2006-01-12 03:10:25 +01:00
|
|
|
.TH TOR 1 "January 2006" "TOR"
|
2003-11-20 21:56:52 +01:00
|
|
|
.SH NAME
|
|
|
|
tor \- The second-generation onion router
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B tor
|
|
|
|
[\fIOPTION value\fR]...
|
|
|
|
.SH DESCRIPTION
|
|
|
|
.I tor
|
|
|
|
is a connection-oriented anonymizing communication
|
|
|
|
service. Users choose a source-routed path through a set of nodes, and
|
|
|
|
negotiate a "virtual circuit" through the network, in which each node
|
|
|
|
knows its predecessor and successor, but no others. Traffic flowing down
|
|
|
|
the circuit is unwrapped by a symmetric key at each node, which reveals
|
|
|
|
the downstream node.
|
|
|
|
.PP
|
|
|
|
Basically \fItor\fR provides a distributed network of servers ("onion
|
2004-11-10 02:16:50 +01:00
|
|
|
routers"). Users bounce their TCP streams -- web traffic, ftp, ssh, etc --
|
2003-11-20 21:56:52 +01:00
|
|
|
around the routers, and recipients, observers, and even the routers
|
|
|
|
themselves have difficulty tracking the source of the stream.
|
|
|
|
.SH OPTIONS
|
|
|
|
\fB-h, -help\fP
|
|
|
|
Display a short help message and exit.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
|
|
|
\fB-f \fR\fIFILE\fP
|
|
|
|
FILE contains further "option value" pairs. (Default: @CONFDIR@/torrc)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2004-11-10 02:16:50 +01:00
|
|
|
Other options can be specified either on the command-line (\fI--option
|
2004-10-27 05:07:53 +02:00
|
|
|
value\fR), or in the configuration file (\fIoption value\fR).
|
|
|
|
Options are case-insensitive.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-12-03 11:44:11 +01:00
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBBandwidthRate \fR\fIN\fR \fBbytes\fR|\fBKB\fR|\fBMB\fR|\fBGB\fR|\fBTB\fP
|
|
|
|
A token bucket limits the average incoming bandwidth on this node to
|
2006-01-28 09:28:15 +01:00
|
|
|
the specified number of bytes per second. (Default: 3 MB)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-01-11 00:42:24 +01:00
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBBandwidthBurst \fR\fIN\fR \fBbytes\fR|\fBKB\fR|\fBMB\fR|\fBGB\fR|\fBTB\fP
|
2006-01-28 09:28:15 +01:00
|
|
|
Limit the maximum token bucket size (also known as the burst) to the
|
|
|
|
given number of bytes. (Default: 6 MB)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-01-11 00:42:24 +01:00
|
|
|
.TP
|
2005-03-22 20:01:46 +01:00
|
|
|
\fBMaxAdvertisedBandwidth \fR\fIN\fR \fBbytes\fR|\fBKB\fR|\fBMB\fR|\fBGB\fR|\fBTB\fP
|
2005-03-22 21:32:48 +01:00
|
|
|
If set, we will not advertise more than this amount of bandwidth for our
|
|
|
|
BandwidthRate. Server operators who want to reduce the number of clients
|
|
|
|
who ask to build circuits through them (since this is proportional to
|
|
|
|
advertised bandwidth rate) can thus reduce the CPU demands on their
|
|
|
|
server without impacting network performance.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-03-22 20:01:46 +01:00
|
|
|
.TP
|
2006-02-09 03:59:10 +01:00
|
|
|
\fBConnLimit \fR\fINUM\fP
|
|
|
|
The minimum number of file descriptors that must be available to
|
|
|
|
the Tor process before it will start. Tor will ask the OS for as
|
|
|
|
many file descriptors as the OS will allow (you can find this
|
|
|
|
by "ulimit -H -n"). If this number is less than ConnLimit, then
|
|
|
|
Tor will refuse to start.
|
|
|
|
|
|
|
|
You probably don't need to adjust this. It has no effect on
|
2006-04-09 12:28:59 +02:00
|
|
|
Windows since that platform lacks getrlimit(). (Default: 1000)
|
2006-02-09 03:59:10 +01:00
|
|
|
.LP
|
|
|
|
.TP
|
2005-05-15 04:11:58 +02:00
|
|
|
\fBControlPort \fR\fIPort\fP
|
2006-02-13 07:25:16 +01:00
|
|
|
If set, Tor will accept connections on
|
2005-05-15 04:11:58 +02:00
|
|
|
this port, and allow those connections to control the Tor process using the
|
|
|
|
Tor Control Protocol (described in control-spec.txt). Note: unless you also
|
|
|
|
specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP,
|
|
|
|
setting this option will cause Tor to allow any process on the local host to
|
|
|
|
control it.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-05-15 04:11:58 +02:00
|
|
|
.TP
|
2006-02-13 07:25:16 +01:00
|
|
|
\fBControlListenAddress \fR\fIIP\fR[:\fIPORT\fR]\fP
|
|
|
|
Bind the controller listener to this address. If you specify a port,
|
|
|
|
bind to this port rather than the one specified in ControlPort. We
|
|
|
|
strongly recommend that you leave this alone unless you know what you're
|
|
|
|
doing, since giving attackers access to your control listener is really
|
|
|
|
dangerous. (Default: 127.0.0.1)
|
|
|
|
.LP
|
|
|
|
.TP
|
2005-05-15 04:11:58 +02:00
|
|
|
\fBHashedControlPassword \fR\fIhashed_password\fP
|
|
|
|
Don't allow any connections on the control port except when the other process
|
|
|
|
knows the password whose one-way hash is \fIhashed_password\fP. You can
|
|
|
|
compute the hash of a password by running "tor --hash-password
|
|
|
|
\fIpassword\fP".
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-05-15 04:11:58 +02:00
|
|
|
.TP
|
|
|
|
\fBCookieAuthentication \fR\fB0\fR|\fB1\fP
|
|
|
|
If this option is set to 1, don't allow any connections on the control port
|
|
|
|
except when the connecting process knows the contents of a file named
|
|
|
|
"control_auth_cookie", which Tor will create in its data directory. This
|
|
|
|
authentication methods should only be used on systems with good filesystem
|
|
|
|
security. (Default: 0)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-05-15 04:11:58 +02:00
|
|
|
.TP
|
2004-11-12 04:29:03 +01:00
|
|
|
\fBDataDirectory \fR\fIDIR\fP
|
|
|
|
Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-12 04:29:03 +01:00
|
|
|
.TP
|
2005-10-04 23:21:09 +02:00
|
|
|
\fBDirServer \fR[\fInickname\fR] [\fBv1\fR] \fIaddress\fR\fB:\fIport fingerprint\fP
|
2004-10-17 05:33:51 +02:00
|
|
|
Use a nonstandard authoritative directory server at the provided
|
|
|
|
address and port, with the specified key fingerprint. This option can
|
|
|
|
be repeated many times, for multiple authoritative directory
|
2005-09-23 22:44:22 +02:00
|
|
|
servers. If the "v1" option is provided, Tor will use this server as an
|
|
|
|
authority for old-style (v1) directories as well. (Only directory mirrors
|
|
|
|
care about this.) If no \fBdirserver\fP line is given, Tor will use the default
|
|
|
|
directory servers: moria1, moria2, and tor26. NOTE: this option is intended
|
|
|
|
for setting up a private Tor network with its own directory authorities. If
|
|
|
|
you use it, you will be distinguishable from other users, because you won't
|
|
|
|
believe the same authorities they do.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-10-17 05:33:51 +02:00
|
|
|
.TP
|
2006-02-19 23:03:28 +01:00
|
|
|
\fBFetchHidServDescriptors \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
If set to 0, Tor will never fetch any hidden service descriptors from
|
|
|
|
the rendezvous directories. This option is only useful if you're using
|
|
|
|
a Tor controller that handles hidserv fetches for you.
