tor-commits October 2020

tor-commits@lists.torproject.org

17 participants
2274 discussions

[torspec/master] Update spec from phw's comments.
by dgoulet＠torproject.org 06 Oct '20

06 Oct '20

commit 64b6ae71ab362d052d38d75a6bfb5af93f8af6a0 Author: Alexander Færøy <ahf(a)torproject.org> Date: Sun May 19 22:15:18 2019 +0200 Update spec from phw's comments. --- pt-spec.txt | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/pt-spec.txt b/pt-spec.txt index 8231597..0a8548f 100644 --- a/pt-spec.txt +++ b/pt-spec.txt @@ -219,12 +219,11 @@ Table of Contents "TOR_PT_OUTBOUND_BIND_ADDRESS" - Specifies an IP address that the PT proxy or server SHOULD use as source - address for outgoing IP connections. This feature allows people with multiple - network interfaces to specify explicitly which interface they prefer the PT to - use. + Specifies an IP address that the PT proxy SHOULD use as source address for + outgoing IP packets. This feature allows people with multiple network + interfaces to specify explicitly which interface they prefer the PT proxy to use. - If this value is unset or empty the PT MUST use the default source + If this value is unset or empty, the PT proxy MUST use the default source address for outgoing connections. This setting MUST be ignored for connections to

1 0

[torspec/master] Add TOR_PT_OUTBOUND_BIND_ADDRESS support.
by dgoulet＠torproject.org 06 Oct '20

06 Oct '20

commit 654edcee5e5097a11989e6a42fee7259281e0f00 Author: Alexander Færøy <ahf(a)torproject.org> Date: Sat May 18 17:31:47 2019 +0200 Add TOR_PT_OUTBOUND_BIND_ADDRESS support. This patch adds support for the TOR_PT_OUTBOUND_BIND_ADDRESS variable to both PT proxies and servers. See: https://bugs.torproject.org/5304 --- pt-spec.txt | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/pt-spec.txt b/pt-spec.txt index bd4aec6..8231597 100644 --- a/pt-spec.txt +++ b/pt-spec.txt @@ -217,6 +217,29 @@ Table of Contents TOR_PT_EXIT_ON_STDIN_CLOSE=1 + "TOR_PT_OUTBOUND_BIND_ADDRESS" + + Specifies an IP address that the PT proxy or server SHOULD use as source + address for outgoing IP connections. This feature allows people with multiple + network interfaces to specify explicitly which interface they prefer the PT to + use. + + If this value is unset or empty the PT MUST use the default source + address for outgoing connections. + + This setting MUST be ignored for connections to + loopback addresses (127.0.0.0/8 and [::1]). + + IPv6 addresses MUST always be wrapped in square brackets. + + Example with IPv4: + + TOR_PT_OUTBOUND_BIND_ADDRESS=203.0.113.4 + + Example with IPv6: + + TOR_PT_OUTBOUND_BIND_ADDRESS=[2001:db8::4] + 3.2.2. Pluggable Transport Client Environment Variables Client-side Pluggable Transport forward proxies are configured

1 0

[torspec/master] Clearify loopback address for IPv6.
by dgoulet＠torproject.org 06 Oct '20

06 Oct '20

commit 1ecf3f66586816fc718e38f8cd7cbb23fa9b81f5 Author: Alexander Færøy <ahf(a)torproject.org> Date: Tue May 21 13:54:52 2019 +0200 Clearify loopback address for IPv6. --- pt-spec.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pt-spec.txt b/pt-spec.txt index 5fefff1..e43a3f7 100644 --- a/pt-spec.txt +++ b/pt-spec.txt @@ -244,8 +244,7 @@ Table of Contents If this value is unset or empty, the PT proxy MUST use the default source address for outgoing connections. - This setting MUST be ignored for connections to - loopback addresses ([::1]). + This setting MUST be ignored for connections to the loopback address ([::1]). IPv6 addresses MUST always be wrapped in square brackets.

1 0

[translation/tbmanual-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot
by translation＠torproject.org 06 Oct '20

06 Oct '20

commit 1c9942809fc57f7713eb4ef173bec834fb443aa3 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Oct 6 13:17:42 2020 +0000 https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot --- contents+sw.po | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/contents+sw.po b/contents+sw.po index 26eee24790..47ae355271 100644 --- a/contents+sw.po +++ b/contents+sw.po @@ -881,17 +881,21 @@ msgid "" "Because bridge addresses are not public, you will need to request them " "yourself. You have a few options:" msgstr "" +"Kwasababu anwani za daraja sio za umma, unatatakiwa kuwauliza wewe mwenyewe." +" una machaguzi machache:" #: https//tb-manual.torproject.org/bridges/ #: (content/bridges/contents+en.lrtopic.body) msgid "" "* Visit https://bridges.torproject.org/ and follow the instructions, or" -msgstr "" +msgstr "*Tembelea https://bridge.torproject.org/ na fatisha maelekezo, au" #: https//tb-manual.torproject.org/bridges/ #: (content/bridges/contents+en.lrtopic.body) msgid "* Email bridges(a)torproject.org from a Gmail, or Riseup email address" msgstr "" +"*Madaraja ya barua pepe(a)torproject.org kutoka Gmail, au Kuinua anwani ya " +"barua pepe " #: https//tb-manual.torproject.org/bridges/ #: (content/bridges/contents+en.lrtopic.body) @@ -1447,7 +1451,7 @@ msgstr "" #: https//tb-manual.torproject.org/security-settings/ #: (content/security-settings/contents+en.lrtopic.body) msgid "###### Safest" -msgstr "" +msgstr "###### Salama zaidi" #: https//tb-manual.torproject.org/security-settings/ #: (content/security-settings/contents+en.lrtopic.body) @@ -1811,6 +1815,8 @@ msgid "" "<img class=\"\" src=\"/static/images/macos-go-to-folder-menu.png\" alt=\"Go " "to folder menu option.\">" msgstr "" +"<img class=\"\" src=\"/static/images/macos-go-to-folder-menu.png\" alt=\"Go " +"to folder menu option.\">" #: https//tb-manual.torproject.org/uninstalling/ #: (content/uninstalling/contents+en.lrtopic.body) @@ -1824,6 +1830,8 @@ msgid "" "<img class=\"\" src=\"/static/images/macos-go-to-folder-window.png\" " "alt=\"Go to folder window.\">" msgstr "" +"<img class=\"\" src=\"/static/images/macos-go-to-folder-window.png\" " +"alt=\"Go to folder window.\">" #: https//tb-manual.torproject.org/uninstalling/ #: (content/uninstalling/contents+en.lrtopic.body) @@ -2525,6 +2533,9 @@ msgid "" "/android-uninstall-google-play.png\" alt=\"Uninstalling Tor Browser for " "Android on Google Play\">" msgstr "" +"<img style=\"max-width:300px\" class=\"col-md-6\" src=\"../../static/images" +"/android-uninstall-google-play.png\" alt=\"Uninstalling Tor Browser for " +"Android on Google Play\">" #: https//tb-manual.torproject.org/mobile-tor/ #: (content/mobile-tor/contents+en.lrtopic.body) @@ -2561,7 +2572,7 @@ msgstr "" #: https//tb-manual.torproject.org/mobile-tor/ #: (content/mobile-tor/contents+en.lrtopic.body) msgid "#### Mobile device app settings" -msgstr "" +msgstr "#### Mipangilio ya programu kwenye kifaa cha Simu" #: https//tb-manual.torproject.org/mobile-tor/ #: (content/mobile-tor/contents+en.lrtopic.body) @@ -2570,6 +2581,9 @@ msgid "" "/android-uninstall-device-settings.png\" alt=\"Uninstalling Tor Browser for " "Android using device app settings\">" msgstr "" +"<img style=\"max-width:300px\" class=\"col-md-6\" src=\"../../static/images" +"/android-uninstall-device-settings.png\" alt=\"Uninstalling Tor Browser for " +"Android using device app settings\">" #: https//tb-manual.torproject.org/mobile-tor/ #: (content/mobile-tor/contents+en.lrtopic.body) @@ -2673,7 +2687,7 @@ msgstr "" #: https//tb-manual.torproject.org/mobile-tor/ #: (content/mobile-tor/contents+en.lrtopic.body) msgid "#### Orbot" -msgstr "" +msgstr "#### Orbot" #: https//tb-manual.torproject.org/mobile-tor/ #: (content/mobile-tor/contents+en.lrtopic.body)

1 0

[torspec/master] Sort param-spec.txt into sections
by dgoulet＠torproject.org 06 Oct '20

