Back to index

tor  0.2.3.18-rc
Public Types | Public Attributes
or_options_t Struct Reference

Configuration options for a Tor process. More...

#include <or.h>

Collaboration diagram for or_options_t:
Collaboration graph
[legend]

List of all members.

Public Types

enum  {
  CMD_RUN_TOR = 0, CMD_LIST_FINGERPRINT, CMD_HASH_PASSWORD, CMD_VERIFY_CONFIG,
  CMD_RUN_UNITTESTS
}
 What should the tor process actually do? More...
enum  { SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE }

Public Attributes

uint32_t _magic
enum or_options_t:: { ... }  command
 What should the tor process actually do?
const char * command_arg
 Argument for command-line option.
config_line_tLogs
 New-style list of configuration lines for logs.
int LogTimeGranularity
 Log resolution in milliseconds.
int LogMessageDomains
 Boolean: Should we log the domain(s) in which each log message occurs?
char * DebugLogFile
 Where to send verbose log messages.
char * DataDirectory
 OR only: where to store long-term data.
char * Nickname
 OR only: nickname of this onion router.
char * Address
 OR only: configured address for this onion router.
char * PidFile
 Where to store PID of Tor process.
int DynamicDHGroups
 Dynamic generation of prime moduli for use in DH.
routerset_tExitNodes
 Structure containing nicknames, digests, country codes and IP address patterns of ORs to consider as exits.
routerset_tEntryNodes
 Structure containing nicknames, digests, country codes and IP address patterns of ORs to consider as entry points.
int StrictNodes
 Boolean: When none of our EntryNodes or ExitNodes are up, or we need to access a node in ExcludeNodes, do we just fail instead?
routerset_tExcludeNodes
 Structure containing nicknames, digests, country codes and IP address patterns of ORs not to use in circuits.
routerset_tExcludeExitNodes
 Structure containing nicknames, digests, country codes and IP address patterns of ORs not to consider as exits.
routerset_t_ExcludeExitNodesUnion
 Union of ExcludeNodes and ExcludeExitNodes.
int DisableAllSwap
 Boolean: Attempt to call mlockall() on our process for all current and future memory.
smartlist_tAllowInvalidNodes
 List of "entry", "middle", "exit", "introduction", "rendezvous".
invalid_router_usage_t _AllowInvalid
 Bitmask; derived from AllowInvalidNodes.
config_line_tExitPolicy
 Lists of exit policy components.
int ExitPolicyRejectPrivate
 Should we not exit to local addresses?
config_line_tSocksPolicy
 Lists of socks policy components.
config_line_tDirPolicy
 Lists of dir policy components.
config_line_tSocksListenAddress
 Addresses to bind for listening for SOCKS connections.
config_line_tTransListenAddress
 Addresses to bind for listening for transparent pf/netfilter connections.
config_line_tNATDListenAddress
 Addresses to bind for listening for transparent natd connections.
config_line_tDNSListenAddress
 Addresses to bind for listening for SOCKS connections.
config_line_tORListenAddress
 Addresses to bind for listening for OR connections.
config_line_tDirListenAddress
 Addresses to bind for listening for directory connections.
config_line_tControlListenAddress
 Addresses to bind for listening for control connections.
char * OutboundBindAddress
 Local address to bind outbound sockets.
config_line_tRecommendedVersions
 Directory server only: which versions of Tor should we tell users to run?
config_line_tRecommendedClientVersions
config_line_tRecommendedServerVersions
int DirAllowPrivateAddresses
 Whether dirservers refuse router descriptors with private IPs.
char * User
 Name of user to run Tor as.
char * Group
 Name of group to run Tor as.
config_line_tORPort
 Ports to listen on for OR connections.
config_line_tSocksPort
 Ports to listen on for SOCKS connections.
config_line_tTransPort
 Ports to listen on for transparent pf/netfilter connections.
config_line_tNATDPort
 Ports to listen on for transparent natd connections.
config_line_tControlPort
 Port to listen on for control connections.
config_line_tControlSocket
 List of Unix Domain Sockets to listen on for control connections.
int ControlSocketsGroupWritable
 Boolean: Are control sockets g+rw?
config_line_tDirPort
 Port to listen on for directory connections.
config_line_tDNSPort
 Port to listen on for DNS requests.
int AssumeReachable
 Whether to publish our descriptor regardless.
int AuthoritativeDir
 Boolean: is this an authoritative directory?
int V1AuthoritativeDir
 Boolean: is this an authoritative directory for version 1 directories?
int V2AuthoritativeDir
 Boolean: is this an authoritative directory for version 2 directories?
int V3AuthoritativeDir
 Boolean: is this an authoritative directory for version 3 directories?
int HSAuthoritativeDir
 Boolean: does this an authoritative directory handle hidden service requests?
int NamingAuthoritativeDir
 Boolean: is this an authoritative directory that's willing to bind names?
int VersioningAuthoritativeDir
 Boolean: is this an authoritative directory that's willing to recommend versions?
int BridgeAuthoritativeDir
 Boolean: is this an authoritative directory that aggregates bridge descriptors?
char * BridgePassword
 If set on a bridge authority, it will answer requests on its dirport for bridge statuses -- but only if the requests use this password.
char * _BridgePassword_AuthDigest
 If BridgePassword is set, this is a SHA256 digest of the basic http authenticator for it.
int UseBridges
 Boolean: should we start all circuits with a bridge?
config_line_tBridges
 List of bootstrap bridge addresses.
config_line_tClientTransportPlugin
 List of client transport plugins.
config_line_tServerTransportPlugin
 List of client transport plugins.
int BridgeRelay
 Boolean: are we acting as a bridge relay? We make this explicit so we can change how we behave in the future.
int UpdateBridgesFromAuthority
 Boolean: if we know the bridge's digest, should we get new descriptors from the bridge authorities or from the bridge itself?
int AvoidDiskWrites
 Boolean: should we never cache things to disk? Not used yet.
int ClientOnly
 Boolean: should we never evolve into a server role?
smartlist_tPublishServerDescriptor
 To what authority types do we publish our descriptor? Choices are "v1", "v2", "v3", "bridge", or "".
dirinfo_type_t _PublishServerDescriptor
 A bitfield of authority types, derived from PublishServerDescriptor.
int PublishHidServDescriptors
 Boolean: do we publish hidden service descriptors to the HS auths?
int FetchServerDescriptors
 Do we fetch server descriptors as normal?
int FetchHidServDescriptors
 and hidden service descriptors?
int FetchV2Networkstatus
 Do we fetch v2 networkstatus documents when we don't need to?
int HidServDirectoryV2
 Do we participate in the HS DHT?
int VoteOnHidServDirectoriesV2
 As a directory authority, vote on assignment of the HSDir flag?
int MinUptimeHidServDirectoryV2
 As directory authority, accept hidden service directories after what time?
int FetchUselessDescriptors
 Do we fetch non-running descriptors too?
int AllDirActionsPrivate
 Should every directory action be sent through a Tor circuit?
int Tor2webMode
 Run in 'tor2web mode'? (I.e.
int CloseHSClientCircuitsImmediatelyOnTimeout
 Close hidden service client circuits immediately when they reach the normal circuit-build timeout, even if they have already sent an INTRODUCE1 cell on its way to the service.
int CloseHSServiceRendCircuitsImmediatelyOnTimeout
 Close hidden-service-side rendezvous circuits immediately when they reach the normal circuit-build timeout.
int ConnLimit
