mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Merge branch 'bug2865'
This commit is contained in:
commit
cb01aaea12
4
changes/bug2865
Normal file
4
changes/bug2865
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
o Documentation fixes:
|
||||||
|
- Correct the manpage's descriptions for the default values of
|
||||||
|
DirReqStatistics and ExtraInfoStatistics. Fixes bug 2865; bugfix
|
||||||
|
on 0.2.3.1-alpha.
|
@ -167,7 +167,7 @@ Other options can be specified either on the command-line (--option
|
|||||||
You should **not** enable this feature unless you encounter the "no buffer
|
You should **not** enable this feature unless you encounter the "no buffer
|
||||||
space available" issue. Reducing the TCP buffers affects window size for
|
space available" issue. Reducing the TCP buffers affects window size for
|
||||||
the TCP stream and will reduce throughput in proportion to round trip
|
the TCP stream and will reduce throughput in proportion to round trip
|
||||||
time on long paths. (Default: 0.)
|
time on long paths. (Default: 0)
|
||||||
|
|
||||||
**ConstrainedSockSize** __N__ **bytes**|**KB**::
|
**ConstrainedSockSize** __N__ **bytes**|**KB**::
|
||||||
When **ConstrainedSockets** is enabled the receive and transmit buffers for
|
When **ConstrainedSockets** is enabled the receive and transmit buffers for
|
||||||
@ -183,15 +183,15 @@ Other options can be specified either on the command-line (--option
|
|||||||
host to control it. (Setting both authentication methods means either
|
host to control it. (Setting both authentication methods means either
|
||||||
method is sufficient to authenticate to Tor.) This
|
method is sufficient to authenticate to Tor.) This
|
||||||
option is required for many Tor controllers; most use the value of 9051.
|
option is required for many Tor controllers; most use the value of 9051.
|
||||||
Set it to "auto" to have Tor pick a port for you. (Default: 0).
|
Set it to "auto" to have Tor pick a port for you. (Default: 0)
|
||||||
|
|
||||||
**ControlListenAddress** __IP__[:__PORT__]::
|
**ControlListenAddress** __IP__[:__PORT__]::
|
||||||
Bind the controller listener to this address. If you specify a port, bind
|
Bind the controller listener to this address. If you specify a port, bind
|
||||||
to this port rather than the one specified in ControlPort. We strongly
|
to this port rather than the one specified in ControlPort. We strongly
|
||||||
recommend that you leave this alone unless you know what you're doing,
|
recommend that you leave this alone unless you know what you're doing,
|
||||||
since giving attackers access to your control listener is really
|
since giving attackers access to your control listener is really
|
||||||
dangerous. (Default: 127.0.0.1) This directive can be specified multiple
|
dangerous. This directive can be specified multiple
|
||||||
times to bind to multiple addresses/ports.
|
times to bind to multiple addresses/ports. (Default: 127.0.0.1)
|
||||||
|
|
||||||
**ControlSocket** __Path__::
|
**ControlSocket** __Path__::
|
||||||
Like ControlPort, but listens on a Unix domain socket, rather than a TCP
|
Like ControlPort, but listens on a Unix domain socket, rather than a TCP
|
||||||
@ -224,7 +224,7 @@ Other options can be specified either on the command-line (--option
|
|||||||
If this option is set to 0, don't allow the filesystem group to read the
|
If this option is set to 0, don't allow the filesystem group to read the
|
||||||
cookie file. If the option is set to 1, make the cookie file readable by
|
cookie file. If the option is set to 1, make the cookie file readable by
|
||||||
the default GID. [Making the file readable by other groups is not yet
|
the default GID. [Making the file readable by other groups is not yet
|
||||||
implemented; let us know if you need this for some reason.] (Default: 0).