06 Oct '20

commit 441c840edf37a275dff5524e2016a113e93c4556 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Sep 28 09:25:09 2020 -0400 Sort param-spec.txt into sections --- param-spec.txt | 204 +++++++++++++++++++++++++++++++++------------------------ 1 file changed, 120 insertions(+), 84 deletions(-) diff --git a/param-spec.txt b/param-spec.txt index 31aa4be..022a453 100644 --- a/param-spec.txt +++ b/param-spec.txt @@ -1,5 +1,7 @@ - Commonly used "param" arguments at this point include: + Tor network parameters + +1. Network protocol parameters "circwindow" -- the default package window that circuits should be established with. It started out at 1000 cells, but some @@ -8,6 +10,38 @@ Min: 100, Max: 1000 First-appeared: Tor 0.2.1.20 + "refuseunknownexits" -- if set to one, exit relays look at + the previous hop of circuits that ask to open an exit stream, + and refuse to exit if they don't recognize it as a relay. The + goal is to make it harder for people to use them as one-hop + proxies. See trac entry 1751 for details. + Min: 0, Max: 1 + First-appeared: 0.2.2.17-alpha + + + "UseOptimisticData" -- If set to zero, clients by default + shouldn't try to send optimistic data to servers until they have + received a RELAY_CONNECTED cell. + Min: 0, Max: 1, Default: 1 + First-appeared: 0.2.3.3-alpha + Default was 0 before: 0.2.9.1-alpha + + "usecreatefast" -- Used to control whether clients use the + CREATE_FAST handshake on the first hop of their circuits. + Min: 0, Max: 1. Default: 1. + First-appeared: 0.2.4.23, 0.2.5.2-alpha + + "min_paths_for_circs_pct" -- DOCDOC + + + "AllowNonearlyExtend" -- If true, permit EXTEND cells that are not + inside RELAY_EARLY cells. + Min: 0. Max: 1. Default: 0. + First-appeared: 0.2.3.11-alpha + + +2. Performance-tuning parameters + "CircuitPriorityHalflifeMsec" -- the halflife parameter used when weighting which circuit will send the next cell. Obeyed by Tor 0.2.2.10-alpha and later. (Versions of Tor between 0.2.2.7-alpha @@ -28,62 +62,39 @@ First-appeared: 0.2.2.7-alpha Removed-in: 0.2.2.16-alpha - "refuseunknownexits" -- if set to one, exit relays look at - the previous hop of circuits that ask to open an exit stream, - and refuse to exit if they don't recognize it as a relay. The - goal is to make it harder for people to use them as one-hop - proxies. See trac entry 1751 for details. - Min: 0, Max: 1 - First-appeared: 0.2.2.17-alpha + "NumNTorsPerTAP" -- When balancing ntor and TAP cells at relays, + how many ntor handshakes should we perform for each TAP handshake? + Min: 1. Max: 100000. Default: 10. + First-appeared: 0.2.4.17-rc + + "circ_max_cell_queue_size" -- This parameter determines the maximum + number of cells allowed per circuit queue. + Min 1000. Max 4294967295. Default 50000. + First-appeared: 0.3.3.6-rc. + + + "sendme_emit_min_version" -- Minimum SENDME version that can be sent. + Min: 0. Max: 255. Default 0. First + appeared: 0.4.1.1-alpha. + + "sendme_accept_min_version" -- Minimum SENDME version that is accepted. + Min: 0. Max: 255. Default 0. First + appeared: 0.4.1.1-alpha. + + +3. Voting-related parameters "bwweightscale" -- Value that bandwidth-weights are divided by. If not present then this defaults to 10000. Min: 1 First-appeared: 0.2.2.10-alpha - "cbtdisabled", "cbtnummodes", "cbtrecentcount", "cbtmaxtimeouts", - "cbtmincircs", "cbtquantile", "cbtclosequantile", "cbttestfreq", - "cbtmintimeout", "cbtlearntimeout", "cbtmaxopencircs", and - "cbtinitialtimeout" -- see "2.4.5. Consensus parameters governing - behavior" in path-spec.txt for a series of circuit build time related - consensus params. - - "UseOptimisticData" -- If set to zero, clients by default - shouldn't try to send optimistic data to servers until they have - received a RELAY_CONNECTED cell. - Min: 0, Max: 1, Default: 1 - First-appeared: 0.2.3.3-alpha - Default was 0 before: 0.2.9.1-alpha - "maxunmeasuredbw" -- Used by authorities during voting with method 17 or later. The maximum value to give for any Bandwidth= entry for a router that isn't based on at least three measurements. First-appeared: 0.2.4.11-alpha - "Support022HiddenServices" -- Used to implement a mass switch-over - from sending timestamps to hidden services by default to sending - no timestamps at all. If this option is absent, or is set to 1, - clients with the default configuration send timestamps; otherwise, - they do not. - Min: 0, Max: 1. Default: 1. - First-appeared: 0.2.4.18-rc - - "usecreatefast" -- Used to control whether clients use the - CREATE_FAST handshake on the first hop of their circuits. - Min: 0, Max: 1. Default: 1. - First-appeared: 0.2.4.23, 0.2.5.2-alpha - - "pb_mincircs", "pb_noticepct", "pb_warnpct", "pb_extremepct", - "pb_dropguards", "pb_scalecircs", "pb_scalefactor", - "pb_multfactor", "pb_minuse", "pb_noticeusepct", - "pb_extremeusepct", "pb_scaleuse" -- DOCDOC - - "UseNTorHandshake" -- If true, then versions of Tor that support - NTor will prefer to use it by default. - Min: 0, Max: 1. Default: 1. - First-appeared: 0.2.4.8-alpha - "FastFlagMinThreshold", "FastFlagMaxThreshold" -- lowest and highest allowable values for the cutoff for routers that should get the Fast flag. This is used during voting to prevent the threshold @@ -92,30 +103,6 @@ FastFlagMaxThreshold: Min: -. Max: INT32_MAX: Default: INT32_MAX First-appeared: 0.2.3.11-alpha - "NumDirectoryGuards", "NumEntryGuards" -- Number of guard nodes - clients should use by default. If NumDirectoryGuards is 0, - we default to NumEntryGuards. - NumDirectoryGuards: Min: 0. Max: 10. Default: 0 - NumEntryGuards: Min: 1. Max: 10. Default: 3 - First-appeared: 0.2.4.23, 0.2.5.6-alpha - - "GuardLifetime" -- Duration for which clients should choose guard - nodes, in seconds. - Min: 30 days. Max: 1826 days. Default: 60 days. - First-appeared: 0.2.4.12-alpha - - "min_paths_for_circs_pct" -- DOCDOC - - "NumNTorsPerTAP" -- When balancing ntor and TAP cells at relays, - how many ntor handshakes should we perform for each TAP handshake? - Min: 1. Max: 100000. Default: 10. - First-appeared: 0.2.4.17-rc - - "AllowNonearlyExtend" -- If true, permit EXTEND cells that are not - inside RELAY_EARLY cells. - Min: 0. Max: 1. Default: 0. - First-appeared: 0.2.3.11-alpha - "AuthDirNumSRVAgreements" -- Minimum number of agreeing directory authority votes required for a fresh shared random value to be written in the consensus (this rule only applies on the first commit round of @@ -123,7 +110,19 @@ Min: 1. Max: INT32_MAX. Default: 2/3 of the total number of dirauth. - "max-consensuses-age-to-cache-for-diff" -- Determines how +4. Circuit-build-timeout parameters + + "cbtdisabled", "cbtnummodes", "cbtrecentcount", "cbtmaxtimeouts", + "cbtmincircs", "cbtquantile", "cbtclosequantile", "cbttestfreq", + "cbtmintimeout", "cbtlearntimeout", "cbtmaxopencircs", and + "cbtinitialtimeout" -- see "2.4.5. Consensus parameters governing + behavior" in path-spec.txt for a series of circuit build time related + consensus params. + + +5. Directory-related parameters + + "max-consensus-age-to-cache-for-diff" -- Determines how much consensus history (in hours) relays should try to cache in order to serve diffs. (min 0, max 8192, default 72) @@ -132,6 +131,16 @@ client should no longer try to find a diff for it. (min 0, max 8192, default 72) +6. Pathbias parameters + + "pb_mincircs", "pb_noticepct", "pb_warnpct", "pb_extremepct", + "pb_dropguards", "pb_scalecircs", "pb_scalefactor", + "pb_multfactor", "pb_minuse", "pb_noticeusepct", + "pb_extremeusepct", "pb_scaleuse" -- DOCDOC + +7. Relay behavior + + onion key lifetime parameters: "onion-key-rotation-days" -- (min 1, max 90, default 28) "onion-key-grace-period-days" -- (min 1, max @@ -143,6 +152,10 @@ days after it is replaced. (Introduced in 0.3.1.1-alpha; prior versions of tor hardcoded both of these values to 7 days.) +8. V3 onion service parameters + + + Hidden service v3 parameters: "hs_intro_min_introduce2" "hs_intro_max_introduce2" -- Minimum/maximum amount of INTRODUCE2 cells @@ -168,6 +181,14 @@ Min 1. Max 10. Default 2. First-appeared: 0.3.3.0-alpha. + "HiddenServiceEnableIntroDoSDefense" -- This parameter makes tor start + using this new proposed extension if available by the introduction + point (for protover HSIntro=5). Min: 0. Max: 1. Default: 0. First + appeared: 0.4.2.1-alpha. + + +9. Denial-of-service parameters + Denial of Service mitigation parameters. Introduced in 0.3.3.2-alpha: "DoSCircuitCreationEnabled" -- Enable the circuit creation DoS @@ -209,25 +230,40 @@ "DoSRefuseSingleHopClientRendezvous" -- Refuse establishment of rendezvous points for single hop clients. - "circ_max_cell_queue_size" -- This parameter determines the maximum - number of cells allowed per circuit queue. - Min 1000. Max 4294967295. Default 50000. - First-appeared: 0.3.3.6-rc. +10. Padding-related parameters "circpad_max_circ_queued_cells" -- The circuitpadding module will stop sending more padding cells if more than this many cells are in the circuit queue a given circuit. Min: 0. Max: 50000. Default 1000. First appeared: 0.4.0.3-alpha. - "sendme_emit_min_version" -- Minimum SENDME version that can be sent. - Min: 0. Max: 255. Default 0. First - appeared: 0.4.1.1-alpha. +X. Obsolete parameters + + "NumDirectoryGuards", "NumEntryGuards" -- Number of guard nodes + clients should use by default. If NumDirectoryGuards is 0, + we default to NumEntryGuards. + NumDirectoryGuards: Min: 0. Max: 10. Default: 0 + NumEntryGuards: Min: 1. Max: 10. Default: 3 + First-appeared: 0.2.4.23, 0.2.5.6-alpha + + "GuardLifetime" -- Duration for which clients should choose guard + nodes, in seconds. + Min: 30 days. Max: 1826 days. Default: 60 days. + First-appeared: 0.2.4.12-alpha + + "UseNTorHandshake" -- If true, then versions of Tor that support + NTor will prefer to use it by default. + Min: 0, Max: 1. Default: 1. + First-appeared: 0.2.4.8-alpha + + "Support022HiddenServices" -- Used to implement a mass switch-over + from sending timestamps to hidden services by default to sending + no timestamps at all. If this option is absent, or is set to 1, + clients with the default configuration send timestamps; otherwise, + they do not. + Min: 0, Max: 1. Default: 1. + First-appeared: 0.2.4.18-rc + + - "sendme_accept_min_version" -- Minimum SENDME version that is accepted. - Min: 0. Max: 255. Default 0. First - appeared: 0.4.1.1-alpha. - "HiddenServiceEnableIntroDoSDefense" -- This parameter makes tor start - using this new proposed extension if available by the introduction - point (for protover HSIntro=5). Min: 0. Max: 1. Default: 0. First - appeared: 0.4.2.1-alpha.