 Demanded minimum number of simultaneous connections.
int _ConnLimit
 Maximum allowed number of simultaneous connections.
int RunAsDaemon
 If true, run in the background.
int FascistFirewall
 Whether to prefer ORs reachable on open ports.
smartlist_tFirewallPorts
 Which ports our firewall allows (strings).
config_line_tReachableAddresses
 IP:ports our firewall allows.
config_line_tReachableORAddresses
 IP:ports for OR conns.
config_line_tReachableDirAddresses
 IP:ports for Dir conns.
int ConstrainedSockets
 Shrink xmit and recv socket buffers.
uint64_t ConstrainedSockSize
 Size of constrained buffers.
int RefuseUnknownExits
 Whether we should drop exit streams from Tors that we don't know are relays.
smartlist_tLongLivedPorts
 Application ports that require all nodes in circ to have sufficient uptime.
smartlist_tRejectPlaintextPorts
 Application ports that are likely to be unencrypted and unauthenticated; we reject requests for them to prevent the user from screwing up and leaking plaintext secrets to an observer somewhere on the Internet.
smartlist_tWarnPlaintextPorts
 Related to RejectPlaintextPorts above, except this config option controls whether we warn (in the log and via a controller status event) every time a risky connection is attempted.
smartlist_tTrackHostExits
 Should we try to reuse the same exit node for a given host.
int TrackHostExitsExpire
 Number of seconds until we expire an addressmap.
config_line_tAddressMap
 List of address map directives.
int AutomapHostsOnResolve
 If true, when we get a resolve request for a hostname ending with one of the suffixes in AutomapHostsSuffixes, map it to a virtual address.
smartlist_tAutomapHostsSuffixes
 List of suffixes for AutomapHostsOnResolve.
int RendPostPeriod
 How often do we post each rendezvous service descriptor? Remember to publish them independently.
int KeepalivePeriod
 How often do we send padding cells to keep connections alive?
int SocksTimeout
 How long do we let a socks connection wait unattached before we fail it?
int LearnCircuitBuildTimeout
 If non-zero, we attempt to learn a value for CircuitBuildTimeout based on timeout history.
int CircuitBuildTimeout
 Cull non-open circuits that were born at least this many seconds ago.
int CircuitIdleTimeout
 Cull open clean circuits that were born at least this many seconds ago.
int CircuitStreamTimeout
 If non-zero, detach streams from circuits and try a new circuit if the stream has been waiting for this many seconds.
int MaxOnionsPending
 How many circuit CREATE requests do we allow to wait simultaneously before we start dropping them?
int NewCircuitPeriod
 How long do we use a circuit before building a new one?
int MaxCircuitDirtiness
 Never use circs that were first used more than this interval ago.
uint64_t BandwidthRate
 How much bandwidth, on average, are we willing to use in a second?
uint64_t BandwidthBurst
 How much bandwidth, at maximum, are we willing to use in a second?
uint64_t MaxAdvertisedBandwidth
 How much bandwidth are we willing to tell people we have?
uint64_t RelayBandwidthRate
 How much bandwidth, on average, are we willing to use for all relayed conns?
uint64_t RelayBandwidthBurst
 How much bandwidth, at maximum, will we use in a second for all relayed conns?
uint64_t PerConnBWRate
 Long-term bw on a single TLS conn, if set.
uint64_t PerConnBWBurst
 Allowed burst on a single TLS conn, if set.
int NumCPUs
 How many CPUs should we try to use?
config_line_tRendConfigLines
 List of configuration lines for rendezvous services.
config_line_tHidServAuth
 List of configuration lines for client-side authorizations for hidden services.
char * ContactInfo
 Contact info to be published in the directory.
int HeartbeatPeriod
 Log heartbeat messages after this many seconds have passed.
char * HTTPProxy
 hostname[:port] to use as http proxy, if any.
tor_addr_t HTTPProxyAddr
 Parsed IPv4 addr for http proxy, if any.
uint16_t HTTPProxyPort
 Parsed port for http proxy, if any.
char * HTTPProxyAuthenticator
 username:password string, if any.
char * HTTPSProxy
 hostname[:port] to use as https proxy, if any.
tor_addr_t HTTPSProxyAddr
 Parsed addr for https proxy, if any.
uint16_t HTTPSProxyPort
 Parsed port for https proxy, if any.
char * HTTPSProxyAuthenticator
 username:password string, if any.
char * Socks4Proxy
 hostname:port to use as a SOCKS4 proxy, if any.
tor_addr_t Socks4ProxyAddr
 Derived from Socks4Proxy.
uint16_t Socks4ProxyPort
 Derived from Socks4Proxy.
char * Socks5Proxy
 hostname:port to use as a SOCKS5 proxy, if any.
tor_addr_t Socks5ProxyAddr
 Derived from Sock5Proxy.
uint16_t Socks5ProxyPort
 Derived from Socks5Proxy.
char * Socks5ProxyUsername
 Username for SOCKS5 authentication, if any.
char * Socks5ProxyPassword
 Password for SOCKS5 authentication, if any.
config_line_tDirServers
 List of configuration lines for replacement directory authorities.
config_line_tAlternateDirAuthority
 If set, use these main (currently v3) directory authorities and not the default ones.
config_line_tAlternateBridgeAuthority
 If set, use these bridge authorities and not the default one.
config_line_tAlternateHSAuthority
 If set, use these HS authorities and not the default ones.
char * MyFamily
 Declared family for this OR.
config_line_tNodeFamilies
 List of config lines for node families.
smartlist_tNodeFamilySets
 List of parsed NodeFamilies values.
config_line_tAuthDirBadDir
 Address policy for descriptors to mark as bad dir mirrors.
config_line_tAuthDirBadExit
 Address policy for descriptors to mark as bad exits.
config_line_tAuthDirReject
 Address policy for descriptors to reject.
config_line_tAuthDirInvalid
 Address policy for descriptors to never mark as valid.
int AuthDirListBadDirs
 True iff we should list bad dirs, and vote for all other dir mirrors as good.
int AuthDirListBadExits
 True iff we should list bad exits, and vote for all other exits as good.
int AuthDirRejectUnlisted
 Boolean: do we reject all routers that aren't named in our fingerprint file?
int AuthDirMaxServersPerAddr
 Do not permit more than this number of servers per IP address.
int AuthDirMaxServersPerAuthAddr
 Do not permit more than this number of servers per IP address shared with an authority.
uint64_t AuthDirFastGuarantee
 If non-zero, always vote the Fast flag for any relay advertising this amount of capacity or more.
uint64_t AuthDirGuardBWGuarantee
 If non-zero, this advertised capacity or more is always sufficient to satisfy the bandwidth requirement for the Guard flag.
char * AccountingStart
 How long is the accounting interval, and when does it start?
uint64_t AccountingMax
 How many bytes do we allow per accounting interval before hibernation? 0 for "never hibernate.
config_line_tHashedControlPassword
 Base64-encoded hash of accepted passwords for the control system.
config_line_tHashedControlSessionPassword
 As HashedControlPassword, but not saved.
int CookieAuthentication
 Boolean: do we enable cookie-based auth for the control system?
char * CookieAuthFile
 Location of a cookie authentication file.
int CookieAuthFileGroupReadable
 Boolean: Is the CookieAuthFile g+r?
int LeaveStreamsUnattached
 Boolean: Does Tor attach new streams to circuits itself (0), or does it expect a controller to cope? (1)
int DisablePredictedCircuits
 Boolean: does Tor preemptively make circuits in the background (0), or not (1)?
char * OwningControllerProcess
 Process specifier for a controller that ‘owns’ this Tor instance.
int ShutdownWaitLength
 When we get a SIGINT and we're a server, how long do we wait before exiting?