|
implemented; let us know if you need this for some reason.] (Default: 0)
|
||||||
|
|
||||||
**ControlPortWriteToFile** __Path__::
|
**ControlPortWriteToFile** __Path__::
|
||||||
If set, Tor writes the address and port of any control port it opens to
|
If set, Tor writes the address and port of any control port it opens to
|
||||||
@ -234,7 +234,7 @@ Other options can be specified either on the command-line (--option
|
|||||||
**ControlPortFileGroupReadable** **0**|**1**::
|
**ControlPortFileGroupReadable** **0**|**1**::
|
||||||
If this option is set to 0, don't allow the filesystem group to read the
|
If this option is set to 0, don't allow the filesystem group to read the
|
||||||
control port file. If the option is set to 1, make the control port
|
control port file. If the option is set to 1, make the control port
|
||||||
file readable by the default GID. (Default: 0).
|
file readable by the default GID. (Default: 0)
|
||||||
|
|
||||||
**DataDirectory** __DIR__::
|
**DataDirectory** __DIR__::
|
||||||
Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
|
Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
|
||||||
@ -266,7 +266,7 @@ Other options can be specified either on the command-line (--option
|
|||||||
If this option is set to 1, when running as a server, generate our
|
If this option is set to 1, when running as a server, generate our
|
||||||
own Diffie-Hellman group instead of using the one from Apache's mod_ssl.
|
own Diffie-Hellman group instead of using the one from Apache's mod_ssl.
|
||||||
This option may help circumvent censorship based on static
|
This option may help circumvent censorship based on static
|
||||||
Diffie-Hellman parameters. (Default: 1).
|
Diffie-Hellman parameters. (Default: 1)
|
||||||
|
|
||||||
**AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
|
**AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
|
||||||
|
|
||||||
@ -497,7 +497,7 @@ Other options can be specified either on the command-line (--option
|
|||||||
CircuitPriorityHalflife value (in seconds). If this option is not set at
|
CircuitPriorityHalflife value (in seconds). If this option is not set at
|
||||||
all, we use the behavior recommended in the current consensus
|
all, we use the behavior recommended in the current consensus
|
||||||
networkstatus. This is an advanced option; you generally shouldn't have
|
networkstatus. This is an advanced option; you generally shouldn't have
|
||||||
to mess with it. (Default: not set.)
|
to mess with it. (Default: not set)
|
||||||
|
|
||||||
**DisableIOCP** **0**|**1**::
|
**DisableIOCP** **0**|**1**::
|
||||||
If Tor was built to use the Libevent's "bufferevents" networking code
|
If Tor was built to use the Libevent's "bufferevents" networking code
|
||||||
@ -568,7 +568,7 @@ The following options are useful only for clients (that is, if
|
|||||||
open in that time, give up on it. If LearnCircuitBuildTimeout is 1, this
|
open in that time, give up on it. If LearnCircuitBuildTimeout is 1, this
|
||||||
value serves as the initial value to use before a timeout is learned. If
|
value serves as the initial value to use before a timeout is learned. If
|
||||||
LearnCircuitBuildTimeout is 0, this value is the only value used.
|
LearnCircuitBuildTimeout is 0, this value is the only value used.
|
||||||
(Default: 60 seconds.)
|
(Default: 60 seconds)
|
||||||
|
|
||||||
**CircuitIdleTimeout** __NUM__::
|
**CircuitIdleTimeout** __NUM__::
|
||||||
If we have kept a clean (never used) circuit around for NUM seconds, then
|
If we have kept a clean (never used) circuit around for NUM seconds, then
|
||||||
@ -576,7 +576,7 @@ The following options are useful only for clients (that is, if
|
|||||||
of its circuits, and then expire its TLS connections. Also, if we end up
|
of its circuits, and then expire its TLS connections. Also, if we end up
|
||||||
making a circuit that is not useful for exiting any of the requests we're
|
making a circuit that is not useful for exiting any of the requests we're
|
||||||
receiving, it won't forever take up a slot in the circuit list. (Default: 1
|
receiving, it won't forever take up a slot in the circuit list. (Default: 1
|
||||||
hour.)
