commit d854d25405b642f7dbc3ddb98ffd3524f03da40c Author: Damian Johnson atagar@torproject.org Date: Sat Nov 12 11:19:13 2016 -0800
Update manual integ tests
One trouble with the ONLINE testing target is that it's run so infrequently. Tor manual changes are causing a few assertion failures. Correcting them. --- stem/cached_tor_manual.cfg | 47 +++++++++++++++++++++++----------------------- test/integ/manual.py | 16 ++++++++-------- 2 files changed, 32 insertions(+), 31 deletions(-)
diff --git a/stem/cached_tor_manual.cfg b/stem/cached_tor_manual.cfg index 5b02091..0dbb6de 100644 --- a/stem/cached_tor_manual.cfg +++ b/stem/cached_tor_manual.cfg @@ -6,8 +6,8 @@ description |Basically, Tor provides a distributed network of servers or relays ("onion routers"). Users bounce their TCP streams -- web traffic, ftp, ssh, etc. -- around the network, and recipients, observers, and even the relays themselves have difficulty tracking the source of the stream. | |By default, tor will act as a client only. To help the network by providing bandwidth as a relay, change the ORPort configuration option -- see below. Please also consult the documentation on the Tor Project's website. -man_commit 59247314d511022d9d2ec6b3b7c6d6263e72f44c -stem_commit a30ef3e8398a160566e818f18fdcffe45a8762e6 +man_commit 7dee70c3e1e12389a15c6f5bb4e41c9adeaaf054 +stem_commit 058fb76c9ba57676df3c209dfed6996ffb565257 commandline_options -f FILE => Specify a new configuration file to contain further Tor configuration options OR pass - to make Tor read its configuration from standard input. (Default: @CONFDIR@/torrc, or $HOME/.torrc if that file is not found) commandline_options --ignore-missing-torrc => Specifies that Tor should treat a missing torrc file as though it were empty. Ordinarily, Tor does this for missing default torrc files, but not for those specified on the command line. commandline_options --list-deprecated-options => List all valid options that are scheduled to become obsolete in a future version. (This is a warning, not a promise.) @@ -35,6 +35,7 @@ signals SIGTERM => Tor will catch this, clean up and sync to disk if necessary, signals SIGXFSZ => If this signal exists on your platform, Tor catches and ignores it. files DataDirectory/lock => This file is used to prevent two Tor instances from using same data directory. If access to this file is locked, data directory is already in use by Tor. files DataDirectory/stats/dirreq-stats => Only used by directory caches and authorities. This file is used to collect directory request statistics. +files HiddenServiceDirectory/onion_service_non_anonymous => This file is present if a hidden service key was created in HiddenServiceNonAnonymousMode. files DataDirectory/hashed-fingerprint => Only used by bridges. Holds the hashed fingerprint of the bridge's identity key. (That is, the hash of the hash of the identity key.) files @CONFDIR@/torrc => The configuration file, which contains "option value" pairs. files DataDirectory/keys/secret_onion_key => A relay's RSA1024 short-term onion key. Used to decrypt old-style ("TAP") circuit extension requests. @@ -743,7 +744,7 @@ config_options.DirCache.summary Provide cached descriptor information to other t config_options.DirCache.description When this option is set, Tor caches all current directory documents and accepts client requests for them. Setting DirPort is not required for this, because clients connect via the ORPort by default. Setting either DirPort or BridgeRelay and setting DirCache to 0 is not supported. (Default: 1) config_options.BandwidthRate.category General config_options.BandwidthRate.name BandwidthRate -config_options.BandwidthRate.usage N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits +config_options.BandwidthRate.usage N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits config_options.BandwidthRate.summary Average bandwidth usage limit config_options.BandwidthRate.description |A token bucket limits the average incoming bandwidth usage on this node to the specified number of bytes per second, and the average outgoing bandwidth usage to that same value. If you want to run a relay in the public network, this needs to be at the very least 75 KBytes for a relay (that is, 600 kbits) or 50 KBytes for a bridge (400 kbits) -- but of course, more is better; we recommend at least 250 KBytes (2 mbits) if