char * SafeLogging
 Contains "relay", "1", "0" (meaning no scrubbing).
enum or_options_t:: { ... }  _SafeLogging
int SafeSocks
 Boolean: should we outright refuse application connections that use socks4 or socks5-with-local-dns?
int ProtocolWarnings
 Boolean: when other parties screw up the Tor protocol, is it a warn or an info in our logs?
int TestSocks
 Boolean: when we get a socks connection, do we loudly log whether it was DNS-leaking or not?
int HardwareAccel
 Boolean: Should we enable OpenSSL hardware acceleration where available?
int TokenBucketRefillInterval
 Token Bucket Refill resolution in milliseconds.
char * AccelName
 Optional hardware acceleration engine name.
char * AccelDir
 Optional hardware acceleration engine search dir.
int UseEntryGuards
 Boolean: Do we try to enter from a smallish number of fixed nodes?
int NumEntryGuards
 How many entry guards do we try to establish?
int RephistTrackTime
 How many seconds do we keep rephist info?
int FastFirstHopPK
 If Tor believes it is safe, should we save a third of our PK time by sending CREATE_FAST cells?
int FetchDirInfoEarly
 Should we always fetch our dir info on the mirror schedule (which means directly from the authorities) no matter our other config?
int FetchDirInfoExtraEarly
 Should we fetch our dir info at the start of the consensus period?
char * VirtualAddrNetwork
 Address and mask to hand out for virtual MAPADDRESS requests.
int ServerDNSSearchDomains
 Boolean: If set, we don't force exit addresses to be FQDNs, but rather search for them in the local domains.
int ServerDNSDetectHijacking
 Boolean: If true, check for DNS failure hijacking.
int ServerDNSRandomizeCase
 Boolean: Use the 0x20-hack to prevent DNS poisoning attacks.
char * ServerDNSResolvConfFile
 If provided, we configure our internal resolver from the file here rather than from /etc/resolv.conf (Unix) or the registry (Windows).
char * DirPortFrontPage
 This is a full path to a file with an html disclaimer.
int DisableDebuggerAttachment
 Currently Linux only specific attempt to disable ptrace; needs BSD testing.
int ServerDNSAllowBrokenConfig
 Boolean: if set, we start even if our resolv.conf file is missing or broken.
int CountPrivateBandwidth
 Boolean: if set, then even connections to private addresses will get rate-limited.
smartlist_tServerDNSTestAddresses
 A list of addresses that definitely should be resolvable.
int EnforceDistinctSubnets
 If true, don't allow multiple routers in the same network zone in the same circuit.
int TunnelDirConns
 If true, use BEGIN_DIR rather than BEGIN when possible.
int PreferTunneledDirConns
 If true, avoid dirservers that don't support BEGIN_DIR, when possible.
int PortForwarding
 If true, use NAT-PMP or UPnP to automatically forward the DirPort and ORPort on the NAT device.
char * PortForwardingHelper
int AllowNonRFC953Hostnames
 < Filename or full path of the port forwarding helper executable
int ServerDNSAllowNonRFC953Hostnames
 If true, we try resolving hostnames with weird characters.
int DownloadExtraInfo
 If true, we try to download extra-info documents (and we serve them, if we are a cache).
int AllowSingleHopExits
 If true, and we are acting as a relay, allow exit circuits even when we are the first hop of a circuit.
int ExcludeSingleHopRelays
 If true, don't allow relays with AllowSingleHopExits=1 to be used in circuits that we build.
int AllowSingleHopCircuits
 If true, and the controller tells us to use a one-hop circuit, and the exit allows it, we use it.
int AllowDotExit
 If true, we convert "www.google.com.foo.exit" addresses on the socks/trans/natd ports into "www.google.com" addresses that exit from the node "foo".
int WarnUnsafeSocks
 If true, we will warn if a user gives us only an IP address instead of a hostname.
int DirReqStatistics
 If true, the user wants us to collect statistics on clients requesting network statuses from us as directory.
int ExitPortStatistics
 If true, the user wants us to collect statistics on port usage.
int ConnDirectionStatistics
 If true, the user wants us to collect connection statistics.
int CellStatistics
 If true, the user wants us to collect cell statistics.
int EntryStatistics
 If true, the user wants us to collect statistics as entry node.
int ExtraInfoStatistics
 If true, include statistics file contents in extra-info documents.
int ClientDNSRejectInternalAddresses
 If true, do not believe anybody who tells us that a domain resolves to an internal address, or that an internal address has a PTR mapping.
int ClientRejectInternalAddresses
 If true, do not accept any requests to connect to internal addresses over randomly chosen exits.
int V3AuthVotingInterval
 The length of time that we think a consensus should be fresh.
int V3AuthVoteDelay
 The length of time we think it will take to distribute votes.
int V3AuthDistDelay
 The length of time we think it will take to distribute signatures.
int V3AuthNIntervalsValid
 The number of intervals we think a consensus should be valid.
int V3AuthUseLegacyKey
 Should advertise and sign consensuses with a legacy key, for key migration purposes?
char * V3BandwidthsFile
 Location of bandwidth measurement file.
char * ConsensusParams
 Authority only: key=value pairs that we add to our networkstatus consensus vote on the 'params' line.
int TestingV3AuthInitialVotingInterval
 The length of time that we think an initial consensus should be fresh.
int TestingV3AuthInitialVoteDelay
 The length of time we think it will take to distribute initial votes.
int TestingV3AuthInitialDistDelay
 The length of time we think it will take to distribute initial signatures.
int TestingAuthDirTimeToLearnReachability
 If an authority has been around for less than this amount of time, it does not believe its reachability information is accurate.
int TestingEstimatedDescriptorPropagationTime
 Clients don't download any descriptor this recent, since it will probably not have propagated to enough caches.
int TestingTorNetwork
 If true, we take part in a testing network.
char * FallbackNetworkstatusFile
 File to check for a consensus networkstatus, if we don't have one cached.
int BridgeRecordUsageByCountry
 If true, and we have GeoIP data, and we're a bridge, keep a per-country count of how many client addresses have contacted us so that we can help the bridge authority guess which countries have blocked access to us.
char * GeoIPFile
 Optionally, a file with GeoIP data.
int ReloadTorrcOnSIGHUP
 If true, SIGHUP should reload the torrc.
double CircuitPriorityHalflife
int DisableIOCP
 If true, do not enable IOCP on windows with bufferevents, even if we think we could.
int _UseFilteringSSLBufferevents
 For testing only: will go away in 0.2.3.x.
int _UsingTestNetworkDefaults
 Set to true if the TestingTorNetwork configuration option is set.
int UseMicrodescriptors
 If 1, we try to use microdescriptors to build circuits.
char * ControlPortWriteToFile
 File where we should write the ControlPort.
int ControlPortFileGroupReadable
 Should that file be group-readable?
int MaxClientCircuitsPending
 Maximum number of non-open general-purpose origin circuits to allow at once.
int OptimisticData
 If 1, we always send optimistic data when it's supported.
int UserspaceIOCPBuffers
 If 1, and we are using IOCP, we set the kernel socket SNDBUF and RCVBUF to 0 to try to save kernel memory and avoid the dread "Out of buffers" issue.
int DisableNetwork
 If 1, we accept and launch no external network connections, except on control ports.
AuthDir...CC

