Commit Graph

264 Commits

Author SHA1 Message Date
Roger Dingledine
375acaab26 un-deprecate FascistFirewall
svn:r11873
2007-10-11 19:20:24 +00:00
Nick Mathewson
b5c8a8ae53 r15422@catbus: nickm | 2007-09-27 16:42:35 -0400
Use descriptor annotations to record the source, download t time, and purpose of every descriptor we add to the store.  The remaining to-do item is to stop setting do_not_cache on bridges.


svn:r11680
2007-09-27 20:46:30 +00:00
Roger Dingledine
e313a8ad08 fix a syntax error in the man page
svn:r11589
2007-09-23 05:28:39 +00:00
Peter Palfrader
ce1099bf66 The manpage now tells uses that they can use identity fingerprints in most places where they can use nicknames. Based on patch from karsten
svn:r11570
2007-09-21 23:06:54 +00:00
Nick Mathewson
d3224bad42 r14227@Kushana: nickm | 2007-08-27 11:33:28 -0400
Add a new ClientDNSRejectInternalAddresses option (default: on) to refuse to believe that any address can map to or from an internal address.  This blocks some kinds of potential browser-based attacks, especially on hosts using DNSPort.  Also clarify behavior in some comments.  Backport candiate?


svn:r11287
2007-08-27 15:33:58 +00:00
Nick Mathewson
7dbe7fd4d8 r14758@catbus: nickm | 2007-08-21 01:36:03 -0400
Finish implementing and documenting proposal 108: Authorities now use MTBF data to set their stability flags, once they have at least 4 days of data to use.


svn:r11240
2007-08-21 05:37:24 +00:00
Roger Dingledine
2df9bb937d clean up the cookieauth stuff
svn:r11146
2007-08-16 19:27:31 +00:00
Nick Mathewson
718953dbe9 r14606@catbus: nickm | 2007-08-16 13:45:01 -0400
Implement CookieAuthFile and CookieAuthFileGroupReadable.  Backport candidate.


svn:r11141
2007-08-16 17:46:01 +00:00
Nick Mathewson
483c1e9017 r13774@catbus: nickm | 2007-07-16 12:23:28 -0400
Tweaks on constrained socket buffers patch from coderman: Add a changelog; rename some variables; fix some long lines and whitespace; make ConstrainedSockSize a memunit; pass setsockopt a void.


svn:r10843
2007-07-16 16:23:36 +00:00
Nick Mathewson
f4a6673758 r13773@catbus: nickm | 2007-07-16 11:58:25 -0400
Initial "constrained socket buffers" patch from coderman. needs tweaking.


svn:r10842
2007-07-16 16:23:34 +00:00
Nick Mathewson
1b200de0ef r13304@catbus: nickm | 2007-06-07 13:25:37 -0400
Deprecate RedirectExits.


svn:r10526
2007-06-07 17:26:19 +00:00
Nick Mathewson
0a27f02b9c r13267@catbus: nickm | 2007-06-05 16:54:20 -0400
Man page and small tweaks for last patch.


svn:r10505
2007-06-05 20:54:53 +00:00
Nick Mathewson
3600d2f708 r13127@catbus: nickm | 2007-05-31 21:43:05 -0400
Mention that SocksPolicy applies to DNSPort.


svn:r10438
2007-06-01 10:20:33 +00:00
Nick Mathewson
b1cd5892cb r13115@catbus: nickm | 2007-05-31 15:12:43 -0400
Document DNSPort, DNSListenAddress, AutomapHostsOnResolve, AutomapHostsSuffixes, and DownloadExtraInfo in the manpage.


svn:r10426
2007-05-31 19:13:12 +00:00
Nick Mathewson
3f9afa0625 r13068@catbus: nickm | 2007-05-29 14:58:13 -0400
Add some code to mitigate bug 393: Choose at random from multiple hidden service ports with the same virtport.  This allows limited ad-hoc round-robining.


svn:r10398
2007-05-29 18:58:16 +00:00
Roger Dingledine
1c3f864024 cleanups on man page from edmanm
svn:r10350
2007-05-26 07:42:06 +00:00
Roger Dingledine
f8a8b27dd2 add a 'bridge' flag for dirserver config entries
svn:r10128
2007-05-07 08:26:50 +00:00
Roger Dingledine
1b95bbdba6 New config option V2AuthoritativeDirectory that all directory
authorities should set. This will let future authorities choose 
not to serve V2 directory information.

