mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Merge remote-tracking branch 'public/bug6507' into maint-0.2.3
This commit is contained in:
commit
676f71054f
15
changes/bug6507
Normal file
15
changes/bug6507
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
o Major bugfixes:
|
||||||
|
- Detect 'ORPort 0' as meaning, uniformly, that we're not running
|
||||||
|
as a server. Previously, some of our code would treat the
|
||||||
|
presence of any ORPort line as meaning that we should act like a
|
||||||
|
server, even though our new listener code would correctly not
|
||||||
|
open any ORPorts for ORPort 0. Similar bugs in other Port
|
||||||
|
options are also fixed. Fixes bug 6507; bugfix on 0.2.3.3-alpha.
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
|
||||||
|
- Detect and reject attempts to specify both 'FooPort' and
|
||||||
|
'FooPort 0' in the same configuration domain. (It's still okay
|
||||||
|
to have a FooPort in your configuration file,and use 'FooPort 0'
|
||||||
|
on the command line to disable it.) Fixes another case of
|
||||||
|
bug6507; bugfix on 0.2.3.3-alpha.
|
161
src/or/config.c
161
src/or/config.c
@ -168,6 +168,9 @@ typedef struct config_var_t {
|
|||||||
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
|
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
|
||||||
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
|
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
|
||||||
|
|
||||||
|
#define VPORT(member,conftype,initvalue) \
|
||||||
|
VAR(#member, conftype, member ## _lines, initvalue)
|
||||||
|
|
||||||
/** Array of configuration options. Until we disallow nonstandard
|
/** Array of configuration options. Until we disallow nonstandard
|
||||||
* abbreviations, order is significant, since the first matching option will
|
* abbreviations, order is significant, since the first matching option will
|
||||||
* be chosen first.
|
* be chosen first.
|
||||||
@ -229,7 +232,7 @@ static config_var_t _option_vars[] = {
|
|||||||
V(ConstrainedSockSize, MEMUNIT, "8192"),
|
V(ConstrainedSockSize, MEMUNIT, "8192"),
|
||||||
V(ContactInfo, STRING, NULL),
|
V(ContactInfo, STRING, NULL),
|
||||||
V(ControlListenAddress, LINELIST, NULL),
|
V(ControlListenAddress, LINELIST, NULL),
|
||||||
V(ControlPort, LINELIST, NULL),
|
VPORT(ControlPort, LINELIST, NULL),
|
||||||
V(ControlPortFileGroupReadable,BOOL, "0"),
|
V(ControlPortFileGroupReadable,BOOL, "0"),
|
||||||
V(ControlPortWriteToFile, FILENAME, NULL),
|
V(ControlPortWriteToFile, FILENAME, NULL),
|
||||||
V(ControlSocket, LINELIST, NULL),
|
V(ControlSocket, LINELIST, NULL),
|
||||||
@ -246,7 +249,7 @@ static config_var_t _option_vars[] = {
|
|||||||
V(DirListenAddress, LINELIST, NULL),
|
V(DirListenAddress, LINELIST, NULL),
|
||||||
OBSOLETE("DirFetchPeriod"),
|
OBSOLETE("DirFetchPeriod"),
|
||||||
V(DirPolicy, LINELIST, NULL),
|
V(DirPolicy, LINELIST, NULL),
|
||||||
V(DirPort, LINELIST, NULL),
|
VPORT(DirPort, LINELIST, NULL),
|
||||||
V(DirPortFrontPage, FILENAME, NULL),
|
V(DirPortFrontPage, FILENAME, NULL),
|
||||||
OBSOLETE("DirPostPeriod"),
|
OBSOLETE("DirPostPeriod"),
|
||||||
OBSOLETE("DirRecordUsageByCountry"),
|
OBSOLETE("DirRecordUsageByCountry"),
|
||||||
@ -259,7 +262,7 @@ static config_var_t _option_vars[] = {
|
|||||||
V(DisableDebuggerAttachment, BOOL, "1"),
|
V(DisableDebuggerAttachment, BOOL, "1"),
|
||||||
V(DisableIOCP, BOOL, "1"),
|
V(DisableIOCP, BOOL, "1"),
|
||||||
V(DynamicDHGroups, BOOL, "0"),
|
V(DynamicDHGroups, BOOL, "0"),
|
||||||
V(DNSPort, LINELIST, NULL),
|
VPORT(DNSPort, LINELIST, NULL),
|
||||||
V(DNSListenAddress, LINELIST, NULL),
|
V(DNSListenAddress, LINELIST, NULL),
|
||||||
V(DownloadExtraInfo, BOOL, "0"),
|
V(DownloadExtraInfo, BOOL, "0"),
|
||||||
V(EnforceDistinctSubnets, BOOL, "1"),
|
V(EnforceDistinctSubnets, BOOL, "1"),
|
||||||
@ -345,7 +348,7 @@ static config_var_t _option_vars[] = {
|
|||||||
V(NewCircuitPeriod, INTERVAL, "30 seconds"),
|
V(NewCircuitPeriod, INTERVAL, "30 seconds"),
|
||||||
VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
|
VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
|
||||||
V(NATDListenAddress, LINELIST, NULL),
|
V(NATDListenAddress, LINELIST, NULL),
|
||||||
V(NATDPort, LINELIST, NULL),
|
VPORT(NATDPort, LINELIST, NULL),
|
||||||
V(Nickname, STRING, NULL),
|
V(Nickname, STRING, NULL),
|
||||||
V(WarnUnsafeSocks, BOOL, "1"),
|
V(WarnUnsafeSocks, BOOL, "1"),
|
||||||
OBSOLETE("NoPublish"),
|