|
hour)
|
||||||
|
|
||||||
**CircuitStreamTimeout** __NUM__::
|
**CircuitStreamTimeout** __NUM__::
|
||||||
If non-zero, this option overrides our internal timeout schedule for how
|
If non-zero, this option overrides our internal timeout schedule for how
|
||||||
@ -864,14 +864,14 @@ The following options are useful only for clients (that is, if
|
|||||||
**SocksTimeout** __NUM__::
|
**SocksTimeout** __NUM__::
|
||||||
Let a socks connection wait NUM seconds handshaking, and NUM seconds
|
Let a socks connection wait NUM seconds handshaking, and NUM seconds
|
||||||
unattached waiting for an appropriate circuit, before we fail it. (Default:
|
unattached waiting for an appropriate circuit, before we fail it. (Default:
|
||||||
2 minutes.)
|
2 minutes)
|
||||||
|
|
||||||
**TokenBucketRefillInterval** __NUM__ [**msec**|**second**]::
|
**TokenBucketRefillInterval** __NUM__ [**msec**|**second**]::
|
||||||
Set the refill interval of Tor's token bucket to NUM milliseconds.
|
Set the refill interval of Tor's token bucket to NUM milliseconds.
|
||||||
NUM must be between 1 and 1000, inclusive. Note that the configured
|
NUM must be between 1 and 1000, inclusive. Note that the configured
|
||||||
bandwidth limits are still expressed in bytes per second: this
|
bandwidth limits are still expressed in bytes per second: this
|
||||||
option only affects the frequency with which Tor checks to see whether
|
option only affects the frequency with which Tor checks to see whether
|
||||||
previously exhausted connections may read again. (Default: 100 msec.)
|
previously exhausted connections may read again. (Default: 100 msec)
|
||||||
|
|
||||||
**TrackHostExits** __host__,__.domain__,__...__::
|
**TrackHostExits** __host__,__.domain__,__...__::
|
||||||
For each value in the comma separated list, Tor will track recent
|
For each value in the comma separated list, Tor will track recent
|
||||||
@ -904,18 +904,18 @@ The following options are useful only for clients (that is, if
|
|||||||
If this option is set to 1, we pick a few long-term entry servers, and try
|
If this option is set to 1, we pick a few long-term entry servers, and try
|
||||||
to stick with them. This is desirable because constantly changing servers
|
to stick with them. This is desirable because constantly changing servers
|
||||||
increases the odds that an adversary who owns some servers will observe a
|
increases the odds that an adversary who owns some servers will observe a
|
||||||
fraction of your paths. (Defaults to 1.)
|
fraction of your paths. (Default: 1)
|
||||||
|
|
||||||
**NumEntryGuards** __NUM__::
|
**NumEntryGuards** __NUM__::
|
||||||
If UseEntryGuards is set to 1, we will try to pick a total of NUM routers
|
If UseEntryGuards is set to 1, we will try to pick a total of NUM routers
|
||||||
as long-term entries for our circuits. (Defaults to 3.)
|
as long-term entries for our circuits. (Default: 3)
|
||||||
|
|
||||||
**SafeSocks** **0**|**1**::
|
**SafeSocks** **0**|**1**::
|
||||||
When this option is enabled, Tor will reject application connections that
|
When this option is enabled, Tor will reject application connections that
|
||||||
use unsafe variants of the socks protocol -- ones that only provide an IP
|
use unsafe variants of the socks protocol -- ones that only provide an IP
|
||||||
address, meaning the application is doing a DNS resolve first.
|
address, meaning the application is doing a DNS resolve first.
|
||||||
Specifically, these are socks4 and socks5 when not doing remote DNS.
|
Specifically, these are socks4 and socks5 when not doing remote DNS.
|
||||||
(Defaults to 0.)