1 0

[torspec/master] Split out list of consensus parameters into a new file.
by dgoulet＠torproject.org 06 Oct '20

06 Oct '20

commit 13d2337917f43566095caf88ff2dc4bbf08482ba Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Sep 28 09:03:55 2020 -0400 Split out list of consensus parameters into a new file. No editing yet; only movement. --- dir-spec.txt | 233 +-------------------------------------------------------- param-spec.txt | 233 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 234 insertions(+), 232 deletions(-) diff --git a/dir-spec.txt b/dir-spec.txt index 27d380f..236ee55 100644 --- a/dir-spec.txt +++ b/dir-spec.txt @@ -1921,238 +1921,7 @@ (Only included when the vote is generated with consensus-method 7 or later.) - Commonly used "param" arguments at this point include: - - "circwindow" -- the default package window that circuits should - be established with. It started out at 1000 cells, but some - research indicates that a lower value would mean fewer cells in - transit in the network at any given time. - Min: 100, Max: 1000 - First-appeared: Tor 0.2.1.20 - - "CircuitPriorityHalflifeMsec" -- the halflife parameter used when - weighting which circuit will send the next cell. Obeyed by Tor - 0.2.2.10-alpha and later. (Versions of Tor between 0.2.2.7-alpha - and 0.2.2.10-alpha recognized a "CircPriorityHalflifeMsec" parameter, - but mishandled it badly.) - Min: -1, Max: 2147483647 (INT32_MAX) - First-appeared: Tor 0.2.2.11-alpha - - "perconnbwrate" and "perconnbwburst" -- if set, each relay sets - up a separate token bucket for every client OR connection, - and rate limits that connection indepedently. Typically left - unset, except when used for performance experiments around trac - entry 1750. Only honored by relays running Tor 0.2.2.16-alpha - and later. (Note that relays running 0.2.2.7-alpha through - 0.2.2.14-alpha looked for bwconnrate and bwconnburst, but then - did the wrong thing with them; see bug 1830 for details.) - Min: 1, Max: 2147483647 (INT32_MAX) - First-appeared: 0.2.2.7-alpha - Removed-in: 0.2.2.16-alpha - - "refuseunknownexits" -- if set to one, exit relays look at - the previous hop of circuits that ask to open an exit stream, - and refuse to exit if they don't recognize it as a relay. The - goal is to make it harder for people to use them as one-hop - proxies. See trac entry 1751 for details. - Min: 0, Max: 1 - First-appeared: 0.2.2.17-alpha - - "bwweightscale" -- Value that bandwidth-weights are divided by. If not - present then this defaults to 10000. - Min: 1 - First-appeared: 0.2.2.10-alpha - - "cbtdisabled", "cbtnummodes", "cbtrecentcount", "cbtmaxtimeouts", - "cbtmincircs", "cbtquantile", "cbtclosequantile", "cbttestfreq", - "cbtmintimeout", "cbtlearntimeout", "cbtmaxopencircs", and - "cbtinitialtimeout" -- see "2.4.5. Consensus parameters governing - behavior" in path-spec.txt for a series of circuit build time related - consensus params. - - "UseOptimisticData" -- If set to zero, clients by default - shouldn't try to send optimistic data to servers until they have - received a RELAY_CONNECTED cell. - Min: 0, Max: 1, Default: 1 - First-appeared: 0.2.3.3-alpha - Default was 0 before: 0.2.9.1-alpha - - "maxunmeasuredbw" -- Used by authorities during voting with - method 17 or later. The maximum value to give for any Bandwidth= - entry for a router that isn't based on at least three - measurements. - First-appeared: 0.2.4.11-alpha - - "Support022HiddenServices" -- Used to implement a mass switch-over - from sending timestamps to hidden services by default to sending - no timestamps at all. If this option is absent, or is set to 1, - clients with the default configuration send timestamps; otherwise, - they do not. - Min: 0, Max: 1. Default: 1. - First-appeared: 0.2.4.18-rc - - "usecreatefast" -- Used to control whether clients use the - CREATE_FAST handshake on the first hop of their circuits. - Min: 0, Max: 1. Default: 1. - First-appeared: 0.2.4.23, 0.2.5.2-alpha - - "pb_mincircs", "pb_noticepct", "pb_warnpct", "pb_extremepct", - "pb_dropguards", "pb_scalecircs", "pb_scalefactor", - "pb_multfactor", "pb_minuse", "pb_noticeusepct", - "pb_extremeusepct", "pb_scaleuse" -- DOCDOC - - "UseNTorHandshake" -- If true, then versions of Tor that support - NTor will prefer to use it by default. - Min: 0, Max: 1. Default: 1. - First-appeared: 0.2.4.8-alpha - - "FastFlagMinThreshold", "FastFlagMaxThreshold" -- lowest and - highest allowable values for the cutoff for routers that should get - the Fast flag. This is used during voting to prevent the threshold - for getting the Fast flag from being too low or too high. - FastFlagMinThreshold: Min: 4. Max: INT32_MAX: Default: 4. - FastFlagMaxThreshold: Min: -. Max: INT32_MAX: Default: INT32_MAX - First-appeared: 0.2.3.11-alpha - - "NumDirectoryGuards", "NumEntryGuards" -- Number of guard nodes - clients should use by default. If NumDirectoryGuards is 0, - we default to NumEntryGuards. - NumDirectoryGuards: Min: 0. Max: 10. Default: 0 - NumEntryGuards: Min: 1. Max: 10. Default: 3 - First-appeared: 0.2.4.23, 0.2.5.6-alpha - - "GuardLifetime" -- Duration for which clients should choose guard - nodes, in seconds. - Min: 30 days. Max: 1826 days. Default: 60 days. - First-appeared: 0.2.4.12-alpha - - "min_paths_for_circs_pct" -- DOCDOC - - "NumNTorsPerTAP" -- When balancing ntor and TAP cells at relays, - how many ntor handshakes should we perform for each TAP handshake? - Min: 1. Max: 100000. Default: 10. - First-appeared: 0.2.4.17-rc - - "AllowNonearlyExtend" -- If true, permit EXTEND cells that are not - inside RELAY_EARLY cells. - Min: 0. Max: 1. Default: 0. - First-appeared: 0.2.3.11-alpha - - "AuthDirNumSRVAgreements" -- Minimum number of agreeing directory - authority votes required for a fresh shared random value to be written - in the consensus (this rule only applies on the first commit round of - the shared randomness protocol). - Min: 1. Max: INT32_MAX. Default: 2/3 of the total number of - dirauth. - - "max-consensuses-age-to-cache-for-diff" -- Determines how - much consensus history (in hours) relays should try to cache - in order to serve diffs. (min 0, max 8192, default 72) - - "try-diff-for-consensus-newer-than" -- This parameter - determines how old a consensus can be (in hours) before a - client should no longer try to find a diff for it. (min 0, - max 8192, default 72) - - onion key lifetime parameters: - "onion-key-rotation-days" -- (min 1, max 90, default 28) - "onion-key-grace-period-days" -- (min 1, max - onion-key-rotation-days, default 7) - Every relay should list each onion key it generates for - onion-key-rotation-days days after generating it, and then - replace it. Relays should continue to accept their most recent - previous onion key for an additional onion-key-grace-period-days - days after it is replaced. (Introduced in 0.3.1.1-alpha; - prior versions of tor hardcoded both of these values to 7 days.) - - Hidden service v3 parameters: - "hs_intro_min_introduce2" - "hs_intro_max_introduce2" -- Minimum/maximum amount of INTRODUCE2 cells - allowed per circuits before rotation (actual - amount picked at random between these two values). - "hs_intro_min_lifetime" - "hs_intro_max_lifetime" -- Minimum/maximum lifetime in seconds that a service - should keep an intro point for (actual lifetime picked at - random between these two values). - "hs_intro_num_extra" -- Number of extra intro points a service is allowed to open. - This concept comes from proposal #155. - "hsdir_interval" -- The length of a time period. See rend-spec-v3.txt - section [TIME-PERIODS]. - "hsdir_n_replicas" -- Number of HS descriptor replicas. - "hsdir_spread_fetch" -- Total number of HSDirs per replica a tor client - should select to try to fetch a descriptor. - "hsdir_spread_store" -- Total number of HSDirs per replica a service - will upload its descriptor to. - "HSV3MaxDescriptorSize" -- Maximum descriptor size (in bytes). - - "hs_service_max_rdv_failures" -- This parameter determines the maximum - number of rendezvous attempt an HS service can make per introduction. - Min 1. Max 10. Default 2. - First-appeared: 0.3.3.0-alpha. - - Denial of Service mitigation parameters. Introduced in 0.3.3.2-alpha: - - "DoSCircuitCreationEnabled" -- Enable the circuit creation DoS - mitigation. - - "DoSCircuitCreationMinConnections" -- Minimum threshold of concurrent - connections before a client address can be flagged as executing a - circuit creation DoS - - "DoSCircuitCreationRate" -- Allowed circuit creation rate per second - per client IP address once the minimum concurrent connection - threshold is reached. - - "DoSCircuitCreationBurst" -- The allowed circuit creation burst per - client IP address once the minimum concurrent connection threshold is - reached. - - "DoSCircuitCreationDefenseType" -- Defense type applied to a detected - client address for the circuit creation mitigation. - - 1: No defense. - 2: Refuse circuit creation for the - DoSCircuitCreationDefenseTimePeriod period. - - "DoSCircuitCreationDefenseTimePeriod" -- The base time period that - the DoS defense is activated for. - - "DoSConnectionEnabled" -- Enable the connection DoS mitigation. - - "DoSConnectionMaxConcurrentCount" -- The maximum threshold of - concurrent connection from a client IP address. - - "DoSConnectionDefenseType" -- Defense type applied to a detected - client address for the connection mitigation. Possible values are: - - 1: No defense. - 2: Immediately close new connections. - - "DoSRefuseSingleHopClientRendezvous" -- Refuse establishment of - rendezvous points for single hop clients. - - "circ_max_cell_queue_size" -- This parameter determines the maximum - number of cells allowed per circuit queue. - Min 1000. Max 4294967295. Default 50000. - First-appeared: 0.3.3.6-rc. - - "circpad_max_circ_queued_cells" -- The circuitpadding module will - stop sending more padding cells if more than this many cells are in - the circuit queue a given circuit. Min: 0. Max: 50000. Default 1000. - First appeared: 0.4.0.3-alpha. - - "sendme_emit_min_version" -- Minimum SENDME version that can be sent. - Min: 0. Max: 255. Default 0. First - appeared: 0.4.1.1-alpha. - - "sendme_accept_min_version" -- Minimum SENDME version that is accepted. - Min: 0. Max: 255. Default 0. First - appeared: 