Also, go through and revamp all the authdir_mode stuff so it tries
to do the right thing if you're an auth but not a V1 or V2 auth.


svn:r10092
2007-05-02 09:12:04 +00:00
Roger Dingledine
d9f5f2cfa0 hsusage man page entries from karsten
svn:r10084
2007-05-01 10:36:43 +00:00
Andrew Lewman
fdb1e11dae Fix the tex error I just introduced.
svn:r9911
2007-03-28 22:46:59 +00:00
Andrew Lewman
7887af912b Fix tex and spelling mistakes.
svn:r9910
2007-03-28 22:46:05 +00:00
Roger Dingledine
b4f743562f Add a separate set of token buckets for relayed traffic. Right
now that's just defined as answers to directory requests.


svn:r9881
2007-03-20 02:55:31 +00:00
Roger Dingledine
c4cf13a5a0 squeak in a bugfix for the VirtualAddrNetwork man page entry
svn:r9706
2007-03-02 05:25:35 +00:00
Nick Mathewson
bbfb6508e7 r11657@catbus: nickm | 2007-02-05 21:01:18 -0500
Fix a missing word identified by roger.


svn:r9494
2007-02-06 02:01:21 +00:00
Roger Dingledine
d3cac84bbc nick, this was a typo too, right?
svn:r9493
2007-02-06 00:52:38 +00:00
Roger Dingledine
f6f5b85bd6 nickm: to a larger what?
svn:r9492
2007-02-06 00:27:55 +00:00
Roger Dingledine
9aa8e490f8 cleanups based on looking through svn commits
svn:r9491
2007-02-06 00:27:03 +00:00
Nick Mathewson
8a9a55251f r11616@catbus: nickm | 2007-01-31 13:51:31 -0500
Tweak Trans/NATDPort documention to be less tool-specific.


svn:r9471
2007-01-31 21:48:53 +00:00
Nick Mathewson
eb3cc1e405 r11615@catbus: nickm | 2007-01-31 01:15:06 -0500
Documentation patch from ioerror for TransPort and related issues.


svn:r9470
2007-01-31 21:48:51 +00:00
Nick Mathewson
21f5e06862 r11583@catbus: nickm | 2007-01-29 11:19:48 -0500
Make man page stop saying that BandwidthRate is for incoming bandwidth only; Add some XXX012s for config options that should maybe die.


svn:r9455
2007-01-29 18:13:34 +00:00
Nick Mathewson
b0b96c9091 r11492@catbus: nickm | 2007-01-24 18:41:07 -0500
Try to be really explicit that ServerDNS options affect what your server does on behalf of clients, and nothing else.


svn:r9398
2007-01-24 23:41:56 +00:00
Roger Dingledine
37b5132ad8 Expire socks connections if they spend too long waiting for the
handshake to finish. Previously we would let them sit around for
days, if the connecting application didn't close them either.

Also take this opportunity to refactor a duplicate bit of circuituse.c.