|
(Default: 0)
|
||||||
|
|
||||||
**TestSocks** **0**|**1**::
|
**TestSocks** **0**|**1**::
|
||||||
When this option is enabled, Tor will make a notice-level log entry for
|
When this option is enabled, Tor will make a notice-level log entry for
|
||||||
@ -975,7 +975,7 @@ The following options are useful only for clients (that is, if
|
|||||||
Linux's IPTables. If you're planning to use Tor as a transparent proxy for
|
Linux's IPTables. If you're planning to use Tor as a transparent proxy for
|
||||||
a network, you'll want to examine and change VirtualAddrNetwork from the
|
a network, you'll want to examine and change VirtualAddrNetwork from the
|
||||||
default setting. You'll also want to set the TransListenAddress option for
|
default setting. You'll also want to set the TransListenAddress option for
|
||||||
the network you'd like to proxy. (Default: 0).
|
the network you'd like to proxy. (Default: 0)
|
||||||
|
|
||||||
**TransListenAddress** __IP__[:__PORT__]::
|
**TransListenAddress** __IP__[:__PORT__]::
|
||||||
Bind to this address to listen for transparent proxy connections. (Default:
|
Bind to this address to listen for transparent proxy connections. (Default:
|
||||||
@ -1008,7 +1008,7 @@ The following options are useful only for clients (that is, if
|
|||||||
that ends with one of the suffixes in **AutomapHostsSuffixes**, we map an
|
that ends with one of the suffixes in **AutomapHostsSuffixes**, we map an
|
||||||
unused virtual address to that address, and return the new virtual address.
|
unused virtual address to that address, and return the new virtual address.
|
||||||
This is handy for making ".onion" addresses work with applications that
|
This is handy for making ".onion" addresses work with applications that
|
||||||
resolve an address and then connect to it. (Default: 0).
|
resolve an address and then connect to it. (Default: 0)
|
||||||
|
|
||||||
**AutomapHostsSuffixes** __SUFFIX__,__SUFFIX__,__...__::
|
**AutomapHostsSuffixes** __SUFFIX__,__SUFFIX__,__...__::
|
||||||
A comma-separated list of suffixes to use with **AutomapHostsOnResolve**.
|
A comma-separated list of suffixes to use with **AutomapHostsOnResolve**.
|
||||||
@ -1019,7 +1019,7 @@ The following options are useful only for clients (that is, if
|
|||||||
them anonymously. Set the port to "auto" to have Tor pick a port for
|
them anonymously. Set the port to "auto" to have Tor pick a port for
|
||||||
you. This directive can be specified multiple times to bind to multiple
|
you. This directive can be specified multiple times to bind to multiple
|
||||||
addresses/ports. See SOCKSPort for an explanation of isolation
|
addresses/ports. See SOCKSPort for an explanation of isolation
|
||||||
flags. (Default: 0).
|
flags. (Default: 0)
|
||||||
|
|
||||||
**DNSListenAddress** __IP__[:__PORT__]::
|
**DNSListenAddress** __IP__[:__PORT__]::
|
||||||
Bind to this address to listen for DNS connections. (DEPRECATED: As of
|
Bind to this address to listen for DNS connections. (DEPRECATED: As of
|
||||||
@ -1032,35 +1032,35 @@ The following options are useful only for clients (that is, if
|
|||||||
If true, Tor does not believe any anonymously retrieved DNS answer that
|
If true, Tor does not believe any anonymously retrieved DNS answer that
|
||||||
tells it that an address resolves to an internal address (like 127.0.0.1 or
|
tells it that an address resolves to an internal address (like 127.0.0.1 or
|
||||||
192.168.0.1). This option prevents certain browser-based attacks; don't
|
192.168.0.1). This option prevents certain browser-based attacks; don't
|
||||||
turn it off unless you know what you're doing. (Default: 1).
|
turn it off unless you know what you're doing. (Default: 1)
|
||||||
|
|
||||||
**ClientRejectInternalAddresses** **0**|**1**::
|
**ClientRejectInternalAddresses** **0**|**1**::
|
||||||
If true, Tor does not try to fulfill requests to connect to an internal
|
If true, Tor does not try to fulfill requests to connect to an internal
|
||||||
address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is
|
address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is
|
||||||
specifically requested__ (for example, via a .exit hostname, or a
|
specifically requested__ (for example, via a .exit hostname, or a
|
||||||
controller request). (Default: 1).