0.4.1.1-alpha. - - "HiddenServiceEnableIntroDoSDefense" -- This parameter makes tor start - using this new proposed extension if available by the introduction - point (for protover HSIntro=5). Min: 0. Max: 1. Default: 0. First - appeared: 0.4.2.1-alpha. + See param-spec.txt for a list of parameters and their meanings. "shared-rand-previous-value" SP NumReveals SP Value NL diff --git a/param-spec.txt b/param-spec.txt new file mode 100644 index 0000000..31aa4be --- /dev/null +++ b/param-spec.txt @@ -0,0 +1,233 @@ + + Commonly used "param" arguments at this point include: + + "circwindow" -- the default package window that circuits should + be established with. It started out at 1000 cells, but some + research indicates that a lower value would mean fewer cells in + transit in the network at any given time. + Min: 100, Max: 1000 + First-appeared: Tor 0.2.1.20 + + "CircuitPriorityHalflifeMsec" -- the halflife parameter used when + weighting which circuit will send the next cell. Obeyed by Tor + 0.2.2.10-alpha and later. (Versions of Tor between 0.2.2.7-alpha + and 0.2.2.10-alpha recognized a "CircPriorityHalflifeMsec" parameter, + but mishandled it badly.) + Min: -1, Max: 2147483647 (INT32_MAX) + First-appeared: Tor 0.2.2.11-alpha + + "perconnbwrate" and "perconnbwburst" -- if set, each relay sets + up a separate token bucket for every client OR connection, + and rate limits that connection indepedently. Typically left + unset, except when used for performance experiments around trac + entry 1750. Only honored by relays running Tor 0.2.2.16-alpha + and later. (Note that relays running 0.2.2.7-alpha through + 0.2.2.14-alpha looked for bwconnrate and bwconnburst, but then + did the wrong thing with them; see bug 1830 for details.) + Min: 1, Max: 2147483647 (INT32_MAX) + First-appeared: 0.2.2.7-alpha + Removed-in: 0.2.2.16-alpha + + "refuseunknownexits" -- if set to one, exit relays look at + the previous hop of circuits that ask to open an exit stream, + and refuse to exit if they don't recognize it as a relay. The + goal is to make it harder for people to use them as one-hop + proxies. See trac entry 1751 for details. + Min: 0, Max: 1 + First-appeared: 0.2.2.17-alpha + + "bwweightscale" -- Value that bandwidth-weights are divided by. If not + present then this defaults to 10000. + Min: 1 + First-appeared: 0.2.2.10-alpha + + "cbtdisabled", "cbtnummodes", "cbtrecentcount", "cbtmaxtimeouts", + "cbtmincircs", "cbtquantile", "cbtclosequantile", "cbttestfreq", + "cbtmintimeout", "cbtlearntimeout", "cbtmaxopencircs", and + "cbtinitialtimeout" -- see "2.4.5. Consensus parameters governing + behavior" in path-spec.txt for a series of circuit build time related + consensus params. + + "UseOptimisticData" -- If set to zero, clients by default + shouldn't try to send optimistic data to servers until they have + received a RELAY_CONNECTED cell. + Min: 0, Max: 1, Default: 1 + First-appeared: 0.2.3.3-alpha + Default was 0 before: 0.2.9.1-alpha + + "maxunmeasuredbw" -- Used by authorities during voting with + method 17 or later. The maximum value to give for any Bandwidth= + entry for a router that isn't based on at least three + measurements. + First-appeared: 0.2.4.11-alpha + + "Support022HiddenServices" -- Used to implement a mass switch-over + from sending timestamps to hidden services by default to sending + no timestamps at all. If this option is absent, or is set to 1, + clients with the default configuration send timestamps; otherwise, + they do not. + Min: 0, Max: 1. Default: 1. + First-appeared: 0.2.4.18-rc + + "usecreatefast" -- Used to control whether clients use the + CREATE_FAST handshake on the first hop of their circuits. + Min: 0, Max: 1. Default: 1. + First-appeared: 0.2.4.23, 0.2.5.2-alpha + + "pb_mincircs", "pb_noticepct", "pb_warnpct", "pb_extremepct", + "pb_dropguards", "pb_scalecircs", "pb_scalefactor", + "pb_multfactor", "pb_minuse", "pb_noticeusepct", + "pb_extremeusepct", "pb_scaleuse" -- DOCDOC + + "UseNTorHandshake" -- If true, then versions of Tor that support + NTor will prefer to use it by default. + Min: 0, Max: 1. Default: 1. + First-appeared: 0.2.4.8-alpha + + "FastFlagMinThreshold", "FastFlagMaxThreshold" -- lowest and + highest allowable values for the cutoff for routers that should get + the Fast flag. This is used during voting to prevent the threshold + for getting the Fast flag from being too low or too high. + FastFlagMinThreshold: Min: 4. Max: INT32_MAX: Default: 4. + FastFlagMaxThreshold: Min: -. Max: INT32_MAX: Default: INT32_MAX + First-appeared: 0.2.3.11-alpha + + "NumDirectoryGuards", "NumEntryGuards" -- Number of guard nodes + clients should use by default. If NumDirectoryGuards is 0, + we default to NumEntryGuards. + NumDirectoryGuards: Min: 0. Max: 10. Default: 0 + NumEntryGuards: Min: 1. Max: 10. Default: 3 + First-appeared: 0.2.4.23, 0.2.5.6-alpha + + "GuardLifetime" -- Duration for which clients should choose guard + nodes, in seconds. + Min: 30 days. Max: 1826 days. Default: 60 days. + First-appeared: 0.2.4.12-alpha + + "min_paths_for_circs_pct" -- DOCDOC + + "NumNTorsPerTAP" -- When balancing ntor and TAP cells at relays, + how many ntor handshakes should we perform for each TAP handshake? + Min: 1. Max: 100000. Default: 10. + First-appeared: 0.2.4.17-rc + + "AllowNonearlyExtend" -- If true, permit EXTEND cells that are not + inside RELAY_EARLY cells. + Min: 0. Max: 1. Default: 0. + First-appeared: 0.2.3.11-alpha + + "AuthDirNumSRVAgreements" -- Minimum number of agreeing directory + authority votes required for a fresh shared random value to be written + in the consensus (this rule only applies on the first commit round of + the shared randomness protocol). + Min: 1. Max: INT32_MAX. Default: 2/3 of the total number of + dirauth. + + "max-consensuses-age-to-cache-for-diff" -- Determines how + much consensus history (in hours) relays should try to cache + in order to serve diffs. (min 0, max 8192, default 72) + + "try-diff-for-consensus-newer-than" -- This parameter + determines how old a consensus can be (in hours) before a + client should no longer try to find a diff for it. (min 0, + max 8192, default 72) + + onion key lifetime parameters: + "onion-key-rotation-days" -- (min 1, max 90, default 28) + "onion-key-grace-period-days" -- (min 1, max + onion-key-rotation-days, default 7) + Every relay should list each onion key it generates for + onion-key-rotation-days days after generating it, and then + replace it. Relays should continue to accept their most recent + previous onion key for an additional onion-key-grace-period-days + days after it is replaced. (Introduced in 0.3.1.1-alpha; + prior versions of tor hardcoded both of these values to 7 days.) + + Hidden service v3 parameters: + "hs_intro_min_introduce2" + "hs_intro_max_introduce2" -- Minimum/maximum amount of INTRODUCE2 cells + allowed per circuits before rotation (actual + amount picked at random between these two values). + "hs_intro_min_lifetime" + "hs_intro_max_lifetime" -- Minimum/maximum lifetime in seconds that a service + should keep an intro point for (actual lifetime picked at + random between these two values). + "hs_intro_num_extra" -- Number of extra intro points a service is allowed to open. + This concept comes from proposal #155. + "hsdir_interval" -- The length of a time period. See rend-spec-v3.txt + section [TIME-PERIODS]. + "hsdir_n_replicas" -- Number of HS descriptor replicas. + "hsdir_spread_fetch" -- Total number of HSDirs per replica a tor client + should select to try to fetch a descriptor. + "hsdir_spread_store" -- Total number of HSDirs per replica a service + will upload its descriptor to. + "HSV3MaxDescriptorSize" -- Maximum descriptor size (in bytes). + + "hs_service_max_rdv_failures" -- This parameter determines the maximum + number of rendezvous attempt an HS service can make per introduction. + Min 1. Max 10. Default 2. + First-appeared: 0.3.3.0-alpha. + + Denial of Service mitigation parameters. Introduced in 0.3.3.2-alpha: + + "DoSCircuitCreationEnabled" -- Enable the circuit creation DoS + mitigation. + + "DoSCircuitCreationMinConnections" -- Minimum threshold of concurrent + connections before a client address can be flagged as executing a + circuit creation DoS + + "DoSCircuitCreationRate" -- Allowed circuit creation rate per second + per client IP address once the minimum concurrent connection + threshold is reached. + + "DoSCircuitCreationBurst" -- The allowed circuit creation burst per + client IP address once the minimum concurrent connection threshold is + reached. + + "DoSCircuitCreationDefenseType" -- Defense type applied to a detected + client address for the circuit creation mitigation. + + 1: No defense. + 2: Refuse circuit creation for the + DoSCircuitCreationDefenseTimePeriod period. + + "DoSCircuitCreationDefenseTimePeriod" -- The base time period that + the DoS defense is activated for. + + "DoSConnectionEnabled" -- Enable the connection DoS mitigation. + + "DoSConnectionMaxConcurrentCount" -- The maximum threshold of + concurrent connection from a client IP address. + + "DoSConnectionDefenseType" -- Defense type applied to a detected + client address for the connection mitigation. Possible values are: + + 1: No defense. + 2: Immediately close new connections. + + "DoSRefuseSingleHopClientRendezvous" -- Refuse establishment of + rendezvous points for single hop clients. + + "circ_max_cell_queue_size" -- This parameter determines the maximum + number of cells allowed per circuit queue. + Min 1000. Max 4294967295. Default 50000. + First-appeared: 0.3.3.6-rc. + + "circpad_max_circ_queued_cells" -- The circuitpadding module will + stop sending more padding cells if more than this many cells are in + the circuit queue a given circuit. Min: 0. Max: 50000. Default 1000. + First appeared: 0.4.0.3-alpha. + + "sendme_emit_min_version" -- Minimum SENDME version that can be sent. + Min: 0. Max: 255. Default 0. First + appeared: 0.4.1.1-alpha. + + "sendme_accept_min_version" -- Minimum SENDME version that is accepted. + Min: 0. Max: 255. Default 0. First + appeared: 0.4.1.1-alpha. + + "HiddenServiceEnableIntroDoSDefense" -- This parameter makes tor start + using this new proposed extension if available by the introduction + point (for protover HSIntro=5). Min: 0. Max: 1. Default: 0. First + appeared: 0.4.2.1-alpha.