And change the semantics of SocksTimeout slightly, but I think it'll
be ok.


svn:r9350
2007-01-15 09:09:03 +00:00
Andrew Lewman
a28f4ad4ae Clarify the --nt-service option.
svn:r9345
2007-01-13 17:56:17 +00:00
Andrew Lewman
9b2bfe4ea8 Update --nt-service
svn:r9342
2007-01-13 05:24:31 +00:00
Andrew Lewman
930e12920d Update copyright in config.c while I'm there. Update man page to
reflect all available options to tor binary.


svn:r9341
2007-01-13 05:09:09 +00:00
Nick Mathewson
c1b5f53679 r11938@Kushana: nickm | 2007-01-11 11:02:28 -0500
Check addresses for rfc953-saneness at exit too, and give a PROTOCOL_WARN when they fail.  Also provide a mechanism to override this, so blossom can have its @@##$$^.whatever.exit hostnames if it wants.


svn:r9336
2007-01-11 16:02:39 +00:00
Roger Dingledine
5e89bc9b4b fix a bug i introduced in r9249; and more cleanups.
svn:r9263
2007-01-04 09:12:23 +00:00
Roger Dingledine
50f0e36094 man page entries for TunnelDirConns and PreferTunneledDirConns
and add a todo item for nick in case he gets bored :)


svn:r9260
2007-01-04 04:35:18 +00:00
Roger Dingledine
7396b8eecf interim tweaks
svn:r9246
2007-01-03 03:45:53 +00:00
Nick Mathewson
e5f5b96ca6 r11723@Kushana: nickm | 2006-12-28 13:52:48 -0500
Fix bug 364: check for whether popular hostnames (curently google, yahoo, mit, and slashdot) are getting wildcarded.  If they are, we are probably behind a DNS server that is useless: change our exit policy to reject *:*.


svn:r9199
2006-12-28 21:29:11 +00:00
Nick Mathewson
92e2d687fa r11715@Kushana: nickm | 2006-12-24 22:53:06 -0500
Document a couple more options in the man page.


svn:r9192
2006-12-25 03:55:37 +00:00
Nick Mathewson
4d948281c3 r11676@Kushana: nickm | 2006-12-23 20:42:17 -0500
Add an orport option to dirserver lines so that clients can tell where to connect to open an encrypted tunnel to a dirserver even before they have its descriptor.


svn:r9171
2006-12-24 02:45:27 +00:00
Nick Mathewson
2e1e919d65 r11657@Kushana: nickm | 2006-12-20 15:11:19 -0500
Fixes to check-docs script; add some docs; mark some options as deprecated in the online docs.


svn:r9163
2006-12-20 21:02:02 +00:00
Roger Dingledine
e66b6f0d50 Reject *:563 (NTTPS) in the default exit policy. We already reject
NNTP by default, so this seems like a sensible addition.
(suggested by bug 331)


svn:r9149
2006-12-18 08:25:34 +00:00
Roger Dingledine
67b27a42be cleanups on the man page edits
svn:r9045
2006-12-07 19:32:52 +00:00
Andrew Lewman
65b14eae90 Added hiddenservice files as well to the man page.
svn:r9033
2006-12-07 05:13:53 +00:00
Andrew Lewman
25d94d373c Updated the FILES section with info from
http://archives.seul.org/or/talk/Dec-2006/msg00065.html


svn:r9032
2006-12-07 05:09:54 +00:00
Roger Dingledine
80e1ab7ee1 take RunTesting out of the man page until we reenable it
svn:r8899
2006-11-04 04:29:04 +00:00
Peter Palfrader
4665e1d18c Sync manpage with code: 6697 was added to LongLivedPorts
svn:r8807
2006-10-23 11:29:15 +00:00
Nick Mathewson
42bab1c6d3 r9318@Kushana: nickm | 2006-10-22 15:22:57 -0400
Let directory authorities set the BadExit flag if they like.  Also, refactor directory authority code so we can believe multiple things about a single router, and do fewer linear searches.


svn:r8794
2006-10-23 03:48:42 +00:00
Roger Dingledine
a3efc8e3d1 - V1 authorities should set "HSAuthoritativeDir 1" to continue being
hidden service authorities too.
- Just because your DirPort is open doesn't mean people should be
  able to remotely teach you about hidden service descriptors. Now
  only accept rendezvous posts if you've got HSAuthoritativeDir set.