OBSOLETE("NoPublish"),
|
||||||
@ -353,7 +356,7 @@ static config_var_t _option_vars[] = {
|
|||||||
V(NumCPUs, UINT, "0"),
|
V(NumCPUs, UINT, "0"),
|
||||||
V(NumEntryGuards, UINT, "3"),
|
V(NumEntryGuards, UINT, "3"),
|
||||||
V(ORListenAddress, LINELIST, NULL),
|
V(ORListenAddress, LINELIST, NULL),
|
||||||
V(ORPort, LINELIST, NULL),
|
VPORT(ORPort, LINELIST, NULL),
|
||||||
V(OutboundBindAddress, STRING, NULL),
|
V(OutboundBindAddress, STRING, NULL),
|
||||||
|
|
||||||
V(PathBiasCircThreshold, INT, "-1"),
|
V(PathBiasCircThreshold, INT, "-1"),
|
||||||
@ -406,7 +409,7 @@ static config_var_t _option_vars[] = {
|
|||||||
V(ShutdownWaitLength, INTERVAL, "30 seconds"),
|
V(ShutdownWaitLength, INTERVAL, "30 seconds"),
|
||||||
V(SocksListenAddress, LINELIST, NULL),
|
V(SocksListenAddress, LINELIST, NULL),
|
||||||
V(SocksPolicy, LINELIST, NULL),
|
V(SocksPolicy, LINELIST, NULL),
|
||||||
V(SocksPort, LINELIST, NULL),
|
VPORT(SocksPort, LINELIST, NULL),
|
||||||
V(SocksTimeout, INTERVAL, "2 minutes"),
|
V(SocksTimeout, INTERVAL, "2 minutes"),
|
||||||
OBSOLETE("StatusFetchPeriod"),
|
OBSOLETE("StatusFetchPeriod"),
|
||||||
V(StrictNodes, BOOL, "0"),
|
V(StrictNodes, BOOL, "0"),
|
||||||
@ -419,7 +422,7 @@ static config_var_t _option_vars[] = {
|
|||||||
V(TrackHostExitsExpire, INTERVAL, "30 minutes"),
|
V(TrackHostExitsExpire, INTERVAL, "30 minutes"),
|
||||||
OBSOLETE("TrafficShaping"),
|
OBSOLETE("TrafficShaping"),
|
||||||
V(TransListenAddress, LINELIST, NULL),
|
V(TransListenAddress, LINELIST, NULL),
|
||||||
V(TransPort, LINELIST, NULL),
|
VPORT(TransPort, LINELIST, NULL),
|
||||||
V(TunnelDirConns, BOOL, "1"),
|
V(TunnelDirConns, BOOL, "1"),
|
||||||
V(UpdateBridgesFromAuthority, BOOL, "0"),
|
V(UpdateBridgesFromAuthority, BOOL, "0"),
|
||||||
V(UseBridges, BOOL, "0"),
|
V(UseBridges, BOOL, "0"),
|
||||||
@ -622,7 +625,7 @@ static int parse_dir_server_line(const char *line,
|
|||||||
dirinfo_type_t required_type,
|
dirinfo_type_t required_type,
|
||||||
int validate_only);
|
int validate_only);
|
||||||
static void port_cfg_free(port_cfg_t *port);
|
static void port_cfg_free(port_cfg_t *port);
|
||||||
static int parse_ports(const or_options_t *options, int validate_only,
|
static int parse_ports(or_options_t *options, int validate_only,
|
||||||
char **msg_out, int *n_ports_out);
|
char **msg_out, int *n_ports_out);
|
||||||
static int check_server_ports(const smartlist_t *ports,
|
static int check_server_ports(const smartlist_t *ports,
|
||||||
const or_options_t *options);
|
const or_options_t *options);
|
||||||
@ -1167,7 +1170,7 @@ options_act_reversible(const or_options_t *old_options, char **msg)
|
|||||||
|
|
||||||
#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
|
#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
|
||||||
/* Open /dev/pf before dropping privileges. */
|
/* Open /dev/pf before dropping privileges. */
|
||||||
if (options->TransPort) {
|
if (options->TransPort_set) {
|
||||||
if (get_pf_socket() < 0) {
|
if (get_pf_socket() < 0) {
|
||||||
*msg = tor_strdup("Unable to open /dev/pf for transparent proxy.");
|
*msg = tor_strdup("Unable to open /dev/pf for transparent proxy.");
|
||||||
goto rollback;
|
goto rollback;
|
||||||
@ -1650,7 +1653,7 @@ options_act(const or_options_t *old_options)
|
|||||||
int was_relay = 0;
|
int was_relay = 0;
|
||||||
if (options->BridgeRelay) {
|
if (options->BridgeRelay) {
|
||||||
time_t int_start = time(NULL);
|
time_t int_start = time(NULL);
|
||||||
if (config_lines_eq(old_options->ORPort, options->ORPort)) {
|
if (config_lines_eq(old_options->ORPort_lines,options->ORPort_lines)) {
|
||||||
int_start += RELAY_BRIDGE_STATS_DELAY;
|
int_start += RELAY_BRIDGE_STATS_DELAY;
|
||||||
was_relay = 1;
|
was_relay = 1;
|
||||||
}
|
}
|
||||||
@ -1734,7 +1737,7 @@ options_act(const or_options_t *old_options)
|
|||||||
} else {
|
} else {
|
||||||
options->DirReqStatistics = 0;
|
options->DirReqStatistics = 0;
|
||||||
/* Don't warn Tor clients, they don't use statistics */
|
/* Don't warn Tor clients, they don't use statistics */
|
||||||
if (options->ORPort)
|
if (options->ORPort_set)
|
||||||
log_notice(LD_CONFIG, "Configured to measure directory request "
|
log_notice(LD_CONFIG, "Configured to measure directory request "
|
||||||
"statistics, but no GeoIP database found. "
|
"statistics, but no GeoIP database found. "
|
||||||
"Please specify a GeoIP database using the "
|
"Please specify a GeoIP database using the "
