From 87a0e733d1d4c65cf4919eaf8f1cc3b4039b21d6 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Sat, 30 Oct 2010 00:03:10 +0200 Subject: Fix a typo in the manpage --- doc/tor.1.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index df2b17ed08..d73620d8bd 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -110,7 +110,7 @@ Other options can be specified either on the command-line (--option You should never need to change this value, since a network-wide value is published in the consensus and your relay will use that value. (Default: 0) -**ConLimit** __NUM__:: +**ConnLimit** __NUM__:: The minimum number of file descriptors that must be available to the Tor process before it will start. Tor will ask the OS for as many file descriptors as the OS will allow (you can find this by "ulimit -H -n"). -- cgit v1.2.3-54-g00ecf From 556a1b9e459d28b5f37fa012176d6931fe721844 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Sat, 30 Oct 2010 06:08:47 +0200 Subject: Change Natd into NATD in our options. Breaking this out of the last commit because this might be more controversial. --- doc/spec/address-spec.txt | 2 +- doc/tor.1.txt | 2 +- src/or/config.c | 20 ++++++++++---------- src/or/connection.c | 4 ++-- src/or/connection_edge.c | 8 ++++---- src/or/or.h | 4 ++-- src/or/router.c | 2 +- 7 files changed, 21 insertions(+), 21 deletions(-) (limited to 'doc') diff --git a/doc/spec/address-spec.txt b/doc/spec/address-spec.txt index 2e1aff2b8a..ce6d2b65e7 100644 --- a/doc/spec/address-spec.txt +++ b/doc/spec/address-spec.txt @@ -12,7 +12,7 @@ These hostnames can be passed to Tor as the address part of a SOCKS4a or SOCKS5 request. If the application is connected to Tor using an IP-only - method (such as SOCKS4, TransPort, or NatdPort), these hostnames can be + method (such as SOCKS4, TransPort, or NATDPort), these hostnames can be substituted for certain IP addresses using the MapAddress configuration option or the MAPADDRESS control command. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index d73620d8bd..e1baf30cd9 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -670,7 +670,7 @@ The following options are useful only for clients (that is, if **AllowDotExit** **0**|**1**:: If enabled, we convert "www.google.com.foo.exit" addresses on the - SocksPort/TransPort/NatdPort into "www.google.com" addresses that exit from + SocksPort/TransPort/NATDPort into "www.google.com" addresses that exit from the node "foo". Disabled by default since attacking websites and exit relays can use it to manipulate your path selection. (Default: 0) diff --git a/src/or/config.c b/src/or/config.c index 1339dd1a98..c28cf58aeb 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -300,8 +300,8 @@ static config_var_t _option_vars[] = { V(MyFamily, STRING, NULL), V(NewCircuitPeriod, INTERVAL, "30 seconds"), VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"), - V(NatdListenAddress, LINELIST, NULL), - V(NatdPort, UINT, "0"), + V(NATDListenAddress, LINELIST, NULL), + V(NATDPort, UINT, "0"), V(Nickname, STRING, NULL), V(WarnUnsafeSocks, BOOL, "1"), V(NoPublish, BOOL, "0"), @@ -2918,8 +2918,8 @@ options_validate(or_options_t *old_options, or_options_t *options, if (options->TransPort == 0 && options->TransListenAddress != NULL) REJECT("TransPort must be defined if TransListenAddress is defined."); - if (options->NatdPort == 0 && options->NatdListenAddress != NULL) - REJECT("NatdPort must be defined if NatdListenAddress is defined."); + if (options->NATDPort == 0 && options->NATDListenAddress != NULL) + REJECT("NATDPort must be defined if NATDListenAddress is defined."); /* Don't gripe about SocksPort 0 with SocksListenAddress set; a standard * configuration does this. */ @@ -2938,8 +2938,8 @@ options_validate(or_options_t *old_options, or_options_t *options, old = old_options ? old_options->TransListenAddress : NULL; tp = "transparent proxy"; } else { - opt = options->NatdListenAddress; - old = old_options ? old_options->NatdListenAddress : NULL; + opt = options->NATDListenAddress; + old = old_options ? old_options->NATDListenAddress : NULL; tp = "natd proxy"; } @@ -3031,14 +3031,14 @@ options_validate(or_options_t *old_options, or_options_t *options, if (options->TransPort < 0 || options->TransPort > 65535) REJECT("TransPort option out of bounds."); - if (options->NatdPort < 0 || options->NatdPort > 65535) - REJECT("NatdPort option out of bounds."); + if (options->NATDPort < 0 || options->NATDPort > 65535) + REJECT("NATDPort option out of bounds."); if (options->SocksPort == 0 && options->TransPort == 0 && - options->NatdPort == 0 && options->ORPort == 0 && + options->NATDPort == 0 && options->ORPort == 0 && options->DNSPort == 0 && !options->RendConfigLines) log(LOG_WARN, LD_CONFIG, - "SocksPort, TransPort, NatdPort, DNSPort, and ORPort are all " + "SocksPort, TransPort, NATDPort, DNSPort, and ORPort are all " "undefined, and there aren't any hidden services configured. " "Tor will still run, but probably won't do anything."); diff --git