|
|
|
|
(Default: 1)
|
|
|
|
.LP
|
|
|
|
.TP
|
|
|
|
\fBFetchServerDescriptors \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
If set to 0, Tor will never fetch any network status summaries or server
|
|
|
|
descriptors from the directory servers. This option is only useful if
|
|
|
|
you're using a Tor controller that handles directory fetches for you.
|
|
|
|
(Default: 1)
|
|
|
|
.LP
|
|
|
|
.TP
|
2006-04-08 23:48:29 +02:00
|
|
|
\fBFetchUselessDescriptors \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
If set to 1, Tor will fetch every non-obsolete descriptor from the
|
|
|
|
authorities that it hears about. Otherwise, it will avoid fetching
|
|
|
|
useless descriptors, for example for routers that are not running.
|
|
|
|
This option is useful if you're using the contributed "exitlist"
|
|
|
|
script to enumerate Tor nodes that exit to certain addresses.
|
|
|
|
(Default: 0)
|
|
|
|
.LP
|
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBGroup \fR\fIGID\fP
|
2003-11-20 21:56:52 +01:00
|
|
|
On startup, setgid to this user.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2004-11-07 23:36:43 +01:00
|
|
|
\fBHttpProxy\fR \fIhost\fR[:\fIport\fR]\fP
|
2005-05-27 13:57:52 +02:00
|
|
|
Tor will make all its directory requests through this host:port
|
|
|
|
(or host:80 if port is not specified),
|
2004-11-07 23:36:43 +01:00
|
|
|
rather than connecting directly to any directory servers.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-07 23:36:43 +01:00
|
|
|
.TP
|
2005-05-27 13:57:52 +02:00
|
|
|
\fBHttpProxyAuthenticator\fR \fIusername:password\fP
|
|
|
|
If defined, Tor will use this username:password for Basic Http proxy
|
|
|
|
authentication, as in RFC 2617. This is currently the only form of
|
|
|
|
Http proxy authentication that Tor supports; feel free to submit a
|
|
|
|
patch if you want it to support others.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-05-27 13:57:52 +02:00
|
|
|
.TP
|
2005-02-24 12:00:06 +01:00
|
|
|
\fBHttpsProxy\fR \fIhost\fR[:\fIport\fR]\fP
|
2005-05-27 13:57:52 +02:00
|
|
|
Tor will make all its OR (SSL) connections through this host:port
|
|
|
|
(or host:443 if port is not specified), via HTTP CONNECT rather than
|
|
|
|
connecting directly to servers. You may want to set \fBFascistFirewall\fR
|
|
|
|
to restrict the set of ports you might try to connect to, if your Https
|
|
|
|
proxy only allows connecting to certain ports.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-02-24 12:00:06 +01:00
|
|
|
.TP
|
2005-04-26 21:26:47 +02:00
|
|
|
\fBHttpsProxyAuthenticator\fR \fIusername:password\fP
|
|
|
|
If defined, Tor will use this username:password for Basic Https proxy
|
|
|
|
authentication, as in RFC 2617. This is currently the only form of
|
|
|
|
Https proxy authentication that Tor supports; feel free to submit a
|
2005-05-22 17:04:02 +02:00
|
|
|
patch if you want it to support others.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-04-26 21:26:47 +02:00
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBKeepalivePeriod \fR\fINUM\fP
|
2004-11-07 23:36:43 +01:00
|
|
|
To keep firewalls from expiring connections, send a padding keepalive
|
2005-05-27 09:36:54 +02:00
|
|
|
cell every NUM seconds on open connections that are in use. If the
|
|
|
|
connection has no open circuits, it will instead be closed after NUM
|
|
|
|
seconds of idleness. (Default: 5 minutes)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2005-05-15 04:11:58 +02:00
|
|
|
\fBLog \fR\fIminSeverity\fR[-\fImaxSeverity\fR] \fBstderr\fR|\fBstdout\fR|\fBsyslog\fR\fP
|
|
|
|
Send all messages between \fIminSeverity\fR and \fImaxSeverity\fR to
|
|
|
|
the standard output stream, the standard error stream, or to the system
|
|
|
|
log. (The "syslog" value is only supported on Unix.) Recognized
|
2006-01-05 11:36:40 +01:00
|
|
|
severity levels are debug, info, notice, warn, and err. We advise using
|
|
|
|
"notice" in most cases, since anything more verbose may provide sensitive
|
|
|
|
information to an attacker who obtains the logs. If only one
|
2005-05-15 04:11:58 +02:00
|
|
|
severity level is given, all messages of that level or higher will be
|
|
|
|
sent to the listed destination.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-05-15 04:11:58 +02:00
|
|
|
.TP
|
|
|
|
\fBLog \fR\fIminSeverity\fR[-\fImaxSeverity\fR] \fBfile\fR \fIFILENAME\fP
|
|
|
|
As above, but send log messages to the listed filename. The "Log"
|
|
|
|
option may appear more than once in a configuration file. Messages
|
|
|
|
are sent to all the logs that match their severity level.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-05-15 04:11:58 +02:00
|
|
|
.TP
|
2004-11-07 23:36:43 +01:00
|
|
|
\fBOutboundBindAddress \fR\fIIP\fP
|
2004-09-03 01:41:06 +02:00
|
|
|
Make all outbound connections originate from the IP address specified. This
|
|
|
|
is only useful when you have multiple network interfaces, and you want all
|
|
|
|
of Tor's outgoing connections to use a single one.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-09-03 01:41:06 +02:00
|
|
|
.TP
|
2005-08-25 08:11:50 +02:00
|
|
|
\fBPidFile \fR\fIFILE\fP
|
2003-11-20 21:56:52 +01:00
|
|
|
On startup, write our PID to FILE. On clean shutdown, remove FILE.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2006-06-05 11:51:29 +02:00
|
|
|
\fBProtocolWarnings \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
If 1, Tor will log with severity 'warn' various cases of other parties
|
|
|
|
not following the Tor specification. Otherwise, they are logged with
|
|
|
|
severity 'info'. (Default: 0)
|
|
|
|
.LP
|
|
|
|
.TP
|
2004-11-07 23:36:43 +01:00
|
|
|
\fBRunAsDaemon \fR\fB0\fR|\fB1\fR\fP
|
2006-05-23 09:03:30 +02:00
|
|
|
If 1, Tor forks and daemonizes to the background. This option has
|
|
|
|
no effect on Windows; instead you should use the --service command-line
|
|
|
|
option. (Default: 0)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2005-05-15 04:11:58 +02:00
|
|
|
\fBSafeLogging \fR\fB0\fR|\fB1\fP
|
|
|
|
If 1, Tor replaces potentially sensitive strings in the logs
|
|
|
|
(e.g. addresses) with the string [scrubbed]. This way logs can still be
|
|
|
|
useful, but they don't leave behind personally identifying information
|
|
|
|
about what sites a user might have visited. (Default: 1)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-13 18:17:04 +01:00
|
|
|
.TP
|
2005-05-15 04:11:58 +02:00
|
|
|
\fBUser \fR\fIUID\fP
|
|
|
|
On startup, setuid to this user.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-06-20 20:56:35 +02:00
|
|
|
.TP
|
2006-06-16 02:04:46 +02:00
|
|
|
\fBHardwareAccel \fR\fB0\fR|\fB1\fP
|
2005-06-20 20:56:35 +02:00
|
|
|
If non-zero, try to use crypto hardware acceleration when
|
2006-02-09 04:22:58 +01:00
|
|
|
available. This is untested and probably buggy. (Default: 0)
|
2003-11-20 21:56:52 +01:00
|
|
|
|
|
|
|
.SH CLIENT OPTIONS
|
|
|
|
.PP
|
2006-03-22 00:30:24 +01:00
|
|
|
The following options are useful only for clients (that is, if \fBSocksPort\fP is non-zero):
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2006-03-19 02:39:10 +01:00
|
|
|
\fBAllowInvalidNodes\fR \fBentry\fR|\fBexit\fR|\fBmiddle\fR|\fBintroduction\fR|\fBrendezvous\fR|...\fP
|
2006-08-18 19:46:14 +02:00
|
|
|
If some Tor servers are obviously not working right, the directory
|
2006-08-18 20:19:35 +02:00
|
|
|
authorities can manually mark them as invalid, meaning that it's not
|
2006-08-18 19:46:14 +02:00
|
|
|
recommended you use them for entry or exit positions in your circuits. You
|
|
|
|
can opt to use them in some circuit positions, though. The default is
|
|
|
|
"middle,rendezvous", and other choices are not advised.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-10 01:19:04 +01:00
|
|
|
.TP
|
2006-03-22 01:56:03 +01:00
|
|
|
\fBCircuitBuildTimeout \fR\fINUM\fP
|
|
|
|
Try for at most NUM seconds when building circuits. If the circuit
|
|
|
|
isn't open in that time, give up on it.