Lists of country codes to mark as BadDir, BadExit, or Invalid, or to reject entirely.

smartlist_tAuthDirBadDirCCs
smartlist_tAuthDirBadExitCCs
smartlist_tAuthDirInvalidCCs
smartlist_tAuthDirRejectCCs
int PathBiasCircThreshold
 Parameters for path-bias detection.
double PathBiasNoticeRate
double PathBiasDisableRate
int PathBiasScaleThreshold
int PathBiasScaleFactor

Detailed Description

Configuration options for a Tor process.

Definition at line 2933 of file or.h.


Member Enumeration Documentation

anonymous enum

What should the tor process actually do?

Enumerator:
CMD_RUN_TOR 
CMD_LIST_FINGERPRINT 
CMD_HASH_PASSWORD 
CMD_VERIFY_CONFIG 
CMD_RUN_UNITTESTS 

Definition at line 2937 of file or.h.

anonymous enum
Enumerator:
SAFELOG_SCRUB_ALL 
SAFELOG_SCRUB_RELAY 
SAFELOG_SCRUB_NONE 

Definition at line 3311 of file or.h.


Member Data Documentation

Bitmask; derived from AllowInvalidNodes.

Definition at line 2984 of file or.h.

If BridgePassword is set, this is a SHA256 digest of the basic http authenticator for it.

Used so we can do a time-independent comparison.

Definition at line 3051 of file or.h.

Maximum allowed number of simultaneous connections.

Definition at line 3110 of file or.h.

Union of ExcludeNodes and ExcludeExitNodes.

Definition at line 2976 of file or.h.

Definition at line 2934 of file or.h.