a/src/or/connection.c b/src/or/connection.c index c19632daef..85cede856c 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -1862,8 +1862,8 @@ retry_all_listeners(smartlist_t *replaced_conns, replaced_conns, new_conns, 0, AF_INET)<0) return -1; - if (retry_listeners(CONN_TYPE_AP_NATD_LISTENER, options->NatdListenAddress, - options->NatdPort, "127.0.0.1", + if (retry_listeners(CONN_TYPE_AP_NATD_LISTENER, options->NATDListenAddress, + options->NATDPort, "127.0.0.1", replaced_conns, new_conns, 0, AF_INET)<0) return -1; diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 0970cda4b9..cc040b1780 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2001,13 +2001,13 @@ connection_ap_process_natd(edge_connection_t *conn) if (err == 0) return 0; if (err < 0) { - log_warn(LD_APP,"Natd handshake failed (DEST too long). Closing"); + log_warn(LD_APP,"NATD handshake failed (DEST too long). Closing"); connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST); return -1; } if (strcmpstart(tmp_buf, "[DEST ")) { - log_warn(LD_APP,"Natd handshake was ill-formed; closing. The client " + log_warn(LD_APP,"NATD handshake was ill-formed; closing. The client " "said: %s", escaped(tmp_buf)); connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST); @@ -2016,7 +2016,7 @@ connection_ap_process_natd(edge_connection_t *conn) daddr = tbuf = &tmp_buf[0] + 6; /* after end of "[DEST " */ if (!(tbuf = strchr(tbuf, ' '))) { - log_warn(LD_APP,"Natd handshake was ill-formed; closing. The client " + log_warn(LD_APP,"NATD handshake was ill-formed; closing. The client " "said: %s", escaped(tmp_buf)); connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST); @@ -2030,7 +2030,7 @@ connection_ap_process_natd(edge_connection_t *conn) socks->port = (uint16_t) tor_parse_long(tbuf, 10, 1, 65535, &port_ok, &daddr); if (!port_ok) { - log_warn(LD_APP,"Natd handshake failed; port %s is ill-formed or out " + log_warn(LD_APP,"NATD handshake failed; port %s is ill-formed or out " "of range.", escaped(tbuf)); connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST); return -1; diff --git a/src/or/or.h b/src/or/or.h index 14f050deb0..7f5f68ee52 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2379,7 +2379,7 @@ typedef struct { * connections. */ config_line_t *TransListenAddress; /** Addresses to bind for listening for transparent natd connections */ - config_line_t *NatdListenAddress; + config_line_t *NATDListenAddress; /** Addresses to bind for listening for SOCKS connections. */ config_line_t *DNSListenAddress; /** Addresses to bind for listening for OR connections. */ @@ -2403,7 +2403,7 @@ typedef struct { int SocksPort; /**< Port to listen on for SOCKS connections. */ /** Port to listen on for transparent pf/netfilter connections. */ int TransPort; - int NatdPort; /**< Port to listen on for transparent natd connections. */ + int NATDPort; /**< Port to listen on for transparent natd connections. */ int ControlPort; /**< Port to listen on for control connections. */ config_line_t *ControlSocket; /**< List of Unix Domain Sockets to listen on * for control connections. */ diff --git a/src/or/router.c b/src/or/router.c index 725a515e0c..af248c6554 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -1099,7 +1099,7 @@ proxy_mode(or_options_t *options) { return (options->SocksPort != 0 || options->SocksListenAddress || options->TransPort != 0 || options->TransListenAddress || - options->NatdPort != 0 || options->NatdListenAddress || + options->NATDPort != 0 || options->NATDListenAddress || options->DNSPort != 0 || options->DNSListenAddress); } -- cgit v1.2.3-54-g00ecf From 6de673076f0f26415fcd515864279a16e3d83f1a Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Sat, 30 Oct 2010 11:04:21 +0200 Subject: Add V3BandwidthsFile to the manpage --- doc/tor.1.txt | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'doc') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index e1baf30cd9..b827fbe8e3 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1189,6 +1189,11 @@ DIRECTORY AUTHORITY SERVER OPTIONS server's preferred number, but the consensus of all preferences. Must be at least 2. (Default: 3.) +**V3BandwidthsFile** __FILENAME__:: + V3 authoritative directories only. Configures the location of the + bandiwdth-authority generated file storing information on relays' measured + bandwidth capacities. (Default: unset.) + HIDDEN SERVICE OPTIONS ---------------------- -- cgit v1.2.3-54-g00ecf From 0b05f05bbf83de7d00a8b4586685d2d52e7e2ac9 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Fri, 22 Oct 2010 23:37:54 +0200 Subject: Improve documentation for RelayBandwdith* options Jesse Adelman noticed that we don't currently describe what happens very well. --- doc/tor.1.