|
|
|
|
(Default: 1 minute.)
|
|
|
|
.LP
|
|
|
|
.TP
|
|
|
|
\fBCircuitIdleTimeout \fR\fINUM\fP
|
|
|
|
If we have keept a clean (never used) circuit around for NUM seconds,
|
|
|
|
then close it. This way when the Tor client is entirely idle, it can
|
|
|
|
expire all of its circuits, and then expire its TLS connections. Also,
|
|
|
|
if we end up making a circuit that is not useful for exiting any of
|
|
|
|
the requests we're receiving, it won't forever take up a slot in the
|
|
|
|
circuit list.
|
|
|
|
(Default: 1 hour.)
|
|
|
|
.LP
|
|
|
|
.TP
|
2004-11-07 23:36:43 +01:00
|
|
|
\fBClientOnly \fR\fB0\fR|\fB1\fR\fP
|
2005-05-15 01:13:24 +02:00
|
|
|
If set to 1, Tor will under no circumstances run as a server. The default
|
2005-05-15 02:04:24 +02:00
|
|
|
is to run as a client unless ORPort is configured. (Usually,
|
2004-09-10 02:15:59 +02:00
|
|
|
you don't need to set this; Tor is pretty smart at figuring out whether
|
2005-05-15 02:04:24 +02:00
|
|
|
you are reliable and high-bandwidth enough to be a useful server.)
|
2006-02-19 23:03:28 +01:00
|
|
|
(Default: 0)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-09-10 02:15:59 +02:00
|
|
|
.TP
|
2006-03-20 21:15:50 +01:00
|
|
|
\fBExcludeNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
|
|
|
|
A list of nodes to never use when building a circuit.
|
|
|
|
.LP
|
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBEntryNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
|
2006-03-20 21:15:50 +01:00
|
|
|
A list of preferred nodes to use for the first hop in the circuit.
|
|
|
|
These are treated only as preferences unless StrictEntryNodes (see
|
|
|
|
below) is also set.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-01-12 07:06:47 +01:00
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBExitNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
|
2006-03-20 21:15:50 +01:00
|
|
|
A list of preferred nodes to use for the last hop in the circuit.
|
|
|
|
These are treated only as preferences unless StrictExitNodes (see
|
|
|
|
below) is also set.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-01-12 07:06:47 +01:00
|
|
|
.TP
|
2006-03-20 21:15:50 +01:00
|
|
|
\fBStrictEntryNodes \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
If 1, Tor will never use any nodes besides those listed in "EntryNodes" for
|
|
|
|
the first hop of a circuit.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-02-28 06:11:10 +01:00
|
|
|
.TP
|
2004-11-07 23:36:43 +01:00
|
|
|
\fBStrictExitNodes \fR\fB0\fR|\fB1\fR\fP
|
2006-03-20 21:15:50 +01:00
|
|
|
If 1, Tor will never use any nodes besides those listed in "ExitNodes" for
|
2004-08-15 22:14:44 +02:00
|
|
|
the last hop of a circuit.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-08-15 22:14:44 +02:00
|
|
|
.TP
|
2004-11-07 23:36:43 +01:00
|
|
|
\fBFascistFirewall \fR\fB0\fR|\fB1\fR\fP
|
2004-09-08 08:46:33 +02:00
|
|
|
If 1, Tor will only create outgoing connections to ORs running on ports that
|
2004-11-07 23:36:43 +01:00
|
|
|
your firewall allows (defaults to 80 and 443; see \fBFirewallPorts\fR). This will
|
2004-09-08 08:46:33 +02:00
|
|
|
allow you to run Tor as a client behind a firewall with restrictive policies,
|
2004-09-10 20:56:52 +02:00
|
|
|
but will not allow you to run as a server behind such a firewall.
|
2005-08-08 23:58:48 +02:00
|
|
|
This option is deprecated; use
|
|
|
|
ReachableAddresses instead.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-09-08 08:46:33 +02:00
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBFirewallPorts \fR\fIPORTS\fP
|
2005-08-08 23:58:48 +02:00
|
|
|
A list of ports that your firewall allows you to connect to. Only
|
|
|
|
used when \fBFascistFirewall\fR is set. This option is deprecated; use
|
|
|
|
ReachableAddresses instead. (Default: 80, 443)
|
|
|
|
.LP
|
|
|
|
.TP
|
2005-08-09 12:35:06 +02:00
|
|
|
\fBReachableAddresses \fR\fIADDR\fP[\fB/\fP\fIMASK\fP][:\fIPORT\fP]...\fP
|
2006-02-19 09:31:47 +01:00
|
|
|
A comma-separated list of IP addresses and ports that your firewall allows you
|
2006-02-13 23:43:42 +01:00
|
|
|
to connect to. The format is as
|
2005-08-08 23:58:48 +02:00
|
|
|
for the addresses in ExitPolicy, except that "accept" is understood
|
2005-08-17 06:15:25 +02:00
|
|
|
unless "reject" is explicitly provided. For example, 'ReachableAddresses
|
2005-08-08 23:58:48 +02:00
|
|
|
99.0.0.0/8, reject 18.0.0.0/8:80, accept *:80' means that your
|
|
|
|
firewall allows connections to everything inside net 99, rejects port
|
|
|
|
80 connections to net 18, and accepts connections to port 80 otherwise.
|
|
|
|
(Default: 'accept *:*'.)
|
2005-08-07 23:24:00 +02:00
|
|
|
.LP
|
|
|
|
.TP
|
2006-02-13 23:43:42 +01:00
|
|
|
\fBReachableDirAddresses \fR\fIADDR\fP[\fB/\fP\fIMASK\fP][:\fIPORT\fP]...\fP
|
|
|
|
Like \fBReachableAddresses\fP, a list of addresses and ports. Tor will obey
|
|
|
|
these restrictions when fetching directory information, using standard HTTP
|
2006-06-16 02:04:46 +02:00
|
|
|
GET requests. If not set explicitly then the value of \fBReachableAddresses\fP
|
2006-02-13 23:43:42 +01:00
|
|
|
is used. If \fBHttpProxy\fR is set then these connections will go through that
|
|
|
|
proxy.
|
|
|
|
.LP
|
|
|
|
.TP
|
|
|
|
\fBReachableORAddresses \fR\fIADDR\fP[\fB/\fP\fIMASK\fP][:\fIPORT\fP]...\fP
|
|
|
|
Like \fBReachableAddresses\fP, a list of addresses and ports. Tor will obey
|
|
|
|
these restrictions when connecting to Onion Routers, using TLS/SSL. If not set
|
2006-06-16 02:04:46 +02:00
|
|
|
explicitly then the value of \fBReachableAddresses\fP is used. If
|
2006-02-13 23:43:42 +01:00
|
|
|
\fBHttpsProxy\fR is set then these connections will go through that proxy.
|
|
|
|
|
|
|
|
The separation between \fBReachableORAddresses\fP and
|
|
|
|
\fBReachableDirAddresses\fP is only interesting when you are connecting through
|
|
|
|
proxies (see \fBHttpProxy\fR and \fBHttpsProxy\fR). Most proxies limit TLS
|
|
|
|
connections (which Tor uses to connect to Onion Routers) to port 443, and some
|
|
|
|
limit HTTP GET requests (which Tor uses for fetching directory information) to
|
|
|
|
port 80.
