_DIRTINESS (30*24*60*60)
|
|
|
|
|
2009-11-22 13:15:30 +01:00
|
|
|
/** Lowest allowable value for CircuitStreamTimeout; if this is too low, Tor
|
|
|
|
* will generate too many circuits and potentially overload the network. */
|
|
|
|
#define MIN_CIRCUIT_STREAM_TIMEOUT 10
|
|
|
|
|
2010-12-01 02:24:03 +01:00
|
|
|
/** Lowest allowable value for HeartbeatPeriod; if this is too low, we might
|
|
|
|
* expose more information than we're comfortable with. */
|
|
|
|
#define MIN_HEARTBEAT_PERIOD (30*60)
|
|
|
|
|
2012-06-09 08:44:06 +02:00
|
|
|
/** Lowest recommended value for CircuitBuildTimeout; if it is set too low
|
|
|
|
* and LearnCircuitBuildTimeout is off, the failure rate for circuit
|
|
|
|
* construction may be very high. In that case, if it is set below this
|
|
|
|
* threshold emit a warning.
|
|
|
|
* */
|
|
|
|
#define RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT (10)
|
|
|
|
|
2013-09-02 21:00:09 +02:00
|
|
|
static int
|
|
|
|
options_validate_cb(void *old_options, void *options, void *default_options,
|
|
|
|
int from_setconf, char **msg)
|
|
|
|
{
|
|
|
|
return options_validate(old_options, options, default_options,
|
|
|
|
from_setconf, msg);
|
|
|
|
}
|
|
|
|
|
2013-05-25 07:33:37 +02:00
|
|
|
/** Return 0 if every setting in <b>options</b> is reasonable, is a
|
|
|
|
* permissible transition from <b>old_options</b>, and none of the
|
|
|
|
* testing-only settings differ from <b>default_options</b> unless in
|
|
|
|
* testing mode. Else return -1. Should have no side effects, except for
|
|
|
|
* normalizing the contents of <b>options</b>.
|
2006-01-10 21:27:47 +01:00
|
|
|
*
|
2006-03-26 08:51:26 +02:00
|
|
|
* On error, tor_strdup an error explanation into *<b>msg</b>.
|
|
|
|
*
|
2006-01-10 21:27:47 +01:00
|
|
|
* XXX
|
|
|
|
* If <b>from_setconf</b>, we were called by the controller, and our
|
|
|
|
* Log line should stay empty. If it's 0, then give us a default log
|
|
|
|
* if there are no logs defined.
|
2005-12-08 19:56:32 +01:00
|
|
|
*/
|
2013-07-18 20:38:31 +02:00
|
|
|
STATIC int
|
2006-01-10 21:27:47 +01:00
|
|
|
options_validate(or_options_t *old_options, or_options_t *options,
|
2013-05-16 12:08:48 +02:00
|
|
|
or_options_t *default_options, int from_setconf, char **msg)
|
2004-11-04 11:23:30 +01:00
|
|
|
{
|
2010-03-01 03:46:50 +01:00
|
|
|
int i;
|
2005-07-22 23:12:10 +02:00
|
|
|
config_line_t *cl;
|
2007-01-03 11:30:26 +01:00
|
|
|
const char *uname = get_uname();
|
2011-11-08 22:10:38 +01:00
|
|
|
int n_ports=0;
|
2005-12-14 21:40:40 +01:00
|
|
|
#define REJECT(arg) \
|
2007-06-17 20:22:39 +02:00
|
|
|
STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
|
2013-02-01 21:43:37 +01:00
|
|
|
#define COMPLAIN(arg) STMT_BEGIN log_warn(LD_CONFIG, arg); STMT_END
|
2004-02-29 00:30:41 +01:00
|
|
|
|
2006-03-26 08:51:26 +02:00
|
|
|
tor_assert(msg);
|
|
|
|
*msg = NULL;
|
|
|
|
|
2006-02-11 22:26:40 +01:00
|
|
|
if (server_mode(options) &&
|
|
|
|
(!strcmpstart(uname, "Windows 95") ||
|
|
|
|
!strcmpstart(uname, "Windows 98") ||
|
|
|
|
!strcmpstart(uname, "Windows Me"))) {
|
2013-02-01 21:43:37 +01:00
|
|
|
log_warn(LD_CONFIG, "Tor is running as a server, but you are "
|
2006-02-12 23:28:30 +01:00
|
|
|
"running %s; this probably won't work. See "
|
2014-03-06 15:57:42 +01:00
|
|
|
"https://www.torproject.org/docs/faq.html#BestOSForRelay "
|
2007-01-03 11:30:26 +01:00
|
|
|
"for details.", uname);
|
2006-02-11 22:26:40 +01:00
|
|
|
}
|
|
|
|
|
2011-11-08 22:10:38 +01:00
|
|
|
if (parse_ports(options, 1, msg, &n_ports) < 0)
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
return -1;
|
2005-12-08 19:56:32 +01:00
|
|
|
|
2012-09-20 17:09:25 +02:00
|
|
|
if (parse_outbound_addresses(options, 1, msg) < 0)
|
|
|
|
return -1;
|
|
|
|
|
2005-10-25 09:05:03 +02:00
|
|
|
if (validate_data_directory(options)<0)
|
|
|
|
REJECT("Invalid DataDirectory");
|
2004-11-09 06:26:49 +01:00
|
|
|
|
2004-07-18 23:47:04 +02:00
|
|
|
if (options->Nickname == NULL) {
|
2004-11-06 06:18:11 +01:00
|
|
|
if (server_mode(options)) {
|
2006-09-29 06:51:28 +02:00
|
|
|
options->Nickname = tor_strdup(UNNAMED_ROUTER_NICKNAME);
|
2004-08-04 04:15:22 +02:00
|
|
|
}
|
2004-07-18 23:47:04 +02:00
|
|
|
} else {
|
2005-08-15 10:51:20 +02:00
|
|
|
if (!is_legal_nickname(options->Nickname)) {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg,
|
2005-12-14 21:40:40 +01:00
|
|
|
"Nickname '%s' is wrong length or contains illegal characters.",
|
|
|
|
options->Nickname);
|
2006-03-26 08:51:26 +02:00
|
|
|
return -1;
|
2004-03-20 21:28:53 +01:00
|
|
|
}
|
2002-11-23 07:49:01 +01:00
|
|
|
}
|
|
|
|
|
2005-05-04 22:45:38 +02:00
|
|
|
if (server_mode(options) && !options->ContactInfo)
|
2013-02-01 21:43:37 +01:00
|
|
|
log_notice(LD_CONFIG, "Your ContactInfo config option is not set. "
|
2005-12-09 06:37:26 +01:00
|
|
|
"Please consider setting it, so we can contact you if your server is "
|
|
|
|
"misconfigured or something else goes wrong.");
|
2005-05-04 22:45:38 +02:00
|
|
|
|
2005-12-11 11:01:21 +01:00
|
|
|
/* Special case on first boot if no Log options are given. */
|
2011-08-04 20:23:51 +02:00
|
|
|
if (!options->Logs && !options->RunAsDaemon && !from_setconf) {
|
|
|
|
if (quiet_level == 0)
|
|
|
|
config_line_append(&options->Logs, "Log", "notice stdout");
|
|
|
|
else if (quiet_level == 1)
|
|
|
|
config_line_append(&options->Logs, "Log", "warn stdout");
|
|
|
|
}
|
2004-11-09 00:12:40 +01:00
|
|
|
|
2014-03-23 17:24:26 +01:00
|
|
|
/* Validate the tor_log(s) */
|
|
|
|
if (options_init_logs(old_options, options, 1)<0)
|
2006-03-26 08:51:26 +02:00
|
|
|
REJECT("Failed to validate Log options. See logs for details.");
|
2004-11-10 04:40:30 +01:00
|
|
|
|
2006-07-17 08:35:06 +02:00
|
|
|
if (authdir_mode(options)) {
|
2004-08-16 13:43:18 +02:00
|
|
|
/* confirm that our address isn't broken, so we can complain now */
|
|
|
|
uint32_t tmp;
|
2013-02-12 10:25:42 +01:00
|
|
|
if (resolve_my_address(LOG_WARN, options, &tmp, NULL, NULL) < 0)
|
2006-03-26 08:51:26 +02:00
|
|
|
REJECT("Failed to resolve/guess local address. See logs for details.");
|
2004-03-04 02:53:56 +01:00
|
|
|
}
|
|
|
|
|
2014-07-22 06:16:58 +02:00
|
|
|
if (server_mode(options) && options->RendConfigLines)
|
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"Tor is currently configured as a relay and a hidden service. "
|
|
|
|
"That's not very secure: you should probably run your hidden service "
|
|
|
|
"in a separate Tor process, at least -- see "
|
|
|
|
"https://trac.torproject.org/8742");
|
|
|
|
|
2011-11-08 22:10:38 +01:00
|
|
|
/* XXXX require that the only port not be DirPort? */
|
|
|
|
/* XXXX require that at least one port be listened-upon. */
|
|
|
|
if (n_ports == 0 && !options->RendConfigLines)
|
2013-02-01 21:43:37 +01:00
|
|
|
log_warn(LD_CONFIG,
|
2010-10-30 06:08:47 +02:00
|
|
|
"SocksPort, TransPort, NATDPort, DNSPort, and ORPort are all "
|
2008-01-06 02:14:11 +01:00
|
|
|
"undefined, and there aren't any hidden services configured. "
|
|
|
|
"Tor will still run, but probably won't do anything.");
|
2003-11-10 09:06:55 +01:00
|
|
|
|
2014-02-03 19:56:19 +01:00
|
|
|
options->TransProxyType_parsed = TPT_DEFAULT;
|
2014-01-31 18:59:35 +01:00
|
|
|
#ifdef USE_TRANSPARENT
|
2014-02-03 19:56:19 +01:00
|
|
|
if (options->TransProxyType) {
|
|
|
|
if (!strcasecmp(options->TransProxyType, "default")) {
|
|
|
|
options->TransProxyType_parsed = TPT_DEFAULT;
|
2014-02-10 11:23:51 +01:00
|
|
|
} else if (!strcasecmp(options->TransProxyType, "pf-divert")) {
|
2014-12-20 12:27:21 +01:00
|
|
|
#if !defined(__OpenBSD__) && !defined( DARWIN )
|
|
|
|
/* Later versions of OS X have pf */
|
|
|
|
REJECT("pf-divert is a OpenBSD-specific "
|
|
|
|
"and OS X/Darwin-specific feature.");
|
2014-02-10 11:23:51 +01:00
|
|
|
#else
|
|
|
|
options->TransProxyType_parsed = TPT_PF_DIVERT;
|
|
|
|
#endif
|
2014-02-03 19:56:19 +01:00
|
|
|
} else if (!strcasecmp(options->TransProxyType, "tproxy")) {
|
2014-12-20 12:27:21 +01:00
|
|
|
#if !defined(__linux__)
|
2014-02-03 19:56:19 +01:00
|
|
|
REJECT("TPROXY is a Linux-specific feature.");
|
|
|
|
#else
|
|
|
|
options->TransProxyType_parsed = TPT_TPROXY;
|
2014-02-03 20:09:07 +01:00
|
|
|
#endif
|
|
|
|
} else if (!strcasecmp(options->TransProxyType, "ipfw")) {
|
2014-12-20 12:27:21 +01:00
|
|
|
#if !defined(__FreeBSD__) && !defined( DARWIN )
|
|
|
|
/* Earlier versions of OS X have ipfw */
|
|
|
|
REJECT("ipfw is a FreeBSD-specific"
|
|
|
|
"and OS X/Darwin-specific feature.");
|
2014-02-03 20:09:07 +01:00
|
|
|
#else
|
|
|
|
options->TransProxyType_parsed = TPT_IPFW;
|
2014-01-31 18:59:35 +01:00
|
|
|
#endif
|
2014-02-03 19:56:19 +01:00
|
|
|
} else {
|
|
|
|
REJECT("Unrecognized value for TransProxyType");
|
|
|
|
}
|
|
|
|
|
|
|
|
if (strcasecmp(options->TransProxyType, "default") &&
|
|
|
|
!options->TransPort_set) {
|
|
|
|
REJECT("Cannot use TransProxyType without any valid TransPort or "
|
2014-01-31 18:59:35 +01:00
|
|
|
"TransListenAddress.");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#else
|
2014-02-03 19:56:19 +01:00
|
|
|
if (options->TransPort_set)
|
|
|
|
REJECT("TransPort and TransListenAddress are disabled "
|
2014-01-31 18:59:35 +01:00
|
|
|
"in this build.");
|
2006-08-10 11:01:37 +02:00
|
|
|
#endif
|
|
|
|
|
2011-09-08 03:02:49 +02:00
|
|
|
if (options->TokenBucketRefillInterval <= 0
|
|
|
|
|| options->TokenBucketRefillInterval > 1000) {
|
|
|
|
REJECT("TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
|
|
|
|
}
|
|
|
|
|
2008-07-18 20:36:32 +02:00
|
|
|
if (options->ExcludeExitNodes || options->ExcludeNodes) {
|
2012-10-12 18:22:13 +02:00
|
|
|
options->ExcludeExitNodesUnion_ = routerset_new();
|
|
|
|
routerset_union(options->ExcludeExitNodesUnion_,options->ExcludeExitNodes);
|
|
|
|
routerset_union(options->ExcludeExitNodesUnion_,options->ExcludeNodes);
|
2008-07-18 20:36:32 +02:00
|
|
|
}
|
|
|
|
|
2014-11-28 04:51:13 +01:00
|
|
|
if (options->SchedulerLowWaterMark__ == 0 ||
|
|
|
|
options->SchedulerLowWaterMark__ > UINT32_MAX) {
|
|
|
|
log_warn(LD_GENERAL, "Bad SchedulerLowWaterMark__ option");
|
|
|
|
return -1;
|
|
|
|
} else if (options->SchedulerHighWaterMark__ <=
|
|
|
|
options->SchedulerLowWaterMark__ ||
|
|
|
|
options->SchedulerHighWaterMark__ > UINT32_MAX) {
|
|
|
|
log_warn(LD_GENERAL, "Bad SchedulerHighWaterMark option");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2010-10-01 00:25:25 +02:00
|
|
|
if (options->NodeFamilies) {
|
2012-01-18 21:53:30 +01:00
|
|
|
options->NodeFamilySets = smartlist_new();
|
2010-10-01 00:25:25 +02:00
|
|
|
for (cl = options->NodeFamilies; cl; cl = cl->next) {
|
|
|
|
routerset_t *rs = routerset_new();
|
|
|
|
if (routerset_parse(rs, cl->value, cl->key) == 0) {
|
|
|
|
smartlist_add(options->NodeFamilySets, rs);
|
|
|
|
} else {
|
|
|
|
routerset_free(rs);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-12-26 02:04:54 +01:00
|
|
|
if (options->TLSECGroup && (strcasecmp(options->TLSECGroup, "P256") &&
|
|
|
|
strcasecmp(options->TLSECGroup, "P224"))) {
|
|
|
|
COMPLAIN("Unrecognized TLSECGroup: Falling back to the default.");
|
|
|
|
tor_free(options->TLSECGroup);
|
|
|
|
}
|
|
|
|
|
2009-09-18 04:45:54 +02:00
|
|
|
if (options->ExcludeNodes && options->StrictNodes) {
|
|
|
|
COMPLAIN("You have asked to exclude certain relays from all positions "
|
|
|
|
"in your circuits. Expect hidden services and other Tor "
|
|
|
|
"features to be broken in unpredictable ways.");
|
|
|
|
}
|
|
|
|
|
2005-08-25 22:33:17 +02:00
|
|
|
if (options->AuthoritativeDir) {
|
2009-04-10 09:02:19 +02:00
|
|
|
if (!options->ContactInfo && !options->TestingTorNetwork)
|
2005-10-25 09:05:03 +02:00
|
|
|
REJECT("Authoritative directory servers must set ContactInfo");
|
2005-08-25 22:33:17 +02:00
|
|
|
if (!options->RecommendedClientVersions)
|
|
|
|
options->RecommendedClientVersions =
|
|
|
|
config_lines_dup(options->RecommendedVersions);
|
|
|
|
if (!options->RecommendedServerVersions)
|
|
|
|
options->RecommendedServerVersions =
|
|
|
|
config_lines_dup(options->RecommendedVersions);
|
2006-03-18 00:25:40 +01:00
|
|
|
if (options->VersioningAuthoritativeDir &&
|
|
|
|
(!options->RecommendedClientVersions ||
|
|
|
|
!options->RecommendedServerVersions))
|
2009-05-28 17:54:56 +02:00
|
|
|
REJECT("Versioning authoritative dir servers must set "
|
|
|
|
"Recommended*Versions.");
|
2006-01-10 23:42:44 +01:00
|
|
|
if (options->UseEntryGuards) {
|
2006-03-18 00:19:51 +01:00
|
|
|
log_info(LD_CONFIG, "Authoritative directory servers can't set "
|
|
|
|
"UseEntryGuards. Disabling.");
|
2006-01-10 23:42:44 +01:00
|
|
|
options->UseEntryGuards = 0;
|
2006-01-02 09:40:58 +01:00
|
|
|
}
|
2007-12-21 07:33:02 +01:00
|
|
|
if (!options->DownloadExtraInfo && authdir_mode_any_main(options)) {
|
2007-05-18 23:19:19 +02:00
|
|
|
log_info(LD_CONFIG, "Authoritative directories always try to download "
|
|
|
|
"extra-info documents. Setting DownloadExtraInfo.");
|
|
|
|
options->DownloadExtraInfo = 1;
|
|
|
|
}
|
2014-02-11 04:41:52 +01:00
|
|
|
if (!(options->BridgeAuthoritativeDir ||
|
2007-08-14 22:19:46 +02:00
|
|
|
options->V3AuthoritativeDir))
|
|
|
|
REJECT("AuthoritativeDir is set, but none of "
|
2014-03-17 17:38:22 +01:00
|
|
|
"(Bridge/V3)AuthoritativeDir is set.");
|
2009-07-06 04:47:36 +02:00
|
|
|
/* If we have a v3bandwidthsfile and it's broken, complain on startup */
|
|
|
|
if (options->V3BandwidthsFile && !old_options) {
|
|
|
|
dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL);
|
|
|
|
}
|
2004-03-10 08:44:31 +01:00
|
|
|
}
|
|
|
|
|
2012-08-09 21:48:43 +02:00
|
|
|
if (options->AuthoritativeDir && !options->DirPort_set)
|
2005-10-25 09:05:03 +02:00
|
|
|
REJECT("Running as authoritative directory, but no DirPort set.");
|
2004-06-21 06:37:27 +02:00
|
|
|
|
2012-08-09 21:48:43 +02:00
|
|
|
if (options->AuthoritativeDir && !options->ORPort_set)
|
2005-10-25 09:05:03 +02:00
|
|
|
REJECT("Running as authoritative directory, but no ORPort set.");
|
2004-07-13 09:42:20 +02:00
|
|
|
|
2006-01-10 21:06:24 +01:00
|
|
|
if (options->AuthoritativeDir && options->ClientOnly)
|
2005-10-25 09:05:03 +02:00
|
|
|
REJECT("Running as authoritative directory, but ClientOnly also set.");
|
2004-07-13 09:42:20 +02:00
|
|
|
|
2009-07-12 03:43:33 +02:00
|
|
|
if (options->FetchDirInfoExtraEarly && !options->FetchDirInfoEarly)
|
|
|
|
REJECT("FetchDirInfoExtraEarly requires that you also set "
|
|
|
|
"FetchDirInfoEarly");
|
|
|
|
|
2005-03-14 04:28:46 +01:00
|
|
|
if (options->ConnLimit <= 0) {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg,
|
2005-12-14 21:40:40 +01:00
|
|
|
"ConnLimit must be greater than 0, but was set to %d",
|
2005-03-14 04:28:46 +01:00
|
|
|
options->ConnLimit);
|
2006-03-26 08:51:26 +02:00
|
|
|
return -1;
|
2005-03-14 04:28:46 +01:00
|
|
|
}
|
|
|
|
|
2013-01-29 17:05:13 +01:00
|
|
|
if (options->PathsNeededToBuildCircuits >= 0.0) {
|
|
|
|
if (options->PathsNeededToBuildCircuits < 0.25) {
|
|
|
|
log_warn(LD_CONFIG, "PathsNeededToBuildCircuits is too low. Increasing "
|
|
|
|
"to 0.25");
|
|
|
|
options->PathsNeededToBuildCircuits = 0.25;
|
2013-03-28 09:42:49 +01:00
|
|
|
} else if (options->PathsNeededToBuildCircuits > 0.95) {
|
2013-01-29 17:05:13 +01:00
|
|
|
log_warn(LD_CONFIG, "PathsNeededToBuildCircuits is too high. Decreasing "
|
|
|
|
"to 0.95");
|
|
|
|
options->PathsNeededToBuildCircuits = 0.95;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-07-07 20:54:54 +02:00
|
|
|
if (options->MaxClientCircuitsPending <= 0 ||
|
|
|
|
options->MaxClientCircuitsPending > MAX_MAX_CLIENT_CIRCUITS_PENDING) {
|
|
|
|
tor_asprintf(msg,
|
|
|
|
"MaxClientCircuitsPending must be between 1 and %d, but "
|
|
|
|
"was set to %d", MAX_MAX_CLIENT_CIRCUITS_PENDING,
|
|
|
|
options->MaxClientCircuitsPending);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2006-03-26 08:51:26 +02:00
|
|
|
if (validate_ports_csv(options->FirewallPorts, "FirewallPorts", msg) < 0)
|
|
|
|
return -1;
|
2005-01-12 05:58:23 +01:00
|
|
|
|
2006-03-26 08:51:26 +02:00
|
|
|
if (validate_ports_csv(options->LongLivedPorts, "LongLivedPorts", msg) < 0)
|
|
|
|
return -1;
|
2005-08-07 23:24:00 +02:00
|
|
|
|
2008-01-20 06:54:15 +01:00
|
|
|
if (validate_ports_csv(options->RejectPlaintextPorts,
|
|
|
|
"RejectPlaintextPorts", msg) < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (validate_ports_csv(options->WarnPlaintextPorts,
|
|
|
|
"WarnPlaintextPorts", msg) < 0)
|
|
|
|
return -1;
|
|
|
|
|
2005-12-11 10:18:25 +01:00
|
|
|
if (options->FascistFirewall && !options->ReachableAddresses) {
|
2006-07-08 19:38:46 +02:00
|
|
|
if (options->FirewallPorts && smartlist_len(options->FirewallPorts)) {
|
2006-02-13 22:17:20 +01:00
|
|
|
/* We already have firewall ports set, so migrate them to
|
2006-02-19 09:31:47 +01:00
|
|
|
* ReachableAddresses, which will set ReachableORAddresses and
|
|
|
|
* ReachableDirAddresses if they aren't set explicitly. */
|
2012-01-18 21:53:30 +01:00
|
|
|
smartlist_t *instead = smartlist_new();
|
2006-02-13 22:17:20 +01:00
|
|
|
config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
|
|
|
|
new_line->key = tor_strdup("ReachableAddresses");
|
|
|
|
/* If we're configured with the old format, we need to prepend some
|
|
|
|
* open ports. */
|
|
|
|
SMARTLIST_FOREACH(options->FirewallPorts, const char *, portno,
|
2005-08-08 23:58:48 +02:00
|
|
|
{
|
|
|
|
int p = atoi(portno);
|
|
|
|
if (p<0) continue;
|
2012-01-11 20:02:59 +01:00
|
|
|
smartlist_add_asprintf(instead, "*:%d", p);
|
2005-08-08 23:58:48 +02:00
|
|
|
});
|
2006-02-13 22:17:20 +01:00
|
|
|
new_line->value = smartlist_join_strings(instead,",",0,NULL);
|
|
|
|
/* These have been deprecated since 0.1.1.5-alpha-cvs */
|
2013-02-01 21:43:37 +01:00
|
|
|
log_notice(LD_CONFIG,
|
2006-02-19 09:31:47 +01:00
|
|
|
"Converting FascistFirewall and FirewallPorts "
|
2006-02-13 22:17:20 +01:00
|
|
|
"config options to new format: \"ReachableAddresses %s\"",
|
|
|
|
new_line->value);
|
|
|
|
options->ReachableAddresses = new_line;
|
|
|
|
SMARTLIST_FOREACH(instead, char *, cp, tor_free(cp));
|
|
|
|
smartlist_free(instead);
|
|
|
|
} else {
|
2006-02-19 09:31:47 +01:00
|
|
|
/* We do not have FirewallPorts set, so add 80 to
|
|
|
|
* ReachableDirAddresses, and 443 to ReachableORAddresses. */
|
2006-02-13 22:17:20 +01:00
|
|
|
if (!options->ReachableDirAddresses) {
|
|
|
|
config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
|
|
|
|
new_line->key = tor_strdup("ReachableDirAddresses");
|
|
|
|
new_line->value = tor_strdup("*:80");
|
|
|
|
options->ReachableDirAddresses = new_line;
|
2013-02-01 21:43:37 +01:00
|
|
|
log_notice(LD_CONFIG, "Converting FascistFirewall config option "
|
2006-02-13 22:17:20 +01:00
|
|
|
"to new format: \"ReachableDirAddresses *:80\"");
|
|
|
|
}
|
|
|
|
if (!options->ReachableORAddresses) {
|
|
|
|
config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
|
|
|
|
new_line->key = tor_strdup("ReachableORAddresses");
|
|
|
|
new_line->value = tor_strdup("*:443");
|
|
|
|
options->ReachableORAddresses = new_line;
|
2013-02-01 21:43:37 +01:00
|
|
|
log_notice(LD_CONFIG, "Converting FascistFirewall config option "
|
2006-02-13 22:17:20 +01:00
|
|
|
"to new format: \"ReachableORAddresses *:443\"");
|
|
|
|
}
|
|
|
|
}
|
2005-08-07 23:24:00 +02:00
|
|
|
}
|
|
|
|
|
2006-02-19 09:31:47 +01:00
|
|
|
for (i=0; i<3; i++) {
|
|
|
|
config_line_t **linep =
|
2006-02-13 22:17:20 +01:00
|
|
|
(i==0) ? &options->ReachableAddresses :
|
2006-02-19 09:31:47 +01:00
|
|
|
(i==1) ? &options->ReachableORAddresses :
|
|
|
|
&options->ReachableDirAddresses;
|
2006-02-13 22:17:20 +01:00
|
|
|
if (!*linep)
|
|
|
|
continue;
|
2005-08-08 23:58:48 +02:00
|
|
|
/* We need to end with a reject *:*, not an implicit accept *:* */
|
2005-12-14 21:40:40 +01:00
|
|
|
for (;;) {
|
2005-12-11 10:18:25 +01:00
|
|
|
if (!strcmp((*linep)->value, "reject *:*")) /* already there */
|
|
|
|
break;
|
2005-08-08 23:58:48 +02:00
|
|
|
linep = &((*linep)->next);
|
2005-12-11 10:18:25 +01:00
|
|
|
if (!*linep) {
|
|
|
|
*linep = tor_malloc_zero(sizeof(config_line_t));
|
2006-02-19 09:31:47 +01:00
|
|
|
(*linep)->key = tor_strdup(
|
|
|
|
(i==0) ? "ReachableAddresses" :
|
|
|
|
(i==1) ? "ReachableORAddresses" :
|
|
|
|
"ReachableDirAddresses");
|
2005-12-11 10:18:25 +01:00
|
|
|
(*linep)->value = tor_strdup("reject *:*");
|
|
|
|
break;
|
|
|
|
}
|
2005-08-08 23:58:48 +02:00
|
|
|
}
|
|
|
|
}
|
2005-01-12 05:58:23 +01:00
|
|
|
|
2006-02-13 22:17:20 +01:00
|
|
|
if ((options->ReachableAddresses ||
|
|
|
|
options->ReachableORAddresses ||
|
|
|
|
options->ReachableDirAddresses) &&
|
|
|
|
server_mode(options))
|
2006-01-10 21:06:24 +01:00
|
|
|
REJECT("Servers must be able to freely connect to the rest "
|
2006-02-13 22:17:20 +01:00
|
|
|
"of the Internet, so they must not set Reachable*Addresses "
|
2006-01-10 21:06:24 +01:00
|
|
|
"or FascistFirewall.");
|
|
|
|
|
2007-10-25 06:40:27 +02:00
|
|
|
if (options->UseBridges &&
|
|
|
|
server_mode(options))
|
|
|
|
REJECT("Servers must be able to freely connect to the rest "
|
|
|
|
"of the Internet, so they must not set UseBridges.");
|
|
|
|
|
2011-03-11 11:39:26 +01:00
|
|
|
/* If both of these are set, we'll end up with funny behavior where we
|
|
|
|
* demand enough entrynodes be up and running else we won't build
|
|
|
|
* circuits, yet we never actually use them. */
|
|
|
|
if (options->UseBridges && options->EntryNodes)
|
|
|
|
REJECT("You cannot set both UseBridges and EntryNodes.");
|
|
|
|
|
2013-03-15 15:42:17 +01:00
|
|
|
if (options->EntryNodes && !options->UseEntryGuards) {
|
|
|
|
REJECT("If EntryNodes is set, UseEntryGuards must be enabled.");
|
|
|
|
}
|
2011-12-22 16:31:52 +01:00
|
|
|
|
2014-04-03 18:06:44 +02:00
|
|
|
options->MaxMemInQueues =
|
|
|
|
compute_real_max_mem_in_queues(options->MaxMemInQueues_raw,
|
|
|
|
server_mode(options));
|
2014-11-17 17:43:50 +01:00
|
|
|
options->MaxMemInQueues_low_threshold = (options->MaxMemInQueues / 4) * 3;
|
2013-06-16 15:55:44 +02:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
options->AllowInvalid_ = 0;
|
2013-06-18 16:23:03 +02:00
|
|
|
|
2006-03-19 02:21:59 +01:00
|
|
|
if (options->AllowInvalidNodes) {
|
2012-07-17 15:33:38 +02:00
|
|
|
SMARTLIST_FOREACH_BEGIN(options->AllowInvalidNodes, const char *, cp) {
|
2004-10-14 04:47:09 +02:00
|
|
|
if (!strcasecmp(cp, "entry"))
|
2012-10-12 18:22:13 +02:00
|
|
|
options->AllowInvalid_ |= ALLOW_INVALID_ENTRY;
|
2004-10-14 04:47:09 +02:00
|
|
|
else if (!strcasecmp(cp, "exit"))
|
2012-10-12 18:22:13 +02:00
|
|
|
options->AllowInvalid_ |= ALLOW_INVALID_EXIT;
|
2004-10-14 04:47:09 +02:00
|
|
|
else if (!strcasecmp(cp, "middle"))
|
2012-10-12 18:22:13 +02:00
|
|
|
options->AllowInvalid_ |= ALLOW_INVALID_MIDDLE;
|
2004-10-14 04:47:09 +02:00
|
|
|
else if (!strcasecmp(cp, "introduction"))
|
2012-10-12 18:22:13 +02:00
|
|
|
options->AllowInvalid_ |= ALLOW_INVALID_INTRODUCTION;
|
2004-10-14 04:47:09 +02:00
|
|
|
else if (!strcasecmp(cp, "rendezvous"))
|
2012-10-12 18:22:13 +02:00
|
|
|
options->AllowInvalid_ |= ALLOW_INVALID_RENDEZVOUS;
|
2004-10-14 04:47:09 +02:00
|
|
|
else {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg,
|
2006-03-19 02:21:59 +01:00
|
|
|
"Unrecognized value '%s' in AllowInvalidNodes", cp);
|
2006-03-26 08:51:26 +02:00
|
|
|
return -1;
|
2004-10-14 04:47:09 +02:00
|
|
|
}
|
2012-07-17 15:33:38 +02:00
|
|
|
} SMARTLIST_FOREACH_END(cp);
|
2004-10-14 04:47:09 +02:00
|
|
|
}
|
|
|
|
|
2009-12-12 07:12:47 +01:00
|
|
|
if (!options->SafeLogging ||
|
|
|
|
!strcasecmp(options->SafeLogging, "0")) {
|
2012-10-12 18:22:13 +02:00
|
|
|
options->SafeLogging_ = SAFELOG_SCRUB_NONE;
|
2009-12-12 07:12:47 +01:00
|
|
|
} else if (!strcasecmp(options->SafeLogging, "relay")) {
|
2012-10-12 18:22:13 +02:00
|
|
|
options->SafeLogging_ = SAFELOG_SCRUB_RELAY;
|
2009-12-12 07:12:47 +01:00
|
|
|
} else if (!strcasecmp(options->SafeLogging, "1")) {
|
2012-10-12 18:22:13 +02:00
|
|
|
options->SafeLogging_ = SAFELOG_SCRUB_ALL;
|
2009-12-12 07:12:47 +01:00
|
|
|
} else {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg,
|
2009-09-28 15:08:32 +02:00
|
|
|
"Unrecognized value '%s' in SafeLogging",
|
2009-12-12 07:12:47 +01:00
|
|
|
escaped(options->SafeLogging));
|
2009-09-28 15:08:32 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2007-12-22 10:04:46 +01:00
|
|
|
if (compute_publishserverdescriptor(options) < 0) {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg, "Unrecognized value in PublishServerDescriptor");
|
2007-05-08 11:09:26 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2009-05-13 18:14:29 +02:00
|
|
|
if ((options->BridgeRelay
|
2012-10-12 18:22:13 +02:00
|
|
|
|| options->PublishServerDescriptor_ & BRIDGE_DIRINFO)
|
2014-03-17 17:38:22 +01:00
|
|
|
&& (options->PublishServerDescriptor_ & V3_DIRINFO)) {
|
2009-05-13 18:14:29 +02:00
|
|
|
REJECT("Bridges are not supposed to publish router descriptors to the "
|
|
|
|
"directory authorities. Please correct your "
|
|
|
|
"PublishServerDescriptor line.");
|
|
|
|
}
|
|
|
|
|
2012-08-09 21:48:43 +02:00
|
|
|
if (options->BridgeRelay && options->DirPort_set) {
|
2010-11-22 19:12:48 +01:00
|
|
|
log_warn(LD_CONFIG, "Can't set a DirPort on a bridge relay; disabling "
|
|
|
|
"DirPort");
|
2012-08-09 21:48:43 +02:00
|
|
|
config_free_lines(options->DirPort_lines);
|
|
|
|
options->DirPort_lines = NULL;
|
|
|
|
options->DirPort_set = 0;
|
2010-11-22 19:12:48 +01:00
|
|
|
}
|
|
|
|
|
2007-11-29 16:25:04 +01:00
|
|
|
if (options->MinUptimeHidServDirectoryV2 < 0) {
|
|
|
|
log_warn(LD_CONFIG, "MinUptimeHidServDirectoryV2 option must be at "
|
2007-10-29 20:10:42 +01:00
|
|
|
"least 0 seconds. Changing to 0.");
|
2007-11-29 16:25:04 +01:00
|
|
|
options->MinUptimeHidServDirectoryV2 = 0;
|
2007-10-29 20:10:42 +01:00
|
|
|
}
|
|
|
|
|
2015-01-05 02:10:53 +01:00
|
|
|
const int min_rendpostperiod =
|
|
|
|
options->TestingTorNetwork ?
|
|
|
|
MIN_REND_POST_PERIOD_TESTING : MIN_REND_POST_PERIOD;
|
|
|
|
if (options->RendPostPeriod < min_rendpostperiod) {
|
2009-11-22 13:15:30 +01:00
|
|
|
log_warn(LD_CONFIG, "RendPostPeriod option is too short; "
|
2015-01-05 02:10:53 +01:00
|
|
|
"raising to %d seconds.", min_rendpostperiod);
|
|
|
|
options->RendPostPeriod = min_rendpostperiod;;
|
2004-11-15 10:05:54 +01:00
|
|
|
}
|
2004-11-30 03:23:51 +01:00
|
|
|
|
|
|
|
if (options->RendPostPeriod > MAX_DIR_PERIOD) {
|
2009-11-22 13:15:30 +01:00
|
|
|
log_warn(LD_CONFIG, "RendPostPeriod is too large; clipping to %ds.",
|
|
|
|
MAX_DIR_PERIOD);
|
2004-11-30 03:23:51 +01:00
|
|
|
options->RendPostPeriod = MAX_DIR_PERIOD;
|
2004-04-25 00:17:50 +02:00
|
|
|
}
|
2002-11-23 07:49:01 +01:00
|
|
|
|
2014-03-05 20:35:07 +01:00
|
|
|
if (options->PredictedPortsRelevanceTime >
|
2013-09-25 01:45:00 +02:00
|
|
|
MAX_PREDICTED_CIRCS_RELEVANCE) {
|
2014-03-05 20:35:07 +01:00
|
|
|
log_warn(LD_CONFIG, "PredictedPortsRelevanceTime is too large; "
|
2013-09-25 01:45:00 +02:00
|
|
|
"clipping to %ds.", MAX_PREDICTED_CIRCS_RELEVANCE);
|
2014-03-05 20:35:07 +01:00
|
|
|
options->PredictedPortsRelevanceTime = MAX_PREDICTED_CIRCS_RELEVANCE;
|
2013-09-25 01:45:00 +02:00
|
|
|
}
|
|
|
|
|
2011-06-14 10:40:02 +02:00
|
|
|
if (options->Tor2webMode && options->LearnCircuitBuildTimeout) {
|
|
|
|
/* LearnCircuitBuildTimeout and Tor2webMode are incompatible in
|
|
|
|
* two ways:
|
|
|
|
*
|
|
|
|
* - LearnCircuitBuildTimeout results in a low CBT, which
|
|
|
|
* Tor2webMode's use of one-hop rendezvous circuits lowers
|
|
|
|
* much further, producing *far* too many timeouts.
