summaryrefslogtreecommitdiff
path: root/doc/tor.1.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/tor.1.txt')
-rw-r--r--doc/tor.1.txt328
1 files changed, 177 insertions, 151 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index d1556a5541..4e3e07e2d3 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -72,7 +72,7 @@ COMMAND-LINE OPTIONS
[[opt-serviceinstall]] **--service install** [**--options** __command-line options__]::
Install an instance of Tor as a Windows service, with the provided
command-line options. Current instructions can be found at
- https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#HowdoIrunmyTorrelayasanNTservice
+ https://www.torproject.org/docs/faq#NTService
[[opt-service]] **--service** **remove**|**start**|**stop**::
Remove, start, or stop a configured Tor Windows service.
@@ -224,6 +224,13 @@ GENERAL OPTIONS
for the Extended ORPort's cookie file -- the cookie file is needed
for pluggable transports to communicate through the Extended ORPort.
+[[ExtORPortCookieAuthFileGroupReadable]] **ExtORPortCookieAuthFileGroupReadable** **0**|**1**::
+ If this option is set to 0, don't allow the filesystem group to read the
+ Extended OR Port cookie file. If the option is set to 1, make the cookie
+ file readable by the default GID. [Making the file readable by other
+ groups is not yet implemented; let us know if you need this for some
+ reason.] (Default: 0)
+
[[ConnLimit]] **ConnLimit** __NUM__::
The minimum number of file descriptors that must be available to the Tor
process before it will start. Tor will ask the OS for as many file
@@ -312,7 +319,7 @@ GENERAL OPTIONS
If set, this option overrides the default location and file name
for Tor's cookie file. (See CookieAuthentication above.)
-[[CookieAuthFileGroupReadable]] **CookieAuthFileGroupReadable** **0**|**1**|__Groupname__::
+[[CookieAuthFileGroupReadable]] **CookieAuthFileGroupReadable** **0**|**1**::
If this option is set to 0, don't allow the filesystem group to read the
cookie file. If the option is set to 1, make the cookie file readable by
the default GID. [Making the file readable by other groups is not yet
@@ -491,15 +498,15 @@ GENERAL OPTIONS
attacker who obtains the logs. If only one severity level is given, all
messages of that level or higher will be sent to the listed destination.
-**Log** __minSeverity__[-__maxSeverity__] **file** __FILENAME__::
+[[Log2]] **Log** __minSeverity__[-__maxSeverity__] **file** __FILENAME__::
As above, but send log messages to the listed filename. The
"Log" option may appear more than once in a configuration file.
Messages are sent to all the logs that match their severity
level.
-**Log** **[**__domain__,...**]**__minSeverity__[-__maxSeverity__] ... **file** __FILENAME__ +
+[[Log3]] **Log** **[**__domain__,...**]**__minSeverity__[-__maxSeverity__] ... **file** __FILENAME__ +
-**Log** **[**__domain__,...**]**__minSeverity__[-__maxSeverity__] ... **stderr**|**stdout**|**syslog**::
+[[Log4]] **Log** **[**__domain__,...**]**__minSeverity__[-__maxSeverity__] ... **stderr**|**stdout**|**syslog**::
As above, but select messages by range of log severity __and__ by a
set of "logging domains". Each logging domain corresponds to an area of
functionality inside Tor. You can specify any number of severity ranges
@@ -543,7 +550,7 @@ GENERAL OPTIONS
\'info'. (Default: 0)
[[PredictedPortsRelevanceTime]] **PredictedPortsRelevanceTime** __NUM__::
- Set how long, after the client has mad an anonymized connection to a
+ Set how long, after the client has made an anonymized connection to a
given port, we will try to make sure that we build circuits to
exits that support that port. The maximum value for this option is 1
hour. (Default: 1 hour)
@@ -561,6 +568,10 @@ GENERAL OPTIONS
messages to affect times logged by a controller, times attached to
syslog messages, or the mtime fields on log files. (Default: 1 second)
+[[TruncateLogFile]] **TruncateLogFile** **0**|**1**::
+ If 1, Tor will overwrite logs at startup and in response to a HUP signal,
+ instead of appending to them. (Default: 0)
+
[[SafeLogging]] **SafeLogging** **0**|**1**|**relay**::
Tor can scrub potentially sensitive strings from log messages (e.g.
addresses) by replacing them with the string [scrubbed]. This way logs can
@@ -593,15 +604,6 @@ GENERAL OPTIONS
This is useful when running on flash memory or other media that support
only a limited number of writes. (Default: 0)
-[[TunnelDirConns]] **TunnelDirConns** **0**|**1**::
- If non-zero, when a directory server we contact supports it, we will build
- a one-hop circuit and make an encrypted connection via its ORPort.
