[tor-commits] [tor/master] Mark a big pile of options as deprecated.

nickm at torproject.org nickm at torproject.org
Sat Aug 20 00:09:56 UTC 2016 

commit 66e610da7239e8921c0063043c07c7f2c3fd48d9
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Aug 3 12:08:57 2016 -0400

    Mark a big pile of options as deprecated.
---
 src/or/config.c    | 40 +++++++++++++++++++++++++++++++++++++++-
 src/or/confparse.c |  7 ++++---
 src/or/confparse.h |  3 +--
 3 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/src/or/config.c b/src/or/config.c
index 2f5ba6c..cf1365a 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -588,6 +588,44 @@ static const config_var_t testing_tor_network_defaults[] = {
 #undef V
 #undef OBSOLETE
 
+static const config_deprecation_t option_deprecation_notes_[] = {
+  { "AllowDotExit", "Unrestricted use of the .exit notation can be used for "
+    "a wide variety of application-level attacks." },
+  { "AllowInvalidNodes", "There is no reason to enable this option; at best "
+    "it will make you easier to track." },
+  { "AllowSingleHopCircuits", "Almost no relays actually allow single-hop "
+    "exits, making this option pointless." },
+  { "AllowSingleHopExits", "Turning this on will make your relay easier "
+    "to abuse." },
+  { "ClientDNSRejectInternalAddresses", "Turning this on makes your client "
+    "easier to fingerprint, and may open you to esoteric attacks." },
+  { "ExcludeSingleHopRelays", "Turning it on makes your client easier to "
+    "fingerprint." },
+  { "FastFirstHopPK", "Changing this option does not make your client more "
+    "secure, but does make it easier to fingerprint." },
+  { "CloseHSClientCircutisImmediatelyOnTimeout", "This option makes your "
+    "client easier to fingerprint." },
+  { "CloseHSServiceRendircutisImmediatelyOnTimeout", "This option makes "
+    "your hidden services easier to fingerprint." },
+  { "WarnUnsafeSocks", "Changing this option makes it easier for you "
+    "to accidentally lose your anonymity by leaking DNS information" },
+  { "TLSECGroup", "The default is a nice secure choice; the other option "
+    "is less secure." },
+  { "UseNTorHandshake", "The ntor handshake should always be used." },
+
+  { "ControlListenAddress", "Use ControlPort instead." },
+  { "DirListenAddress", "Use DirPort instead, possibly with the "
+    "NoAdvertise sub-option" },
+  { "DNSListenAddress", "Use DNSPort instead." },
+  { "SocksListenAddress", "Use SocksPort instead." },
+  { "TransListenAddress", "Use TransPort instead." },
+  { "NATDListenAddress", "Use NATDPort instead." },
+  { "ORListenAddress", "Use ORPort instead, possibly with the "
+    "NoAdvertise sub-option" },
+
+  { NULL, NULL }
+};
+
 #ifdef _WIN32
 static char *get_windows_conf_root(void);
 #endif
@@ -636,7 +674,7 @@ STATIC config_format_t options_format = {
   OR_OPTIONS_MAGIC,
   STRUCT_OFFSET(or_options_t, magic_),
   option_abbrevs_,
-  NULL,
+  option_deprecation_notes_,
   option_vars_,
   options_validate_cb,
   NULL
diff --git a/src/or/confparse.c b/src/or/confparse.c
index 233cc7c..8bd4b81 100644
--- a/src/or/confparse.c
+++ b/src/or/confparse.c
@@ -192,7 +192,7 @@ config_find_deprecation(const config_format_t *fmt, const char *key)
   if (fmt->deprecations == NULL)
     return NULL;
 
-  config_deprecation_t *d;
+  const config_deprecation_t *d;
   for (d = fmt->deprecations; d->name; ++d) {
     if (!strcasecmp(d->name, key)) {
       return d->why_deprecated ? d->why_deprecated : "";
@@ -486,10 +486,11 @@ config_mark_lists_fragile(const config_format_t *fmt, void *options)
 void
 warn_deprecated_option(const char *what, const char *why)
 {
+  const char *space = (why && strlen(why)) ? " " : "";
   log_warn(LD_CONFIG, "The %s option is deprecated, and will most likely "
-           "be removed in a future version of Tor.%s (If you think this is "
+           "be removed in a future version of Tor.%s%s (If you think this is "
            "a mistake, please let us know!)",
-           what, why);
+           what, space, why);
 }
 
 /** If <b>c</b> is a syntactically valid configuration line, update
diff --git a/src/or/confparse.h b/src/or/confparse.h
index 415d680..87dd6d8 100644
--- a/src/or/confparse.h
+++ b/src/or/confparse.h
@@ -81,7 +81,7 @@ typedef struct config_format_t {
   off_t magic_offset; /**< Offset of the magic value within the struct. */
   config_abbrev_t *abbrevs; /**< List of abbreviations that we expand when
                              * parsing this format. */
-  config_deprecation_t *deprecations; /** List of deprecated options */
+  const config_deprecation_t *deprecations; /** List of deprecated options */
   config_var_t *vars; /**< List of variables we recognize, their default
                        * values, and where we stick them in the structure. */
   validate_fn_t validate_fn; /**< Function to validate config. */
@@ -133,6 +133,5 @@ const char *config_expand_abbrev(const config_format_t *fmt,
                                  int command_line, int warn_obsolete);
 void warn_deprecated_option(const char *what, const char *why);
 
-
 #endif

More information about the tor-commits mailing list