|
||||||
@ -3448,7 +3451,8 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||||||
"Tor will still run, but probably won't do anything.");
|
"Tor will still run, but probably won't do anything.");
|
||||||
|
|
||||||
#ifndef USE_TRANSPARENT
|
#ifndef USE_TRANSPARENT
|
||||||
if (options->TransPort || options->TransListenAddress)
|
/* XXXX024 I think we can remove this TransListenAddress */
|
||||||
|
if (options->TransPort_set || options->TransListenAddress)
|
||||||
REJECT("TransPort and TransListenAddress are disabled in this build.");
|
REJECT("TransPort and TransListenAddress are disabled in this build.");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -3518,10 +3522,10 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (options->AuthoritativeDir && !options->DirPort)
|
if (options->AuthoritativeDir && !options->DirPort_set)
|
||||||
REJECT("Running as authoritative directory, but no DirPort set.");
|
REJECT("Running as authoritative directory, but no DirPort set.");
|
||||||
|
|
||||||
if (options->AuthoritativeDir && !options->ORPort)
|
if (options->AuthoritativeDir && !options->ORPort_set)
|
||||||
REJECT("Running as authoritative directory, but no ORPort set.");
|
REJECT("Running as authoritative directory, but no ORPort set.");
|
||||||
|
|
||||||
if (options->AuthoritativeDir && options->ClientOnly)
|
if (options->AuthoritativeDir && options->ClientOnly)
|
||||||
@ -3708,11 +3712,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||||||
"PublishServerDescriptor line.");
|
"PublishServerDescriptor line.");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (options->BridgeRelay && options->DirPort) {
|
if (options->BridgeRelay && options->DirPort_set) {
|
||||||
log_warn(LD_CONFIG, "Can't set a DirPort on a bridge relay; disabling "
|
log_warn(LD_CONFIG, "Can't set a DirPort on a bridge relay; disabling "
|
||||||
"DirPort");
|
"DirPort");
|
||||||
config_free_lines(options->DirPort);
|
config_free_lines(options->DirPort_lines);
|
||||||
options->DirPort = NULL;
|
options->DirPort_lines = NULL;
|
||||||
|
options->DirPort_set = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (options->MinUptimeHidServDirectoryV2 < 0) {
|
if (options->MinUptimeHidServDirectoryV2 < 0) {
|
||||||
@ -3987,7 +3992,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (options->ControlPort && !options->HashedControlPassword &&
|
if (options->ControlPort_set && !options->HashedControlPassword &&
|
||||||
!options->HashedControlSessionPassword &&
|
!options->HashedControlSessionPassword &&
|
||||||
!options->CookieAuthentication) {
|
!options->CookieAuthentication) {
|
||||||
log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
|
log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
|
||||||
@ -4067,7 +4072,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||||||
MIN_CONSTRAINED_TCP_BUFFER, MAX_CONSTRAINED_TCP_BUFFER);
|
MIN_CONSTRAINED_TCP_BUFFER, MAX_CONSTRAINED_TCP_BUFFER);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (options->DirPort) {
|
if (options->DirPort_set) {
|
||||||
/* Providing cached directory entries while system TCP buffers are scarce
|
/* Providing cached directory entries while system TCP buffers are scarce
|
||||||
* will exacerbate the socket errors. Suggest that this be disabled. */
|
* will exacerbate the socket errors. Suggest that this be disabled. */
|
||||||
COMPLAIN("You have requested constrained socket buffers while also "
|
COMPLAIN("You have requested constrained socket buffers while also "
|
||||||
@ -4226,7 +4231,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
if (options->BridgeRelay == 1 && ! options->ORPort)
|
if (options->BridgeRelay == 1 && ! options->ORPort_set)
|
||||||
REJECT("BridgeRelay is 1, ORPort is not set. This is an invalid "
|
REJECT("BridgeRelay is 1, ORPort is not set. This is an invalid "
|
||||||
"combination.");
|
"combination.");
|
||||||
|
|
||||||
@ -4326,7 +4331,7 @@ options_transition_affects_workers(const or_options_t *old_options,
|
|||||||
{
|
{
|
||||||
if (!opt_streq(old_options->DataDirectory, new_options->DataDirectory) ||
|
if (!opt_streq(old_options->DataDirectory, new_options->DataDirectory) ||
|
||||||
old_options->NumCPUs != new_options->NumCPUs ||
|
old_options->NumCPUs != new_options->NumCPUs ||
|
||||||
!config_lines_eq(old_options->ORPort, new_options->ORPort) ||
|
!config_lines_eq(old_options->ORPort_lines, new_options->ORPort_lines) ||
|
||||||
old_options->ServerDNSSearchDomains !=