A bitfield of authority types, derived from PublishServerDescriptor.

Definition at line 3077 of file or.h.

For testing only: will go away in 0.2.3.x.

Definition at line 3519 of file or.h.

Set to true if the TestingTorNetwork configuration option is set.

This is used so that options_validate() has a chance to realize that the defaults have changed.

Definition at line 3524 of file or.h.

Optional hardware acceleration engine search dir.

Definition at line 3328 of file or.h.

Optional hardware acceleration engine name.

Definition at line 3327 of file or.h.

How many bytes do we allow per accounting interval before hibernation? 0 for "never hibernate.

"

Definition at line 3282 of file or.h.

How long is the accounting interval, and when does it start?

Definition at line 3280 of file or.h.

OR only: configured address for this onion router.

Definition at line 2953 of file or.h.

List of address map directives.

Definition at line 3144 of file or.h.

Should every directory action be sent through a Tor circuit?

Definition at line 3092 of file or.h.

If true, we convert "www.google.com.foo.exit" addresses on the socks/trans/natd ports into "www.google.com" addresses that exit from the node "foo".

Disabled by default since attacking websites and exit relays can use it to manipulate your path selection.

Definition at line 3403 of file or.h.

List of "entry", "middle", "exit", "introduction", "rendezvous".

Definition at line 2982 of file or.h.

< Filename or full path of the port forwarding helper executable

If true, we allow connections to hostnames with weird characters.

Definition at line 3379 of file or.h.

If true, and the controller tells us to use a one-hop circuit, and the exit allows it, we use it.

Definition at line 3396 of file or.h.

If true, and we are acting as a relay, allow exit circuits even when we are the first hop of a circuit.

Definition at line 3390 of file or.h.

If set, use these bridge authorities and not the default one.

Definition at line 3230 of file or.h.

If set, use these main (currently v3) directory authorities and not the default ones.

Definition at line 3227 of file or.h.

If set, use these HS authorities and not the default ones.

Definition at line 3233 of file or.h.

Whether to publish our descriptor regardless.

Definition at line 3028 of file or.h.

Address policy for descriptors to mark as bad dir mirrors.

Definition at line 3239 of file or.h.

Definition at line 3254 of file or.h.

Address policy for descriptors to mark as bad exits.

Definition at line 3241 of file or.h.

Definition at line 3255 of file or.h.

If non-zero, always vote the Fast flag for any relay advertising this amount of capacity or more.

Definition at line 3274 of file or.h.

If non-zero, this advertised capacity or more is always sufficient to satisfy the bandwidth requirement for the Guard flag.

Definition at line 3278 of file or.h.

Address policy for descriptors to never mark as valid.

Definition at line 3245 of file or.h.

Definition at line 3256 of file or.h.

True iff we should list bad dirs, and vote for all other dir mirrors as good.

Definition at line 3260 of file or.h.

True iff we should list bad exits, and vote for all other exits as good.

Definition at line 3262 of file or.h.

Do not permit more than this number of servers per IP address.

Definition at line 3266 of file or.h.

Do not permit more than this number of servers per IP address shared with an authority.

Definition at line 3268 of file or.h.

Address policy for descriptors to reject.

Definition at line 3243 of file or.h.

Definition at line 3257 of file or.h.

Boolean: do we reject all routers that aren't named in our fingerprint file?

Definition at line 3264 of file or.h.

Boolean: is this an authoritative directory?

Definition at line 3029 of file or.h.

If true, when we get a resolve request for a hostname ending with one of the suffixes in AutomapHostsSuffixes, map it to a virtual address.

Definition at line 3145 of file or.h.

List of suffixes for AutomapHostsOnResolve.

Definition at line 3149 of file or.h.

Boolean: should we never cache things to disk? Not used yet.

Definition at line 3070 of file or.h.

How much bandwidth, at maximum, are we willing to use in a second?

Definition at line 3178 of file or.h.

How much bandwidth, on average, are we willing to use in a second?

Definition at line 3176 of file or.h.

Boolean: is this an authoritative directory that aggregates bridge descriptors?

Definition at line 3043 of file or.h.

If set on a bridge authority, it will answer requests on its dirport for bridge statuses -- but only if the requests use this password.

Definition at line 3048 of file or.h.

If true, and we have GeoIP data, and we're a bridge, keep a per-country count of how many client addresses have contacted us so that we can help the bridge authority guess which countries have blocked access to us.

Definition at line 3491 of file or.h.

Boolean: are we acting as a bridge relay? We make this explicit so we can change how we behave in the future.

Definition at line 3062 of file or.h.

List of bootstrap bridge addresses.

Definition at line 3054 of file or.h.

If true, the user wants us to collect cell statistics.

Definition at line 3420 of file or.h.

Cull non-open circuits that were born at least this many seconds ago.

Used until adaptive algorithm learns a new value.

Definition at line 3160 of file or.h.

Cull open clean circuits that were born at least this many seconds ago.

Definition at line 3163 of file or.h.

Definition at line 3513 of file or.h.

If non-zero, detach streams from circuits and try a new circuit if the stream has been waiting for this many seconds.

If zero, use our default internal timeout schedule.

Definition at line 3165 of file or.h.

If true, do not believe anybody who tells us that a domain resolves to an internal address, or that an internal address has a PTR mapping.

Helps avoid some cross-site attacks.

Definition at line 3431 of file or.h.

Boolean: should we never evolve into a server role?

Definition at line 3072 of file or.h.

If true, do not accept any requests to connect to internal addresses over randomly chosen exits.

Definition at line 3435 of file or.h.

List of client transport plugins.

Definition at line 3056 of file or.h.

Close hidden service client circuits immediately when they reach the normal circuit-build timeout, even if they have already sent an INTRODUCE1 cell on its way to the service.

Definition at line 3103 of file or.h.

Close hidden-service-side rendezvous circuits immediately when they reach the normal circuit-build timeout.

Definition at line 3107 of file or.h.

enum { ... } or_options_t::command

What should the tor process actually do?

Argument for command-line option.

Definition at line 2941 of file or.h.