|
|
|
|
.LP
|
|
|
|
.TP
|
2005-01-12 07:45:00 +01:00
|
|
|
\fBLongLivedPorts \fR\fIPORTS\fP
|
|
|
|
A list of ports for services that tend to have long-running connections
|
|
|
|
(e.g. chat and interactive shells). Circuits for streams that use these
|
|
|
|
ports will contain only high-uptime nodes, to reduce the chance that a
|
2006-06-10 02:30:49 +02:00
|
|
|
node will go down before the stream is finished.
|
|
|
|
(Default: 21, 22, 706, 1863, 5050, 5190, 5222, 5223, 6667, 8300, 8888)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-01-12 07:45:00 +01:00
|
|
|
.TP
|
2005-02-25 22:15:04 +01:00
|
|
|
\fBMapAddress\fR \fIaddress\fR \fInewaddress\fR
|
2006-06-10 02:30:49 +02:00
|
|
|
When a request for address arrives to Tor, it will rewrite it to
|
|
|
|
newaddress before processing it. For example, if you always want
|
|
|
|
connections to www.indymedia.org to exit via \fItorserver\fR (where
|
|
|
|
\fItorserver\fR is the nickname of the server),
|
2005-05-23 16:02:26 +02:00
|
|
|
use "MapAddress www.indymedia.org www.indymedia.org.torserver.exit".
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-02-25 22:15:04 +01:00
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBNewCircuitPeriod \fR\fINUM\fP
|
2005-05-15 03:37:34 +02:00
|
|
|
Every NUM seconds consider whether to build a new circuit. (Default: 30 seconds)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2005-03-12 02:09:41 +01:00
|
|
|
\fBMaxCircuitDirtiness \fR\fINUM\fP
|
2006-06-10 02:30:49 +02:00
|
|
|
Feel free to reuse a circuit that was first used at most NUM seconds ago,
|
|
|
|
but never attach a new stream to a circuit that is too old.
|
|
|
|
(Default: 10 minutes)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-03-12 02:09:41 +01:00
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBNodeFamily \fR\fInickname\fR,\fInickname\fR,\fI...\fP
|
2004-11-10 02:16:50 +01:00
|
|
|
The named Tor servers constitute a "family" of similar or co-administered
|
2004-11-10 01:36:58 +01:00
|
|
|
servers, so never use any two of them in the same circuit. Defining a
|
|
|
|
NodeFamily is only needed when a server doesn't list the family itself
|
|
|
|
(with MyFamily). This option can be used multiple times.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-10-17 05:33:51 +02:00
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
.\" \fBPathlenCoinWeight \fR\fI0.0-1.0\fP
|
2006-06-10 02:30:49 +02:00
|
|
|
.\" Paths are 3 hops plus a geometric distribution centered around this coinweight.
|
2005-05-23 16:02:26 +02:00
|
|
|
.\" Must be >=0.0 and <1.0. (Default: 0.3) NOT USED CURRENTLY
|
2004-10-27 05:07:53 +02:00
|
|
|
.\" .TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBRendNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
|
2004-09-03 01:41:06 +02:00
|
|
|
A list of preferred nodes to use for the rendezvous point, if possible.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-09-03 01:41:06 +02:00
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBRendExcludeNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
|
2004-09-03 01:41:06 +02:00
|
|
|
A list of nodes to never use when choosing a rendezvous point.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-09-03 01:41:06 +02:00
|
|
|
.TP
|
2006-03-22 00:30:24 +01:00
|
|
|
\fBSocksPort \fR\fIPORT\fP
|
|
|
|
Advertise this port to listen for connections from Socks-speaking
|
2005-05-12 14:58:49 +02:00
|
|
|
applications. Set this to 0 if you don't want to allow application
|
|
|
|
connections. (Default: 9050)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2006-03-22 00:30:24 +01:00
|
|
|
\fBSocksListenAddress \fR\fIIP\fR[:\fIPORT\fR]\fP
|
|
|
|
Bind to this address to listen for connections from Socks-speaking
|
2005-05-12 14:58:49 +02:00
|
|
|
applications. (Default: 127.0.0.1) You can also specify a port
|
|
|
|
(e.g. 192.168.0.1:9100). This directive can be specified multiple times
|
|
|
|
to bind to multiple addresses/ports.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-06-07 21:09:05 +02:00
|
|
|
.TP
|
2006-03-22 00:30:24 +01:00
|
|
|
\fBSocksPolicy \fR\fIpolicy\fR,\fIpolicy\fR,\fI...\fP
|
|
|
|
Set an entrance policy for this server, to limit who can connect to the
|
|
|
|
Socks ports.
|
2005-05-23 16:02:26 +02:00
|
|
|
The policies have the same form as exit policies below.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-02-25 22:15:04 +01:00
|
|
|
.TP
|
2006-03-22 00:30:24 +01:00
|
|
|
\fBSocksTimeout \fR\fINUM\fP
|
|
|
|
Let a socks connection wait NUM seconds unattached before we fail it.
|
|
|
|
(Default: 2 minutes.)
|
|
|
|
.LP
|
|
|
|
.TP
|
2006-06-10 02:32:14 +02:00
|
|
|
\fBTestVia \fR\fInickname\fR,\fInickname\fR,\fI...\fP
|
|
|
|
A list of nodes to prefer for your middle hop when building testing
|
|
|
|
circuits. This option is mainly for debugging reachability problems.
|
|
|
|
.LP
|
|
|
|
.TP
|
2005-04-28 02:03:34 +02:00
|
|
|
\fBTrackHostExits \fR\fIhost\fR,\fI.domain\fR,\fI...\fR\fP
|
2005-02-25 22:15:04 +01:00
|
|
|
For each value in the comma separated list, Tor will track recent connections
|
|
|
|
to hosts that match this value and attempt to
|
|
|
|
reuse the same exit node for each. If the value is prepended with a '.', it is
|
|
|
|
treated as matching an entire domain. If one of the values is just a '.', it
|
|
|
|
means match everything. This option is useful if you frequently connect to
|
|
|
|
sites that will expire all your authentication cookies (ie log you out) if
|
|
|
|
your IP address changes. Note that this option does have the disadvantage of
|
|
|
|
making it more clear that a given history is
|
|
|
|
associated with a single user. However, most people who would wish to observe
|
|
|
|
this will observe it through cookies or other protocol-specific means anyhow.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-02-25 22:15:04 +01:00
|
|
|
.TP
|
|
|
|
\fBTrackHostExitsExpire \fR\fINUM\fP
|
|
|
|
Since exit servers go up and down, it is desirable to expire the association
|
2005-07-12 23:06:31 +02:00
|
|
|
between host and exit server after NUM seconds. The default
|
2005-02-25 22:15:04 +01:00
|
|
|
is 1800 seconds (30 minutes).
|
2005-08-05 03:40:10 +02:00
|
|
|
.LP
|
|
|
|
.TP
|
2006-06-16 02:04:46 +02:00
|
|
|
\fBUseEntryGuards \fR\fB0\fR|\fB1\fR\fP
|
2005-12-28 10:13:02 +01:00
|
|
|
If this option is set to 1, we pick a few long-term entry servers, and
|
2006-01-10 23:26:45 +01:00
|
|
|
try to stick with them. This is desirable because
|
2005-08-05 03:40:10 +02:00
|
|
|
constantly changing servers increases the odds that an adversary who owns
|
|
|
|
some servers will observe a fraction of your paths.
|
2006-01-11 01:59:24 +01:00
|
|
|
(Defaults to 1.)
|
2005-08-05 03:40:10 +02:00
|
|
|
.LP
|
|
|
|
.TP
|
2006-01-10 23:26:45 +01:00
|
|
|
\fBNumEntryGuards \fR\fINUM\fP
|
|
|
|
If UseEntryGuards is set to 1, we will try to pick a total of NUM routers
|
2005-12-28 10:13:02 +01:00
|
|
|
as long-term entries for our circuits.