|
controller request). (Default: 1)
|
||||||
|
|
||||||
**DownloadExtraInfo** **0**|**1**::
|
**DownloadExtraInfo** **0**|**1**::
|
||||||
If true, Tor downloads and caches "extra-info" documents. These documents
|
If true, Tor downloads and caches "extra-info" documents. These documents
|
||||||
contain information about servers other than the information in their
|
contain information about servers other than the information in their
|
||||||
regular router descriptors. Tor does not use this information for anything
|
regular router descriptors. Tor does not use this information for anything
|
||||||
itself; to save bandwidth, leave this option turned off. (Default: 0).
|
itself; to save bandwidth, leave this option turned off. (Default: 0)
|
||||||
|
|
||||||
**FallbackNetworkstatusFile** __FILENAME__::
|
**FallbackNetworkstatusFile** __FILENAME__::
|
||||||
If Tor doesn't have a cached networkstatus file, it starts out using this
|
If Tor doesn't have a cached networkstatus file, it starts out using this
|
||||||
one instead. Even if this file is out of date, Tor can still use it to
|
one instead. Even if this file is out of date, Tor can still use it to
|
||||||
learn about directory mirrors, so it doesn't need to put load on the
|
learn about directory mirrors, so it doesn't need to put load on the
|
||||||
authorities. (Default: None).
|
authorities. (Default: None)
|
||||||
|
|
||||||
**WarnPlaintextPorts** __port__,__port__,__...__::
|
**WarnPlaintextPorts** __port__,__port__,__...__::
|
||||||
Tells Tor to issue a warnings whenever the user tries to make an anonymous
|
Tells Tor to issue a warnings whenever the user tries to make an anonymous
|
||||||
connection to one of these ports. This option is designed to alert users
|
connection to one of these ports. This option is designed to alert users
|
||||||
to services that risk sending passwords in the clear. (Default:
|
to services that risk sending passwords in the clear. (Default:
|
||||||
23,109,110,143).
|
23,109,110,143)
|
||||||
|
|
||||||
**RejectPlaintextPorts** __port__,__port__,__...__::
|
**RejectPlaintextPorts** __port__,__port__,__...__::
|
||||||
Like WarnPlaintextPorts, but instead of warning about risky port uses, Tor
|
Like WarnPlaintextPorts, but instead of warning about risky port uses, Tor
|
||||||
will instead refuse to make the connection. (Default: None).
|
will instead refuse to make the connection. (Default: None)
|
||||||
|
|
||||||
**AllowSingleHopCircuits** **0**|**1**::
|
**AllowSingleHopCircuits** **0**|**1**::
|
||||||
When this option is set, the attached Tor controller can use relays
|
When this option is set, the attached Tor controller can use relays
|
||||||
@ -1300,14 +1300,14 @@ is non-zero):
|
|||||||
of the __dayth__ day of one week to the same day and time of the next week,
|
of the __dayth__ day of one week to the same day and time of the next week,
|
||||||
with Monday as day 1 and Sunday as day 7. If **day** is given, each
|
with Monday as day 1 and Sunday as day 7. If **day** is given, each
|
||||||
accounting period runs from the time __HH:MM__ each day to the same time on
|
accounting period runs from the time __HH:MM__ each day to the same time on
|
||||||
the next day. All times are local, and given in 24-hour time. (Defaults to
|
the next day. All times are local, and given in 24-hour time. (Default:
|
||||||
"month 1 0:00".)
|
"month 1 0:00")
|
||||||
|
|
||||||
**RefuseUnknownExits** **0**|**1**|**auto**::
|
**RefuseUnknownExits** **0**|**1**|**auto**::
|
||||||
Prevent nodes that don't appear in the consensus from exiting using this
|
Prevent nodes that don't appear in the consensus from exiting using this
|
||||||
relay. If the option is 1, we always block exit attempts from such
|
relay. If the option is 1, we always block exit attempts from such
|
||||||
nodes; if it's 0, we never do, and if the option is "auto", then we do
|
nodes; if it's 0, we never do, and if the option is "auto", then we do
|
||||||
whatever the authorities suggest in the consensus. (Defaults to auto.)