If true, the user wants us to collect connection statistics.

Definition at line 3417 of file or.h.

Demanded minimum number of simultaneous connections.

Definition at line 3109 of file or.h.

Authority only: key=value pairs that we add to our networkstatus consensus vote on the 'params' line.

Definition at line 3455 of file or.h.

Shrink xmit and recv socket buffers.

Definition at line 3119 of file or.h.

Size of constrained buffers.

Definition at line 3120 of file or.h.

Contact info to be published in the directory.

Definition at line 3195 of file or.h.

Addresses to bind for listening for control connections.

Definition at line 3003 of file or.h.

Port to listen on for control connections.

Definition at line 3021 of file or.h.

Should that file be group-readable?

Definition at line 3533 of file or.h.

File where we should write the ControlPort.

Definition at line 3531 of file or.h.

List of Unix Domain Sockets to listen on for control connections.

Definition at line 3023 of file or.h.

Boolean: Are control sockets g+rw?

Definition at line 3025 of file or.h.

Boolean: do we enable cookie-based auth for the control system?

Definition at line 3291 of file or.h.

Location of a cookie authentication file.

Definition at line 3293 of file or.h.

Boolean: Is the CookieAuthFile g+r?

Definition at line 3294 of file or.h.

Boolean: if set, then even connections to private addresses will get rate-limited.

Definition at line 3365 of file or.h.

OR only: where to store long-term data.

Definition at line 2951 of file or.h.

Where to send verbose log messages.

Definition at line 2950 of file or.h.

Whether dirservers refuse router descriptors with private IPs.

Definition at line 3012 of file or.h.

Addresses to bind for listening for directory connections.

Definition at line 3001 of file or.h.

Lists of dir policy components.

Definition at line 2988 of file or.h.

Port to listen on for directory connections.

Definition at line 3026 of file or.h.

This is a full path to a file with an html disclaimer.

This allows a server administrator to show that they're running Tor and anyone visiting their server will know this without any specialized knowledge.

Definition at line 3354 of file or.h.

If true, the user wants us to collect statistics on clients requesting network statuses from us as directory.

Definition at line 3411 of file or.h.

List of configuration lines for replacement directory authorities.

If you just want to replace one class of authority at a time, use the "Alternate*Authority" options below instead.

Definition at line 3223 of file or.h.

Boolean: Attempt to call mlockall() on our process for all current and future memory.

Definition at line 2978 of file or.h.

Currently Linux only specific attempt to disable ptrace; needs BSD testing.

Definition at line 3358 of file or.h.

If true, do not enable IOCP on windows with bufferevents, even if we think we could.

Definition at line 3517 of file or.h.

If 1, we accept and launch no external network connections, except on control ports.

Definition at line 3551 of file or.h.

Boolean: does Tor preemptively make circuits in the background (0), or not (1)?

Definition at line 3298 of file or.h.

Addresses to bind for listening for SOCKS connections.

Definition at line 2997 of file or.h.

Port to listen on for DNS requests.

Definition at line 3027 of file or.h.

If true, we try to download extra-info documents (and we serve them, if we are a cache).

For authorities, this is always true.

Definition at line 3386 of file or.h.

Dynamic generation of prime moduli for use in DH.

Definition at line 2956 of file or.h.

If true, don't allow multiple routers in the same network zone in the same circuit.

Definition at line 3369 of file or.h.

Structure containing nicknames, digests, country codes and IP address patterns of ORs to consider as entry points.

Definition at line 2961 of file or.h.

If true, the user wants us to collect statistics as entry node.

Definition at line 3423 of file or.h.

Structure containing nicknames, digests, country codes and IP address patterns of ORs not to consider as exits.

Definition at line 2971 of file or.h.

Structure containing nicknames, digests, country codes and IP address patterns of ORs not to use in circuits.

But see StrictNodes above.

Definition at line 2967 of file or.h.

If true, don't allow relays with AllowSingleHopExits=1 to be used in circuits that we build.

Definition at line 3393 of file or.h.

Structure containing nicknames, digests, country codes and IP address patterns of ORs to consider as exits.

Definition at line 2958 of file or.h.

Lists of exit policy components.

Definition at line 2985 of file or.h.

Should we not exit to local addresses?

Definition at line 2986 of file or.h.

If true, the user wants us to collect statistics on port usage.

Definition at line 3414 of file or.h.

If true, include statistics file contents in extra-info documents.

Definition at line 3426 of file or.h.

File to check for a consensus networkstatus, if we don't have one cached.

Definition at line 3486 of file or.h.

Whether to prefer ORs reachable on open ports.

Definition at line 3112 of file or.h.

If Tor believes it is safe, should we save a third of our PK time by sending CREATE_FAST cells?

Definition at line 3333 of file or.h.

Should we always fetch our dir info on the mirror schedule (which means directly from the authorities) no matter our other config?

Definition at line 3337 of file or.h.

Should we fetch our dir info at the start of the consensus period?

Definition at line 3340 of file or.h.

and hidden service descriptors?

Definition at line 3081 of file or.h.

Do we fetch server descriptors as normal?

Definition at line 3080 of file or.h.

Do we fetch non-running descriptors too?

Definition at line 3091 of file or.h.

Do we fetch v2 networkstatus documents when we don't need to?

Definition at line 3082 of file or.h.

Which ports our firewall allows (strings).

Definition at line 3113 of file or.h.

Optionally, a file with GeoIP data.

Definition at line 3494 of file or.h.

Name of group to run Tor as.

Definition at line 3014 of file or.h.

Boolean: Should we enable OpenSSL hardware acceleration where available?

Definition at line 3323 of file or.h.

Base64-encoded hash of accepted passwords for the control system.

Definition at line 3287 of file or.h.

As HashedControlPassword, but not saved.

Definition at line 3289 of file or.h.

Log heartbeat messages after this many seconds have passed.

Definition at line 3197 of file or.h.

List of configuration lines for client-side authorizations for hidden services.

Definition at line 3193 of file or.h.

Do we participate in the HS DHT?

Definition at line 3084 of file or.h.