possible. (Default: 1 GByte) @@ -751,32 +752,32 @@ config_options.BandwidthRate.description |With this option, and in other options that take arguments in bytes, KBytes, and so on, other formats are also supported. Notably, "KBytes" can also be written as "kilobytes" or "kb"; "MBytes" can be written as "megabytes" or "MB"; "kbits" can be written as "kilobits"; and so forth. Tor also accepts "byte" and "bit" in the singular. The prefixes "tera" and "T" are also recognized. If no units are given, we default to bytes. To avoid confusion, we recommend writing "bytes" or "bits" explicitly, since it's easy to forget that "B" means bytes, not bits. config_options.BandwidthBurst.category General config_options.BandwidthBurst.name BandwidthBurst -config_options.BandwidthBurst.usage N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits +config_options.BandwidthBurst.usage N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits config_options.BandwidthBurst.summary Maximum bandwidth usage limit config_options.BandwidthBurst.description Limit the maximum token bucket size (also known as the burst) to the given number of bytes in each direction. (Default: 1 GByte) config_options.MaxAdvertisedBandwidth.category General config_options.MaxAdvertisedBandwidth.name MaxAdvertisedBandwidth -config_options.MaxAdvertisedBandwidth.usage N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits +config_options.MaxAdvertisedBandwidth.usage N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits config_options.MaxAdvertisedBandwidth.summary Limit for the bandwidth we advertise as being available for relaying config_options.MaxAdvertisedBandwidth.description If set, we will not advertise more than this amount of bandwidth for our BandwidthRate. Server operators who want to reduce the number of clients who ask to build circuits through them (since this is proportional to advertised bandwidth rate) can thus reduce the CPU demands on their server without impacting network performance. config_options.RelayBandwidthRate.category General config_options.RelayBandwidthRate.name RelayBandwidthRate -config_options.RelayBandwidthRate.usage N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits +config_options.RelayBandwidthRate.usage N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits config_options.RelayBandwidthRate.summary Average bandwidth usage limit for relaying config_options.RelayBandwidthRate.description If not 0, a separate token bucket limits the average incoming bandwidth usage for _relayed traffic_ on this node to the specified number of bytes per second, and the average outgoing bandwidth usage to that same value. Relayed traffic currently is calculated to include answers to directory requests, but that may change in future versions. (Default: 0) config_options.RelayBandwidthBurst.category General config_options.RelayBandwidthBurst.name RelayBandwidthBurst -config_options.RelayBandwidthBurst.usage N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits +config_options.RelayBandwidthBurst.usage N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits config_options.RelayBandwidthBurst.summary Maximum bandwidth usage limit for relaying config_options.RelayBandwidthBurst.description If not 0, limit the maximum token bucket size (also known as the burst) for _relayed traffic_ to the given number of bytes in each direction. (Default: 0) config_options.PerConnBWRate.category General config_options.PerConnBWRate.name PerConnBWRate -config_options.PerConnBWRate.usage N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits +config_options.PerConnBWRate.usage N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits config_options.PerConnBWRate.summary Average relayed bandwidth limit per connection config_options.PerConnBWRate.description If set, do separate rate limiting for each connection from a non-relay. You should never need to change this value, since a network-wide value is published in the consensus and your relay will use that value. (Default: 0) config_options.PerConnBWBurst.category General config_options.PerConnBWBurst.name PerConnBWBurst -config_options.PerConnBWBurst.usage N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits +config_options.PerConnBWBurst.usage N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits config_options.PerConnBWBurst.summary Maximum relayed bandwidth