From ff9bdbd56ffdc4d91da377ca5e1624b58aeaab8e Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 17 Jan 2013 18:07:36 -0500 Subject: When excluding nodes by country, exclude {??} and {A1} too This is ticket 7706, reported by "bugcatcher." The rationale here is that if somebody says 'ExcludeNodes {tv}', then they probably don't just want to block definitely Tuvaluan nodes: they also want to block nodes that have unknown country, since for all they know such nodes are also in Tuvalu. This behavior is controlled by a new GeoIPExcludeUnknown autobool option. With the default (auto) setting, we exclude ?? and A1 if any country is excluded. If the option is 1, we add ?? and A1 unconditionally; if the option is 0, we never add them. (Right now our geoip file doesn't actually seem to include A1: I'm including it here in case it comes back.) This feature only takes effect if you have a GeoIP file. Otherwise you'd be excluding every node. --- doc/tor.1.txt | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'doc') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 40cf66dbc4..3b13a6180a 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -689,6 +689,14 @@ The following options are useful only for clients (that is, if node listed in ExcludeNodes is automatically considered to be part of this list too. See also the caveats on the "ExitNodes" option below. +**GeoIPExcludeUnknown** **0**|**1**|**auto**:: + If this option is set to 'auto', then whenever any country code is set in + ExcludeNodes or ExcludeEntryNodes, all nodes with unknown country (?? and + possibly A1) are treated as excluded as well. If this option is set to + '1', then all unknown countries are treated as excluded in ExcludeNodes + and ExcludeEntryNodes. This option has no effect when a GeoIP file isn't + configured or can't be found. (Default: auto) + **ExitNodes** __node__,__node__,__...__:: A list of identity fingerprints, nicknames, country codes and address patterns of nodes to use as exit node---that is, a -- cgit v1.2.3-54-g00ecf From ec7ffed79da3f84d4bff7b92434f872dd228102c Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 30 Jan 2013 10:19:41 -0500 Subject: Document the ?? country code. --- doc/tor.1.txt | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 3b13a6180a..947322161a 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -679,7 +679,11 @@ The following options are useful only for clients (that is, if Note also that if you are a relay, this (and the other node selection options below) only affects your own circuits that Tor builds for you. Clients can still build circuits through you to any node. Controllers - can tell Tor to build circuits through any node. + can tell Tor to build circuits through any node. + + + + Country codes are case-insensitive. The code "\{??}" refers to nodes whose + country can't be identified. No country code, including \{??}, works if + no GeoIPFile can be loaded. See also the GeoIPExcludeUnknown option below. **ExcludeExitNodes** __node__,__node__,__...__:: @@ -691,8 +695,8 @@ The following options are useful only for clients (that is, if **GeoIPExcludeUnknown** **0**|**1**|**auto**:: If this option is set to 'auto', then whenever any country code is set in - ExcludeNodes or ExcludeEntryNodes, all nodes with unknown country (?? and - possibly A1) are treated as excluded as well. If this option is set to + ExcludeNodes or ExcludeEntryNodes, all nodes with unknown country (\{??} and + possibly \{A1}) are treated as excluded as well. If this option is set to '1', then all unknown countries are treated as excluded in ExcludeNodes and ExcludeEntryNodes. This option has no effect when a GeoIP file isn't configured or can't be found. (Default: auto) -- cgit v1.2.3-54-g00ecf