Boolean: does this an authoritative directory handle hidden service requests?

Definition at line 3036 of file or.h.

hostname[:port] to use as http proxy, if any.

Definition at line 3200 of file or.h.

Parsed IPv4 addr for http proxy, if any.

Definition at line 3201 of file or.h.

username:password string, if any.

Definition at line 3203 of file or.h.

Parsed port for http proxy, if any.

Definition at line 3202 of file or.h.

hostname[:port] to use as https proxy, if any.

Definition at line 3205 of file or.h.

Parsed addr for https proxy, if any.

Definition at line 3206 of file or.h.

username:password string, if any.

Definition at line 3208 of file or.h.

Parsed port for https proxy, if any.

Definition at line 3207 of file or.h.

How often do we send padding cells to keep connections alive?

Definition at line 3153 of file or.h.

If non-zero, we attempt to learn a value for CircuitBuildTimeout based on timeout history.

Definition at line 3157 of file or.h.

Boolean: Does Tor attach new streams to circuits itself (0), or does it expect a controller to cope? (1)

Definition at line 3295 of file or.h.

Boolean: Should we log the domain(s) in which each log message occurs?

Definition at line 2947 of file or.h.

New-style list of configuration lines for logs.

Definition at line 2943 of file or.h.

Log resolution in milliseconds.

Definition at line 2945 of file or.h.

Application ports that require all nodes in circ to have sufficient uptime.

Definition at line 3130 of file or.h.

How much bandwidth are we willing to tell people we have?

Definition at line 3180 of file or.h.

Never use circs that were first used more than this interval ago.

Definition at line 3174 of file or.h.

Maximum number of non-open general-purpose origin circuits to allow at once.

Definition at line 3538 of file or.h.

How many circuit CREATE requests do we allow to wait simultaneously before we start dropping them?

Definition at line 3169 of file or.h.

As directory authority, accept hidden service directories after what time?

Definition at line 3088 of file or.h.

Declared family for this OR.

Definition at line 3235 of file or.h.

Boolean: is this an authoritative directory that's willing to bind names?

Definition at line 3038 of file or.h.

Addresses to bind for listening for transparent natd connections.

Definition at line 2995 of file or.h.

Ports to listen on for transparent natd connections.

Definition at line 3019 of file or.h.

How long do we use a circuit before building a new one?

Definition at line 3172 of file or.h.

OR only: nickname of this onion router.

Definition at line 2952 of file or.h.

List of config lines for node families.

Definition at line 3236 of file or.h.

List of parsed NodeFamilies values.

Definition at line 3238 of file or.h.

How many CPUs should we try to use?

Definition at line 3188 of file or.h.

How many entry guards do we try to establish?

Definition at line 3331 of file or.h.

If 1, we always send optimistic data when it's supported.

If 0, we never use it. If -1, we do what the consensus says.

Definition at line 3542 of file or.h.

Addresses to bind for listening for OR connections.

Definition at line 2999 of file or.h.

Ports to listen on for OR connections.

Definition at line 3015 of file or.h.

Local address to bind outbound sockets.

Definition at line 3005 of file or.h.

Process specifier for a controller that ‘owns’ this Tor instance.

Tor will terminate if its owning controller does.

Definition at line 3304 of file or.h.

Parameters for path-bias detection.

Definition at line 3557 of file or.h.

Definition at line 3559 of file or.h.

Definition at line 3558 of file or.h.

Definition at line 3561 of file or.h.

Definition at line 3560 of file or.h.

Allowed burst on a single TLS conn, if set.

Definition at line 3187 of file or.h.

Long-term bw on a single TLS conn, if set.

Definition at line 3186 of file or.h.

Where to store PID of Tor process.

Definition at line 2954 of file or.h.

If true, use NAT-PMP or UPnP to automatically forward the DirPort and ORPort on the NAT device.

Definition at line 3375 of file or.h.

Definition at line 3377 of file or.h.

If true, avoid dirservers that don't support BEGIN_DIR, when possible.

Definition at line 3373 of file or.h.

Boolean: when other parties screw up the Tor protocol, is it a warn or an info in our logs?

Definition at line 3319 of file or.h.

Boolean: do we publish hidden service descriptors to the HS auths?

Definition at line 3079 of file or.h.

To what authority types do we publish our descriptor? Choices are "v1", "v2", "v3", "bridge", or "".

Definition at line 3075 of file or.h.

IP:ports our firewall allows.

Definition at line 3115 of file or.h.

IP:ports for Dir conns.

Definition at line 3117 of file or.h.

IP:ports for OR conns.

Definition at line 3116 of file or.h.

Definition at line 3009 of file or.h.

Definition at line 3010 of file or.h.

Directory server only: which versions of Tor should we tell users to run?

Definition at line 3008 of file or.h.

Whether we should drop exit streams from Tors that we don't know are relays.

One of "0" (never refuse), "1" (always refuse), or "-1" (do what the consensus says, defaulting to 'refuse' if the consensus says nothing).

Definition at line 3126 of file or.h.

Application ports that are likely to be unencrypted and unauthenticated; we reject requests for them to prevent the user from screwing up and leaking plaintext secrets to an observer somewhere on the Internet.

Definition at line 3135 of file or.h.

How much bandwidth, at maximum, will we use in a second for all relayed conns?

Definition at line 3184 of file or.h.

How much bandwidth, on average, are we willing to use for all relayed conns?

Definition at line 3182 of file or.h.

If true, SIGHUP should reload the torrc.

Sometimes controllers want to make this false.

Definition at line 3498 of file or.h.

List of configuration lines for rendezvous services.

Definition at line 3191 of file or.h.

How often do we post each rendezvous service descriptor? Remember to publish them independently.

Definition at line 3151 of file or.h.

How many seconds do we keep rephist info?

Definition at line 3332 of file or.h.

If true, run in the background.

(Unix only)

Definition at line 3111 of file or.h.

Contains "relay", "1", "0" (meaning no scrubbing).

Definition at line 3308 of file or.h.

Boolean: should we outright refuse application connections that use socks4 or socks5-with-local-dns?