- (Default: 1)
-
-[[PreferTunneledDirConns]] **PreferTunneledDirConns** **0**|**1**::
- If non-zero, we will avoid directory servers that don't support tunneled
- directory connections, when possible. (Default: 1)
-
[[CircuitPriorityHalflife]] **CircuitPriorityHalflife** __NUM1__::
If this value is set, we override the default algorithm for choosing which
circuit's cell to deliver or relay next. When the value is 0, we
@@ -626,7 +628,7 @@ GENERAL OPTIONS
This feature is experimental; don't use it yet unless you're eager to
help tracking down bugs. (Default: 0)
-[[_UseFilteringSSLBufferevents]] **_UseFilteringSSLBufferevents** **0**|**1**::
+[[UseFilteringSSLBufferevents]] **UseFilteringSSLBufferevents** **0**|**1**::
Tells Tor to do its SSL communication using a chain of
bufferevents: one for SSL and one for networking. This option has no
effect if bufferevents are disabled (in which case it can't turn on), or
@@ -644,7 +646,7 @@ CLIENT OPTIONS
--------------
The following options are useful only for clients (that is, if
-[[SocksPort]] **SocksPort**, **TransPort**, **DNSPort**, or **NATDPort** is non-zero):
+**SocksPort**, **TransPort**, **DNSPort**, or **NATDPort** is non-zero):
[[AllowInvalidNodes]] **AllowInvalidNodes** **entry**|**exit**|**middle**|**introduction**|**rendezvous**|**...**::
If some Tor servers are obviously not working right, the directory
@@ -709,10 +711,11 @@ The following options are useful only for clients (that is, if
unless ORPort, ExtORPort, or DirPort are configured.) (Default: 0)
[[ExcludeNodes]] **ExcludeNodes** __node__,__node__,__...__::
- A list of identity fingerprints, nicknames, country codes and address
- patterns of nodes to avoid when building a circuit.
+ A list of identity fingerprints, country codes, and address
+ patterns of nodes to avoid when building a circuit. Country codes must
+ be wrapped in braces; fingerprints may be preceded by a dollar sign.
(Example:
- ExcludeNodes SlowServer, ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, \{cc}, 255.254.0.0/8) +
+ ExcludeNodes ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, \{cc}, 255.254.0.0/8) +
+
By default, this option is treated as a preference that Tor is allowed
to override in order to keep working.
@@ -732,11 +735,13 @@ The following options are useful only for clients (that is, if
[[ExcludeExitNodes]] **ExcludeExitNodes** __node__,__node__,__...__::
- A list of identity fingerprints, nicknames, country codes and address
+ A list of identity fingerprints, country codes, and address
patterns of nodes to never use when picking an exit node---that is, a
node that delivers traffic for you outside the Tor network. Note that any
node listed in ExcludeNodes is automatically considered to be part of this
- list too. See also the caveats on the "ExitNodes" option below.
+ list too. See
+ the **ExcludeNodes** option for more information on how to specify
+ nodes. See also the caveats on the "ExitNodes" option below.
[[GeoIPExcludeUnknown]] **GeoIPExcludeUnknown** **0**|**1**|**auto**::
If this option is set to 'auto', then whenever any country code is set in
@@ -747,9 +752,10 @@ The following options are useful only for clients (that is, if
configured or can't be found. (Default: auto)
[[ExitNodes]] **ExitNodes** __node__,__node__,__...__::
- A list of identity fingerprints, nicknames, country codes and address
+ A list of identity fingerprints, country codes, and address
patterns of nodes to use as exit node---that is, a
- node that delivers traffic for you outside the Tor network. +
+ node that delivers traffic for you outside the Tor network. See
+ the **ExcludeNodes** option for more information on how to specify nodes. +
+
Note that if you list too few nodes here, or if you exclude too many exit
nodes with ExcludeExitNodes, you can degrade functionality. For example,
@@ -770,7 +776,7 @@ The following options are useful only for clients (that is, if
this option.
[[EntryNodes]] **EntryNodes** __node__,__node__,__...__::
- A list of identity fingerprints, nicknames, and country codes of nodes
+ A list of identity fingerprints and country codes of nodes
to use for the first hop in your normal circuits.