1 0

[torspec/master] param-spec: reindent
by dgoulet＠torproject.org 06 Oct '20

06 Oct '20

commit 14cc126e3ee0a0287f3546ab8f026807161fcec2 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Sep 28 09:40:36 2020 -0400 param-spec: reindent --- param-spec.txt | 451 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 237 insertions(+), 214 deletions(-) diff --git a/param-spec.txt b/param-spec.txt index af0c0a3..bc28044 100644 --- a/param-spec.txt +++ b/param-spec.txt @@ -1,88 +1,87 @@ Tor network parameters -1. Network protocol parameters - - "circwindow" -- the default package window that circuits should - be established with. It started out at 1000 cells, but some - research indicates that a lower value would mean fewer cells in - transit in the network at any given time. - Min: 100, Max: 1000 - First-appeared: Tor 0.2.1.20 +This file lists the recognized parameters that can appear on the "params" +line of a directory consensus. - "refuseunknownexits" -- if set to one, exit relays look at - the previous hop of circuits that ask to open an exit stream, - and refuse to exit if they don't recognize it as a relay. The - goal is to make it harder for people to use them as one-hop - proxies. See trac entry 1751 for details. - Min: 0, Max: 1 - First-appeared: 0.2.2.17-alpha +1. Network protocol parameters + "circwindow" -- the default package window that circuits should be + established with. It started out at 1000 cells, but some research + indicates that a lower value would mean fewer cells in transit in the + network at any given time. + Min: 100, Max: 1000 + First-appeared: Tor 0.2.1.20 - "UseOptimisticData" -- If set to zero, clients by default - shouldn't try to send optimistic data to servers until they have - received a RELAY_CONNECTED cell. - Min: 0, Max: 1, Default: 1 - First-appeared: 0.2.3.3-alpha - Default was 0 before: 0.2.9.1-alpha + "refuseunknownexits" -- if set to one, exit relays look at the previous + hop of circuits that ask to open an exit stream, and refuse to exit if + they don't recognize it as a relay. The goal is to make it harder for + people to use them as one-hop proxies. See trac entry 1751 for details. + Min: 0, Max: 1 + First-appeared: 0.2.2.17-alpha - "usecreatefast" -- Used to control whether clients use the - CREATE_FAST handshake on the first hop of their circuits. - Min: 0, Max: 1. Default: 1. - First-appeared: 0.2.4.23, 0.2.5.2-alpha + "UseOptimisticData" -- If set to zero, clients by default shouldn't try + to send optimistic data to servers until they have received a + RELAY_CONNECTED cell. + Min: 0, Max: 1, Default: 1 + First-appeared: 0.2.3.3-alpha + Default was 0 before: 0.2.9.1-alpha - "min_paths_for_circs_pct" -- DOCDOC + "usecreatefast" -- Used to control whether clients use the CREATE_FAST + handshake on the first hop of their circuits. + Min: 0, Max: 1. Default: 1. + First-appeared: 0.2.4.23, 0.2.5.2-alpha + "min_paths_for_circs_pct" -- DOCDOC - "AllowNonearlyExtend" -- If true, permit EXTEND cells that are not - inside RELAY_EARLY cells. - Min: 0. Max: 1. Default: 0. - First-appeared: 0.2.3.11-alpha + "AllowNonearlyExtend" -- If true, permit EXTEND cells that are not inside + RELAY_EARLY cells. + Min: 0. Max: 1. Default: 0. + First-appeared: 0.2.3.11-alpha - "ExtendByEd25519ID" -- DOCDOC + "ExtendByEd25519ID" -- DOCDOC 2. Performance-tuning parameters - "CircuitPriorityHalflifeMsec" -- the halflife parameter used when - weighting which circuit will send the next cell. Obeyed by Tor - 0.2.2.10-alpha and later. (Versions of Tor between 0.2.2.7-alpha - and 0.2.2.10-alpha recognized a "CircPriorityHalflifeMsec" parameter, - but mishandled it badly.) - Min: -1, Max: 2147483647 (INT32_MAX) - First-appeared: Tor 0.2.2.11-alpha - - "perconnbwrate" and "perconnbwburst" -- if set, each relay sets - up a separate token bucket for every client OR connection, - and rate limits that connection indepedently. Typically left - unset, except when used for performance experiments around trac - entry 1750. Only honored by relays running Tor 0.2.2.16-alpha - and later. (Note that relays running 0.2.2.7-alpha through - 0.2.2.14-alpha looked for bwconnrate and bwconnburst, but then - did the wrong thing with them; see bug 1830 for details.) - Min: 1, Max: 2147483647 (INT32_MAX) - First-appeared: 0.2.2.7-alpha - Removed-in: 0.2.2.16-alpha - - "NumNTorsPerTAP" -- When balancing ntor and TAP cells at relays, - how many ntor handshakes should we perform for each TAP handshake? - Min: 1. Max: 100000. Default: 10. - First-appeared: 0.2.4.17-rc - - "circ_max_cell_queue_size" -- This parameter determines the maximum - number of cells allowed per circuit queue. - Min 1000. Max 4294967295. Default 50000. - First-appeared: 0.3.3.6-rc. - - - "sendme_emit_min_version" -- Minimum SENDME version that can be sent. - Min: 0. Max: 255. Default 0. First - appeared: 0.4.1.1-alpha. - - "sendme_accept_min_version" -- Minimum SENDME version that is accepted. - Min: 0. Max: 255. Default 0. First - appeared: 0.4.1.1-alpha. - + "CircuitPriorityHalflifeMsec" -- the halflife parameter used when + weighting which circuit will send the next cell. Obeyed by Tor + 0.2.2.10-alpha and later. (Versions of Tor between 0.2.2.7-alpha and + 0.2.2.10-alpha recognized a "CircPriorityHalflifeMsec" parameter, but + mishandled it badly.) + Min: -1, Max: 2147483647 (INT32_MAX) + First-appeared: Tor 0.2.2.11-alpha + + "perconnbwrate" and "perconnbwburst" -- if set, each relay sets up a + separate token bucket for every client OR connection, and rate limits + that connection indepedently. Typically left unset, except when used for + performance experiments around trac entry 1750. Only honored by relays + running Tor 0.2.2.16-alpha and later. (Note that relays running + 0.2.2.7-alpha through 0.2.2.14-alpha looked for bwconnrate and + bwconnburst, but then did the wrong thing with them; see bug 1830 for + details.) + Min: 1, Max: 2147483647 (INT32_MAX) + First-appeared: 0.2.2.7-alpha + Removed-in: 0.2.2.16-alpha + + "NumNTorsPerTAP" -- When balancing ntor and TAP cells at relays, + how many ntor handshakes should we perform for each TAP handshake? + Min: 1. Max: 100000. Default: 10. + First-appeared: 0.2.4.17-rc + + "circ_max_cell_queue_size" -- This parameter determines the maximum + number of cells allowed per circuit queue. + Min 1000. Max 4294967295. Default 50000. + First-appeared: 0.3.3.6-rc. + + + "sendme_emit_min_version" -- Minimum SENDME version that can be sent. + Min: 0. Max: 255. Default 0. First + appeared: 0.4.1.1-alpha. + + "sendme_accept_min_version" -- Minimum SENDME version that is accepted. + Min: 0. Max: 255. Default 0. First + appeared: 0.4.1.1-alpha. "KISTSchedRunInterval" -- DOCDOC @@ -91,227 +90,251 @@ 3. Voting-related parameters - "bwweightscale" -- Value that bandwidth-weights are divided by. If not - present then this defaults to 10000. - Min: 1 - First-appeared: 0.2.2.10-alpha - - "maxunmeasuredbw" -- Used by authorities during voting with - method 17 or later. The maximum value to give for any Bandwidth= - entry for a router that isn't based on at least three - measurements. - First-appeared: 0.2.4.11-alpha - - "FastFlagMinThreshold", "FastFlagMaxThreshold" -- lowest and - highest allowable values for the cutoff for routers that should get - the Fast flag. This is used during voting to prevent the threshold - for getting the Fast flag from being too low or too high. - FastFlagMinThreshold: Min: 4. Max: INT32_MAX: Default: 4. - FastFlagMaxThreshold: Min: -. Max: INT32_MAX: Default: INT32_MAX - First-appeared: 0.2.3.11-alpha - - "AuthDirNumSRVAgreements" -- Minimum number of agreeing directory - authority votes required for a fresh shared random value to be written - in the consensus (this rule only applies on the first commit round of - the shared randomness protocol). - Min: 1. Max: INT32_MAX. Default: 2/3 of the total number of - dirauth. + "bwweightscale" -- Value that bandwidth-weights are divided by. If not + present then this defaults to 10000. + Min: 1 + First-appeared: 0.2.2.10-alpha + + "maxunmeasuredbw" -- Used by authorities during voting with method 17 or + later. The maximum value to give for any Bandwidth= entry for a router + that isn't based on at least three measurements. + First-appeared: 0.2.4.11-alpha + + "FastFlagMinThreshold", "FastFlagMaxThreshold" -- lowest and highest + allowable values for the cutoff for routers that should get the Fast + flag. This is used during voting to prevent the threshold for getting + the Fast flag from being too low or too high. + FastFlagMinThreshold: Min: 4. Max: INT32_MAX: Default: 4. + FastFlagMaxThreshold: Min: -. Max: INT32_MAX: Default: INT32_MAX + First-appeared: 0.2.3.11-alpha + + "AuthDirNumSRVAgreements" -- Minimum number of agreeing directory + authority votes required for a fresh shared random value to be written in + the consensus (this rule only applies on the first commit round of the + shared randomness protocol). + Min: 1. Max: INT32_MAX. Default: 2/3 of the total number of + dirauth. 4. Circuit-build-timeout parameters - "cbtdisabled", "cbtnummodes", "cbtrecentcount", "cbtmaxtimeouts", - "cbtmincircs", "cbtquantile", "cbtclosequantile", "cbttestfreq", - "cbtmintimeout", "cbtlearntimeout", "cbtmaxopencircs", and - "cbtinitialtimeout" -- see "2.4.5. Consensus parameters governing - behavior" in path-spec.txt for a series of circuit build time related - consensus params. + "cbtdisabled", "cbtnummodes", "cbtrecentcount", "cbtmaxtimeouts", + "cbtmincircs", "cbtquantile", "cbtclosequantile", "cbttestfreq", + "cbtmintimeout", "cbtlearntimeout", "cbtmaxopencircs", and + "cbtinitialtimeout" -- see "2.4.5. Consensus parameters governing + behavior" in path-spec.txt for a series of circuit build time related + consensus parameters. 