|
whatever the authorities suggest in the consensus. (Default: auto)
|
||||||
|
|
||||||
**ServerDNSResolvConfFile** __filename__::
|
**ServerDNSResolvConfFile** __filename__::
|
||||||
Overrides the default DNS configuration with the configuration in
|
Overrides the default DNS configuration with the configuration in
|
||||||
@ -1320,28 +1320,28 @@ is non-zero):
|
|||||||
If this option is false, Tor exits immediately if there are problems
|
If this option is false, Tor exits immediately if there are problems
|
||||||
parsing the system DNS configuration or connecting to nameservers.
|
parsing the system DNS configuration or connecting to nameservers.
|
||||||
Otherwise, Tor continues to periodically retry the system nameservers until
|
Otherwise, Tor continues to periodically retry the system nameservers until
|
||||||
it eventually succeeds. (Defaults to "1".)
|
it eventually succeeds. (Default: 1)
|
||||||
|
|
||||||
**ServerDNSSearchDomains** **0**|**1**::
|
**ServerDNSSearchDomains** **0**|**1**::
|
||||||
If set to 1, then we will search for addresses in the local search domain.
|
If set to 1, then we will search for addresses in the local search domain.
|
||||||
For example, if this system is configured to believe it is in
|
For example, if this system is configured to believe it is in
|
||||||
"example.com", and a client tries to connect to "www", the client will be
|
"example.com", and a client tries to connect to "www", the client will be
|
||||||
connected to "www.example.com". This option only affects name lookups that
|
connected to "www.example.com". This option only affects name lookups that
|
||||||
your server does on behalf of clients. (Defaults to "0".)
|
your server does on behalf of clients. (Default: 0)
|
||||||
|
|
||||||
**ServerDNSDetectHijacking** **0**|**1**::
|
**ServerDNSDetectHijacking** **0**|**1**::
|
||||||
When this option is set to 1, we will test periodically to determine
|
When this option is set to 1, we will test periodically to determine
|
||||||
whether our local nameservers have been configured to hijack failing DNS
|
whether our local nameservers have been configured to hijack failing DNS
|
||||||
requests (usually to an advertising site). If they are, we will attempt to
|
requests (usually to an advertising site). If they are, we will attempt to
|
||||||
correct this. This option only affects name lookups that your server does
|
correct this. This option only affects name lookups that your server does
|
||||||
on behalf of clients. (Defaults to "1".)
|
on behalf of clients. (Default: 1)
|
||||||
|
|
||||||
**ServerDNSTestAddresses** __address__,__address__,__...__::
|
**ServerDNSTestAddresses** __address__,__address__,__...__::
|
||||||
When we're detecting DNS hijacking, make sure that these __valid__ addresses
|
When we're detecting DNS hijacking, make sure that these __valid__ addresses
|
||||||
aren't getting redirected. If they are, then our DNS is completely useless,
|
aren't getting redirected. If they are, then our DNS is completely useless,
|
||||||
and we'll reset our exit policy to "reject *:*". This option only affects
|
and we'll reset our exit policy to "reject *:*". This option only affects
|
||||||
name lookups that your server does on behalf of clients. (Defaults to
|
name lookups that your server does on behalf of clients. (Default:
|
||||||
"www.google.com, www.mit.edu, www.yahoo.com, www.slashdot.org".)
|
"www.google.com, www.mit.edu, www.yahoo.com, www.slashdot.org")
|
||||||
|
|
||||||
**ServerDNSAllowNonRFC953Hostnames** **0**|**1**::
|
**ServerDNSAllowNonRFC953Hostnames** **0**|**1**::
|
||||||
When this option is disabled, Tor does not try to resolve hostnames
|
When this option is disabled, Tor does not try to resolve hostnames
|
||||||
@ -1372,9 +1372,9 @@ is non-zero):
|
|||||||
cells spend in circuit queues to disk every 24 hours. (Default: 0)
|
cells spend in circuit queues to disk every 24 hours. (Default: 0)
|
||||||
|
|
||||||
**DirReqStatistics** **0**|**1**::
|
**DirReqStatistics** **0**|**1**::
|
||||||
When this option is enabled, Tor writes statistics on the number and
|
When this option is enabled, a Tor directory writes statistics on the
|
||||||
response time of network status requests to disk every 24 hours.