Normal circuits include all
circuits except for direct connections to directory servers. The Bridge
@@ -778,7 +784,8 @@ The following options are useful only for clients (that is, if
UseBridges is 1, the Bridges are used as your entry nodes. +
+
The ExcludeNodes option overrides this option: any node listed in both
- EntryNodes and ExcludeNodes is treated as excluded.
+ EntryNodes and ExcludeNodes is treated as excluded. See
+ the **ExcludeNodes** option for more information on how to specify nodes.
[[StrictNodes]] **StrictNodes** **0**|**1**::
If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as a
@@ -927,12 +934,14 @@ The following options are useful only for clients (that is, if
but it has not yet been completely constructed. (Default: 32)
[[NodeFamily]] **NodeFamily** __node__,__node__,__...__::
- The Tor servers, defined by their identity fingerprints or nicknames,
+ The Tor servers, defined by their identity fingerprints,
constitute a "family" of similar or co-administered servers, so never use
any two of them in the same circuit. Defining a NodeFamily is only needed
when a server doesn't list the family itself (with MyFamily). This option
- can be used multiple times. In addition to nodes, you can also list
- IP address and ranges and country codes in {curly braces}.
+ can be used multiple times; each instance defines a separate family. In
+ addition to nodes, you can also list IP address and ranges and country
+ codes in {curly braces}. See the **ExcludeNodes** option for more
+ information on how to specify nodes.
[[EnforceDistinctSubnets]] **EnforceDistinctSubnets** **0**|**1**::
If 1, Tor will not put two servers whose IP addresses are "too close" on
@@ -962,10 +971,10 @@ The following options are useful only for clients (that is, if
(SOCKS 4, SOCKS 5, TransPort connections, NATDPort connections,
and DNSPort requests are all considered to be different protocols.)
**IsolateDestPort**;;
- Don't share circuits with streams targetting a different
+ Don't share circuits with streams targeting a different
destination port.
**IsolateDestAddr**;;
- Don't share circuits with streams targetting a different
+ Don't share circuits with streams targeting a different
destination address.
**SessionGroup=**__INT__;;
If no other isolation rules would prevent it, allow streams
@@ -1016,7 +1025,7 @@ The following options are useful only for clients (that is, if
requests via this connection.
**PreferIPv6Automap**;;
When serving a hostname lookup request on this port that
- should get automapped (according to AutomapHostsOnResove),
+ should get automapped (according to AutomapHostsOnResolve),
if we could return either an IPv4 or an IPv6 answer, prefer
an IPv6 answer. (On by default.)
**PreferSOCKSNoAuth**;;
@@ -1090,7 +1099,7 @@ The following options are useful only for clients (that is, if
increases the odds that an adversary who owns some servers will observe a
fraction of your paths. (Default: 1)
-[[UseEntryGuardsAsDirectoryGuards]] **UseEntryGuardsAsDirectoryGuards** **0**|**1**::
+[[UseEntryGuardsAsDirGuards]] **UseEntryGuardsAsDirGuards** **0**|**1**::
If this option is set to 1, and UseEntryGuards is also set to 1,
we try to use our entry guards as directory
guards, and failing that, pick more nodes to act as our directory guards.
@@ -1101,12 +1110,16 @@ The following options are useful only for clients (that is, if
[[NumEntryGuards]] **NumEntryGuards** __NUM__::
If UseEntryGuards is set to 1, we will try to pick a total of NUM routers
- as long-term entries for our circuits. (Default: 3)
+ as long-term entries for our circuits. If NUM is 0, we try to learn
+ the number from the NumEntryGuards consensus parameter, and default
+ to 3 if the consensus parameter isn't set. (Default: 0)
[[NumDirectoryGuards]] **NumDirectoryGuards** __NUM__::
If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we
have at least NUM routers to use as directory guards. If this option
- is set to 0, use the value from NumEntryGuards. (Default: 0)
+ is set to 0, use the value from the NumDirectoryGuards consensus
+ parameter, falling back to the value from NumEntryGuards if the
+ consensus parameter is 0 or isn't set. (Default: 0)
[[GuardLifetime]] **GuardLifetime** __N__ **days**|**weeks**|**months**::
If nonzero, and UseEntryGuards is set, minimum time to keep a guard before
@@ -1196,7 +1209,7 @@ The following options are useful only for clients (that is, if
compatibility, TransListenAddress is only allowed when TransPort is just
a port number.)
-[[TransProxyType]] **TransProxyTYpe** **default**|**TPROXY**|**ipfw**|**pf-divert**::
+[[TransProxyType]] **TransProxyType** **default**|**TPROXY**|**ipfw**|**pf-divert**::
TransProxyType may only be enabled when there is transparent proxy listener
enabled.
