Commit Graph

888 Commits

Author SHA1 Message Date
Nick Mathewson
e8cc839e41 Add ability to keep the CAP_NET_BIND_SERVICE capability on Linux
This feature allows us to bind low ports when starting as root and
switching UIDs.

Based on code by David Goulet.

Implement feature 8195
2015-12-15 13:10:57 -05:00
Nick Mathewson
a7d44731d9 Merge remote-tracking branch 'teor/feature4483-v10-squashed' 2015-12-15 12:57:57 -05:00
teor (Tim Wilson-Brown)
2212530bf5 Prop210: Close excess connections once a consensus is downloading
Once tor is downloading a usable consensus, any other connection
attempts are not needed.

Choose a connection to keep, favouring:
* fallback directories over authorities,
* connections initiated earlier over later connections

Close all other connections downloading a consensus.
2015-12-16 04:37:59 +11:00
teor (Tim Wilson-Brown)
35bbf2e4a4 Prop210: Add schedules for simultaneous client consensus downloads
Prop210: Add attempt-based connection schedules

Existing tor schedules increment the schedule position on failure,
then retry the connection after the scheduled time.

To make multiple simultaneous connections, we need to increment the
schedule position when making each attempt, then retry a (potentially
simultaneous) connection after the scheduled time.

(Also change find_dl_schedule_and_len to find_dl_schedule, as it no
longer takes or returns len.)

Prop210: Add multiple simultaneous consensus downloads for clients

Make connections on TestingClientBootstrapConsensus*DownloadSchedule,
incrementing the schedule each time the client attempts to connect.

Check if the number of downloads is less than
TestingClientBootstrapConsensusMaxInProgressTries before trying any
more connections.
2015-12-16 04:37:49 +11:00
Nick Mathewson
54433993c7 Merge branch 'feature17576-UseDefaultFallbackDirs-v2-squashed' 2015-12-15 12:19:08 -05:00
teor (Tim Wilson-Brown)
080ae03ee4 Add UseDefaultFallbackDirs for hard-coded directory mirrors
UseDefaultFallbackDirs enables any hard-coded fallback
directory mirrors. Default is 1, set it to 0 to disable fallbacks.

Implements ticket 17576.
Patch by "teor".
2015-12-15 12:19:01 -05:00
Nick Mathewson
85003f4c80 Add a new ipv6=address:orport flag to DirAuthority and FallbackDir
Resolves # 6027
2015-12-14 23:43:50 +11:00
Jamie Nguyen
ec4ef68271 Introduce DataDirectoryGroupReadable boolean 2015-12-10 20:00:06 -05:00
Nick Mathewson
caff665309 Merge remote-tracking branch 'teor/first-hop-no-private' 2015-12-09 10:47:59 -05:00
Andrew Kvalheim
61d3364f26 Fix formatting typo in manpage. 2015-12-09 10:37:22 -05:00
teor (Tim Wilson-Brown)
23b088907f Refuse to make direct connections to private OR addresses
Refuse connection requests to private OR addresses unless
ExtendAllowPrivateAddresses is set. Previously, tor would
connect, then refuse to send any cells to a private address.

Fixes bugs 17674 and 8976; bugfix on b7c172c9ec (28 Aug 2012)
Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint
release.

Patch by "teor".
2015-11-25 03:11:15 +11:00
Damian Johnson
8661b4b5a2 Drop HidServDirectoryV2 and VoteOnHidServDirectoriesV2
These options were removed from tor in July. Time to axe them from our man
page. :P

  https://gitweb.torproject.org/tor.git/commit/?id=2f8cf524ba4e565ab613504a4c41fd724d32facc
2015-11-23 18:27:17 -08:00
Damian Johnson
feeb3e761c Split 'slop' man page options to their own lines
The slop testing options are the only spot where we try to enumerate multiple
options on the same line. Changing them to each be on their own line as we do
elsewhere.
2015-11-23 18:21:38 -08:00
Damian Johnson
91b0ba1d19 TestingLinkCertLifetime was misnamed as 'TestingLinkCertifetime'
Simple typo - we were missing a letter.
2015-11-23 17:51:30 -08:00
Damian Johnson
961db64d3c Rename RecommendedPackageVersions to RecommendedPackages
A 'RecommendedPackageVersions' option doesn't exist in tor. However, it *does*
have RecommendedPackages...

  feature: https://gitweb.torproject.org/tor.git/commit/?id=c83d8381
  man addition: https://gitweb.torproject.org/tor.git/commit/?id=ddfdeb56
2015-11-23 17:47:00 -08:00
Damian Johnson
1193647ac8 Replace 'SOCKSPort' with 'SocksPort'
When applying changes from proposal 171 Nick renamed SocksPort to SOCKSPort,
and SocksListenAddress to SOCKSListenAddress...

  https://gitweb.torproject.org/tor.git/commit/?id=891ccd3cd0690e83f1dc4dde7698c3bd9d7fe98d

However, this didn't change the option itself in tor (it's still SocksPort),
and wasn't even uniform in the man page. Functionally this doesn't matter
(tor's config options are case insensitive) but this is a pretty clear
regression.
2015-11-23 17:32:49 -08:00
Damian Johnson
5812930dc1 Note in man page where users can file bugs
In addition to inviting users to tell us about bugs, lets say where.
2015-11-23 17:26:46 -08:00
Damian Johnson
690b66ce48 ControlPort's section on flags wasn't indented
Minor formatting issue with our ControlPort entry. The part about flags wasn't
indented with the rest of its description.
2015-11-23 17:25:26 -08:00
Damian Johnson
4417effa52 Malformed ExtORPort entry in man page
Minor formatting issue with our ExtORPort that caused its description to be on
the same line as the option (munging the two together).
2015-11-23 17:23:14 -08:00
teor (Tim Wilson-Brown)
2a4057e042 man update: ExitPolicyRejectPrivate outbound and port addresses
ExitPolicyRejectPrivate now rejects addresses configured via
OutboundBindAddress and any port options, such as ORPort and DirPort.
2015-11-20 10:39:37 +11:00
Nick Mathewson
7bdbcdaed8 Merge commit '7b859fd8c558c9cf08add79db87fb1cb76537535' 2015-11-13 08:42:20 -05:00
Joan Queralt
b370052ae4 + and / usage clarification - Fixes #13158 2015-11-12 14:01:00 -05:00
Nick Mathewson
c1c1c4d057 Refer to the actual minima and the preferred minimum 2015-10-30 10:57:47 -04:00
Nima Fatemi
e6888e2144 Bump up minimum BandwidthRate from 30KB to 250KBytes - Fixes #16382 2015-10-30 10:51:29 -04:00
rl1987
3c08b76fc4 Mention torspec URL in the manpage. 2015-10-30 09:25:39 -04:00
Nick Mathewson
7b859fd8c5 Note that you can use a unix domain socket for hsport 2015-10-21 12:22:05 -04:00
Peter Palfrader
1cf0d82280 Add SyslogIdentityTag
When logging to syslog, allow a tag to be added to the syslog identity
("Tor"), i.e. the string prepended to every log message.  The tag can be
configured by setting SyslogIdentityTag and defaults to none.  Setting
it to "foo" will cause logs to be tagged as "Tor-foo".  Closes: #17194.
2015-09-30 18:34:15 +02:00
Nick Mathewson
51d18aeb42 changes file and manpage entry for AuthDirPinKeys 2015-09-24 11:29:05 -04:00
Nick Mathewson
e94ef30a2f Merge branch 'feature16944_v2' 2015-09-22 09:19:28 -04:00
teor (Tim Wilson-Brown)
b584152874 Update private ExitPolicy in man page and torrcs for 10727, formatting
Update the definition of the private exit policy in the man page
and torrcs. It didn't get merged correctly into the man page, and
it was incomplete in the torrcs. (Unfortunately, we only reject the
primary configured IPv4 and IPv6 addresses, not all configured IPv4
and IPv6 addresses.)

Also fixup msn page formatting errors from changes in tickets 16069
and 17027, mainly unescaped *s.
2015-09-22 12:14:27 +10:00
teor (Tim Wilson-Brown)
7268525142 Add IPv6 syntax to ExitPolicy intro paragraph in man page 2015-09-22 11:44:13 +10:00
teor (Tim Wilson-Brown)
249e82c906 Update docs with advice for separate IPv4 and IPv6 exit policies
Advise users how to configure separate IPv4 and IPv6 exit
policies in the manpage and sample torrcs.

Related to fixes in ticket #16069 and #17027. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-22 11:41:16 +10:00
teor (Tim Wilson-Brown)
a659a3fced Merge branch 'bug17027-reject-private-all-interfaces-v2' into bug16069-bug17027
src/test/test_policy.c:
Merged calls to policies_parse_exit_policy by adding additional arguments.
fixup to remaining instance of ~EXIT_POLICY_IPV6_ENABLED.
Compacting logic test now produces previous list length of 4, corrected this.

src/config/torrc.sample.in:
src/config/torrc.minimal.in-staging:
Merged torrc modification dates in favour of latest.
2015-09-16 09:09:54 +10:00
teor (Tim Wilson-Brown)
098b82c7b2 ExitPolicyRejectPrivate rejects local IPv6 address and interface addresses
ExitPolicyRejectPrivate now rejects more local addresses by default:
 * the relay's published IPv6 address (if any), and
 * any publicly routable IPv4 or IPv6 addresses on any local interfaces.

This resolves a security issue for IPv6 Exits and multihomed Exits that
trust connections originating from localhost.

Resolves ticket 17027. Patch by "teor".
Patch on 42b8fb5a15 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-16 02:56:50 +10:00
teor (Tim Wilson-Brown)
d3358a0a05 ExitPolicy accept6/reject6 produces IPv6 wildcard addresses only
In previous versions of Tor, ExitPolicy accept6/reject6 * produced
policy entries for IPv4 and IPv6 wildcard addresses.

To reduce operator confusion, change accept6/reject6 * to only produce
an IPv6 wildcard address.

Resolves bug #16069.

Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
Nick Mathewson
fcec1f3381 Merge branch 'feature15482_squashed' 2015-09-08 14:03:04 -04:00
Yawning Angel
54510d4d1a Add KeepAliveIsolateSOCKSAuth as a SOCKSPort option.
This controls the circuit dirtyness reset behavior added for Tor
Browser's user experience fix (#15482). Unlike previous iterations
of this patch, the tunable actually works, and is documented.
2015-09-08 14:02:08 -04:00
Nick Mathewson
0ba4e0895a Add "OfflineMasterKey" option
When this is set, and Tor is running as a relay, it will not
generate or load its secret identity key.  You can manage the secret
identity key with --keygen.  Implements ticket 16944.
2015-09-04 09:55:07 -04:00
David Goulet
d40358d91e Enable hidden service statistics by default
HiddenServiceStatistics option is now set to "1" by default.

Fixes #15254

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 13:53:36 +02:00
teor
359faf5e4b New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags
"option to prevent guard,exit,hsdir flag assignment"

"A node will never receive the corresponding flag unless
that node is specified in the
TestingDirAuthVote{Exit,Guard,HSDir} list, regardless of
its uptime, bandwidth, exit policy, or DirPort".