|
number and response time of network status requests to disk every 24
|
||||||
(Default: 0)
|
hours. (Default: 1)
|
||||||
|
|
||||||
**EntryStatistics** **0**|**1**::
|
**EntryStatistics** **0**|**1**::
|
||||||
When this option is enabled, Tor writes statistics on the number of
|
When this option is enabled, Tor writes statistics on the number of
|
||||||
@ -1391,7 +1391,7 @@ is non-zero):
|
|||||||
**ExtraInfoStatistics** **0**|**1**::
|
**ExtraInfoStatistics** **0**|**1**::
|
||||||
When this option is enabled, Tor includes previously gathered statistics in
|
When this option is enabled, Tor includes previously gathered statistics in
|
||||||
its extra-info documents that it uploads to the directory authorities.
|
its extra-info documents that it uploads to the directory authorities.
|
||||||
(Default: 0)
|
(Default: 1)
|
||||||
|
|
||||||
DIRECTORY SERVER OPTIONS
|
DIRECTORY SERVER OPTIONS
|
||||||
------------------------
|
------------------------
|
||||||
@ -1488,7 +1488,7 @@ if DirPort is non-zero):
|
|||||||
**FetchV2Networkstatus** **0**|**1**::
|
**FetchV2Networkstatus** **0**|**1**::
|
||||||
If set, we try to fetch the (obsolete, unused) version 2 network status
|
If set, we try to fetch the (obsolete, unused) version 2 network status
|
||||||
consensus documents from the directory authorities. No currently
|
consensus documents from the directory authorities. No currently
|
||||||
supported Tor version uses them. (Default: 0.)
|
supported Tor version uses them. (Default: 0)
|
||||||
|
|
||||||
|
|
||||||
DIRECTORY AUTHORITY SERVER OPTIONS
|
DIRECTORY AUTHORITY SERVER OPTIONS
|
||||||
@ -1522,7 +1522,7 @@ DIRECTORY AUTHORITY SERVER OPTIONS
|
|||||||
**DirAllowPrivateAddresses** **0**|**1**::
|
**DirAllowPrivateAddresses** **0**|**1**::
|
||||||
If set to 1, Tor will accept router descriptors with arbitrary "Address"
|
If set to 1, Tor will accept router descriptors with arbitrary "Address"
|
||||||
elements. Otherwise, if the address is not an IP address or is a private IP
|
elements. Otherwise, if the address is not an IP address or is a private IP
|
||||||
address, it will reject the router descriptor. Defaults to 0.
|
address, it will reject the router descriptor. (Default: 0)
|
||||||
|
|
||||||
**AuthDirBadDir** __AddressPattern...__::
|
**AuthDirBadDir** __AddressPattern...__::
|
||||||
Authoritative directories only. A set of address patterns for servers that
|
Authoritative directories only. A set of address patterns for servers that
|
||||||
@ -1601,7 +1601,7 @@ DIRECTORY AUTHORITY SERVER OPTIONS
|
|||||||
implemented) "bridge community" design, where a community of bridge
|
implemented) "bridge community" design, where a community of bridge
|
||||||
relay operators all use an alternate bridge directory authority,
|
relay operators all use an alternate bridge directory authority,
|
||||||
and their target user audience can periodically fetch the list of
|
and their target user audience can periodically fetch the list of
|
||||||
available community bridges to stay up-to-date. (Default: not set.)