+
@@ -1413,16 +1426,6 @@ The following options are useful only for clients (that is, if
Tor will use a default value chosen by the directory
authorities. (Default: -1.)
-[[Support022HiddenServices]] **Support022HiddenServices** **0**|**1**|**auto**::
- Tor hidden services running versions before 0.2.3.x required clients to
- send timestamps, which can potentially be used to distinguish clients
- whose view of the current time is skewed. If this option is set to 0, we
- do not send this timestamp, and hidden services on obsolete Tor versions
- will not work. If this option is set to 1, we send the timestamp. If
- this optoin is "auto", we take a recommendation from the latest consensus
- document. (Default: auto)
-
-
SERVER OPTIONS
--------------
@@ -1491,6 +1494,11 @@ is non-zero):
public (external) IP address. See RFC 1918 and RFC 3330 for more details
about internal and reserved IP address space. +
+
+ Tor also allow IPv6 exit policy entries. For instance, "reject6 [FC00::]/7:*"
+ rejects all destinations that share 7 most significant bit prefix with
+ address FC00::. Respectively, "accept6 [C000::]/3:*" accepts all destinations
+ that share 3 most significant bit prefix with address C000::. +
+ +
This directive can be specified multiple times so you don't have to put it
all on one line. +
+
@@ -1527,7 +1535,7 @@ is non-zero):
[[MyFamily]] **MyFamily** __node__,__node__,__...__::
Declare that this Tor server is controlled or administered by a group or
organization identical or similar to that of the other servers, defined by
- their identity fingerprints or nicknames. When two servers both declare
+ their identity fingerprints. When two servers both declare
that they are in the same \'family', Tor clients will not use them in the
same circuit. (Each server only needs to list the other servers in its
family; it doesn't need to list itself, but it won't hurt.) Do not list
@@ -1624,19 +1632,31 @@ is non-zero):
to 0 will disable the heartbeat. (Default: 6 hours)
[[AccountingMax]] **AccountingMax** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**KBits**|**MBits**|**GBits**|**TBytes**::
- Never send more than the specified number of bytes in a given accounting
- period, or receive more than that number in the period. For example, with
- AccountingMax set to 1 GByte, a server could send 900 MBytes and
- receive 800 MBytes and continue running. It will only hibernate once
- one of the two reaches 1 GByte. When the number of bytes gets low,
- Tor will stop accepting new connections and circuits. When the
- number of bytes is exhausted, Tor will hibernate until some
- time in the next accounting period. To prevent all servers from waking at
- the same time, Tor will also wait until a random point in each period
- before waking up. If you have bandwidth cost issues, enabling hibernation
- is preferable to setting a low bandwidth, since it provides users with a
- collection of fast servers that are up some of the time, which is more
- useful than a set of slow servers that are always "available".
+ Limits the max number of bytes sent and received within a set time period
+ using a given calculation rule (see: AccountingStart, AccountingRule).
+ Useful if you need to stay under a specific bandwidth. By default, the
+ number used for calculation is the max of either the bytes sent or
+ received. For example, with AccountingMax set to 1 GByte, a server
+ could send 900 MBytes and receive 800 MBytes and continue running.
+ It will only hibernate once one of the two reaches 1 GByte. This can
+ be changed to use the sum of the both bytes received and sent by setting
+ the AccountingRule option to "sum" (total bandwidth in/out). When the
+ number of bytes remaining gets low, Tor will stop accepting new connections
+ and circuits. When the number of bytes is exhausted, Tor will hibernate
+ until some time in the next accounting period. To prevent all servers
+ from waking at the same time, Tor will also wait until a random point
+ in each period before waking up. If you have bandwidth cost issues,
+ enabling hibernation is preferable to setting a low bandwidth, since
+ it provides users with a collection of fast servers that are up some
+ of the time, which is more useful than a set of slow servers that are
+ always "available".