Patch modified by "teor": VoteOnHidServDirectoriesV2
is now obsolete, so TestingDirAuthVoteHSDir always
votes on HSDirs.

Closes ticket 14882. Patch by "robgjansen".
Commit message and changes file by "teor"
with quotes from "robgjansen".
2015-08-18 14:51:57 +10:00
teor
0cb82013cc Fix TestingDirAuthVoteHSDir docs: HSDir flag needs DirPort
Fix an error in the manual page and comments for
TestingDirAuthVoteHSDir, which suggested that a
HSDir required "ORPort connectivity". While this is true,
it is in no way unique to the HSDir flag. Of all the flags,
only HSDirs need a DirPort configured in order for the
authorities to assign that particular flag.

Fixed as part of 14882. Patch by "teor".
Bugfix on 0.2.6.3 (f9d57473e1 on 10 January 2015).
2015-08-18 14:51:57 +10:00
Linus Nordberg
5be36a46ca Move the note about non-localhost SOCKSPort usage up to where it belongs.
I think this section slipped downwards when flags where added.
2015-07-24 09:24:05 -04:00
Nick Mathewson
2ba6542517 Merge remote-tracking branch 'sysrqb/bug15220_026_sysrqb' 2015-07-16 15:38:08 -04:00
David Goulet
adc04580f8 Add the torrc option HiddenServiceNumIntroductionPoints
This is a way to specify the amount of introduction points an hidden service
can have. Maximum value is 10 and the default is 3.

Fixes #4862

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29 11:12:31 -04:00
Nick Mathewson
1b52e95028 Merge branch '12498_ed25519_keys_v6'
Fixed numerous conflicts, and ported code to use new base64 api.
2015-05-28 11:04:33 -04:00
Nick Mathewson
5eb584e2e9 Document some ed25519 key options 2015-05-28 10:47:47 -04:00
Yawning Angel
db7bde08be Add "HiddenServiceMaxStreams" as a per-HS tunable.
When set, this limits the maximum number of simultaneous streams per
rendezvous circuit on the server side of a HS, with further RELAY_BEGIN
cells being silently ignored.

This can be modified via "HiddenServiceMaxStreamsCloseCircuit", which
if set will cause offending rendezvous circuits to be torn down instead.

Addresses part of #16052.
2015-05-20 17:33:59 +00:00
rl1987
636495257b Improve descriptions of statistics-related torrc options. 2015-04-07 14:04:03 -04:00
Nick Mathewson
840c11b14e Remove dynamicdhgroups from the manpage 2015-04-01 13:41:15 -04:00
Nick Mathewson
809517a863 Allow {World,Group}Writable on AF_UNIX {Socks,Control}Ports.
Closes ticket 15220
2015-03-11 13:31:33 -04:00
Nick Mathewson
cf55070e2c Standardize on calling them "server descriptors".
Part of 14987
2015-02-25 09:22:25 -05:00
Roger Dingledine
0883f92e91 specify a default for UseGuardFraction in the man page
(as added in commit f4a63f8eab)
2015-02-18 16:37:14 -05:00
Nick Mathewson
96211bcf71 Merge branch 'bug9321_rerebase'
Conflicts:
	src/or/dirvote.h
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-18 09:17:02 -05:00
George Kadianakis
f4a63f8eab Parse GuardFraction info from consensuses and votes.
Also introduce the UseGuardFraction torrc option which decides whether
clients should use guardfraction information found in the consensus.
2015-02-18 09:09:33 -05:00
George Kadianakis
5ee48d47a7 Parse Guardfraction file and apply results to routerstatuses.
Parse the file just before voting and apply its information to the
provided vote_routerstatus_t. This follows the same logic as when
dirauths parse bwauth files.
2015-02-18 09:09:32 -05:00
Nick Mathewson
caf28519d9 Merge branch 'bug12844'
Conflicts:
	src/or/circuituse.c
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-11 15:06:04 -05:00
Nick Mathewson
79c7625e38 Merge branch 'feature13864_squashed' 2015-02-02 13:32:53 -05:00
rl1987
1ebed7cc77 Updating manpage for 13865. 2015-02-02 13:31:56 -05:00
Nick Mathewson
fac8d40886 Merge remote-tracking branch 'public/prop227_v2'
Conflicts:
	src/test/test_dir.c
2015-01-30 07:36:55 -05:00
Nick Mathewson
64bde3ae94 Document unix: addresses 2015-01-29 14:56:45 -05:00
Nick Mathewson
204374f7d9 Remove SocksSocket; it's now spelled differently thanks to 14451
Also, revise bug12585 changes file to mention new syntax
2015-01-29 14:46:20 -05:00
Nick Mathewson
e7e33d4b04 Merge branch 'bug14084' 2015-01-20 14:07:37 -05:00
Nick Mathewson
18a15747ef Expand manpage for HiddenServiceAllowUnknownPorts based on suggestions from qwerty1 and dgoulet 2015-01-20 14:07:22 -05:00
Nick Mathewson
485fdcf826 Unify parse_unix_socket_config and parse_port_config
This incidentally makes unix SocksSocket support all the same options
as SocksPort.

This patch breaks 'SocksSocket 0'; next will restore it.

Resolves 14254.
2015-01-16 11:35:48 -05:00
Nick Mathewson
d8b7dcca8d Merge remote-tracking branch 'andrea/ticket12585_v3' 2015-01-13 12:50:55 -05:00
Nick Mathewson
ddfdeb5659 More documentation for proposal 227 work 2015-01-10 15:44:32 -05:00
teor
f9d57473e1 Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard
TestingDirAuthVoteHSDir ensures that authorities vote the HSDir flag
for the listed relays regardless of uptime or ORPort connectivity.
Respects the value of VoteOnHidServDirectoriesV2.

Partial fix for bug 14067.
2015-01-10 22:34:28 +11:00
Andrea Shepard
78956f5d85 Document disable option for ControlSocket and SocksSocket 2015-01-09 20:54:59 +00:00
Jacob Appelbaum
8d59ddf3cb Commit second draft of Jake's SOCKS5-over-AF_UNIX patch. See ticket #12585.
Signed-off-by: Andrea Shepard <andrea@torproject.org>
2015-01-07 17:42:57 +00:00
Nick Mathewson
90b9e23bec Merge branch 'exitnode_10067_squashed'
Conflicts:
	src/or/or.h
2015-01-06 15:15:18 -05:00
Nick Mathewson
35efce1f3f Add an ExitRelay option to override ExitPolicy
If we're not a relay, we ignore it.

If it's set to 1, we obey ExitPolicy.

If it's set to 0, we force ExitPolicy to 'reject *:*'

And if it's set to auto, then we warn the user if they're running an
exit, and tell them how they can stop running an exit if they didn't
mean to do that.

Fixes ticket 10067
2015-01-06 14:31:20 -05:00
Nick Mathewson
74cd57517c New option "HiddenServiceAllowUnknownPorts"
This allows hidden services to disable the anti-scanning feature
introduced in 0.2.6.2-alpha. With this option not set, a connection
to an unlisted port closes the circuit.  With this option set, only
a RELAY_DONE cell is sent.

Closes ticket #14084.
2015-01-03 12:34:52 -05:00
Nick Mathewson
4d6a971ba9 Tweak 13913 fix: clarify that the behavior is not promised
Also, it's->its.  The apostrophe is used if and only if it's a
contraction for "it is".
2014-12-29 08:41:30 -05:00
Nick Mathewson
fd5d9d04b3 Merge remote-tracking branch 'rl1987/ticket13913' 2014-12-29 08:39:13 -05:00
rl1987
f785723e0b Document the case of HiddenServiceDir being defined as relative path. 2014-12-21 19:05:10 +02:00
George Kadianakis
13a6fb9a2a HS stats: Add changes file and improve man page. 2014-12-19 10:35:34 -05:00
George Kadianakis
14e83e626b Add two hidden-service related statistics.
The two statistics are:
 1. number of RELAY cells observed on successfully established
    rendezvous circuits; and
 2. number of .onion addresses observed as hidden-service
    directory.

Both statistics are accumulated over 24 hours, obfuscated by rounding
up to the next multiple of a given number and adding random noise,
and written to local file stats/hidserv-stats.

Notably, no statistics will be gathered on clients or services, but
only on relays.
2014-12-19 10:35:25 -05:00
Nick Mathewson
fb3000e10c whoops; removed the documentation for Support022HiddenServices too 2014-11-17 21:16:33 -05:00
Nick Mathewson
ab08d8c4f7 document that hiddenserviceport can have an ipv6 addr.for 12670 2014-11-14 11:19:34 -05:00
Nick Mathewson
26e7e519dc Document networkstatus-bridges
Closes 13713; patch from 'tom'
2014-11-10 09:03:11 -05:00
rl1987
7f7df97579 Fixing typo in manpage. 2014-11-09 16:34:34 +02:00
Nick Mathewson
68af1e7e9b Throw identify-node-by-nickname down the memory hole
Authorities are no longer voting on Named, so specifying nodes by
nickname isn't a clever thing to do.  (Not that it ever was!)  So
remove the documentation that suggests that you should do it.

Additionally, add proper cross-references to our __node__ lists, and
explain about the optional $ before identity digests.

Also, the oxford comma: endorsed by Steven Pinker, my spouse, and my
11th grade English teacher.

Closes 13381.
2014-11-06 11:10:58 -05:00
Nick Mathewson
4df419a4b1 Merge remote-tracking branch 'meejah/ticket-11291-extra-utests'
Conflicts:
	src/or/config.c
2014-11-05 14:11:47 -05:00
Roger Dingledine
f94e5f2e52 update pointer to faq entry 2014-10-10 20:16:32 -04:00
Nick Mathewson
cc5571e1f1 Merge remote-tracking branches 'teor/issue-13161-test-network' and 'teor/issue-13161-TestingDirAuthVoteExit' 2014-10-08 15:46:29 -04:00
Roger Dingledine
22a0708133 fix some typos in the man page 2014-10-04 15:41:05 -04:00
teor
27f30040f6 Add TestingDirAuthVoteExit option (like TestingDirAuthVoteGuard)
Add the TestingDirAuthVoteExit option, a list of nodes to vote Exit for,
regardless of their uptime, bandwidth, or exit policy.

TestingTorNetwork must be set for this option to have any effect.