5. Directory-related parameters - "max-consensus-age-to-cache-for-diff" -- Determines how - much consensus history (in hours) relays should try to cache - in order to serve diffs. (min 0, max 8192, default 72) + "max-consensus-age-to-cache-for-diff" -- Determines how much + consensus history (in hours) relays should try to cache in order to + serve diffs. (min 0, max 8192, default 72) - "try-diff-for-consensus-newer-than" -- This parameter - determines how old a consensus can be (in hours) before a - client should no longer try to find a diff for it. (min 0, - max 8192, default 72) + "try-diff-for-consensus-newer-than" -- This parameter determines how + old a consensus can be (in hours) before a client should no longer + try to find a diff for it. (min 0, max 8192, default 72) 6. Pathbias parameters - "pb_mincircs", "pb_noticepct", "pb_warnpct", "pb_extremepct", - "pb_dropguards", "pb_scalecircs", "pb_scalefactor", - "pb_multfactor", "pb_minuse", "pb_noticeusepct", - "pb_extremeusepct", "pb_scaleuse" -- DOCDOC + "pb_mincircs", "pb_noticepct", "pb_warnpct", "pb_extremepct", + "pb_dropguards", "pb_scalecircs", "pb_scalefactor", + "pb_multfactor", "pb_minuse", "pb_noticeusepct", + "pb_extremeusepct", "pb_scaleuse" -- DOCDOC 7. Relay behavior + "onion-key-rotation-days" -- (min 1, max 90, default 28) + + "onion-key-grace-period-days" -- (min 1, max + onion-key-rotation-days, default 7) - onion key lifetime parameters: - "onion-key-rotation-days" -- (min 1, max 90, default 28) - "onion-key-grace-period-days" -- (min 1, max - onion-key-rotation-days, default 7) - Every relay should list each onion key it generates for - onion-key-rotation-days days after generating it, and then - replace it. Relays should continue to accept their most recent - previous onion key for an additional onion-key-grace-period-days - days after it is replaced. (Introduced in 0.3.1.1-alpha; - prior versions of tor hardcoded both of these values to 7 days.) + Every relay should list each onion key it generates for + onion-key-rotation-days days after generating it, and then + replace it. Relays should continue to accept their most recent + previous onion key for an additional onion-key-grace-period-days + days after it is replaced. (Introduced in 0.3.1.1-alpha; + prior versions of tor hardcoded both of these values to 7 days.) 8. V3 onion service parameters + "hs_intro_min_introduce2", "hs_intro_max_introduce2" -- + Minimum/maximum amount of INTRODUCE2 cells allowed per circuits + before rotation (actual amount picked at random between these two + values). + + "hs_intro_min_lifetime", "hs_intro_max_lifetime" -- Minimum/maximum + lifetime in seconds that a service should keep an intro point for + (actual lifetime picked at random between these two values). + + "hs_intro_num_extra" -- Number of extra intro points a service is + allowed to open. This concept comes from proposal #155. + + "hsdir_interval" -- The length of a time period. See + rend-spec-v3.txt section [TIME-PERIODS]. + + "hsdir_n_replicas" -- Number of HS descriptor replicas. + + "hsdir_spread_fetch" -- Total number of HSDirs per replica a tor + client should select to try to fetch a descriptor. + "hsdir_spread_store" -- Total number of HSDirs per replica a service + will upload its descriptor to. - Hidden service v3 parameters: - "hs_intro_min_introduce2" - "hs_intro_max_introduce2" -- Minimum/maximum amount of INTRODUCE2 cells - allowed per circuits before rotation (actual - amount picked at random between these two values). - "hs_intro_min_lifetime" - "hs_intro_max_lifetime" -- Minimum/maximum lifetime in seconds that a service - should keep an intro point for (actual lifetime picked at - random between these two values). - "hs_intro_num_extra" -- Number of extra intro points a service is allowed to open. - This concept comes from proposal #155. - "hsdir_interval" -- The length of a time period. See rend-spec-v3.txt - section [TIME-PERIODS]. - "hsdir_n_replicas" -- Number of HS descriptor replicas. - "hsdir_spread_fetch" -- Total number of HSDirs per replica a tor client - should select to try to fetch a descriptor. - "hsdir_spread_store" -- Total number of HSDirs per replica a service - will upload its descriptor to. - "HSV3MaxDescriptorSize" -- Maximum descriptor size (in bytes). - - "hs_service_max_rdv_failures" -- This parameter determines the maximum - number of rendezvous attempt an HS service can make per introduction. - Min 1. Max 10. Default 2. - First-appeared: 0.3.3.0-alpha. - - "HiddenServiceEnableIntroDoSDefense" -- This parameter makes tor start - using this new proposed extension if available by the introduction - point (for protover HSIntro=5). Min: 0. Max: 1. Default: 0. First - appeared: 0.4.2.1-alpha. + "HSV3MaxDescriptorSize" -- Maximum descriptor size (in bytes). + + "hs_service_max_rdv_failures" -- This parameter determines the + maximum number of rendezvous attempt an HS service can make per + introduction. Min 1. Max 10. Default 2. First-appeared: + 0.3.3.0-alpha. + + "HiddenServiceEnableIntroDoSDefense" -- This parameter makes tor + start using this new proposed extension if available by the + introduction point (for protover HSIntro=5). Min: 0. Max: + 1. Default: 0. First appeared: 0.4.2.1-alpha. "HiddenServiceEnableIntroDoSBurstPerSec" -- DOCDOC - "HiddenServiceEnableIntroDoSRatePerSec" -- DOCDOC + "HiddenServiceEnableIntroDoSRatePerSec" -- DOCDOC 9. Denial-of-service parameters - Denial of Service mitigation parameters. Introduced in 0.3.3.2-alpha: - - "DoSCircuitCreationEnabled" -- Enable the circuit creation DoS - mitigation. + Denial of Service mitigation parameters. Introduced in 0.3.3.2-alpha: - "DoSCircuitCreationMinConnections" -- Minimum threshold of concurrent - connections before a client address can be flagged as executing a - circuit creation DoS + "DoSCircuitCreationEnabled" -- Enable the circuit creation DoS + mitigation. - "DoSCircuitCreationRate" -- Allowed circuit creation rate per second - per client IP address once the minimum concurrent connection - threshold is reached. + "DoSCircuitCreationMinConnections" -- Minimum threshold of + concurrent connections before a client address can be flagged as + executing a circuit creation DoS - "DoSCircuitCreationBurst" -- The allowed circuit creation burst per - client IP address once the minimum concurrent connection threshold is - reached. + "DoSCircuitCreationRate" -- Allowed circuit creation rate per second + per client IP address once the minimum concurrent connection + threshold is reached. - "DoSCircuitCreationDefenseType" -- Defense type applied to a detected - client address for the circuit creation mitigation. + "DoSCircuitCreationBurst" -- The allowed circuit creation burst per + client IP address once the minimum concurrent connection threshold + is reached. - 1: No defense. - 2: Refuse circuit creation for the - DoSCircuitCreationDefenseTimePeriod period. + "DoSCircuitCreationDefenseType" -- Defense type applied to a + detected client address for the circuit creation mitigation. + 1: No defense. + 2: Refuse circuit creation for the length of + "DoSCircuitCreationDefenseTimePeriod". - "DoSCircuitCreationDefenseTimePeriod" -- The base time period that - the DoS defense is activated for. - "DoSConnectionEnabled" -- Enable the connection DoS mitigation. + "DoSCircuitCreationDefenseTimePeriod" -- The base time period that + the DoS defense is activated for. - "DoSConnectionMaxConcurrentCount" -- The maximum threshold of - concurrent connection from a client IP address. + "DoSConnectionEnabled" -- Enable the connection DoS mitigation. - "DoSConnectionDefenseType" -- Defense type applied to a detected - client address for the connection mitigation. Possible values are: + "DoSConnectionMaxConcurrentCount" -- The maximum threshold of + concurrent connection from a client IP address. - 1: No defense. - 2: Immediately close new connections. + "DoSConnectionDefenseType" -- Defense type applied to a detected + client address for the connection mitigation. Possible values are: + 1: No defense. + 2: Immediately close new connections. - "DoSRefuseSingleHopClientRendezvous" -- Refuse establishment of - rendezvous points for single hop clients. + "DoSRefuseSingleHopClientRendezvous" -- Refuse establishment of + rendezvous points for single hop clients. 10. Padding-related parameters - "circpad_max_circ_queued_cells" -- The circuitpadding module will - stop sending more padding cells if more than this many cells are in - the circuit queue a given circuit. Min: 0. Max: 50000. Default 1000. - First appeared: 0.4.0.3-alpha. + "circpad_max_circ_queued_cells" -- The circuitpadding module will + stop sending more padding cells if more than this many cells are in + the circuit queue a given circuit. + Min: 0. Max: 50000. Default 1000. + First appeared: 0.4.0.3-alpha. "circpad_global_allowed_cells" -- DOCDOC + "circpad_global_max_padding_pct" -- DOCDOC + "circpad_padding_disabled" -- DOCDOC + "circpad_padding_reduced" -- DOCDOC "nf_conntimeout_clients" -- DOCDOC + "nf_conntimeout_relays" -- DOCDOC + "nf_ito_high_reduced" -- DOCDOC + "nf_ito_low" -- DOCDOC + "nf_ito_low_reduced" -- DOCDOC + "nf_pad_before_usage" -- DOCDOC + "nf_pad_relays" -- DOCDOC + "nf_pad_single_onion" -- DOCDOC 11. Guard-related parameters "guard-confirmed-min-lifetime-days" -- DOCDOC + "guard-extreme-restriction-percent" -- DOCDOC + "guard-internet-likely-down-interval" -- DOCDOC + "guard-lifetime-days" -- DOCDOC + "guard-max-samlines" -- DOCDOC + "guard-max-sample-size" -- DOCDOC + "guard-meaningful-restriction-percent" -- DOCDOC + "guard-min-filtered-sample-size" -- DOCDOC + "guard-n-primary-dir-guards-to-use" -- DOCDOC + "guard-n-primary-guards" -- DOCDOC + "guard-n-primary-guards-to-use" -- DOCDOC + "guard-nonprimary-guard-connect-timeout" -- DOCDOC + "guard-nonprimary-guard-idle-timeout" -- DOCDOC + "guard-remove-unlisted-guards-after-days" -- DOCDOC 12. Relay behavior "assume-reachable" -- DOCDOC + "assume-reachable-ipv6" -- DOCDOC X. Obsolete parameters - "NumDirectoryGuards", "NumEntryGuards" -- Number of guard nodes - clients should use by default. If NumDirectoryGuards is 0, - we default to NumEntryGuards. - NumDirectoryGuards: Min: 0. Max: 10. Default: 0 - NumEntryGuards: Min: 1. Max: 10. Default: 3 - First-appeared: 0.2.4.23, 0.2.5.6-alpha - Removed in: 0.3.0 - - "GuardLifetime" -- Duration for which clients should choose guard - nodes, in seconds. - Min: 30 days. Max: 1826 days. Default: 60 days. - First-appeared: 0.2.4.12-alpha - Removed in: 0.3.0. - - "UseNTorHandshake" -- If true, then versions of Tor that support - NTor will prefer to use it by default. - Min: 0, Max: 1. Default: 1. - First-appeared: 0.2.4.8-alpha - Removed in: 0.2.9. - - "Support022HiddenServices" -- Used to implement a mass switch-over - from sending timestamps to hidden services by default to sending - no timestamps at all. If this option is absent, or is set to 1, - clients with the default configuration send timestamps; otherwise, - they do not. - Min: 0, Max: 1. Default: 1. - First-appeared: 0.2.4.18-rc - Removed in: 0.2.6 - + "NumDirectoryGuards", "NumEntryGuards" -- Number of guard nodes + clients should use by default. If NumDirectoryGuards is 0, we + default to NumEntryGuards. + NumDirectoryGuards: Min: 0. Max: 10. Default: 0 + NumEntryGuards: Min: 1. Max: 10. Default: 3 + First-appeared: 0.2.4.23, 0.2.5.6-alpha + Removed in: 0.3.0 + + "GuardLifetime" -- Duration for which clients should choose guard + nodes, in seconds. + Min: 30 days. Max: 1826 days. Default: 60 days. + First-appeared: 0.2.4.12-alpha + Removed in: 0.3.0. + + "UseNTorHandshake" -- If true, then versions of Tor that support + NTor will prefer to use it by default. + Min: 0, Max: 1. Default: 1. + First-appeared: 0.2.4.8-alpha + Removed in: 0.2.9. + + "Support022HiddenServices" -- Used to implement a mass switch-over + from sending timestamps to hidden services by default to sending no + timestamps at all. If this option is absent, or is set to 1, + clients with the default configuration send timestamps; otherwise, + they do not. + Min: 0, Max: 1. Default: 1. + First-appeared: 0.2.4.18-rc + Removed in: 0.2.6