|
old_options->ServerDNSSearchDomains !=
|
||||||
new_options->ServerDNSSearchDomains ||
|
new_options->ServerDNSSearchDomains ||
|
||||||
old_options->_SafeLogging != new_options->_SafeLogging ||
|
old_options->_SafeLogging != new_options->_SafeLogging ||
|
||||||
@ -4356,8 +4361,10 @@ options_transition_affects_descriptor(const or_options_t *old_options,
|
|||||||
!config_lines_eq(old_options->ExitPolicy,new_options->ExitPolicy) ||
|
!config_lines_eq(old_options->ExitPolicy,new_options->ExitPolicy) ||
|
||||||
old_options->ExitPolicyRejectPrivate !=
|
old_options->ExitPolicyRejectPrivate !=
|
||||||
new_options->ExitPolicyRejectPrivate ||
|
new_options->ExitPolicyRejectPrivate ||
|
||||||
!config_lines_eq(old_options->ORPort, new_options->ORPort) ||
|
!config_lines_eq(old_options->ORPort_lines,
|
||||||
!config_lines_eq(old_options->DirPort, new_options->DirPort) ||
|
new_options->ORPort_lines) ||
|
||||||
|
!config_lines_eq(old_options->DirPort_lines,
|
||||||
|
new_options->DirPort_lines) ||
|
||||||
old_options->ClientOnly != new_options->ClientOnly ||
|
old_options->ClientOnly != new_options->ClientOnly ||
|
||||||
old_options->DisableNetwork != new_options->DisableNetwork ||
|
old_options->DisableNetwork != new_options->DisableNetwork ||
|
||||||
old_options->_PublishServerDescriptor !=
|
old_options->_PublishServerDescriptor !=
|
||||||
@ -5643,13 +5650,13 @@ warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid)
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
parse_port_config(smartlist_t *out,
|
parse_port_config(smartlist_t *out,
|
||||||
const config_line_t *ports,
|
const config_line_t *ports,
|
||||||
const config_line_t *listenaddrs,
|
const config_line_t *listenaddrs,
|
||||||
const char *portname,
|
const char *portname,
|
||||||
int listener_type,
|
int listener_type,
|
||||||
const char *defaultaddr,
|
const char *defaultaddr,
|
||||||
int defaultport,
|
int defaultport,
|
||||||
unsigned flags)
|
unsigned flags)
|
||||||
{
|
{
|
||||||
smartlist_t *elts;
|
smartlist_t *elts;
|
||||||
int retval = -1;
|
int retval = -1;
|
||||||
@ -5660,6 +5667,7 @@ parse_port_config(smartlist_t *out,
|
|||||||
const unsigned forbid_nonlocal = flags & CL_PORT_FORBID_NONLOCAL;
|
const unsigned forbid_nonlocal = flags & CL_PORT_FORBID_NONLOCAL;
|
||||||
const unsigned allow_spurious_listenaddr =
|
const unsigned allow_spurious_listenaddr =
|
||||||
flags & CL_PORT_ALLOW_EXTRA_LISTENADDR;
|
flags & CL_PORT_ALLOW_EXTRA_LISTENADDR;
|
||||||
|
int got_zero_port=0, got_nonzero_port=0;
|
||||||
|
|
||||||
/* FooListenAddress is deprecated; let's make it work like it used to work,
|
/* FooListenAddress is deprecated; let's make it work like it used to work,
|
||||||
* though. */
|
* though. */
|
||||||
@ -5687,7 +5695,7 @@ parse_port_config(smartlist_t *out,
|
|||||||
|
|
||||||
if (mainport == 0) {
|
if (mainport == 0) {
|
||||||
if (allow_spurious_listenaddr)
|
if (allow_spurious_listenaddr)
|
||||||
return 1;
|
return 1; /*DOCDOC*/
|
||||||
log_warn(LD_CONFIG, "%sPort must be defined if %sListenAddress is used",
|
log_warn(LD_CONFIG, "%sPort must be defined if %sListenAddress is used",
|
||||||
portname, portname);
|
portname, portname);
|
||||||
return -1;
|
return -1;
|
||||||
@ -5912,6 +5920,11 @@ parse_port_config(smartlist_t *out,
|
|||||||
} SMARTLIST_FOREACH_END(elt);
|
} SMARTLIST_FOREACH_END(elt);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (port)
|
||||||
|
got_nonzero_port = 1;
|
||||||
|
else
|
||||||
|
got_zero_port = 1;
|
||||||
|
|
||||||
if (out && port) {
|
if (out && port) {
|
||||||
port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t));
|
port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t));
|
||||||
tor_addr_copy(&cfg->addr, &addr);
|
tor_addr_copy(&cfg->addr, &addr);
|
||||||
@ -5938,6 +5951,13 @@ parse_port_config(smartlist_t *out,
|
|||||||
warn_nonlocal_client_ports(out, portname);
|
warn_nonlocal_client_ports(out, portname);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (got_zero_port && got_nonzero_port) {
|
||||||
|
log_warn(LD_CONFIG, "You specified a nonzero %sPort along with '%sPort 0' "
|
||||||
|
"in the same configuration. Did you mean to disable %sPort or "
|
||||||
|
"not?", portname, portname, portname);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
retval = 0;
|
retval = 0;
|
||||||
err:
|
err:
|
||||||
SMARTLIST_FOREACH(elts, char *, cp, tor_free(cp));
|
SMARTLIST_FOREACH(elts, char *, cp, tor_free(cp));
|
||||||
@ -5968,16 +5988,34 @@ parse_unix_socket_config(smartlist_t *out, const config_line_t *cfg,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Return the number of ports which are actually going to listen with type
|
||||||
|
* <b>listenertype</b>. Do not count no_listen ports. Do not count unix
|
||||||
|
* sockets. */
|
||||||
|
static int
|
||||||
|
count_real_listeners(const smartlist_t *ports, int listenertype)
|
||||||
|
{
|
||||||
|
int n = 0;
|
||||||
|
SMARTLIST_FOREACH_BEGIN(ports, port_cfg_t *, port) {
|
||||||
|
if (port->no_listen || port->is_unix_addr)
|
||||||
|
continue;
|
||||||
|
if (port->type != listenertype)
|
||||||
|
continue;
|
||||||
|
++n;
|
||||||
|
} SMARTLIST_FOREACH_END(port);
|
||||||
|
return n;
|
||||||
|
}
|
||||||
|
|
||||||
/** Parse all client port types (Socks, DNS, Trans, NATD) from
|
/** Parse all client port types (Socks, DNS, Trans, NATD) from
|
||||||
* <b>options</b>. On success, set *<b>n_ports_out</b> to the number of
|
* <b>options</b>. On success, set *<b>n_ports_out</b> to the number
|
||||||
* ports that are listed and return 0. On failure, set *<b>msg</b> to a
|
* of ports that are listed, update the *Port_set values in
|
||||||
|
* <b>options</b>, and return 0. On failure, set *<b>msg</b> to a
|
||||||
* description of the problem and return -1.
|
* description of the problem and return -1.
|
||||||
*
|
*
|
||||||
* If <b>validate_only</b> is false, set configured_client_ports to the
|
* If <b>validate_only</b> is false, set configured_client_ports to the
|
||||||
* new list of ports parsed from <b>options</b>.
|
* new list of ports parsed from <b>options</b>.
|
||||||
**/
|
**/
|
||||||
static int
|
static int
|
||||||
parse_ports(const or_options_t *options, int validate_only,
|
parse_ports(or_options_t *options, int validate_only,
|
||||||
char **msg, int *n_ports_out)
|
char **msg, int *n_ports_out)
|
||||||
{
|
{
|
||||||
smartlist_t *ports;
|
smartlist_t *ports;
|
||||||
@ -5988,7 +6026,7 @@ parse_ports(const or_options_t *options, int validate_only,
|
|||||||
*n_ports_out = 0;
|
*n_ports_out = 0;
|
||||||
|
|
||||||
if (parse_port_config(ports,
|
if (parse_port_config(ports,
|
||||||
options->SocksPort, options->SocksListenAddress,
|
options->SocksPort_lines, options->SocksListenAddress,
|
||||||
"Socks", CONN_TYPE_AP_LISTENER,
|
"Socks", CONN_TYPE_AP_LISTENER,
|
||||||
"127.0.0.1", 9050,
|
"127.0.0.1", 9050,
|
||||||
CL_PORT_WARN_NONLOCAL|CL_PORT_ALLOW_EXTRA_LISTENADDR) < 0) {
|
CL_PORT_WARN_NONLOCAL|CL_PORT_ALLOW_EXTRA_LISTENADDR) < 0) {
|
||||||
@ -5996,26 +6034,26 @@ parse_ports(const or_options_t *options, int validate_only,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (parse_port_config(ports,
|
if (parse_port_config(ports,
|
||||||
options->DNSPort, options->DNSListenAddress,
|
options->DNSPort_lines, options->DNSListenAddress,
|
||||||
"DNS", CONN_TYPE_AP_DNS_LISTENER,
|
"DNS", CONN_TYPE_AP_DNS_LISTENER,
|
||||||
"127.0.0.1", 0,
|
"127.0.0.1", 0,
|
||||||
CL_PORT_WARN_NONLOCAL) < 0) {
|
CL_PORT_WARN_NONLOCAL) < 0) {
|
||||||
*msg = tor_strdup("Invalid DNSPort/DNSListenAddress configuration");
|
*msg = tor_strdup("Invalid DNSPort/DNSListenAddress configuration");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (parse_port_config(ports,
|
if (parse_port_config(ports,
|
||||||
options->TransPort, options->TransListenAddress,
|
options->TransPort_lines, options->TransListenAddress,
|
||||||
"Trans", CONN_TYPE_AP_TRANS_LISTENER,
|
"Trans", CONN_TYPE_AP_TRANS_LISTENER,
|
||||||
"127.0.0.1", 0,
|
"127.0.0.1", 0,
|
||||||
CL_PORT_WARN_NONLOCAL) < 0) {
|
CL_PORT_WARN_NONLOCAL) < 0) {
|
||||||
*msg = tor_strdup("Invalid TransPort/TransListenAddress configuration");
|
*msg = tor_strdup("Invalid TransPort/TransListenAddress configuration");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (parse_port_config(ports,
|
if (parse_port_config(ports,
|
||||||
options->NATDPort, options->NATDListenAddress,
|
options->NATDPort_lines, options->NATDListenAddress,
|
||||||
"NATD", CONN_TYPE_AP_NATD_LISTENER,
|
"NATD", CONN_TYPE_AP_NATD_LISTENER,
|
||||||
"127.0.0.1", 0,
|
"127.0.0.1", 0,
|
||||||
CL_PORT_WARN_NONLOCAL) < 0) {
|
CL_PORT_WARN_NONLOCAL) < 0) {
|
||||||
*msg = tor_strdup("Invalid NatdPort/NatdListenAddress configuration");
|
*msg = tor_strdup("Invalid NatdPort/NatdListenAddress configuration");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -6028,7 +6066,8 @@ parse_ports(const or_options_t *options, int validate_only,