svn:r8573
2006-10-01 22:16:55 +00:00
Nick Mathewson
907fc6c73e r8977@Kushana: nickm | 2006-09-28 19:56:41 -0400
Make "is a v1 authority", "is a v2 authority", and "is a hidden service authority" into separate flags so we can eventually migrate more trust away from moria.


svn:r8523
2006-09-28 23:57:59 +00:00
Roger Dingledine
3994b02c0e try a different fix
svn:r8506
2006-09-25 22:34:27 +00:00
Roger Dingledine
90a307bb2a tweaks
svn:r8505
2006-09-25 22:17:14 +00:00
Nick Mathewson
49ad1eefa1 Add an EnforceDistinctSubnets option so that clients who know what they are doing (mainly people with private testing networks) can disable our same-/16 detection.
svn:r8504
2006-09-25 22:12:54 +00:00
Roger Dingledine
c97a8469ad be clearer that the *ListenAddress directives can be
repeated multiple times.


svn:r8501
2006-09-25 17:33:53 +00:00
Roger Dingledine
ad430b9561 checkpoint changelog and general polishing
svn:r8497
2006-09-25 05:59:13 +00:00
Roger Dingledine
aa77298819 remove 8888 as a long lived port. i can't remember why it's
on the list.


svn:r8461
2006-09-22 19:29:26 +00:00
Nick Mathewson
e4a9b4de4e r8875@Kushana: nickm | 2006-09-21 16:46:28 -0400
Resolve bug 330: detect ISPs that want to hijack failing DNS requests and basically domain-squat the entire internet.


svn:r8440
2006-09-21 21:48:22 +00:00
Nick Mathewson
04bec67574 r8874@Kushana: nickm | 2006-09-21 15:22:27 -0400
Rename and document SearchDomains and ResolvConf options; warn if ServerDNSResolvConfFile is given but eventdns isnt enabled.


svn:r8439
2006-09-21 21:48:16 +00:00
Roger Dingledine
d08df9686a fix typo pointed out by paul
svn:r7074
2006-08-18 18:19:35 +00:00
Roger Dingledine
d53e5179bd clean up AllowInvalidNodes man page entry.
svn:r7073
2006-08-18 17:46:14 +00:00
Roger Dingledine
726021bb60 clean up man page. expand on contactinfo a bit.
svn:r6631
2006-06-16 00:04:46 +00:00
Roger Dingledine
e9d7904885 add TestVia to the man page
svn:r6583
2006-06-10 00:32:14 +00:00
Roger Dingledine
c0630b5274 clean up formatting in the man page
svn:r6582
2006-06-10 00:30:49 +00:00
Roger Dingledine
8705db6c2c whoops, add a man page entry for ProtocolWarnings
svn:r6545
2006-06-05 09:51:29 +00:00
Roger Dingledine
be2833e929 fix spelling of VirtualAddrNetwork in man page (thanks tup)
svn:r6487
2006-05-23 20:15:51 +00:00
Roger Dingledine
a16bd23ad9 document that runasdaemon has no effect on windows.
svn:r6469
2006-05-23 07:03:30 +00:00
Nick Mathewson
7484ca06a5 [Forward-port ]Test and document last patch.
svn:r6400
2006-04-18 03:51:18 +00:00
Roger Dingledine
c2565c2ffb and forward-port the man page change
svn:r6372
2006-04-10 20:08:12 +00:00
Roger Dingledine
a52bb835c8 and update the man page to reflect that
svn:r6339
2006-04-09 10:28:59 +00:00
Roger Dingledine
5dbdc3fc22 man page entry for FetchUselessDescriptors
svn:r6328
2006-04-08 21:48:29 +00:00
Roger Dingledine
8b7f7052c5 man page entries for CircuitBuildTimeout and CircuitIdleTimeout
svn:r6221
2006-03-22 00:56:03 +00:00
Roger Dingledine
442c054a71 and add SocksTimeout to the man page
and stop shouting when we talk about Socks


svn:r6218
2006-03-21 23:30:24 +00:00
Roger Dingledine
173b16cd1e clean up man page entries on EntryNodes and ExitNodes
svn:r6202
2006-03-20 20:15:50 +00:00
Roger Dingledine
2c33218fc9 man page entry for safesocks. also correct the man page
entry for testsocks.