|
2005-08-05 03:40:10 +02:00
|
|
|
(Defaults to 3.)
|
2006-02-05 23:45:02 +01:00
|
|
|
.LP
|
|
|
|
.TP
|
2006-06-16 02:04:46 +02:00
|
|
|
\fBSafeSocks \fR\fB0\fR|\fB1\fR\fP
|
2006-03-19 02:52:18 +01:00
|
|
|
When this option is enabled, Tor will reject application connections that
|
|
|
|
use unsafe variants of the socks protocol -- ones that only provide an
|
|
|
|
IP address, meaning the application is doing a DNS resolve first.
|
|
|
|
Specifically, these are socks4 and socks5 when not doing remote DNS.
|
|
|
|
(Defaults to 0.)
|
|
|
|
.LP
|
|
|
|
.TP
|
2006-02-05 23:45:02 +01:00
|
|
|
\fBTestSocks \fR\fB0\fR|\fB1\fR\fP
|
2006-02-09 05:21:03 +01:00
|
|
|
When this option is enabled, Tor will make a notice-level log entry for
|
|
|
|
each connection to the Socks port indicating whether the request used
|
2006-03-19 02:52:18 +01:00
|
|
|
a safe socks protocol or an unsafe one (see above entry on SafeSocks).
|
|
|
|
This helps to determine whether an application using Tor is possibly
|
|
|
|
leaking DNS requests.
|
2006-02-09 05:21:39 +01:00
|
|
|
(Default: 0)
|
2006-04-18 05:51:18 +02:00
|
|
|
.LP
|
|
|
|
.TP
|
2006-05-23 22:15:51 +02:00
|
|
|
\fBVirtualAddrNetwork \fR\fIAddress\fB/\fIbits\fP
|
2006-04-18 05:51:18 +02:00
|
|
|
When a controller asks for a virtual (unused) address with the
|
|
|
|
'MAPADDRESS' command, Tor picks an unassigned address from this range.
|
|
|
|
(Default: 127.192.0.0/10)
|
2003-11-20 21:56:52 +01:00
|
|
|
|
|
|
|
.SH SERVER OPTIONS
|
|
|
|
.PP
|
2004-10-27 05:07:53 +02:00
|
|
|
The following options are useful only for servers (that is, if \fBORPort\fP is non-zero):
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBAddress \fR\fIaddress\fP
|
2004-11-12 04:30:11 +01:00
|
|
|
The IP or fqdn of this server (e.g. moria.mit.edu). You can leave this
|
|
|
|
unset, and Tor will guess your IP.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2005-08-27 00:57:24 +02:00
|
|
|
\fBAssumeReachable \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
This option is used when bootstrapping a new Tor network. If set to 1,
|
|
|
|
don't do self-reachability testing; just upload your server descriptor
|
|
|
|
immediately. If \fBAuthoritativeDirectory\fP is also set, this option
|
|
|
|
instructs the dirserver to bypass remote reachability testing too and
|
|
|
|
list all connected servers as running.
|
|
|
|
.LP
|
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBContactInfo \fR\fIemail_address\fP
|
2006-06-16 02:04:46 +02:00
|
|
|
Administrative contact information for server. This line might get
|
|
|
|
picked up by spam harvesters, so you may want to obscure the fact
|
|
|
|
that it's an email address.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBExitPolicy \fR\fIpolicy\fR,\fIpolicy\fR,\fI...\fP
|
2004-04-06 03:00:26 +02:00
|
|
|
Set an exit policy for this server. Each policy is of the form
|
2005-05-24 18:59:29 +02:00
|
|
|
"\fBaccept\fP|\fBreject\fP \fIADDR\fP[\fB/\fP\fIMASK\fP]\fB[:\fP\fIPORT\fP]".
|
2004-06-07 21:09:05 +02:00
|
|
|
If \fB/\fP\fIMASK\fP is omitted then this policy just applies to the host
|
2004-04-06 03:00:26 +02:00
|
|
|
given. Instead of giving a host or network you can also use "\fB*\fP" to
|
2004-12-11 17:13:15 +01:00
|
|
|
denote the universe (0.0.0.0/0). \fIPORT\fP can be a single port number,
|
|
|
|
an interval of ports "\fIFROM_PORT\fP\fB-\fP\fITO_PORT\fP", or "\fB*\fP".
|
2006-02-20 06:32:35 +01:00
|
|
|
If \fIPORT\fP is omitted, that means "\fB*\fP".
|
2004-04-06 03:00:26 +02:00
|
|
|
|
2006-02-01 06:22:11 +01:00
|
|
|
For example, "accept 18.7.22.69:*,reject 18.0.0.0/8:*,accept *:*" would
|
|
|
|
reject any traffic destined for MIT except for web.mit.edu, and
|
2004-04-06 03:00:26 +02:00
|
|
|
accept anything else.
|
2004-06-07 21:09:05 +02:00
|
|
|
|
2005-12-08 20:58:14 +01:00
|
|
|
To specify all internal and link-local networks (including 0.0.0.0/8,
|
|
|
|
169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, and
|
|
|
|
172.16.0.0/12), you can use the "private" alias instead of an address.
|
2006-02-01 06:22:11 +01:00
|
|
|
These addresses are rejected by default (at the beginning of your
|
|
|
|
exit policy) unless you set the ExitPolicyRejectPrivate config option
|
|
|
|
to 0. For example, once you've done that, you could allow HTTP to
|
|
|
|
127.0.0.1 and block all other connections to internal networks with
|
|
|
|
"accept
|
2005-12-08 20:58:14 +01:00
|
|
|
127.0.0.1:80,reject private:*". See RFC 1918 and RFC 3330 for more
|
2005-12-08 20:40:24 +01:00
|
|
|
details about internal and reserved IP address space.
|
|
|
|
|
2004-06-23 03:49:10 +02:00
|
|
|
This directive can be specified multiple times so you don't have to put
|
|
|
|
it all on one line.
|
|
|
|
|
2005-12-08 20:40:24 +01:00
|
|
|
Policies are considered first to last, and the first match wins. If
|
2004-12-11 17:13:15 +01:00
|
|
|
you want to _replace_ the default exit policy, end your exit policy with
|
|
|
|
either a reject *:* or an accept *:*. Otherwise, you're _augmenting_
|
|
|
|
(prepending to) the default exit policy. The default exit policy is:
|
2004-06-23 03:49:10 +02:00
|
|
|
.PD 0
|
|
|
|
.RS 12
|
2005-03-11 06:18:18 +01:00
|
|
|
.IP "reject *:25"
|
|
|
|
.IP "reject *:119"
|
|
|
|
.IP "reject *:135-139"
|
|
|
|
.IP "reject *:445"
|
2005-09-10 00:47:08 +02:00
|
|
|
.IP "reject *:465"
|
|
|
|
.IP "reject *:587"
|
2004-08-08 07:33:15 +02:00
|
|
|
.IP "reject *:1214"
|
2005-02-04 00:44:10 +01:00
|
|
|
.IP "reject *:4661-4666"
|
|
|
|
.IP "reject *:6346-6429"
|
2005-03-11 06:18:18 +01:00
|
|
|
.IP "reject *:6699"
|
2005-02-04 00:44:10 +01:00
|
|
|
.IP "reject *:6881-6999"
|
2005-03-11 06:18:18 +01:00
|
|
|
.IP "accept *:*"
|
2004-06-23 03:49:10 +02:00
|
|
|
.RE
|
|
|
|
.PD
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2006-02-01 06:22:11 +01:00
|
|
|
\fBExitPolicyRejectPrivate \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
Reject all private (local) networks at the beginning of your exit
|
|
|
|
policy. See above entry on ExitPolicy. (Default: 1)
|
|
|
|
.LP
|
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBMaxOnionsPending \fR\fINUM\fP
|
2003-11-20 21:56:52 +01:00
|
|
|
If you have more than this number of onionskins queued for decrypt, reject new ones. (Default: 100)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBMyFamily \fR\fInickname\fR,\fInickname\fR,\fI...\fP
|
2004-10-17 05:33:51 +02:00
|
|
|
Declare that this Tor server is controlled or administered by a group
|
2004-11-10 02:20:17 +01:00
|
|
|
or organization identical or similar to that of the other named servers.
|
2004-10-17 05:33:51 +02:00
|
|
|
When two servers both declare that they are in the same 'family', Tor clients
|
2005-03-12 00:53:07 +01:00
|
|
|
will not use them in the same circuit. (Each server only needs to list the
|
|
|
|
other servers in its family; it doesn't need to list itself, but it won't hurt.)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-10-17 05:33:51 +02:00
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBNickname \fR\fIname\fP
|
2006-02-10 06:25:58 +01:00
|
|
|
Set the server's nickname to 'name'. Nicknames must be between 1
|
|
|
|
and 19 characters inclusive, and must contain only the characters
|
|
|
|
[a-zA-Z0-9].