|
|||||||
control_port_flags |= CL_PORT_FORBID_NONLOCAL;
|
control_port_flags |= CL_PORT_FORBID_NONLOCAL;
|
||||||
|
|
||||||
if (parse_port_config(ports,
|
if (parse_port_config(ports,
|
||||||
options->ControlPort, options->ControlListenAddress,
|
options->ControlPort_lines,
|
||||||
|
options->ControlListenAddress,
|
||||||
"Control", CONN_TYPE_CONTROL_LISTENER,
|
"Control", CONN_TYPE_CONTROL_LISTENER,
|
||||||
"127.0.0.1", 0,
|
"127.0.0.1", 0,
|
||||||
control_port_flags) < 0) {
|
control_port_flags) < 0) {
|
||||||
@ -6045,7 +6084,7 @@ parse_ports(const or_options_t *options, int validate_only,
|
|||||||
}
|
}
|
||||||
if (! options->ClientOnly) {
|
if (! options->ClientOnly) {
|
||||||
if (parse_port_config(ports,
|
if (parse_port_config(ports,
|
||||||
options->ORPort, options->ORListenAddress,
|
options->ORPort_lines, options->ORListenAddress,
|
||||||
"OR", CONN_TYPE_OR_LISTENER,
|
"OR", CONN_TYPE_OR_LISTENER,
|
||||||
"0.0.0.0", 0,
|
"0.0.0.0", 0,
|
||||||
CL_PORT_SERVER_OPTIONS) < 0) {
|
CL_PORT_SERVER_OPTIONS) < 0) {
|
||||||
@ -6053,7 +6092,7 @@ parse_ports(const or_options_t *options, int validate_only,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (parse_port_config(ports,
|
if (parse_port_config(ports,
|
||||||
options->DirPort, options->DirListenAddress,
|
options->DirPort_lines, options->DirListenAddress,
|
||||||
"Dir", CONN_TYPE_DIR_LISTENER,
|
"Dir", CONN_TYPE_DIR_LISTENER,
|
||||||
"0.0.0.0", 0,
|
"0.0.0.0", 0,
|
||||||
CL_PORT_SERVER_OPTIONS) < 0) {
|
CL_PORT_SERVER_OPTIONS) < 0) {
|
||||||
@ -6069,6 +6108,25 @@ parse_ports(const or_options_t *options, int validate_only,
|
|||||||
|
|
||||||
*n_ports_out = smartlist_len(ports);
|
*n_ports_out = smartlist_len(ports);
|
||||||
|
|
||||||
|
retval = 0;
|
||||||
|
|
||||||
|
/* Update the *Port_set options. The !! here is to force a boolean out of
|
||||||
|
an integer. */
|
||||||
|
options->ORPort_set =
|
||||||
|
!! count_real_listeners(ports, CONN_TYPE_OR_LISTENER);
|
||||||
|
options->SocksPort_set =
|
||||||
|
!! count_real_listeners(ports, CONN_TYPE_AP_LISTENER);
|
||||||
|
options->TransPort_set =
|
||||||
|
!! count_real_listeners(ports, CONN_TYPE_AP_TRANS_LISTENER);
|
||||||
|
options->NATDPort_set =
|
||||||
|
!! count_real_listeners(ports, CONN_TYPE_AP_NATD_LISTENER);
|
||||||
|
options->ControlPort_set =
|
||||||
|
!! count_real_listeners(ports, CONN_TYPE_CONTROL_LISTENER);
|
||||||
|
options->DirPort_set =
|
||||||
|
!! count_real_listeners(ports, CONN_TYPE_DIR_LISTENER);
|
||||||
|
options->DNSPort_set =
|
||||||
|
!! count_real_listeners(ports, CONN_TYPE_AP_DNS_LISTENER);
|
||||||
|
|
||||||
if (!validate_only) {
|
if (!validate_only) {
|
||||||
if (configured_ports) {
|
if (configured_ports) {
|
||||||
SMARTLIST_FOREACH(configured_ports,
|
SMARTLIST_FOREACH(configured_ports,
|
||||||
@ -6079,7 +6137,6 @@ parse_ports(const or_options_t *options, int validate_only,
|
|||||||
ports = NULL; /* prevent free below. */
|
ports = NULL; /* prevent free below. */
|
||||||
}
|
}
|
||||||
|
|
||||||
retval = 0;
|
|
||||||
err:
|
err:
|
||||||
if (ports) {
|
if (ports) {
|
||||||
SMARTLIST_FOREACH(ports, port_cfg_t *, p, port_cfg_free(p));
|
SMARTLIST_FOREACH(ports, port_cfg_t *, p, port_cfg_free(p));
|
||||||
@ -6620,7 +6677,7 @@ init_libevent(const or_options_t *options)
|
|||||||
suppress_libevent_log_msg(NULL);
|
suppress_libevent_log_msg(NULL);
|
||||||
|
|
||||||
tor_check_libevent_version(tor_libevent_get_method(),
|
tor_check_libevent_version(tor_libevent_get_method(),
|
||||||
get_options()->ORPort != NULL,
|
server_mode(get_options()),
|
||||||
&badness);
|
&badness);
|
||||||
if (badness) {
|
if (badness) {
|
||||||
const char *v = tor_libevent_get_version_str();
|
const char *v = tor_libevent_get_version_str();
|
||||||
|
@ -3732,7 +3732,7 @@ download_status_reset(download_status_t *dls)
|
|||||||
const int *schedule;
|
const int *schedule;
|
||||||
size_t schedule_len;
|
size_t schedule_len;
|
||||||
|
|
||||||
find_dl_schedule_and_len(dls, get_options()->DirPort != NULL,
|
find_dl_schedule_and_len(dls, get_options()->DirPort_set,
|
||||||
&schedule, &schedule_len);
|
&schedule, &schedule_len);
|
||||||
|
|
||||||
dls->n_download_failures = 0;
|
dls->n_download_failures = 0;
|
||||||
|
@ -80,7 +80,7 @@ time_t download_status_increment_failure(download_status_t *dls,
|
|||||||
* the optional status code <b>sc</b>. */
|
* the optional status code <b>sc</b>. */