+
+[[AccountingRule]] **AccountingRule** **sum**|**max**::
+ How we determine when our AccountingMax has been reached (when we
+ should hibernate) during a time interval. Set to "max" to calculate
+ using the higher of either the sent or received bytes (this is the
+ default functionality). Set to "sum" to calculate using the sent
+ plus received bytes. (Default: max)
[[AccountingStart]] **AccountingStart** **day**|**week**|**month** [__day__] __HH:MM__::
Specify how long accounting periods last. If **month** is given, each
@@ -1699,7 +1719,7 @@ is non-zero):
[[BridgeRecordUsageByCountry]] **BridgeRecordUsageByCountry** **0**|**1**::
When this option is enabled and BridgeRelay is also enabled, and we have
- GeoIP data, Tor keeps a keep a per-country count of how many client
+ GeoIP data, Tor keeps a per-country count of how many client
addresses have contacted it so that it can help the bridge authority guess
which countries have blocked access to it. (Default: 1)
@@ -1744,6 +1764,13 @@ is non-zero):
When this option is enabled, Tor writes statistics on the bidirectional use
of connections to disk every 24 hours. (Default: 0)
+[[HiddenServiceStatistics]] **HiddenServiceStatistics** **0**|**1**::
+ When this option is enabled, a Tor relay writes obfuscated
+ statistics on its role as hidden-service directory, introduction
+ point, or rendezvous point to disk every 24 hours. If
+ ExtraInfoStatistics is also enabled, these statistics are further
+ published to the directory authorities. (Default: 0)
+
[[ExtraInfoStatistics]] **ExtraInfoStatistics** **0**|**1**::
When this option is enabled, Tor includes previously gathered statistics in
its extra-info documents that it uploads to the directory authorities.
@@ -1761,7 +1788,8 @@ is non-zero):
it has recovered at least 10% of this memory. Do not set this option too
low, or your relay may be unreliable under load. This option only
affects some queues, so the actual process size will be larger than
- this. (Default: 8GB)
+ this. If this option is set to 0, Tor will try to pick a reasonable
+ default based on your system's physical memory. (Default: 0)
DIRECTORY SERVER OPTIONS
------------------------
@@ -1769,56 +1797,17 @@ DIRECTORY SERVER OPTIONS
The following options are useful only for directory servers (that is,
if DirPort is non-zero):
-[[AuthoritativeDirectory]] **AuthoritativeDirectory** **0**|**1**::
- When this option is set to 1, Tor operates as an authoritative directory
- server. Instead of caching the directory, it generates its own list of
- good servers, signs it, and sends that to the clients. Unless the clients
- already have you listed as a trusted directory, you probably do not want
- to set this option. Please coordinate with the other admins at
- tor-ops@torproject.org if you think you should be a directory.
-
[[DirPortFrontPage]] **DirPortFrontPage** __FILENAME__::
When this option is set, it takes an HTML file and publishes it as "/" on
the DirPort. Now relay operators can provide a disclaimer without needing
to set up a separate webserver. There's a sample disclaimer in
- contrib/tor-exit-notice.html.
-
-[[V3AuthoritativeDirectory]] **V3AuthoritativeDirectory** **0**|**1**::
- When this option is set in addition to **AuthoritativeDirectory**, Tor
- generates version 3 network statuses and serves descriptors, etc as
- described in doc/spec/dir-spec.txt (for Tor clients and servers running at
- least 0.2.0.x).
-
-[[VersioningAuthoritativeDirectory]] **VersioningAuthoritativeDirectory** **0**|**1**::
- When this option is set to 1, Tor adds information on which versions of
- Tor are still believed safe for use to the published directory. Each
- version 1 authority is automatically a versioning authority; version 2
- authorities provide this service optionally. See **RecommendedVersions**,
- **RecommendedClientVersions**, and **RecommendedServerVersions**.
-
-[[NamingAuthoritativeDirectory]] **NamingAuthoritativeDirectory** **0**|**1**::
- When this option is set to 1, then the server advertises that it has
- opinions about nickname-to-fingerprint bindings. It will include these
- opinions in its published network-status pages, by listing servers with
- the flag "Named" if a correct binding between that nickname and fingerprint
- has been registered with the dirserver. Naming dirservers will refuse to
- accept or publish descriptors that contradict a registered binding. See
- **approved-routers** in the **FILES** section below.
+ contrib/operator-tools/tor-exit-notice.html.
[[HidServDirectoryV2]] **HidServDirectoryV2** **0**|**1**::
When this option is set, Tor accepts and serves v2 hidden service
descriptors. Setting DirPort is not required for this, because clients
connect via the ORPort by default. (Default: 1)
-[[BridgeAuthoritativeDir]] **BridgeAuthoritativeDir** **0**|**1**::
- When this option is set in addition to **AuthoritativeDirectory**, Tor
- accepts and serves router descriptors, but it caches and serves the main
- networkstatus documents rather than generating its own. (Default: 0)
-
-[[MinUptimeHidServDirectoryV2]] **MinUptimeHidServDirectoryV2** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
- Minimum uptime of a v2 hidden service directory to be accepted as such by
- authoritative directories. (Default: 25 hours)
-
[[DirPort]] **DirPort** \['address':]__PORT__|**auto** [_flags_]::
If this option is nonzero, advertise the directory service on this port.
Set it to "auto" to have Tor pick a port for you. This option can occur
@@ -1842,15 +1831,36 @@ if DirPort is non-zero):
except that port specifiers are ignored. Any address not matched by
some entry in the policy is accepted.
-[[FetchV2Networkstatus]] **FetchV2Networkstatus** **0**|**1**::
- If set, we try to fetch the (obsolete, unused) version 2 network status
- consensus documents from the directory authorities. No currently
- supported Tor version uses them. (Default: 0)
-
DIRECTORY AUTHORITY SERVER OPTIONS
----------------------------------
+The following options enable operation as a directory authority, and
+control how Tor behaves as a directory authority. You should not need
+to adjust any of them if you're running a regular relay or exit server
+on the public Tor network.
+
+[[AuthoritativeDirectory]] **AuthoritativeDirectory** **0**|**1**::
+ When this option is set to 1, Tor operates as an authoritative directory
+ server. Instead of caching the directory, it generates its own list of
+ good servers, signs it, and sends that to the clients. Unless the clients
+ already have you listed as a trusted directory, you probably do not want
+ to set this option. Please coordinate with the other admins at
+ tor-ops@torproject.org if you think you should be a directory.
+
+[[V3AuthoritativeDirectory]] **V3AuthoritativeDirectory** **0**|**1**::
+ When this option is set in addition to **AuthoritativeDirectory**, Tor
+ generates version 3 network statuses and serves descriptors, etc as
+ described in doc/spec/dir-spec.txt (for Tor clients and servers running at
+ least 0.2.0.x).
+
+[[VersioningAuthoritativeDirectory]] **VersioningAuthoritativeDirectory** **0**|**1**::
+ When this option is set to 1, Tor adds information on which versions of
+ Tor are still believed safe for use to the published directory. Each
+ version 1 authority is automatically a versioning authority; version 2
+ authorities provide this service optionally. See **RecommendedVersions**,
+ **RecommendedClientVersions**, and **RecommendedServerVersions**.
+
[[RecommendedVersions]] **RecommendedVersions** __STRING__::
STRING is a comma-separated list of Tor versions currently believed to be
safe. The list is included in each directory, and nodes which pull down the
@@ -1865,6 +1875,15 @@ DIRECTORY AUTHORITY SERVER OPTIONS
is used. When this is set then **VersioningAuthoritativeDirectory** should
be set too.
+[[BridgeAuthoritativeDir]] **BridgeAuthoritativeDir** **0**|**1**::
+ When this option is set in addition to **AuthoritativeDirectory**, Tor
+ accepts and serves router descriptors, but it caches and serves the main
+ networkstatus documents rather than generating its own. (Default: 0)
+
+[[MinUptimeHidServDirectoryV2]] **MinUptimeHidServDirectoryV2** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
+ Minimum uptime of a v2 hidden service directory to be accepted as such by
+ authoritative directories. (Default: 25 hours)
+
[[RecommendedServerVersions]] **RecommendedServerVersions** __STRING__::
STRING is a comma-separated list of Tor versions currently believed to be
safe for servers to use. This information is included in version 2
@@ -1881,20 +1900,15 @@ DIRECTORY AUTHORITY SERVER OPTIONS
elements. Otherwise, if the address is not an IP address or is a private IP
address, it will reject the router descriptor. (Default: 0)
-[[AuthDirBadDir]] **AuthDirBadDir** __AddressPattern...__::
+[[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__::
Authoritative directories only. A set of address patterns for servers that
- will be listed as bad directories in any network status document this
- authority publishes, if **AuthDirListBadDirs** is set. +
+ will be listed as bad exits in any network status document this authority
+ publishes, if **AuthDirListBadExits** is set.
+
(The address pattern syntax here and in the options below
is the same as for exit policies, except that you don't need to say
"accept" or "reject", and ports are not needed.)
-[[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__::
- Authoritative directories only. A set of address patterns for servers that
- will be listed as bad exits in any network status document this authority
- publishes, if **AuthDirListBadExits** is set.
-
[[AuthDirInvalid]] **AuthDirInvalid** __AddressPattern...__::
Authoritative directories only. A set of address patterns for servers that
will never be listed as "valid" in any network status document that this
@@ -1906,8 +1920,6 @@ DIRECTORY AUTHORITY SERVER OPTIONS
authority publishes, or accepted as an OR address in any descriptor
submitted for publication by this authority.
-[[AuthDirBadDirCCs]] **AuthDirBadDirCCs** __CC__,... +
-
[[AuthDirBadExitCCs]] **AuthDirBadExitCCs** __CC__,... +
[[AuthDirInvalidCCs]] **AuthDirInvalidCCs** __CC__,... +
@@ -1915,28 +1927,15 @@ DIRECTORY AUTHORITY SERVER OPTIONS
[[AuthDirRejectCCs]] **AuthDirRejectCCs** __CC__,...::
Authoritative directories only. These options contain a comma-separated
list of country codes such that any server in one of those country codes
- will be marked as a bad directory/bad exit/invalid for use, or rejected
+ will be marked as a bad exit/invalid for use, or rejected
entirely.
-[[AuthDirListBadDirs]] **AuthDirListBadDirs** **0**|**1**::
- Authoritative directories only. If set to 1, this directory has some
- opinion about which nodes are unsuitable as directory caches. (Do not set
- this to 1 unless you plan to list non-functioning directories as bad;
- otherwise, you are effectively voting in favor of every declared
- directory.)
-
[[AuthDirListBadExits]] **AuthDirListBadExits** **0**|**1**::
Authoritative directories only. If set to 1, this directory has some
opinion about which nodes are unsuitable as exit nodes. (Do not set this to
1 unless you plan to list non-functioning exits as bad; otherwise, you are
effectively voting in favor of every declared exit as an exit.)
-[[AuthDirRejectUnlisted]] **AuthDirRejectUnlisted** **0**|**1**::
- Authoritative directories only. If set to 1, the directory server rejects
- all uploaded server descriptors that aren't explicitly listed in the
- fingerprints file. This acts as a "panic button" if we get hit with a Sybil
- attack. (Default: 0)
-
[[AuthDirMaxServersPerAddr]] **AuthDirMaxServersPerAddr** __NUM__::
Authoritative directories only. The maximum number of servers that we will
list as acceptable on a single IP address. Set this to "0" for "no limit".
@@ -2018,6 +2017,12 @@ DIRECTORY AUTHORITY SERVER OPTIONS
When set to 1, IPv6 OR ports are being tested just like IPv4 OR
ports. (Default: 0)
+[[MinMeasuredBWsForAuthToIgnoreAdvertised]] **MinMeasuredBWsForAuthToIgnoreAdvertised** __N__::
+ A total value, in abstract bandwidth units, describing how much
+ measured total bandwidth an authority should have observed on the network
+ before it will treat advertised bandwidths as wholly
+ unreliable. (Default: 500)
+
HIDDEN SERVICE OPTIONS
----------------------
@@ -2027,13 +2032,19 @@ The following options are used to configure a hidden service.
Store data files for a hidden service in DIRECTORY. Every hidden service
must have a separate directory. You may use this option multiple times to
specify multiple services. DIRECTORY must be an existing directory.
+ (Note: in current versions of Tor, if DIRECTORY is a relative path,
+ it will be relative to current
+ working directory of Tor instance, not to its DataDirectory. Do not
+ rely on this behavior; it is not guaranteed to remain the same in future
+ versions.)
[[HiddenServicePort]] **HiddenServicePort** __VIRTPORT__ [__TARGET__]::
Configure a virtual port VIRTPORT for a hidden service. You may use this
option multiple times; each time applies to the service using the most
- recent hiddenservicedir. By default, this option maps the virtual port to
+ recent HiddenServiceDir. By default, this option maps the virtual port to
the same port on 127.0.0.1 over TCP. You may override the target port,
address, or both by specifying a target of addr, port, or addr:port.
+ (You can specify an IPv6 target as [addr]:port.)
You may also have multiple lines with the same VIRTPORT: when a user
connects to that VIRTPORT, one of the TARGETs from those lines will be
chosen at random.
@@ -2065,6 +2076,12 @@ The following options are used to configure a hidden service.
service descriptors to the directory servers. This information is also
uploaded whenever it changes. (Default: 1 hour)
+[[HiddenServiceDirGroupReadable]] **HiddenServiceDirGroupReadable** **0**|**1**::
+ If this option is set to 1, allow the filesystem group to read the
+ hidden service directory and hostname file. If the option is set to 0,
+ only owner is able to read the hidden service directory. (Default: 0)
+ Has no effect on Windows.
+
TESTING NETWORK OPTIONS
-----------------------
@@ -2196,8 +2213,18 @@ The following options are used for running a testing Tor network.
Try this often to download a v3 authority certificate before giving up.
Changing this requires that **TestingTorNetwork** is set. (Default: 8)
-**TestingDirAuthVoteGuard** __node__,__node__,__...__::
- A list of identity fingerprints, nicknames, country codes and
+[[TestingDirAuthVoteExit]] **TestingDirAuthVoteExit** __node__,__node__,__...__::
+ A list of identity fingerprints, country codes, and
+ address patterns of nodes to vote Exit for regardless of their
+ uptime, bandwidth, or exit policy. See the **ExcludeNodes**
+ option for more information on how to specify nodes.
+ +
+ In order for this option to have any effect, **TestingTorNetwork**
+ has to be set. See the **ExcludeNodes** option for more
+ information on how to specify nodes.
+
+[[TestingDirAuthVoteGuard]] **TestingDirAuthVoteGuard** __node__,__node__,__...__::
+ A list of identity fingerprints and country codes and
address patterns of nodes to vote Guard for regardless of their
uptime and bandwidth. See the **ExcludeNodes** option for more
information on how to specify nodes.
@@ -2220,6 +2247,10 @@ The following options are used for running a testing Tor network.
events. Changing this requires that **TestingTorNetwork** is set.
(Default: 0)
+[[TestingMinExitFlagThreshold]] **TestingMinExitFlagThreshold** __N__ **KBytes**|**MBytes**|**GBytes**|**KBits**|**MBits**|**GBits**::
+ Sets a lower-bound for assigning an exit flag when running as an
+ authority on a testing network. Overrides the usual default lower bound
+ of 4 KB. (Default: 0)
SIGNALS
-------
@@ -2334,16 +2365,6 @@ __DataDirectory__**/hashed-fingerprint**::
Only used by bridges. Holds the hashed fingerprint of the bridge's
identity key. (That is, the hash of the hash of the identity key.)
-__DataDirectory__**/approved-routers**::
- Only for naming authoritative directory servers (see
- **NamingAuthoritativeDirectory**). This file lists nickname to identity
- bindings. Each line lists a nickname and a fingerprint separated by
- whitespace. See your **fingerprint** file in the __DataDirectory__ for an
- example line. If the nickname is **!reject** then descriptors from the
- given identity (fingerprint) are rejected by this server. If it is
- **!invalid** then descriptors are accepted but marked in the directory as
- not valid, that is, not recommended.
-
__DataDirectory__**/v3-status-votes**::
Only for authoritative directory servers. This file contains status votes
from all the authoritative directory servers and is used to generate the
@@ -2367,30 +2388,35 @@ __DataDirectory__**/router-stability**::
router mean-time-between-failures so that authorities have a good idea of
how to set their Stable flags.
-__DataDirectory__**/status/dirreq-stats**::
+__DataDirectory__**/stats/dirreq-stats**::
Only used by directory caches and authorities. This file is used to
collect directory request statistics.
-__DataDirectory__**/status/entry-stats**::
+__DataDirectory__**/stats/entry-stats**::
Only used by servers. This file is used to collect incoming connection
statistics by Tor entry nodes.
-__DataDirectory__**/status/bridge-stats**::
+__DataDirectory__**/stats/bridge-stats**::
Only used by servers. This file is used to collect incoming connection
statistics by Tor bridges.
-__DataDirectory__**/status/exit-stats**::
+__DataDirectory__**/stats/exit-stats**::
Only used by servers. This file is used to collect outgoing connection
statistics by Tor exit routers.
-__DataDirectory__**/status/buffer-stats**::
+__DataDirectory__**/stats/buffer-stats**::
Only used by servers. This file is used to collect buffer usage
history.
-__DataDirectory__**/status/conn-stats**::
+__DataDirectory__**/stats/conn-stats**::
Only used by servers. This file is used to collect approximate connection
history (number of active connections over time).
+__DataDirectory__**/networkstatus-bridges**::
+ Only used by authoritative bridge directories. Contains information
+ about bridges that have self-reported themselves to the bridge
+ authority.
+
__HiddenServiceDirectory__**/hostname**::
The <base32-encoded-fingerprint>.onion domain name for this hidden service.
If the hidden service is restricted to authorized clients only, this file
@@ -2405,7 +2431,7 @@ __HiddenServiceDirectory__**/client_keys**::
SEE ALSO
--------
-**privoxy**(1), **torsocks**(1), **torify**(1) +
+**torsocks**(1), **torify**(1) +
**https://www.torproject.org/**