Works around an issue where authorities would take up to 35 minutes to
give nodes the Exit flag in a test network, despite short consensus
intervals. Partially implements ticket 13161.
2014-10-01 17:44:21 +10:00
Roger Dingledine
e440993f95 continue our habit of specifying the default in the manpage 2014-09-29 13:33:50 -04:00
Nick Mathewson
8527a29966 Add an "AccountingRule" feature to permit limiting bw usage by read+write
Patch from "chobe".  Closes ticket 961.
2014-09-29 09:05:11 -04:00
George Kadianakis
e02138eb65 Introduce the Tor2webRendezvousPoints torrc option. 2014-09-15 16:07:46 +03:00
Sebastian Hahn
8099dee992 Remove dirauth support for the BadDirectory flag
Implements the first half of #13060. The second half will be to remove
client support, too.
2014-09-09 11:54:15 -04:00
Sebastian Hahn
607724c696 Remove support for naming directory authorities
This implements the meat of #12899. This commit should simply remove the
parts of Tor dirauths used to check whether a relay was supposed to be
named or not, it doesn't yet convert to a new mechanism for
reject/invalid/baddir/badexiting relays.
2014-09-09 11:50:21 -04:00
Sebastian Hahn
10fe5bad9a Remove the AuthDirRejectUnlisted config option
This is in preparation for a big patch series removing the entire Naming
system from Tor. In its wake, the approved-routers file is being
deprecated, and a replacement option to allow only pre-approved routers
is not being implemented.
2014-09-04 06:25:38 +02:00
Nick Mathewson
d19cbf3ab1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-02 19:00:00 -04:00
rl1987
dcb4ee5b83 Documenting reject6 and accept6 ExitPolicy entries in manpage. 2014-09-02 18:58:00 -04:00
David Stainton
a6f2d2091b Add Window compatibility note to docs
HiddenServiceDirGroupReadable has no effect in Windows
2014-09-02 18:09:58 +00:00
meejah
ae18c0812e fix two typos 2014-08-30 15:23:05 -06:00
David Stainton
227b65924b Clean up patch
Here I clean up anon's patch with a few of nickm's suggestions from comment 12:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12

I did not yet completely implement all his suggestions.
2014-08-30 15:23:05 -06:00
anonymous
c13db1f614 Ticket #11291: patch from "anon":
test-11291-group-redable-hsdirs-wtests-may8.patch
2014-08-30 15:23:05 -06:00
Nick Mathewson
1f35fd0017 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-15 17:41:13 -04:00
George Kadianakis
112c984f92 Some documentation fixes for #12864. 2014-08-15 23:12:06 +03:00
Nick Mathewson
0ee1be0c69 Documentation fix on arguments to CookieAuthFileGroupReadable
We don't actually allow a group name, but the documentation implied
that we did.
2014-08-15 08:32:54 -04:00
Nick Mathewson
0808ed83f9 Restore functionality for CookieAuthFileGroupReadable.
When we merged the cookieauthfile creation logic in 33c3e60a37, we
accidentally took out this feature.  Fixes bug 12864, bugfix on
0.2.5.1-alpha.

Also adds an ExtORPortCookieAuthFileGroupReadable, since there's no
reason not to.
2014-08-15 08:30:44 -04:00
Nick Mathewson
938deecc87 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-13 12:52:57 -04:00
Nick Mathewson
fa7ce6d3be Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-08-13 12:52:40 -04:00
Roger Dingledine
691371b802 fix extra words in man page 2014-08-09 15:40:40 -04:00
Nick Mathewson
e001610c99 Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2014-07-25 11:59:00 -04:00
Roger Dingledine
bc9866e13f Merge branch 'maint-0.2.5' 2014-07-24 16:23:26 -04:00
Roger Dingledine
a4c641cce9 Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-24 16:23:08 -04:00
Roger Dingledine
71c62b15ca update manpage for numentryguards / numdirectoryguards 2014-07-24 16:19:48 -04:00
Nick Mathewson
c793a6edb4 Clarify TruncateLogFile manpage entry 2014-07-16 14:01:38 +02:00
Arlo Breault
15e170e01b Add an option to overwrite logs
* Issue #5583
2014-07-16 12:16:49 +02:00
Nick Mathewson
2f4fcfc8d1 manpage: Move more authority-only options into the authority section
I don't know whether we missed these or misclassified them when we
first made the "DIRECTORY AUTHORITY SERVER OPTIONS" section, but they
really belong there.
2014-06-16 11:15:47 -04:00
Nick Mathewson
c8af95d336 Documentation fix: DataDir/status/* -> DataDir/stats/*
Our documentation had the name of this directory wrong.
2014-05-22 19:45:45 -04:00
Nick Mathewson
1bbd3811c1 Merge remote-tracking branch 'public/bug10849_025'
Conflicts:
	src/or/config.c
2014-05-01 11:51:22 -04:00
Nick Mathewson
03be8c775a Provide missing documentation for two options. For 11634. 2014-04-28 12:37:47 -04:00
Nick Mathewson
e05f732599 Remove documentation for obsolete FetchV2Networkstatus 2014-04-28 12:25:49 -04:00
Nick Mathewson
e0a4133572 Remove a spurious anchor in the manpage. part of 11634. 2014-04-28 12:25:20 -04:00
Nick Mathewson
346120b608 Fix some option names in the manpage.
Found with 'make check-docs'.  Part of 11634.
2014-04-28 12:24:56 -04:00
Nick Mathewson
1340bd527a Remove privoxy from 'see also' section on manpage. 2014-04-28 12:08:42 -04:00
Nick Mathewson
3266f04925 Fix the check-docs script
We broke it when we added anchors to the manpage.

This patch fixes it, and makes it sorta detect missing anchors.
2014-04-28 12:07:57 -04:00
Nick Mathewson
703ad69587 Deal with the aftermath of sorting contrib
This basically amounts to grepping for every file that mentioned
contrib and adjusting its references to refer to the right place.
2014-04-28 11:59:55 -04:00
Nick Mathewson
67aa3685e7 Merge branch 'bug11396_v2_squashed'
Conflicts:
	src/or/main.c
2014-04-24 10:31:38 -04:00
Nick Mathewson
17ecd04fde Change the logic for the default for MaxMemInQueues
If we can't detect the physical memory, the new default is 8 GB on
64-bit architectures, and 1 GB on 32-bit architectures.

If we *can* detect the physical memory, the new default is
  CLAMP(256 MB, phys_mem * 0.75, MAX_DFLT)
where MAX_DFLT is 8 GB on 64-bit architectures and 2 GB on 32-bit
architectures.

You can still override the default by hand.  The logic here is simply
trying to choose a lower default value on systems with less than 12 GB
of physical RAM.
2014-04-24 10:26:14 -04:00
dana koch
f680d0fdd2 Educate tor on OpenBSD's use of divert-to rules with the pf firewall.
This means that tor can run without needing to communicate with ioctls
to the firewall, and therefore doesn't need to run with privileges to
open the /dev/pf device node.

A new TransProxyType is added for this purpose, "pf-divert"; if the user
specifies this TransProxyType in their torrc, then the pf device node is
never opened and the connection destination is determined with getsockname
(as per pf(4)). The default behaviour (ie., when TransProxyType is "default"
when using the pf firewall) is still to assume that pf is configured with
rdr-to rules.
2014-04-16 23:03:25 -04:00
Nick Mathewson
3e4680f312 ipfw TransPort support on FreeBSD (10267)
This isn't on by default; to get it, you need to set "TransProxyType
ipfw".  (The original patch had automatic detection for whether
/dev/pf is present and openable, but that seems marginally fragile.)
2014-04-16 23:03:25 -04:00
Nick Mathewson
dfc32177d9 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-01 21:00:30 -04:00
Nick Mathewson
a68e6ea9c0 Fix documentation of torrc search order
We are searching @CONFDIR@ before $HOME, but the documentation
implied otherwise.

I screwed this up in f5e86bcd6c, when I
first documented the $HOME/.torrc possibility.

Fix for bug 9213; bugfix on 0.2.3.18-rc.
2014-04-01 20:56:03 -04:00
Nick Mathewson
1a7794e475 Merge remote-tracking branch 'public/bug11061_024' 2014-03-25 10:02:22 -04:00
Nick Mathewson
5e9672904c Fix SOCKSPort documentation layout
In the end this required a slightly nasty hack using a dummy anchor as
an option heading in order to make the "Other recognized __flags__"
line indent properly.

Fixes bug 11061; Bugfix on 61d740ed.
2014-03-25 10:01:08 -04:00
Karsten Loesing
7450403410 Take out remaining V1 directory code. 2014-03-18 10:40:10 +01:00
Nick Mathewson
9991c5f001 Clarify ClientOnly documentation
The option is unneeded, not meaningless, so explain what it does.

Patch from Matt Pagan; fixes 9059.
2014-03-13 10:35:52 -04:00
Nick Mathewson
4a2a1e572e Merge branch 'bug11108' 2014-03-06 10:22:40 -05:00
Nick Mathewson
967d9c9f10 Clarify default behavior of {SOCKS,Dir}Policy harder
Improvement on 11108 fix; suggested by cypherpunks.
2014-03-06 10:21:59 -05:00
Nick Mathewson
22ccfc6b5f Rename PredictedCircsRelevanceTime->PredictedPortsRelevanceTime
All circuits are predictive; it's the ports that are expiring here.
2014-03-05 14:35:07 -05:00
Nick Mathewson
103cebd924 Merge branch 'ticket9176_squashed'
Conflicts:
	doc/tor.1.txt
2014-03-05 14:32:05 -05:00
Nick Mathewson
2c25bb413e Lower the maximum for PrecictedCircsRelevanceTime to one hour 2014-03-05 14:31:13 -05:00
unixninja92
d47d147307 More correctly documented PredictedCircsRelevanceTime in tor.1.txt 2014-03-05 14:31:13 -05:00
unixninja92
52fbb9f623 Added Documentation for PredictedCircsRelevanceTime config file argument. 2014-03-05 14:31:13 -05:00
Nick Mathewson
27d231ca13 Document alternate bandwidth/memory unit spellings 2014-03-04 12:12:36 -05:00
Nick Mathewson
ab225aaf28 Merge branch 'bug10169_025_v2'
Conflicts:
	src/test/test.c
2014-03-04 11:03:30 -05:00
Nick Mathewson
4050dfa320 Warn if ports are specified in {Socks,Dir}Policy
We have ignored any ports listed here since 80365b989 (0.0.7rc1),
but we didn't warn the user that we were ignoring them.  This patch
adds a warning if you put explicit ports in any of the options
{Socks,Dir}Policy or AuthDir{Reject,Invalid,BadDir,BadExit}.  It
also adjusts the manpage to say that ports are ignored.

Fixes ticket 11108.
2014-03-03 10:45:39 -05:00
Lunar
3a425ac3a8 Fix max client name length in HiddenServiceAuthorizeClient description
REND_CLIENTNAME_MAX_LEN is set to 16, not 19.
2014-03-03 09:53:38 -05:00
Karsten Loesing
3ca5fe81e3 Write hashed bridge fingerprint to logs and to disk.
Implements #10884.
2014-02-28 08:53:13 -05:00
Nick Mathewson
87fb1e324c Merge remote-tracking branch 'public/bug10169_024' into bug10169_025_v2
Conflicts:
	src/or/circuitlist.c
2014-02-12 12:44:58 -05:00
Roger Dingledine
1ccc282122 add a missing word to the man page 2014-02-12 04:01:59 -05:00
Nick Mathewson
0228b9bd4b Tweak DirAuthority documentation
Per a comment from karsten, there is no longer v2 authority support,
so stop pretending there is. Also, fix a grammar error.x
2014-02-11 11:34:32 -05:00
Nick Mathewson
ce450bddb7 Remove TunnelDirConns and PreferTunnelledDirConns
These options were added back in 0.1.2.5-alpha, but no longer make any
sense now that all directories support tunneled connections and
BEGIN_DIR cells.  These options were on by default; now they are
always-on.

