diff options
Diffstat (limited to 'doc/tor.1.txt')
| -rw-r--r-- | doc/tor.1.txt | 47 |
1 files changed, 30 insertions, 17 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 109efa7da9..1de01162a4 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -185,6 +185,9 @@ GENERAL OPTIONS course, more is better; we recommend at least 250 KBytes (2 mbits) if possible. (Default: 1 GByte) + + + Note that this option, and other bandwidth-limiting options, apply to TCP + data only: They do not count TCP headers or DNS traffic. + + + With this option, and in other options that take arguments in bytes, KBytes, and so on, other formats are also supported. Notably, "KBytes" can also be written as "kilobytes" or "kb"; "MBytes" can be written as @@ -391,7 +394,9 @@ GENERAL OPTIONS [[DataDirectory]] **DataDirectory** __DIR__:: Store working data in DIR. Can not be changed while tor is running. - (Default: @LOCALSTATEDIR@/lib/tor) + (Default: ~/.tor if your home directory is not /; otherwise, + @LOCALSTATEDIR@/lib/tor. On Windows, the default is + your ApplicationData folder.) [[DataDirectoryGroupReadable]] **DataDirectoryGroupReadable** **0**|**1**:: If this option is set to 0, don't allow the filesystem group to read the @@ -641,7 +646,7 @@ GENERAL OPTIONS (127.0.0.0/8 and ::1). [[OutboundBindAddressOR]] **OutboundBindAddressOR** __IP__:: - Make all outbound non-exit (=relay and other) connections originate from the IP + Make all outbound non-exit (=relay and other) connections originate from the IP address specified. This option overrides **OutboundBindAddress** for the same IP version. This option may be used twice, once with an IPv4 address and once with an IPv6 address. This setting will be ignored for connections to the @@ -783,7 +788,7 @@ The following options are useful only for clients (that is, if so using these relays might make your client stand out. (Default: 1) -[[Bridge]] **Bridge** [__transport__] __IP__:__ORPort__ [__fingerprint__]:: +[[Bridge]] **Bridge** [__transport__] __IP__:__ORPort__ [__fingerprint__] [__key__=__val__...]:: When set along with UseBridges, instructs Tor to use the relay at "IP:ORPort" as a "bridge" relaying into the Tor network. If "fingerprint" is provided (using the same format as for DirAuthority), we will verify that @@ -796,7 +801,12 @@ The following options are useful only for clients (that is, if rather than connecting to the bridge directly. Some transports use a transport-specific method to work out the remote address to connect to. These transports typically ignore the "IP:ORPort" specified in the bridge - line. + line. + + + + Tor passes any "key=val" settings to the pluggable transport proxy as + per-connection arguments when connecting to the bridge. Consult + the documentation of the pluggable transport for details of what + arguments it supports. [[LearnCircuitBuildTimeout]] **LearnCircuitBuildTimeout** **0**|**1**:: If 0, CircuitBuildTimeout adaptive learning is disabled. (Default: 1) @@ -1072,7 +1082,8 @@ The following options are useful only for clients (that is, if but never attach a new stream to a circuit that is too old. For hidden services, this applies to the __last__ time a circuit was used, not the first. Circuits with streams constructed with SOCKS authentication via - SocksPorts that have **KeepAliveIsolateSOCKSAuth** ignore this value. + SocksPorts that have **KeepAliveIsolateSOCKSAuth** also remain alive + for MaxCircuitDirtiness seconds after carrying the last such stream. (Default: 10 minutes) [[MaxClientCircuitsPending]] **MaxClientCircuitsPending** __NUM__:: @@ -1134,8 +1145,9 @@ The following options are useful only for clients (that is, if Don't share circuits with streams targeting a different destination address. **KeepAliveIsolateSOCKSAuth**;; - If **IsolateSOCKSAuth** is enabled, keep alive circuits that have - streams with SOCKS authentication set indefinitely. + If **IsolateSOCKSAuth** is enabled, keep alive circuits while they have + at least one stream with SOCKS authentication active. After such a circuit + is idle for more than MaxCircuitDirtiness seconds, it can be closed. **SessionGroup=**__INT__;; If no other isolation rules would prevent it, allow streams on this port to share circuits with streams from every other @@ -1289,16 +1301,16 @@ The following options are useful only for clients (that is, if [[NumEntryGuards]] **NumEntryGuards** __NUM__:: If UseEntryGuards is set to 1, we will try to pick a total of NUM routers - as long-term entries for our circuits. If NUM is 0, we try to learn - the number from the NumEntryGuards consensus parameter, and default - to 3 if the consensus parameter isn't set. (Default: 0) + as long-term entries for our circuits. If NUM is 0, we try to learn the + number from the guard-n-primary-guards-to-use consensus parameter, and + default to 1 if the consensus parameter isn't set. (Default: 0) [[NumDirectoryGuards]] **NumDirectoryGuards** __NUM__:: - If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we - have at least NUM routers to use as directory guards. If this option - is set to 0, use the value from the NumDirectoryGuards consensus - parameter, falling back to the value from NumEntryGuards if the - consensus parameter is 0 or isn't set. (Default: 0) + If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we have + at least NUM routers to use as directory guards. If this option is set to + 0, use the value from the guard-n-primary-dir-guards-to-use consensus + parameter, and default to 3 if the consensus parameter isn't set. + (Default: 0) [[GuardLifetime]] **GuardLifetime** __N__ **days**|**weeks**|**months**:: If nonzero, and UseEntryGuards is set, minimum time to keep a guard before @@ -2151,8 +2163,9 @@ is non-zero): DIRECTORY SERVER OPTIONS ------------------------ -The following options are useful only for directory servers (that is, -if DirPort is non-zero): +The following options are useful only for directory servers. (Relays with +enough bandwidth automatically become directory servers; see DirCache for +details.) [[DirPortFrontPage]] **DirPortFrontPage** __FILENAME__:: When this option is set, it takes an HTML file and publishes it as "/" on |