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBNumCPUs \fR\fInum\fP
|
2003-11-20 21:56:52 +01:00
|
|
|
How many processes to use at once for decrypting onionskins. (Default: 1)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBORPort \fR\fIPORT\fP
|
2005-05-12 14:58:49 +02:00
|
|
|
Advertise this port to listen for connections from Tor clients and servers.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2006-02-13 07:19:18 +01:00
|
|
|
\fBORListenAddress \fR\fIIP\fR[:\fIPORT\fR]\fP
|
2005-05-12 14:58:49 +02:00
|
|
|
Bind to this IP address to listen for connections from Tor clients and
|
|
|
|
servers. If you specify a port, bind to this port rather than the one
|
|
|
|
specified in ORPort. (Default: 0.0.0.0)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-10-17 05:33:51 +02:00
|
|
|
.TP
|
2006-02-19 23:03:28 +01:00
|
|
|
\fBPublishServerDescriptor \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
If set to 0, Tor will act as a server if you have an ORPort
|
|
|
|
defined, but it will not publish its descriptor to the dirservers. This
|
|
|
|
option is useful if you're testing out your server, or if you're using
|
|
|
|
a Tor controller that handles directory publishing for you.
|
|
|
|
(Default: 1)
|
|
|
|
.LP
|
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBRedirectExit \fR\fIpattern target\fP
|
2004-10-17 05:33:51 +02:00
|
|
|
Whenever an outgoing connection tries to connect to one of a given set
|
2004-10-19 19:46:06 +02:00
|
|
|
of addresses, connect to \fItarget\fP (an \fIaddress:port\fP pair) instead.
|
|
|
|
The address
|
2004-10-17 05:33:51 +02:00
|
|
|
pattern is given in the same format as for an exit policy. The
|
|
|
|
address translation applies after exit policies are applied. Multiple
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBRedirectExit\fP options can be used: once any one has matched
|
2004-10-19 19:46:06 +02:00
|
|
|
successfully, no subsequent rules are considered. You can specify that no
|
|
|
|
redirection is to be performed on a given set of addresses by using the
|
|
|
|
special target string "pass", which prevents subsequent rules from being
|
|
|
|
considered.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-09 06:18:15 +01:00
|
|
|
.TP
|
2005-08-09 12:35:06 +02:00
|
|
|
\fBShutdownWaitLength\fR \fINUM\fP
|
2005-03-12 21:18:38 +01:00
|
|
|
When we get a SIGINT and we're a server, we begin shutting down: we close
|
|
|
|
listeners and start refusing new circuits. After \fBNUM\fP seconds,
|
|
|
|
we exit. If we get a second SIGINT, we exit immediately. (Default:
|
|
|
|
30 seconds)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-03-12 21:18:38 +01:00
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBAccountingMax \fR\fIN\fR \fBbytes\fR|\fBKB\fR|\fBMB\fR|\fBGB\fR|\fBTB\fP
|
|
|
|
Never send more than the specified number of bytes in a given
|
2004-11-23 08:37:25 +01:00
|
|
|
accounting period, or receive more than that number in the period.
|
2005-05-01 21:36:56 +02:00
|
|
|
For example, with AccountingMax set to 1 GB, a server could send 900 MB
|
|
|
|
and receive 800 MB and continue running. It will only hibernate once one
|
|
|
|
of the two reaches 1 GB.
|
2004-11-22 22:58:55 +01:00
|
|
|
When the number of bytes is exhausted, Tor will hibernate until some
|
|
|
|
time in the next accounting period. To prevent all servers from
|
|
|
|
waking at the same time, Tor will also wait until a random point in
|
|
|
|
each period before waking up. If you have bandwidth cost issues,
|
2005-03-26 07:15:43 +01:00
|
|
|
enabling hibernation is preferable to setting a low bandwidth, since it
|
2004-11-09 06:18:15 +01:00
|
|
|
provides users with a collection of fast servers that are up some of
|
|
|
|
the time, which is more useful than a set of slow servers that are
|
|
|
|
always "available".
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-09 06:18:15 +01:00
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBAccountingStart \fR\fBday\fR|\fBweek\fR|\fBmonth\fR [\fIday\fR] \fIHH:MM\fR\fP
|
|
|
|
Specify how long accounting periods last. If \fBmonth\fP is given,
|
|
|
|
each accounting period runs from the time \fIHH:MM\fR on the
|
|
|
|
\fIday\fRth day of one month to the same day and time of the next.
|
|
|
|
(The day must be between 1 and 28.) If \fBweek\fP is given, each
|
|
|
|
accounting period runs from the time \fIHH:MM\fR of the \fIday\fRth
|
|
|
|
day of one week to the same day and time of the next week, with Monday
|
|
|
|
as day 1 and Sunday as day 7. If \fBday\fR is given, each accounting
|
|
|
|
period runs from the time \fIHH:MM\fR each day to the same time on the
|
2004-11-23 23:35:22 +01:00
|
|
|
next day. All times are local, and given in 24-hour time. (Defaults to
|
|
|
|
"month 1 0:00".)
|
2006-09-21 23:48:16 +02:00
|
|
|
.LP
|
|
|
|
.TP
|
|
|
|
\fBServerDNSResolvConfFile \fR\fIfilename\fP
|
|
|
|
Overrides the default DNS configuration with the configuration in
|
|
|
|
\fIfilename\fP. The file format is the same as the standard Unix
|
|
|
|
"\fBresolv.conf\fP" file (7). This option only effects name lookup for
|
|
|
|
addresses requested by clients; and only takes effect if Tor was built with
|
|
|
|
eventdns support. (Defaults to use the system DNS configuration.)
|
|
|
|
.LP
|
|
|
|
.TP
|
|
|
|
\fBServerDNSSearchDomains \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
If set to \fB1\fP, then we will search for addresses in the local search
|
|
|
|
domain. For example, if this system is configured to believe it is in
|
|
|
|
"example.com", and a client tries to connect to "www", the client will be
|
|
|
|
connected to "www.example.com".
|
|
|
|
This option only effects name lookup for addresses requested by clients.
|
|
|
|
(Defaults to "0".)
|
2006-09-21 23:48:22 +02:00
|
|
|
.LP
|
|
|
|
.TP
|
|
|
|
\fBServerDNSDetectHijacking \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
When this option is set to 1, we will test periodically to determine whether
|
|
|
|
our local nameservers have been configured to hijack failing DNS requests
|
|
|
|
(usually to an advertising site). If they are, we will attempt to correct
|
|
|
|
this. This option only effects name lookup for addresses requested by
|
|
|
|
clients; and only takes effect if Tor was built with eventdns support.
|
|
|
|
(Defaults to "1".)