This is a fix for 10849, where TunnelDirConns 0 would break hidden
services -- and that bug arrived, I think, in 0.2.0.10-alpha.
2014-02-11 11:10:55 -05:00
Nick Mathewson
c0483c7f85 Remove options for configuring HS authorities.
(There is no longer meaningfully any such thing as a HS authority,
since we stopped uploading or downloading v0 hs descriptors in
0.2.2.1-alpha.)

Implements #10881, and part of #10841.
2014-02-10 22:41:52 -05:00
Nick Mathewson
5991f9a156 TransProxyType replaces TransTPROXY option
I'm making this change now since ipfw will want its own option too,
and proliferating options here isn't sensible.

(See #10582 and #10267)
2014-02-03 13:56:19 -05:00
Nick Mathewson
09ccc4c4a3 Add support for TPROXY via new TransTPRoxy option
Based on patch from "thomo" at #10582.
2014-01-31 12:59:35 -05:00
Nick Mathewson
5c45a333c3 Merge remote-tracking branch 'public/bug10169_023' into bug10169_024
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/or.h

The conflicts were all pretty trivial.
2014-01-03 10:53:22 -05:00
Nick Mathewson
3121a6d0c8 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-23 19:01:29 -05:00
Nick Mathewson
3511549651 Clarify DirPort multiplicity
Fix for #10470 as suggested by arma
2013-12-23 19:00:46 -05:00
Nick Mathewson
e572ec856d Rename MaxMemInCellQueues to MaxMemInQueues 2013-11-20 12:12:23 -05:00
Nick Mathewson
fc5a881bd3 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-11-10 12:24:12 -05:00
Nick Mathewson
532f70a807 Change documentation DirServer->DirAuthority
We renamed the option, but we didn't actually fix it in the log
messages or the docs.  This patch does that.

For #10124.  Patch by sqrt2.
2013-11-10 12:21:23 -05:00
Nick Mathewson
e30fb0a160 Tweak file documentation in tor.1.txt 2013-11-07 14:52:29 -05:00
rl1987
75d2ea8a99 Updating manpage to describe some of the data directory files. 2013-11-07 14:47:47 -05:00
Nick Mathewson
940d286a74 Documentation and tests for 10060 2013-11-07 14:42:58 -05:00
rl1987
86cfc64d45 Implementing --allow-missing-torrc CLI option. 2013-11-07 14:26:05 -05:00
Nick Mathewson
12dc55f487 Merge branch 'prop221_squashed_024'
Conflicts:
	src/or/or.h
2013-11-01 10:28:01 -04:00
Nick Mathewson
0de71bf8eb Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2013-11-01 10:04:48 -04:00
Nick Mathewson
61029d6926 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-31 14:03:01 -04:00
Nick Mathewson
1b312f7b55 Merge remote-tracking branch 'public/bug9780_024_v2' into maint-0.2.4 2013-10-31 14:02:28 -04:00
Nick Mathewson
d3420e7e73 Mention that tor is client-by-default. From Weasel. Resolves #10057 2013-10-31 11:08:21 -04:00
Nick Mathewson
e02230dd85 Minor manpage tweaks from weasel; closes #10058 2013-10-31 10:55:18 -04:00
Karsten Loesing
2e0fad542c Merge branch 'morestats4' into morestats5
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/connection.h
	src/or/control.c
	src/or/control.h
	src/or/or.h
	src/or/relay.c
	src/or/relay.h
	src/test/test.c
2013-10-28 12:09:42 +01:00
Roger Dingledine
49278cd68a clarify that DisableNetwork closes connections too 2013-10-25 16:56:20 -04:00
Nick Mathewson
17d368281a Merge remote-tracking branch 'linus/bug9206_option' 2013-10-16 11:20:43 -04:00
Nick Mathewson
882fb8383d Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-09 09:45:21 -04:00
Karsten Loesing
66a04a6ac3 Clarify who learns about ContactInfo.
Explicitly include bridges, and note that we archive and publish all
descriptors.

(We are not yet publishing ContactInfo lines contained in bridge
descriptors, but maybe we'll want to do that soon, so let's err on the
side of caution here.)

Related to #9854.
2013-10-09 09:43:18 -04:00
Nick Mathewson
72c1e5acfe Switch ECDHE group default logic for bridge/relay TLS
According to the manpage, bridges use P256 for conformity and relays
use P224 for speed. But skruffy points out that we've gotten it
backwards in the code.

In this patch, we make the default P256 for everybody.

Fixes bug 9780; bugfix on 0.2.4.8-alpha.
2013-10-08 16:32:07 -04:00
Peter Palfrader
2c270136a4 Anchors for options (re#9866) 2013-10-08 16:06:19 -04:00
Peter Palfrader
4e37eba0ac Anchors for options (re#9866) 2013-10-07 11:31:01 -04:00
Linus Nordberg
fab8fd2c18 Add TestingDirAuthVoteGuard option for specifying relays to vote Guard on.
Addresses ticket 9206.
2013-10-07 13:33:42 +02:00
Nick Mathewson
6178aaea06 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-20 11:01:10 -04:00
Nick Mathewson
f8b44eedf7 Get ready to stop sending timestamps in INTRODUCE cells
For now, round down to the nearest 10 minutes.  Later, eliminate entirely by
setting a consensus parameter.

(This rounding is safe because, in 0.2.2, where the timestamp mattered,
REND_REPLAY_TIME_INTERVAL was a nice generous 60 minutes.)
2013-09-20 11:00:27 -04:00
Nick Mathewson
0c807cf3e4 Document that disabledebuggerattachment prevents cores 2013-09-19 12:14:07 -04:00
Nick Mathewson
e35c972851 Merge branch 'bug4647_squashed' 2013-09-13 12:36:55 -04:00
Nick Mathewson
75d795b1d7 Disallow --hash-password with no commandline arguments.
Fixes bug 9573.

Bugfix on 59453ac6e in 0.0.9pre5, which fixed a crash in a silly way.
2013-09-13 12:36:40 -04:00
George Kadianakis
386e9fb297 Add Extended ORPort information to the man page. 2013-09-04 14:20:42 +03:00
Nick Mathewson
28485d33ca Merge remote-tracking branch 'origin/maint-0.2.4' 2013-08-16 22:00:14 -04:00
Nick Mathewson
edaea773e5 Document the correct loglevel for the heartbeat message 2013-08-16 21:59:41 -04:00
Nick Mathewson
83a859e24c Merge remote-tracking branch 'origin/maint-0.2.4' 2013-07-31 21:49:30 -04:00
Roger Dingledine
ff6bb13c02 NumDirectoryGuards now tracks NumEntryGuards by default
Now a user who changes only NumEntryGuards will get the behavior she
expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
2013-07-30 12:05:39 -04:00
Nick Mathewson
d5a5a6a253 Allow {,k,kilo,m,mega,g,giga,t,tera}bit{,s} in torrc
Patch from CharlieB for ticket #9214
2013-07-26 16:07:11 +02:00
Roger Dingledine
2920d670de fix typo 2013-07-23 05:16:56 -07:00
Roger Dingledine
0eca8737a1 fix typo 2013-07-18 23:35:20 -04:00
George Kadianakis
133f380c87 Add changes file and enrich the manual page. 2013-07-18 08:45:03 -04:00
Nick Mathewson
aac732322a Merge remote-tracking branch 'public/gsoc-ctoader-cap-phase1-squashed' 2013-07-12 17:12:43 -04:00
Cristian Toader
f9c1ba6493 Add a basic seccomp2 syscall filter on Linux
It's controlled by the new Sandbox argument.  Right now, it's rather
coarse-grained, it's Linux-only, and it may break some features.
2013-07-11 09:13:13 -04:00
Nick Mathewson
b5d1fded3d Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-18 10:25:30 -04:00
Nick Mathewson
d3063da691 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/config.c
	src/or/relay.c
2013-06-18 10:23:03 -04:00
Nick Mathewson
2e1fe1fcf9 Implement a real OOM-killer for too-long circuit queues.
This implements "algorithm 1" from my discussion of bug #9072: on OOM,
find the circuits with the longest queues, and kill them.  It's also a
fix for #9063 -- without the side-effects of bug #9072.

The memory bounds aren't perfect here, and you need to be sure to
allow some slack for the rest of Tor's usage.

This isn't a perfect fix; the rest of the solutions I describe on
codeable.
2013-06-18 10:15:16 -04:00
Linus Nordberg
4d54b9774d Add support for offsetting the voting interval in order to bootstrap faster.
A new option TestingV3AuthVotingStartOffset is added which offsets the
starting time of the voting interval. This is possible only when
TestingTorNetwork is set.

This patch makes run_scheduled_events() check for new consensus
downloads every second when TestingTorNetwork, instead of every
minute. This should be fine, see #8532 for reasoning.

This patch also brings MIN_VOTE_SECONDS and MIN_DIST_SECONDS down from
20 to 2 seconds, unconditionally. This makes sanity checking of
misconfiguration slightly less sane.

Addresses #8532.
2013-06-08 15:25:32 +02:00
Nick Mathewson
beec881f92 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-05 11:20:45 -04:00
Linus Nordberg
c03cfc0546 Fix two cut'n'paste docu bugs. 2013-06-05 11:19:43 -04:00
Karsten Loesing
ef67077fba Tweak TB_EMPTY event based on comments by nickm.
- Avoid control_event_refill_global function with 13 arguments and
  increase code reuse factor by moving more code from control.c to
  connection.c.
- Avoid an unsafe uint32_t -> int cast.
- Add TestingEnableTbEmptyEvent option.
- Prepare functions for testing.
- Rename a few functions and improve documentation.
2013-05-25 19:51:38 +02:00
Karsten Loesing
26b49f525d Tweak CELL_STATS event based on comments by nickm.
- Move cell_command_to_string from control.c to command.c.
- Use accessor for global_circuitlist instead of extern.
- Add a struct for cell statistics by command instead of six arrays.
- Split up control_event_circuit_cell_stats by using two helper functions.
- Add TestingEnableCellStatsEvent option.
- Prepare functions for testing.
- Rename a few variables and document a few things better.
2013-05-25 19:51:38 +02:00
Karsten Loesing
2f893624ab Tweak CONN_BW event based on comments by nickm.
- Rename read/write counters in connection_t to make it clear that these
  are only used for CONN_BW events.
- Add TestingEnableConnBwEvent option.
2013-05-25 19:51:38 +02:00
Karsten Loesing
1293835440 Lower dir fetch retry schedules in testing networks.
Also lower maximum interval without directory requests, and raise
maximum download tries.

Implements #6752.
2013-05-16 12:08:48 +02:00
Nick Mathewson
0124b10d28 Turn on ntor by default client-side
Implements #8561.
2013-04-18 22:35:15 -04:00
Nick Mathewson
8aded5b07c Manpage: refer to ExcludeExitNodes, not the nonexistent ExcludeEntryNodes
Spotted on tor-talk by "hamahangi".
2013-04-13 18:28:06 -04:00
Nick Mathewson
7f50af116f Merge remote-tracking branch 'public/bug8117_023' into maint-0.2.4
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/connection.c
2013-04-11 01:39:55 -04:00
Nick Mathewson
cd5048d61e Tighten prose in 8590 manpage fix 2013-03-27 21:58:07 -04:00
Patrick R McDonald
5a3eacf88c First try on ticket 8590 2013-03-27 21:56:42 -04:00
Nick Mathewson
fa3c237739 Per-SOCKSPort configuration for bug 8117 fix.
This might be necessary if the bug8117 fix confuses any applications.

Also add a changes file.
2013-03-20 16:17:06 -04:00
Nick Mathewson
a660fe6fd5 Let testing networks override ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
This adds a new option to fix bug 8508 which broke chutney
networks. The bug was introduced by 317d16de.
2013-03-20 13:34:57 -04:00
Nick Mathewson
6f20a74d52 Merge branch 'bug8240_v2_squashed' into maint-0.2.4
Conflicts:
	doc/tor.1.txt
	src/or/circuitbuild.c
	src/or/config.c
	src/or/or.h
2013-03-19 16:15:27 -04:00
Nick Mathewson
18752bca5b Drop the minimum guard lifetime back down to one month
Mike believes that raising the default to 2 months with no way to lower
it may create horrible load-balancing issues.
2013-03-19 16:04:40 -04:00
Nick Mathewson
aa040619d5 Document the GuardLifetime option 2013-03-19 16:03:57 -04:00
Nick Mathewson
343f7aa059 Make the guard lifetime configurable and adjustable via the consensus
Fixes 8240.

(Don't actually increase the default guard lifetime. It seems likely to
break too many things if done precipitiously.)
2013-03-19 16:02:19 -04:00
Nick Mathewson
7e9b6a19d4 Merge remote-tracking branch 'public/bug8290' into maint-0.2.4 2013-03-18 15:07:02 -04:00
Roger Dingledine
edd6f02273 randomize SSLKeyLifetime by default
resolves ticket 8443.
2013-03-10 23:38:18 -04:00
Nick Mathewson
4740d2e8bc Remove some lingering tsocks cruft.
Now the manpages no longer refer to tsocks or tsocks.conf, and we no
longer have or ship a tor-tsocks.conf.  The only remaining instances
of "tsocks" in our repository are old ChangeLog and ReleaseNotes
entries, and the torify script saying that it doesn't support tsocks.

Fixes bug 8290.
2013-02-27 19:39:57 -05:00
Nick Mathewson
2b1119db77 Document (on man page) which DNS record types Tor knows.
Fixes bug 7876
2013-02-19 02:47:44 -05:00
Peter Palfrader
47cfee781d tor.1: Specify what Auto means for RefuseUnknownExits in more detail 2013-02-12 15:22:34 -05:00
Nick Mathewson
e5b07ba179 Merge remote-tracking branch 'arma/bug7054' 2013-02-07 15:22:36 -05:00
Mike Perry
2b68a06618 Update manpage for new pathbias use thresholds. 2013-02-04 17:15:51 -08:00
Nick Mathewson
acb43c0735 Merge remote-tracking branch 'public/feature7706' 2013-02-01 17:24:08 -05:00
Mike Perry
dfcfb5d17d Refactor the scaling parameter fetching into a single function.
Also, deprecate the torrc options for the scaling values. It's unlikely anyone
but developers will ever tweak them, even if we provided a single ratio value.
2013-02-01 17:01:12 -05:00
Nick Mathewson
29136bd7e4 Merge branch 'bug5956_squashed' 2013-01-30 11:59:51 -05:00
Nick Mathewson
02c320916e Parameterize FRAC_USABLE_NEEDED for fraction of circuits
Instead of hardcoding the minimum fraction of possible paths to 0.6, we
take it from the user, and failing that from the consensus, and
failing that we fall back to 0.6.
2013-01-30 11:58:17 -05:00
Nick Mathewson
ec7ffed79d Document the ?? country code. 2013-01-30 10:19:41 -05:00
Andrea Shepard
123daffb60 Merge branch 'bug7802' of ssh://git-rw.torproject.org/mikeperry/tor 2013-01-28 16:16:45 -08:00
Mike Perry
a678ff9ec1 Document path use bias options in the manpage. 2013-01-18 21:23:37 -08:00
Nick Mathewson
ff9bdbd56f When excluding nodes by country, exclude {??} and {A1} too
This is ticket 7706, reported by "bugcatcher."  The rationale here
is that if somebody says 'ExcludeNodes {tv}', then they probably
don't just want to block definitely Tuvaluan nodes: they also want
to block nodes that have unknown country, since for all they know
such nodes are also in Tuvalu.

This behavior is controlled by a new GeoIPExcludeUnknown autobool
option.  With the default (auto) setting, we exclude ?? and A1 if
any country is excluded.  If the option is 1, we add ?? and A1
unconditionally; if the option is 0, we never add them.

(Right now our geoip file doesn't actually seem to include A1: I'm
including it here in case it comes back.)

This feature only takes effect if you have a GeoIP file.  Otherwise
you'd be excluding every node.
2013-01-17 18:07:36 -05:00
Nick Mathewson
b0b3c14c11 Eliminate MaxOnionsPending; replace it with MaxOnionQueueDelay
The right way to set "MaxOnionsPending" was to adjust it until the
processing delay was appropriate.  So instead, let's measure how long
it takes to process onionskins (sampling them once we have a big
number), and then limit the queue based on its expected time to
finish.

This change is extra-necessary for ntor, since there is no longer a
reasonable way to set MaxOnionsPending without knowing what mix of
onionskins you'll get.

This patch also reserves 1/3 of the onionskin spots for ntor
handshakes, on the theory that TAP handshakes shouldn't be allowed to
starve their speedier cousins.  We can change this later if need be.

Resolves 7291.
2013-01-03 13:03:41 -05:00
Nick Mathewson
b1bdecd703 Merge branch 'ntor-resquashed'
Conflicts:
	src/or/cpuworker.c
	src/or/or.h
	src/test/bench.c
2013-01-03 11:52:41 -05:00
Nick Mathewson
ed3c8d9d44 Document UseNTorHandshake 2013-01-03 11:29:48 -05:00
Nick Mathewson
885e8d35c7 Merge remote-tracking branch 'mikeperry/209-path-bias-changes' 2012-12-25 23:30:28 -05:00
Nick Mathewson
c2c6e8e5b2 Add documentation for directory guard options 2012-12-25 23:19:10 -05:00
Nick Mathewson
25afecdbf9 Make ECDHE group configurable: 224 for public, 256 for bridges (default) 2012-12-25 20:22:46 -05:00
Nick Mathewson
c1226cf4f9 Document PreferIPv6Automap in the manpage 2012-12-17 14:51:31 -05:00
Nick Mathewson
de4cc126cb Build and test most of the machinery needed for IPv6 virtualaddrmaps
With an IPv6 virtual address map, we can basically hand out a new
IPv6 address for _every_ address we connect to.  That'll be cool, and
will let us maybe get around prop205 issues.

This uses some fancy logic to try to make the code paths in the ipv4
and the ipv6 case as close as possible, and moves to randomly
generated addresses so we don't need to maintain those stupid counters
that will collide if Tor restarts but apps don't.

Also has some XXXX items to fix to make this useful. More design
needed.
2012-12-17 14:51:29 -05:00
Nick Mathewson
ac990aa44a Turn off by-default use of client-side DNS cacheing. 2012-12-17 14:50:04 -05:00
Nick Mathewson
bde6f2daba Add documentation for the client-side DNS cache options 2012-12-17 14:49:32 -05:00
Nick Mathewson
01ac961ca1 Merge branch 'fallback_dirsource_v3' 2012-12-13 12:42:29 -05:00
Mike Perry
43a00877cf Update manpage. 2012-12-10 00:13:55 -08:00
Mike Perry
df4aeaa0d6 Update manpage for new PathBias torrc options. 2012-12-07 15:28:37 -08:00
Nick Mathewson
504d4aa8c6 Expand the manpage to say: watch out for nonlocal socks
This clears up the remaining issue stopping me from closing bug 6297.
2012-12-07 12:42:55 -05:00
Nick Mathewson
f742b33d85 Drop FallbackNetworkstatusFile; it never worked. 2012-12-06 11:28:49 -05:00
Nick Mathewson
a8d491a8fd Add an option to weight down authorities when choosing a fallback 2012-12-06 11:28:49 -05:00
Nick Mathewson
06cd62266f Add a way to configure selection weights for dir_server_t 2012-12-06 11:28:49 -05:00
Nick Mathewson
90f6071d8d New FallbackDir option to add extra directories for bootstraping
This replaces the old FallbackConsensus notion, and should provide a
way -- assuming we pick reasonable nodes! -- to give clients
suggestions of placs to go to get their first consensus.
2012-12-06 11:28:49 -05:00
Nick Mathewson
ded70363a7 Rename DirServer to DirAuthority 2012-12-06 11:23:43 -05:00
Nick Mathewson
190c1d4981 Merge branch 'bug7013_take2_squashed' 2012-11-27 22:18:16 -05:00
George Kadianakis
f88c303869 Add a torrc option to specify the bind address of managed proxies. 2012-11-27 22:18:08 -05:00
Nick Mathewson
61d740ed01 Add manual page entries for new IPv6-exits options 2012-11-14 23:35:13 -05:00
Karsten Loesing
c03e3d66a9 Minor tweaks and comments to nils' geoip v6 code. 2012-10-17 10:54:52 +02:00
nils
abb886014e Add GeoIP database for IPv6 addresses 2012-10-17 10:54:52 +02:00
Roger Dingledine
0b598cb2bb Say "KBytes" rather than "KB" in the man page
(for various values of K), to further reduce confusion about whether
Tor counts in units of memory or fractions of units of memory. Fixes
bug 7054.
2012-10-06 01:57:13 -04:00
Linus Nordberg
1cbf45bed1 Make option OutboundBindAddress accept IPv6 addresses too.
Implements ticket 6786.
2012-09-20 17:09:25 +02:00
Nick Mathewson
f612a9eb1b Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-19 08:26:07 -04:00
Nick Mathewson
b9c86948e4 Clarify that hidden services are TCP only
Also remove some trailing whitespace.

Patch from maker; fixes bug 6024.
2012-09-19 08:19:21 -04:00
Roger Dingledine
9ab3b332ae Merge branch 'maint-0.2.3' 2012-09-14 02:41:13 -04:00
Robert Ransom
909691f1ae Fix man page typo 2012-09-13 23:25:03 -07:00
Roger Dingledine
e1e34ee4e4 raise bandwidthrate/bandwidthburst to a new "infinite"
addresses bug 6605.
2012-09-10 03:03:06 -04:00
Roger Dingledine
6f82ae44cb Merge branch 'maint-0.2.3' 2012-09-05 16:41:43 -04:00
Roger Dingledine
97dbff51e6 Update the minimum bandwidth for a public relay
The current cutoff is 30KB, but in reality a useful cutoff is probably
more like 50KB or 100KB.
2012-09-05 16:40:57 -04:00
Nick Mathewson
116c8409ba Merge remote-tracking branch 'linus/bug6770_3'
Conflicts:
	doc/tor.1.txt
	src/or/config.c
2012-09-05 11:35:26 -04:00
Linus Nordberg
f7c97cd40b Remove AuthDirPublishIPv6 and let AuthDirHasIPv6Connectivity fill its function.
See #4771 for rationale.

Note that this patch does not take suggested changes in #4470 into
account and keeps treating AuthDirHasIPv6Connectivity as an
AUTOBOOL. Thus, bug fixes for that are included here as well.

This is a fix on master, unreleased as of now.
2012-09-05 13:35:39 +02:00
Linus Nordberg
0e53742a85 Make AuthDirHasIPv6Connectivity a BOOL.
This is a fix of unreleased tor. It solves ticket #6770.
2012-09-05 12:47:01 +02:00
Roger Dingledine
67065c3c06 minor typos i found while constructing the changelog 2012-09-05 04:46:27 -04:00
Linus Nordberg
e04e1a2e7d Clients connect to public relays over IPv6.
Add ClientUseIPv6 and ClientPreferIPv6ORPort configuration options.

Use "preferred OR port" for all entry nodes, not only for bridges.

Mark bridges with "prefer IPv6 OR port" if an IPv6 address is
configured in Bridge line and ClientPreferIPv6ORPort is set.

Mark relays with "prefer IPv6 OR port" if an IPv6 address is found in
descriptor and ClientPreferIPv6ORPort is set.

Filter "preferred OR port" through the ClientUseIPv6 config option. We
might want to move this test to where actual connection is being set
up once we have a fall back mechanism in place.

Have only non-servers pick an IPv6 address for the first hop: We
don't want relays to connect over IPv6 yet. (IPv6 has never been used
for second or third hops.)

Implements ticket 5535.
2012-09-04 12:57:21 -04:00
Nick Mathewson
48a6816eb5 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-31 18:39:27 -04:00
Nick Mathewson
b17bb543da Merge branch 'bug6732' into maint-0.2.3 2012-08-31 18:39:11 -04:00
Nick Mathewson
774979ca45 Document consensus and microdesc files
Bugfix for #6732.
2012-08-31 11:35:47 -04:00
Nick Mathewson
0c5a44ed0a Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-27 16:16:27 -04:00
Nick Mathewson
b7c172c9ec Disable extending to private/internal addresses by default
This is important, since otherwise an attacker can use timing info
to probe the internal network.

Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.

Fix for bug 6710; bugfix on all released versions of Tor.
2012-08-27 11:19:29 -04:00
Nick Mathewson
0867479e3e Add some attributes to make a2x quieter 2012-08-23 13:19:54 -04:00
Nick Mathewson
e6d61ee594 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-31 10:18:05 -04:00
Nick Mathewson
d9bd0de062 Fix some manpage typos
This is based on a pair of patches from A. Costa. I couldn't apply
those directly, since they changed the generated *roff files, not
the asciidoc source.

Fixes Tor bug 6500 and Debian bug 683359.
2012-07-31 10:16:03 -04:00
Linus Nordberg
fff842a47c Add config option AuthDirPublishIPv6.
Test for config option AuthDirPublishIPv6 == 1 rather than for running
as a bridge authority when deciding whether to care or not about IPv6
OR ports in descriptors.

Implements enhancement #6406.
2012-07-19 17:51:15 -04:00
Linus Nordberg
044da1bf0f Add configure option AuthDirHasIPv6Connectivity.
Implements enhancement 5974.
2012-07-19 18:21:22 +02:00
Nick Mathewson
9ad5b25930 Improve Alternate*Authority docs. Bug 6387. 2012-07-16 11:21:20 -04:00
Nick Mathewson
f5e86bcd6c Document 0.2.3.x torrc/default-torrc/command line semantics changes
Bug 4748

squash! Document 0.2.3.x torrc/default-torrc/command line semantics changes

Incorporates fixes suggested by rransom.
2012-06-18 12:01:27 -04:00
Roger Dingledine
427d4dd148 fix typos, logic error, default in man page 2012-06-15 03:25:27 -04:00
Mike Perry
8d59690033 Defend against entry node path bias attacks
The defense counts the circuit failure rate for each guard for the past N
circuits. Failure is defined as the ability to complete a first hop, but not
finish completing the circuit all the way to the exit.

If the failure rate exceeds a certain amount, a notice is emitted.

If it exceeds a greater amount, a warn is emitted and the guard is disabled.

These values are governed by consensus parameters which we intend to tune as
we perform experiments and statistical simulations.
2012-06-14 13:19:56 -07:00
Nick Mathewson
75706527c1 Document --hush; fix documentation for --quiet. 2012-06-14 14:58:51 -04:00
Nick Mathewson
70910479e3 Merge remote-tracking branch 'public/bug5598'
Conflicts:
	doc/tor.1.txt

Conflict was on a formatting issue in the manpage.
2012-06-11 10:26:48 -04:00
Nick Mathewson
2d127eacd9 List defaults consistently in manpage
Nearly everywhere, we end options with "(Default: foo)".  But in a
few places, we inserted an extra period after or before the close
parenthesis, and in a few other places we said "(Defaults to foo)".
Let's not do that.
2012-06-11 09:52:43 -04:00
Nick Mathewson
b74f851861 Correct the defaults for the *Statistics options 2012-06-07 13:46:51 -04:00
Nick Mathewson
8a341cc429 Change the default for DynamicDHGroups to 0
This feature can make Tor relays less identifiable by their use of the
mod_ssl DH group, but at the cost of some usability (#4721) and bridge
tracing (#6087) regressions.

We should try to turn this on by default again if we find that the
mod_ssl group is uncommon and/or we move to a different DH group size
(see #6088).  Before we can do so, we need a fix for bugs #6087 and

Resolves ticket #5598 for now.
2012-06-06 12:00:04 -04:00
Roger Dingledine
f4db3e2631 clarify that LongLivedPorts is for hidden services too 2012-06-03 21:07:34 -04:00
Nick Mathewson
f00a8b4307 Another dirport/orport correction; this one from "cypherpunks" 2012-05-16 15:45:20 -04:00
Nick Mathewson
400c7ce2b6 Document that the ORPort flags apply to DirPort too. (thanks, Roger.) 2012-05-16 15:07:54 -04:00
Nick Mathewson
3c7c51ce07 5597: document new ORPort options 2012-05-16 14:54:16 -04:00
Nick Mathewson
dfbe779a45 Clarify SessionGroup documentation. Bug 5437. 2012-05-16 14:43:11 -04:00
Nick Mathewson
82ce43a706 Merge remote-tracking branch 'public/bug3964' 2012-05-16 11:33:52 -04:00
Nick Mathewson
1150b6b43e Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-15 11:23:06 -04:00
Nick Mathewson
8e07798284 Clarify MaxCircuitDirtiness behavior with hidden services. Bug 5259. 2012-05-15 11:22:06 -04:00
Nick Mathewson
dc60b5d6a7 Improve our documentation for the NT Service command line options
We explain the --options option, document --nt-service as an
internal-use-only thing (which it is), fix a URL, and generally
improve the prose.
2012-04-11 13:10:35 -04:00
Nick Mathewson
77e51224fa Obsolete GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
Closes ticket 4572.
2012-04-11 10:59:11 -04:00
Daniel 'koolfy' Faucon
42143979d8 Add a warning about settign a bridge in MyFamily 2012-04-02 18:16:14 -04:00
Roger Dingledine
c7cbd06d5f Merge branch 'maint-0.2.2'
Conflicts:
	src/or/config.c
2012-04-01 16:03:16 -04:00
Roger Dingledine
40ab832c4e BridgePassword was never for debugging
It is for the not-yet-implemented bridge community design.
2012-04-01 15:59:00 -04:00
Roger Dingledine
92862c6d48 Merge branch 'maint-0.2.2' 2012-02-02 02:32:44 -05:00
Roger Dingledine
688903e919 Update "ClientOnly" man page entry
There isn't really any point to messing with it. Resolves ticket 5005.
2012-02-02 02:31:28 -05:00
George Kadianakis
8265a9e5b1 Better documentation of transport-related torrc options.
Document ServerTransportPlugin and the managed proxy version of
ClientTransportPlugin.
2012-01-21 16:28:48 +02:00
Nick Mathewson
b14ac10b7f Add missing documentation for some options introduced in 0.2.3.x 2012-01-18 14:50:13 -05:00
Nick Mathewson
93d3a917e8 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-18 14:45:18 -05:00
Nick Mathewson
676bba8e0c Documentation for GiveGuardFlagTo... option 2012-01-18 14:44:29 -05:00
Roger Dingledine
1e923dd2fb fix crash bug in original feature4207 branch
PLURAL() assumes that the plural is the canonical name for the option,
so now it is.
2012-01-16 21:20:46 -05:00
Nick Mathewson
938531773a Allow authorities to baddir/badexit/invalid/reject nodes by cc
Implements ticket #4207
2012-01-13 12:28:47 -05:00
Sebastian Hahn
98959f63ac Disallow disabling DisableDebuggerAttachment on runnning Tor
Also, have tor_disable_debugger_attach() return a tristate of
success/failure/don't-know-how , and only log appropriately.
2012-01-04 15:09:02 -05:00
Robert Ransom
836161c560 Add an option to close HS service-side rend circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
078e3e9dd5 Add an option to close 'almost-connected' HS client circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
c6a8ee36fb Move description of HidServAuth out of the FascistFirewall group 2011-12-27 08:02:41 -08:00
Nick Mathewson
d04f21bf39 Merge branch 'feature2553-v4-rebased' 2011-11-30 14:54:33 -05:00
Arturo Filastò
db648fe886 Add some more documentation 2011-11-30 14:54:15 -05:00
Nick Mathewson
3b88b63826 Merge branch 'bug933_nm_rebased_v2'
Conflicts:
	src/test/test.c
2011-11-30 14:10:22 -05:00
Nick Mathewson
00ecc22126 Revise MapAddress manpage
make the asciidoc work; make the example more generic; tighten the
prose a little; be more specific that *.example.com matches
example.com; simplify an example.
2011-11-30 14:08:11 -05:00
Robert Hogan
53ce6bb52d Address nickm's comments at https://trac.torproject.org/projects/tor/ticket/933#comment:8
1. Only allow '*.' in MapAddress expressions. Ignore '*ample.com' and '.example.com'.
       This has resulted in a slight refactoring of config_register_addressmaps.
    2. Add some more detail to the man page entry for AddressMap.
    3. Fix initialization of a pointer to NULL rather than 0.
    4. Update the unit tests to cater for the changes in 1 and test more explicitly for
       recursive mapping.
2011-11-30 14:08:10 -05:00
Robert Hogan
909e9769ec Address nickm's comments at https://trac.torproject.org/projects/tor/ticket/933#comment:4
1. Implement the following mapping rules:

   MapAddress a.b.c d.e.f # This is what we have now
   MapAddress .a.b.c d.e.f # Replaces any address ending with .a.b.c with d.e.f
   MapAddress .a.b.c .d.e.f # Replaces the .a.b.c at the end of any addr with .d.e.f

   (Note that 'a.b.c .d.e.f' is invalid, and will be rejected.)