Definition at line 3315 of file or.h.

Boolean: if set, we start even if our resolv.conf file is missing or broken.

Definition at line 3362 of file or.h.

If true, we try resolving hostnames with weird characters.

Definition at line 3382 of file or.h.

Boolean: If true, check for DNS failure hijacking.

Definition at line 3347 of file or.h.

Boolean: Use the 0x20-hack to prevent DNS poisoning attacks.

Definition at line 3349 of file or.h.

If provided, we configure our internal resolver from the file here rather than from /etc/resolv.conf (Unix) or the registry (Windows).

Definition at line 3351 of file or.h.

Boolean: If set, we don't force exit addresses to be FQDNs, but rather search for them in the local domains.

Definition at line 3344 of file or.h.

A list of addresses that definitely should be resolvable.

Used for testing our DNS server.

Definition at line 3366 of file or.h.

List of client transport plugins.

Definition at line 3059 of file or.h.

When we get a SIGINT and we're a server, how long do we wait before exiting?

Definition at line 3306 of file or.h.

hostname:port to use as a SOCKS4 proxy, if any.

Definition at line 3210 of file or.h.

Derived from Socks4Proxy.

Definition at line 3211 of file or.h.

Derived from Socks4Proxy.

Definition at line 3212 of file or.h.

hostname:port to use as a SOCKS5 proxy, if any.

Definition at line 3214 of file or.h.

Derived from Sock5Proxy.

Definition at line 3215 of file or.h.

Password for SOCKS5 authentication, if any.

Definition at line 3218 of file or.h.

Derived from Socks5Proxy.

Definition at line 3216 of file or.h.

Username for SOCKS5 authentication, if any.

Definition at line 3217 of file or.h.

Addresses to bind for listening for SOCKS connections.

Definition at line 2990 of file or.h.

Lists of socks policy components.

Definition at line 2987 of file or.h.

Ports to listen on for SOCKS connections.

Definition at line 3016 of file or.h.

How long do we let a socks connection wait unattached before we fail it?

Definition at line 3155 of file or.h.

Boolean: When none of our EntryNodes or ExitNodes are up, or we need to access a node in ExcludeNodes, do we just fail instead?

Definition at line 2964 of file or.h.

If an authority has been around for less than this amount of time, it does not believe its reachability information is accurate.

Only altered on testing networks.

Definition at line 3472 of file or.h.

Clients don't download any descriptor this recent, since it will probably not have propagated to enough caches.

Only altered on testing networks.

Definition at line 3477 of file or.h.

If true, we take part in a testing network.

Change the defaults of a couple of other configuration options and allow to change the values of certain configuration options.

Definition at line 3482 of file or.h.

The length of time we think it will take to distribute initial signatures.

Only altered on testing networks.

Definition at line 3467 of file or.h.

The length of time we think it will take to distribute initial votes.

Only altered on testing networks.

Definition at line 3463 of file or.h.

The length of time that we think an initial consensus should be fresh.

Only altered on testing networks.

Definition at line 3459 of file or.h.

Boolean: when we get a socks connection, do we loudly log whether it was DNS-leaking or not?

Definition at line 3321 of file or.h.

Token Bucket Refill resolution in milliseconds.

Definition at line 3326 of file or.h.

Run in 'tor2web mode'? (I.e.

only make client connections to hidden services, and use a single hop for all hidden-service-related circuits.)

Definition at line 3098 of file or.h.

Should we try to reuse the same exit node for a given host.

Definition at line 3141 of file or.h.

Number of seconds until we expire an addressmap.

Definition at line 3142 of file or.h.

Addresses to bind for listening for transparent pf/netfilter connections.

Definition at line 2993 of file or.h.

Ports to listen on for transparent pf/netfilter connections.

Definition at line 3018 of file or.h.

If true, use BEGIN_DIR rather than BEGIN when possible.

Definition at line 3371 of file or.h.

Boolean: if we know the bridge's digest, should we get new descriptors from the bridge authorities or from the bridge itself?

Definition at line 3068 of file or.h.

Boolean: should we start all circuits with a bridge?

Definition at line 3053 of file or.h.

Boolean: Do we try to enter from a smallish number of fixed nodes?

Definition at line 3329 of file or.h.

If 1, we try to use microdescriptors to build circuits.

If 0, we don't. If -1, Tor decides.

Definition at line 3528 of file or.h.

Name of user to run Tor as.

Definition at line 3013 of file or.h.

If 1, and we are using IOCP, we set the kernel socket SNDBUF and RCVBUF to 0 to try to save kernel memory and avoid the dread "Out of buffers" issue.

Definition at line 3547 of file or.h.

Boolean: is this an authoritative directory for version 1 directories?

Definition at line 3030 of file or.h.

Boolean: is this an authoritative directory for version 2 directories?

Definition at line 3032 of file or.h.

The length of time we think it will take to distribute signatures.

Definition at line 3442 of file or.h.

The number of intervals we think a consensus should be valid.

Definition at line 3444 of file or.h.

Boolean: is this an authoritative directory for version 3 directories?

Definition at line 3034 of file or.h.

Should advertise and sign consensuses with a legacy key, for key migration purposes?

Definition at line 3448 of file or.h.

The length of time we think it will take to distribute votes.

Definition at line 3440 of file or.h.

The length of time that we think a consensus should be fresh.

Definition at line 3438 of file or.h.

Location of bandwidth measurement file.

Definition at line 3451 of file or.h.

Boolean: is this an authoritative directory that's willing to recommend versions?

Definition at line 3040 of file or.h.

Address and mask to hand out for virtual MAPADDRESS requests.

Definition at line 3342 of file or.h.

As a directory authority, vote on assignment of the HSDir flag?

Definition at line 3086 of file or.h.

Related to RejectPlaintextPorts above, except this config option controls whether we warn (in the log and via a controller status event) every time a risky connection is attempted.

Definition at line 3139 of file or.h.

If true, we will warn if a user gives us only an IP address instead of a hostname.

Definition at line 3407 of file or.h.


The documentation for this struct was generated from the following file: