diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/Makefile.am | 24 | ||||
-rwxr-xr-x | doc/asciidoc-helper.sh | 3 | ||||
-rw-r--r-- | doc/tor-fw-helper.1.txt | 68 | ||||
-rw-r--r-- | doc/tor.1.txt | 56 |
4 files changed, 136 insertions, 15 deletions
diff --git a/doc/Makefile.am b/doc/Makefile.am index bc3d8df475..d8d9fbefc2 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -12,15 +12,21 @@ # part of the source distribution, so that people without asciidoc can # just use the .1 and .html files. +regular_mans = tor tor-gencert tor-resolve torify +all_mans = $(regular_mans) tor-fw-helper + if USE_ASCIIDOC -asciidoc_files = tor tor-gencert tor-resolve torify -html_in = $(asciidoc_files:=.html.in) -man_in = $(asciidoc_files:=.1.in) -txt_in = $(asciidoc_files:=.1.txt) -nodist_man_MANS = $(asciidoc_files:=.1) -doc_DATA = $(asciidoc_files:=.html) +if USE_FW_HELPER +nodist_man_MANS = $(all_mans:=.1) +doc_DATA = $(all_mans:=.html) +else +nodist_man_MANS = $(regular_mans:=.1) +doc_DATA = $(regular_mans:=.html) +endif +html_in = $(all_mans:=.html.in) +man_in = $(all_mans:=.1.in) +txt_in = $(all_mans:=.1.txt) else -asciidoc_files = html_in = man_in = txt_in = @@ -46,6 +52,7 @@ tor.html.in : tor.1.txt torify.html.in : torify.1.txt tor-gencert.html.in : tor-gencert.1.txt tor-resolve.html.in : tor-resolve.1.txt +tor-fw-helper.html.in : tor-fw-helper.1.txt # Generate the manpage from asciidoc, but don't do # machine-specific replacements yet @@ -56,6 +63,7 @@ tor.1.in : tor.1.txt torify.1.in : torify.1.txt tor-gencert.1.in : tor-gencert.1.txt tor-resolve.1.in : tor-resolve.1.txt +tor-fw-helper.1.in : tor-fw-helper.1.txt # use ../config.status to swap all machine-specific magic strings # in the asciidoc with their replacements. @@ -69,10 +77,12 @@ tor.1 : tor.1.in torify.1 : torify.1.in tor-gencert.1 : tor-gencert.1.in tor-resolve.1 : tor-resolve.1.in +tor-fw-helper.1 : tor-fw-helper.1.in tor.html : tor.html.in torify.html : torify.html.in tor-gencert.html : tor-gencert.html.in tor-resolve.html : tor-resolve.html.in +tor-fw-helper.html : tor-fw-helper.html.in CLEANFILES = $(asciidoc_product) config.log DISTCLEANFILES = $(html_in) $(man_in) diff --git a/doc/asciidoc-helper.sh b/doc/asciidoc-helper.sh index 00f8b8d07f..33e1360a71 100755 --- a/doc/asciidoc-helper.sh +++ b/doc/asciidoc-helper.sh @@ -17,6 +17,7 @@ output=$3 if [ "$1" = "html" ]; then input=${output%%.html.in}.1.txt base=${output%%.html.in} + if [ "$2" != none ]; then "$2" -d manpage -o $output $input; else @@ -32,7 +33,7 @@ if [ "$1" = "html" ]; then elif [ "$1" = "man" ]; then input=${output%%.1.in}.1.txt base=${output%%.1.in} - + if test "$2" = none; then echo "=================================="; echo; diff --git a/doc/tor-fw-helper.1.txt b/doc/tor-fw-helper.1.txt new file mode 100644 index 0000000000..49b0910380 --- /dev/null +++ b/doc/tor-fw-helper.1.txt @@ -0,0 +1,68 @@ +// Copyright (c) The Tor Project, Inc. +// See LICENSE for licensing information +// This is an asciidoc file used to generate the manpage/html reference. +// Learn asciidoc on http://www.methods.co.nz/asciidoc/userguide.html +tor-fw-helper(1) +================ +Jacob Appelbaum + +NAME +---- +tor-fw-helper - Manage upstream firewall/NAT devices + +SYNOPSIS +-------- +**tor-fw-helper** [-h|--help] [-T|--test] [-v|--verbose] [-g|--fetch-public-ip] + -i|--internal-or-port __TCP port__ [-e|--external-or-port _TCP port_] + [-d|--internal-dir-port _TCP port_] [-p|--external-dir-port _TCP port_] + +DESCRIPTION +----------- +**tor-fw-helper** currently supports Apple's NAT-PMP protocol and the UPnP +standard for TCP port mapping. It is written as the reference implementation of +tor-fw-helper-spec.txt and conforms to that loose plugin API. If your network +supports either NAT-PMP or UPnP, tor-fw-helper will attempt to automatically +map the required TCP ports for Tor's Or and Dir ports. + + +OPTIONS +------- +**-h** or **--help**:: + Display help text and exit. + +**-v**:: + Display verbose output. + +**-T** or **--test**:: + Display test information and print the test information in + tor-fw-helper.log + +**-g** or **--fetch-public-ip**:: + Fetch the the public ip address for each supported NAT helper method. + +**-i** or **--internal-or-port** __port__:: + Inform **tor-fw-helper** of your internal OR port. This is the only + required argument. + +**-e** or **--external-or-port** __port__:: + Inform **tor-fw-helper** of your external OR port. + +**-d** or **--internal-dir-port** __port__:: + Inform **tor-fw-helper** of your internal Dir port. + +**-p** or **--external-dir-port** __port__:: + Inform **tor-fw-helper** of your external Dir port. + +BUGS +---- +This probably doesn't run on Windows. That's not a big issue, since we don't +really want to deal with Windows before October 2010 anyway. + +SEE ALSO +-------- +**tor**(1) + + +See also the "tor-fw-helper-spec.txt" file, distributed with Tor. + +AUTHORS +------- + Jacob Appelbaum <jacob@torproject.org>, Steven J. Murdoch <Steven.Murdoch@cl.cam.ac.uk> diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 8f80c9fde6..9607632e1d 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -388,6 +388,13 @@ Other options can be specified either on the command-line (--option on Windows; instead you should use the --service command-line option. (Default: 0) +**LogTimeGranularity** __NUM__:: + Set the resolution of timestamps in Tor's logs to NUM milliseconds. + NUM must be positive and either a divisor or a multiple of 1 second. + Note that this option only controls the granularity written by Tor to + a file or console log. Tor does not (for example) "batch up" log + messages to affect times logged by a controller, times attached to + syslog messages, or the mtime fields on log files. (Default: 1 second) **SafeLogging** **0**|**1**|**relay**:: Tor can scrub potentially sensitive strings from log messages (e.g. @@ -442,6 +449,17 @@ Other options can be specified either on the command-line (--option networkstatus. This is an advanced option; you generally shouldn't have to mess with it. (Default: not set.) +**DisableIOCP** **0**|**1**:: + If Tor was built to use the Libevent's "bufferevents" networking code + and you're running on Windows, setting this option to 1 will tell Libevent + not to use the Windows IOCP networking API. (Default: 1) + +**CountPrivateBandwidth** **0**|**1**:: + If this option is set, then Tor's rate-limiting applies not only to + remote connections, but also to connections to private addresses like + 127.0.0.1 or 10.0.0.1. This is mostly useful for debugging + rate-limiting. (Default: 0) + CLIENT OPTIONS -------------- @@ -530,7 +548,6 @@ The following options are useful only for clients (that is, if node listed in ExcludeNodes is automatically considered to be part of this list too. See also the caveats on the "ExitNodes" option below. - **ExitNodes** __node__,__node__,__...__:: A list of identity fingerprints, nicknames, country codes and address patterns of nodes to use as exit node---that is, a @@ -555,9 +572,9 @@ The following options are useful only for clients (that is, if this option. **EntryNodes** __node__,__node__,__...__:: - A list of identity fingerprints and nicknames of nodes - to use for the first hop in your normal circuits. (Country codes and - address patterns are not yet supported.) Normal circuits include all + A list of identity fingerprints, nicknames, and country codes of nodes + to use for the first hop in your normal circuits. + Normal circuits include all circuits except for direct connections to directory servers. The Bridge option overrides this option; if you have configured bridges and UseBridges is 1, the Bridges are used as your entry nodes. + @@ -634,7 +651,7 @@ The following options are useful only for clients (that is, if (e.g. chat and interactive shells). Circuits for streams that use these ports will contain only high-uptime nodes, to reduce the chance that a node will go down before the stream is finished. (Default: 21, 22, 706, 1863, - 5050, 5190, 5222, 5223, 6667, 6697, 8300) + 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8300) **MapAddress** __address__ __newaddress__:: When a request for address arrives to Tor, it will rewrite it to newaddress @@ -657,7 +674,8 @@ The following options are useful only for clients (that is, if constitute a "family" of similar or co-administered servers, so never use any two of them in the same circuit. Defining a NodeFamily is only needed when a server doesn't list the family itself (with MyFamily). This option - can be used multiple times. + can be used multiple times. In addition to nodes, you can also list + IP address and ranges and country codes in {curly braces}. **EnforceDistinctSubnets** **0**|**1**:: If 1, Tor will not put two servers whose IP addresses are "too close" on @@ -964,7 +982,9 @@ is non-zero): characters inclusive, and must contain only the characters [a-zA-Z0-9]. **NumCPUs** __num__:: - How many processes to use at once for decrypting onionskins. (Default: 1) + How many processes to use at once for decrypting onionskins and other + parallelizable operations. If this is set to 0, Tor will try to detect + how many CPUs you have, defaulting to 1 if it can't tell. (Default: 0) **ORPort** __PORT__|**auto**:: Advertise this port to listen for connections from Tor clients and @@ -977,6 +997,18 @@ is non-zero): specified in ORPort. (Default: 0.0.0.0) This directive can be specified multiple times to bind to multiple addresses/ports. +**PortForwarding** **0**|**1**:: + Attempt to automatically forward the DirPort and ORPort on a NAT router + connecting this Tor server to the Internet. If set, Tor will try both + NAT-PMP (common on Apple routers) and UPnP (common on routers from other + manufacturers). (Default: 0) + +**PortForwardingHelper** __filename__|__pathname__:: + If PortForwarding is set, use this executable to configure the forwarding. + If set to a filename, the system path will be searched for the executable. + If set to a path, only the specified path will be executed. + (Default: tor-fw-helper) + **PublishServerDescriptor** **0**|**1**|**v1**|**v2**|**v3**|**bridge**,**...**:: This option specifies which descriptors Tor will publish when acting as a relay. You can @@ -996,6 +1028,11 @@ is non-zero): seconds, we exit. If we get a second SIGINT, we exit immedi- ately. (Default: 30 seconds) +**HeartbeatPeriod** __N__ **minutes**|**hours**|**days**|**weeks**:: + Log a heartbeat message every **HeartbeatPeriod** seconds. This is + a log level __info__ message, designed to let you know your Tor + server is still alive and doing useful things. Settings this + to 0 will disable the heartbeat. (Default: 6 hours) **AccountingMax** __N__ **bytes**|**KB**|**MB**|**GB**|**TB**:: Never send more than the specified number of bytes in a given accounting @@ -1104,6 +1141,10 @@ is non-zero): When this option is enabled, Tor writes statistics on the number of relayed bytes and opened stream per exit port to disk every 24 hours. (Default: 0) +**ConnDirectionStatistics** **0**|**1**:: + When this option is enabled, Tor writes statistics on the bidirectional use + of connections to disk every 24 hours. (Default: 0) + **ExtraInfoStatistics** **0**|**1**:: When this option is enabled, Tor includes previously gathered statistics in its extra-info documents that it uploads to the directory authorities. @@ -1396,6 +1437,7 @@ The following options are used for running a testing Tor network. AuthDirMaxServersPerAuthAddr 0 ClientDNSRejectInternalAddresses 0 ClientRejectInternalAddresses 0 + CountPrivateBandwidth 1 ExitPolicyRejectPrivate 0 V3AuthVotingInterval 5 minutes V3AuthVoteDelay 20 seconds |