|
available community bridges to stay up-to-date. (Default: not set)
|
||||||
|
|
||||||
**V3AuthVotingInterval** __N__ **minutes**|**hours**::
|
**V3AuthVotingInterval** __N__ **minutes**|**hours**::
|
||||||
V3 authoritative directories only. Configures the server's preferred voting
|
V3 authoritative directories only. Configures the server's preferred voting
|
||||||
@ -1613,14 +1613,14 @@ DIRECTORY AUTHORITY SERVER OPTIONS
|
|||||||
V3 authoritative directories only. Configures the server's preferred delay
|
V3 authoritative directories only. Configures the server's preferred delay
|
||||||
between publishing its vote and assuming it has all the votes from all the
|
between publishing its vote and assuming it has all the votes from all the
|
||||||
other authorities. Note that the actual time used is not the server's
|
other authorities. Note that the actual time used is not the server's
|
||||||
preferred time, but the consensus of all preferences. (Default: 5 minutes.)
|
preferred time, but the consensus of all preferences. (Default: 5 minutes)
|
||||||
|
|
||||||
**V3AuthDistDelay** __N__ **minutes**|**hours**::
|
**V3AuthDistDelay** __N__ **minutes**|**hours**::
|
||||||
V3 authoritative directories only. Configures the server's preferred delay
|
V3 authoritative directories only. Configures the server's preferred delay
|
||||||
between publishing its consensus and signature and assuming it has all the
|
between publishing its consensus and signature and assuming it has all the
|
||||||
signatures from all the other authorities. Note that the actual time used
|
signatures from all the other authorities. Note that the actual time used
|
||||||
is not the server's preferred time, but the consensus of all preferences.
|
is not the server's preferred time, but the consensus of all preferences.
|
||||||
(Default: 5 minutes.)
|
(Default: 5 minutes)
|
||||||
|
|
||||||
**V3AuthNIntervalsValid** __NUM__::
|
**V3AuthNIntervalsValid** __NUM__::
|
||||||
V3 authoritative directories only. Configures the number of VotingIntervals
|
V3 authoritative directories only. Configures the number of VotingIntervals
|
||||||
@ -1628,18 +1628,18 @@ DIRECTORY AUTHORITY SERVER OPTIONS
|
|||||||
increases network partitioning risks; choosing low numbers increases
|
increases network partitioning risks; choosing low numbers increases
|
||||||
directory traffic. Note that the actual number of intervals used is not the
|
directory traffic. Note that the actual number of intervals used is not the
|
||||||
server's preferred number, but the consensus of all preferences. Must be at
|
server's preferred number, but the consensus of all preferences. Must be at
|
||||||
least 2. (Default: 3.)
|
least 2. (Default: 3)
|
||||||
|
|
||||||
**V3BandwidthsFile** __FILENAME__::
|
**V3BandwidthsFile** __FILENAME__::
|
||||||
V3 authoritative directories only. Configures the location of the
|
V3 authoritative directories only. Configures the location of the
|
||||||
bandiwdth-authority generated file storing information on relays' measured
|
bandiwdth-authority generated file storing information on relays' measured
|
||||||
bandwidth capacities. (Default: unset.)
|
bandwidth capacities. (Default: unset)
|
||||||
|
|
||||||
**V3AuthUseLegacyKey** **0**|**1**::
|
**V3AuthUseLegacyKey** **0**|**1**::
|
||||||
If set, the directory authority will sign consensuses not only with its
|
If set, the directory authority will sign consensuses not only with its
|
||||||
own signing key, but also with a "legacy" key and certificate with a
|
own signing key, but also with a "legacy" key and certificate with a
|
||||||
different identity. This feature is used to migrate directory authority
|
different identity. This feature is used to migrate directory authority
|
||||||
keys in the event of a compromise. (Default: 0.)
|
keys in the event of a compromise. (Default: 0)
|
||||||
|
|
||||||
**RephistTrackTime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
|
**RephistTrackTime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
|
||||||
Tells an authority, or other node tracking node reliability and history,
|
Tells an authority, or other node tracking node reliability and history,
|
||||||
|
Loading…
Reference in New Issue
Block a user