|
||||||
#define download_status_failed(dls, sc) \
|
#define download_status_failed(dls, sc) \
|
||||||
download_status_increment_failure((dls), (sc), NULL, \
|
download_status_increment_failure((dls), (sc), NULL, \
|
||||||
get_options()->DirPort!=NULL, time(NULL))
|
get_options()->DirPort_set, time(NULL))
|
||||||
|
|
||||||
void download_status_reset(download_status_t *dls);
|
void download_status_reset(download_status_t *dls);
|
||||||
static int download_status_is_ready(download_status_t *dls, time_t now,
|
static int download_status_is_ready(download_status_t *dls, time_t now,
|
||||||
|
@ -1214,7 +1214,7 @@ directory_fetches_from_authorities(const or_options_t *options)
|
|||||||
return 1; /* we don't know our IP address; ask an authority. */
|
return 1; /* we don't know our IP address; ask an authority. */
|
||||||
refuseunknown = ! router_my_exit_policy_is_reject_star() &&
|
refuseunknown = ! router_my_exit_policy_is_reject_star() &&
|
||||||
should_refuse_unknown_exits(options);
|
should_refuse_unknown_exits(options);
|
||||||
if (options->DirPort == NULL && !refuseunknown)
|
if (!options->DirPort_set && !refuseunknown)
|
||||||
return 0;
|
return 0;
|
||||||
if (!server_mode(options) || !advertised_server_mode())
|
if (!server_mode(options) || !advertised_server_mode())
|
||||||
return 0;
|
return 0;
|
||||||
@ -1250,7 +1250,7 @@ directory_fetches_dir_info_later(const or_options_t *options)
|
|||||||
int
|
int
|
||||||
directory_caches_v2_dir_info(const or_options_t *options)
|
directory_caches_v2_dir_info(const or_options_t *options)
|
||||||
{
|
{
|
||||||
return options->DirPort != NULL;
|
return options->DirPort_set;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Return true iff we want to fetch and keep certificates for authorities
|
/** Return true iff we want to fetch and keep certificates for authorities
|
||||||
@ -1259,7 +1259,7 @@ directory_caches_v2_dir_info(const or_options_t *options)
|
|||||||
int
|
int
|
||||||
directory_caches_unknown_auth_certs(const or_options_t *options)
|
directory_caches_unknown_auth_certs(const or_options_t *options)
|
||||||
{
|
{
|
||||||
return options->DirPort || options->BridgeRelay;
|
return options->DirPort_set || options->BridgeRelay;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Return 1 if we want to keep descriptors, networkstatuses, etc around
|
/** Return 1 if we want to keep descriptors, networkstatuses, etc around
|
||||||
@ -1268,7 +1268,7 @@ directory_caches_unknown_auth_certs(const or_options_t *options)
|
|||||||
int
|
int
|
||||||
directory_caches_dir_info(const or_options_t *options)
|
directory_caches_dir_info(const or_options_t *options)
|
||||||
{
|
{
|
||||||
if (options->BridgeRelay || options->DirPort)
|
if (options->BridgeRelay || options->DirPort_set)
|
||||||
return 1;
|
return 1;
|
||||||
if (!server_mode(options) || !advertised_server_mode())
|
if (!server_mode(options) || !advertised_server_mode())
|
||||||
return 0;
|
return 0;
|
||||||
@ -1284,7 +1284,7 @@ directory_caches_dir_info(const or_options_t *options)
|
|||||||
int
|
int
|
||||||
directory_permits_begindir_requests(const or_options_t *options)
|
directory_permits_begindir_requests(const or_options_t *options)
|
||||||
{
|
{
|
||||||
return options->BridgeRelay != 0 || options->DirPort != NULL;
|
return options->BridgeRelay != 0 || options->DirPort_set;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Return 1 if we want to allow controllers to ask us directory
|
/** Return 1 if we want to allow controllers to ask us directory
|
||||||
@ -1293,7 +1293,7 @@ directory_permits_begindir_requests(const or_options_t *options)
|
|||||||
int
|
int
|
||||||
directory_permits_controller_requests(const or_options_t *options)
|
directory_permits_controller_requests(const or_options_t *options)
|
||||||
{
|
{
|
||||||
return options->DirPort != NULL;
|
return options->DirPort_set;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Return 1 if we have no need to fetch new descriptors. This generally
|
/** Return 1 if we have no need to fetch new descriptors. This generally
|
||||||
|
35
src/or/or.h
35
src/or/or.h
@ -3033,19 +3033,40 @@ typedef struct {
|
|||||||
int DirAllowPrivateAddresses;
|
int DirAllowPrivateAddresses;
|
||||||
char *User; /**< Name of user to run Tor as. */
|
char *User; /**< Name of user to run Tor as. */
|
||||||
char *Group; /**< Name of group to run Tor as. */
|
char *Group; /**< Name of group to run Tor as. */