svn:r6191
2006-03-19 01:52:18 +00:00
Roger Dingledine
77b00edd27 and fix the AllowInvalidNodes man page entry too.
svn:r6189
2006-03-19 01:39:10 +00:00
Roger Dingledine
fe6f11b6f4 document AuthDirRejectUnlisted in the man page
svn:r6109
2006-03-09 01:47:04 +00:00
Nick Mathewson
9479bd0275 Document AuthDir(Invalid|Reject)
svn:r6098
2006-03-08 08:17:25 +00:00
Andrew Lewman
96a93a0cb1 It's FI not Fi..fo fum..
svn:r6056
2006-02-20 05:32:35 +00:00
Roger Dingledine
5d1b35ce41 and put them in the man page
svn:r6048
2006-02-19 22:03:28 +00:00
Roger Dingledine
266254f42b clean up the Reachable*Addresses changes
svn:r6041
2006-02-19 08:31:47 +00:00
Peter Palfrader
cfcb1b1afd document ReachableDirAddresses and ReachableORAddresses
svn:r6011
2006-02-13 22:43:42 +00:00
Roger Dingledine
350313d77a Let the users set ControlListenAddress in the torrc.
This can be dangerous, but there are some cases (like a secured
LAN) where it makes sense.


svn:r5997
2006-02-13 06:25:16 +00:00
Roger Dingledine
1181ae61ae the *ListenAddress config options were still named
*BindAddress in the man page.


svn:r5996
2006-02-13 06:19:18 +00:00
Roger Dingledine
7245f275b9 document the restrictions on 'nickname' config option
svn:r5953
2006-02-10 05:25:58 +00:00
Roger Dingledine
8cd6d0e453 and by default it's off
svn:r5943
2006-02-09 04:21:39 +00:00
Roger Dingledine
eda7373e15 clean up TestSocks man page entry
svn:r5942
2006-02-09 04:21:03 +00:00
Roger Dingledine
88f7aeba94 admit that the HardwareAccel config option is probably buggy.
svn:r5937
2006-02-09 03:22:58 +00:00
Roger Dingledine
51dffee36c MaxConn has been obsolete for a while now.
Document ConnLimit, which is the opposite.


svn:r5933
2006-02-09 02:59:10 +00:00
Peter Palfrader
cc349042f6 Document TestSocks
svn:r5921
2006-02-05 22:45:02 +00:00
Roger Dingledine
9ff4b2cf97 document ExitPolicyRejectPrivate in man page
svn:r5889
2006-02-01 05:22:11 +00:00
Roger Dingledine
dfa23061a7 fix the man page: hardwareaccel is off by default.
svn:r5876
2006-01-28 22:09:57 +00:00
Roger Dingledine
f8b9a8d457 bump the default bandwidthrate to 3 MB, and burst to 6 MB
svn:r5874
2006-01-28 08:28:15 +00:00
Peter Palfrader
2be4f537f7 ReachableAddresses does not depend on FascistFirewall
svn:r5839
2006-01-17 15:49:42 +00:00
Roger Dingledine
a789e1ec38 improve the man page entry for AllowUnverifiedNodes
svn:r5833
2006-01-17 01:10:17 +00:00
Peter Palfrader
38d32bc466 Add another comma
svn:r5823
2006-01-12 03:01:51 +00:00
Peter Palfrader
fdbd0791e2 Fix bold vs. italics in the FILES sections, update date
svn:r5821
2006-01-12 02:10:25 +00:00
Roger Dingledine
3c89480913 clean up the !reject/!invalid discussion
svn:r5817
2006-01-12 00:52:41 +00:00
Peter Palfrader
44cec7cecd Add !reject and !invalid
svn:r5816
2006-01-12 00:07:04 +00:00