|
|
|
|
*
|
|
|
|
* - The adaptive CBT code does not update its timeout estimate
|
|
|
|
* using build times for single-hop circuits.
|
|
|
|
*
|
|
|
|
* If we fix both of these issues someday, we should test
|
|
|
|
* Tor2webMode with LearnCircuitBuildTimeout on again. */
|
|
|
|
log_notice(LD_CONFIG,"Tor2webMode is enabled; turning "
|
|
|
|
"LearnCircuitBuildTimeout off.");
|
|
|
|
options->LearnCircuitBuildTimeout = 0;
|
|
|
|
}
|
|
|
|
|
2012-09-18 03:45:10 +02:00
|
|
|
if (options->Tor2webMode && options->UseEntryGuards) {
|
2012-09-18 22:38:01 +02:00
|
|
|
/* tor2web mode clients do not (and should not) use entry guards
|
|
|
|
* in any meaningful way. Further, tor2web mode causes the hidden
|
|
|
|
* service client code to do things which break the path bias
|
|
|
|
* detector, and it's far easier to turn off entry guards (and
|
|
|
|
* thus the path bias detector with it) than to figure out how to
|
|
|
|
* make a piece of code which cannot possibly help tor2web mode
|
|
|
|
* users compatible with tor2web mode.
|
2012-09-18 03:45:10 +02:00
|
|
|
*/
|
|
|
|
log_notice(LD_CONFIG,
|
|
|
|
"Tor2WebMode is enabled; disabling UseEntryGuards.");
|
|
|
|
options->UseEntryGuards = 0;
|
|
|
|
}
|
|
|
|
|
2012-09-18 22:50:00 +02:00
|
|
|
if (!(options->UseEntryGuards) &&
|
|
|
|
(options->RendConfigLines != NULL)) {
|
|
|
|
log_warn(LD_CONFIG,
|
2012-10-04 16:34:46 +02:00
|
|
|
"UseEntryGuards is disabled, but you have configured one or more "
|
|
|
|
"hidden services on this Tor instance. Your hidden services "
|
|
|
|
"will be very easy to locate using a well-known attack -- see "
|
|
|
|
"http://freehaven.net/anonbib/#hs-attack06 for details.");
|
2012-09-18 22:50:00 +02:00
|
|
|
}
|
|
|
|
|
2013-03-13 14:17:43 +01:00
|
|
|
if (!options->LearnCircuitBuildTimeout && options->CircuitBuildTimeout &&
|
|
|
|
options->CircuitBuildTimeout < RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT) {
|
2012-06-09 08:44:06 +02:00
|
|
|
log_warn(LD_CONFIG,
|
2013-03-13 14:17:43 +01:00
|
|
|
"CircuitBuildTimeout is shorter (%d seconds) than the recommended "
|
|
|
|
"minimum (%d seconds), and LearnCircuitBuildTimeout is disabled. "
|
2012-06-11 20:09:19 +02:00
|
|
|
"If tor isn't working, raise this value or enable "
|
|
|
|
"LearnCircuitBuildTimeout.",
|
2012-06-09 08:44:06 +02:00
|
|
|
options->CircuitBuildTimeout,
|
|
|
|
RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT );
|
2013-03-13 14:17:43 +01:00
|
|
|
} else if (!options->LearnCircuitBuildTimeout &&
|
|
|
|
!options->CircuitBuildTimeout) {
|
|
|
|
log_notice(LD_CONFIG, "You disabled LearnCircuitBuildTimeout, but didn't "
|
|
|
|
"a CircuitBuildTimeout. I'll pick a plausible default.");
|
2012-06-09 08:44:06 +02:00
|
|
|
}
|
|
|
|
|
2013-01-31 03:21:36 +01:00
|
|
|
if (options->PathBiasNoticeRate > 1.0) {
|
|
|
|
tor_asprintf(msg,
|
|
|
|
"PathBiasNoticeRate is too high. "
|
|
|
|
"It must be between 0 and 1.0");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (options->PathBiasWarnRate > 1.0) {
|
|
|
|
tor_asprintf(msg,
|
|
|
|
"PathBiasWarnRate is too high. "
|
|
|
|
"It must be between 0 and 1.0");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (options->PathBiasExtremeRate > 1.0) {
|
|
|
|
tor_asprintf(msg,
|
|
|
|
"PathBiasExtremeRate is too high. "
|
|
|
|
"It must be between 0 and 1.0");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (options->PathBiasNoticeUseRate > 1.0) {
|
|
|
|
tor_asprintf(msg,
|
|
|
|
"PathBiasNoticeUseRate is too high. "
|
|
|
|
"It must be between 0 and 1.0");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (options->PathBiasExtremeUseRate > 1.0) {
|
|
|
|
tor_asprintf(msg,
|
|
|
|
"PathBiasExtremeUseRate is too high. "
|
|
|
|
"It must be between 0 and 1.0");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2008-12-17 23:32:17 +01:00
|
|
|
if (options->MaxCircuitDirtiness < MIN_MAX_CIRCUIT_DIRTINESS) {
|
2009-11-22 13:15:30 +01:00
|
|
|
log_warn(LD_CONFIG, "MaxCircuitDirtiness option is too short; "
|
|
|
|
"raising to %d seconds.", MIN_MAX_CIRCUIT_DIRTINESS);
|
2008-12-17 23:32:17 +01:00
|
|
|
options->MaxCircuitDirtiness = MIN_MAX_CIRCUIT_DIRTINESS;
|
|
|
|
}
|
|
|
|
|
2013-08-21 17:35:00 +02:00
|
|
|
if (options->MaxCircuitDirtiness > MAX_MAX_CIRCUIT_DIRTINESS) {
|
|
|
|
log_warn(LD_CONFIG, "MaxCircuitDirtiness option is too high; "
|
|
|
|
"setting to %d days.", MAX_MAX_CIRCUIT_DIRTINESS/86400);
|
|
|
|
options->MaxCircuitDirtiness = MAX_MAX_CIRCUIT_DIRTINESS;
|
|
|
|
}
|
|
|
|
|
2009-11-22 13:15:30 +01:00
|
|
|
if (options->CircuitStreamTimeout &&
|
|
|
|
options->CircuitStreamTimeout < MIN_CIRCUIT_STREAM_TIMEOUT) {
|
|
|
|
log_warn(LD_CONFIG, "CircuitStreamTimeout option is too short; "
|
|
|
|
"raising to %d seconds.", MIN_CIRCUIT_STREAM_TIMEOUT);
|
|
|
|
options->CircuitStreamTimeout = MIN_CIRCUIT_STREAM_TIMEOUT;
|
|
|
|
}
|
2010-12-01 02:32:42 +01:00
|
|
|
|
2010-12-01 02:24:03 +01:00
|
|
|
if (options->HeartbeatPeriod &&
|
|
|
|
options->HeartbeatPeriod < MIN_HEARTBEAT_PERIOD) {
|
|
|
|
log_warn(LD_CONFIG, "HeartbeatPeriod option is too short; "
|
|
|
|
"raising to %d seconds.", MIN_HEARTBEAT_PERIOD);
|
|
|
|
options->HeartbeatPeriod = MIN_HEARTBEAT_PERIOD;
|
|
|
|
}
|
|
|
|
|
2005-10-25 09:05:03 +02:00
|
|
|
if (options->KeepalivePeriod < 1)
|
|
|
|
REJECT("KeepalivePeriod option must be positive.");
|
2002-11-23 07:49:01 +01:00
|
|
|
|
2014-05-20 18:21:31 +02:00
|
|
|
if (options->PortForwarding && options->Sandbox) {
|
|
|
|
REJECT("PortForwarding is not compatible with Sandbox; at most one can "
|
|
|
|
"be set");
|
|
|
|
}
|
|
|
|
|
2007-05-30 09:18:00 +02:00
|
|
|
if (ensure_bandwidth_cap(&options->BandwidthRate,
|
2007-05-04 11:20:13 +02:00
|
|
|
"BandwidthRate", msg) < 0)
|
2006-03-26 08:51:26 +02:00
|
|
|
return -1;
|
2007-05-30 09:18:00 +02:00
|
|
|
if (ensure_bandwidth_cap(&options->BandwidthBurst,
|
2007-05-04 11:20:13 +02:00
|
|
|
"BandwidthBurst", msg) < 0)
|
2006-03-26 08:51:26 +02:00
|
|
|
return -1;
|
2007-05-30 09:18:00 +02:00
|
|
|
if (ensure_bandwidth_cap(&options->MaxAdvertisedBandwidth,
|
2007-05-04 11:20:13 +02:00
|
|
|
"MaxAdvertisedBandwidth", msg) < 0)
|
|
|
|
return -1;
|
2007-05-30 09:18:00 +02:00
|
|
|
if (ensure_bandwidth_cap(&options->RelayBandwidthRate,
|
2007-05-04 11:20:13 +02:00
|
|
|
"RelayBandwidthRate", msg) < 0)
|
|
|
|
return -1;
|
2007-05-30 09:18:00 +02:00
|
|
|
if (ensure_bandwidth_cap(&options->RelayBandwidthBurst,
|
2007-05-04 11:20:13 +02:00
|
|
|
"RelayBandwidthBurst", msg) < 0)
|
|
|
|
return -1;
|
2010-02-25 12:25:57 +01:00
|
|
|
if (ensure_bandwidth_cap(&options->PerConnBWRate,
|
|
|
|
"PerConnBWRate", msg) < 0)
|
|
|
|
return -1;
|
|
|
|
if (ensure_bandwidth_cap(&options->PerConnBWBurst,
|
|
|
|
"PerConnBWBurst", msg) < 0)
|
|
|
|
return -1;
|
2011-11-17 02:55:33 +01:00
|
|
|
if (ensure_bandwidth_cap(&options->AuthDirFastGuarantee,
|
|
|
|
"AuthDirFastGuarantee", msg) < 0)
|
|
|
|
return -1;
|
|
|
|
if (ensure_bandwidth_cap(&options->AuthDirGuardBWGuarantee,
|
|
|
|
"AuthDirGuardBWGuarantee", msg) < 0)
|
|
|
|
return -1;
|
2007-05-04 11:20:13 +02:00
|
|
|
|
2011-02-08 05:22:45 +01:00
|
|
|
if (options->RelayBandwidthRate && !options->RelayBandwidthBurst)
|
|
|
|
options->RelayBandwidthBurst = options->RelayBandwidthRate;
|
|
|
|
if (options->RelayBandwidthBurst && !options->RelayBandwidthRate)
|
|
|
|
options->RelayBandwidthRate = options->RelayBandwidthBurst;
|
|
|
|
|
2007-02-25 20:43:23 +01:00
|
|
|
if (server_mode(options)) {
|
2009-04-12 09:56:58 +02:00
|
|
|
if (options->BandwidthRate < ROUTER_REQUIRED_MIN_BANDWIDTH) {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg,
|
2007-02-25 20:43:23 +01:00
|
|
|
"BandwidthRate is set to %d bytes/second. "
|
|
|
|
"For servers, it must be at least %d.",
|
|
|
|
(int)options->BandwidthRate,
|
2009-04-12 09:56:58 +02:00
|
|
|
ROUTER_REQUIRED_MIN_BANDWIDTH);
|
2007-02-25 20:43:23 +01:00
|
|
|
return -1;
|
|
|
|
} else if (options->MaxAdvertisedBandwidth <
|
2009-04-12 09:56:58 +02:00
|
|
|
ROUTER_REQUIRED_MIN_BANDWIDTH/2) {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg,
|
2007-02-25 20:43:23 +01:00
|
|
|
"MaxAdvertisedBandwidth is set to %d bytes/second. "
|
|
|
|
"For servers, it must be at least %d.",
|
|
|
|
(int)options->MaxAdvertisedBandwidth,
|
2009-04-12 09:56:58 +02:00
|
|
|
ROUTER_REQUIRED_MIN_BANDWIDTH/2);
|
2007-02-25 20:43:23 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2007-03-20 03:55:31 +01:00
|
|
|
if (options->RelayBandwidthRate &&
|
|
|
|
options->RelayBandwidthRate < ROUTER_REQUIRED_MIN_BANDWIDTH) {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg,
|
2007-03-20 03:55:31 +01:00
|
|
|
"RelayBandwidthRate is set to %d bytes/second. "
|
|
|
|
"For servers, it must be at least %d.",
|
|
|
|
(int)options->RelayBandwidthRate,
|
|
|
|
ROUTER_REQUIRED_MIN_BANDWIDTH);
|
|
|
|
return -1;
|
|
|
|
}
|
2005-01-18 20:34:22 +01:00
|
|
|
}
|
2007-02-25 20:43:23 +01:00
|
|
|
|
2007-11-17 03:22:56 +01:00
|
|
|
if (options->RelayBandwidthRate > options->RelayBandwidthBurst)
|
|
|
|
REJECT("RelayBandwidthBurst must be at least equal "
|
|
|
|
"to RelayBandwidthRate.");
|
|
|
|
|
2005-10-25 09:05:03 +02:00
|
|
|
if (options->BandwidthRate > options->BandwidthBurst)
|
|
|
|
REJECT("BandwidthBurst must be at least equal to BandwidthRate.");
|
2004-11-09 02:24:10 +01:00
|
|
|
|
2008-03-10 08:50:09 +01:00
|
|
|
/* if they set relaybandwidth* really high but left bandwidth*
|
|
|
|
* at the default, raise the defaults. */
|
|
|
|
if (options->RelayBandwidthRate > options->BandwidthRate)
|
|
|
|
options->BandwidthRate = options->RelayBandwidthRate;
|
|
|
|
if (options->RelayBandwidthBurst > options->BandwidthBurst)
|
|
|
|
options->BandwidthBurst = options->RelayBandwidthBurst;
|
|
|
|
|
2006-03-26 08:51:26 +02:00
|
|
|
if (accounting_parse_options(options, 1)<0)
|
|
|
|
REJECT("Failed to parse accounting options. See logs for details.");
|
2004-11-03 00:47:32 +01:00
|
|
|
|
2012-07-30 17:58:55 +02:00
|
|
|
if (options->AccountingMax) {
|
|
|
|
if (options->RendConfigLines && server_mode(options)) {
|
|
|
|
log_warn(LD_CONFIG, "Using accounting with a hidden service and an "
|
|
|
|
"ORPort is risky: your hidden service(s) and your public "
|
|
|
|
"address will all turn off at the same time, which may alert "
|
|
|
|
"observers that they are being run by the same party.");
|
|
|
|
} else if (config_count_key(options->RendConfigLines,
|
|
|
|
"HiddenServiceDir") > 1) {
|
|
|
|
log_warn(LD_CONFIG, "Using accounting with multiple hidden services is "
|
|
|
|
"risky: they will all turn off at the same time, which may "
|
|
|
|
"alert observers that they are being run by the same party.");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-09-23 14:46:35 +02:00
|
|
|
options->AccountingRule = ACCT_MAX;
|
|
|
|
if (options->AccountingRule_option) {
|
|
|
|
if (!strcmp(options->AccountingRule_option, "sum"))
|
|
|
|
options->AccountingRule = ACCT_SUM;
|
|
|
|
else if (!strcmp(options->AccountingRule_option, "max"))
|
|
|
|
options->AccountingRule = ACCT_MAX;
|
|
|
|
else
|
2014-09-23 14:34:22 +02:00
|
|
|
REJECT("AccountingRule must be 'sum' or 'max'");
|
2012-07-30 17:58:55 +02:00
|
|
|
}
|
|
|
|
|
2010-10-29 19:41:24 +02:00
|
|
|
if (options->HTTPProxy) { /* parse it now */
|
2011-10-11 17:21:31 +02:00
|
|
|
if (tor_addr_port_lookup(options->HTTPProxy,
|
2010-10-29 19:41:24 +02:00
|
|
|
&options->HTTPProxyAddr, &options->HTTPProxyPort) < 0)
|
|
|
|
REJECT("HTTPProxy failed to parse or resolve. Please fix.");
|
|
|
|
if (options->HTTPProxyPort == 0) { /* give it a default */
|
|
|
|
options->HTTPProxyPort = 80;
|
2004-10-12 22:22:09 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-10-29 19:41:24 +02:00
|
|
|
if (options->HTTPProxyAuthenticator) {
|
2011-05-16 22:09:35 +02:00
|
|
|
if (strlen(options->HTTPProxyAuthenticator) >= 512)
|
|
|
|
REJECT("HTTPProxyAuthenticator is too long (>= 512 chars).");
|
2005-05-20 10:51:45 +02:00
|
|
|
}
|
|
|
|
|
2010-10-29 19:41:24 +02:00
|
|
|
if (options->HTTPSProxy) { /* parse it now */
|
2011-10-11 17:21:31 +02:00
|
|
|
if (tor_addr_port_lookup(options->HTTPSProxy,
|
2010-10-29 19:41:24 +02:00
|
|
|
&options->HTTPSProxyAddr, &options->HTTPSProxyPort) <0)
|
|
|
|
REJECT("HTTPSProxy failed to parse or resolve. Please fix.");
|
|
|
|
if (options->HTTPSProxyPort == 0) { /* give it a default */
|
|
|
|
options->HTTPSProxyPort = 443;
|
2005-02-24 11:56:55 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-10-29 19:41:24 +02:00
|
|
|
if (options->HTTPSProxyAuthenticator) {
|
2011-05-16 22:09:35 +02:00
|
|
|
if (strlen(options->HTTPSProxyAuthenticator) >= 512)
|
|
|
|
REJECT("HTTPSProxyAuthenticator is too long (>= 512 chars).");
|
2005-04-26 20:33:33 +02:00
|
|
|
}
|
|
|
|
|
2009-06-19 01:59:18 +02:00
|
|
|
if (options->Socks4Proxy) { /* parse it now */
|
2011-10-11 17:21:31 +02:00
|
|
|
if (tor_addr_port_lookup(options->Socks4Proxy,
|
2009-06-19 01:59:18 +02:00
|
|
|
&options->Socks4ProxyAddr,
|
|
|
|
&options->Socks4ProxyPort) <0)
|
|
|
|
REJECT("Socks4Proxy failed to parse or resolve. Please fix.");
|
|
|
|
if (options->Socks4ProxyPort == 0) { /* give it a default */
|
|
|
|
options->Socks4ProxyPort = 1080;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (options->Socks5Proxy) { /* parse it now */
|
2011-10-11 17:21:31 +02:00
|
|
|
if (tor_addr_port_lookup(options->Socks5Proxy,
|
2009-06-19 18:48:00 +02:00
|
|
|
&options->Socks5ProxyAddr,
|
|
|
|
&options->Socks5ProxyPort) <0)
|
2009-06-19 01:59:18 +02:00
|
|
|
REJECT("Socks5Proxy failed to parse or resolve. Please fix.");
|
|
|
|
if (options->Socks5ProxyPort == 0) { /* give it a default */
|
|
|
|
options->Socks5ProxyPort = 1080;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-03-25 08:21:22 +01:00
|
|
|
/* Check if more than one exclusive proxy type has been enabled. */
|
2011-06-21 18:49:04 +02:00
|
|
|
if (!!options->Socks4Proxy + !!options->Socks5Proxy +
|
2014-03-25 08:21:22 +01:00
|
|
|
!!options->HTTPSProxy > 1)
|
2011-07-03 05:23:07 +02:00
|
|
|
REJECT("You have configured more than one proxy type. "
|
2014-03-25 08:21:22 +01:00
|
|
|
"(Socks4Proxy|Socks5Proxy|HTTPSProxy)");
|
2009-08-26 17:34:45 +02:00
|
|
|
|
2012-06-12 21:21:41 +02:00
|
|
|
/* Check if the proxies will give surprising behavior. */
|
|
|
|
if (options->HTTPProxy && !(options->Socks4Proxy ||
|
|
|
|
options->Socks5Proxy ||
|
|
|
|
options->HTTPSProxy)) {
|
|
|
|
log_warn(LD_CONFIG, "HTTPProxy configured, but no SOCKS proxy or "
|
|
|
|
"HTTPS proxy configured. Watch out: this configuration will "
|
|
|
|
"proxy unencrypted directory connections only.");
|
|
|
|
}
|
|
|
|
|
2009-06-19 01:59:18 +02:00
|
|
|
if (options->Socks5ProxyUsername) {
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
len = strlen(options->Socks5ProxyUsername);
|
2013-02-09 19:46:10 +01:00
|
|
|
if (len < 1 || len > MAX_SOCKS5_AUTH_FIELD_SIZE)
|
2009-06-19 01:59:18 +02:00
|
|
|
REJECT("Socks5ProxyUsername must be between 1 and 255 characters.");
|
|
|
|
|
|
|
|
if (!options->Socks5ProxyPassword)
|
|
|
|
REJECT("Socks5ProxyPassword must be included with Socks5ProxyUsername.");
|
|
|
|
|
|
|
|
len = strlen(options->Socks5ProxyPassword);
|
2013-02-09 19:46:10 +01:00
|
|
|
if (len < 1 || len > MAX_SOCKS5_AUTH_FIELD_SIZE)
|
2009-06-19 01:59:18 +02:00
|
|
|
REJECT("Socks5ProxyPassword must be between 1 and 255 characters.");
|
|
|
|
} else if (options->Socks5ProxyPassword)
|
|
|
|
REJECT("Socks5ProxyPassword must be included with Socks5ProxyUsername.");
|
|
|
|
|
2004-11-12 17:39:03 +01:00
|
|
|
if (options->HashedControlPassword) {
|
2007-12-09 05:59:27 +01:00
|
|
|
smartlist_t *sl = decode_hashed_passwords(options->HashedControlPassword);
|
|
|
|
if (!sl) {
|
2005-10-25 09:05:03 +02:00
|
|
|
REJECT("Bad HashedControlPassword: wrong length or bad encoding");
|
2007-12-09 05:59:27 +01:00
|
|
|
} else {
|
|
|
|
SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
|
|
|
|
smartlist_free(sl);
|
|
|
|
}
|
2004-11-13 18:17:04 +01:00
|
|
|
}
|
|
|
|
|
2008-02-17 19:45:07 +01:00
|
|
|
if (options->HashedControlSessionPassword) {
|
|
|
|
smartlist_t *sl = decode_hashed_passwords(
|
|
|
|
options->HashedControlSessionPassword);
|
|
|
|
if (!sl) {
|
|
|
|
REJECT("Bad HashedControlSessionPassword: wrong length or bad encoding");
|
|
|
|
} else {
|
|
|
|
SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
|
|
|
|
smartlist_free(sl);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-05-15 17:23:04 +02:00
|
|
|
if (options->OwningControllerProcess) {
|
|
|
|
const char *validate_pspec_msg = NULL;
|
|
|
|
if (tor_validate_process_specifier(options->OwningControllerProcess,
|
|
|
|
&validate_pspec_msg)) {
|
|
|
|
tor_asprintf(msg, "Bad OwningControllerProcess: %s",
|
|
|
|
validate_pspec_msg);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-08-09 21:48:43 +02:00
|
|
|
if (options->ControlPort_set && !options->HashedControlPassword &&
|
2008-02-17 19:45:07 +01:00
|
|
|
!options->HashedControlSessionPassword &&
|
2007-08-02 23:03:40 +02:00
|
|
|
!options->CookieAuthentication) {
|
|
|
|
log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
|
|
|
|
"has been configured. This means that any program on your "
|
|
|
|
"computer can reconfigure your Tor. That's bad! You should "
|
|
|
|
"upgrade your Tor controller as soon as possible.");
|
|
|
|
}
|
|
|
|
|
2010-08-20 02:42:17 +02:00
|
|
|
if (options->CookieAuthFileGroupReadable && !options->CookieAuthFile) {
|
2011-04-29 17:14:53 +02:00
|
|
|
log_warn(LD_CONFIG, "CookieAuthFileGroupReadable is set, but will have "
|
|
|
|
"no effect: you must specify an explicit CookieAuthFile to "
|
|
|
|
"have it group-readable.");
|
2010-08-20 02:42:17 +02:00
|
|
|
}
|
|
|
|
|
2012-05-24 18:39:26 +02:00
|
|
|
if (options->MyFamily && options->BridgeRelay) {
|
|
|
|
log_warn(LD_CONFIG, "Listing a family for a bridge relay is not "
|
|
|
|
"supported: it can reveal bridge fingerprints to censors. "
|
|
|
|
"You should also make sure you aren't listing this bridge's "
|
|
|
|
"fingerprint in any other MyFamily.");
|
|
|
|
}
|
2013-09-03 18:47:03 +02:00
|
|
|
if (check_nickname_list(&options->MyFamily, "MyFamily", msg))
|
2006-03-26 08:51:26 +02:00
|
|
|
return -1;
|
2004-10-15 22:52:09 +02:00
|
|
|
for (cl = options->NodeFamilies; cl; cl = cl->next) {
|
2010-10-01 00:25:25 +02:00
|
|
|
routerset_t *rs = routerset_new();
|
|
|
|
if (routerset_parse(rs, cl->value, cl->key)) {
|
|
|
|
routerset_free(rs);
|
2006-03-26 08:51:26 +02:00
|
|
|
return -1;
|
2010-10-01 00:25:25 +02:00
|
|
|
}
|
|
|
|
routerset_free(rs);
|
2004-10-15 22:52:09 +02:00
|
|
|
}
|
|
|
|
|
2006-03-27 04:25:34 +02:00
|
|
|
if (validate_addr_policies(options, msg) < 0)
|
|
|
|
return -1;
|
2004-11-12 20:39:13 +01:00
|
|
|
|
2012-09-11 00:13:28 +02:00
|
|
|
if (validate_dir_servers(options, old_options) < 0)
|
|
|
|
REJECT("Directory authority/fallback line did not parse. See logs "
|
|
|
|
"for details.");
|
2004-10-12 17:55:20 +02:00
|
|
|
|
2011-06-17 22:45:53 +02:00
|
|
|
if (options->UseBridges && !options->Bridges)
|
|
|
|
REJECT("If you set UseBridges, you must specify at least one bridge.");
|
2011-06-11 17:08:31 +02:00
|
|
|
|
2011-07-13 18:58:11 +02:00
|
|
|
for (cl = options->Bridges; cl; cl = cl->next) {
|
2013-02-11 14:43:20 +01:00
|
|
|
bridge_line_t *bridge_line = parse_bridge_line(cl->value);
|
|
|
|
if (!bridge_line)
|
|
|
|
REJECT("Bridge line did not parse. See logs for details.");
|
|
|
|
bridge_line_free(bridge_line);
|
2011-07-13 18:58:11 +02:00
|
|
|
}
|
|
|
|
|
2011-07-03 05:23:07 +02:00
|
|
|
for (cl = options->ClientTransportPlugin; cl; cl = cl->next) {
|
2014-07-29 04:32:23 +02:00
|
|
|
if (parse_transport_line(options, cl->value, 1, 0) < 0)
|
2014-05-20 18:21:31 +02:00
|
|
|
REJECT("Invalid client transport line. See logs for details.");
|
2011-06-11 17:08:31 +02:00
|
|
|
}
|
|
|
|
|
2011-07-13 18:58:11 +02:00
|
|
|
for (cl = options->ServerTransportPlugin; cl; cl = cl->next) {
|
2014-07-29 04:32:23 +02:00
|
|
|
if (parse_transport_line(options, cl->value, 1, 1) < 0)
|
2014-05-20 18:21:31 +02:00
|
|
|
REJECT("Invalid server transport line. See logs for details.");
|
2007-05-08 13:28:05 +02:00
|
|
|
}
|
|
|
|
|
2012-07-18 20:01:02 +02:00
|
|
|
if (options->ServerTransportPlugin && !server_mode(options)) {
|
|
|
|
log_notice(LD_GENERAL, "Tor is not configured as a relay but you specified"
|
|
|
|
" a ServerTransportPlugin line (%s). The ServerTransportPlugin "
|
|
|
|
"line will be ignored.",
|
2012-07-24 16:20:00 +02:00
|
|
|
escaped(options->ServerTransportPlugin->value));
|
2007-05-08 13:28:05 +02:00
|
|
|
}
|
|
|
|
|
2012-10-30 03:17:13 +01:00
|
|
|
for (cl = options->ServerTransportListenAddr; cl; cl = cl->next) {
|
|
|
|
/** If get_bindaddr_from_transport_listen_line() fails with
|
|
|
|
'transport' being NULL, it means that something went wrong
|
|
|
|
while parsing the ServerTransportListenAddr line. */
|
|
|
|
char *bindaddr = get_bindaddr_from_transport_listen_line(cl->value, NULL);
|
|
|
|
if (!bindaddr)
|
|
|
|
REJECT("ServerTransportListenAddr did not parse. See logs for details.");
|
|
|
|
tor_free(bindaddr);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (options->ServerTransportListenAddr && !options->ServerTransportPlugin) {
|
|
|
|
log_notice(LD_GENERAL, "You need at least a single managed-proxy to "
|
|
|
|
"specify a transport listen address. The "
|
|
|
|
"ServerTransportListenAddr line will be ignored.");
|
|
|
|
}
|
|
|
|
|
2013-06-12 14:28:31 +02:00
|
|
|
for (cl = options->ServerTransportOptions; cl; cl = cl->next) {
|
|
|
|
/** If get_options_from_transport_options_line() fails with
|
|
|
|
'transport' being NULL, it means that something went wrong
|
|
|
|
while parsing the ServerTransportOptions line. */
|
|
|
|
smartlist_t *options_sl =
|
|
|
|
get_options_from_transport_options_line(cl->value, NULL);
|
|
|
|
if (!options_sl)
|
|
|
|
REJECT("ServerTransportOptions did not parse. See logs for details.");
|
|
|
|
|
|
|
|
SMARTLIST_FOREACH(options_sl, char *, cp, tor_free(cp));
|
|
|
|
smartlist_free(options_sl);
|
|
|
|
}
|
|
|
|
|
2007-07-16 18:23:34 +02:00
|
|
|
if (options->ConstrainedSockets) {
|
|
|
|
/* If the user wants to constrain socket buffer use, make sure the desired
|
|
|
|
* limit is between MIN|MAX_TCPSOCK_BUFFER in k increments. */
|
2007-07-16 18:23:36 +02:00
|
|
|
if (options->ConstrainedSockSize < MIN_CONSTRAINED_TCP_BUFFER ||
|
|
|
|
options->ConstrainedSockSize > MAX_CONSTRAINED_TCP_BUFFER ||
|
|
|
|
options->ConstrainedSockSize % 1024) {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg,
|
2007-07-16 18:23:34 +02:00
|
|
|
"ConstrainedSockSize is invalid. Must be a value between %d and %d "
|
|
|
|
"in 1024 byte increments.",
|
2007-07-16 18:23:36 +02:00
|
|
|
MIN_CONSTRAINED_TCP_BUFFER, MAX_CONSTRAINED_TCP_BUFFER);
|
2007-07-16 18:23:34 +02:00
|
|
|
return -1;
|
|
|
|
}
|
2012-08-09 21:48:43 +02:00
|
|
|
if (options->DirPort_set) {
|
2007-07-16 18:23:34 +02:00
|
|
|
/* Providing cached directory entries while system TCP buffers are scarce
|
|
|
|
* will exacerbate the socket errors. Suggest that this be disabled. */
|
|
|
|
COMPLAIN("You have requested constrained socket buffers while also "
|
|
|
|
"serving directory entries via DirPort. It is strongly "
|
|
|
|
"suggested that you disable serving directory requests when "
|
|
|
|
"system TCP buffer resources are scarce.");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-08-14 22:19:40 +02:00
|
|
|
if (options->V3AuthVoteDelay + options->V3AuthDistDelay >=
|
|
|
|
options->V3AuthVotingInterval/2) {
|
2014-12-20 11:53:00 +01:00
|
|
|
/*
|
|
|
|
This doesn't work, but it seems like it should:
|
|
|
|
what code is preventing the interval being less than twice the lead-up?
|
|
|
|
if (options->TestingTorNetwork) {
|
|
|
|
if (options->V3AuthVoteDelay + options->V3AuthDistDelay >=
|
|
|
|
options->V3AuthVotingInterval) {
|
|
|
|
REJECT("V3AuthVoteDelay plus V3AuthDistDelay must be less than "
|
|
|
|
"V3AuthVotingInterval");
|
|
|
|
} else {
|
|
|
|
COMPLAIN("V3AuthVoteDelay plus V3AuthDistDelay is more than half "
|
|
|
|
"V3AuthVotingInterval. This may lead to "
|
|
|
|
"consensus instability, particularly if clocks drift.");
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
*/
|
|
|
|
REJECT("V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
|
|
|
|
"V3AuthVotingInterval");
|
|
|
|
/*
|
|
|
|
}
|
|
|
|
*/
|
|
|
|
}
|
|
|
|
|
|
|
|
if (options->V3AuthVoteDelay < MIN_VOTE_SECONDS) {
|
|
|
|
if (options->TestingTorNetwork) {
|
|
|
|
if (options->V3AuthVoteDelay < MIN_VOTE_SECONDS_TESTING) {
|
|
|
|
REJECT("V3AuthVoteDelay is way too low.");
|
|
|
|
} else {
|
|
|
|
COMPLAIN("V3AuthVoteDelay is very low. "
|
|
|
|
"This may lead to failure to vote for a consensus.");
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
REJECT("V3AuthVoteDelay is way too low.");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (options->V3AuthDistDelay < MIN_DIST_SECONDS) {
|
|
|
|
if (options->TestingTorNetwork) {
|
|
|
|
if (options->V3AuthDistDelay < MIN_DIST_SECONDS_TESTING) {
|
|
|
|
REJECT("V3AuthDistDelay is way too low.");
|
|
|
|
} else {
|
|
|
|
COMPLAIN("V3AuthDistDelay is very low. "
|
|
|
|
"This may lead to missing votes in a consensus.");
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
REJECT("V3AuthDistDelay is way too low.");
|
|
|
|
}
|
2007-08-14 22:19:40 +02:00
|
|
|
}
|
2007-08-15 17:38:58 +02:00
|
|
|
|
|
|
|
if (options->V3AuthNIntervalsValid < 2)
|
2007-08-14 22:19:40 +02:00
|
|
|
REJECT("V3AuthNIntervalsValid must be at least 2.");
|
|
|
|
|
2007-10-11 18:06:42 +02:00
|
|
|
if (options->V3AuthVotingInterval < MIN_VOTE_INTERVAL) {
|
2014-12-20 11:53:00 +01:00
|
|
|
if (options->TestingTorNetwork) {
|
|
|
|
if (options->V3AuthVotingInterval < MIN_VOTE_INTERVAL_TESTING) {
|
|
|
|
REJECT("V3AuthVotingInterval is insanely low.");
|
|
|
|
} else {
|
|
|
|
COMPLAIN("V3AuthVotingInterval is very low. "
|
|
|
|
"This may lead to failure to synchronise for a consensus.");
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
REJECT("V3AuthVotingInterval is insanely low.");
|
|
|
|
}
|
2007-08-14 22:19:40 +02:00
|
|
|
} else if (options->V3AuthVotingInterval > 24*60*60) {
|
|
|
|
REJECT("V3AuthVotingInterval is insanely high.");
|
|
|
|
} else if (((24*60*60) % options->V3AuthVotingInterval) != 0) {
|
|
|
|
COMPLAIN("V3AuthVotingInterval does not divide evenly into 24 hours.");
|
|
|
|
}
|
|
|
|
|
2004-11-09 00:12:40 +01:00
|
|
|
if (rend_config_services(options, 1) < 0)
|
2006-03-26 08:51:26 +02:00
|
|
|
REJECT("Failed to configure rendezvous options. See logs for details.");
|
2004-11-09 00:12:40 +01:00
|
|
|
|
2008-08-12 18:12:26 +02:00
|
|
|
/* Parse client-side authorization for hidden services. */
|
|
|
|
if (rend_parse_service_authorization(options, 1) < 0)
|
|
|
|
REJECT("Failed to configure client authorization for hidden services. "
|
|
|
|
"See logs for details.");
|
|
|
|
|
2012-11-23 23:31:53 +01:00
|
|
|
if (parse_virtual_addr_network(options->VirtualAddrNetworkIPv4,
|
|
|
|
AF_INET, 1, msg)<0)
|
|
|
|
return -1;
|
|
|
|
if (parse_virtual_addr_network(options->VirtualAddrNetworkIPv6,
|
|
|
|
AF_INET6, 1, msg)<0)
|
2006-04-18 05:36:28 +02:00
|
|
|
return -1;
|
|
|
|
|
2012-07-11 11:53:07 +02:00
|
|
|
if (options->TestingTorNetwork &&
|
2012-09-10 21:54:16 +02:00
|
|
|
!(options->DirAuthorities ||
|
2012-07-11 11:53:07 +02:00
|
|
|
(options->AlternateDirAuthority &&
|
|
|
|
options->AlternateBridgeAuthority))) {
|
2008-06-14 18:01:29 +02:00
|
|
|
REJECT("TestingTorNetwork may only be configured in combination with "
|
2013-11-10 18:22:34 +01:00
|
|
|
"a non-default set of DirAuthority or both of "
|
|
|
|
"AlternateDirAuthority and AlternateBridgeAuthority configured.");
|
2008-06-14 18:01:29 +02:00
|
|
|
}
|
|
|
|
|
2012-09-10 21:54:16 +02:00
|
|
|
if (options->AllowSingleHopExits && !options->DirAuthorities) {
|
2010-11-16 06:13:25 +01:00
|
|
|
COMPLAIN("You have set AllowSingleHopExits; now your relay will allow "
|
|
|
|
"others to make one-hop exits. However, since by default most "
|
|
|
|
"clients avoid relays that set this option, most clients will "
|
|
|
|
"ignore you.");
|
|
|
|
}
|
|
|
|
|
2013-05-28 22:13:06 +02:00
|
|
|
#define CHECK_DEFAULT(arg) \
|
|
|
|
STMT_BEGIN \
|
|
|
|
if (!options->TestingTorNetwork && \
|
|
|
|
!options->UsingTestNetworkDefaults_ && \
|
|
|
|
!config_is_same(&options_format,options, \
|
|
|
|
default_options,#arg)) { \
|
|
|
|
REJECT(#arg " may only be changed in testing Tor " \
|
|
|
|
"networks!"); \
|
|
|
|
} STMT_END
|
2013-05-24 09:48:15 +02:00
|
|
|
CHECK_DEFAULT(TestingV3AuthInitialVotingInterval);
|
|
|
|
CHECK_DEFAULT(TestingV3AuthInitialVoteDelay);
|
|
|
|
CHECK_DEFAULT(TestingV3AuthInitialDistDelay);
|
2013-06-05 15:48:57 +02:00
|
|
|
CHECK_DEFAULT(TestingV3AuthVotingStartOffset);
|
2013-05-24 09:48:15 +02:00
|
|
|
CHECK_DEFAULT(TestingAuthDirTimeToLearnReachability);
|
|
|
|
CHECK_DEFAULT(TestingEstimatedDescriptorPropagationTime);
|
|
|
|
CHECK_DEFAULT(TestingServerDownloadSchedule);
|
|
|
|
CHECK_DEFAULT(TestingClientDownloadSchedule);
|
|
|
|
CHECK_DEFAULT(TestingServerConsensusDownloadSchedule);
|
|
|
|
CHECK_DEFAULT(TestingClientConsensusDownloadSchedule);
|
|
|
|
CHECK_DEFAULT(TestingBridgeDownloadSchedule);
|
|
|
|
CHECK_DEFAULT(TestingClientMaxIntervalWithoutRequest);
|
|
|
|
CHECK_DEFAULT(TestingDirConnectionMaxStall);
|
|
|
|
CHECK_DEFAULT(TestingConsensusMaxDownloadTries);
|
|
|
|
CHECK_DEFAULT(TestingDescriptorMaxDownloadTries);
|
|
|
|
CHECK_DEFAULT(TestingMicrodescMaxDownloadTries);
|
|
|
|
CHECK_DEFAULT(TestingCertMaxDownloadTries);
|
|
|
|
#undef CHECK_DEFAULT
|
|
|
|
|
2014-12-20 11:53:00 +01:00
|
|
|
if (options->TestingV3AuthInitialVotingInterval
|
|
|
|
< MIN_VOTE_INTERVAL_TESTING_INITIAL) {
|
2008-06-20 19:03:13 +02:00
|
|
|
REJECT("TestingV3AuthInitialVotingInterval is insanely low.");
|
|
|
|
} else if (((30*60) % options->TestingV3AuthInitialVotingInterval) != 0) {
|
|
|
|
REJECT("TestingV3AuthInitialVotingInterval does not divide evenly into "
|
2008-06-14 18:01:29 +02:00
|
|
|
"30 minutes.");
|
|
|
|
}
|
|
|
|
|
2014-12-20 11:53:00 +01:00
|
|
|
if (options->TestingV3AuthInitialVoteDelay < MIN_VOTE_SECONDS_TESTING) {
|
2008-06-20 19:03:13 +02:00
|
|
|
REJECT("TestingV3AuthInitialVoteDelay is way too low.");
|
2008-06-14 18:01:29 +02:00
|
|
|
}
|
|
|
|
|
2014-12-20 11:53:00 +01:00
|
|
|
if (options->TestingV3AuthInitialDistDelay < MIN_DIST_SECONDS_TESTING) {
|
2008-06-20 19:03:13 +02:00
|
|
|
REJECT("TestingV3AuthInitialDistDelay is way too low.");
|
2008-06-14 18:01:29 +02:00
|
|
|
}
|
|
|
|
|
2008-06-20 19:03:13 +02:00
|
|
|
if (options->TestingV3AuthInitialVoteDelay +
|
|
|
|
options->TestingV3AuthInitialDistDelay >=
|
2014-12-20 11:53:00 +01:00
|
|
|
options->TestingV3AuthInitialVotingInterval) {
|
2008-06-20 19:03:13 +02:00
|
|
|
REJECT("TestingV3AuthInitialVoteDelay plus TestingV3AuthInitialDistDelay "
|
2014-12-20 11:53:00 +01:00
|
|
|
"must be less than TestingV3AuthInitialVotingInterval");
|
2008-06-14 18:01:29 +02:00
|
|
|
}
|
|
|
|
|
2013-06-05 15:48:57 +02:00
|
|
|
if (options->TestingV3AuthVotingStartOffset >
|
|
|
|
MIN(options->TestingV3AuthInitialVotingInterval,
|
|
|
|
options->V3AuthVotingInterval)) {
|
|
|
|
REJECT("TestingV3AuthVotingStartOffset is higher than the voting "
|
|
|
|
"interval.");
|
2014-12-20 11:53:00 +01:00
|
|
|
} else if (options->TestingV3AuthVotingStartOffset < 0) {
|
|
|
|
REJECT("TestingV3AuthVotingStartOffset must be non-negative.");
|
2013-06-05 15:48:57 +02:00
|
|
|
}
|
|
|
|
|
2013-05-24 09:48:15 +02:00
|
|
|
if (options->TestingAuthDirTimeToLearnReachability < 0) {
|
2008-06-20 19:03:13 +02:00
|
|
|
REJECT("TestingAuthDirTimeToLearnReachability must be non-negative.");
|
|
|
|
} else if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) {
|
|
|
|
COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high.");
|
2008-06-14 18:01:29 +02:00
|
|
|
}
|
|
|
|
|
2013-05-24 09:48:15 +02:00
|
|
|
if (options->TestingEstimatedDescriptorPropagationTime < 0) {
|
2008-06-20 19:03:13 +02:00
|
|
|
REJECT("TestingEstimatedDescriptorPropagationTime must be non-negative.");
|
|
|
|
} else if (options->TestingEstimatedDescriptorPropagationTime > 60*60) {
|
|
|
|
COMPLAIN("TestingEstimatedDescriptorPropagationTime is insanely high.");
|
2008-06-14 18:01:29 +02:00
|
|
|
}
|
|
|
|
|
2013-05-24 09:48:15 +02:00
|
|
|
if (options->TestingClientMaxIntervalWithoutRequest < 1) {
|
2013-05-16 12:08:48 +02:00
|
|
|
REJECT("TestingClientMaxIntervalWithoutRequest is way too low.");
|
|
|
|
} else if (options->TestingClientMaxIntervalWithoutRequest > 3600) {
|
|
|
|
COMPLAIN("TestingClientMaxIntervalWithoutRequest is insanely high.");
|
|
|
|
}
|
|
|
|
|
2013-05-24 09:48:15 +02:00
|
|
|
if (options->TestingDirConnectionMaxStall < 5) {
|
2013-05-16 12:08:48 +02:00
|
|
|
REJECT("TestingDirConnectionMaxStall is way too low.");
|
|
|
|
} else if (options->TestingDirConnectionMaxStall > 3600) {
|
|
|
|
COMPLAIN("TestingDirConnectionMaxStall is insanely high.");
|
|
|
|
}
|
|
|
|
|
2013-05-24 09:48:15 +02:00
|
|
|
if (options->TestingConsensusMaxDownloadTries < 2) {
|
2013-05-16 12:08:48 +02:00
|
|
|
REJECT("TestingConsensusMaxDownloadTries must be greater than 1.");
|
|
|
|
} else if (options->TestingConsensusMaxDownloadTries > 800) {
|
|
|
|
COMPLAIN("TestingConsensusMaxDownloadTries is insanely high.");
|
|
|
|
}
|
|
|
|
|
2013-05-24 09:48:15 +02:00
|
|
|
if (options->TestingDescriptorMaxDownloadTries < 2) {
|
2013-05-16 12:08:48 +02:00
|
|
|
REJECT("TestingDescriptorMaxDownloadTries must be greater than 1.");
|
|
|
|
} else if (options->TestingDescriptorMaxDownloadTries > 800) {
|
|
|
|
COMPLAIN("TestingDescriptorMaxDownloadTries is insanely high.");
|
|
|
|
}
|
|
|
|
|
2013-05-24 09:48:15 +02:00
|
|
|
if (options->TestingMicrodescMaxDownloadTries < 2) {
|
2013-05-16 12:08:48 +02:00
|
|
|
REJECT("TestingMicrodescMaxDownloadTries must be greater than 1.");
|
|
|
|
} else if (options->TestingMicrodescMaxDownloadTries > 800) {
|
|
|
|
COMPLAIN("TestingMicrodescMaxDownloadTries is insanely high.");
|
|
|
|
}
|
|
|
|
|
2013-05-24 09:48:15 +02:00
|
|
|
if (options->TestingCertMaxDownloadTries < 2) {
|
2013-05-16 12:08:48 +02:00
|
|
|
REJECT("TestingCertMaxDownloadTries must be greater than 1.");
|
|
|
|
} else if (options->TestingCertMaxDownloadTries > 800) {
|
|
|
|
COMPLAIN("TestingCertMaxDownloadTries is insanely high.");
|
|
|
|
}
|
|
|
|
|
2013-05-24 12:01:32 +02:00
|
|
|
if (options->TestingEnableConnBwEvent &&
|
|
|
|
!options->TestingTorNetwork && !options->UsingTestNetworkDefaults_) {
|
|
|
|
REJECT("TestingEnableConnBwEvent may only be changed in testing "
|
|
|
|
"Tor networks!");
|
|
|
|
}
|
|
|
|
|
2013-05-24 12:29:42 +02:00
|
|
|
if (options->TestingEnableCellStatsEvent &&
|
|
|
|
!options->TestingTorNetwork && !options->UsingTestNetworkDefaults_) {
|
|
|
|
REJECT("TestingEnableCellStatsEvent may only be changed in testing "
|
|
|
|
"Tor networks!");
|
|
|
|
}
|
|
|
|
|
2013-05-25 12:21:09 +02:00
|
|
|
if (options->TestingEnableTbEmptyEvent &&
|
|
|
|
!options->TestingTorNetwork && !options->UsingTestNetworkDefaults_) {
|
|
|
|
REJECT("TestingEnableTbEmptyEvent may only be changed in testing "
|
|
|
|
"Tor networks!");
|
|
|
|
}
|
|
|
|
|
2008-06-14 18:01:29 +02:00
|
|
|
if (options->TestingTorNetwork) {
|
|
|
|
log_warn(LD_CONFIG, "TestingTorNetwork is set. This will make your node "
|
|
|
|
"almost unusable in the public Tor network, and is "
|
|
|
|
"therefore only advised if you are building a "
|
|
|
|
"testing Tor network!");
|
|
|
|
}
|
|
|
|
|
2009-05-24 01:42:44 +02:00
|
|
|
if (options->AccelName && !options->HardwareAccel)
|
|
|
|
options->HardwareAccel = 1;
|
|
|
|
if (options->AccelDir && !options->AccelName)
|
|
|
|
REJECT("Can't use hardware crypto accelerator dir without engine name.");
|
|
|
|
|
2010-08-01 00:06:40 +02:00
|
|
|
if (options->PublishServerDescriptor)
|
|
|
|
SMARTLIST_FOREACH(options->PublishServerDescriptor, const char *, pubdes, {
|
|
|
|
if (!strcmp(pubdes, "1") || !strcmp(pubdes, "0"))
|
|
|
|
if (smartlist_len(options->PublishServerDescriptor) > 1) {
|
|
|
|
COMPLAIN("You have passed a list of multiple arguments to the "
|
|
|
|
"PublishServerDescriptor option that includes 0 or 1. "
|
|
|
|
"0 or 1 should only be used as the sole argument. "
|
|
|
|
"This configuration will be rejected in a future release.");
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
2012-08-09 21:48:43 +02:00
|
|
|
if (options->BridgeRelay == 1 && ! options->ORPort_set)
|
2011-11-08 22:10:38 +01:00
|
|
|
REJECT("BridgeRelay is 1, ORPort is not set. This is an invalid "
|
|
|
|
"combination.");
|
2010-08-01 01:42:29 +02:00
|
|
|
|
2006-03-26 08:51:26 +02:00
|
|
|
return 0;
|
2005-10-25 09:05:03 +02:00
|
|
|
#undef REJECT
|
|
|
|
#undef COMPLAIN
|
2004-11-04 11:23:30 +01:00
|
|
|
}
|
|
|
|
|
2014-04-03 18:06:44 +02:00
|
|
|
/* Given the value that the user has set for MaxMemInQueues, compute the
|
|
|
|
* actual maximum value. We clip this value if it's too low, and autodetect
|
|
|
|
* it if it's set to 0. */
|
|
|
|
static uint64_t
|
|
|
|
compute_real_max_mem_in_queues(const uint64_t val, int log_guess)
|
|
|
|
{
|
|
|
|
uint64_t result;
|
|
|
|
|
|
|
|
if (val == 0) {
|
|
|
|
#define ONE_GIGABYTE (U64_LITERAL(1) << 30)
|
|
|
|
#define ONE_MEGABYTE (U64_LITERAL(1) << 20)
|
|
|
|
#if SIZEOF_VOID_P >= 8
|
|
|
|
#define MAX_DEFAULT_MAXMEM (8*ONE_GIGABYTE)
|
|
|
|
#else
|
|
|
|
#define MAX_DEFAULT_MAXMEM (2*ONE_GIGABYTE)
|
|
|
|
#endif
|
|
|
|
/* The user didn't pick a memory limit. Choose a very large one
|
|
|
|
* that is still smaller than the system memory */
|
|
|
|
static int notice_sent = 0;
|
|
|
|
size_t ram = 0;
|
|
|
|
if (get_total_system_memory(&ram) < 0) {
|
|
|
|
/* We couldn't determine our total system memory! */
|
|
|
|
#if SIZEOF_VOID_P >= 8
|
|
|
|
/* 64-bit system. Let's hope for 8 GB. */
|
|
|
|
result = 8 * ONE_GIGABYTE;
|
|
|
|
#else
|
|
|
|
/* (presumably) 32-bit system. Let's hope for 1 GB. */
|
|
|
|
result = ONE_GIGABYTE;
|
|
|
|
#endif
|
|
|
|
} else {
|
|
|
|
/* We detected it, so let's pick 3/4 of the total RAM as our limit. */
|
|
|
|
const uint64_t avail = (ram / 4) * 3;
|
|
|
|
|
|
|
|
/* Make sure it's in range from 0.25 GB to 8 GB. */
|
|
|
|
if (avail > MAX_DEFAULT_MAXMEM) {
|
|
|
|
/* If you want to use more than this much RAM, you need to configure
|
|
|
|
it yourself */
|
|
|
|
result = MAX_DEFAULT_MAXMEM;
|
|
|
|
} else if (avail < ONE_GIGABYTE / 4) {
|
|
|
|
result = ONE_GIGABYTE / 4;
|
|
|
|
} else {
|
|
|
|
result = avail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (log_guess && ! notice_sent) {
|
|
|
|
log_notice(LD_CONFIG, "%sMaxMemInQueues is set to "U64_FORMAT" MB. "
|
|
|
|
"You can override this by setting MaxMemInQueues by hand.",
|
|
|
|
ram ? "Based on detected system memory, " : "",
|
|
|
|
U64_PRINTF_ARG(result / ONE_MEGABYTE));
|
|
|
|
notice_sent = 1;
|
|
|
|
}
|
|
|
|
return result;
|
|
|
|
} else if (val < ONE_GIGABYTE / 4) {
|
|
|
|
log_warn(LD_CONFIG, "MaxMemInQueues must be at least 256 MB for now. "
|
|
|
|
"Ideally, have it as large as you can afford.");
|
|
|
|
return ONE_GIGABYTE / 4;
|
|
|
|
} else {
|
|
|
|
/* The value was fine all along */
|
|
|
|
return val;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-11-10 04:40:30 +01:00
|
|
|
/** Helper: return true iff s1 and s2 are both NULL, or both non-NULL
|
|
|
|
* equal strings. */
|
|
|
|
static int
|
|
|
|
opt_streq(const char *s1, const char *s2)
|
|
|
|
{
|
2011-07-19 08:36:11 +02:00
|
|
|
return 0 == strcmp_opt(s1, s2);
|
2004-11-10 04:40:30 +01:00
|
|
|
}
|
|
|
|
|
2004-11-06 06:18:11 +01:00
|
|
|
/** Check if any of the previous options have changed but aren't allowed to. */
|
|
|
|
static int
|
2011-06-14 19:01:38 +02:00
|
|
|
options_transition_allowed(const or_options_t *old,
|
|
|
|
const or_options_t *new_val,
|
2006-03-26 08:51:26 +02:00
|
|
|
char **msg)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2004-11-28 10:05:49 +01:00
|
|
|
if (!old)
|
2004-11-06 06:18:11 +01:00
|
|
|
return 0;
|
|
|
|
|
2004-11-10 04:40:30 +01:00
|
|
|
if (!opt_streq(old->PidFile, new_val->PidFile)) {
|
2006-03-26 08:51:26 +02:00
|
|
|
*msg = tor_strdup("PidFile is not allowed to change.");
|
2004-11-06 06:18:11 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2005-05-03 12:04:08 +02:00
|
|
|
if (old->RunAsDaemon != new_val->RunAsDaemon) {
|
2006-03-26 08:51:26 +02:00
|
|
|
*msg = tor_strdup("While Tor is running, changing RunAsDaemon "
|
|
|
|
"is not allowed.");
|
2004-11-06 06:18:11 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2014-04-17 03:57:45 +02:00
|
|
|
if (old->Sandbox != new_val->Sandbox) {
|
|
|
|
*msg = tor_strdup("While Tor is running, changing Sandbox "
|
|
|
|
"is not allowed.");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2004-11-09 08:20:21 +01:00
|
|
|
if (strcmp(old->DataDirectory,new_val->DataDirectory)!=0) {
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg,
|
2006-03-26 08:51:26 +02:00
|
|
|
"While Tor is running, changing DataDirectory "
|
|
|
|
"(\"%s\"->\"%s\") is not allowed.",
|
|
|
|
old->DataDirectory, new_val->DataDirectory);
|
2004-11-09 05:46:24 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2004-11-10 04:40:30 +01:00
|
|
|
if (!opt_streq(old->User, new_val->User)) {
|
2006-03-26 08:51:26 +02:00
|
|
|
*msg = tor_strdup("While Tor is running, changing User is not allowed.");
|
2004-11-10 04:40:30 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2009-05-24 01:42:44 +02:00
|
|
|
if ((old->HardwareAccel != new_val->HardwareAccel)
|
2009-05-31 19:36:18 +02:00
|
|
|
|| !opt_streq(old->AccelName, new_val->AccelName)
|
|
|
|
|| !opt_streq(old->AccelDir, new_val->AccelDir)) {
|
2009-05-24 01:42:44 +02:00
|
|
|
*msg = tor_strdup("While Tor is running, changing OpenSSL hardware "
|
|
|
|
"acceleration engine is not allowed.");
|
2005-06-20 20:56:35 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2008-06-14 18:01:29 +02:00
|
|
|
if (old->TestingTorNetwork != new_val->TestingTorNetwork) {
|
|
|
|
*msg = tor_strdup("While Tor is running, changing TestingTorNetwork "
|
|
|
|
"is not allowed.");
|
2009-08-19 15:41:12 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2009-10-22 06:21:57 +02:00
|
|
|
if (old->DisableAllSwap != new_val->DisableAllSwap) {
|
|
|
|
*msg = tor_strdup("While Tor is running, changing DisableAllSwap "
|
|
|
|
"is not allowed.");
|
2011-08-19 23:07:54 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2011-09-08 03:02:49 +02:00
|
|
|
if (old->TokenBucketRefillInterval != new_val->TokenBucketRefillInterval) {
|
|
|
|
*msg = tor_strdup("While Tor is running, changing TokenBucketRefill"
|
|
|
|
"Interval is not allowed");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2011-08-19 23:07:54 +02:00
|
|
|
if (old->DisableIOCP != new_val->DisableIOCP) {
|
|
|
|
*msg = tor_strdup("While Tor is running, changing DisableIOCP "
|
|
|
|
"is not allowed.");
|
2011-12-08 09:19:09 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (old->DisableDebuggerAttachment &&
|
|
|
|
!new_val->DisableDebuggerAttachment) {
|
|
|
|
*msg = tor_strdup("While Tor is running, disabling "
|
|
|
|
"DisableDebuggerAttachment is not allowed.");
|
2009-10-22 06:21:57 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2014-04-17 03:57:45 +02:00
|
|
|
if (sandbox_is_active()) {
|
2014-05-23 02:00:22 +02:00
|
|
|
#define SB_NOCHANGE_STR(opt) \
|
|
|
|
do { \
|
|
|
|
if (! opt_streq(old->opt, new_val->opt)) { \
|
|
|
|
*msg = tor_strdup("Can't change " #opt " while Sandbox is active"); \
|
|
|
|
return -1; \
|
|
|
|
} \
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
SB_NOCHANGE_STR(PidFile);
|
|
|
|
SB_NOCHANGE_STR(ServerDNSResolvConfFile);
|
|
|
|
SB_NOCHANGE_STR(DirPortFrontPage);
|
|
|
|
SB_NOCHANGE_STR(CookieAuthFile);
|
|
|
|
SB_NOCHANGE_STR(ExtORPortCookieAuthFile);
|
|
|
|
|
|
|
|
#undef SB_NOCHANGE_STR
|
|
|
|
|
2014-04-17 03:57:45 +02:00
|
|
|
if (! config_lines_eq(old->Logs, new_val->Logs)) {
|
|
|
|
*msg = tor_strdup("Can't change Logs while Sandbox is active");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (old->ConnLimit != new_val->ConnLimit) {
|
|
|
|
*msg = tor_strdup("Can't change ConnLimit while Sandbox is active");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (server_mode(old) != server_mode(new_val)) {
|
|
|
|
*msg = tor_strdup("Can't start/stop being a server while "
|
|
|
|
"Sandbox is active");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-11-06 06:18:11 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-08-22 08:45:18 +02:00
|
|
|
/** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
|
2009-05-27 23:55:51 +02:00
|
|
|
* will require us to rotate the CPU and DNS workers; else return 0. */
|
2005-08-22 02:18:45 +02:00
|
|
|
static int
|
2011-06-14 19:01:38 +02:00
|
|
|
options_transition_affects_workers(const or_options_t *old_options,
|
|
|
|
const or_options_t *new_options)
|
2005-08-16 01:46:18 +02:00
|
|
|
{
|
2005-08-22 02:18:45 +02:00
|
|
|
if (!opt_streq(old_options->DataDirectory, new_options->DataDirectory) ||
|
2010-10-29 19:41:24 +02:00
|
|
|
old_options->NumCPUs != new_options->NumCPUs ||
|
2012-08-09 21:48:43 +02:00
|
|
|
!config_lines_eq(old_options->ORPort_lines, new_options->ORPort_lines) ||
|
2006-09-21 23:48:16 +02:00
|
|
|
old_options->ServerDNSSearchDomains !=
|
|
|
|
new_options->ServerDNSSearchDomains ||
|
2012-10-12 18:22:13 +02:00
|
|
|
old_options->SafeLogging_ != new_options->SafeLogging_ ||
|
2007-02-09 01:22:43 +01:00
|
|
|
old_options->ClientOnly != new_options->ClientOnly ||
|
2011-01-25 15:28:58 +01:00
|
|
|
public_server_mode(old_options) != public_server_mode(new_options) ||
|
2011-01-25 21:53:15 +01:00
|
|
|
!config_lines_eq(old_options->Logs, new_options->Logs) ||
|
|
|
|
old_options->LogMessageDomains != new_options->LogMessageDomains)
|
2005-08-22 02:18:45 +02:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
/* Check whether log options match. */
|
|
|
|
|
|
|
|
/* Nothing that changed matters. */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-08-22 08:45:18 +02:00
|
|
|
/** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
|
|
|
|
* will require us to generate a new descriptor; else return 0. */
|
2005-08-22 02:18:45 +02:00
|
|
|
static int
|
2011-06-14 19:01:38 +02:00
|
|
|
options_transition_affects_descriptor(const or_options_t *old_options,
|
|
|
|
const or_options_t *new_options)
|
2005-08-22 02:18:45 +02:00
|
|
|
{
|
2008-12-18 17:11:24 +01:00
|
|
|
/* XXX We can be smarter here. If your DirPort isn't being
|
2009-07-07 18:04:00 +02:00
|
|
|
* published and you just turned it off, no need to republish. Etc. */
|
2005-08-22 02:18:45 +02:00
|
|
|
if (!opt_streq(old_options->DataDirectory, new_options->DataDirectory) ||
|
|
|
|
!opt_streq(old_options->Nickname,new_options->Nickname) ||
|
|
|
|
!opt_streq(old_options->Address,new_options->Address) ||
|
|
|
|
!config_lines_eq(old_options->ExitPolicy,new_options->ExitPolicy) ||
|
2014-11-13 16:48:15 +01:00
|
|
|
old_options->ExitRelay != new_options->ExitRelay ||
|
2007-11-17 03:22:56 +01:00
|
|
|
old_options->ExitPolicyRejectPrivate !=
|
|
|
|
new_options->ExitPolicyRejectPrivate ||
|
2012-10-25 06:20:41 +02:00
|
|
|
old_options->IPv6Exit != new_options->IPv6Exit ||
|
2012-08-09 22:02:57 +02:00
|
|
|
!config_lines_eq(old_options->ORPort_lines,
|
|
|
|
new_options->ORPort_lines) ||
|
|
|
|
!config_lines_eq(old_options->DirPort_lines,
|
|
|
|
new_options->DirPort_lines) ||
|
2005-08-22 02:18:45 +02:00
|
|
|
old_options->ClientOnly != new_options->ClientOnly ||
|
2011-11-28 21:44:10 +01:00
|
|
|
old_options->DisableNetwork != new_options->DisableNetwork ||
|
2012-10-12 18:22:13 +02:00
|
|
|
old_options->PublishServerDescriptor_ !=
|
|
|
|
new_options->PublishServerDescriptor_ ||
|
2009-07-07 18:04:00 +02:00
|
|
|
get_effective_bwrate(old_options) != get_effective_bwrate(new_options) ||
|
|
|
|
get_effective_bwburst(old_options) !=
|
|
|
|
get_effective_bwburst(new_options) ||
|
2005-08-22 02:18:45 +02:00
|
|
|
!opt_streq(old_options->ContactInfo, new_options->ContactInfo) ||
|
|
|
|
!opt_streq(old_options->MyFamily, new_options->MyFamily) ||
|
|
|
|
!opt_streq(old_options->AccountingStart, new_options->AccountingStart) ||
|
2011-07-07 17:05:06 +02:00
|
|
|
old_options->AccountingMax != new_options->AccountingMax ||
|
|
|
|
public_server_mode(old_options) != public_server_mode(new_options))
|
2005-08-22 02:18:45 +02:00
|
|
|
return 1;
|
|
|
|
|
2005-08-16 01:46:18 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-01-31 16:59:42 +01:00
|
|
|
#ifdef _WIN32
|
2004-11-09 00:12:40 +01:00
|
|
|
/** Return the directory on windows where we expect to find our application
|
|
|
|
* data. */
|
2005-06-11 20:52:12 +02:00
|
|
|
static char *
|
|
|
|
get_windows_conf_root(void)
|
2004-11-06 06:18:11 +01:00
|
|
|
{
|
|
|
|
static int is_set = 0;
|
2012-05-17 16:08:48 +02:00
|
|
|
static char path[MAX_PATH*2+1];
|
2010-08-20 18:30:25 +02:00
|
|
|
TCHAR tpath[MAX_PATH] = {0};
|
2004-11-06 06:18:11 +01:00
|
|
|
|
|
|
|
LPITEMIDLIST idl;
|
|
|
|
IMalloc *m;
|
|
|
|
HRESULT result;
|
|
|
|
|
|
|
|
if (is_set)
|
|
|
|
return path;
|
|
|
|
|
2004-12-01 04:48:14 +01:00
|
|
|
/* Find X:\documents and settings\username\application data\ .
|
2004-11-06 06:18:11 +01:00
|
|
|
* We would use SHGetSpecialFolder path, but that wasn't added until IE4.
|
|
|
|
*/
|
2009-01-16 00:07:11 +01:00
|
|
|
#ifdef ENABLE_LOCAL_APPDATA
|
|
|
|
#define APPDATA_PATH CSIDL_LOCAL_APPDATA
|
|
|
|
#else
|
|
|
|
#define APPDATA_PATH CSIDL_APPDATA
|
|
|
|
#endif
|
|
|
|
if (!SUCCEEDED(SHGetSpecialFolderLocation(NULL, APPDATA_PATH, &idl))) {
|
2010-05-21 04:53:39 +02:00
|
|
|
getcwd(path,MAX_PATH);
|
2004-11-06 06:18:11 +01:00
|
|
|
is_set = 1;
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"I couldn't find your application data folder: are you "
|
|
|
|
"running an ancient version of Windows 95? Defaulting to \"%s\"",
|
|
|
|
path);
|
2004-11-06 06:18:11 +01:00
|
|
|
return path;
|
|
|
|
}
|
|
|
|
/* Convert the path from an "ID List" (whatever that is!) to a path. */
|
2010-08-20 18:30:25 +02:00
|
|
|
result = SHGetPathFromIDList(idl, tpath);
|
|
|
|
#ifdef UNICODE
|
2012-05-17 16:08:48 +02:00
|
|
|
wcstombs(path,tpath,sizeof(path));
|
|
|
|
path[sizeof(path)-1] = '\0';
|
2010-08-20 18:30:25 +02:00
|
|
|
#else
|
|
|
|
strlcpy(path,tpath,sizeof(path));
|
|
|
|
#endif
|
2010-05-21 04:53:39 +02:00
|
|
|
|
2010-06-15 00:32:44 +02:00
|
|
|
/* Now we need to free the memory that the path-idl was stored in. In
|
|
|
|
* typical Windows fashion, we can't just call 'free()' on it. */
|
2004-11-06 06:18:11 +01:00
|
|
|
SHGetMalloc(&m);
|
|
|
|
if (m) {
|
|
|
|
m->lpVtbl->Free(m, idl);
|
|
|
|
m->lpVtbl->Release(m);
|
|
|
|
}
|
|
|
|
if (!SUCCEEDED(result)) {
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
strlcat(path,"\\tor",MAX_PATH);
|
|
|
|
is_set = 1;
|
|
|
|
return path;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2012-06-05 00:50:13 +02:00
|
|
|
/** Return the default location for our torrc file (if <b>defaults_file</b> is
|
|
|
|
* false), or for the torrc-defaults file (if <b>defaults_file</b> is true). */
|
2005-08-10 20:05:20 +02:00
|
|
|
static const char *
|
2011-11-28 04:25:52 +01:00
|
|
|
get_default_conf_file(int defaults_file)
|
2004-11-06 06:18:11 +01:00
|
|
|
{
|
2012-01-31 16:59:42 +01:00
|
|
|
#ifdef _WIN32
|
2011-11-28 04:25:52 +01:00
|
|
|
if (defaults_file) {
|
|
|
|
static char defaults_path[MAX_PATH+1];
|
|
|
|
tor_snprintf(defaults_path, MAX_PATH, "%s\\torrc-defaults",
|
|
|
|
get_windows_conf_root());
|
|
|
|
return defaults_path;
|
|
|
|
} else {
|
|
|
|
static char path[MAX_PATH+1];
|
|
|
|
tor_snprintf(path, MAX_PATH, "%s\\torrc",
|
|
|
|
get_windows_conf_root());
|
|
|
|
return path;
|
|
|
|
}
|
2004-11-06 06:18:11 +01:00
|
|
|
#else
|
2011-11-28 04:25:52 +01:00
|
|
|
return defaults_file ? CONFDIR "/torrc-defaults" : CONFDIR "/torrc";
|
2004-11-06 06:18:11 +01:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2008-10-01 05:41:33 +02:00
|
|
|
/** Verify whether lst is a string containing valid-looking comma-separated
|
2013-08-31 05:49:04 +02:00
|
|
|
* nicknames, or NULL. Will normalise <b>lst</b> to prefix '$' to any nickname
|
|
|
|
* or fingerprint that needs it. Return 0 on success.
|
|
|
|
* Warn and return -1 on failure.
|
2004-11-06 06:18:11 +01:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static int
|
2013-08-31 06:12:36 +02:00
|
|
|
check_nickname_list(char **lst, const char *name, char **msg)
|
2004-11-06 06:18:11 +01:00
|
|
|
{
|
|
|
|
int r = 0;
|
|
|
|
smartlist_t *sl;
|
2013-08-31 05:49:04 +02:00
|
|
|
int changes = 0;
|
2004-11-06 06:18:11 +01:00
|
|
|
|
2013-08-31 05:49:04 +02:00
|
|
|
if (!*lst)
|
2004-11-06 06:18:11 +01:00
|
|
|
return 0;
|
2012-01-18 21:53:30 +01:00
|
|
|
sl = smartlist_new();
|
2008-10-01 05:41:33 +02:00
|
|
|
|
2013-08-31 05:49:04 +02:00
|
|
|
smartlist_split_string(sl, *lst, ",",
|
2008-10-01 05:41:33 +02:00
|
|
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK|SPLIT_STRIP_SPACE, 0);
|
|
|
|
|
2013-09-03 18:47:03 +02:00
|
|
|
SMARTLIST_FOREACH_BEGIN(sl, char *, s)
|
2004-11-06 06:18:11 +01:00
|
|
|
{
|
|
|
|
if (!is_legal_nickname_or_hexdigest(s)) {
|
2013-08-31 05:49:04 +02:00
|
|
|
// check if first char is dollar
|
|
|
|
if (s[0] != '$') {
|
|
|
|
// Try again but with a dollar symbol prepended
|
2013-09-03 18:47:03 +02:00
|
|
|
char *prepended;
|
|
|
|
tor_asprintf(&prepended, "$%s", s);
|
2013-08-31 05:49:04 +02:00
|
|
|
|
|
|
|
if (is_legal_nickname_or_hexdigest(prepended)) {
|
|
|
|
// The nickname is valid when it's prepended, swap the current
|
|
|
|
// version with a prepended one
|
|
|
|
tor_free(s);
|
|
|
|
SMARTLIST_REPLACE_CURRENT(sl, s, prepended);
|
|
|
|
changes = 1;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Still not valid, free and fallback to error message
|
|
|
|
tor_free(prepended);
|
|
|
|
}
|
|
|
|
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(msg, "Invalid nickname '%s' in %s line", s, name);
|
2004-11-06 06:18:11 +01:00
|
|
|
r = -1;
|
2006-03-26 08:51:26 +02:00
|
|
|
break;
|
2004-11-06 06:18:11 +01:00
|
|
|
}
|
2013-09-03 18:47:03 +02:00
|
|
|
}
|
|
|
|
SMARTLIST_FOREACH_END(s);
|
2013-08-31 05:49:04 +02:00
|
|
|
|
|
|
|
// Replace the caller's nickname list with a fixed one
|
|
|
|
if (changes && r == 0) {
|
2013-08-31 06:12:36 +02:00
|
|
|
char *newNicknames = smartlist_join_strings(sl, ", ", 0, NULL);
|
2013-08-31 05:49:04 +02:00
|
|
|
tor_free(*lst);
|
|
|
|
*lst = newNicknames;
|
|
|
|
}
|
|
|
|
|
2004-11-06 06:18:11 +01:00
|
|
|
SMARTLIST_FOREACH(sl, char *, s, tor_free(s));
|
|
|
|
smartlist_free(sl);
|
2013-08-31 05:49:04 +02:00
|
|
|
|
2004-11-06 06:18:11 +01:00
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2012-06-05 00:50:13 +02:00
|
|
|
/** Learn config file name from command line arguments, or use the default.
|
|
|
|
*
|
|
|
|
* If <b>defaults_file</b> is true, we're looking for torrc-defaults;
|
|
|
|
* otherwise, we're looking for the regular torrc_file.
|
|
|
|
*
|
|
|
|
* Set *<b>using_default_fname</b> to true if we're using the default
|
|
|
|
* configuration file name; or false if we've set it from the command line.
|
|
|
|
*
|
|
|
|
* Set *<b>ignore_missing_torrc</b> to true if we should ignore the resulting
|
|
|
|
* filename if it doesn't exist.
|
|
|
|
*/
|
2008-03-11 05:30:14 +01:00
|
|
|
static char *
|
2013-08-25 18:03:57 +02:00
|
|
|
find_torrc_filename(config_line_t *cmd_arg,
|
2011-11-28 04:25:52 +01:00
|
|
|
int defaults_file,
|
2012-06-05 00:50:13 +02:00
|
|
|
int *using_default_fname, int *ignore_missing_torrc)
|
2008-03-10 13:41:29 +01:00
|
|
|
{
|
|
|
|
char *fname=NULL;
|
2013-08-25 18:03:57 +02:00
|
|
|
config_line_t *p_index;
|
2011-11-28 04:25:52 +01:00
|
|
|
const char *fname_opt = defaults_file ? "--defaults-torrc" : "-f";
|
|
|
|
const char *ignore_opt = defaults_file ? NULL : "--ignore-missing-torrc";
|
|
|
|
|
|
|
|
if (defaults_file)
|
|
|
|
*ignore_missing_torrc = 1;
|
2008-03-10 13:41:29 +01:00
|
|
|
|
2013-08-25 18:03:57 +02:00
|
|
|
for (p_index = cmd_arg; p_index; p_index = p_index->next) {
|
|
|
|
if (!strcmp(p_index->key, fname_opt)) {
|
2008-03-10 13:41:29 +01:00
|
|
|
if (fname) {
|
2013-02-01 21:43:37 +01:00
|
|
|
log_warn(LD_CONFIG, "Duplicate %s options on command line.",
|
2011-11-28 04:25:52 +01:00
|
|
|
fname_opt);
|
2008-03-10 13:41:29 +01:00
|
|
|
tor_free(fname);
|
|
|
|
}
|
2013-08-25 18:03:57 +02:00
|
|
|
fname = expand_filename(p_index->value);
|
2011-12-04 17:33:20 +01:00
|
|
|
|
|
|
|
{
|
|
|
|
char *absfname;
|
|
|
|
absfname = make_path_absolute(fname);
|
|
|
|
tor_free(fname);
|
|
|
|
fname = absfname;
|
|
|
|
}
|
|
|
|
|
2012-06-05 00:50:13 +02:00
|
|
|
*using_default_fname = 0;
|
2013-08-25 18:03:57 +02:00
|
|
|
} else if (ignore_opt && !strcmp(p_index->key,ignore_opt)) {
|
2008-03-10 13:41:29 +01:00
|
|
|
*ignore_missing_torrc = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-06-05 00:50:13 +02:00
|
|
|
if (*using_default_fname) {
|
2008-03-10 13:41:29 +01:00
|
|
|
/* didn't find one, try CONFDIR */
|
2011-11-28 04:25:52 +01:00
|
|
|
const char *dflt = get_default_conf_file(defaults_file);
|
2014-10-19 08:48:07 +02:00
|
|
|
file_status_t st = file_status(dflt);
|
|
|
|
if (dflt && (st == FN_FILE || st == FN_EMPTY)) {
|
2008-03-10 13:41:29 +01:00
|
|
|
fname = tor_strdup(dflt);
|
|
|
|
} else {
|
2012-01-31 16:59:42 +01:00
|
|
|
#ifndef _WIN32
|
2011-11-28 04:25:52 +01:00
|
|
|
char *fn = NULL;
|
2014-10-19 08:48:07 +02:00
|
|
|
if (!defaults_file) {
|
2011-11-28 04:25:52 +01:00
|
|
|
fn = expand_filename("~/.torrc");
|
2014-10-19 08:48:07 +02:00
|
|
|
}
|
|
|
|
if (fn) {
|
|
|
|
file_status_t hmst = file_status(fn);
|
|
|
|
if (hmst == FN_FILE || hmst == FN_EMPTY) {
|
|
|
|
fname = fn;
|
|
|
|
} else {
|
|
|
|
tor_free(fn);
|
|
|
|
fname = tor_strdup(dflt);
|
|
|
|
}
|
2008-03-10 13:41:29 +01:00
|
|
|
} else {
|
|
|
|
fname = tor_strdup(dflt);
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
fname = tor_strdup(dflt);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return fname;
|
|
|
|
}
|
|
|
|
|
2012-06-05 00:50:13 +02:00
|
|
|
/** Load a configuration file from disk, setting torrc_fname or
|
|
|
|
* torrc_defaults_fname if successful.
|
|
|
|
*
|
|
|
|
* If <b>defaults_file</b> is true, load torrc-defaults; otherwise load torrc.
|
|
|
|
*
|
|
|
|
* Return the contents of the file on success, and NULL on failure.
|
|
|
|
*/
|
2008-03-11 05:30:14 +01:00
|
|
|
static char *
|
2013-08-25 18:03:57 +02:00
|
|
|
load_torrc_from_disk(config_line_t *cmd_arg, int defaults_file)
|
2008-03-10 13:41:36 +01:00
|
|
|
{
|
|
|
|
char *fname=NULL;
|
|
|
|
char *cf = NULL;
|
|
|
|
int using_default_torrc = 1;
|
|
|
|
int ignore_missing_torrc = 0;
|
2011-11-30 02:11:49 +01:00
|
|
|
char **fname_var = defaults_file ? &torrc_defaults_fname : &torrc_fname;
|
2008-03-10 13:41:36 +01:00
|
|
|
|
2015-01-05 01:34:38 +01:00
|
|
|
if (*fname_var == NULL) {
|
|
|
|
fname = find_torrc_filename(cmd_arg, defaults_file,
|
|
|
|
&using_default_torrc, &ignore_missing_torrc);
|
|
|
|
tor_assert(fname);
|
|
|
|
tor_free(*fname_var);
|
|
|
|
*fname_var = fname;
|
|
|
|
} else {
|
|
|
|
fname = *fname_var;
|
|
|
|
}
|
2013-02-01 21:43:37 +01:00
|
|
|
log_debug(LD_CONFIG, "Opening config file \"%s\"", fname);
|
2008-03-10 13:41:36 +01:00
|
|
|
|
|
|
|
/* Open config file */
|
2014-10-19 08:48:07 +02:00
|
|
|
file_status_t st = file_status(fname);
|
|
|
|
if (!(st == FN_FILE || st == FN_EMPTY) ||
|
2008-03-10 13:41:36 +01:00
|
|
|
!(cf = read_file_to_str(fname,0,NULL))) {
|
2011-11-28 04:25:52 +01:00
|
|
|
if (using_default_torrc == 1 || ignore_missing_torrc) {
|
|
|
|
if (!defaults_file)
|
2013-02-01 21:43:37 +01:00
|
|
|
log_notice(LD_CONFIG, "Configuration file \"%s\" not present, "
|
2011-11-28 04:25:52 +01:00
|
|
|
"using reasonable defaults.", fname);
|
2008-03-10 13:41:36 +01:00
|
|
|
tor_free(fname); /* sets fname to NULL */
|
2011-11-28 04:25:52 +01:00
|
|
|
*fname_var = NULL;
|
2008-03-10 13:41:36 +01:00
|
|
|
cf = tor_strdup("");
|
|
|
|
} else {
|
2013-02-01 21:43:37 +01:00
|
|
|
log_warn(LD_CONFIG,
|
2008-03-10 13:41:36 +01:00
|
|
|
"Unable to open configuration file \"%s\".", fname);
|
|
|
|
goto err;
|
|
|
|
}
|
2011-01-27 15:31:34 +01:00
|
|
|
} else {
|
2013-02-01 21:43:37 +01:00
|
|
|
log_notice(LD_CONFIG, "Read configuration file \"%s\".", fname);
|
2008-03-10 13:41:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return cf;
|
|
|
|
err:
|
|
|
|
tor_free(fname);
|
2011-11-28 04:25:52 +01:00
|
|
|
*fname_var = NULL;
|
2008-03-10 13:41:36 +01:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2004-11-04 11:23:30 +01:00
|
|
|
/** Read a configuration file into <b>options</b>, finding the configuration
|
2008-03-10 13:41:49 +01:00
|
|
|
* file location based on the command line. After loading the file
|
|
|
|
* call options_init_from_string() to load the config.
|
2004-11-09 05:28:18 +01:00
|
|
|
* Return 0 if success, -1 if failure. */
|
2004-11-04 11:23:30 +01:00
|
|
|
int
|
2005-07-23 03:58:05 +02:00
|
|
|
options_init_from_torrc(int argc, char **argv)
|
2004-11-04 11:23:30 +01:00
|
|
|
{
|
2011-11-28 04:25:52 +01:00
|
|
|
char *cf=NULL, *cf_defaults=NULL;
|
2013-08-25 18:03:57 +02:00
|
|
|
int command;
|
2011-11-30 18:16:39 +01:00
|
|
|
int retval = -1;
|
2008-03-10 13:41:44 +01:00
|
|
|
char *command_arg = NULL;
|
2008-03-10 13:41:49 +01:00
|
|
|
char *errmsg=NULL;
|
2013-08-25 18:03:57 +02:00
|
|
|
config_line_t *p_index = NULL;
|
2013-09-16 19:05:04 +02:00
|
|
|
config_line_t *cmdline_only_options = NULL;
|
2013-08-25 18:59:38 +02:00
|
|
|
|
|
|
|
/* Go through command-line variables */
|
2013-09-16 19:05:04 +02:00
|
|
|
if (! have_parsed_cmdline) {
|
2013-08-25 18:59:38 +02:00
|
|
|
/* Or we could redo the list every time we pass this place.
|
|
|
|
* It does not really matter */
|
|
|
|
if (config_parse_commandline(argc, argv, 0, &global_cmdline_options,
|
2013-09-16 19:05:04 +02:00
|
|
|
&global_cmdline_only_options) < 0) {
|
2013-08-25 18:59:38 +02:00
|
|
|
goto err;
|
|
|
|
}
|
2013-09-16 19:05:04 +02:00
|
|
|
have_parsed_cmdline = 1;
|
2013-08-25 18:59:38 +02:00
|
|
|
}
|
2013-09-16 19:05:04 +02:00
|
|
|
cmdline_only_options = global_cmdline_only_options;
|
2013-08-25 18:59:38 +02:00
|
|
|
|
|
|
|
if (config_line_find(cmdline_only_options, "-h") ||
|
|
|
|
config_line_find(cmdline_only_options, "--help")) {
|
2004-11-04 11:23:30 +01:00
|
|
|
print_usage();
|
|
|
|
exit(0);
|
|
|
|
}
|
2013-08-25 18:59:38 +02:00
|
|
|
if (config_line_find(cmdline_only_options, "--list-torrc-options")) {
|
2006-12-20 18:05:48 +01:00
|
|
|
/* For documenting validating whether we've documented everything. */
|
|
|
|
list_torrc_options();
|
|
|
|
exit(0);
|
|
|
|
}
|
2004-11-04 11:23:30 +01:00
|
|
|
|
2013-08-25 18:59:38 +02:00
|
|
|
if (config_line_find(cmdline_only_options, "--version")) {
|
2007-05-22 17:48:46 +02:00
|
|
|
printf("Tor version %s.\n",get_version());
|
2004-11-04 11:23:30 +01:00
|
|
|
exit(0);
|
|
|
|
}
|
2013-09-01 18:38:01 +02:00
|
|
|
|
2013-08-25 18:59:38 +02:00
|
|
|
if (config_line_find(cmdline_only_options, "--digests")) {
|
2009-01-04 03:43:05 +01:00
|
|
|
printf("Tor version %s.\n",get_version());
|
|
|
|
printf("%s", libor_get_digests());
|
2009-05-08 18:35:36 +02:00
|
|
|
printf("%s", tor_get_digests());
|
2009-01-04 03:43:05 +01:00
|
|
|
exit(0);
|
|
|
|
}
|
2004-11-04 11:23:30 +01:00
|
|
|
|
2013-09-13 18:55:53 +02:00
|
|
|
if (config_line_find(cmdline_only_options, "--library-versions")) {
|
2013-09-01 18:38:01 +02:00
|
|
|
printf("Tor version %s. \n", get_version());
|
|
|
|
printf("Library versions\tCompiled\t\tRuntime\n");
|
|
|
|
printf("Libevent\t\t%-15s\t\t%s\n",
|
|
|
|
tor_libevent_get_header_version_str(),
|
|
|
|
tor_libevent_get_version_str());
|
|
|
|
printf("OpenSSL \t\t%-15s\t\t%s\n",
|
|
|
|
crypto_openssl_get_header_version_str(),
|
|
|
|
crypto_openssl_get_version_str());
|
|
|
|
printf("Zlib \t\t%-15s\t\t%s\n",
|
|
|
|
tor_zlib_get_header_version_str(),
|
|
|
|
tor_zlib_get_version_str());
|
|
|
|
//TODO: Hex versions?
|
|
|
|
exit(0);
|
|
|
|
}
|
|
|
|
|
2008-03-10 13:41:44 +01:00
|
|
|
command = CMD_RUN_TOR;
|
2013-08-25 18:03:57 +02:00
|
|
|
for (p_index = cmdline_only_options; p_index; p_index = p_index->next) {
|
|
|
|
if (!strcmp(p_index->key,"--list-fingerprint")) {
|
2008-03-10 13:41:44 +01:00
|
|
|
command = CMD_LIST_FINGERPRINT;
|
2013-08-25 18:03:57 +02:00
|
|
|
} else if (!strcmp(p_index->key, "--hash-password")) {
|
2008-03-10 13:41:44 +01:00
|
|
|
command = CMD_HASH_PASSWORD;
|
2013-08-25 18:03:57 +02:00
|
|
|
command_arg = p_index->value;
|
2013-09-03 16:30:50 +02:00
|
|
|
} else if (!strcmp(p_index->key, "--dump-config")) {
|
|
|
|
command = CMD_DUMP_CONFIG;
|
|
|
|
command_arg = p_index->value;
|
2013-08-25 18:03:57 +02:00
|
|
|
} else if (!strcmp(p_index->key, "--verify-config")) {
|
2008-03-10 13:41:44 +01:00
|
|
|
command = CMD_VERIFY_CONFIG;
|
2008-03-10 13:41:26 +01:00
|
|
|
}
|
|
|
|
}
|
2004-11-06 06:18:11 +01:00
|
|
|
|
2008-03-27 17:46:34 +01:00
|
|
|
if (command == CMD_HASH_PASSWORD) {
|
2013-07-19 05:08:36 +02:00
|
|
|
cf_defaults = tor_strdup("");
|
2008-03-27 17:46:34 +01:00
|
|
|
cf = tor_strdup("");
|
|
|
|
} else {
|
2013-08-25 18:03:57 +02:00
|
|
|
cf_defaults = load_torrc_from_disk(cmdline_only_options, 1);
|
|
|
|
cf = load_torrc_from_disk(cmdline_only_options, 0);
|
2013-11-03 17:53:41 +01:00
|
|
|
if (!cf) {
|
|
|
|
if (config_line_find(cmdline_only_options, "--allow-missing-torrc")) {
|
|
|
|
cf = tor_strdup("");
|
|
|
|
} else {
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
}
|
2008-03-27 17:46:34 +01:00
|
|
|
}
|
2004-11-04 11:23:30 +01:00
|
|
|
|
2011-11-30 18:09:53 +01:00
|
|
|
retval = options_init_from_string(cf_defaults, cf, command, command_arg,
|
|
|
|
&errmsg);
|
2008-03-10 13:41:44 +01:00
|
|
|
|
|
|
|
err:
|
2011-11-30 18:16:39 +01:00
|
|
|
|
|
|
|
tor_free(cf);
|
|
|
|
tor_free(cf_defaults);
|
2008-03-10 13:41:49 +01:00
|
|
|
if (errmsg) {
|
2013-02-01 21:43:37 +01:00
|
|
|
log_warn(LD_CONFIG,"%s", errmsg);
|
2008-03-10 13:41:49 +01:00
|
|
|
tor_free(errmsg);
|
|
|
|
}
|
2011-11-30 18:16:39 +01:00
|
|
|
return retval < 0 ? -1 : 0;
|
2008-03-10 13:41:44 +01:00
|
|
|
}
|
|
|
|
|
2008-03-10 13:41:49 +01:00
|
|
|
/** Load the options from the configuration in <b>cf</b>, validate
|
|
|
|
* them for consistency and take actions based on them.
|
|
|
|
*
|
|
|
|
* Return 0 if success, negative on error:
|
|
|
|
* * -1 for general errors.
|
|
|
|
* * -2 for failure to parse/validate,
|
|
|
|
* * -3 for transition not allowed
|
|
|
|
* * -4 for error while setting the new options
|
|
|
|
*/
|
2008-03-13 16:11:56 +01:00
|
|
|
setopt_err_t
|
2011-11-28 04:25:52 +01:00
|
|
|
options_init_from_string(const char *cf_defaults, const char *cf,
|
2008-03-10 13:41:49 +01:00
|
|
|
int command, const char *command_arg,
|
|
|
|
char **msg)
|
2008-03-10 13:41:44 +01:00
|
|
|
{
|
2011-11-28 04:25:52 +01:00
|
|
|
or_options_t *oldoptions, *newoptions, *newdefaultoptions=NULL;
|
2008-03-10 13:41:44 +01:00
|
|
|
config_line_t *cl;
|
2011-11-28 04:25:52 +01:00
|
|
|
int retval, i;
|
2008-03-13 16:11:56 +01:00
|
|
|
setopt_err_t err = SETOPT_ERR_MISC;
|
2008-03-11 19:56:41 +01:00
|
|
|
tor_assert(msg);
|
2008-03-10 13:41:44 +01:00
|
|
|
|
|
|
|
oldoptions = global_options; /* get_options unfortunately asserts if
|
|
|
|
this is the first time we run*/
|
|
|
|
|
|
|
|
newoptions = tor_malloc_zero(sizeof(or_options_t));
|
2012-10-12 18:22:13 +02:00
|
|
|
newoptions->magic_ = OR_OPTIONS_MAGIC;
|
2008-03-10 13:41:44 +01:00
|
|
|
options_init(newoptions);
|
|
|
|
newoptions->command = command;
|
2013-08-25 18:03:57 +02:00
|
|
|
newoptions->command_arg = command_arg ? tor_strdup(command_arg) : NULL;
|
2008-03-10 13:41:44 +01:00
|
|
|
|
2011-11-28 04:25:52 +01:00
|
|
|
for (i = 0; i < 2; ++i) {
|
|
|
|
const char *body = i==0 ? cf_defaults : cf;
|
|
|
|
if (!body)
|
|
|
|
continue;
|
|
|
|
/* get config lines, assign them */
|
|
|
|
retval = config_get_lines(body, &cl, 1);
|
|
|
|
if (retval < 0) {
|
|
|
|
err = SETOPT_ERR_PARSE;
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
retval = config_assign(&options_format, newoptions, cl, 0, 0, msg);
|
|
|
|
config_free_lines(cl);
|
|
|
|
if (retval < 0) {
|
|
|
|
err = SETOPT_ERR_PARSE;
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
if (i==0)
|
2012-09-12 23:34:50 +02:00
|
|
|
newdefaultoptions = config_dup(&options_format, newoptions);
|
2008-03-10 13:41:49 +01:00
|
|
|
}
|
2008-03-10 13:41:33 +01:00
|
|
|
|
2013-06-24 15:56:25 +02:00
|
|
|
if (newdefaultoptions == NULL) {
|
|
|
|
newdefaultoptions = config_dup(&options_format, global_default_options);
|
|
|
|
}
|
|
|
|
|
2004-11-09 05:28:18 +01:00
|
|
|
/* Go through command-line variables too */
|
2008-03-10 13:41:40 +01:00
|
|
|
retval = config_assign(&options_format, newoptions,
|
2008-03-10 13:41:49 +01:00
|
|
|
global_cmdline_options, 0, 0, msg);
|
|
|
|
if (retval < 0) {
|
2008-03-13 16:11:56 +01:00
|
|
|
err = SETOPT_ERR_PARSE;
|
2004-11-06 06:18:11 +01:00
|
|
|
goto err;
|
2008-03-10 13:41:49 +01:00
|
|
|
}
|
2004-11-04 11:23:30 +01:00
|
|
|
|
2008-06-14 18:01:29 +02:00
|
|
|
/* If this is a testing network configuration, change defaults
|
|
|
|
* for a list of dependent config options, re-initialize newoptions
|
|
|
|
* with the new defaults, and assign all options to it second time. */
|
|
|
|
if (newoptions->TestingTorNetwork) {
|
2008-12-18 17:11:24 +01:00
|
|
|
/* XXXX this is a bit of a kludge. perhaps there's a better way to do
|
2008-06-14 18:11:37 +02:00
|
|
|
* this? We could, for example, make the parsing algorithm do two passes
|
|
|
|
* over the configuration. If it finds any "suite" options like
|
|
|
|
* TestingTorNetwork, it could change the defaults before its second pass.
|
|
|
|
* Not urgent so long as this seems to work, but at any sign of trouble,
|
|
|
|
* let's clean it up. -NM */
|
2008-06-14 18:01:29 +02:00
|
|
|
|
|
|
|
/* Change defaults. */
|
|
|
|
int i;
|
|
|
|
for (i = 0; testing_tor_network_defaults[i].name; ++i) {
|
2011-06-14 19:01:38 +02:00
|
|
|
const config_var_t *new_var = &testing_tor_network_defaults[i];
|
2008-06-14 18:01:29 +02:00
|
|
|
config_var_t *old_var =
|
2011-06-14 19:01:38 +02:00
|
|
|
config_find_option_mutable(&options_format, new_var->name);
|
2008-06-14 18:01:29 +02:00
|
|
|
tor_assert(new_var);
|
|
|
|
tor_assert(old_var);
|
|
|
|
old_var->initvalue = new_var->initvalue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Clear newoptions and re-initialize them with new defaults. */
|
|
|
|
config_free(&options_format, newoptions);
|
2011-11-28 04:25:52 +01:00
|
|
|
config_free(&options_format, newdefaultoptions);
|
|
|
|
newdefaultoptions = NULL;
|
2008-06-14 18:01:29 +02:00
|
|
|
newoptions = tor_malloc_zero(sizeof(or_options_t));
|
2012-10-12 18:22:13 +02:00
|
|
|
newoptions->magic_ = OR_OPTIONS_MAGIC;
|
2008-06-14 18:01:29 +02:00
|
|
|
options_init(newoptions);
|
|
|
|
newoptions->command = command;
|
2013-08-25 18:03:57 +02:00
|
|
|
newoptions->command_arg = command_arg ? tor_strdup(command_arg) : NULL;
|
2008-06-14 18:01:29 +02:00
|
|
|
|
|
|
|
/* Assign all options a second time. */
|
2011-11-28 04:25:52 +01:00
|
|
|
for (i = 0; i < 2; ++i) {
|
|
|
|
const char *body = i==0 ? cf_defaults : cf;
|
|
|
|
if (!body)
|
|
|
|
continue;
|
|
|
|
/* get config lines, assign them */
|
|
|
|
retval = config_get_lines(body, &cl, 1);
|
|
|
|
if (retval < 0) {
|
|
|
|
err = SETOPT_ERR_PARSE;
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
retval = config_assign(&options_format, newoptions, cl, 0, 0, msg);
|
|
|
|
config_free_lines(cl);
|
|
|
|
if (retval < 0) {
|
|
|
|
err = SETOPT_ERR_PARSE;
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
if (i==0)
|
2012-09-12 23:34:50 +02:00
|
|
|
newdefaultoptions = config_dup(&options_format, newoptions);
|
2008-06-14 18:01:29 +02:00
|
|
|
}
|
2012-03-14 07:40:04 +01:00
|
|
|
/* Assign command-line variables a second time too */
|
|
|
|
retval = config_assign(&options_format, newoptions,
|
|
|
|
global_cmdline_options, 0, 0, msg);
|
|
|
|
if (retval < 0) {
|
|
|
|
err = SETOPT_ERR_PARSE;
|
|
|
|
goto err;
|
|
|
|
}
|
2008-06-14 18:01:29 +02:00
|
|
|
}
|
|
|
|
|
2004-11-09 05:28:18 +01:00
|
|
|
/* Validate newoptions */
|
2013-05-16 12:08:48 +02:00
|
|
|
if (options_validate(oldoptions, newoptions, newdefaultoptions,
|
|
|
|
0, msg) < 0) {
|
2008-12-18 17:11:24 +01:00
|
|
|
err = SETOPT_ERR_PARSE; /*XXX make this a separate return value.*/
|
2004-11-06 06:18:11 +01:00
|
|
|
goto err;
|
2008-03-10 13:41:49 +01:00
|
|
|
}
|
2004-11-04 11:23:30 +01:00
|
|
|
|
2008-03-10 13:41:49 +01:00
|
|
|
if (options_transition_allowed(oldoptions, newoptions, msg) < 0) {
|
2008-03-13 16:11:56 +01:00
|
|
|
err = SETOPT_ERR_TRANSITION;
|
2004-11-06 06:18:11 +01:00
|
|
|
goto err;
|
2008-03-10 13:41:49 +01:00
|
|
|
}
|
2004-11-04 11:23:30 +01:00
|
|
|
|
2008-03-10 13:41:49 +01:00
|
|
|
if (set_options(newoptions, msg)) {
|
2008-03-13 16:11:56 +01:00
|
|
|
err = SETOPT_ERR_SETTING;
|
2005-09-14 04:36:29 +02:00
|
|
|
goto err; /* frees and replaces old options */
|
2008-03-10 13:41:49 +01:00
|
|
|
}
|
2011-11-28 04:25:52 +01:00
|
|
|
config_free(&options_format, global_default_options);
|
|
|
|
global_default_options = newdefaultoptions;
|
2006-03-26 08:51:26 +02:00
|
|
|
|
2008-03-13 16:11:56 +01:00
|
|
|
return SETOPT_OK;
|
2008-03-10 13:41:44 +01:00
|
|
|
|
2004-11-06 06:18:11 +01:00
|
|
|
err:
|
2005-08-04 21:56:41 +02:00
|
|
|
config_free(&options_format, newoptions);
|
2011-11-28 04:25:52 +01:00
|
|
|
config_free(&options_format, newdefaultoptions);
|
2008-03-10 13:41:49 +01:00
|
|
|
if (*msg) {
|
2010-03-01 03:46:50 +01:00
|
|
|
char *old_msg = *msg;
|
|
|
|
tor_asprintf(msg, "Failed to parse/validate config: %s", old_msg);
|
|
|
|
tor_free(old_msg);
|
2006-03-26 08:51:26 +02:00
|
|
|
}
|
2008-03-10 13:41:49 +01:00
|
|
|
return err;
|
2002-07-03 18:31:22 +02:00
|
|
|
}
|
|
|
|
|
2005-08-10 20:05:20 +02:00
|
|
|
/** Return the location for our configuration file.
|
|
|
|
*/
|
|
|
|
const char *
|
2011-11-28 04:25:52 +01:00
|
|
|
get_torrc_fname(int defaults_fname)
|
2005-08-10 20:05:20 +02:00
|
|
|
{
|
2011-11-28 04:25:52 +01:00
|
|
|
const char *fname = defaults_fname ? torrc_defaults_fname : torrc_fname;
|
|
|
|
|
|
|
|
if (fname)
|
|
|
|
return fname;
|
2005-08-10 20:05:20 +02:00
|
|
|
else
|
2011-11-28 04:25:52 +01:00
|
|
|
return get_default_conf_file(defaults_fname);
|
2005-08-10 20:05:20 +02:00
|
|
|
}
|
|
|
|
|
2009-05-27 23:55:51 +02:00
|
|
|
/** Adjust the address map based on the MapAddress elements in the
|
2005-06-11 20:52:12 +02:00
|
|
|
* configuration <b>options</b>
|
|
|
|
*/
|
2010-08-03 23:28:55 +02:00
|
|
|
void
|
2011-06-14 19:01:38 +02:00
|
|
|
config_register_addressmaps(const or_options_t *options)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2005-02-22 01:53:08 +01:00
|
|
|
smartlist_t *elts;
|
2005-07-22 23:12:10 +02:00
|
|
|
config_line_t *opt;
|
2012-08-15 23:49:18 +02:00
|
|
|
const char *from, *to, *msg;
|
2005-02-22 01:53:08 +01:00
|
|
|
|
2005-03-11 22:39:39 +01:00
|
|
|
addressmap_clear_configured();
|
2012-01-18 21:53:30 +01:00
|
|
|
elts = smartlist_new();
|
2005-02-22 01:53:08 +01:00
|
|
|
for (opt = options->AddressMap; opt; opt = opt->next) {
|
|
|
|
smartlist_split_string(elts, opt->value, NULL,
|
|
|
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
|
2010-12-27 18:35:16 +01:00
|
|
|
if (smartlist_len(elts) < 2) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_CONFIG,"MapAddress '%s' has too few arguments. Ignoring.",
|
|
|
|
opt->value);
|
2010-12-27 18:35:16 +01:00
|
|
|
goto cleanup;
|
2005-02-22 01:53:08 +01:00
|
|
|
}
|
2010-12-27 18:35:16 +01:00
|
|
|
|
|
|
|
from = smartlist_get(elts,0);
|
|
|
|
to = smartlist_get(elts,1);
|
|
|
|
|
|
|
|
if (to[0] == '.' || from[0] == '.') {
|
|
|
|
log_warn(LD_CONFIG,"MapAddress '%s' is ambiguous - address starts with a"
|
|
|
|
"'.'. Ignoring.",opt->value);
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2012-08-15 23:49:18 +02:00
|
|
|
if (addressmap_register_auto(from, to, 0, ADDRMAPSRC_TORRC, &msg) < 0) {
|
|
|
|
log_warn(LD_CONFIG,"MapAddress '%s' failed: %s. Ignoring.", opt->value,
|
|
|
|
msg);
|
2011-09-08 18:04:34 +02:00
|
|
|
goto cleanup;
|
|
|
|
}
|
2012-08-15 23:49:18 +02:00
|
|
|
|
|
|
|
if (smartlist_len(elts) > 2)
|
|
|
|
log_warn(LD_CONFIG,"Ignoring extra arguments to MapAddress.");
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
SMARTLIST_FOREACH(elts, char*, cp, tor_free(cp));
|
|
|
|
smartlist_clear(elts);
|
|
|
|
}
|
|
|
|
smartlist_free(elts);
|
|
|
|
}
|
|
|
|
|
|
|
|
/** As addressmap_register(), but detect the wildcarded status of "from" and
|
|
|
|
* "to", and do not steal a reference to <b>to</b>. */
|
|
|
|
/* XXXX024 move to connection_edge.c */
|
|
|
|
int
|
|
|
|
addressmap_register_auto(const char *from, const char *to,
|
|
|
|
time_t expires,
|
|
|
|
addressmap_entry_source_t addrmap_source,
|
|
|
|
const char **msg)
|
|
|
|
{
|
|
|
|
int from_wildcard = 0, to_wildcard = 0;
|
|
|
|
|
|
|
|
*msg = "whoops, forgot the error message";
|
|
|
|
if (1) {
|
|
|
|
if (!strcmp(to, "*") || !strcmp(from, "*")) {
|
|
|
|
*msg = "can't remap from or to *";
|
|
|
|
return -1;
|
|
|
|
}
|
2011-09-08 17:54:24 +02:00
|
|
|
/* Detect asterisks in expressions of type: '*.example.com' */
|
|
|
|
if (!strncmp(from,"*.",2)) {
|
|
|
|
from += 2;
|
|
|
|
from_wildcard = 1;
|
2005-02-22 01:53:08 +01:00
|
|
|
}
|
2011-09-08 17:54:24 +02:00
|
|
|
if (!strncmp(to,"*.",2)) {
|
|
|
|
to += 2;
|
|
|
|
to_wildcard = 1;
|
|
|
|
}
|
2010-12-27 18:35:16 +01:00
|
|
|
|
2011-09-08 17:54:24 +02:00
|
|
|
if (to_wildcard && !from_wildcard) {
|
2012-08-15 23:49:18 +02:00
|
|
|
*msg = "can only use wildcard (i.e. '*.') if 'from' address "
|
|
|
|
"uses wildcard also";
|
|
|
|
return -1;
|
2010-12-27 18:35:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (address_is_invalid_destination(to, 1)) {
|
2012-08-15 23:49:18 +02:00
|
|
|
*msg = "destination is invalid";
|
|
|
|
return -1;
|
2010-12-27 18:35:16 +01:00
|
|
|
}
|
|
|
|
|
2012-08-15 23:49:18 +02:00
|
|
|
addressmap_register(from, tor_strdup(to), expires, addrmap_source,
|
2011-09-08 17:54:24 +02:00
|
|
|
from_wildcard, to_wildcard);
|
2005-02-22 01:53:08 +01:00
|
|
|
}
|
2012-08-15 23:49:18 +02:00
|
|
|
return 0;
|
2005-02-22 01:53:08 +01:00
|
|
|
}
|
|
|
|
|
2004-05-19 22:07:08 +02:00
|
|
|
/**
|
|
|
|
* Initialize the logs based on the configuration file.
|
|
|
|
*/
|
2007-10-02 22:35:23 +02:00
|
|
|
static int
|
2014-03-23 17:24:26 +01:00
|
|
|
options_init_logs(const or_options_t *old_options, or_options_t *options,
|
|
|
|
int validate_only)
|
2004-05-19 22:07:08 +02:00
|
|
|
{
|
2005-07-22 23:12:10 +02:00
|
|
|
config_line_t *opt;
|
2004-11-05 06:50:35 +01:00
|
|
|
int ok;
|
2004-11-06 06:18:11 +01:00
|
|
|
smartlist_t *elts;
|
2006-05-23 09:04:55 +02:00
|
|
|
int daemon =
|
2012-01-31 16:59:42 +01:00
|
|
|
#ifdef _WIN32
|
2006-05-23 09:04:55 +02:00
|
|
|
0;
|
|
|
|
#else
|
|
|
|
options->RunAsDaemon;
|
|
|
|
#endif
|
2004-11-05 06:50:35 +01:00
|
|
|
|
2010-11-08 16:37:20 +01:00
|
|
|
if (options->LogTimeGranularity <= 0) {
|
|
|
|
log_warn(LD_CONFIG, "Log time granularity '%d' has to be positive.",
|
2010-08-27 08:13:54 +02:00
|
|
|
options->LogTimeGranularity);
|
|
|
|
return -1;
|
2010-11-08 16:37:20 +01:00
|
|
|
} else if (1000 % options->LogTimeGranularity != 0 &&
|
|
|
|
options->LogTimeGranularity % 1000 != 0) {
|
|
|
|
int granularity = options->LogTimeGranularity;
|
|
|
|
if (granularity < 40) {
|
|
|
|
do granularity++;
|
|
|
|
while (1000 % granularity != 0);
|
|
|
|
} else if (granularity < 1000) {
|
|
|
|
granularity = 1000 / granularity;
|
|
|
|
while (1000 % granularity != 0)
|
|
|
|
granularity--;
|
|
|
|
granularity = 1000 / granularity;
|
|
|
|
} else {
|
|
|
|
granularity = 1000 * ((granularity / 1000) + 1);
|
|
|
|
}
|
|
|
|
log_warn(LD_CONFIG, "Log time granularity '%d' has to be either a "
|
|
|
|
"divisor or a multiple of 1 second. Changing to "
|
|
|
|
"'%d'.",
|
|
|
|
options->LogTimeGranularity, granularity);
|
2010-11-08 18:40:26 +01:00
|
|
|
if (!validate_only)
|
|
|
|
set_log_time_granularity(granularity);
|
2010-11-08 16:37:20 +01:00
|
|
|
} else {
|
2010-11-08 18:40:26 +01:00
|
|
|
if (!validate_only)
|
|
|
|
set_log_time_granularity(options->LogTimeGranularity);
|
2010-08-27 08:13:54 +02:00
|
|
|
}
|
|
|
|
|
2004-11-05 06:50:35 +01:00
|
|
|
ok = 1;
|
2012-01-18 21:53:30 +01:00
|
|
|
elts = smartlist_new();
|
2006-01-11 20:40:14 +01:00
|
|
|
|
2004-11-05 06:50:35 +01:00
|
|
|
for (opt = options->Logs; opt; opt = opt->next) {
|
2008-03-05 23:31:39 +01:00
|
|
|
log_severity_list_t *severity;
|
|
|
|
const char *cfg = opt->value;
|
|
|
|
severity = tor_malloc_zero(sizeof(log_severity_list_t));
|
|
|
|
if (parse_log_severity_config(&cfg, severity) < 0) {
|
|
|
|
log_warn(LD_CONFIG, "Couldn't parse log levels in Log option 'Log %s'",
|
|
|
|
opt->value);
|
2004-11-05 06:50:35 +01:00
|
|
|
ok = 0; goto cleanup;
|
|
|
|
}
|
2008-03-05 23:31:39 +01:00
|
|
|
|
|
|
|
smartlist_split_string(elts, cfg, NULL,
|
|
|
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
|
|
|
|
|
|
|
|
if (smartlist_len(elts) == 0)
|
|
|
|
smartlist_add(elts, tor_strdup("stdout"));
|
|
|
|
|
|
|
|
if (smartlist_len(elts) == 1 &&
|
|
|
|
(!strcasecmp(smartlist_get(elts,0), "stdout") ||
|
|
|
|
!strcasecmp(smartlist_get(elts,0), "stderr"))) {
|
|
|
|
int err = smartlist_len(elts) &&
|
|
|
|
!strcasecmp(smartlist_get(elts,0), "stderr");
|
2006-01-11 20:40:14 +01:00
|
|
|
if (!validate_only) {
|
|
|
|
if (daemon) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_CONFIG,
|
2008-03-05 23:31:39 +01:00
|
|
|
"Can't log to %s with RunAsDaemon set; skipping stdout",
|
|
|
|
err?"stderr":"stdout");
|
2006-02-11 22:56:03 +01:00
|
|
|
} else {
|
2008-03-05 23:31:39 +01:00
|
|
|
add_stream_log(severity, err?"<stderr>":"<stdout>",
|
2008-12-03 00:36:58 +01:00
|
|
|
fileno(err?stderr:stdout));
|
2006-01-11 20:40:14 +01:00
|
|
|
}
|
|
|
|
}
|
2004-11-05 06:50:35 +01:00
|
|
|
goto cleanup;
|
|
|
|
}
|
2008-03-05 23:31:39 +01:00
|
|
|
if (smartlist_len(elts) == 1 &&
|
|
|
|
!strcasecmp(smartlist_get(elts,0), "syslog")) {
|
|
|
|
#ifdef HAVE_SYSLOG_H
|
|
|
|
if (!validate_only) {
|
|
|
|
add_syslog_log(severity);
|
2004-11-05 06:50:35 +01:00
|
|
|
}
|
2008-03-05 23:31:39 +01:00
|
|
|
#else
|
|
|
|
log_warn(LD_CONFIG, "Syslog is not supported on this system. Sorry.");
|
|
|
|
#endif
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (smartlist_len(elts) == 2 &&
|
|
|
|
!strcasecmp(smartlist_get(elts,0), "file")) {
|
2006-01-11 20:40:14 +01:00
|
|
|
if (!validate_only) {
|
2011-04-22 16:06:52 +02:00
|
|
|
char *fname = expand_filename(smartlist_get(elts, 1));
|
2014-03-23 17:24:26 +01:00
|
|
|
/* Truncate if TruncateLogFile is set and we haven't seen this option
|
|
|
|
line before. */
|
|
|
|
int truncate = 0;
|
|
|
|
if (options->TruncateLogFile) {
|
|
|
|
truncate = 1;
|
|
|
|
if (old_options) {
|
|
|
|
config_line_t *opt2;
|
|
|
|
for (opt2 = old_options->Logs; opt2; opt2 = opt2->next)
|
|
|
|
if (!strcmp(opt->value, opt2->value)) {
|
|
|
|
truncate = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (add_file_log(severity, fname, truncate) < 0) {
|
2008-04-01 23:05:31 +02:00
|
|
|
log_warn(LD_CONFIG, "Couldn't open file for 'Log %s': %s",
|
|
|
|
opt->value, strerror(errno));
|
2006-01-11 20:40:14 +01:00
|
|
|
ok = 0;
|
2006-01-11 21:09:37 +01:00
|
|
|
}
|
2011-04-22 16:06:52 +02:00
|
|
|
tor_free(fname);
|
2006-01-11 20:40:14 +01:00
|
|
|
}
|
2004-11-05 06:50:35 +01:00
|
|
|
goto cleanup;
|
|
|
|
}
|
2008-03-05 23:31:39 +01:00
|
|
|
|
|
|
|
log_warn(LD_CONFIG, "Bad syntax on file Log option 'Log %s'",
|
|
|
|
opt->value);
|
|
|
|
ok = 0; goto cleanup;
|
|
|
|
|
2004-11-05 06:50:35 +01:00
|
|
|
cleanup:
|
|
|
|
SMARTLIST_FOREACH(elts, char*, cp, tor_free(cp));
|
|
|
|
smartlist_clear(elts);
|
2008-03-05 23:31:39 +01:00
|
|
|
tor_free(severity);
|
2004-11-05 06:50:35 +01:00
|
|
|
}
|
|
|
|
smartlist_free(elts);
|
|
|
|
|
2011-01-25 21:53:15 +01:00
|
|
|
if (ok && !validate_only)
|
|
|
|
logs_set_domain_logging(options->LogMessageDomains);
|
|
|
|
|
2004-11-05 06:50:35 +01:00
|
|
|
return ok?0:-1;
|
|
|
|
}
|
|
|
|
|
2012-12-17 13:39:24 +01:00
|
|
|
/** Given a smartlist of SOCKS arguments to be passed to a transport
|
|
|
|
* proxy in <b>args</b>, validate them and return -1 if they are
|
|
|
|
* corrupted. Return 0 if they seem OK. */
|
|
|
|
static int
|
|
|
|
validate_transport_socks_arguments(const smartlist_t *args)
|
|
|
|
{
|
|
|
|
char *socks_string = NULL;
|
|
|
|
size_t socks_string_len;
|
|
|
|
|
|
|
|
tor_assert(args);
|
|
|
|
tor_assert(smartlist_len(args) > 0);
|
|
|
|
|
|
|
|
SMARTLIST_FOREACH_BEGIN(args, const char *, s) {
|
2013-02-11 14:43:20 +01:00
|
|
|
if (!string_is_key_value(LOG_WARN, s)) { /* items should be k=v items */
|
|
|
|
log_warn(LD_CONFIG, "'%s' is not a k=v item.", s);
|
2012-12-17 13:39:24 +01:00
|
|
|
return -1;
|
2013-02-11 14:43:20 +01:00
|
|
|
}
|
2012-12-17 13:39:24 +01:00
|
|
|
} SMARTLIST_FOREACH_END(s);
|
|
|
|
|
|
|
|
socks_string = pt_stringify_socks_args(args);
|
|
|
|
if (!socks_string)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
socks_string_len = strlen(socks_string);
|
|
|
|
tor_free(socks_string);
|
|
|
|
|
|
|
|
if (socks_string_len > MAX_SOCKS5_AUTH_SIZE_TOTAL) {
|
|
|
|
log_warn(LD_CONFIG, "SOCKS arguments can't be more than %u bytes (%lu).",
|
|
|
|
MAX_SOCKS5_AUTH_SIZE_TOTAL,
|
|
|
|
(unsigned long) socks_string_len);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-02-11 14:43:20 +01:00
|
|
|
/** Deallocate a bridge_line_t structure. */
|
|
|
|
/* private */ void
|
|
|
|
bridge_line_free(bridge_line_t *bridge_line)
|
|
|
|
{
|
|
|
|
if (!bridge_line)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (bridge_line->socks_args) {
|
|
|
|
SMARTLIST_FOREACH(bridge_line->socks_args, char*, s, tor_free(s));
|
|
|
|
smartlist_free(bridge_line->socks_args);
|
|
|
|
}
|
|
|
|
tor_free(bridge_line->transport_name);
|
|
|
|
tor_free(bridge_line);
|
|
|
|
}
|
|
|
|
|
2007-05-08 13:28:05 +02:00
|
|
|
/** Read the contents of a Bridge line from <b>line</b>. Return 0
|
|
|
|
* if the line is well-formed, and -1 if it isn't. If
|
|
|
|
* <b>validate_only</b> is 0, and the line is well-formed, then add
|
2013-02-11 14:43:20 +01:00
|
|
|
* the bridge described in the line to our internal bridge list.
|
|
|
|
*
|
|
|
|
* Bridge line format:
|
|
|
|
* Bridge [transport] IP:PORT [id-fingerprint] [k=v] [k=v] ...
|
|
|
|
*/
|
|
|
|
/* private */ bridge_line_t *
|
|
|
|
parse_bridge_line(const char *line)
|
2007-05-08 13:28:05 +02:00
|
|
|
{
|
|
|
|
smartlist_t *items = NULL;
|
2008-08-05 22:08:19 +02:00
|
|
|
char *addrport=NULL, *fingerprint=NULL;
|
2012-12-17 13:31:13 +01:00
|
|
|
char *field=NULL;
|
2013-02-11 14:43:20 +01:00
|
|
|
bridge_line_t *bridge_line = tor_malloc_zero(sizeof(bridge_line_t));
|
2007-05-08 13:28:05 +02:00
|
|
|
|
2012-01-18 21:53:30 +01:00
|
|
|
items = smartlist_new();
|
2007-05-08 13:28:05 +02:00
|
|
|
smartlist_split_string(items, line, NULL,
|
|
|
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
|
|
|
|
if (smartlist_len(items) < 1) {
|
|
|
|
log_warn(LD_CONFIG, "Too few arguments to Bridge line.");
|
|
|
|
goto err;
|
|
|
|
}
|
2011-06-11 17:08:31 +02:00
|
|
|
|
2013-02-11 14:43:20 +01:00
|
|
|
/* first field is either a transport name or addrport */
|
2012-12-17 13:31:13 +01:00
|
|
|
field = smartlist_get(items, 0);
|
2007-05-08 13:28:05 +02:00
|
|
|
smartlist_del_keeporder(items, 0);
|
2011-06-11 17:08:31 +02:00
|
|
|
|
2013-02-11 14:43:20 +01:00
|
|
|
if (string_is_C_identifier(field)) {
|
|
|
|
/* It's a transport name. */
|
|
|
|
bridge_line->transport_name = field;
|
2011-07-03 05:38:00 +02:00
|
|
|
if (smartlist_len(items) < 1) {
|
|
|
|
log_warn(LD_CONFIG, "Too few items to Bridge line.");
|
|
|
|
goto err;
|
|
|
|
}
|
2013-02-11 14:43:20 +01:00
|
|
|
addrport = smartlist_get(items, 0); /* Next field is addrport then. */
|
2011-06-11 17:08:31 +02:00
|
|
|
smartlist_del_keeporder(items, 0);
|
2011-07-03 05:23:07 +02:00
|
|
|
} else {
|
2012-12-17 13:31:13 +01:00
|
|
|
addrport = field;
|
2011-07-03 05:23:07 +02:00
|
|
|
}
|
2011-06-11 17:08:31 +02:00
|
|
|
|
2014-04-05 20:50:57 +02:00
|
|
|
if (tor_addr_port_parse(LOG_INFO, addrport,
|
|
|
|
&bridge_line->addr, &bridge_line->port, 443)<0) {
|
2007-05-08 13:28:05 +02:00
|
|
|
log_warn(LD_CONFIG, "Error parsing Bridge address '%s'", addrport);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2012-12-17 13:31:13 +01:00
|
|
|
/* If transports are enabled, next field could be a fingerprint or a
|
2013-02-11 14:43:20 +01:00
|
|
|
socks argument. If transports are disabled, next field must be
|
2012-12-17 13:31:13 +01:00
|
|
|
a fingerprint. */
|
2007-05-08 13:28:05 +02:00
|
|
|
if (smartlist_len(items)) {
|
2013-02-11 14:43:20 +01:00
|
|
|
if (bridge_line->transport_name) { /* transports enabled: */
|
2012-12-17 13:31:13 +01:00
|
|
|
field = smartlist_get(items, 0);
|
|
|
|
smartlist_del_keeporder(items, 0);
|
|
|
|
|
2013-02-09 19:46:10 +01:00
|
|
|
/* If it's a key=value pair, then it's a SOCKS argument for the
|
|
|
|
transport proxy... */
|
2013-02-11 14:43:20 +01:00
|
|
|
if (string_is_key_value(LOG_DEBUG, field)) {
|
|
|
|
bridge_line->socks_args = smartlist_new();
|
|
|
|
smartlist_add(bridge_line->socks_args, field);
|
2013-02-09 19:46:10 +01:00
|
|
|
} else { /* ...otherwise, it's the bridge fingerprint. */
|
2012-12-17 13:31:13 +01:00
|
|
|
fingerprint = field;
|
|
|
|
}
|
|
|
|
|
|
|
|
} else { /* transports disabled: */
|
|
|
|
fingerprint = smartlist_join_strings(items, "", 0, NULL);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-02-11 14:43:20 +01:00
|
|
|
/* Handle fingerprint, if it was provided. */
|
2012-12-17 13:31:13 +01:00
|
|
|
if (fingerprint) {
|
2007-05-08 13:28:05 +02:00
|
|
|
if (strlen(fingerprint) != HEX_DIGEST_LEN) {
|
|
|
|
log_warn(LD_CONFIG, "Key digest for Bridge is wrong length.");
|
|
|
|
goto err;
|
|
|
|
}
|
2013-02-11 14:43:20 +01:00
|
|
|
if (base16_decode(bridge_line->digest, DIGEST_LEN,
|
|
|
|
fingerprint, HEX_DIGEST_LEN)<0) {
|
2007-05-08 13:28:05 +02:00
|
|
|
log_warn(LD_CONFIG, "Unable to decode Bridge key digest.");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-12-17 13:31:13 +01:00
|
|
|
/* If we are using transports, any remaining items in the smartlist
|
2013-02-11 14:43:20 +01:00
|
|
|
should be k=v values. */
|
|
|
|
if (bridge_line->transport_name && smartlist_len(items)) {
|
|
|
|
if (!bridge_line->socks_args)
|
|
|
|
bridge_line->socks_args = smartlist_new();
|
2012-12-17 13:31:13 +01:00
|
|
|
|
|
|
|
/* append remaining items of 'items' to 'socks_args' */
|
2013-02-11 14:43:20 +01:00
|
|
|
smartlist_add_all(bridge_line->socks_args, items);
|
2012-12-17 13:31:13 +01:00
|
|
|
smartlist_clear(items);
|
|
|
|
|
2013-02-11 14:43:20 +01:00
|
|
|
tor_assert(smartlist_len(bridge_line->socks_args) > 0);
|
2012-12-17 13:31:13 +01:00
|
|
|
}
|
|
|
|
|
2013-02-11 14:43:20 +01:00
|
|
|
if (bridge_line->socks_args) {
|
|
|
|
if (validate_transport_socks_arguments(bridge_line->socks_args) < 0)
|
|
|
|
goto err;
|
2007-05-08 13:28:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
goto done;
|
|
|
|
|
2011-07-03 05:23:07 +02:00
|
|
|
err:
|
2013-02-11 14:43:20 +01:00
|
|
|
bridge_line_free(bridge_line);
|
|
|
|
bridge_line = NULL;
|
2007-05-08 13:28:05 +02:00
|
|
|
|
2011-07-03 05:23:07 +02:00
|
|
|
done:
|
2007-05-08 13:28:05 +02:00
|
|
|
SMARTLIST_FOREACH(items, char*, s, tor_free(s));
|
|
|
|
smartlist_free(items);
|
|
|
|
tor_free(addrport);
|
2011-07-13 18:58:11 +02:00
|
|
|
tor_free(fingerprint);
|
2012-12-17 13:31:13 +01:00
|
|
|
|
2013-02-11 14:43:20 +01:00
|
|
|
return bridge_line;
|
2007-05-08 13:28:05 +02:00
|
|
|
}
|
|
|
|
|
2014-07-29 04:32:23 +02:00
|
|
|
/** Read the contents of a ClientTransportPlugin or ServerTransportPlugin
|
|
|
|
* line from <b>line</b>, depending on the value of <b>server</b>. Return 0
|
|
|
|
* if the line is well-formed, and -1 if it isn't.
|
2011-07-13 18:58:11 +02:00
|
|
|
*
|
2014-07-29 04:32:23 +02:00
|
|
|
* If <b>validate_only</b> is 0, the line is well-formed, and the transport is
|
|
|
|
* needed by some bridge:
|
2011-07-13 18:58:11 +02:00
|
|
|
* - If it's an external proxy line, add the transport described in the line to
|
|
|
|
* our internal transport list.
|
2014-07-29 04:32:23 +02:00
|
|
|
* - If it's a managed proxy line, launch the managed proxy.
|
|
|
|
*/
|
|
|
|
|
|
|
|
STATIC int
|
|
|
|
parse_transport_line(const or_options_t *options,
|
|
|
|
const char *line, int validate_only,
|
|
|
|
int server)
|
2011-06-11 17:08:31 +02:00
|
|
|
{
|
2014-07-29 04:32:23 +02:00
|
|
|
|
2011-06-11 17:08:31 +02:00
|
|
|
smartlist_t *items = NULL;
|
|
|
|
int r;
|
2014-07-31 21:50:34 +02:00
|
|
|
const char *transports = NULL;
|
|
|
|
smartlist_t *transport_list = NULL;
|
|
|
|
char *type = NULL;
|
|
|
|
char *addrport = NULL;
|
2011-06-11 17:08:31 +02:00
|
|
|
tor_addr_t addr;
|
2011-06-12 16:41:32 +02:00
|
|
|
uint16_t port = 0;
|
2014-07-31 21:50:34 +02:00
|
|
|
int socks_ver = PROXY_NONE;
|
2011-07-13 18:58:11 +02:00
|
|
|
|
|
|
|
/* managed proxy options */
|
2014-07-31 21:50:34 +02:00
|
|
|
int is_managed = 0;
|
|
|
|
char **proxy_argv = NULL;
|
|
|
|
char **tmp = NULL;
|
2013-02-28 17:58:36 +01:00
|
|
|
int proxy_argc, i;
|
2014-07-31 21:50:34 +02:00
|
|
|
int is_useless_proxy = 1;
|
2011-07-18 16:42:31 +02:00
|
|
|
|
|
|
|
int line_length;
|
2011-06-11 17:08:31 +02:00
|
|
|
|
2014-07-31 21:50:34 +02:00
|
|
|
/* Split the line into space-separated tokens */
|
2012-01-18 21:53:30 +01:00
|
|
|
items = smartlist_new();
|
2011-06-11 17:08:31 +02:00
|
|
|
smartlist_split_string(items, line, NULL,
|
|
|
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
|
2014-07-31 21:50:34 +02:00
|
|
|
line_length = smartlist_len(items);
|
2011-06-12 16:41:32 +02:00
|
|
|
|
2011-07-18 16:42:31 +02:00
|
|
|
if (line_length < 3) {
|
2014-07-31 21:50:34 +02:00
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"Too few arguments on %sTransportPlugin line.",
|
|
|
|
server ? "Server" : "Client");
|
2011-06-11 17:08:31 +02:00
|
|
|
goto err;
|
|
|
|
}
|
2011-06-12 16:41:32 +02:00
|
|
|
|
2011-10-07 14:13:41 +02:00
|
|
|
/* Get the first line element, split it to commas into
|
|
|
|
transport_list (in case it's multiple transports) and validate
|
|
|
|
the transport names. */
|
|
|
|
transports = smartlist_get(items, 0);
|
2012-01-18 21:53:30 +01:00
|
|
|
transport_list = smartlist_new();
|
2011-10-07 14:13:41 +02:00
|
|
|
smartlist_split_string(transport_list, transports, ",",
|
|
|
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
|
|
|
|
SMARTLIST_FOREACH_BEGIN(transport_list, const char *, transport_name) {
|
2013-02-28 17:58:36 +01:00
|
|
|
/* validate transport names */
|
2011-10-07 14:13:41 +02:00
|
|
|
if (!string_is_C_identifier(transport_name)) {
|
|
|
|
log_warn(LD_CONFIG, "Transport name is not a C identifier (%s).",
|
|
|
|
transport_name);
|
|
|
|
goto err;
|
|
|
|
}
|
2013-02-28 17:58:36 +01:00
|
|
|
|
|
|
|
/* see if we actually need the transports provided by this proxy */
|
|
|
|
if (!validate_only && transport_is_needed(transport_name))
|
|
|
|
is_useless_proxy = 0;
|
2011-10-07 14:13:41 +02:00
|
|
|
} SMARTLIST_FOREACH_END(transport_name);
|
2011-06-12 16:41:32 +02:00
|
|
|
|
2014-07-31 21:50:34 +02:00
|
|
|
type = smartlist_get(items, 1);
|
|
|
|
if (!strcmp(type, "exec")) {
|
|
|
|
is_managed = 1;
|
|
|
|
} else if (server && !strcmp(type, "proxy")) {
|
|
|
|
/* 'proxy' syntax only with ServerTransportPlugin */
|
|
|
|
is_managed = 0;
|
|
|
|
} else if (!server && !strcmp(type, "socks4")) {
|
|
|
|
/* 'socks4' syntax only with ClientTransportPlugin */
|
|
|
|
is_managed = 0;
|
2011-06-11 17:08:31 +02:00
|
|
|
socks_ver = PROXY_SOCKS4;
|
2014-07-31 21:50:34 +02:00
|
|
|
} else if (!server && !strcmp(type, "socks5")) {
|
|
|
|
/* 'socks5' syntax only with ClientTransportPlugin */
|
|
|
|
is_managed = 0;
|
2011-06-11 17:08:31 +02:00
|
|
|
socks_ver = PROXY_SOCKS5;
|
2011-07-13 18:58:11 +02:00
|
|
|
} else {
|
2014-07-31 21:50:34 +02:00
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"Strange %sTransportPlugin type '%s'",
|
|
|
|
server ? "Server" : "Client", type);
|
2011-06-11 17:08:31 +02:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2014-05-20 18:21:31 +02:00
|
|
|
if (is_managed && options->Sandbox) {
|
2014-07-31 21:50:34 +02:00
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"Managed proxies are not compatible with Sandbox mode."
|
|
|
|
"(%sTransportPlugin line was %s)",
|
|
|
|
server ? "Server" : "Client", escaped(line));
|
2014-05-20 18:21:31 +02:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2014-07-31 21:50:34 +02:00
|
|
|
if (is_managed) {
|
|
|
|
/* managed */
|
2014-07-29 04:32:23 +02:00
|
|
|
|
2014-07-31 21:50:34 +02:00
|
|
|
if (!server && !validate_only && is_useless_proxy) {
|
2014-11-04 15:49:35 +01:00
|
|
|
log_info(LD_GENERAL,
|
|
|
|
"Pluggable transport proxy (%s) does not provide "
|
|
|
|
"any needed transports and will not be launched.",
|
|
|
|
line);
|
2013-02-28 17:58:36 +01:00
|
|
|
}
|
|
|
|
|
2014-07-31 21:50:34 +02:00
|
|
|
/*
|
|
|
|
* If we are not just validating, use the rest of the line as the
|
|
|
|
* argv of the proxy to be launched. Also, make sure that we are
|
|
|
|
* only launching proxies that contribute useful transports.
|
|
|
|
*/
|
2014-07-29 04:32:23 +02:00
|
|
|
|
2014-07-31 21:50:34 +02:00
|
|
|
if (!validate_only && (server || !is_useless_proxy)) {
|
|
|
|
proxy_argc = line_length - 2;
|
2011-07-18 16:42:31 +02:00
|
|
|
tor_assert(proxy_argc > 0);
|
2014-11-02 17:56:02 +01:00
|
|
|
proxy_argv = tor_calloc((proxy_argc + 1), sizeof(char *));
|
2011-07-13 18:58:11 +02:00
|
|
|
tmp = proxy_argv;
|
2014-07-29 04:32:23 +02:00
|
|
|
|
2014-07-31 21:50:34 +02:00
|
|
|
for (i = 0; i < proxy_argc; i++) {
|
|
|
|
/* store arguments */
|
2011-08-12 21:33:05 +02:00
|
|
|
*tmp++ = smartlist_get(items, 2);
|
|
|
|
smartlist_del_keeporder(items, 2);
|
|
|
|
}
|
2014-07-31 21:50:34 +02:00
|
|
|
*tmp = NULL; /* terminated with NULL, just like execve() likes it */
|
2011-06-11 17:08:31 +02:00
|
|
|
|
2011-08-12 21:33:05 +02:00
|
|
|
/* kickstart the thing */
|
2014-07-31 21:50:34 +02:00
|
|
|
if (server) {
|
|
|
|
pt_kickstart_server_proxy(transport_list, proxy_argv);
|
|
|
|
} else {
|
|
|
|
pt_kickstart_client_proxy(transport_list, proxy_argv);
|
|
|
|
}
|
2011-07-14 01:03:35 +02:00
|
|
|
}
|
2014-07-31 21:50:34 +02:00
|
|
|
} else {
|
|
|
|
/* external */
|
|
|
|
|
2014-03-25 08:21:22 +01:00
|
|
|
/* ClientTransportPlugins connecting through a proxy is managed only. */
|
2014-11-04 15:56:46 +01:00
|
|
|
if (!server && (options->Socks4Proxy || options->Socks5Proxy ||
|
|
|
|
options->HTTPSProxy)) {
|
2014-03-25 08:21:22 +01:00
|
|
|
log_warn(LD_CONFIG, "You have configured an external proxy with another "
|
|
|
|
"proxy type. (Socks4Proxy|Socks5Proxy|HTTPSProxy)");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2011-10-07 14:13:41 +02:00
|
|
|
if (smartlist_len(transport_list) != 1) {
|
2014-07-31 21:50:34 +02:00
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"You can't have an external proxy with more than "
|
|
|
|
"one transport.");
|
2011-10-07 14:13:41 +02:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2011-07-18 16:42:31 +02:00
|
|
|
addrport = smartlist_get(items, 2);
|
2011-07-14 01:03:35 +02:00
|
|
|
|
2014-07-31 21:50:34 +02:00
|
|
|
if (tor_addr_port_lookup(addrport, &addr, &port) < 0) {
|
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"Error parsing transport address '%s'", addrport);
|
2011-07-14 01:03:35 +02:00
|
|
|
goto err;
|
|
|
|
}
|
2014-07-31 21:50:34 +02:00
|
|
|
|
2011-07-14 01:03:35 +02:00
|
|
|
if (!port) {
|
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"Transport address '%s' has no port.", addrport);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!validate_only) {
|
2014-07-31 21:50:34 +02:00
|
|
|
log_info(LD_DIR, "%s '%s' at %s.",
|
|
|
|
server ? "Server transport" : "Transport",
|
2012-10-07 06:25:25 +02:00
|
|
|
transports, fmt_addrport(&addr, port));
|
2014-07-31 21:50:34 +02:00
|
|
|
|
|
|
|
if (!server) {
|
|
|
|
transport_add_from_config(&addr, port,
|
|
|
|
smartlist_get(transport_list, 0),
|
|
|
|
socks_ver);
|
|
|
|
}
|
2011-07-13 18:58:11 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
r = 0;
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
err:
|
|
|
|
r = -1;
|
|
|
|
|
|
|
|
done:
|
|
|
|
SMARTLIST_FOREACH(items, char*, s, tor_free(s));
|
|
|
|
smartlist_free(items);
|
2011-10-26 16:49:24 +02:00
|
|
|
if (transport_list) {
|
|
|
|
SMARTLIST_FOREACH(transport_list, char*, s, tor_free(s));
|
|
|
|
smartlist_free(transport_list);
|
|
|
|
}
|
2011-10-07 14:13:41 +02:00
|
|
|
|
2011-07-13 18:58:11 +02:00
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2012-10-30 03:17:13 +01:00
|
|
|
/** Given a ServerTransportListenAddr <b>line</b>, return its
|
|
|
|
* <address:port> string. Return NULL if the line was not
|
|
|
|
* well-formed.
|
|
|
|
*
|
|
|
|
* If <b>transport</b> is set, return NULL if the line is not
|
|
|
|
* referring to <b>transport</b>.
|
|
|
|
*
|
|
|
|
* The returned string is allocated on the heap and it's the
|
|
|
|
* responsibility of the caller to free it. */
|
|
|
|
static char *
|
|
|
|
get_bindaddr_from_transport_listen_line(const char *line,const char *transport)
|
|
|
|
{
|
|
|
|
smartlist_t *items = NULL;
|
|
|
|
const char *parsed_transport = NULL;
|
|
|
|
char *addrport = NULL;
|
2012-11-27 23:24:58 +01:00
|
|
|
tor_addr_t addr;
|
2012-10-30 03:17:13 +01:00
|
|
|
uint16_t port = 0;
|
|
|
|
|
|
|
|
items = smartlist_new();
|
|
|
|
smartlist_split_string(items, line, NULL,
|
|
|
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
|
|
|
|
|
|
|
|
if (smartlist_len(items) < 2) {
|
|
|
|
log_warn(LD_CONFIG,"Too few arguments on ServerTransportListenAddr line.");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
parsed_transport = smartlist_get(items, 0);
|
|
|
|
addrport = tor_strdup(smartlist_get(items, 1));
|
|
|
|
|
|
|
|
/* If 'transport' is given, check if it matches the one on the line */
|
|
|
|
if (transport && strcmp(transport, parsed_transport))
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
/* Validate addrport */
|
2014-03-27 20:31:29 +01:00
|
|
|
if (tor_addr_port_parse(LOG_WARN, addrport, &addr, &port, -1)<0) {
|
2012-10-30 03:17:13 +01:00
|
|
|
log_warn(LD_CONFIG, "Error parsing ServerTransportListenAddr "
|
|
|
|
"address '%s'", addrport);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
err:
|
|
|
|
tor_free(addrport);
|
|
|
|
addrport = NULL;
|
|
|
|
|
|
|
|
done:
|
|
|
|
SMARTLIST_FOREACH(items, char*, s, tor_free(s));
|
|
|
|
smartlist_free(items);
|
|
|
|
|
|
|
|
return addrport;
|
|
|
|
}
|
|
|
|
|
2013-06-12 14:28:31 +02:00
|
|
|
/** Given a ServerTransportOptions <b>line</b>, return a smartlist
|
|
|
|
* with the options. Return NULL if the line was not well-formed.
|
|
|
|
*
|
|
|
|
* If <b>transport</b> is set, return NULL if the line is not
|
|
|
|
* referring to <b>transport</b>.
|
|
|
|
*
|
|
|
|
* The returned smartlist and its strings are allocated on the heap
|
|
|
|
* and it's the responsibility of the caller to free it. */
|
|
|
|
smartlist_t *
|
|
|
|
get_options_from_transport_options_line(const char *line,const char *transport)
|
|
|
|
{
|
|
|
|
smartlist_t *items = smartlist_new();
|
|
|
|
smartlist_t *options = smartlist_new();
|
|
|
|
const char *parsed_transport = NULL;
|
|
|
|
|
|
|
|
smartlist_split_string(items, line, NULL,
|
|
|
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
|
|
|
|
|
|
|
|
if (smartlist_len(items) < 2) {
|
|
|
|
log_warn(LD_CONFIG,"Too few arguments on ServerTransportOptions line.");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
parsed_transport = smartlist_get(items, 0);
|
|
|
|
/* If 'transport' is given, check if it matches the one on the line */
|
|
|
|
if (transport && strcmp(transport, parsed_transport))
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
SMARTLIST_FOREACH_BEGIN(items, const char *, option) {
|
|
|
|
if (option_sl_idx == 0) /* skip the transport field (first field)*/
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* validate that it's a k=v value */
|
|
|
|
if (!string_is_key_value(LOG_WARN, option)) {
|
|
|
|
log_warn(LD_CONFIG, "%s is not a k=v value.", escaped(option));
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* add it to the options smartlist */
|
|
|
|
smartlist_add(options, tor_strdup(option));
|
|
|
|
log_debug(LD_CONFIG, "Added %s to the list of options", escaped(option));
|
|
|
|
} SMARTLIST_FOREACH_END(option);
|
|
|
|
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
err:
|
|
|
|
SMARTLIST_FOREACH(options, char*, s, tor_free(s));
|
|
|
|
smartlist_free(options);
|
|
|
|
options = NULL;
|
|
|
|
|
|
|
|
done:
|
|
|
|
SMARTLIST_FOREACH(items, char*, s, tor_free(s));
|
|
|
|
smartlist_free(items);
|
|
|
|
|
|
|
|
return options;
|
|
|
|
}
|
|
|
|
|
2012-10-30 03:17:13 +01:00
|
|
|
/** Given the name of a pluggable transport in <b>transport</b>, check
|
|
|
|
* the configuration file to see if the user has explicitly asked for
|
|
|
|
* it to listen on a specific port. Return a <address:port> string if
|
|
|
|
* so, otherwise NULL. */
|
|
|
|
char *
|
|
|
|
get_transport_bindaddr_from_config(const char *transport)
|
|
|
|
{
|
|
|
|
config_line_t *cl;
|
|
|
|
const or_options_t *options = get_options();
|
|
|
|
|
|
|
|
for (cl = options->ServerTransportListenAddr; cl; cl = cl->next) {
|
|
|
|
char *bindaddr =
|
|
|
|
get_bindaddr_from_transport_listen_line(cl->value, transport);
|
|
|
|
if (bindaddr)
|
|
|
|
return bindaddr;
|
|
|
|
}
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2013-06-12 16:12:39 +02:00
|
|
|
/** Given the name of a pluggable transport in <b>transport</b>, check
|
|
|
|
* the configuration file to see if the user has asked us to pass any
|
|
|
|
* parameters to the pluggable transport. Return a smartlist
|
|
|
|
* containing the parameters, otherwise NULL. */
|
|
|
|
smartlist_t *
|
|
|
|
get_options_for_server_transport(const char *transport)
|
|
|
|
{
|
|
|
|
config_line_t *cl;
|
|
|
|
const or_options_t *options = get_options();
|
|
|
|
|
|
|
|
for (cl = options->ServerTransportOptions; cl; cl = cl->next) {
|
|
|
|
smartlist_t *options_sl =
|
|
|
|
get_options_from_transport_options_line(cl->value, transport);
|
|
|
|
if (options_sl)
|
|
|
|
return options_sl;
|
|
|
|
}
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2012-09-10 22:33:19 +02:00
|
|
|
/** Read the contents of a DirAuthority line from <b>line</b>. If
|
2007-12-12 05:38:54 +01:00
|
|
|
* <b>validate_only</b> is 0, and the line is well-formed, and it
|
|
|
|
* shares any bits with <b>required_type</b> or <b>required_type</b>
|
2014-10-01 10:54:26 +02:00
|
|
|
* is NO_DIRINFO (zero), then add the dirserver described in the line
|
|
|
|
* (minus whatever bits it's missing) as a valid authority.
|
|
|
|
* Return 0 on success or filtering out by type,
|
2008-02-04 17:58:50 +01:00
|
|
|
* or -1 if the line isn't well-formed or if we can't add it. */
|
2004-11-09 00:12:40 +01:00
|
|
|
static int
|
2012-09-10 22:33:19 +02:00
|
|
|
parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
|
|
|
|
int validate_only)
|
2004-10-12 17:55:20 +02:00
|
|
|
{
|
|
|
|
smartlist_t *items = NULL;
|
2006-10-09 04:35:51 +02:00
|
|
|
int r;
|
2005-10-25 20:06:29 +02:00
|
|
|
char *addrport=NULL, *address=NULL, *nickname=NULL, *fingerprint=NULL;
|
2006-12-24 03:45:27 +01:00
|
|
|
uint16_t dir_port = 0, or_port = 0;
|
2004-10-12 17:55:20 +02:00
|
|
|
char digest[DIGEST_LEN];
|
2007-05-22 19:58:25 +02:00
|
|
|
char v3_digest[DIGEST_LEN];
|
2014-01-29 21:17:05 +01:00
|
|
|
dirinfo_type_t type = 0;
|
2012-09-12 19:30:09 +02:00
|
|
|
double weight = 1.0;
|
2005-09-07 18:42:53 +02:00
|
|
|
|
2012-01-18 21:53:30 +01:00
|
|
|
items = smartlist_new();
|
2005-10-04 23:21:09 +02:00
|
|
|
smartlist_split_string(items, line, NULL,
|
|
|
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
|
2006-09-30 00:33:34 +02:00
|
|
|
if (smartlist_len(items) < 1) {
|
2013-11-10 18:21:23 +01:00
|
|
|
log_warn(LD_CONFIG, "No arguments on DirAuthority line.");
|
2005-10-25 09:05:03 +02:00
|
|
|
goto err;
|
2005-10-04 23:21:09 +02:00
|
|
|
}
|
2005-09-07 18:42:53 +02:00
|
|
|
|
2005-10-04 23:21:09 +02:00
|
|
|
if (is_legal_nickname(smartlist_get(items, 0))) {
|
|
|
|
nickname = smartlist_get(items, 0);
|
|
|
|
smartlist_del_keeporder(items, 0);
|
|
|
|
}
|
|
|
|
|
2006-09-29 01:57:59 +02:00
|
|
|
while (smartlist_len(items)) {
|
|
|
|
char *flag = smartlist_get(items, 0);
|
|
|
|
if (TOR_ISDIGIT(flag[0]))
|
|
|
|
break;
|
2014-03-17 17:38:22 +01:00
|
|
|
if (!strcasecmp(flag, "hs") ||
|
2014-02-11 04:41:52 +01:00
|
|
|
!strcasecmp(flag, "no-hs")) {
|
|
|
|
log_warn(LD_CONFIG, "The DirAuthority options 'hs' and 'no-hs' are "
|
|
|
|
"obsolete; you don't need them any more.");
|
2007-05-07 10:26:50 +02:00
|
|
|
} else if (!strcasecmp(flag, "bridge")) {
|
2010-11-08 20:35:02 +01:00
|
|
|
type |= BRIDGE_DIRINFO;
|
2014-01-30 12:48:49 +01:00
|
|
|
} else if (!strcasecmp(flag, "no-v2")) {
|
|
|
|
/* obsolete, but may still be contained in DirAuthority lines generated
|
|
|
|
by various tools */;
|
2006-12-24 03:45:27 +01:00
|
|
|
} else if (!strcasecmpstart(flag, "orport=")) {
|
|
|
|
int ok;
|
2007-01-05 02:23:34 +01:00
|
|
|
char *portstring = flag + strlen("orport=");
|
|
|
|
or_port = (uint16_t) tor_parse_long(portstring, 10, 1, 65535, &ok, NULL);
|
2006-12-24 03:45:27 +01:00
|
|
|
if (!ok)
|
2013-11-10 18:21:23 +01:00
|
|
|
log_warn(LD_CONFIG, "Invalid orport '%s' on DirAuthority line.",
|
2007-01-05 02:23:34 +01:00
|
|
|
portstring);
|
2012-09-12 19:30:09 +02:00
|
|
|
} else if (!strcmpstart(flag, "weight=")) {
|
|
|
|
int ok;
|
|
|
|
const char *wstring = flag + strlen("weight=");
|
|
|
|
weight = tor_parse_double(wstring, 0, UINT64_MAX, &ok, NULL);
|
|
|
|
if (!ok) {
|
|
|
|
log_warn(LD_CONFIG, "Invalid weight '%s' on DirAuthority line.",flag);
|
|
|
|
weight=1.0;
|
|
|
|
}
|
2007-05-22 19:58:25 +02:00
|
|
|
} else if (!strcasecmpstart(flag, "v3ident=")) {
|
|
|
|
char *idstr = flag + strlen("v3ident=");
|
|
|
|
if (strlen(idstr) != HEX_DIGEST_LEN ||
|
|
|
|
base16_decode(v3_digest, DIGEST_LEN, idstr, HEX_DIGEST_LEN)<0) {
|
2013-11-10 18:21:23 +01:00
|
|
|
log_warn(LD_CONFIG, "Bad v3 identity digest '%s' on DirAuthority line",
|
2007-05-22 19:58:25 +02:00
|
|
|
flag);
|
|
|
|
} else {
|
2010-11-08 20:21:32 +01:00
|
|
|
type |= V3_DIRINFO|EXTRAINFO_DIRINFO|MICRODESC_DIRINFO;
|
2007-05-22 19:58:25 +02:00
|
|
|
}
|
2006-09-29 01:57:59 +02:00
|
|
|
} else {
|
2013-11-10 18:21:23 +01:00
|
|
|
log_warn(LD_CONFIG, "Unrecognized flag '%s' on DirAuthority line",
|
2006-09-29 01:57:59 +02:00
|
|
|
flag);
|
|
|
|
}
|
|
|
|
tor_free(flag);
|
2005-10-04 23:21:09 +02:00
|
|
|
smartlist_del_keeporder(items, 0);
|
2005-09-07 18:42:53 +02:00
|
|
|
}
|
2006-09-29 01:57:59 +02:00
|
|
|
|
2004-10-12 17:55:20 +02:00
|
|
|
if (smartlist_len(items) < 2) {
|
2013-11-10 18:21:23 +01:00
|
|
|
log_warn(LD_CONFIG, "Too few arguments to DirAuthority line.");
|
2004-10-14 04:47:09 +02:00
|
|
|
goto err;
|
2004-10-12 17:55:20 +02:00
|
|
|
}
|
|
|
|
addrport = smartlist_get(items, 0);
|
2007-01-05 02:12:10 +01:00
|
|
|
smartlist_del_keeporder(items, 0);
|
2011-10-11 17:21:31 +02:00
|
|
|
if (addr_port_lookup(LOG_WARN, addrport, &address, NULL, &dir_port)<0) {
|
2013-11-10 18:21:23 +01:00
|
|
|
log_warn(LD_CONFIG, "Error parsing DirAuthority address '%s'", addrport);
|
2004-10-14 04:47:09 +02:00
|
|
|
goto err;
|
2004-10-12 17:55:20 +02:00
|
|
|
}
|
2006-12-24 03:45:27 +01:00
|
|
|
if (!dir_port) {
|
2013-11-10 18:21:23 +01:00
|
|
|
log_warn(LD_CONFIG, "Missing port in DirAuthority address '%s'",addrport);
|
2004-10-14 04:47:09 +02:00
|
|
|
goto err;
|
2004-10-12 17:55:20 +02:00
|
|
|
}
|
|
|
|
|
2005-10-04 23:21:09 +02:00
|
|
|
fingerprint = smartlist_join_strings(items, "", 0, NULL);
|
|
|
|
if (strlen(fingerprint) != HEX_DIGEST_LEN) {
|
2013-11-10 18:21:23 +01:00
|
|
|
log_warn(LD_CONFIG, "Key digest '%s' for DirAuthority is wrong length %d.",
|
2012-09-07 09:04:15 +02:00
|
|
|
fingerprint, (int)strlen(fingerprint));
|
2004-10-14 04:47:09 +02:00
|
|
|
goto err;
|
2004-10-12 17:55:20 +02:00
|
|
|
}
|
2007-08-19 04:51:54 +02:00
|
|
|
if (!strcmp(fingerprint, "E623F7625FBE0C87820F11EC5F6D5377ED816294")) {
|
2007-12-06 12:19:00 +01:00
|
|
|
/* a known bad fingerprint. refuse to use it. We can remove this
|
|
|
|
* clause once Tor 0.1.2.17 is obsolete. */
|
2007-08-19 04:51:54 +02:00
|
|
|
log_warn(LD_CONFIG, "Dangerous dirserver line. To correct, erase your "
|
|
|
|
"torrc file (%s), or reinstall Tor and use the default torrc.",
|
2011-11-28 04:25:52 +01:00
|
|
|
get_torrc_fname(0));
|
2007-08-19 04:51:54 +02:00
|
|
|
goto err;
|
|
|
|
}
|
2005-10-04 23:21:09 +02:00
|
|
|
if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
|
2013-11-10 18:21:23 +01:00
|
|
|
log_warn(LD_CONFIG, "Unable to decode DirAuthority key digest.");
|
2004-10-14 04:47:09 +02:00
|
|
|
goto err;
|
2004-10-12 17:55:20 +02:00
|
|
|
}
|
|
|
|
|
2007-12-12 05:38:54 +01:00
|
|
|
if (!validate_only && (!required_type || required_type & type)) {
|
2012-09-10 22:33:19 +02:00
|
|
|
dir_server_t *ds;
|
2007-12-12 05:38:54 +01:00
|
|
|
if (required_type)
|
|
|
|
type &= required_type; /* pare down what we think of them as an
|
|
|
|
* authority for. */
|
|
|
|
log_debug(LD_DIR, "Trusted %d dirserver at %s:%d (%s)", (int)type,
|
|
|
|
address, (int)dir_port, (char*)smartlist_get(items,0));
|
2012-09-10 22:33:19 +02:00
|
|
|
if (!(ds = trusted_dir_server_new(nickname, address, dir_port, or_port,
|
2012-09-12 19:30:09 +02:00
|
|
|
digest, v3_digest, type, weight)))
|
2008-02-04 17:58:50 +01:00
|
|
|
goto err;
|
2012-09-10 22:33:19 +02:00
|
|
|
dir_server_add(ds);
|
2004-11-09 00:12:40 +01:00
|
|
|
}
|
2004-10-12 17:55:20 +02:00
|
|
|
|
|
|
|
r = 0;
|
|
|
|
goto done;
|
2004-10-14 04:47:09 +02:00
|
|
|
|
|
|
|
err:
|
2004-10-12 17:55:20 +02:00
|
|
|
r = -1;
|
2004-10-14 04:47:09 +02:00
|
|
|
|
|
|
|
done:
|
2004-10-12 17:55:20 +02:00
|
|
|
SMARTLIST_FOREACH(items, char*, s, tor_free(s));
|
|
|
|
smartlist_free(items);
|
2005-10-25 20:06:29 +02:00
|
|
|
tor_free(addrport);
|
2004-11-06 06:18:11 +01:00
|
|
|
tor_free(address);
|
2005-10-04 23:21:09 +02:00
|
|
|
tor_free(nickname);
|
|
|
|
tor_free(fingerprint);
|
2004-10-12 17:55:20 +02:00
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2012-09-11 00:13:28 +02:00
|
|
|
/** Read the contents of a FallbackDir line from <b>line</b>. If
|
|
|
|
* <b>validate_only</b> is 0, and the line is well-formed, then add the
|
|
|
|
* dirserver described in the line as a fallback directory. Return 0 on
|
|
|
|
* success, or -1 if the line isn't well-formed or if we can't add it. */
|
|
|
|
static int
|
|
|
|
parse_dir_fallback_line(const char *line,
|
|
|
|
int validate_only)
|
|
|
|
{
|
|
|
|
int r = -1;
|
|
|
|
smartlist_t *items = smartlist_new(), *positional = smartlist_new();
|
|
|
|
int orport = -1;
|
|
|
|
uint16_t dirport;
|
|
|
|
tor_addr_t addr;
|
|
|
|
int ok;
|
|
|
|
char id[DIGEST_LEN];
|
|
|
|
char *address=NULL;
|
2012-09-12 19:30:09 +02:00
|
|
|
double weight=1.0;
|
2012-09-11 00:13:28 +02:00
|
|
|
|
|
|
|
memset(id, 0, sizeof(id));
|
|
|
|
smartlist_split_string(items, line, NULL,
|
|
|
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
|
|
|
|
SMARTLIST_FOREACH_BEGIN(items, const char *, cp) {
|
|
|
|
const char *eq = strchr(cp, '=');
|
|
|
|
ok = 1;
|
|
|
|
if (! eq) {
|
|
|
|
smartlist_add(positional, (char*)cp);
|
|
|
|
continue;
|
|
|
|
}
|
2012-09-12 19:30:09 +02:00
|
|
|
if (!strcmpstart(cp, "orport=")) {
|
2012-09-11 00:13:28 +02:00
|
|
|
orport = (int)tor_parse_long(cp+strlen("orport="), 10,
|
|
|
|
1, 65535, &ok, NULL);
|
2012-09-12 19:30:09 +02:00
|
|
|
} else if (!strcmpstart(cp, "id=")) {
|
2012-09-11 00:13:28 +02:00
|
|
|
ok = !base16_decode(id, DIGEST_LEN,
|
|
|
|
cp+strlen("id="), strlen(cp)-strlen("id="));
|
2012-09-12 19:30:09 +02:00
|
|
|
} else if (!strcmpstart(cp, "weight=")) {
|
|
|
|
int ok;
|
|
|
|
const char *wstring = cp + strlen("weight=");
|
|
|
|
weight = tor_parse_double(wstring, 0, UINT64_MAX, &ok, NULL);
|
|
|
|
if (!ok) {
|
|
|
|
log_warn(LD_CONFIG, "Invalid weight '%s' on FallbackDir line.", cp);
|
|
|
|
weight=1.0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-09-11 00:13:28 +02:00
|
|
|
if (!ok) {
|
|
|
|
log_warn(LD_CONFIG, "Bad FallbackDir option %s", escaped(cp));
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
} SMARTLIST_FOREACH_END(cp);
|
|
|
|
|
|
|
|
if (smartlist_len(positional) != 1) {
|
|
|
|
log_warn(LD_CONFIG, "Couldn't parse FallbackDir line %s", escaped(line));
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tor_digest_is_zero(id)) {
|
|
|
|
log_warn(LD_CONFIG, "Missing identity on FallbackDir line");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (orport <= 0) {
|
|
|
|
log_warn(LD_CONFIG, "Missing orport on FallbackDir line");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tor_addr_port_split(LOG_INFO, smartlist_get(positional, 0),
|
|
|
|
&address, &dirport) < 0 ||
|
|
|
|
tor_addr_parse(&addr, address)<0) {
|
|
|
|
log_warn(LD_CONFIG, "Couldn't parse address:port %s on FallbackDir line",
|
|
|
|
(const char*)smartlist_get(positional, 0));
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!validate_only) {
|
|
|
|
dir_server_t *ds;
|
2012-09-12 19:30:09 +02:00
|
|
|
ds = fallback_dir_server_new(&addr, dirport, orport, id, weight);
|
2012-09-11 00:13:28 +02:00
|
|
|
if (!ds) {
|
|
|
|
log_warn(LD_CONFIG, "Couldn't create FallbackDir %s", escaped(line));
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
dir_server_add(ds);
|
|
|
|
}
|
|
|
|
|
|
|
|
r = 0;
|
|
|
|
|
|
|
|
end:
|
|
|
|
SMARTLIST_FOREACH(items, char *, cp, tor_free(cp));
|
|
|
|
smartlist_free(items);
|
|
|
|
smartlist_free(positional);
|
|
|
|
tor_free(address);
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2012-11-25 20:57:10 +01:00
|
|
|
/** Allocate and return a new port_cfg_t with reasonable defaults. */
|
|
|
|
static port_cfg_t *
|
|
|
|
port_cfg_new(void)
|
|
|
|
{
|
|
|
|
port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t));
|
|
|
|
cfg->ipv4_traffic = 1;
|
|
|
|
cfg->cache_ipv4_answers = 1;
|
2012-11-25 20:51:36 +01:00
|
|
|
cfg->prefer_ipv6_virtaddr = 1;
|
2012-11-25 20:57:10 +01:00
|
|
|
return cfg;
|
|
|
|
}
|
|
|
|
|
2011-07-06 22:03:47 +02:00
|
|
|
/** Free all storage held in <b>port</b> */
|
|
|
|
static void
|
|
|
|
port_cfg_free(port_cfg_t *port)
|
|
|
|
{
|
|
|
|
tor_free(port);
|
|
|
|
}
|
|
|
|
|
2013-01-02 16:37:03 +01:00
|
|
|
/** Warn for every port in <b>ports</b> of type <b>listener_type</b> that is
|
|
|
|
* on a publicly routable address. */
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
static void
|
2013-01-02 16:37:03 +01:00
|
|
|
warn_nonlocal_client_ports(const smartlist_t *ports, const char *portname,
|
|
|
|
int listener_type)
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
{
|
|
|
|
SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) {
|
2013-01-02 16:37:03 +01:00
|
|
|
if (port->type != listener_type)
|
|
|
|
continue;
|
2011-10-20 12:17:23 +02:00
|
|
|
if (port->is_unix_addr) {
|
|
|
|
/* Unix sockets aren't accessible over a network. */
|
|
|
|
} else if (!tor_addr_is_internal(&port->addr, 1)) {
|
2012-10-07 06:25:25 +02:00
|
|
|
log_warn(LD_CONFIG, "You specified a public address '%s' for %sPort. "
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
"Other people on the Internet might find your computer and "
|
|
|
|
"use it as an open proxy. Please don't allow this unless you "
|
2012-09-22 01:48:38 +02:00
|
|
|
"have a good reason.",
|
2012-10-07 06:25:25 +02:00
|
|
|
fmt_addrport(&port->addr, port->port), portname);
|
2011-10-07 22:34:21 +02:00
|
|
|
} else if (!tor_addr_is_loopback(&port->addr)) {
|
2012-10-07 06:25:25 +02:00
|
|
|
log_notice(LD_CONFIG, "You configured a non-loopback address '%s' "
|
2012-09-22 01:48:38 +02:00
|
|
|
"for %sPort. This allows everybody on your local network to "
|
|
|
|
"use your machine as a proxy. Make sure this is what you "
|
|
|
|
"wanted.",
|
2012-10-07 06:25:25 +02:00
|
|
|
fmt_addrport(&port->addr, port->port), portname);
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
}
|
|
|
|
} SMARTLIST_FOREACH_END(port);
|
|
|
|
}
|
|
|
|
|
2013-06-01 17:38:06 +02:00
|
|
|
/** Warn for every Extended ORPort port in <b>ports</b> that is on a
|
|
|
|
* publicly routable address. */
|
|
|
|
static void
|
|
|
|
warn_nonlocal_ext_orports(const smartlist_t *ports, const char *portname)
|
|
|
|
{
|
|
|
|
SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) {
|
|
|
|
if (port->type != CONN_TYPE_EXT_OR_LISTENER)
|
|
|
|
continue;
|
|
|
|
if (port->is_unix_addr)
|
|
|
|
continue;
|
|
|
|
/* XXX maybe warn even if address is RFC1918? */
|
|
|
|
if (!tor_addr_is_internal(&port->addr, 1)) {
|
|
|
|
log_warn(LD_CONFIG, "You specified a public address '%s' for %sPort. "
|
|
|
|
"This is not advised; this address is supposed to only be "
|
|
|
|
"exposed on localhost so that your pluggable transport "
|
|
|
|
"proxies can connect to it.",
|
|
|
|
fmt_addrport(&port->addr, port->port), portname);
|
|
|
|
}
|
|
|
|
} SMARTLIST_FOREACH_END(port);
|
|
|
|
}
|
|
|
|
|
2012-06-05 00:50:13 +02:00
|
|
|
/** Given a list of port_cfg_t in <b>ports</b>, warn any controller port there
|
|
|
|
* is listening on any non-loopback address. If <b>forbid</b> is true,
|
|
|
|
* then emit a stronger warning and remove the port from the list.
|
|
|
|
*/
|
2011-11-08 22:10:38 +01:00
|
|
|
static void
|
|
|
|
warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid)
|
|
|
|
{
|
|
|
|
int warned = 0;
|
|
|
|
SMARTLIST_FOREACH_BEGIN(ports, port_cfg_t *, port) {
|
|
|
|
if (port->type != CONN_TYPE_CONTROL_LISTENER)
|
|
|
|
continue;
|
|
|
|
if (port->is_unix_addr)
|
|
|
|
continue;
|
|
|
|
if (!tor_addr_is_loopback(&port->addr)) {
|
|
|
|
if (forbid) {
|
|
|
|
if (!warned)
|
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"You have a ControlPort set to accept "
|
|
|
|
"unauthenticated connections from a non-local address. "
|
|
|
|
"This means that programs not running on your computer "
|
|
|
|
"can reconfigure your Tor, without even having to guess a "
|
|
|
|
"password. That's so bad that I'm closing your ControlPort "
|
|
|
|
"for you. If you need to control your Tor remotely, try "
|
|
|
|
"enabling authentication and using a tool like stunnel or "
|
|
|
|
"ssh to encrypt remote access.");
|
|
|
|
warned = 1;
|
|
|
|
port_cfg_free(port);
|
|
|
|
SMARTLIST_DEL_CURRENT(ports, port);
|
|
|
|
} else {
|
|
|
|
log_warn(LD_CONFIG, "You have a ControlPort set to accept "
|
|
|
|
"connections from a non-local address. This means that "
|
|
|
|
"programs not running on your computer can reconfigure your "
|
|
|
|
"Tor. That's pretty bad, since the controller "
|
|
|
|
"protocol isn't encrypted! Maybe you should just listen on "
|
|
|
|
"127.0.0.1 and use a tool like stunnel or ssh to encrypt "
|
|
|
|
"remote connections to your control port.");
|
|
|
|
return; /* No point in checking the rest */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} SMARTLIST_FOREACH_END(port);
|
|
|
|
}
|
|
|
|
|
|
|
|
#define CL_PORT_NO_OPTIONS (1u<<0)
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
#define CL_PORT_WARN_NONLOCAL (1u<<1)
|
|
|
|
#define CL_PORT_ALLOW_EXTRA_LISTENADDR (1u<<2)
|
2011-11-08 22:10:38 +01:00
|
|
|
#define CL_PORT_SERVER_OPTIONS (1u<<3)
|
|
|
|
#define CL_PORT_FORBID_NONLOCAL (1u<<4)
|
2012-10-31 16:08:38 +01:00
|
|
|
#define CL_PORT_TAKES_HOSTNAMES (1u<<5)
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
|
|
|
|
/**
|
2011-11-08 22:10:38 +01:00
|
|
|
* Parse port configuration for a single port type.
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
*
|
|
|
|
* Read entries of the "FooPort" type from the list <b>ports</b>, and
|
|
|
|
* entries of the "FooListenAddress" type from the list
|
|
|
|
* <b>listenaddrs</b>. Two syntaxes are supported: a legacy syntax
|
|
|
|
* where FooPort is at most a single entry containing a port number and
|
|
|
|
* where FooListenAddress has any number of address:port combinations;
|
|
|
|
* and a new syntax where there are no FooListenAddress entries and
|
|
|
|
* where FooPort can have any number of entries of the format
|
|
|
|
* "[Address:][Port] IsolationOptions".
|
|
|
|
*
|
|
|
|
* In log messages, describe the port type as <b>portname</b>.
|
|
|
|
*
|
|
|
|
* If no address is specified, default to <b>defaultaddr</b>. If no
|
|
|
|
* FooPort is given, default to defaultport (if 0, there is no default).
|
|
|
|
*
|
|
|
|
* If CL_PORT_NO_OPTIONS is set in <b>flags</b>, do not allow stream
|
|
|
|
* isolation options in the FooPort entries.
|
|
|
|
*
|
|
|
|
* If CL_PORT_WARN_NONLOCAL is set in <b>flags</b>, warn if any of the
|
2011-11-08 22:10:38 +01:00
|
|
|
* ports are not on a local address. If CL_PORT_FORBID_NONLOCAL is set,
|
|
|
|
* this is a contrl port with no password set: don't even allow it.
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
*
|
|
|
|
* Unless CL_PORT_ALLOW_EXTRA_LISTENADDR is set in <b>flags</b>, warn
|
|
|
|
* if FooListenAddress is set but FooPort is 0.
|
|
|
|
*
|
2011-11-08 22:10:38 +01:00
|
|
|
* If CL_PORT_SERVER_OPTIONS is set in <b>flags</b>, do not allow stream
|
|
|
|
* isolation options in the FooPort entries; instead allow the
|
|
|
|
* server-port option set.
|
|
|
|
*
|
2012-10-31 16:08:38 +01:00
|
|
|
* If CL_PORT_TAKES_HOSTNAMES is set in <b>flags</b>, allow the options
|
|
|
|
* {No,}IPv{4,6}Traffic.
|
|
|
|
*
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
* On success, if <b>out</b> is given, add a new port_cfg_t entry to
|
|
|
|
* <b>out</b> for every port that the client should listen on. Return 0
|
|
|
|
* on success, -1 on failure.
|
|
|
|
*/
|
|
|
|
static int
|
2011-11-08 22:10:38 +01:00
|
|
|
parse_port_config(smartlist_t *out,
|
2012-08-09 21:48:43 +02:00
|
|
|
const config_line_t *ports,
|
|
|
|
const config_line_t *listenaddrs,
|
|
|
|
const char *portname,
|
|
|
|
int listener_type,
|
|
|
|
const char *defaultaddr,
|
|
|
|
int defaultport,
|
|
|
|
unsigned flags)
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
{
|
|
|
|
smartlist_t *elts;
|
|
|
|
int retval = -1;
|
2011-11-08 22:10:38 +01:00
|
|
|
const unsigned is_control = (listener_type == CONN_TYPE_CONTROL_LISTENER);
|
2013-06-01 17:38:06 +02:00
|
|
|
const unsigned is_ext_orport = (listener_type == CONN_TYPE_EXT_OR_LISTENER);
|
2011-11-08 22:10:38 +01:00
|
|
|
const unsigned allow_no_options = flags & CL_PORT_NO_OPTIONS;
|
|
|
|
const unsigned use_server_options = flags & CL_PORT_SERVER_OPTIONS;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
const unsigned warn_nonlocal = flags & CL_PORT_WARN_NONLOCAL;
|
2011-11-08 22:10:38 +01:00
|
|
|
const unsigned forbid_nonlocal = flags & CL_PORT_FORBID_NONLOCAL;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
const unsigned allow_spurious_listenaddr =
|
|
|
|
flags & CL_PORT_ALLOW_EXTRA_LISTENADDR;
|
2012-10-31 16:08:38 +01:00
|
|
|
const unsigned takes_hostnames = flags & CL_PORT_TAKES_HOSTNAMES;
|
2012-08-09 22:13:03 +02:00
|
|
|
int got_zero_port=0, got_nonzero_port=0;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
|
|
|
|
/* FooListenAddress is deprecated; let's make it work like it used to work,
|
|
|
|
* though. */
|
|
|
|
if (listenaddrs) {
|
2011-09-11 07:33:04 +02:00
|
|
|
int mainport = defaultport;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
|
2011-09-11 07:33:04 +02:00
|
|
|
if (ports && ports->next) {
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
log_warn(LD_CONFIG, "%sListenAddress can't be used when there are "
|
|
|
|
"multiple %sPort lines", portname, portname);
|
|
|
|
return -1;
|
2011-09-11 07:33:04 +02:00
|
|
|
} else if (ports) {
|
|
|
|
if (!strcmp(ports->value, "auto")) {
|
|
|
|
mainport = CFG_AUTO_PORT;
|
|
|
|
} else {
|
|
|
|
int ok;
|
|
|
|
mainport = (int)tor_parse_long(ports->value, 10, 0, 65535, &ok, NULL);
|
|
|
|
if (!ok) {
|
|
|
|
log_warn(LD_CONFIG, "%sListenAddress can only be used with a single "
|
2012-07-17 18:02:55 +02:00
|
|
|
"%sPort with value \"auto\" or 1-65535 and no options set.",
|
2011-09-11 07:33:04 +02:00
|
|
|
portname, portname);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (mainport == 0) {
|
|
|
|
if (allow_spurious_listenaddr)
|
2012-08-09 21:48:43 +02:00
|
|
|
return 1; /*DOCDOC*/
|
2011-09-11 07:33:04 +02:00
|
|
|
log_warn(LD_CONFIG, "%sPort must be defined if %sListenAddress is used",
|
|
|
|
portname, portname);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2011-11-08 22:10:38 +01:00
|
|
|
if (use_server_options && out) {
|
|
|
|
/* Add a no_listen port. */
|
2012-11-25 20:57:10 +01:00
|
|
|
port_cfg_t *cfg = port_cfg_new();
|
2011-11-08 22:10:38 +01:00
|
|
|
cfg->type = listener_type;
|
|
|
|
cfg->port = mainport;
|
|
|
|
tor_addr_make_unspec(&cfg->addr); /* Server ports default to 0.0.0.0 */
|
|
|
|
cfg->no_listen = 1;
|
2012-10-31 16:12:28 +01:00
|
|
|
cfg->bind_ipv4_only = 1;
|
2012-11-16 04:49:43 +01:00
|
|
|
cfg->ipv4_traffic = 1;
|
2012-11-25 20:51:36 +01:00
|
|
|
cfg->prefer_ipv6_virtaddr = 1;
|
2011-11-08 22:10:38 +01:00
|
|
|
smartlist_add(out, cfg);
|
|
|
|
}
|
|
|
|
|
2011-09-11 07:33:04 +02:00
|
|
|
for (; listenaddrs; listenaddrs = listenaddrs->next) {
|
|
|
|
tor_addr_t addr;
|
|
|
|
uint16_t port = 0;
|
2011-10-11 17:21:31 +02:00
|
|
|
if (tor_addr_port_lookup(listenaddrs->value, &addr, &port) < 0) {
|
2011-09-11 07:33:04 +02:00
|
|
|
log_warn(LD_CONFIG, "Unable to parse %sListenAddress '%s'",
|
|
|
|
portname, listenaddrs->value);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (out) {
|
2012-11-25 20:57:10 +01:00
|
|
|
port_cfg_t *cfg = port_cfg_new();
|
2011-09-11 07:33:04 +02:00
|
|
|
cfg->type = listener_type;
|
|
|
|
cfg->port = port ? port : mainport;
|
|
|
|
tor_addr_copy(&cfg->addr, &addr);
|
|
|
|
cfg->session_group = SESSION_GROUP_UNSET;
|
|
|
|
cfg->isolation_flags = ISO_DEFAULT;
|
2011-11-08 22:10:38 +01:00
|
|
|
cfg->no_advertise = 1;
|
2011-09-11 07:33:04 +02:00
|
|
|
smartlist_add(out, cfg);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-11-08 22:10:38 +01:00
|
|
|
if (warn_nonlocal && out) {
|
|
|
|
if (is_control)
|
|
|
|
warn_nonlocal_controller_ports(out, forbid_nonlocal);
|
2013-06-01 17:38:06 +02:00
|
|
|
else if (is_ext_orport)
|
|
|
|
warn_nonlocal_ext_orports(out, portname);
|
2011-11-08 22:10:38 +01:00
|
|
|
else
|
2013-01-02 16:37:03 +01:00
|
|
|
warn_nonlocal_client_ports(out, portname, listener_type);
|
2011-11-08 22:10:38 +01:00
|
|
|
}
|
2011-09-11 07:33:04 +02:00
|
|
|
return 0;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
} /* end if (listenaddrs) */
|
|
|
|
|
|
|
|
/* No ListenAddress lines. If there's no FooPort, then maybe make a default
|
|
|
|
* one. */
|
|
|
|
if (! ports) {
|
|
|
|
if (defaultport && out) {
|
2012-11-25 20:57:10 +01:00
|
|
|
port_cfg_t *cfg = port_cfg_new();
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
cfg->type = listener_type;
|
|
|
|
cfg->port = defaultport;
|
2011-10-11 17:21:31 +02:00
|
|
|
tor_addr_parse(&cfg->addr, defaultaddr);
|
2011-07-08 21:54:30 +02:00
|
|
|
cfg->session_group = SESSION_GROUP_UNSET;
|
2011-07-06 22:03:47 +02:00
|
|
|
cfg->isolation_flags = ISO_DEFAULT;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
smartlist_add(out, cfg);
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* At last we can actually parse the FooPort lines. The syntax is:
|
|
|
|
* [Addr:](Port|auto) [Options].*/
|
2012-01-18 21:53:30 +01:00
|
|
|
elts = smartlist_new();
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
|
|
|
|
for (; ports; ports = ports->next) {
|
|
|
|
tor_addr_t addr;
|
|
|
|
int port;
|
2011-07-08 21:54:30 +02:00
|
|
|
int sessiongroup = SESSION_GROUP_UNSET;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
unsigned isolation = ISO_DEFAULT;
|
2013-03-20 21:17:06 +01:00
|
|
|
int prefer_no_auth = 0;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
|
|
|
|
char *addrport;
|
|
|
|
uint16_t ptmp=0;
|
|
|
|
int ok;
|
2011-11-08 22:10:38 +01:00
|
|
|
int no_listen = 0, no_advertise = 0, all_addrs = 0,
|
2012-10-31 16:12:28 +01:00
|
|
|
bind_ipv4_only = 0, bind_ipv6_only = 0,
|
2012-11-25 19:18:26 +01:00
|
|
|
ipv4_traffic = 1, ipv6_traffic = 0, prefer_ipv6 = 0,
|
2012-11-25 21:36:35 +01:00
|
|
|
cache_ipv4 = 1, use_cached_ipv4 = 0,
|
2012-11-25 20:51:36 +01:00
|
|
|
cache_ipv6 = 0, use_cached_ipv6 = 0,
|
|
|
|
prefer_ipv6_automap = 1;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
|
|
|
|
smartlist_split_string(elts, ports->value, NULL,
|
|
|
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
|
|
|
|
if (smartlist_len(elts) == 0) {
|
|
|
|
log_warn(LD_CONFIG, "Invalid %sPort line with no value", portname);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2011-11-08 22:10:38 +01:00
|
|
|
if (allow_no_options && smartlist_len(elts) > 1) {
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
log_warn(LD_CONFIG, "Too many options on %sPort line", portname);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Now parse the addr/port value */
|
|
|
|
addrport = smartlist_get(elts, 0);
|
|
|
|
if (!strcmp(addrport, "auto")) {
|
|
|
|
port = CFG_AUTO_PORT;
|
2011-10-11 17:21:31 +02:00
|
|
|
tor_addr_parse(&addr, defaultaddr);
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
} else if (!strcasecmpend(addrport, ":auto")) {
|
|
|
|
char *addrtmp = tor_strndup(addrport, strlen(addrport)-5);
|
|
|
|
port = CFG_AUTO_PORT;
|
2011-10-11 17:21:31 +02:00
|
|
|
if (tor_addr_port_lookup(addrtmp, &addr, &ptmp)<0 || ptmp) {
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
log_warn(LD_CONFIG, "Invalid address '%s' for %sPort",
|
|
|
|
escaped(addrport), portname);
|
|
|
|
tor_free(addrtmp);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
} else {
|
2011-07-20 19:40:09 +02:00
|
|
|
/* Try parsing integer port before address, because, who knows?
|
|
|
|
"9050" might be a valid address. */
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
port = (int) tor_parse_long(addrport, 10, 0, 65535, &ok, NULL);
|
2011-07-20 19:40:09 +02:00
|
|
|
if (ok) {
|
2011-10-11 17:21:31 +02:00
|
|
|
tor_addr_parse(&addr, defaultaddr);
|
|
|
|
} else if (tor_addr_port_lookup(addrport, &addr, &ptmp) == 0) {
|
2011-07-20 19:40:09 +02:00
|
|
|
if (ptmp == 0) {
|
|
|
|
log_warn(LD_CONFIG, "%sPort line has address but no port", portname);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
port = ptmp;
|
|
|
|
} else {
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
log_warn(LD_CONFIG, "Couldn't parse address '%s' for %sPort",
|
|
|
|
escaped(addrport), portname);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Now parse the rest of the options, if any. */
|
2011-11-08 22:10:38 +01:00
|
|
|
if (use_server_options) {
|
|
|
|
/* This is a server port; parse advertising options */
|
|
|
|
SMARTLIST_FOREACH_BEGIN(elts, char *, elt) {
|
|
|
|
if (elt_sl_idx == 0)
|
|
|
|
continue; /* Skip addr:port */
|
|
|
|
|
|
|
|
if (!strcasecmp(elt, "NoAdvertise")) {
|
|
|
|
no_advertise = 1;
|
|
|
|
} else if (!strcasecmp(elt, "NoListen")) {
|
|
|
|
no_listen = 1;
|
|
|
|
#if 0
|
|
|
|
/* not implemented yet. */
|
|
|
|
} else if (!strcasecmp(elt, "AllAddrs")) {
|
|
|
|
|
|
|
|
all_addrs = 1;
|
|
|
|
#endif
|
|
|
|
} else if (!strcasecmp(elt, "IPv4Only")) {
|
2012-10-31 16:12:28 +01:00
|
|
|
bind_ipv4_only = 1;
|
2011-11-08 22:10:38 +01:00
|
|
|
} else if (!strcasecmp(elt, "IPv6Only")) {
|
2012-10-31 16:12:28 +01:00
|
|
|
bind_ipv6_only = 1;
|
2011-11-08 22:10:38 +01:00
|
|
|
} else {
|
|
|
|
log_warn(LD_CONFIG, "Unrecognized %sPort option '%s'",
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
portname, escaped(elt));
|
|
|
|
}
|
2011-11-08 22:10:38 +01:00
|
|
|
} SMARTLIST_FOREACH_END(elt);
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
|
2011-11-08 22:10:38 +01:00
|
|
|
if (no_advertise && no_listen) {
|
|
|
|
log_warn(LD_CONFIG, "Tried to set both NoListen and NoAdvertise "
|
|
|
|
"on %sPort line '%s'",
|
|
|
|
portname, escaped(ports->value));
|
|
|
|
goto err;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
}
|
2012-10-31 16:12:28 +01:00
|
|
|
if (bind_ipv4_only && bind_ipv6_only) {
|
2011-11-08 22:10:38 +01:00
|
|
|
log_warn(LD_CONFIG, "Tried to set both IPv4Only and IPv6Only "
|
|
|
|
"on %sPort line '%s'",
|
|
|
|
portname, escaped(ports->value));
|
|
|
|
goto err;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
}
|
2012-10-31 16:12:28 +01:00
|
|
|
if (bind_ipv4_only && tor_addr_family(&addr) == AF_INET6) {
|
2011-11-08 22:10:38 +01:00
|
|
|
log_warn(LD_CONFIG, "Could not interpret %sPort address as IPv6",
|
|
|
|
portname);
|
|
|
|
goto err;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
}
|
2012-10-31 16:12:28 +01:00
|
|
|
if (bind_ipv6_only && tor_addr_family(&addr) == AF_INET) {
|
2011-11-08 22:10:38 +01:00
|
|
|
log_warn(LD_CONFIG, "Could not interpret %sPort address as IPv4",
|
|
|
|
portname);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/* This is a client port; parse isolation options */
|
|
|
|
SMARTLIST_FOREACH_BEGIN(elts, char *, elt) {
|
|
|
|
int no = 0, isoflag = 0;
|
|
|
|
const char *elt_orig = elt;
|
|
|
|
if (elt_sl_idx == 0)
|
|
|
|
continue; /* Skip addr:port */
|
|
|
|
if (!strcasecmpstart(elt, "SessionGroup=")) {
|
|
|
|
int group = (int)tor_parse_long(elt+strlen("SessionGroup="),
|
|
|
|
10, 0, INT_MAX, &ok, NULL);
|
|
|
|
if (!ok) {
|
|
|
|
log_warn(LD_CONFIG, "Invalid %sPort option '%s'",
|
|
|
|
portname, escaped(elt));
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
if (sessiongroup >= 0) {
|
|
|
|
log_warn(LD_CONFIG, "Multiple SessionGroup options on %sPort",
|
|
|
|
portname);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
sessiongroup = group;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcasecmpstart(elt, "No")) {
|
|
|
|
no = 1;
|
|
|
|
elt += 2;
|
|
|
|
}
|
2012-10-31 16:08:38 +01:00
|
|
|
|
|
|
|
if (takes_hostnames) {
|
|
|
|
if (!strcasecmp(elt, "IPv4Traffic")) {
|
|
|
|
ipv4_traffic = ! no;
|
|
|
|
continue;
|
|
|
|
} else if (!strcasecmp(elt, "IPv6Traffic")) {
|
|
|
|
ipv6_traffic = ! no;
|
|
|
|
continue;
|
2012-11-14 16:09:06 +01:00
|
|
|
} else if (!strcasecmp(elt, "PreferIPv6")) {
|
|
|
|
prefer_ipv6 = ! no;
|
|
|
|
continue;
|
2012-10-31 16:08:38 +01:00
|
|
|
}
|
|
|
|
}
|
2012-11-25 19:18:26 +01:00
|
|
|
if (!strcasecmp(elt, "CacheIPv4DNS")) {
|
|
|
|
cache_ipv4 = ! no;
|
|
|
|
continue;
|
|
|
|
} else if (!strcasecmp(elt, "CacheIPv6DNS")) {
|
|
|
|
cache_ipv6 = ! no;
|
|
|
|
continue;
|
|
|
|
} else if (!strcasecmp(elt, "CacheDNS")) {
|
|
|
|
cache_ipv4 = cache_ipv6 = ! no;
|
|
|
|
continue;
|
|
|
|
} else if (!strcasecmp(elt, "UseIPv4Cache")) {
|
|
|
|
use_cached_ipv4 = ! no;
|
|
|
|
continue;
|
|
|
|
} else if (!strcasecmp(elt, "UseIPv6Cache")) {
|
|
|
|
use_cached_ipv6 = ! no;
|
|
|
|
continue;
|
|
|
|
} else if (!strcasecmp(elt, "UseDNSCache")) {
|
|
|
|
use_cached_ipv4 = use_cached_ipv6 = ! no;
|
|
|
|
continue;
|
2012-11-25 20:51:36 +01:00
|
|
|
} else if (!strcasecmp(elt, "PreferIPv6Automap")) {
|
|
|
|
prefer_ipv6_automap = ! no;
|
|
|
|
continue;
|
2013-04-11 07:39:26 +02:00
|
|
|
} else if (!strcasecmp(elt, "PreferSOCKSNoAuth")) {
|
2013-03-20 21:17:06 +01:00
|
|
|
prefer_no_auth = ! no;
|
|
|
|
continue;
|
2012-11-25 19:18:26 +01:00
|
|
|
}
|
2012-10-31 16:08:38 +01:00
|
|
|
|
2011-11-08 22:10:38 +01:00
|
|
|
if (!strcasecmpend(elt, "s"))
|
|
|
|
elt[strlen(elt)-1] = '\0'; /* kill plurals. */
|
|
|
|
|
|
|
|
if (!strcasecmp(elt, "IsolateDestPort")) {
|
|
|
|
isoflag = ISO_DESTPORT;
|
|
|
|
} else if (!strcasecmp(elt, "IsolateDestAddr")) {
|
|
|
|
isoflag = ISO_DESTADDR;
|
|
|
|
} else if (!strcasecmp(elt, "IsolateSOCKSAuth")) {
|
|
|
|
isoflag = ISO_SOCKSAUTH;
|
|
|
|
} else if (!strcasecmp(elt, "IsolateClientProtocol")) {
|
|
|
|
isoflag = ISO_CLIENTPROTO;
|
|
|
|
} else if (!strcasecmp(elt, "IsolateClientAddr")) {
|
|
|
|
isoflag = ISO_CLIENTADDR;
|
|
|
|
} else {
|
|
|
|
log_warn(LD_CONFIG, "Unrecognized %sPort option '%s'",
|
|
|
|
portname, escaped(elt_orig));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (no) {
|
|
|
|
isolation &= ~isoflag;
|
|
|
|
} else {
|
|
|
|
isolation |= isoflag;
|
|
|
|
}
|
|
|
|
} SMARTLIST_FOREACH_END(elt);
|
|
|
|
}
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
|
2012-08-09 22:13:03 +02:00
|
|
|
if (port)
|
|
|
|
got_nonzero_port = 1;
|
|
|
|
else
|
|
|
|
got_zero_port = 1;
|
|
|
|
|
2012-11-16 04:58:54 +01:00
|
|
|
if (ipv4_traffic == 0 && ipv6_traffic == 0) {
|
|
|
|
log_warn(LD_CONFIG, "You have a %sPort entry with both IPv4 and "
|
|
|
|
"IPv6 disabled; that won't work.", portname);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2011-08-09 20:52:22 +02:00
|
|
|
if (out && port) {
|
2012-11-25 20:57:10 +01:00
|
|
|
port_cfg_t *cfg = port_cfg_new();
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
tor_addr_copy(&cfg->addr, &addr);
|
2012-03-19 04:57:19 +01:00
|
|
|
cfg->port = port;
|
|
|
|
cfg->type = listener_type;
|
2011-07-06 22:03:47 +02:00
|
|
|
cfg->isolation_flags = isolation;
|
2012-03-19 04:57:19 +01:00
|
|
|
cfg->session_group = sessiongroup;
|
2012-03-19 04:55:17 +01:00
|
|
|
cfg->no_advertise = no_advertise;
|
2011-11-08 22:10:38 +01:00
|
|
|
cfg->no_listen = no_listen;
|
|
|
|
cfg->all_addrs = all_addrs;
|
2012-10-31 16:12:28 +01:00
|
|
|
cfg->bind_ipv4_only = bind_ipv4_only;
|
|
|
|
cfg->bind_ipv6_only = bind_ipv6_only;
|
2012-10-31 16:08:38 +01:00
|
|
|
cfg->ipv4_traffic = ipv4_traffic;
|
|
|
|
cfg->ipv6_traffic = ipv6_traffic;
|
2012-11-14 16:09:06 +01:00
|
|
|
cfg->prefer_ipv6 = prefer_ipv6;
|
2012-11-25 19:18:26 +01:00
|
|
|
cfg->cache_ipv4_answers = cache_ipv4;
|
|
|
|
cfg->cache_ipv6_answers = cache_ipv6;
|
|
|
|
cfg->use_cached_ipv4_answers = use_cached_ipv4;
|
|
|
|
cfg->use_cached_ipv6_answers = use_cached_ipv6;
|
2012-11-25 20:51:36 +01:00
|
|
|
cfg->prefer_ipv6_virtaddr = prefer_ipv6_automap;
|
2013-03-20 21:17:06 +01:00
|
|
|
cfg->socks_prefer_no_auth = prefer_no_auth;
|
|
|
|
if (! (isolation & ISO_SOCKSAUTH))
|
|
|
|
cfg->socks_prefer_no_auth = 1;
|
2011-11-08 22:10:38 +01:00
|
|
|
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
smartlist_add(out, cfg);
|
|
|
|
}
|
|
|
|
SMARTLIST_FOREACH(elts, char *, cp, tor_free(cp));
|
|
|
|
smartlist_clear(elts);
|
|
|
|
}
|
|
|
|
|
2011-11-08 22:10:38 +01:00
|
|
|
if (warn_nonlocal && out) {
|
|
|
|
if (is_control)
|
|
|
|
warn_nonlocal_controller_ports(out, forbid_nonlocal);
|
2013-06-01 17:38:06 +02:00
|
|
|
else if (is_ext_orport)
|
|
|
|
warn_nonlocal_ext_orports(out, portname);
|
2011-11-08 22:10:38 +01:00
|
|
|
else
|
2013-01-02 16:37:03 +01:00
|
|
|
warn_nonlocal_client_ports(out, portname, listener_type);
|
2011-11-08 22:10:38 +01:00
|
|
|
}
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
|
2012-08-09 22:13:03 +02:00
|
|
|
if (got_zero_port && got_nonzero_port) {
|
|
|
|
log_warn(LD_CONFIG, "You specified a nonzero %sPort along with '%sPort 0' "
|
|
|
|
"in the same configuration. Did you mean to disable %sPort or "
|
|
|
|
"not?", portname, portname, portname);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
retval = 0;
|
|
|
|
err:
|
|
|
|
SMARTLIST_FOREACH(elts, char *, cp, tor_free(cp));
|
|
|
|
smartlist_free(elts);
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|
2012-06-05 00:50:13 +02:00
|
|
|
/** Parse a list of config_line_t for an AF_UNIX unix socket listener option
|
|
|
|
* from <b>cfg</b> and add them to <b>out</b>. No fancy options are
|
2015-01-09 21:49:54 +01:00
|
|
|
* supported: the line contains nothing but the path to the AF_UNIX socket.
|
|
|
|
* We support a *Socket 0 syntax to explicitly disable if we enable by
|
2015-01-12 23:12:18 +01:00
|
|
|
* default. To use this, pass a non-NULL list containing the default
|
|
|
|
* paths into this function as the 2nd parameter, and if no config lines at all
|
|
|
|
* are present they will be added to the output list. If the only config line
|
|
|
|
* present is '0' the input list will be unmodified.
|
|
|
|
*/
|
2011-11-08 22:10:38 +01:00
|
|
|
static int
|
2015-01-12 23:12:18 +01:00
|
|
|
parse_unix_socket_config(smartlist_t *out, smartlist_t *defaults,
|
|
|
|
const config_line_t *cfg, int listener_type)
|
2011-11-08 22:10:38 +01:00
|
|
|
{
|
2015-01-09 21:49:54 +01:00
|
|
|
/* We can say things like SocksSocket 0 or ControlSocket 0 to explicitly
|
|
|
|
* disable this feature; use this to track if we've seen a disable line
|
|
|
|
*/
|
|
|
|
|
2015-01-12 23:12:18 +01:00
|
|
|
int unix_socket_disable = 0;
|
2015-01-09 21:49:54 +01:00
|
|
|
size_t len;
|
2015-01-12 23:12:18 +01:00
|
|
|
smartlist_t *ports_to_add = NULL;
|
2011-11-08 22:10:38 +01:00
|
|
|
|
|
|
|
if (!out)
|
|
|
|
return 0;
|
|
|
|
|
2015-01-12 23:12:18 +01:00
|
|
|
ports_to_add = smartlist_new();
|
2015-01-09 21:49:54 +01:00
|
|
|
|
2011-11-08 22:10:38 +01:00
|
|
|
for ( ; cfg; cfg = cfg->next) {
|
2015-01-09 21:49:54 +01:00
|
|
|
if (strcmp(cfg->value, "0") != 0) {
|
2015-01-12 23:12:18 +01:00
|
|
|
/* We have a non-disable; add it */
|
2015-01-09 21:49:54 +01:00
|
|
|
len = strlen(cfg->value);
|
|
|
|
port_cfg_t *port = tor_malloc_zero(sizeof(port_cfg_t) + len + 1);
|
|
|
|
port->is_unix_addr = 1;
|
|
|
|
memcpy(port->unix_addr, cfg->value, len+1);
|
|
|
|
port->type = listener_type;
|
2015-01-13 01:18:17 +01:00
|
|
|
if (listener_type == CONN_TYPE_AP_LISTENER) {
|
|
|
|
/* Some more bits to twiddle for this case
|
|
|
|
*
|
|
|
|
* XXX this should support parsing the same options
|
|
|
|
* parse_port_config() does, and probably that code should be
|
|
|
|
* factored out into a function we can call from here. For
|
|
|
|
* now, some reasonable defaults.
|
|
|
|
*/
|
|
|
|
|
|
|
|
port->ipv4_traffic = 1;
|
|
|
|
port->ipv6_traffic = 1;
|
|
|
|
port->cache_ipv4_answers = 1;
|
|
|
|
port->cache_ipv6_answers = 1;
|
|
|
|
}
|
2015-01-12 23:12:18 +01:00
|
|
|
smartlist_add(ports_to_add, port);
|
2015-01-09 21:49:54 +01:00
|
|
|
} else {
|
|
|
|
/* Keep track that we've seen a disable */
|
|
|
|
unix_socket_disable = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (unix_socket_disable) {
|
2015-01-12 23:12:18 +01:00
|
|
|
if (smartlist_len(ports_to_add) > 0) {
|
2015-01-09 21:49:54 +01:00
|
|
|
/* We saw a disable line and a path; bad news */
|
2015-01-12 23:12:18 +01:00
|
|
|
SMARTLIST_FOREACH(ports_to_add, port_cfg_t *, port, tor_free(port));
|
|
|
|
smartlist_free(ports_to_add);
|
2015-01-09 21:49:54 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2015-01-12 23:12:18 +01:00
|
|
|
/* else we have a disable and nothing else, so add nothing to out */
|
|
|
|
} else {
|
|
|
|
/* No disable; do we have any ports to add that we parsed? */
|
|
|
|
if (smartlist_len(ports_to_add) > 0) {
|
|
|
|
SMARTLIST_FOREACH_BEGIN(ports_to_add, port_cfg_t *, port) {
|
|
|
|
smartlist_add(out, port);
|
|
|
|
} SMARTLIST_FOREACH_END(port);
|
|
|
|
} else if (defaults != NULL && smartlist_len(defaults) > 0) {
|
|
|
|
/* No, but we have some defaults to copy */
|
|
|
|
SMARTLIST_FOREACH_BEGIN(defaults, const port_cfg_t *, defport) {
|
|
|
|
tor_assert(defport->is_unix_addr);
|
|
|
|
tor_assert(defport->unix_addr);
|
|
|
|
len = sizeof(port_cfg_t) + strlen(defport->unix_addr) + 1;
|
|
|
|
port_cfg_t *port = tor_malloc_zero(len);
|
|
|
|
memcpy(port, defport, len);
|
|
|
|
smartlist_add(out, port);
|
|
|
|
} SMARTLIST_FOREACH_END(defport);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Free the temporary smartlist we used */
|
|
|
|
smartlist_free(ports_to_add);
|
2011-11-08 22:10:38 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-08-09 21:48:43 +02:00
|
|
|
/** Return the number of ports which are actually going to listen with type
|
|
|
|
* <b>listenertype</b>. Do not count no_listen ports. Do not count unix
|
|
|
|
* sockets. */
|
|
|
|
static int
|
|
|
|
count_real_listeners(const smartlist_t *ports, int listenertype)
|
|
|
|
{
|
|
|
|
int n = 0;
|
|
|
|
SMARTLIST_FOREACH_BEGIN(ports, port_cfg_t *, port) {
|
|
|
|
if (port->no_listen || port->is_unix_addr)
|
|
|
|
continue;
|
|
|
|
if (port->type != listenertype)
|
|
|
|
continue;
|
|
|
|
++n;
|
|
|
|
} SMARTLIST_FOREACH_END(port);
|
|
|
|
return n;
|
|
|
|
}
|
|
|
|
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
/** Parse all client port types (Socks, DNS, Trans, NATD) from
|
2012-08-09 21:48:43 +02:00
|
|
|
* <b>options</b>. On success, set *<b>n_ports_out</b> to the number
|
|
|
|
* of ports that are listed, update the *Port_set values in
|
|
|
|
* <b>options</b>, and return 0. On failure, set *<b>msg</b> to a
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
* description of the problem and return -1.
|
|
|
|
*
|
|
|
|
* If <b>validate_only</b> is false, set configured_client_ports to the
|
|
|
|
* new list of ports parsed from <b>options</b>.
|
|
|
|
**/
|
|
|
|
static int
|
2012-08-09 21:48:43 +02:00
|
|
|
parse_ports(or_options_t *options, int validate_only,
|
2011-11-08 22:10:38 +01:00
|
|
|
char **msg, int *n_ports_out)
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
{
|
|
|
|
smartlist_t *ports;
|
|
|
|
int retval = -1;
|
|
|
|
|
2012-01-18 21:53:30 +01:00
|
|
|
ports = smartlist_new();
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
|
|
|
|
*n_ports_out = 0;
|
|
|
|
|
2011-11-08 22:10:38 +01:00
|
|
|
if (parse_port_config(ports,
|
2012-08-09 21:48:43 +02:00
|
|
|
options->SocksPort_lines, options->SocksListenAddress,
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
"Socks", CONN_TYPE_AP_LISTENER,
|
|
|
|
"127.0.0.1", 9050,
|
2012-10-31 16:08:38 +01:00
|
|
|
CL_PORT_WARN_NONLOCAL|CL_PORT_ALLOW_EXTRA_LISTENADDR|
|
|
|
|
CL_PORT_TAKES_HOSTNAMES) < 0) {
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
*msg = tor_strdup("Invalid SocksPort/SocksListenAddress configuration");
|
|
|
|
goto err;
|
|
|
|
}
|
2011-11-08 22:10:38 +01:00
|
|
|
if (parse_port_config(ports,
|
2012-08-09 22:02:57 +02:00
|
|
|
options->DNSPort_lines, options->DNSListenAddress,
|
|
|
|
"DNS", CONN_TYPE_AP_DNS_LISTENER,
|
|
|
|
"127.0.0.1", 0,
|
2012-11-25 19:24:37 +01:00
|
|
|
CL_PORT_WARN_NONLOCAL|CL_PORT_TAKES_HOSTNAMES) < 0) {
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
*msg = tor_strdup("Invalid DNSPort/DNSListenAddress configuration");
|
|
|
|
goto err;
|
|
|
|
}
|
2011-11-08 22:10:38 +01:00
|
|
|
if (parse_port_config(ports,
|
2012-08-09 22:02:57 +02:00
|
|
|
options->TransPort_lines, options->TransListenAddress,
|
|
|
|
"Trans", CONN_TYPE_AP_TRANS_LISTENER,
|
|
|
|
"127.0.0.1", 0,
|
|
|
|
CL_PORT_WARN_NONLOCAL) < 0) {
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
*msg = tor_strdup("Invalid TransPort/TransListenAddress configuration");
|
|
|
|
goto err;
|
|
|
|
}
|
2011-11-08 22:10:38 +01:00
|
|
|
if (parse_port_config(ports,
|
2012-08-09 22:02:57 +02:00
|
|
|
options->NATDPort_lines, options->NATDListenAddress,
|
|
|
|
"NATD", CONN_TYPE_AP_NATD_LISTENER,
|
|
|
|
"127.0.0.1", 0,
|
|
|
|
CL_PORT_WARN_NONLOCAL) < 0) {
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
*msg = tor_strdup("Invalid NatdPort/NatdListenAddress configuration");
|
|
|
|
goto err;
|
|
|
|
}
|
2011-11-08 22:10:38 +01:00
|
|
|
{
|
|
|
|
unsigned control_port_flags = CL_PORT_NO_OPTIONS | CL_PORT_WARN_NONLOCAL;
|
|
|
|
const int any_passwords = (options->HashedControlPassword ||
|
|
|
|
options->HashedControlSessionPassword ||
|
|
|
|
options->CookieAuthentication);
|
|
|
|
if (! any_passwords)
|
|
|
|
control_port_flags |= CL_PORT_FORBID_NONLOCAL;
|
|
|
|
|
|
|
|
if (parse_port_config(ports,
|
2012-08-09 22:02:57 +02:00
|
|
|
options->ControlPort_lines,
|
|
|
|
options->ControlListenAddress,
|
2011-11-08 22:10:38 +01:00
|
|
|
"Control", CONN_TYPE_CONTROL_LISTENER,
|
|
|
|
"127.0.0.1", 0,
|
|
|
|
control_port_flags) < 0) {
|
|
|
|
*msg = tor_strdup("Invalid ControlPort/ControlListenAddress "
|
|
|
|
"configuration");
|
|
|
|
goto err;
|
|
|
|
}
|
2015-01-12 23:12:18 +01:00
|
|
|
|
|
|
|
if (parse_unix_socket_config(ports, NULL,
|
2012-06-05 00:50:13 +02:00
|
|
|
options->ControlSocket,
|
|
|
|
CONN_TYPE_CONTROL_LISTENER) < 0) {
|
2011-11-08 22:10:38 +01:00
|
|
|
*msg = tor_strdup("Invalid ControlSocket configuration");
|
|
|
|
goto err;
|
|
|
|
}
|
2015-01-12 23:12:18 +01:00
|
|
|
if (parse_unix_socket_config(ports, NULL,
|
2014-08-11 21:27:04 +02:00
|
|
|
options->SocksSocket,
|
|
|
|
CONN_TYPE_AP_LISTENER) < 0) {
|
|
|
|
*msg = tor_strdup("Invalid SocksSocket configuration");
|
|
|
|
goto err;
|
|
|
|
}
|
2011-11-08 22:10:38 +01:00
|
|
|
}
|
|
|
|
if (! options->ClientOnly) {
|
|
|
|
if (parse_port_config(ports,
|
2012-08-09 21:48:43 +02:00
|
|
|
options->ORPort_lines, options->ORListenAddress,
|
2011-11-08 22:10:38 +01:00
|
|
|
"OR", CONN_TYPE_OR_LISTENER,
|
|
|
|
"0.0.0.0", 0,
|
|
|
|
CL_PORT_SERVER_OPTIONS) < 0) {
|
|
|
|
*msg = tor_strdup("Invalid ORPort/ORListenAddress configuration");
|
|
|
|
goto err;
|
|
|
|
}
|
2012-03-16 14:40:44 +01:00
|
|
|
if (parse_port_config(ports,
|
|
|
|
options->ExtORPort_lines, NULL,
|
|
|
|
"ExtOR", CONN_TYPE_EXT_OR_LISTENER,
|
|
|
|
"127.0.0.1", 0,
|
2013-06-01 17:38:06 +02:00
|
|
|
CL_PORT_SERVER_OPTIONS|CL_PORT_WARN_NONLOCAL) < 0) {
|
2012-03-16 14:40:44 +01:00
|
|
|
*msg = tor_strdup("Invalid ExtORPort configuration");
|
|
|
|
goto err;
|
|
|
|
}
|
2011-11-08 22:10:38 +01:00
|
|
|
if (parse_port_config(ports,
|
2012-08-09 21:48:43 +02:00
|
|
|
options->DirPort_lines, options->DirListenAddress,
|
2011-11-08 22:10:38 +01:00
|
|
|
"Dir", CONN_TYPE_DIR_LISTENER,
|
|
|
|
"0.0.0.0", 0,
|
|
|
|
CL_PORT_SERVER_OPTIONS) < 0) {
|
|
|
|
*msg = tor_strdup("Invalid DirPort/DirListenAddress configuration");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (check_server_ports(ports, options) < 0) {
|
|
|
|
*msg = tor_strdup("Misconfigured server ports");
|
|
|
|
goto err;
|
|
|
|
}
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
|
|
|
|
*n_ports_out = smartlist_len(ports);
|
|
|
|
|
2012-08-09 21:48:43 +02:00
|
|
|
retval = 0;
|
|
|
|
|
|
|
|
/* Update the *Port_set options. The !! here is to force a boolean out of
|
|
|
|
an integer. */
|
|
|
|
options->ORPort_set =
|
|
|
|
!! count_real_listeners(ports, CONN_TYPE_OR_LISTENER);
|
|
|
|
options->SocksPort_set =
|
|
|
|
!! count_real_listeners(ports, CONN_TYPE_AP_LISTENER);
|
2014-08-11 21:27:04 +02:00
|
|
|
options->SocksSocket_set =
|
2012-08-09 21:48:43 +02:00
|
|
|
!! count_real_listeners(ports, CONN_TYPE_AP_LISTENER);
|
|
|
|
options->TransPort_set =
|
|
|
|
!! count_real_listeners(ports, CONN_TYPE_AP_TRANS_LISTENER);
|
|
|
|
options->NATDPort_set =
|
|
|
|
!! count_real_listeners(ports, CONN_TYPE_AP_NATD_LISTENER);
|
|
|
|
options->ControlPort_set =
|
|
|
|
!! count_real_listeners(ports, CONN_TYPE_CONTROL_LISTENER);
|
|
|
|
options->DirPort_set =
|
|
|
|
!! count_real_listeners(ports, CONN_TYPE_DIR_LISTENER);
|
|
|
|
options->DNSPort_set =
|
|
|
|
!! count_real_listeners(ports, CONN_TYPE_AP_DNS_LISTENER);
|
2013-06-01 17:38:06 +02:00
|
|
|
options->ExtORPort_set =
|
|
|
|
!! count_real_listeners(ports, CONN_TYPE_EXT_OR_LISTENER);
|
2012-08-09 21:48:43 +02:00
|
|
|
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
if (!validate_only) {
|
2011-11-08 22:10:38 +01:00
|
|
|
if (configured_ports) {
|
|
|
|
SMARTLIST_FOREACH(configured_ports,
|
2011-07-06 22:03:47 +02:00
|
|
|
port_cfg_t *, p, port_cfg_free(p));
|
2011-11-08 22:10:38 +01:00
|
|
|
smartlist_free(configured_ports);
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
}
|
2011-11-08 22:10:38 +01:00
|
|
|
configured_ports = ports;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
ports = NULL; /* prevent free below. */
|
|
|
|
}
|
|
|
|
|
|
|
|
err:
|
|
|
|
if (ports) {
|
2011-07-06 22:03:47 +02:00
|
|
|
SMARTLIST_FOREACH(ports, port_cfg_t *, p, port_cfg_free(p));
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
smartlist_free(ports);
|
|
|
|
}
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|
2012-06-05 00:50:13 +02:00
|
|
|
/** Given a list of <b>port_cfg_t</b> in <b>ports</b>, check them for internal
|
|
|
|
* consistency and warn as appropriate. */
|
2011-11-08 22:10:38 +01:00
|
|
|
static int
|
|
|
|
check_server_ports(const smartlist_t *ports,
|
|
|
|
const or_options_t *options)
|
|
|
|
{
|
|
|
|
int n_orport_advertised = 0;
|
|
|
|
int n_orport_advertised_ipv4 = 0;
|
|
|
|
int n_orport_listeners = 0;
|
|
|
|
int n_dirport_advertised = 0;
|
|
|
|
int n_dirport_listeners = 0;
|
|
|
|
int n_low_port = 0;
|
|
|
|
int r = 0;
|
|
|
|
|
|
|
|
SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) {
|
|
|
|
if (port->type == CONN_TYPE_DIR_LISTENER) {
|
|
|
|
if (! port->no_advertise)
|
|
|
|
++n_dirport_advertised;
|
|
|
|
if (! port->no_listen)
|
|
|
|
++n_dirport_listeners;
|
|
|
|
} else if (port->type == CONN_TYPE_OR_LISTENER) {
|
|
|
|
if (! port->no_advertise) {
|
|
|
|
++n_orport_advertised;
|
|
|
|
if (tor_addr_family(&port->addr) == AF_INET ||
|
2012-11-01 03:46:07 +01:00
|
|
|
(tor_addr_family(&port->addr) == AF_UNSPEC &&
|
|
|
|
!port->bind_ipv6_only))
|
2011-11-08 22:10:38 +01:00
|
|
|
++n_orport_advertised_ipv4;
|
|
|
|
}
|
|
|
|
if (! port->no_listen)
|
|
|
|
++n_orport_listeners;
|
|
|
|
} else {
|
|
|
|
continue;
|
|
|
|
}
|
2012-01-31 16:59:42 +01:00
|
|
|
#ifndef _WIN32
|
2012-11-06 23:15:39 +01:00
|
|
|
if (!port->no_listen && port->port < 1024)
|
2011-11-08 22:10:38 +01:00
|
|
|
++n_low_port;
|
|
|
|
#endif
|
|
|
|
} SMARTLIST_FOREACH_END(port);
|
|
|
|
|
|
|
|
if (n_orport_advertised && !n_orport_listeners) {
|
|
|
|
log_warn(LD_CONFIG, "We are advertising an ORPort, but not actually "
|
|
|
|
"listening on one.");
|
|
|
|
r = -1;
|
|
|
|
}
|
2013-08-05 18:14:48 +02:00
|
|
|
if (n_orport_listeners && !n_orport_advertised) {
|
|
|
|
log_warn(LD_CONFIG, "We are listening on an ORPort, but not advertising "
|
|
|
|
"any ORPorts. This will keep us from building a %s "
|
|
|
|
"descriptor, and make us impossible to use.",
|
|
|
|
options->BridgeRelay ? "bridge" : "router");
|
|
|
|
r = -1;
|
|
|
|
}
|
2011-11-08 22:10:38 +01:00
|
|
|
if (n_dirport_advertised && !n_dirport_listeners) {
|
|
|
|
log_warn(LD_CONFIG, "We are advertising a DirPort, but not actually "
|
|
|
|
"listening on one.");
|
|
|
|
r = -1;
|
|
|
|
}
|
|
|
|
if (n_dirport_advertised > 1) {
|
|
|
|
log_warn(LD_CONFIG, "Can't advertise more than one DirPort.");
|
|
|
|
r = -1;
|
|
|
|
}
|
|
|
|
if (n_orport_advertised && !n_orport_advertised_ipv4 &&
|
|
|
|
!options->BridgeRelay) {
|
|
|
|
log_warn(LD_CONFIG, "Configured non-bridge only to listen on an IPv6 "
|
|
|
|
"address.");
|
|
|
|
r = -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (n_low_port && options->AccountingMax) {
|
2013-02-01 21:43:37 +01:00
|
|
|
log_warn(LD_CONFIG,
|
2011-11-08 22:10:38 +01:00
|
|
|
"You have set AccountingMax to use hibernation. You have also "
|
|
|
|
"chosen a low DirPort or OrPort. This combination can make Tor stop "
|
|
|
|
"working when it tries to re-attach the port after a period of "
|
|
|
|
"hibernation. Please choose a different port or turn off "
|
|
|
|
"hibernation unless you know this combination will work on your "
|
|
|
|
"platform.");
|
|
|
|
}
|
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
/** Return a list of port_cfg_t for client ports parsed from the
|
|
|
|
* options. */
|
|
|
|
const smartlist_t *
|
2011-11-08 22:10:38 +01:00
|
|
|
get_configured_ports(void)
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
{
|
2011-11-08 22:10:38 +01:00
|
|
|
if (!configured_ports)
|
2012-01-18 21:53:30 +01:00
|
|
|
configured_ports = smartlist_new();
|
2011-11-08 22:10:38 +01:00
|
|
|
return configured_ports;
|
|
|
|
}
|
|
|
|
|
2012-06-05 01:56:16 +02:00
|
|
|
/** Return an address:port string representation of the address
|
2012-03-31 14:04:58 +02:00
|
|
|
* where the first <b>listener_type</b> listener waits for
|
|
|
|
* connections. Return NULL if we couldn't find a listener. The
|
|
|
|
* string is allocated on the heap and it's the responsibility of the
|
|
|
|
* caller to free it after use.
|
|
|
|
*
|
|
|
|
* This function is meant to be used by the pluggable transport proxy
|
2012-04-12 22:42:37 +02:00
|
|
|
* spawning code, please make sure that it fits your purposes before
|
|
|
|
* using it. */
|
2012-03-31 14:04:58 +02:00
|
|
|
char *
|
2012-04-12 22:42:37 +02:00
|
|
|
get_first_listener_addrport_string(int listener_type)
|
2012-03-31 14:04:58 +02:00
|
|
|
{
|
|
|
|
static const char *ipv4_localhost = "127.0.0.1";
|
|
|
|
static const char *ipv6_localhost = "[::1]";
|
|
|
|
const char *address;
|
|
|
|
uint16_t port;
|
|
|
|
char *string = NULL;
|
|
|
|
|
|
|
|
if (!configured_ports)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
SMARTLIST_FOREACH_BEGIN(configured_ports, const port_cfg_t *, cfg) {
|
2012-04-12 22:42:37 +02:00
|
|
|
if (cfg->no_listen)
|
|
|
|
continue;
|
2012-03-31 14:04:58 +02:00
|
|
|
|
|
|
|
if (cfg->type == listener_type &&
|
|
|
|
tor_addr_family(&cfg->addr) != AF_UNSPEC) {
|
|
|
|
|
|
|
|
/* We found the first listener of the type we are interested in! */
|
|
|
|
|
|
|
|
/* If a listener is listening on INADDR_ANY, assume that it's
|
|
|
|
also listening on 127.0.0.1, and point the transport proxy
|
|
|
|
there: */
|
|
|
|
if (tor_addr_is_null(&cfg->addr))
|
|
|
|
address = tor_addr_is_v4(&cfg->addr) ? ipv4_localhost : ipv6_localhost;
|
|
|
|
else
|
|
|
|
address = fmt_and_decorate_addr(&cfg->addr);
|
|
|
|
|
|
|
|
/* If a listener is configured with port 'auto', we are forced
|
|
|
|
to iterate all listener connections and find out in which
|
|
|
|
port it ended up listening: */
|
2012-04-12 22:42:37 +02:00
|
|
|
if (cfg->port == CFG_AUTO_PORT) {
|
2013-03-11 22:20:43 +01:00
|
|
|
port = router_get_active_listener_port_by_type_af(listener_type,
|
|
|
|
tor_addr_family(&cfg->addr));
|
2012-04-12 22:42:37 +02:00
|
|
|
if (!port)
|
|
|
|
return NULL;
|
|
|
|
} else {
|
2012-03-31 14:04:58 +02:00
|
|
|
port = cfg->port;
|
2012-04-12 22:42:37 +02:00
|
|
|
}
|
2012-03-31 14:04:58 +02:00
|
|
|
|
|
|
|
tor_asprintf(&string, "%s:%u", address, port);
|
|
|
|
|
|
|
|
return string;
|
|
|
|
}
|
|
|
|
|
|
|
|
} SMARTLIST_FOREACH_END(cfg);
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2011-11-24 17:49:31 +01:00
|
|
|
/** Return the first advertised port of type <b>listener_type</b> in
|
|
|
|
<b>address_family</b>. */
|
2011-11-08 22:10:38 +01:00
|
|
|
int
|
2011-11-24 17:49:31 +01:00
|
|
|
get_first_advertised_port_by_type_af(int listener_type, int address_family)
|
2011-11-08 22:10:38 +01:00
|
|
|
{
|
|
|
|
if (!configured_ports)
|
|
|
|
return 0;
|
|
|
|
SMARTLIST_FOREACH_BEGIN(configured_ports, const port_cfg_t *, cfg) {
|
|
|
|
if (cfg->type == listener_type &&
|
|
|
|
!cfg->no_advertise &&
|
2011-11-24 17:49:31 +01:00
|
|
|
(tor_addr_family(&cfg->addr) == address_family ||
|
2011-11-29 11:00:43 +01:00
|
|
|
tor_addr_family(&cfg->addr) == AF_UNSPEC)) {
|
2011-11-24 17:49:31 +01:00
|
|
|
if (tor_addr_family(&cfg->addr) != AF_UNSPEC ||
|
2012-10-31 16:12:28 +01:00
|
|
|
(address_family == AF_INET && !cfg->bind_ipv6_only) ||
|
|
|
|
(address_family == AF_INET6 && !cfg->bind_ipv4_only)) {
|
2011-11-29 11:00:43 +01:00
|
|
|
return cfg->port;
|
2011-11-24 17:49:31 +01:00
|
|
|
}
|
2011-11-08 22:10:38 +01:00
|
|
|
}
|
|
|
|
} SMARTLIST_FOREACH_END(cfg);
|
|
|
|
return 0;
|
Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
This implements tickets 3514 and 3515.
2011-06-30 20:01:02 +02:00
|
|
|
}
|
|
|
|
|
2004-11-10 01:11:37 +01:00
|
|
|
/** Adjust the value of options->DataDirectory, or fill it in if it's
|
2004-11-09 19:22:17 +01:00
|
|
|
* absent. Return 0 on success, -1 on failure. */
|
2004-11-09 06:26:49 +01:00
|
|
|
static int
|
2005-06-11 20:52:12 +02:00
|
|
|
normalize_data_directory(or_options_t *options)
|
|
|
|
{
|
2012-01-31 16:59:42 +01:00
|
|
|
#ifdef _WIN32
|
2004-11-09 08:05:53 +01:00
|
|
|
char *p;
|
|
|
|
if (options->DataDirectory)
|
|
|
|
return 0; /* all set */
|
|
|
|
p = tor_malloc(MAX_PATH);
|
|
|
|
strlcpy(p,get_windows_conf_root(),MAX_PATH);
|
|
|
|
options->DataDirectory = p;
|
|
|
|
return 0;
|
2004-08-18 05:42:55 +02:00
|
|
|
#else
|
2004-11-09 08:05:53 +01:00
|
|
|
const char *d = options->DataDirectory;
|
2004-11-28 10:05:49 +01:00
|
|
|
if (!d)
|
2004-06-21 06:37:27 +02:00
|
|
|
d = "~/.tor";
|
2004-10-14 04:47:09 +02:00
|
|
|
|
2004-11-09 08:05:53 +01:00
|
|
|
if (strncmp(d,"~/",2) == 0) {
|
2004-11-09 06:26:49 +01:00
|
|
|
char *fn = expand_filename(d);
|
|
|
|
if (!fn) {
|
2007-05-13 11:25:06 +02:00
|
|
|
log_warn(LD_CONFIG,"Failed to expand filename \"%s\".", d);
|
2004-11-09 08:05:53 +01:00
|
|
|
return -1;
|
2004-11-09 06:26:49 +01:00
|
|
|
}
|
2004-11-09 19:22:17 +01:00
|
|
|
if (!options->DataDirectory && !strcmp(fn,"/.tor")) {
|
|
|
|
/* If our homedir is /, we probably don't want to use it. */
|
2006-10-03 00:13:42 +02:00
|
|
|
/* Default to LOCALSTATEDIR/tor which is probably closer to what we
|
|
|
|
* want. */
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"Default DataDirectory is \"~/.tor\". This expands to "
|
2007-03-09 22:39:30 +01:00
|
|
|
"\"%s\", which is probably not what you want. Using "
|
|
|
|
"\"%s"PATH_SEPARATOR"tor\" instead", fn, LOCALSTATEDIR);
|
2005-05-03 02:36:57 +02:00
|
|
|
tor_free(fn);
|
2007-03-09 22:39:30 +01:00
|
|
|
fn = tor_strdup(LOCALSTATEDIR PATH_SEPARATOR "tor");
|
2004-11-09 19:22:17 +01:00
|
|
|
}
|
2004-11-09 06:26:49 +01:00
|
|
|
tor_free(options->DataDirectory);
|
|
|
|
options->DataDirectory = fn;
|
|
|
|
}
|
|
|
|
return 0;
|
2004-11-09 08:05:53 +01:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2004-11-09 19:22:17 +01:00
|
|
|
/** Check and normalize the value of options->DataDirectory; return 0 if it
|
2009-12-19 21:08:58 +01:00
|
|
|
* is sane, -1 otherwise. */
|
2004-11-09 08:05:53 +01:00
|
|
|
static int
|
2005-06-11 20:52:12 +02:00
|
|
|
validate_data_directory(or_options_t *options)
|
|
|
|
{
|
2004-11-09 08:20:21 +01:00
|
|
|
if (normalize_data_directory(options) < 0)
|
2004-11-09 08:05:53 +01:00
|
|
|
return -1;
|
|
|
|
tor_assert(options->DataDirectory);
|
|
|
|
if (strlen(options->DataDirectory) > (512-128)) {
|
2007-05-13 11:25:06 +02:00
|
|
|
log_warn(LD_CONFIG, "DataDirectory is too long.");
|
2004-11-09 08:05:53 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
2004-06-21 06:37:27 +02:00
|
|
|
}
|
|
|
|
|
2005-12-27 03:48:02 +01:00
|
|
|
/** This string must remain the same forevermore. It is how we
|
|
|
|
* recognize that the torrc file doesn't need to be backed up. */
|
2005-12-14 21:40:40 +01:00
|
|
|
#define GENERATED_FILE_PREFIX "# This file was generated by Tor; " \
|
|
|
|
"if you edit it, comments will not be preserved"
|
2005-12-27 03:48:02 +01:00
|
|
|
/** This string can change; it tries to give the reader an idea
|
|
|
|
* that editing this file by hand is not a good plan. */
|
2006-06-09 04:20:42 +02:00
|
|
|
#define GENERATED_FILE_COMMENT "# The old torrc file was renamed " \
|
|
|
|
"to torrc.orig.1 or similar, and Tor will ignore it"
|
2004-11-14 21:51:28 +01:00
|
|
|
|
|
|
|
/** Save a configuration file for the configuration in <b>options</b>
|
|
|
|
* into the file <b>fname</b>. If the file already exists, and
|
|
|
|
* doesn't begin with GENERATED_FILE_PREFIX, rename it. Otherwise
|
|
|
|
* replace it. Return 0 on success, -1 on failure. */
|
|
|
|
static int
|
2011-06-14 19:01:38 +02:00
|
|
|
write_configuration_file(const char *fname, const or_options_t *options)
|
2004-11-14 21:51:28 +01:00
|
|
|
{
|
2004-11-15 04:53:03 +01:00
|
|
|
char *old_val=NULL, *new_val=NULL, *new_conf=NULL;
|
2004-11-14 21:51:28 +01:00
|
|
|
int rename_old = 0, r;
|
|
|
|
|
2008-09-05 23:19:53 +02:00
|
|
|
tor_assert(fname);
|
|
|
|
|
|
|
|
switch (file_status(fname)) {
|
2014-10-19 08:48:07 +02:00
|
|
|
/* create backups of old config files, even if they're empty */
|
2008-09-05 23:19:53 +02:00
|
|
|
case FN_FILE:
|
2014-10-19 08:48:07 +02:00
|
|
|
case FN_EMPTY:
|
2008-09-05 23:19:53 +02:00
|
|
|
old_val = read_file_to_str(fname, 0, NULL);
|
2011-05-12 04:05:41 +02:00
|
|
|
if (!old_val || strcmpstart(old_val, GENERATED_FILE_PREFIX)) {
|
2008-09-05 23:19:53 +02:00
|
|
|
rename_old = 1;
|
|
|
|
}
|
|
|
|
tor_free(old_val);
|
|
|
|
break;
|
|
|
|
case FN_NOENT:
|
|
|
|
break;
|
|
|
|
case FN_ERROR:
|
|
|
|
case FN_DIR:
|
|
|
|
default:
|
|
|
|
log_warn(LD_CONFIG,
|
|
|
|
"Config file \"%s\" is not a file? Failing.", fname);
|
|
|
|
return -1;
|
2004-11-14 21:51:28 +01:00
|
|
|
}
|
|
|
|
|
2013-09-03 16:30:50 +02:00
|
|
|
if (!(new_conf = options_dump(options, OPTIONS_DUMP_MINIMAL))) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_BUG, "Couldn't get configuration string");
|
2004-11-14 21:51:28 +01:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2010-03-01 03:46:50 +01:00
|
|
|
tor_asprintf(&new_val, "%s\n%s\n\n%s",
|
2005-12-27 03:48:35 +01:00
|
|
|
GENERATED_FILE_PREFIX, GENERATED_FILE_COMMENT, new_conf);
|
2004-11-14 21:51:28 +01:00
|
|
|
|
|
|
|
if (rename_old) {
|
|
|
|
int i = 1;
|
2012-01-11 20:02:59 +01:00
|
|
|
char *fn_tmp = NULL;
|
2004-11-14 21:51:28 +01:00
|
|
|
while (1) {
|
2012-01-11 20:02:59 +01:00
|
|
|
tor_asprintf(&fn_tmp, "%s.orig.%d", fname, i);
|
2004-11-15 04:53:03 +01:00
|
|
|
if (file_status(fn_tmp) == FN_NOENT)
|
2004-11-14 21:51:28 +01:00
|
|
|
break;
|
2012-01-11 20:02:59 +01:00
|
|
|
tor_free(fn_tmp);
|
2004-11-14 21:51:28 +01:00
|
|
|
++i;
|
|
|
|
}
|
2006-02-13 10:02:35 +01:00
|
|
|
log_notice(LD_CONFIG, "Renaming old configuration file to \"%s\"", fn_tmp);
|
2014-03-28 08:51:50 +01:00
|
|
|
if (tor_rename(fname, fn_tmp) < 0) {//XXXX sandbox doesn't allow
|
2006-10-03 00:13:42 +02:00
|
|
|
log_warn(LD_FS,
|
2006-10-07 08:28:50 +02:00
|
|
|
"Couldn't rename configuration file \"%s\" to \"%s\": %s",
|
|
|
|
fname, fn_tmp, strerror(errno));
|
2006-02-20 00:12:26 +01:00
|
|
|
tor_free(fn_tmp);
|
|
|
|
goto err;
|
|
|
|
}
|
2005-02-22 07:38:39 +01:00
|
|
|
tor_free(fn_tmp);
|
2004-11-14 21:51:28 +01:00
|
|
|
}
|
|
|
|
|
2006-02-20 02:06:27 +01:00
|
|
|
if (write_str_to_file(fname, new_val, 0) < 0)
|
|
|
|
goto err;
|
2004-11-14 21:51:28 +01:00
|
|
|
|
|
|
|
r = 0;
|
|
|
|
goto done;
|
|
|
|
err:
|
|
|
|
r = -1;
|
|
|
|
done:
|
|
|
|
tor_free(new_val);
|
|
|
|
tor_free(new_conf);
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Save the current configuration file value to disk. Return 0 on
|
|
|
|
* success, -1 on failure.
|
|
|
|
**/
|
|
|
|
int
|
2005-07-23 03:58:05 +02:00
|
|
|
options_save_current(void)
|
2004-11-14 21:51:28 +01:00
|
|
|
{
|
2010-02-22 12:21:58 +01:00
|
|
|
/* This fails if we can't write to our configuration file.
|
|
|
|
*
|
|
|
|
* If we try falling back to datadirectory or something, we have a better
|
|
|
|
* chance of saving the configuration, but a better chance of doing
|
|
|
|
* something the user never expected. */
|
2011-11-28 04:25:52 +01:00
|
|
|
return write_configuration_file(get_torrc_fname(0), get_options());
|
2004-11-14 21:51:28 +01:00
|
|
|
}
|
|
|
|
|
2010-09-28 20:36:28 +02:00
|
|
|
/** Return the number of cpus configured in <b>options</b>. If we are
|
|
|
|
* told to auto-detect the number of cpus, return the auto-detected number. */
|
|
|
|
int
|
|
|
|
get_num_cpus(const or_options_t *options)
|
|
|
|
{
|
2010-11-15 20:14:13 +01:00
|
|
|
if (options->NumCPUs == 0) {
|
2010-09-28 20:36:28 +02:00
|
|
|
int n = compute_num_cpus();
|
|
|
|
return (n >= 1) ? n : 1;
|
|
|
|
} else {
|
2010-11-15 20:14:13 +01:00
|
|
|
return options->NumCPUs;
|
2010-09-28 20:36:28 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-06-08 15:53:19 +02:00
|
|
|
/**
|
|
|
|
* Initialize the libevent library.
|
|
|
|
*/
|
2006-03-26 08:51:26 +02:00
|
|
|
static void
|
2010-09-28 20:01:45 +02:00
|
|
|
init_libevent(const or_options_t *options)
|
2005-06-08 15:53:19 +02:00
|
|
|
{
|
2009-06-04 09:16:26 +02:00
|
|
|
const char *badness=NULL;
|
2010-09-28 20:01:45 +02:00
|
|
|
tor_libevent_cfg cfg;
|
|
|
|
|
|
|
|
tor_assert(options);
|
2009-06-04 09:16:26 +02:00
|
|
|
|
2005-06-08 15:53:19 +02:00
|
|
|
configure_libevent_logging();
|
|
|
|
/* If the kernel complains that some method (say, epoll) doesn't
|
|
|
|
* exist, we don't care about it, since libevent will cope.
|
|
|
|
*/
|
|
|
|
suppress_libevent_log_msg("Function not implemented");
|
2009-01-07 22:05:02 +01:00
|
|
|
|
2009-06-04 09:16:26 +02:00
|
|
|
tor_check_libevent_header_compatibility();
|
2009-01-07 22:05:02 +01:00
|
|
|
|
2010-09-28 20:01:45 +02:00
|
|
|
memset(&cfg, 0, sizeof(cfg));
|
|
|
|
cfg.disable_iocp = options->DisableIOCP;
|
2010-09-28 20:36:28 +02:00
|
|
|
cfg.num_cpus = get_num_cpus(options);
|
2011-09-08 04:00:48 +02:00
|
|
|
cfg.msec_per_tick = options->TokenBucketRefillInterval;
|
2010-09-28 20:01:45 +02:00
|
|
|
|
|
|
|
tor_libevent_initialize(&cfg);
|
2009-06-04 07:05:23 +02:00
|
|
|
|
2005-06-08 15:53:19 +02:00
|
|
|
suppress_libevent_log_msg(NULL);
|
2006-08-10 10:00:13 +02:00
|
|
|
|
2009-06-04 09:16:26 +02:00
|
|
|
tor_check_libevent_version(tor_libevent_get_method(),
|
2012-08-09 21:48:43 +02:00
|
|
|
server_mode(get_options()),
|
2009-06-04 09:16:26 +02:00
|
|
|
&badness);
|
2007-01-06 08:34:02 +01:00
|
|
|
if (badness) {
|
2009-06-04 09:16:26 +02:00
|
|
|
const char *v = tor_libevent_get_version_str();
|
|
|
|
const char *m = tor_libevent_get_method();
|
2007-01-06 08:34:02 +01:00
|
|
|
control_event_general_status(LOG_WARN,
|
|
|
|
"BAD_LIBEVENT VERSION=%s METHOD=%s BADNESS=%s RECOVERED=NO",
|
|
|
|
v, m, badness);
|
2005-06-08 15:53:19 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-10-17 18:55:44 +02:00
|
|
|
/** Return a newly allocated string holding a filename relative to the data
|
|
|
|
* directory. If <b>sub1</b> is present, it is the first path component after
|
|
|
|
* the data directory. If <b>sub2</b> is also present, it is the second path
|
|
|
|
* component after the data directory. If <b>suffix</b> is present, it
|
|
|
|
* is appended to the filename.
|
|
|
|
*
|
|
|
|
* Examples:
|
|
|
|
* get_datadir_fname2_suffix("a", NULL, NULL) -> $DATADIR/a
|
|
|
|
* get_datadir_fname2_suffix("a", NULL, ".tmp") -> $DATADIR/a.tmp
|
|
|
|
* get_datadir_fname2_suffix("a", "b", ".tmp") -> $DATADIR/a/b/.tmp
|
|
|
|
* get_datadir_fname2_suffix("a", "b", NULL) -> $DATADIR/a/b
|
|
|
|
*
|
|
|
|
* Note: Consider using the get_datadir_fname* macros in or.h.
|
|
|
|
*/
|
|
|
|
char *
|
2011-06-14 19:01:38 +02:00
|
|
|
options_get_datadir_fname2_suffix(const or_options_t *options,
|
2008-09-01 22:06:26 +02:00
|
|
|
const char *sub1, const char *sub2,
|
|
|
|
const char *suffix)
|
2005-07-28 21:01:48 +02:00
|
|
|
{
|
2007-10-17 18:55:44 +02:00
|
|
|
char *fname = NULL;
|
|
|
|
size_t len;
|
|
|
|
tor_assert(options);
|
|
|
|
tor_assert(options->DataDirectory);
|
|
|
|
tor_assert(sub1 || !sub2); /* If sub2 is present, sub1 must be present. */
|
|
|
|
len = strlen(options->DataDirectory);
|
|
|
|
if (sub1) {
|
|
|
|
len += strlen(sub1)+1;
|
|
|
|
if (sub2)
|
|
|
|
len += strlen(sub2)+1;
|
|
|
|
}
|
|
|
|
if (suffix)
|
|
|
|
len += strlen(suffix);
|
|
|
|
len++;
|
2005-07-28 21:01:48 +02:00
|
|
|
fname = tor_malloc(len);
|
2007-10-17 18:55:44 +02:00
|
|
|
if (sub1) {
|
|
|
|
if (sub2) {
|
|
|
|
tor_snprintf(fname, len, "%s"PATH_SEPARATOR"%s"PATH_SEPARATOR"%s",
|
|
|
|
options->DataDirectory, sub1, sub2);
|
|
|
|
} else {
|
|
|
|
tor_snprintf(fname, len, "%s"PATH_SEPARATOR"%s",
|
|
|
|
options->DataDirectory, sub1);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
strlcpy(fname, options->DataDirectory, len);
|
|
|
|
}
|
|
|
|
if (suffix)
|
|
|
|
strlcat(fname, suffix, len);
|
2005-07-28 21:01:48 +02:00
|
|
|
return fname;
|
|
|
|
}
|
|
|
|
|
2013-01-25 11:49:33 +01:00
|
|
|
/** Check wether the data directory has a private subdirectory
|
|
|
|
* <b>subdir</b>. If not, try to create it. Return 0 on success,
|
|
|
|
* -1 otherwise. */
|
|
|
|
int
|
|
|
|
check_or_create_data_subdir(const char *subdir)
|
|
|
|
{
|
|
|
|
char *statsdir = get_datadir_fname(subdir);
|
|
|
|
int return_val = 0;
|
|
|
|
|
|
|
|
if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0) {
|
|
|
|
log_warn(LD_HIST, "Unable to create %s/ directory!", subdir);
|
|
|
|
return_val = -1;
|
|
|
|
}
|
|
|
|
tor_free(statsdir);
|
|
|
|
return return_val;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Create a file named <b>fname</b> with contents <b>str</b> in the
|
|
|
|
* subdirectory <b>subdir</b> of the data directory. <b>descr</b>
|
|
|
|
* should be a short description of the file's content and will be
|
|
|
|
* used for the warning message, if it's present and the write process
|
|
|
|
* fails. Return 0 on success, -1 otherwise.*/
|
|
|
|
int
|
|
|
|
write_to_data_subdir(const char* subdir, const char* fname,
|
|
|
|
const char* str, const char* descr)
|
|
|
|
{
|
|
|
|
char *filename = get_datadir_fname2(subdir, fname);
|
|
|
|
int return_val = 0;
|
|
|
|
|
|
|
|
if (write_str_to_file(filename, str, 0) < 0) {
|
|
|
|
log_warn(LD_HIST, "Unable to write %s to disk!", descr ? descr : fname);
|
|
|
|
return_val = -1;
|
|
|
|
}
|
|
|
|
tor_free(filename);
|
|
|
|
return return_val;
|
|
|
|
}
|
|
|
|
|
2007-10-14 02:13:06 +02:00
|
|
|
/** Given a file name check to see whether the file exists but has not been
|
|
|
|
* modified for a very long time. If so, remove it. */
|
|
|
|
void
|
|
|
|
remove_file_if_very_old(const char *fname, time_t now)
|
|
|
|
{
|
|
|
|
#define VERY_OLD_FILE_AGE (28*24*60*60)
|
|
|
|
struct stat st;
|
|
|
|
|
2014-04-16 19:17:09 +02:00
|
|
|
log_debug(LD_FS, "stat()ing %s", fname);
|
2013-08-21 16:57:15 +02:00
|
|
|
if (stat(sandbox_intern_string(fname), &st)==0 &&
|
|
|
|
st.st_mtime < now-VERY_OLD_FILE_AGE) {
|
2007-10-14 02:13:06 +02:00
|
|
|
char buf[ISO_TIME_LEN+1];
|
|
|
|
format_local_iso_time(buf, st.st_mtime);
|
|
|
|
log_notice(LD_GENERAL, "Obsolete file %s hasn't been modified since %s. "
|
|
|
|
"Removing it.", fname, buf);
|
2014-03-19 01:52:31 +01:00
|
|
|
if (unlink(fname) != 0) {
|
|
|
|
log_warn(LD_FS, "Failed to unlink %s: %s",
|
|
|
|
fname, strerror(errno));
|
|
|
|
}
|
2007-10-14 02:13:06 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-06-07 18:20:36 +02:00
|
|
|
/** Return a smartlist of ports that must be forwarded by
|
|
|
|
* tor-fw-helper. The smartlist contains the ports in a string format
|
|
|
|
* that is understandable by tor-fw-helper. */
|
|
|
|
smartlist_t *
|
|
|
|
get_list_of_ports_to_forward(void)
|
|
|
|
{
|
|
|
|
smartlist_t *ports_to_forward = smartlist_new();
|
|
|
|
int port = 0;
|
|
|
|
|
|
|
|
/** XXX TODO tor-fw-helper does not support forwarding ports to
|
|
|
|
other hosts than the local one. If the user is binding to a
|
|
|
|
different IP address, tor-fw-helper won't work. */
|
2012-09-05 19:17:25 +02:00
|
|
|
port = router_get_advertised_or_port(get_options()); /* Get ORPort */
|
2012-06-07 18:20:36 +02:00
|
|
|
if (port)
|
|
|
|
smartlist_add_asprintf(ports_to_forward, "%d:%d", port, port);
|
|
|
|
|
2012-09-05 19:17:25 +02:00
|
|
|
port = router_get_advertised_dir_port(get_options(), 0); /* Get DirPort */
|
2012-06-07 18:20:36 +02:00
|
|
|
if (port)
|
|
|
|
smartlist_add_asprintf(ports_to_forward, "%d:%d", port, port);
|
|
|
|
|
|
|
|
/* Get ports of transport proxies */
|
2012-06-29 18:32:34 +02:00
|
|
|
{
|
|
|
|
smartlist_t *transport_ports = get_transport_proxy_ports();
|
|
|
|
if (transport_ports) {
|
|
|
|
smartlist_add_all(ports_to_forward, transport_ports);
|
|
|
|
smartlist_free(transport_ports);
|
|
|
|
}
|
2012-06-07 18:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!smartlist_len(ports_to_forward)) {
|
|
|
|
smartlist_free(ports_to_forward);
|
|
|
|
ports_to_forward = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ports_to_forward;
|
|
|
|
}
|
|
|
|
|
2006-03-17 06:50:41 +01:00
|
|
|
/** Helper to implement GETINFO functions about configuration variables (not
|
|
|
|
* their values). Given a "config/names" question, set *<b>answer</b> to a
|
|
|
|
* new string describing the supported configuration variables and their
|
|
|
|
* types. */
|
2005-08-04 21:56:41 +02:00
|
|
|
int
|
2006-12-08 05:39:13 +01:00
|
|
|
getinfo_helper_config(control_connection_t *conn,
|
2010-07-18 17:05:58 +02:00
|
|
|
const char *question, char **answer,
|
|
|
|
const char **errmsg)
|
2005-08-04 21:56:41 +02:00
|
|
|
{
|
2006-12-08 05:39:13 +01:00
|
|
|
(void) conn;
|
2010-07-18 17:05:58 +02:00
|
|
|
(void) errmsg;
|
2005-08-04 21:56:41 +02:00
|
|
|
if (!strcmp(question, "config/names")) {
|
2012-01-18 21:53:30 +01:00
|
|
|
smartlist_t *sl = smartlist_new();
|
2005-08-04 21:56:41 +02:00
|
|
|
int i;
|
2012-10-12 18:22:13 +02:00
|
|
|
for (i = 0; option_vars_[i].name; ++i) {
|
|
|
|
const config_var_t *var = &option_vars_[i];
|
2009-12-19 21:25:25 +01:00
|
|
|
const char *type;
|
2012-03-19 07:00:10 +01:00
|
|
|
/* don't tell controller about triple-underscore options */
|
2012-10-12 18:22:13 +02:00
|
|
|
if (!strncmp(option_vars_[i].name, "___", 3))
|
2012-09-10 16:22:40 +02:00
|
|
|
continue;
|
2005-08-04 21:56:41 +02:00
|
|
|
switch (var->type) {
|
2005-08-08 23:58:48 +02:00
|
|
|
case CONFIG_TYPE_STRING: type = "String"; break;
|
2008-06-16 20:09:53 +02:00
|
|
|
case CONFIG_TYPE_FILENAME: type = "Filename"; break;
|
2005-08-04 21:56:41 +02:00
|
|
|
case CONFIG_TYPE_UINT: type = "Integer"; break;
|
2012-05-04 05:15:34 +02:00
|
|
|
case CONFIG_TYPE_INT: type = "SignedInteger"; break;
|
2011-05-02 21:05:10 +02:00
|
|
|
case CONFIG_TYPE_PORT: type = "Port"; break;
|
2005-08-08 23:58:48 +02:00
|
|
|
case CONFIG_TYPE_INTERVAL: type = "TimeInterval"; break;
|
2010-08-27 08:13:54 +02:00
|
|
|
case CONFIG_TYPE_MSEC_INTERVAL: type = "TimeMsecInterval"; break;
|
2005-08-04 21:56:41 +02:00
|
|
|
case CONFIG_TYPE_MEMUNIT: type = "DataSize"; break;
|
|
|
|
case CONFIG_TYPE_DOUBLE: type = "Float"; break;
|
|
|
|
case CONFIG_TYPE_BOOL: type = "Boolean"; break;
|
2010-11-08 19:34:40 +01:00
|
|
|
case CONFIG_TYPE_AUTOBOOL: type = "Boolean+Auto"; break;
|
2005-08-04 21:56:41 +02:00
|
|
|
case CONFIG_TYPE_ISOTIME: type = "Time"; break;
|
2008-07-18 20:36:32 +02:00
|
|
|
case CONFIG_TYPE_ROUTERSET: type = "RouterList"; break;
|
2005-08-04 21:56:41 +02:00
|
|
|
case CONFIG_TYPE_CSV: type = "CommaList"; break;
|
2013-05-16 12:08:48 +02:00
|
|
|
case CONFIG_TYPE_CSV_INTERVAL: type = "TimeIntervalCommaList"; break;
|
2005-08-04 21:56:41 +02:00
|
|
|
case CONFIG_TYPE_LINELIST: type = "LineList"; break;
|
|
|
|
case CONFIG_TYPE_LINELIST_S: type = "Dependant"; break;
|
|
|
|
case CONFIG_TYPE_LINELIST_V: type = "Virtual"; break;
|
|
|
|
default:
|
|
|
|
case CONFIG_TYPE_OBSOLETE:
|
|
|
|
type = NULL; break;
|
|
|
|
}
|
|
|
|
if (!type)
|
|
|
|
continue;
|
2012-01-11 19:44:10 +01:00
|
|
|
smartlist_add_asprintf(sl, "%s %s\n",var->name,type);
|
2005-08-04 21:56:41 +02:00
|
|
|
}
|
|
|
|
*answer = smartlist_join_strings(sl, "", 0, NULL);
|
|
|
|
SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
|
|
|
|
smartlist_free(sl);
|
2012-04-05 23:17:30 +02:00
|
|
|
} else if (!strcmp(question, "config/defaults")) {
|
|
|
|
smartlist_t *sl = smartlist_new();
|
|
|
|
int i;
|
2012-10-12 18:22:13 +02:00
|
|
|
for (i = 0; option_vars_[i].name; ++i) {
|
|
|
|
const config_var_t *var = &option_vars_[i];
|
2012-04-05 23:17:30 +02:00
|
|
|
if (var->initvalue != NULL) {
|
|
|
|
char *val = esc_for_log(var->initvalue);
|
|
|
|
smartlist_add_asprintf(sl, "%s %s\n",var->name,val);
|
|
|
|
tor_free(val);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*answer = smartlist_join_strings(sl, "", 0, NULL);
|
|
|
|
SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
|
|
|
|
smartlist_free(sl);
|
2005-08-04 21:56:41 +02:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-09-20 17:09:25 +02:00
|
|
|
/** Parse outbound bind address option lines. If <b>validate_only</b>
|
2012-10-12 18:22:13 +02:00
|
|
|
* is not 0 update OutboundBindAddressIPv4_ and
|
|
|
|
* OutboundBindAddressIPv6_ in <b>options</b>. On failure, set
|
2012-09-20 17:09:25 +02:00
|
|
|
* <b>msg</b> (if provided) to a newly allocated string containing a
|
|
|
|
* description of the problem and return -1. */
|
|
|
|
static int
|
|
|
|
parse_outbound_addresses(or_options_t *options, int validate_only, char **msg)
|
|
|
|
{
|
|
|
|
const config_line_t *lines = options->OutboundBindAddress;
|
|
|
|
int found_v4 = 0, found_v6 = 0;
|
|
|
|
|
|
|
|
if (!validate_only) {
|
2012-10-12 18:22:13 +02:00
|
|
|
memset(&options->OutboundBindAddressIPv4_, 0,
|
|
|
|
sizeof(options->OutboundBindAddressIPv4_));
|
|
|
|
memset(&options->OutboundBindAddressIPv6_, 0,
|
|
|
|
sizeof(options->OutboundBindAddressIPv6_));
|
2012-09-20 17:09:25 +02:00
|
|
|
}
|
|
|
|
while (lines) {
|
|
|
|
tor_addr_t addr, *dst_addr = NULL;
|
|
|
|
int af = tor_addr_parse(&addr, lines->value);
|
|
|
|
switch (af) {
|
|
|
|
case AF_INET:
|
|
|
|
if (found_v4) {
|
|
|
|
if (msg)
|
|
|
|
tor_asprintf(msg, "Multiple IPv4 outbound bind addresses "
|
|
|
|
"configured: %s", lines->value);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
found_v4 = 1;
|
2012-10-12 18:22:13 +02:00
|
|
|
dst_addr = &options->OutboundBindAddressIPv4_;
|
2012-09-20 17:09:25 +02:00
|
|
|
break;
|
|
|
|
case AF_INET6:
|
|
|
|
if (found_v6) {
|
|
|
|
if (msg)
|
|
|
|
tor_asprintf(msg, "Multiple IPv6 outbound bind addresses "
|
|
|
|
"configured: %s", lines->value);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
found_v6 = 1;
|
2012-10-12 18:22:13 +02:00
|
|
|
dst_addr = &options->OutboundBindAddressIPv6_;
|
2012-09-20 17:09:25 +02:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
if (msg)
|
|
|
|
tor_asprintf(msg, "Outbound bind address '%s' didn't parse.",
|
|
|
|
lines->value);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (!validate_only)
|
|
|
|
tor_addr_copy(dst_addr, &addr);
|
|
|
|
lines = lines->next;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-10-19 23:23:04 +02:00
|
|
|
/** Load one of the geoip files, <a>family</a> determining which
|
2012-11-05 03:51:02 +01:00
|
|
|
* one. <a>default_fname</a> is used if on Windows and
|
2012-10-19 23:23:04 +02:00
|
|
|
* <a>fname</a> equals "<default>". */
|
2012-10-20 19:35:00 +02:00
|
|
|
static void
|
|
|
|
config_load_geoip_file_(sa_family_t family,
|
2012-11-05 03:51:02 +01:00
|
|
|
const char *fname,
|
2012-10-20 19:35:00 +02:00
|
|
|
const char *default_fname)
|
|
|
|
{
|
2012-11-05 03:51:02 +01:00
|
|
|
#ifdef _WIN32
|
|
|
|
char *free_fname = NULL; /* Used to hold any temporary-allocated value */
|
2012-10-20 19:35:00 +02:00
|
|
|
/* XXXX Don't use this "<default>" junk; make our filename options
|
|
|
|
* understand prefixes somehow. -NM */
|
2012-11-05 03:51:02 +01:00
|
|
|
if (!strcmp(fname, "<default>")) {
|
|
|
|
const char *conf_root = get_windows_conf_root();
|
|
|
|
tor_asprintf(&free_fname, "%s\\%s", conf_root, default_fname);
|
|
|
|
fname = free_fname;
|
|
|
|
}
|
|
|
|
geoip_load_file(family, fname);
|
|
|
|
tor_free(free_fname);
|
|
|
|
#else
|
|
|
|
(void)default_fname;
|
|
|
|
geoip_load_file(family, fname);
|
2012-10-20 19:35:00 +02:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2012-10-19 23:23:04 +02:00
|
|
|
/** Load geoip files for IPv4 and IPv6 if <a>options</a> and
|
|
|
|
* <a>old_options</a> indicate we should. */
|
2012-10-20 19:35:00 +02:00
|
|
|
static void
|
|
|
|
config_maybe_load_geoip_files_(const or_options_t *options,
|
|
|
|
const or_options_t *old_options)
|
|
|
|
{
|
2012-11-05 03:51:02 +01:00
|
|
|
/* XXXX024 Reload GeoIPFile on SIGHUP. -NM */
|
|
|
|
|
2012-10-20 19:35:00 +02:00
|
|
|
if (options->GeoIPFile &&
|
|
|
|
((!old_options || !opt_streq(old_options->GeoIPFile,
|
|
|
|
options->GeoIPFile))
|
|
|
|
|| !geoip_is_loaded(AF_INET)))
|
2012-11-05 03:51:02 +01:00
|
|
|
config_load_geoip_file_(AF_INET, options->GeoIPFile, "geoip");
|
2012-10-20 19:35:00 +02:00
|
|
|
if (options->GeoIPv6File &&
|
|
|
|
((!old_options || !opt_streq(old_options->GeoIPv6File,
|
|
|
|
options->GeoIPv6File))
|
|
|
|
|| !geoip_is_loaded(AF_INET6)))
|
2012-11-05 03:51:02 +01:00
|
|
|
config_load_geoip_file_(AF_INET6, options->GeoIPv6File, "geoip6");
|
2012-10-20 19:35:00 +02:00
|
|
|
}
|
2012-11-05 03:52:28 +01:00
|
|
|
|
2013-06-04 19:00:28 +02:00
|
|
|
/** Initialize cookie authentication (used so far by the ControlPort
|
|
|
|
* and Extended ORPort).
|
|
|
|
*
|
|
|
|
* Allocate memory and create a cookie (of length <b>cookie_len</b>)
|
|
|
|
* in <b>cookie_out</b>.
|
|
|
|
* Then write it down to <b>fname</b> and prepend it with <b>header</b>.
|
|
|
|
*
|
2014-08-15 22:12:06 +02:00
|
|
|
* If <b>group_readable</b> is set, set <b>fname</b> to be readable
|
|
|
|
* by the default GID.
|
|
|
|
*
|
2013-06-04 19:00:28 +02:00
|
|
|
* If the whole procedure was successful, set
|
|
|
|
* <b>cookie_is_set_out</b> to True. */
|
|
|
|
int
|
|
|
|
init_cookie_authentication(const char *fname, const char *header,
|
2014-08-15 14:30:44 +02:00
|
|
|
int cookie_len, int group_readable,
|
2013-06-04 19:00:28 +02:00
|
|
|
uint8_t **cookie_out, int *cookie_is_set_out)
|
|
|
|
{
|
|
|
|
char cookie_file_str_len = strlen(header) + cookie_len;
|
|
|
|
char *cookie_file_str = tor_malloc(cookie_file_str_len);
|
|
|
|
int retval = -1;
|
|
|
|
|
|
|
|
/* We don't want to generate a new cookie every time we call
|
|
|
|
* options_act(). One should be enough. */
|
|
|
|
if (*cookie_is_set_out) {
|
|
|
|
retval = 0; /* we are all set */
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If we've already set the cookie, free it before re-setting
|
|
|
|
it. This can happen if we previously generated a cookie, but
|
|
|
|
couldn't write it to a disk. */
|
|
|
|
if (*cookie_out)
|
|
|
|
tor_free(*cookie_out);
|
|
|
|
|
|
|
|
/* Generate the cookie */
|
|
|
|
*cookie_out = tor_malloc(cookie_len);
|
|
|
|
if (crypto_rand((char *)*cookie_out, cookie_len) < 0)
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
/* Create the string that should be written on the file. */
|
|
|
|
memcpy(cookie_file_str, header, strlen(header));
|
|
|
|
memcpy(cookie_file_str+strlen(header), *cookie_out, cookie_len);
|
|
|
|
if (write_bytes_to_file(fname, cookie_file_str, cookie_file_str_len, 1)) {
|
|
|
|
log_warn(LD_FS,"Error writing auth cookie to %s.", escaped(fname));
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2014-08-15 14:30:44 +02:00
|
|
|
#ifndef _WIN32
|
|
|
|
if (group_readable) {
|
|
|
|
if (chmod(fname, 0640)) {
|
|
|
|
log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
|
|
|
|
}
|
|
|
|
}
|
2014-08-18 16:19:05 +02:00
|
|
|
#else
|
|
|
|
(void) group_readable;
|
2014-08-15 14:30:44 +02:00
|
|
|
#endif
|
|
|
|
|
2013-06-04 19:00:28 +02:00
|
|
|
/* Success! */
|
|
|
|
log_info(LD_GENERAL, "Generated auth cookie file in '%s'.", escaped(fname));
|
|
|
|
*cookie_is_set_out = 1;
|
|
|
|
retval = 0;
|
|
|
|
|
|
|
|
done:
|
|
|
|
memwipe(cookie_file_str, 0, cookie_file_str_len);
|
|
|
|
tor_free(cookie_file_str);
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|