2. Add tests for the new rules.

3. Allow proper wildcard annotation, i.e. '*.d.e' '.d.e' will still work.

4. Update addressmap_entry_t with an is_wildcard member.
2011-11-30 14:08:10 -05:00
Robert Hogan
c6d8c6baaa bug933 - Match against super-domains in MapAddress
Allow MapAddress to handle directives such as:

MapAddress .torproject.org .torserver.exit
MapAddress .org 1.1.1.1

Add tests for addressmap_rewrite.
2011-11-30 14:08:10 -05:00
Nick Mathewson
e718397880 Correct manpage entry for DynamicDHGroups 2011-11-29 18:42:49 -05:00
Nick Mathewson
da6c136817 Merge remote-tracking branch 'asn-mytor/bug4548_take2' 2011-11-29 18:30:41 -05:00
Nick Mathewson
f4d8ed4b28 Manpage for DisableNetwork 2011-11-28 16:01:47 -05:00
Nick Mathewson
68114ca52c Merge remote-tracking branch 'ioerror/DisableDebuggerAttachment'
Conflicts:
	src/or/config.c
2011-11-24 23:38:32 -05:00
George Kadianakis
21babd152e Document DynamicPrimes in the manual page. 2011-11-24 22:13:26 +01:00
Robert Ransom
b2212bf9b4 Add Tor2webMode configuration option 2011-11-24 03:54:32 -08:00
Roger Dingledine
023d8b6cf8 update the man page for the new AuthDirFastGuarantee value 2011-11-21 18:45:44 -05:00
Roger Dingledine
6a76007b08 Merge branch 'maint-0.2.2'
Conflicts:
	src/or/dirserv.c
2011-11-21 18:36:49 -05:00
Roger Dingledine
97a209ea28 man page entries for AuthDir{Fast,GuardBW}Guarantee 2011-11-21 18:32:32 -05:00
Nick Mathewson
21dd6eae9e Merge remote-tracking branch 'asn-mytor/bug4012_clienttransportplugin' 2011-11-07 11:37:29 -05:00
George Kadianakis
1c532594e7 Added man entry for ClientTransportPlugin. 2011-11-06 00:50:22 +01:00
Roger Dingledine
350fe95259 fix grammar in man page entries from proposal 171 2011-11-03 19:08:25 -04:00
Roger Dingledine
a518dd6650 Merge branch 'maint-0.2.2' 2011-10-25 19:34:42 -04:00
Roger Dingledine
ac115f1125 unmangle the fingerprint example in the man page
Remove a confusing dollar sign from the example fingerprint in the
man page, and also make example fingerprint a valid one.
2011-10-25 18:24:37 -04:00
Roger Dingledine
0e4f5e7cb1 fix default for TokenBucketRefillInterval in man page 2011-09-28 18:23:17 -04:00
Nick Mathewson
41dfc4c19c Make bufferevents work with TokenBucketRefillInterval 2011-09-22 15:07:34 -04:00
Nick Mathewson
1e61184628 Make documentation for TokenBucketRefillInterval match its behavior 2011-09-22 15:07:34 -04:00
Florian Tschorsch
6b1d8321ae New torrc option to allow bucket refill intervals of less than 1 sec
Implements bug3630.
2011-09-22 15:07:23 -04:00
Nick Mathewson
41eef6680e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/dirserv.c
	src/or/networkstatus.c

Conflicts were related to routerinfo->node shift.
2011-09-07 14:51:55 -04:00
Nick Mathewson
dfa6cde4d4 Merge remote-tracking branch 'public/bug2649_squashed' into maint-0.2.2 2011-09-07 14:43:06 -04:00
Roger Dingledine
fe0fa91164 Merge branch 'maint-0.2.2' 2011-09-02 07:23:37 -04:00
Roger Dingledine
e0dae64449 Correct man page: multiple control auth styles can be set at once 2011-09-02 07:01:55 -04:00
Nick Mathewson
372262b458 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-08-25 18:55:28 -04:00
Sebastian Hahn
cc33ac362b Mention that HiddenServiceDir must exist 2011-08-25 22:26:54 +02:00
Nick Mathewson
6e923ed8cd Add an OptimisticData option to control client-side optimistic data 2011-07-20 14:14:21 -04:00
Nick Mathewson
12dfb4f5d8 Use socks username/password information in stream isolation 2011-07-19 02:44:12 -04:00
Nick Mathewson
891ccd3cd0 Manpage updates for proposal 171 (isolated streams) 2011-07-19 02:02:18 -04:00
Nick Mathewson
eee942c5be Merge remote-tracking branch 'origin/maint-0.2.2' 2011-07-06 10:56:47 -04:00
Sebastian Hahn
1a016c9233 Fix weird formatting of html manpage
Asciidoc was inserting <pre> tags for paragraphs that started with a
'+' at the beginning of the line. Instead, we need a space in front of
the plus.
2011-07-06 10:47:06 +02:00
intrigeri
8b265543eb Add port 6523 (Gobby) to LongLivedPorts. 2011-06-20 12:08:46 -04:00
Nick Mathewson
a046966baf Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/or.h
2011-06-19 21:00:15 -04:00
Nick Mathewson
cabb16caa9 Revert "Update man page for new UseBridges tristate behaviour."
This reverts commit 40cfad1b5a.
2011-06-17 16:45:23 -04:00
Robert Ransom
f45261cb29 Increase default required uptime for HSDirs to 25 hours 2011-06-03 12:17:53 -04:00
Robert Ransom
1546054d81 Add a VoteOnHidServDirectoriesV2 configuration option 2011-06-03 12:16:55 -04:00
Nick Mathewson
13ec1bf5c2 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-03 10:47:35 -04:00
anonym
40cfad1b5a Update man page for new UseBridges tristate behaviour. 2011-06-02 15:11:21 -04:00
Jacob Appelbaum
f79a75f597 New configuration option: DisableDebuggerAttachment
If set to 1, Tor will attempt to prevent basic debugging
attachment attempts by other processes. (Default: 1)

Supports Mac OS X and Gnu/Linux.

Sebastian provided useful feedback and refactoring suggestions.

Signed-off-by: Jacob Appelbaum <jacob@appelbaum.net>
2011-06-01 17:35:43 -07:00
Nick Mathewson
4ac8ff9c9f Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 20:22:44 -04:00
Sebastian Hahn
4198261291 Clean up the 2972 implementation a little 2011-05-15 20:20:28 -04:00
Jérémy Bobbio
d41ac64ad6 Add UnixSocketsGroupWritable config flag
When running a system-wide instance of Tor on Unix-like systems, having
a ControlSocket is a quite handy mechanism to access Tor control
channel.  But it would be easier if access to the Unix domain socket can
be granted by making control users members of the group running the Tor
process.

This change introduces a UnixSocketsGroupWritable option, which will
create Unix domain sockets (and thus ControlSocket) 'g+rw'. This allows
ControlSocket to offer same access control measures than
ControlPort+CookieAuthFileGroupReadable.

See <http://bugs.debian.org/552556> for more details.
2011-05-15 20:20:28 -04:00
Nick Mathewson
600744b4be Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/dirserv.c
	src/or/or.h
2011-05-13 10:48:07 -04:00
Nick Mathewson
7f654a6a6f Add a ControlPortFileGroupWritable option 2011-05-13 10:41:29 -04:00
Nick Mathewson
dad12188a6 Write automatically-chosen control ports to a file. 2011-05-13 10:41:28 -04:00
Nick Mathewson
5fec8fe559 "(Socks|Control|etc)Port auto" now tells Tor to open an arbitrary port
This is the major part of the implementation for trac issue 3076.
2011-05-13 10:41:18 -04:00
Nick Mathewson
8fa7bcead5 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-12 11:36:41 -04:00
Nick Mathewson
2c88dd7f95 Clean up a formatting issue on the manpge; bug3154. 2011-05-12 11:36:20 -04:00
Nick Mathewson
e6980faec4 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/directory.c
2011-05-09 13:39:51 -04:00
Nick Mathewson
09d7af7789 Merge remote-tracking branch 'public/bug3022_v2' into maint-0.2.2 2011-05-09 13:37:56 -04:00
Nick Mathewson
4c9bd06d0d Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-04 17:38:33 -04:00
Nick Mathewson
b04dca448d Add some missing torrc entries to tor.1.txt
Fixes bug 2379
2011-05-03 22:14:40 -04:00
Nick Mathewson
cd42ae7185 Only authorities should automatically download v2 networkstatus documents
Clients and relays haven't used them since early 0.2.0.x.  The only
remaining use by authorities learning about new relays ahead of scedule;
see proposal 147 for what we intend to do about that.

We're leaving in an option (FetchV2Networkstatus) to manually fetch v2
networkstatuses, because apparently dnsel and maybe bwauth want them.

This fixes bug 3022.
2011-04-28 21:06:07 -04:00
Nick Mathewson
78c610eea9 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	doc/tor.1.txt
2011-04-27 15:20:01 -04:00
Nick Mathewson
8b686d98c4 Merge maint-0.2.2 for the bug1090-part1-squashed branch
Resolved conflicts in:
	doc/tor.1.txt
	src/or/circuitbuild.c
	src/or/circuituse.c
	src/or/connection_edge.c
	src/or/connection_edge.h
	src/or/directory.c
	src/or/rendclient.c
	src/or/routerlist.c
	src/or/routerlist.h

These were mostly releated to the routerinfo_t->node_t conversion.
2011-04-27 14:36:30 -04:00
Roger Dingledine
0f48e8fa9a minor tweaks to manpage 2011-04-27 14:04:50 -04:00
Nick Mathewson
2ac768e89f Revise the manpage to contain the actual intended *Nodes behavior
This is a squashed version of my former desired_nodes_behavior branch
that we used to specify the intended results wrt bug 1090.
2011-04-27 13:39:22 -04:00
Nick Mathewson
1a49fdecf8 Tweaks to Cagara's CountPrivateBandwidth patch:
- Document it in the manpage
  - Add a changes entry
  - No need to log when it is set: we don't log for other options.
  - Use doxygen to document the new flag.
  - Test truth of C variables with "if (x)", not "if (x == 1)".
  - Simplify a complex boolean expression by breaking it up.
2011-04-05 16:24:42 -04:00
Nick Mathewson
c6d8e75dc3 Merge remote branch 'origin/maint-0.2.2' 2011-03-04 00:25:14 -05:00
Robert Ransom
88e0de9ebb Fix typo in man page 2011-03-03 10:41:39 -08:00
Nick Mathewson
f16178c08f Merge remote branch 'origin/maint-0.2.2' 2011-02-22 18:25:16 -05:00
Nick Mathewson
530e87ce31 Add some dollar signs in an attempt to appease older asciidocs
We should really require a modern asiidoc: backporting stuff to 8.2 is
a timesink.
2011-02-22 18:24:33 -05:00
Nick Mathewson
46b07462ae Merge remote branch 'origin/maint-0.2.2' 2011-02-22 13:02:42 -05:00
Nick Mathewson
9d5873cdae Merge branch 'log_domains' into maint-0.2.2 2011-02-22 13:01:02 -05:00
George Kadianakis
ee95430d39 Implement more heartbeat message stuff.
(This squashes multiple commits:

* Adds uptime monitoring support.
* Adds circuit counting code.
* Trivially tweaks the documentation.
* Trivial run_scheduled_events() code tweaking.
* Adds a status.h to export functions.
* Added bandwidth monitoring code.
* Added consensus presense detection code.
* Restricts the precision of the bandwidth output.
* Various fixes.
* Fixed style and spacing problems.
* Tidied up src/or/Makefile.am
* Couple of minor fixes on status.c functions.
* 'Implemented' client heartbeat support
)
2011-02-22 12:40:38 -05:00
Sebastian Hahn
098b6ba72d Initial heartbeat subsystem commit.
Sets:
* Documentation
* Logging domain
* Configuration option
* Scheduled event
* Makefile
It also creates status.c and the log_heartbeat() function.