1 0

[torspec/master] Add DOCDOC entries for all previously undocumented parameters
by dgoulet＠torproject.org 06 Oct '20

06 Oct '20

commit 6bc64f459ddb9d758901ccc55638cea2fc86fb77 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Sep 28 09:33:55 2020 -0400 Add DOCDOC entries for all previously undocumented parameters Also, note when we dropped support for the various obsolete options. --- param-spec.txt | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 51 insertions(+), 3 deletions(-) diff --git a/param-spec.txt b/param-spec.txt index 022a453..af0c0a3 100644 --- a/param-spec.txt +++ b/param-spec.txt @@ -39,6 +39,8 @@ Min: 0. Max: 1. Default: 0. First-appeared: 0.2.3.11-alpha + "ExtendByEd25519ID" -- DOCDOC + 2. Performance-tuning parameters @@ -82,6 +84,11 @@ appeared: 0.4.1.1-alpha. + "KISTSchedRunInterval" -- DOCDOC + + "UseGuardFraction" -- DOCDOC + + 3. Voting-related parameters "bwweightscale" -- Value that bandwidth-weights are divided by. If not @@ -186,6 +193,9 @@ point (for protover HSIntro=5). Min: 0. Max: 1. Default: 0. First appeared: 0.4.2.1-alpha. + "HiddenServiceEnableIntroDoSBurstPerSec" -- DOCDOC + "HiddenServiceEnableIntroDoSRatePerSec" -- DOCDOC + 9. Denial-of-service parameters @@ -237,6 +247,43 @@ the circuit queue a given circuit. Min: 0. Max: 50000. Default 1000. First appeared: 0.4.0.3-alpha. + "circpad_global_allowed_cells" -- DOCDOC + "circpad_global_max_padding_pct" -- DOCDOC + "circpad_padding_disabled" -- DOCDOC + "circpad_padding_reduced" -- DOCDOC + + "nf_conntimeout_clients" -- DOCDOC + "nf_conntimeout_relays" -- DOCDOC + "nf_ito_high_reduced" -- DOCDOC + "nf_ito_low" -- DOCDOC + "nf_ito_low_reduced" -- DOCDOC + "nf_pad_before_usage" -- DOCDOC + "nf_pad_relays" -- DOCDOC + "nf_pad_single_onion" -- DOCDOC + +11. Guard-related parameters + + + "guard-confirmed-min-lifetime-days" -- DOCDOC + "guard-extreme-restriction-percent" -- DOCDOC + "guard-internet-likely-down-interval" -- DOCDOC + "guard-lifetime-days" -- DOCDOC + "guard-max-samlines" -- DOCDOC + "guard-max-sample-size" -- DOCDOC + "guard-meaningful-restriction-percent" -- DOCDOC + "guard-min-filtered-sample-size" -- DOCDOC + "guard-n-primary-dir-guards-to-use" -- DOCDOC + "guard-n-primary-guards" -- DOCDOC + "guard-n-primary-guards-to-use" -- DOCDOC + "guard-nonprimary-guard-connect-timeout" -- DOCDOC + "guard-nonprimary-guard-idle-timeout" -- DOCDOC + "guard-remove-unlisted-guards-after-days" -- DOCDOC + +12. Relay behavior + + "assume-reachable" -- DOCDOC + "assume-reachable-ipv6" -- DOCDOC + X. Obsolete parameters "NumDirectoryGuards", "NumEntryGuards" -- Number of guard nodes @@ -245,16 +292,19 @@ X. Obsolete parameters NumDirectoryGuards: Min: 0. Max: 10. Default: 0 NumEntryGuards: Min: 1. Max: 10. Default: 3 First-appeared: 0.2.4.23, 0.2.5.6-alpha + Removed in: 0.3.0 "GuardLifetime" -- Duration for which clients should choose guard nodes, in seconds. Min: 30 days. Max: 1826 days. Default: 60 days. First-appeared: 0.2.4.12-alpha + Removed in: 0.3.0. "UseNTorHandshake" -- If true, then versions of Tor that support NTor will prefer to use it by default. Min: 0, Max: 1. Default: 1. First-appeared: 0.2.4.8-alpha + Removed in: 0.2.9. "Support022HiddenServices" -- Used to implement a mass switch-over from sending timestamps to hidden services by default to sending @@ -263,7 +313,5 @@ X. Obsolete parameters they do not. Min: 0, Max: 1. Default: 1. First-appeared: 0.2.4.18-rc - - - + Removed in: 0.2.6

1 0

[torspec/master] param-spec: add a bunch of miscellaneous documentation.
by dgoulet＠torproject.org 06 Oct '20