|
2003-11-20 21:56:52 +01:00
|
|
|
|
|
|
|
.SH DIRECTORY SERVER OPTIONS
|
|
|
|
.PP
|
2004-10-27 05:07:53 +02:00
|
|
|
The following options are useful only for directory servers (that is, if \fBDirPort\fP is non-zero):
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2004-11-07 23:36:43 +01:00
|
|
|
\fBAuthoritativeDirectory \fR\fB0\fR|\fB1\fR\fP
|
2004-09-10 01:52:15 +02:00
|
|
|
When this option is set to 1, Tor operates as an authoritative
|
|
|
|
directory server. Instead of caching the directory, it generates its
|
|
|
|
own list of good servers, signs it, and sends that to the clients.
|
|
|
|
Unless the clients already have you listed as a trusted directory, you
|
|
|
|
probably do not want to set this option. Please coordinate with the other
|
|
|
|
admins at tor-ops@freehaven.net if you think you should be a directory.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-09-10 01:52:15 +02:00
|
|
|
.TP
|
2006-01-12 01:03:30 +01:00
|
|
|
\fBV1AuthoritativeDirectory \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
When this option is set in addition to \fBAuthoritativeDirectory\fP, Tor also
|
|
|
|
generates a version 1 directory (for Tor clients up to 0.1.0.x).
|
|
|
|
(As of Tor 0.1.1.12 every (v2) authoritative directory still provides most of
|
|
|
|
the v1 directory functionality, even without this option set to 1.
|
|
|
|
This however is expected to change in the future.)
|
|
|
|
.LP
|
|
|
|
.TP
|
|
|
|
\fBVersioningAuthoritativeDirectory \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
When this option is set to 1, Tor adds information on
|
|
|
|
which versions of Tor are still believed safe for use to
|
|
|
|
the published directory. Each version 1 authority is
|
|
|
|
automatically a versioning authority; version 2 authorities
|
|
|
|
provide this service optionally. See \fBRecommendedVersions\fP,
|
|
|
|
\fBRecommendedClientVersions\fP, and \fBRecommendedServerVersions\fP.
|
|
|
|
.LP
|
|
|
|
.TP
|
|
|
|
\fBNamingAuthoritativeDirectory \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
When this option is set to 1, then the server advertises that it has
|
|
|
|
opinions about nickname-to-fingerprint bindings. It will include these
|
|
|
|
opinions in its published network-status pages, by listing servers with
|
|
|
|
the flag "Named" if a correct binding between that nickname and
|
|
|
|
fingerprint has been registered with the dirserver. Naming dirservers
|
|
|
|
will refuse to accept or publish descriptors that contradict a
|
|
|
|
registered binding. See \fBapproved-routers\fP in the \fBFILES\fP
|
|
|
|
section below.
|
|
|
|
.LP
|
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBDirPort \fR\fIPORT\fP
|
2005-05-12 14:58:49 +02:00
|
|
|
Advertise the directory service on this port.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2006-02-13 07:19:18 +01:00
|
|
|
\fBDirListenAddress \fR\fIIP\fR[:\fIPORT\fR]\fP
|
2005-05-12 14:58:49 +02:00
|
|
|
Bind the directory service to this address. If you specify a port, bind
|
|
|
|
to this port rather than the one specified in DirPort. (Default: 0.0.0.0)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBDirPolicy \fR\fIpolicy\fR,\fIpolicy\fR,\fI...\fP
|
2006-06-10 02:30:49 +02:00
|
|
|
Set an entrance policy for this server, to limit who can connect to the
|
|
|
|
directory ports.
|
2005-05-23 16:02:26 +02:00
|
|
|
The policies have the same form as exit policies above.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-10-27 08:29:11 +02:00
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBRecommendedVersions \fR\fISTRING\fP
|
2006-01-12 00:22:47 +01:00
|
|
|
STRING is a comma-separated list of Tor versions currently believed
|
2004-10-17 05:33:51 +02:00
|
|
|
to be safe. The list is included in each directory, and nodes which
|
|
|
|
pull down the directory learn whether they need to upgrade. This
|
|
|
|
option can appear multiple times: the values from multiple lines are
|
|
|
|
spliced together.
|
2006-01-12 01:03:30 +01:00
|
|
|
When this is set then
|
|
|
|
\fBVersioningAuthoritativeDirectory\fP should be set too.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-09-10 01:52:15 +02:00
|
|
|
.TP
|
2006-01-12 00:21:25 +01:00
|
|
|
\fBRecommendedClientVersions \fR\fISTRING\fP
|
2006-01-12 00:22:47 +01:00
|
|
|
STRING is a comma-separated list of Tor versions currently believed
|
2006-01-12 00:21:25 +01:00
|
|
|
to be safe for clients to use. This information is included in version 2
|
|
|
|
directories. If this is not set then the value of \fBRecommendedVersions\fR
|
|
|
|
is used.
|
2006-01-12 01:03:30 +01:00
|
|
|
When this is set then
|
|
|
|
\fBVersioningAuthoritativeDirectory\fP should be set too.
|
2006-01-12 00:21:25 +01:00
|
|
|
.LP
|
|
|
|
.TP
|
|
|
|
\fBRecommendedServerVersions \fR\fISTRING\fP
|
2006-01-12 00:22:47 +01:00
|
|
|
STRING is a comma-separated list of Tor versions currently believed
|
2006-01-12 00:21:25 +01:00
|
|
|
to be safe for servers to use. This information is included in version 2
|
|
|
|
directories. If this is not set then the value of \fBRecommendedVersions\fR
|
|
|
|
is used.
|
2006-01-12 01:03:30 +01:00
|
|
|
When this is set then
|
|
|
|
\fBVersioningAuthoritativeDirectory\fP should be set too.
|
2006-01-12 00:21:25 +01:00
|
|
|
.LP
|
|
|
|
.TP
|
2005-01-06 22:03:47 +01:00
|
|
|
\fBDirAllowPrivateAddresses \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
If set to 1, Tor will accept router descriptors with arbitrary "Address"
|
|
|
|
elements. Otherwise, if the address is not an IP or is a private IP,
|
|
|
|
it will reject the router descriptor. Defaults to 0.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-01-06 22:03:47 +01:00
|
|
|
.TP
|
2004-11-07 23:36:43 +01:00
|
|
|
\fBRunTesting \fR\fB0\fR|\fB1\fR\fP
|
2004-09-10 02:15:59 +02:00
|
|
|
If set to 1, Tor tries to build circuits through all of the servers it
|
2004-09-10 01:52:15 +02:00
|
|
|
knows about, so it can tell which are up and which are down. This
|
|
|
|
option is only useful for authoritative directories, so you probably
|
|
|
|
don't want to use it.
|
2006-03-08 09:17:25 +01:00
|
|
|
.LP
|
|
|
|
.TP
|
|
|
|
\fBAuthDirInvalid \fR\fIAddressPattern\fR...\fP
|
|
|
|
Authoritative directories only. A set of address patterns for servers that
|
|
|
|
will never be listed as "valid" in any network status document that this
|
|
|
|
authority publishes.
|
|
|
|
.LP
|
|
|
|
.TP
|
|
|
|
\fBAuthDirReject \fR\fIAddressPattern\fR...\fP
|
|
|
|
Authoritative directories only. A set of address patterns for servers that
|
|
|
|
will never be listed at all in any network status document that this
|
|
|
|
authority publishes, or accepted as an OR address in any descriptor submitted
|
|
|
|
for publication by this authority.
|
2006-03-09 02:47:04 +01:00
|
|
|
.LP
|
|
|
|
.TP
|
|
|
|
\fBAuthDirRejectUnlisted \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
Authoritative directories only. If set to 1, the directory server
|
|
|
|
rejects all uploaded server descriptors that aren't explicitly listed
|
|
|
|
in the fingerprints file. This acts as a "panic button" if we get
|
|
|
|
Sybiled. (Default: 0)
|
2004-09-10 01:52:15 +02:00
|
|
|
|
2004-10-27 05:07:53 +02:00
|
|
|
.SH HIDDEN SERVICE OPTIONS
|
2004-04-01 02:36:46 +02:00
|
|
|
.PP
|
|
|
|
The following options are used to configure a hidden service.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-04-01 02:36:46 +02:00
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBHiddenServiceDir \fR\fIDIRECTORY\fP
|
2004-04-01 02:36:46 +02:00
|
|
|
Store data files for a hidden service in DIRECTORY. Every hidden
|
|
|
|
service must have a separate directory. You may use this option multiple
|
|
|
|
times to specify multiple services.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-04-01 02:36:46 +02:00
|
|
|
.TP
|
2004-10-27 05:07:53 +02:00
|
|
|
\fBHiddenServicePort \fR\fIVIRTPORT \fR[\fITARGET\fR]\fP
|
2004-04-01 02:36:46 +02:00
|
|
|
Configure a virtual port VIRTPORT for a hidden service. You may use this
|
|
|
|
option multiple times; each time applies to the service using the most recent
|
|
|
|
hiddenservicedir. By default, this option maps the virtual port to the
|
|
|
|
same port on 127.0.0.1. You may override the target port, address, or both
|
|
|
|
by specifying a target of addr, port, or addr:port.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-04-08 08:30:15 +02:00
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBHiddenServiceNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
|
2004-04-08 08:30:15 +02:00
|
|
|
If possible, use the specified nodes as introduction points for the hidden
|
2005-01-18 22:53:11 +01:00
|
|
|
service. If this is left unset, Tor will be smart and pick some reasonable
|
|
|
|
ones; most people can leave this unset.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-04-08 08:30:15 +02:00
|
|
|
.TP
|
2004-11-22 22:58:55 +01:00
|
|
|
\fBHiddenServiceExcludeNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
|
2004-04-08 08:30:15 +02:00
|
|
|
Do not use the specified nodes as introduction points for the hidden
|
2005-01-18 22:53:11 +01:00
|
|
|
service. In normal use there is no reason to set this.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2005-05-15 04:11:58 +02:00
|
|
|
.TP
|
2006-02-19 23:03:28 +01:00
|
|
|
\fBPublishHidServDescriptors \fR\fB0\fR|\fB1\fR\fP
|
|
|
|
If set to 0, Tor will run any hidden services you configure, but it won't
|
|
|
|
advertise them to the rendezvous directory. This option is only useful
|
|
|
|
if you're using a Tor controller that handles hidserv publishing for you.
|
|
|
|
(Default: 1)
|
|
|
|
.LP
|
|
|
|
.TP
|
2005-05-15 04:11:58 +02:00
|
|
|
\fBRendPostPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
|
|
|
|
Every time the specified period elapses, Tor uploads any rendezvous
|
|
|
|
service descriptors to the directory servers. This information is also
|
2005-05-23 16:02:26 +02:00
|
|
|
uploaded whenever it changes. (Default: 20 minutes)
|
2004-04-01 02:36:46 +02:00
|
|
|
|
2004-09-03 01:41:06 +02:00
|
|
|
.\" UNDOCUMENTED
|
|
|
|
.\" ignoreversion
|
2004-09-10 01:52:15 +02:00
|
|
|
|
2004-11-16 03:19:55 +01:00
|
|
|
.SH SIGNALS
|
|
|
|
Tor catches the following signals:
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-16 03:19:55 +01:00
|
|
|
.TP
|
|
|
|
\fBSIGTERM\fR
|
|
|
|
Tor will catch this, clean up and sync to disk if necessary, and exit.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-16 03:19:55 +01:00
|
|
|
.TP
|
|
|
|
\fBSIGINT\fR
|
|
|
|
Tor clients behave as with SIGTERM; but Tor servers will do a controlled
|
|
|
|
slow shutdown, closing listeners and waiting 30 seconds before exiting.
|
2005-04-26 02:52:21 +02:00
|
|
|
(The delay can be configured with the ShutdownWaitLength config option.)
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-16 03:19:55 +01:00
|
|
|
.TP
|
|
|
|
\fBSIGHUP\fR
|
2004-12-23 02:05:03 +01:00
|
|
|
The signal instructs Tor to reload its configuration (including closing
|
|
|
|
and reopening logs), fetch a new directory, and kill and restart its
|
|
|
|
helper processes if applicable.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-16 03:19:55 +01:00
|
|
|
.TP
|
|
|
|
\fBSIGUSR1\fR
|
|
|
|
Log statistics about current connections, past connections, and
|
|
|
|
throughput.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-16 03:19:55 +01:00
|
|
|
.TP
|
2004-11-20 08:35:20 +01:00
|
|
|
\fBSIGUSR2\fR
|
|
|
|
Switch all logs to loglevel debug. You can go back to the old loglevels
|
|
|
|
by sending a SIGHUP.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-20 08:35:20 +01:00
|
|
|
.TP
|
2004-11-16 03:19:55 +01:00
|
|
|
\fBSIGCHLD\fR
|
|
|
|
Tor receives this signal when one of its helper processes has exited,
|
|
|
|
so it can clean up.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-16 03:19:55 +01:00
|
|
|
.TP
|
|
|
|
\fBSIGPIPE\fR
|
|
|
|
Tor catches this signal and ignores it.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2004-11-16 03:19:55 +01:00
|
|
|
.TP
|
|
|
|
\fBSIGXFSZ\fR
|
|
|
|
If this signal exists on your platform, Tor catches and ignores it.
|
|
|
|
|
2003-11-20 21:56:52 +01:00
|
|
|
.SH FILES
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2006-01-12 03:10:25 +01:00
|
|
|
.B @CONFDIR@/torrc
|
2003-11-20 21:56:52 +01:00
|
|
|
The configuration file, which contains "option value" pairs.
|
2005-06-26 10:57:25 +02:00
|
|
|
.LP
|
2003-11-20 21:56:52 +01:00
|
|
|
.TP
|
2006-01-12 03:10:25 +01:00
|
|
|
.B @LOCALSTATEDIR@/lib/tor/
|
2004-08-07 10:30:16 +02:00
|
|
|
The tor process stores keys and other data here.
|
2006-01-12 01:03:30 +01:00
|
|
|
.LP
|
|
|
|
.TP
|
2006-01-12 03:10:25 +01:00
|
|
|
.B \fIDataDirectory\fP/approved-routers
|
|
|
|
Only for naming authoritative directory servers
|
|
|
|
(see \fBNamingAuthoritativeDirectory\fP).
|
|
|
|
This file lists nickname to identity bindings. Each line lists a
|
|
|
|
nickname and a fingerprint seperated by whitespace. See your
|
2006-01-12 01:52:41 +01:00
|
|
|
\fBfingerprint\fP file in the \fIDataDirectory\fP for an example line.
|
2006-01-12 03:10:25 +01:00
|
|
|
If the nickname is \fB!reject\fP then descriptors from the given
|
|
|
|
identity (fingerprint) are rejected by the authoritative directory
|
|
|
|
server. If it is \fB!invalid\fP then descriptors are accepted but marked
|
2006-01-12 04:01:51 +01:00
|
|
|
in the directory as not valid, that is, not recommended.
|
2003-11-20 21:56:52 +01:00
|
|
|
.SH SEE ALSO
|
|
|
|
.BR privoxy (1),
|
2004-11-07 23:36:43 +01:00
|
|
|
.BR tsocks (1),
|
|
|
|
.BR torify (1)
|
2003-11-20 21:56:52 +01:00
|
|
|
|
2004-12-24 06:06:51 +01:00
|
|
|
.BR http://tor.eff.org/
|
2003-11-20 21:56:52 +01:00
|
|
|
|
|
|
|
.SH BUGS
|
2005-05-15 04:11:58 +02:00
|
|
|
Plenty, probably. Tor is still in development. Please report them.
|
2003-11-20 21:56:52 +01:00
|
|
|
.SH AUTHORS
|
2004-08-07 10:30:16 +02:00
|
|
|
Roger Dingledine <arma@mit.edu>, Nick Mathewson <nickm@alum.mit.edu>.
|