diff --git a/src/or/config.c b/src/or/config.c index 2f5ba6c6f7..cf1365a7ed 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -588,6 +588,44 @@ static const config_var_t testing_tor_network_defaults[] = { #undef V #undef OBSOLETE +static const config_deprecation_t option_deprecation_notes_[] = { + { "AllowDotExit", "Unrestricted use of the .exit notation can be used for " + "a wide variety of application-level attacks." }, + { "AllowInvalidNodes", "There is no reason to enable this option; at best " + "it will make you easier to track." }, + { "AllowSingleHopCircuits", "Almost no relays actually allow single-hop " + "exits, making this option pointless." }, + { "AllowSingleHopExits", "Turning this on will make your relay easier " + "to abuse." }, + { "ClientDNSRejectInternalAddresses", "Turning this on makes your client " + "easier to fingerprint, and may open you to esoteric attacks." }, + { "ExcludeSingleHopRelays", "Turning it on makes your client easier to " + "fingerprint." }, + { "FastFirstHopPK", "Changing this option does not make your client more " + "secure, but does make it easier to fingerprint." }, + { "CloseHSClientCircutisImmediatelyOnTimeout", "This option makes your " + "client easier to fingerprint." }, + { "CloseHSServiceRendircutisImmediatelyOnTimeout", "This option makes " + "your hidden services easier to fingerprint." }, + { "WarnUnsafeSocks", "Changing this option makes it easier for you " + "to accidentally lose your anonymity by leaking DNS information" }, + { "TLSECGroup", "The default is a nice secure choice; the other option " + "is less secure." }, + { "UseNTorHandshake", "The ntor handshake should always be used." }, + + { "ControlListenAddress", "Use ControlPort instead." }, + { "DirListenAddress", "Use DirPort instead, possibly with the " + "NoAdvertise sub-option" }, + { "DNSListenAddress", "Use DNSPort instead." }, + { "SocksListenAddress", "Use SocksPort instead." }, + { "TransListenAddress", "Use TransPort instead." }, + { "NATDListenAddress", "Use NATDPort instead." }, + { "ORListenAddress", "Use ORPort instead, possibly with the " + "NoAdvertise sub-option" }, + + { NULL, NULL } +}; + #ifdef _WIN32 static char *get_windows_conf_root(void); #endif @@ -636,7 +674,7 @@ STATIC config_format_t options_format = { OR_OPTIONS_MAGIC, STRUCT_OFFSET(or_options_t, magic_), option_abbrevs_, - NULL, + option_deprecation_notes_, option_vars_, options_validate_cb, NULL diff --git a/src/or/confparse.c b/src/or/confparse.c index 233cc7c77d..8bd4b81cda 100644 --- a/src/or/confparse.c +++ b/src/or/confparse.c @@ -192,7 +192,7 @@ config_find_deprecation(const config_format_t *fmt, const char *key) if (fmt->deprecations == NULL) return NULL; - config_deprecation_t *d; + const config_deprecation_t *d; for (d = fmt->deprecations; d->name; ++d) { if (!strcasecmp(d->name, key)) { return d->why_deprecated ? d->why_deprecated : ""; @@ -486,10 +486,11 @@ config_mark_lists_fragile(const config_format_t *fmt, void *options) void warn_deprecated_option(const char *what, const char *why) { + const char *space = (why && strlen(why)) ? " " : ""; log_warn(LD_CONFIG, "The %s option is deprecated, and will most likely " - "be removed in a future version of Tor.%s (If you think this is " + "be removed in a future version of Tor.%s%s (If you think this is " "a mistake, please let us know!)", - what, why); + what, space, why); } /** If c is a syntactically valid configuration line, update diff --git a/src/or/confparse.h b/src/or/confparse.h index 415d680d2e..87dd6d8210 100644 --- a/src/or/confparse.h +++ b/src/or/confparse.h @@ -81,7 +81,7 @@ typedef struct config_format_t { off_t magic_offset; /**< Offset of the magic value within the struct. */ config_abbrev_t *abbrevs; /**< List of abbreviations that we expand when * parsing this format. */ - config_deprecation_t *deprecations; /** List of deprecated options */ + const config_deprecation_t *deprecations; /** List of deprecated options */ config_var_t *vars; /**< List of variables we recognize, their default * values, and where we stick them in the structure. */ validate_fn_t validate_fn; /**< Function to validate config. */ @@ -133,6 +133,5 @@ const char *config_expand_abbrev(const config_format_t *fmt, int command_line, int warn_obsolete); void warn_deprecated_option(const char *what, const char *why); - #endif