All code was written by Sebastian Hahn. Commit message was
written by me (George Kadianakis).
2011-02-22 12:40:36 -05:00
Nick Mathewson
c79a24f505 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-02-10 16:01:29 -05:00
Nick Mathewson
d37660d3f3 Merge remote-tracking branch 'rransom/bug2089' into maint-0.2.2 2011-02-10 16:01:19 -05:00
Nick Mathewson
f1a004797e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	doc/tor.1.txt
2011-02-10 15:52:04 -05:00
Robert Ransom
6f07363e72 Document what descriptors HSAuthoritativeDir serves
Fixes bug 2089.
2011-02-10 11:06:05 -08:00
Robert Ransom
20d493308a Update documentation for PublishServerDescriptor (0.2.2.x) 2011-02-09 03:20:43 -08:00
Nick Mathewson
3bcba6d716 Merge remote branch 'origin/maint-0.2.2' 2011-02-07 12:51:34 -05:00
Nick Mathewson
fcf3eb03bd typo in manpage fix 2011-02-07 12:51:20 -05:00
Nick Mathewson
ff5810aea9 Merge remote branch 'origin/maint-0.2.2' 2011-02-07 12:47:04 -05:00
Nick Mathewson
98cef0ac1e Merge branch 'bug2279' into maint-0.2.2 2011-02-07 12:43:54 -05:00
Nick Mathewson
e854e01d57 Some cleanups to bug2279 messages/docs from rransom 2011-02-07 12:40:43 -05:00
Sebastian Hahn
f2bb7b17d7 Remove country codes from EntryNodes manpage entry 2011-01-28 14:19:28 +01:00
Nick Mathewson
30111a3a01 add documentation for ClientRejectInternalAddresses 2011-01-26 12:08:52 -05:00
Nick Mathewson
0337fc7b06 Merge remote branch 'origin/maint-0.2.2' 2011-01-26 11:49:41 -05:00
Nick Mathewson
1dd98891d7 Explain soft shutdown mode a little better in the accountingmax documentation 2011-01-26 11:45:37 -05:00
Nick Mathewson
89ee779f92 Add a torrc option to report log domains 2011-01-25 15:53:15 -05:00
Nick Mathewson
e261a1a3e6 Simplify syntax for negated log domains
Previously if you wanted to say "All messages except network
messages", you needed to say "[*,~net]" and if you said "[~net]" by
mistake, you would get no messages at all.  Now, if you say "[~net]",
you get everything except networking messages.
2011-01-25 15:03:36 -05:00
Nick Mathewson
23f8bedddb Add manpage entry for logging domains
Fixes issue 2215.
2011-01-25 15:02:36 -05:00
Karsten Loesing
8db10c6d2f Write bidirectional connection stats in single line.
There's no need to have a separate line conn-stats-end for the end date
and interval length with only a single line conn-bi-direct following.
2010-12-03 16:47:53 +01:00
Karsten Loesing
076a688d76 Add ChangeLog entry and man page entry. 2010-12-03 16:47:52 +01:00
Nick Mathewson
8c2affe637 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/cpuworker.c
2010-11-15 14:14:13 -05:00
Nick Mathewson
ac2c0cb587 Make the coducmentation for SingleHop stuff slightly more dire 2010-11-15 14:09:32 -05:00
Sebastian Hahn
6bde512edc Document hs dht min uptime change in privnets
In f87c6f100d we made it so that MinUptimeHidServDirectoryV2
defaults to 0 if TestingTorNetwork is set. Add a manpage entry and a
changes file.
2010-11-10 15:48:26 +01:00
Sebastian Hahn
bae80eef4b Document the AllowSingleHopExits option 2010-11-10 15:48:26 +01:00
Sebastian Hahn
0b05f05bbf Improve documentation for RelayBandwdith* options
Jesse Adelman noticed that we don't currently describe what
happens very well.
2010-11-10 15:48:26 +01:00
Sebastian Hahn
6de673076f Add V3BandwidthsFile to the manpage 2010-11-10 15:48:26 +01:00
Sebastian Hahn
556a1b9e45 Change Natd into NATD in our options.
Breaking this out of the last commit because this might be more
controversial.
2010-11-10 15:48:26 +01:00
Sebastian Hahn
87a0e733d1 Fix a typo in the manpage 2010-11-10 15:48:25 +01:00
Nick Mathewson
1fb342dfab Merge branch 'loggranularity' 2010-11-08 12:40:33 -05:00
Karsten Loesing
ed45bc198f Fix log granularity based on Nick's comments.
Instead of rejecting a value that doesn't divide into 1 second, round to
the nearest divisor of 1 second and warn.

Document that the option only controls the granularity written by Tor to a
file or console log. It does not (for example) "batch up" log messages to
affect times logged by a controller, times attached to syslog messages, or
the mtime fields on log files.
2010-11-08 17:38:59 +01:00
Nick Mathewson
8c837db38f Merge branch 'nodes' 2010-10-13 16:04:25 -04:00
Nick Mathewson
64535a401b Merge remote branch 'origin/maint-0.2.2' 2010-10-04 12:58:35 -04:00
Nick Mathewson
1fa50c778c Clarify PublishServerDescriptor even more 2010-10-04 12:58:20 -04:00
Karsten Loesing
8c5ba9388b Make logging resolution configurable.
Implements enhancement 1668.
2010-10-04 08:15:18 +02:00
Nick Mathewson
f9ea242aca Implement node-based router family code
Also, make the NodeFamily option into a list of routersets.  This
lets us git rid of router_in_nickname_list (or whatever it was
called) without porting it to work with nodes, and also lets people
specify country codes and IP ranges in NodeFamily
2010-10-01 18:14:27 -04:00
Robert Ransom
8d87040e13 Describe BridgeRelay and PublishServerDescriptor more correctly. 2010-09-30 23:43:19 -07:00
Steven Murdoch
a6dc00fa75 Start tor-fw-helper in the background, and log whatever it outputs 2010-09-30 11:40:37 -04:00
Nick Mathewson
73d93c033d Autodetect the number of CPUs when possible if NumCPUs==0
This is needed for IOCP, since telling the IOCP backend about all
your CPUs is a good idea.  It'll also come in handy with asn's
multithreaded crypto stuff, and for people who run servers without
reading the manual.
2010-09-28 14:42:21 -04:00
Nick Mathewson
c612ddee17 Add a new option to enable/disable IOCP support 2010-09-28 14:01:45 -04:00
Nick Mathewson
7c83b0a2a2 Merge branch 'refuseunknown' into maint-0.2.2 2010-09-27 17:15:57 -04:00
Sebastian Hahn
8ac2de5ab9 Add RefuseUnknownExits to the manpage 2010-09-27 17:15:41 -04:00
Nick Mathewson
c8e1538a0b Merge remote branch 'sebastian/continuation' 2010-09-24 13:43:55 -04:00
John Brooks
fb34c66e83 Correct default for RendPostPeriod in docs 2010-09-21 01:05:47 -04:00
Sebastian Hahn
1dab6cf4cb Document multiline options in the manpage 2010-09-11 01:44:20 +02:00
Karsten Loesing
8dadc7a7aa Update man page, now that *Statistics can be changed while Tor is running. 2010-08-15 15:51:31 +02:00
Nick Mathewson
883af78a9d Clarify that cmd-line options override torrc options 2010-07-31 13:23:41 -04:00
Nick Mathewson
15424bf800 Document 20KB requirement in BandwidthRate documentation
This fixes the last suggestion of bug #1195.
2010-07-30 18:00:43 -04:00
Roger Dingledine
6048571100 fetching a directory on sighup is years out of date 2010-07-14 13:48:09 -04:00
Nick Mathewson
bea55766af Merge remote branch 'mikeperry/cbt-bugfixes3' 2010-06-29 18:57:50 -04:00
Sebastian Hahn
10fdb9ee0a Add option to not warn when getting an IP instead of hostname 2010-06-07 12:44:25 +02:00
Nick Mathewson
2eec9ea4e8 Clean up "Address" documentation even harder. 2010-06-01 10:53:32 -04:00
Mike Perry
29e0d70814 Bug 1296: Add option+logic to disable CBT learning.
There are now four ways that CBT can be disabled:

1. Network-wide, with the cbtdisabled consensus param.
2. Via config, with "LearnCircuitBuildTimeout 0"
3. Via config, with "AuthoritativeDirectory 1"
4. Via a state file write failure.
2010-05-10 13:11:48 -07:00
Sebastian Hahn
b3b2a57bbf Clarify the implications of the "Address" option
Fixes bug 1381
2010-05-02 00:38:22 +02:00
Peter Palfrader
9d3a985a83 Note an exception to when we use OutboundBindAddress 2010-03-02 12:58:50 -05:00
Sebastian Hahn
2917c0596c Restrict PerConnBWRate|Burst to INT32_MAX, update manpage
All other bandwidthrate settings are restricted to INT32_MAX, but
this check was forgotten for PerConnBWRate and PerConnBWBurst. Also
update the manpage to reflect the fact that specifying a bandwidth
in terabytes does not make sense, because that value will be too
large.
2010-02-25 12:33:15 +01:00
Roger Dingledine
8ce1cb174d elevate a changelog entry, and get my mailto out of the man page 2010-02-22 16:19:35 -05:00
Sebastian Hahn
1a3f42d1d0 Fix a few typos in the manpage, and reword the DisableAllSwap entry 2010-01-27 12:13:10 +01:00
Sebastian Hahn
a330cdc6fb Convert the Tor manpage to asciidoc.
This should be a very faithful conversion, preserving as much of the layout
of the old manpage as possible. This wasn't possible for the nt-service
and the DataDirectory/state parts. See a later commit for some small
cleanups.

Tiago Faria helped with the asciidoc conversion, big thanks!
2010-01-27 12:13:10 +01:00