06 Oct '20

commit 0b03960f205439945cce6741ce534662c2e6d226 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Sep 28 09:59:12 2020 -0400 param-spec: add a bunch of miscellaneous documentation. --- param-spec.txt | 70 +++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 20 deletions(-) diff --git a/param-spec.txt b/param-spec.txt index bc28044..1eeba4c 100644 --- a/param-spec.txt +++ b/param-spec.txt @@ -32,14 +32,23 @@ line of a directory consensus. Min: 0, Max: 1. Default: 1. First-appeared: 0.2.4.23, 0.2.5.2-alpha - "min_paths_for_circs_pct" -- DOCDOC + "min_paths_for_circs_pct" -- A percentage threshold that determines + whether clients believe they have enough directory information to + build circuits. This value applies to the total fraction of + bandwidth-weighted paths that the client could build; see + path-spec.txt for more information. + Min: 25, Max: 95, Default: 60 + First-appeared: 0.2.4 "AllowNonearlyExtend" -- If true, permit EXTEND cells that are not inside RELAY_EARLY cells. Min: 0. Max: 1. Default: 0. First-appeared: 0.2.3.11-alpha - "ExtendByEd25519ID" -- DOCDOC + "ExtendByEd25519ID" -- If true, clients should include Ed25519 + identities for relays when generating EXTEND2 cells. + Min: 0. Max: 1. Default: 0. + First-appeared: 0.3.0 2. Performance-tuning parameters @@ -74,19 +83,20 @@ line of a directory consensus. Min 1000. Max 4294967295. Default 50000. First-appeared: 0.3.3.6-rc. - "sendme_emit_min_version" -- Minimum SENDME version that can be sent. - Min: 0. Max: 255. Default 0. First - appeared: 0.4.1.1-alpha. + Min: 0. Max: 255. Default 0. + First appeared: 0.4.1.1-alpha. "sendme_accept_min_version" -- Minimum SENDME version that is accepted. - Min: 0. Max: 255. Default 0. First - appeared: 0.4.1.1-alpha. - - "KISTSchedRunInterval" -- DOCDOC - - "UseGuardFraction" -- DOCDOC + Min: 0. Max: 255. Default 0. + First appeared: 0.4.1.1-alpha. + "KISTSchedRunInterval" -- How frequently should the "KIST" scheduler + run in order to decide which data to write to the network? Value in + units of milliseconds. If 0, then the KIST scheduler should be + disabled. + Min: 0. Max: 100. Default: 10. + First appeared: 0.3.2 3. Voting-related parameters @@ -185,17 +195,25 @@ line of a directory consensus. "hs_service_max_rdv_failures" -- This parameter determines the maximum number of rendezvous attempt an HS service can make per - introduction. Min 1. Max 10. Default 2. First-appeared: - 0.3.3.0-alpha. + introduction. + Min 1. Max 10. Default 2. + First-appeared: 0.3.3.0-alpha. "HiddenServiceEnableIntroDoSDefense" -- This parameter makes tor - start using this new proposed extension if available by the - introduction point (for protover HSIntro=5). Min: 0. Max: - 1. Default: 0. First appeared: 0.4.2.1-alpha. + start using this defense if the introduction point supports it + (for protover HSIntro=5). + Min: 0. Max: 1. Default: 0. + First appeared: 0.4.2.1-alpha. - "HiddenServiceEnableIntroDoSBurstPerSec" -- DOCDOC + "HiddenServiceEnableIntroDoSBurstPerSec" -- Maximum burst to be used + for token bucket for the introduction point rate-limiting. + Min: 0. Max: INT32_MAX. Default: 200 + First appeared: 0.4.2.1-alpha. - "HiddenServiceEnableIntroDoSRatePerSec" -- DOCDOC + "HiddenServiceEnableIntroDoSRatePerSec" -- Refill rate to be used + for token bucket for the introduction point rate-limiting. + Min: 0. Max: INT32_MAX. Default: 25 + First appeared: 0.4.2.1-alpha. 9. Denial-of-service parameters @@ -273,6 +291,11 @@ line of a directory consensus. 11. Guard-related parameters + "UseGuardFraction" -- If true, clients use `GuardFraction` + information from the consensus in order to decide how to weight + guards when picking them. + Min: 0. Max: 1. Default: 0. + First appeared: 0.2.6 "guard-confirmed-min-lifetime-days" -- DOCDOC @@ -304,9 +327,16 @@ line of a directory consensus. 12. Relay behavior - "assume-reachable" -- DOCDOC + "assume-reachable" -- If true, relays should publish descriptors + even when they cannot make a connection to their IPv4 ORPort. + Min: 0. Max: 1. Default: 0. + First appeared: 0.4.5.1-alpha. - "assume-reachable-ipv6" -- DOCDOC + "assume-reachable-ipv6" -- If true, relays should publish + descriptors even when they cannot make a connection to their IPv6 + ORPort. + Min: 0. Max: 1. Default: 0. + First appeared: 0.4.5.1-alpha. X. Obsolete parameters

1 0

[torspec/master] document guard-related parameters
by dgoulet＠torproject.org 06 Oct '20

06 Oct '20

commit e576760a2136f0efb917bf7fb47f4fe8a22cd7d9 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Sep 28 10:15:59 2020 -0400 document guard-related parameters --- param-spec.txt | 110 +++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 83 insertions(+), 27 deletions(-) diff --git a/param-spec.txt b/param-spec.txt index 1eeba4c..e2b23f0 100644 --- a/param-spec.txt +++ b/param-spec.txt @@ -291,39 +291,95 @@ line of a directory consensus. 11. Guard-related parameters + (See guard-spec.txt for more information on the vocabulary used here.) + "UseGuardFraction" -- If true, clients use `GuardFraction` information from the consensus in order to decide how to weight guards when picking them. Min: 0. Max: 1. Default: 0. First appeared: 0.2.6 - "guard-confirmed-min-lifetime-days" -- DOCDOC - - "guard-extreme-restriction-percent" -- DOCDOC - - "guard-internet-likely-down-interval" -- DOCDOC - - "guard-lifetime-days" -- DOCDOC - - "guard-max-samlines" -- DOCDOC - - "guard-max-sample-size" -- DOCDOC - - "guard-meaningful-restriction-percent" -- DOCDOC - - "guard-min-filtered-sample-size" -- DOCDOC - - "guard-n-primary-dir-guards-to-use" -- DOCDOC - - "guard-n-primary-guards" -- DOCDOC - - "guard-n-primary-guards-to-use" -- DOCDOC - - "guard-nonprimary-guard-connect-timeout" -- DOCDOC - - "guard-nonprimary-guard-idle-timeout" -- DOCDOC - - "guard-remove-unlisted-guards-after-days" -- DOCDOC + "guard-lifetime-days" -- Controls guard lifetime. If a unconfirmed + guard has been sampled more than this many days ago, it should be + removed from the guard sample. + Min: 1. Max: 3650. Default: 120. + First appeared: 0.3.0 + + "guard-confirmed-min-lifetime-days" -- Controls confirmed guard + lifetime: if a guard was confirmed more than this many days ago, it + should be removed from the guard sample. + Min: 1. Max: 3650. Default: 60. + First appeared: 0.3.0 + + "guard-internet-likely-down-interval" -- If Tor has been unable to + build a circuit for this long (in seconds), assume that the internet + connection is down, and treat guard failures as unproven. + Min: 1. Max: INT32_MAX. Default: 600. + First appeared: 0.3.0 + + "guard-max-sample-size" -- Largest number of guards that clients + should try to collect in their sample. + Min: 1. Max: INT32_MAX. Default: 60. + First appeared: 0.3.0 + + "guard-max-sample-threshold-percent" -- Largest bandwidth-weighted + fraction of guards that clients should try to collect in their + sample. + Min: 1. Max: 100. Default: 20. + First appeared: 0.3.0 + + "guard-meaningful-restriction-percent" -- If the client has + configured tor to exclude so many guards that the available guard + bandwidth is less than this percentage of the total, treat the guard + sample as "restricted", and keep it in a separate sample. + Min: 1. Max: 100. Default: 20. + First appeared: 0.3.0 + + "guard-extreme-restriction-percent" -- Warn the user if they have + configured tor to exclude so many guards that the available guard + bandwidth is less than this percentage of the total. + Min: 1. Max: INT32_MAX. Default: 1. + First appeared: 0.3.0 + + "guard-min-filtered-sample-size" -- If fewer than this number of + guards is available in the sample after filtering out unusable + guards, the client should try to add more guards to the sample (if + allowed). + Min: 1. Max: INT32_MAX. Default: 20. + First appeared: 0.3.0 + + "guard-n-primary-guards" -- The number of confirmed guards that the + client should treat as "primary guards". + Min: 1. Max: INT32_MAX. Default: 3. + First appeared: 0.3.0 + + "guard-n-primary-guards-to-use", "guard-n-primary-dir-guards-to-use" + -- number of primary guards and primary directory guards that the + client should be willing to use in parallel. Other primary guards + won't get used unless the earlier ones are down. + "guard-n-primary-guards-to-use": + Min 1, Max INT32_MAX: Default: 1. + "guard-n-primary-dir-guards-to-use" + Min 1, Max INT32_MAX: Default: 3. + First appeared: 0.3.0 + + "guard-nonprimary-guard-connect-timeout" -- When trying to confirm + nonprimary guards, if a guard doesn't answer for more than this long + in seconds, treat lower-priority guards as usable. + Min: 1. Max: INT32_MAX. Default: 15 + First appeared: 0.3.0 + + "guard-nonprimary-guard-idle-timeout" -- When trying to confirm + nonprimary guards, if a guard doesn't answer for more than this long + in seconds, treat it as down. + Min: 1. Max: INT32_MAX. Default: 600 + First appeared: 0.3.0 + + "guard-remove-unlisted-guards-after-days" -- If a guard has been + unlisted in the consensus for at least this many days, remove it + from the sample. + Min: 1. Max: 3650. Default: 20. + First appeared: 0.3.0 12. Relay behavior

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits October 2020