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index b827fbe8e3..1511eb894b 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -89,14 +89,14 @@ Other options can be specified either on the command-line (--option without impacting network performance. **RelayBandwidthRate** __N__ **bytes**|**KB**|**MB**|**GB**:: - If defined, a separate token bucket limits the average incoming bandwidth + If not 0, a separate token bucket limits the average incoming bandwidth usage for \_relayed traffic_ on this node to the specified number of bytes per second, and the average outgoing bandwidth usage to that same value. Relayed traffic currently is calculated to include answers to directory requests, but that may change in future versions. (Default: 0) **RelayBandwidthBurst** __N__ **bytes**|**KB**|**MB**|**GB**:: - Limit the maximum token bucket size (also known as the burst) for + If not 0, limit the maximum token bucket size (also known as the burst) for \_relayed traffic_ to the given number of bytes in each direction. (Default: 0) -- cgit v1.2.3-54-g00ecf From bae80eef4b5be05225e702e660831caf0a55bec5 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Thu, 4 Nov 2010 03:10:42 +0100 Subject: Document the AllowSingleHopExits option --- doc/tor.1.txt | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'doc') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 1511eb894b..29e49e8d4b 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -751,6 +751,11 @@ The following options are useful only for clients (that is, if Like WarnPlaintextPorts, but instead of warning about risky port uses, Tor will instead refuse to make the connection. (Default: None). +**AllowSingleHopCircuits** **0**|**1**:: + When this option is set, the attached Tor controller Tor can use relays + that have the **AllowSingleHopExits** option turned on to build + one-hop Tor connections. + SERVER OPTIONS -------------- -- cgit v1.2.3-54-g00ecf From 6bde512edce7e7bbf2b4246212d05dbbe8cf8da2 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Mon, 8 Nov 2010 08:34:03 +0100 Subject: Document hs dht min uptime change in privnets In f87c6f100d2faf8d we made it so that MinUptimeHidServDirectoryV2 defaults to 0 if TestingTorNetwork is set. Add a manpage entry and a changes file. --- changes/minuptimehs | 3 +++ doc/tor.1.txt | 1 + 2 files changed, 4 insertions(+) create mode 100644 changes/minuptimehs (limited to 'doc') diff --git a/changes/minuptimehs b/changes/minuptimehs new file mode 100644 index 0000000000..d7474d21f5 --- /dev/null +++ b/changes/minuptimehs @@ -0,0 +1,3 @@ + o Minor features: + - Make hidden services work better in private networks by not requiring + any uptime to join the dht. Implements ticket 2088. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 29e49e8d4b..f7cccb5215 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1267,6 +1267,7 @@ The following options are used for running a testing Tor network. V3AuthVotingInterval 5 minutes V3AuthVoteDelay 20 seconds V3AuthDistDelay 20 seconds + MinUptimeHidServDirectoryV2 0 seconds TestingV3AuthInitialVotingInterval 5 minutes TestingV3AuthInitialVoteDelay 20 seconds TestingV3AuthInitialDistDelay 20 seconds -- cgit v1.2.3-54-g00ecf From ac2c0cb587548c4faf3fa225064cdbd183f609bb Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 15 Nov 2010 14:09:32 -0500 Subject: Make the coducmentation for SingleHop stuff slightly more dire --- doc/tor.1.txt | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'doc') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index f7cccb5215..c8608eb845 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -414,7 +414,9 @@ The following options are useful only for clients (that is, if This option controls whether circuits built by Tor will include relays with the AllowSingleHopExits flag set to true. If ExcludeSingleHopRelays is set to 0, these relays will be included. Note that these relays might be at - higher risk of being seized or observed, so they are not normally included. + higher risk of being seized or observed, so they are not normally + included. Also note that relatively few clients turn off this option, + so using these relays might make your client stand out. (Default: 1) **Bridge** __IP__:__ORPort__ [fingerprint]:: @@ -752,9 +754,9 @@ The following options are useful only for clients (that is, if will instead refuse to make the connection. (Default: None). **AllowSingleHopCircuits** **0**|**1**:: - When this option is set, the attached Tor controller Tor can use relays + When this option is set, the attached Tor controller can use relays that have the **AllowSingleHopExits** option turned on to build - one-hop Tor connections. + one-hop Tor connections. (Default: 0) SERVER OPTIONS -------------- @@ -773,7 +775,9 @@ is non-zero): **AllowSingleHopExits** **0**|**1**:: This option controls whether clients can use this server as a single hop proxy. If set to 1, clients can use this server as an exit even if it is - the only hop in the circuit. (Default: 0) + the only hop in the circuit. Note that most clients will refuse to use + servers that set this option, since most clients have + ExcludeSingleHopRelays set. (Default: 0) **AssumeReachable** **0**|**1**:: This option is used when bootstrapping a new Tor network. If set to 1, -- cgit v1.2.3-54-g00ecf