diff options
author | Nick Mathewson <nickm@torproject.org> | 2021-10-08 11:42:55 -0400 |
---|---|---|
committer | Alexander Færøy <ahf@torproject.org> | 2021-10-21 12:57:20 +0000 |
commit | 54ab43d05e67984bda5661cb9530ad8a0b1e2a7a (patch) | |
tree | a2c279813d6c71122ba763cc7f950ec5b02ef7ce | |
parent | ab26475cabff49767c1b301371d81478695b5943 (diff) | |
download | tor-54ab43d05e67984bda5661cb9530ad8a0b1e2a7a.tar.gz tor-54ab43d05e67984bda5661cb9530ad8a0b1e2a7a.zip |
Prop335: Changes file and manual entries.
Closes #40448.
-rw-r--r-- | changes/prop335 | 11 | ||||
-rw-r--r-- | doc/man/tor.1.txt | 29 |
2 files changed, 33 insertions, 7 deletions
diff --git a/changes/prop335 b/changes/prop335 new file mode 100644 index 0000000000..4fa61ca2e9 --- /dev/null +++ b/changes/prop335 @@ -0,0 +1,11 @@ + o Major features (directory authority): + - Authorities can now be configured to label relays as "MiddleOnly". + When voting for this flag, authorities automatically vote against + Exit, Guard, HSDir, and V2Dir; and in favor of BadExit. + Implements part of proposal 335. Based on a patch from Neel + Chauhan. + - Add a new consensus method to handle MiddleOnly specially. When + enough authorities are using this method, then any relay + tagged with the MiddleOnly flag will have its Exit, Guard, HSDir, + and V2Dir flags automatically cleared, and will have its BadExit flag + automatically set. Implements part of proposal 335. diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt index 551ead7533..149d35b018 100644 --- a/doc/man/tor.1.txt +++ b/doc/man/tor.1.txt @@ -3025,6 +3025,11 @@ on the public Tor network. is the same as for exit policies, except that you don't need to say "accept" or "reject", and ports are not needed.) +[[AuthDirMiddleOnly]] **AuthMiddleOnly** __AddressPattern...__:: + Authoritative directories only. A set of address patterns for servers that + will be listed as middle-only in any network status document this authority + publishes, if **AuthDirListMiddleOnly** is set. + + [[AuthDirFastGuarantee]] **AuthDirFastGuarantee** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**TBytes**|**KBits**|**MBits**|**GBits**|**TBits**:: Authoritative directories only. If non-zero, always vote the Fast flag for any relay advertising this amount of capacity or @@ -3072,6 +3077,13 @@ on the public Tor network. 1 unless you plan to list non-functioning exits as bad; otherwise, you are effectively voting in favor of every declared exit as an exit.) +[[AuthDirListMiddleOnly]] **AuthDirListMiddleOnly** **0**|**1**:: + Authoritative directories only. If set to 1, this directory has some + opinion about which nodes should only be used in the middle position. + (Do not set this to 1 unless you plan to list questionable relays + as "middle only"; otherwise, you are effectively voting _against_ + middle-only status for every relay.) + [[AuthDirMaxServersPerAddr]] **AuthDirMaxServersPerAddr** __NUM__:: Authoritative directories only. The maximum number of servers that we will list as acceptable on a single IP address. Set this to "0" for "no limit". @@ -3090,18 +3102,20 @@ on the public Tor network. authority publishes, or accepted as an OR address in any descriptor submitted for publication by this authority. +[[AuthDirRejectRequestsUnderLoad]] **AuthDirRejectRequestsUnderLoad** **0**|**1**:: + If set, the directory authority will start rejecting directory requests + from non relay connections by sending a 503 error code if it is under + bandwidth pressure (reaching the configured limit if any). Relays will + always tried to be answered even if this is on. (Default: 1) + //Out of order because it logically belongs with the other CCs options. [[AuthDirBadExitCCs]] **AuthDirBadExitCCs** __CC__,... + //Out of order because it logically belongs with the other CCs options. [[AuthDirInvalidCCs]] **AuthDirInvalidCCs** __CC__,... + - -[[AuthDirRejectRequestsUnderLoad]] **AuthDirRejectRequestsUnderLoad** **0**|**1**:: - If set, the directory authority will start rejecting directory requests - from non relay connections by sending a 503 error code if it is under - bandwidth pressure (reaching the configured limit if any). Relays will - always tried to be answered even if this is on. (Default: 1) +//Out of order because it logically belongs with the other CCs options. +[[AuthDirMiddleOnlytCCs]] **AuthDirMiddleOnlyCCs** __CC__,... + [[AuthDirRejectCCs]] **AuthDirRejectCCs** __CC__,...:: Authoritative directories only. These options contain a comma-separated @@ -3847,7 +3861,8 @@ __DataDirectory__/**`approved-routers`**:: descriptors are accepted, but marked in the vote as not valid. If it is **!badexit**, then the authority will vote for it to receive a BadExit flag, indicating that it shouldn't be used for traffic leaving - the Tor network. + the Tor network. If it is **!middleonly**, then the authority will + vote for it to only be used in the middle of circuits. (Neither rejected nor invalid relays are included in the consensus.) __DataDirectory__/**`v3-status-votes`**:: |