|
||||||
config_line_t *ORPort; /**< Ports to listen on for OR connections. */
|
config_line_t *ORPort_lines; /**< Ports to listen on for OR connections. */
|
||||||
config_line_t *SocksPort; /**< Ports to listen on for SOCKS connections. */
|
/** Ports to listen on for SOCKS connections. */
|
||||||
|
config_line_t *SocksPort_lines;
|
||||||
/** Ports to listen on for transparent pf/netfilter connections. */
|
/** Ports to listen on for transparent pf/netfilter connections. */
|
||||||
config_line_t *TransPort;
|
config_line_t *TransPort_lines;
|
||||||
config_line_t *NATDPort; /**< Ports to listen on for transparent natd
|
config_line_t *NATDPort_lines; /**< Ports to listen on for transparent natd
|
||||||
* connections. */
|
* connections. */
|
||||||
config_line_t *ControlPort; /**< Port to listen on for control
|
config_line_t *ControlPort_lines; /**< Ports to listen on for control
|
||||||
* connections. */
|
* connections. */
|
||||||
config_line_t *ControlSocket; /**< List of Unix Domain Sockets to listen on
|
config_line_t *ControlSocket; /**< List of Unix Domain Sockets to listen on
|
||||||
* for control connections. */
|
* for control connections. */
|
||||||
|
|
||||||
int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */
|
int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */
|
||||||
config_line_t *DirPort; /**< Port to listen on for directory connections. */
|
/** Ports to listen on for directory connections. */
|
||||||
config_line_t *DNSPort; /**< Port to listen on for DNS requests. */
|
config_line_t *DirPort_lines;
|
||||||
|
config_line_t *DNSPort_lines; /**< Ports to listen on for DNS requests. */
|
||||||
|
|
||||||
|
/** @name port booleans
|
||||||
|
*
|
||||||
|
* Derived booleans: True iff there is a non-listener port on an AF_INET or
|
||||||
|
* AF_INET6 address of the given type configured in one of the _lines
|
||||||
|
* options above.
|
||||||
|
*
|
||||||
|
* @{
|
||||||
|
*/
|
||||||
|
unsigned int ORPort_set : 1;
|
||||||
|
unsigned int SocksPort_set : 1;
|
||||||
|
unsigned int TransPort_set : 1;
|
||||||
|
unsigned int NATDPort_set : 1;
|
||||||
|
unsigned int ControlPort_set : 1;
|
||||||
|
unsigned int DirPort_set : 1;
|
||||||
|
unsigned int DNSPort_set : 1;
|
||||||
|
/**@}*/
|
||||||
|
|
||||||
int AssumeReachable; /**< Whether to publish our descriptor regardless. */
|
int AssumeReachable; /**< Whether to publish our descriptor regardless. */
|
||||||
int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
|
int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
|
||||||
int V1AuthoritativeDir; /**< Boolean: is this an authoritative directory
|
int V1AuthoritativeDir; /**< Boolean: is this an authoritative directory
|
||||||
|
@ -797,7 +797,7 @@ int
|
|||||||
check_whether_dirport_reachable(void)
|
check_whether_dirport_reachable(void)
|
||||||
{
|
{
|
||||||
const or_options_t *options = get_options();
|
const or_options_t *options = get_options();
|
||||||
return !options->DirPort ||
|
return !options->DirPort_set ||
|
||||||
options->AssumeReachable ||
|
options->AssumeReachable ||
|
||||||
net_is_disabled() ||
|
net_is_disabled() ||
|
||||||
can_reach_dir_port;
|
can_reach_dir_port;
|
||||||
@ -1115,7 +1115,8 @@ int
|
|||||||
server_mode(const or_options_t *options)
|
server_mode(const or_options_t *options)
|
||||||
{
|
{
|
||||||
if (options->ClientOnly) return 0;
|
if (options->ClientOnly) return 0;
|
||||||
return (options->ORPort || options->ORListenAddress);
|
/* XXXX024 I believe we can kill off ORListenAddress here.*/
|
||||||
|
return (options->ORPort_set || options->ORListenAddress);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Return true iff we are trying to be a non-bridge server.
|
/** Return true iff we are trying to be a non-bridge server.
|
||||||
|
@ -962,7 +962,7 @@ router_parse_runningrouters(const char *str)
|
|||||||
|
|
||||||
/* Now that we know the signature is okay, and we have a
|
/* Now that we know the signature is okay, and we have a
|
||||||
* publication time, cache the list. */
|
* publication time, cache the list. */
|
||||||
if (get_options()->DirPort && !authdir_mode_v1(get_options()))
|
if (get_options()->DirPort_set && !authdir_mode_v1(get_options()))
|
||||||
dirserv_set_cached_directory(str, published_on, 1);
|
dirserv_set_cached_directory(str, published_on, 1);
|
||||||
|
|
||||||
r = 0;
|
r = 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user