limit per connection config_options.PerConnBWBurst.description If set, do separate rate limiting for each connection from a non-relay. You should never need to change this value, since a network-wide value is published in the consensus and your relay will use that value. (Default: 0) config_options.ClientTransportPlugin.category General @@ -1066,7 +1067,7 @@ config_options.LogMessageDomains.summary Includes a domain when logging messages config_options.LogMessageDomains.description If 1, Tor includes message domains with each log message. Every log message currently has at least one domain; most currently have exactly one. This doesn't affect controller log messages. (Default: 0) config_options.MaxUnparseableDescSizeToLog.category General config_options.MaxUnparseableDescSizeToLog.name MaxUnparseableDescSizeToLog -config_options.MaxUnparseableDescSizeToLog.usage N bytes|KBytes|MBytes|GBytes +config_options.MaxUnparseableDescSizeToLog.usage N bytes|KBytes|MBytes|GBytes|TBytes config_options.MaxUnparseableDescSizeToLog.summary Size of the dedicated log for unparseable descriptors config_options.MaxUnparseableDescSizeToLog.description Unparseable descriptors (e.g. for votes, consensuses, routers) are logged in separate files by hash, up to the specified size in total. Note that only files logged during the lifetime of this Tor process count toward the total; this is intended to be used to debug problems without opening live servers to resource exhaustion attacks. (Default: 10 MB) config_options.OutboundBindAddress.category General @@ -1230,12 +1231,12 @@ config_options.ExitPolicy.description config_options.ExitPolicyRejectPrivate.category Relay config_options.ExitPolicyRejectPrivate.name ExitPolicyRejectPrivate config_options.ExitPolicyRejectPrivate.usage 0|1 -config_options.ExitPolicyRejectPrivate.summary Prevent exiting connection on the local network +config_options.ExitPolicyRejectPrivate.summary Prevent exiting on the local network config_options.ExitPolicyRejectPrivate.description Reject all private (local) networks, along with the relay's advertised public IPv4 and IPv6 addresses, at the beginning of your exit policy. See above entry on ExitPolicy. (Default: 1) config_options.ExitPolicyRejectLocalInterfaces.category Relay config_options.ExitPolicyRejectLocalInterfaces.name ExitPolicyRejectLocalInterfaces config_options.ExitPolicyRejectLocalInterfaces.usage 0|1 -config_options.ExitPolicyRejectLocalInterfaces.summary +config_options.ExitPolicyRejectLocalInterfaces.summary More extensive prevention of exiting on the local network config_options.ExitPolicyRejectLocalInterfaces.description Reject all IPv4 and IPv6 addresses that the relay knows about, at the beginning of your exit policy. This includes any OutboundBindAddress, the bind addresses of any port options, such as ControlPort or DNSPort, and any public IPv4 and IPv6 addresses on any interface on the relay. (If IPv6Exit is not set, all IPv6 addresses will be rejected anyway.) See above entry on ExitPolicy. This option is off by default, because it lists all public relay IP addresses in the ExitPolicy, even those relay operators might prefer not to disclose. (Default: 0) config_options.IPv6Exit.category Relay config_options.IPv6Exit.name IPv6Exit @@ -1336,7 +1337,7 @@ config_options.HeartbeatPeriod.summary Rate at which an INFO level heartbeat mes config_options.HeartbeatPeriod.description Log a heartbeat message every HeartbeatPeriod seconds. This is a log level notice message, designed to let you know your Tor server is still alive and doing useful things. Settings this to 0 will disable the heartbeat. Otherwise, it must be at least 30 minutes. (Default: 6 hours) config_options.AccountingMax.category Relay config_options.AccountingMax.name AccountingMax -config_options.AccountingMax.usage N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits|TBytes +config_options.AccountingMax.usage N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits config_options.AccountingMax.summary Amount of traffic before hibernating config_options.AccountingMax.description Limits the max number of bytes sent and received within a set time period using a given calculation rule (see: AccountingStart, AccountingRule). Useful if you need to stay under a specific bandwidth. By default, the number used for calculation is the max of either the bytes sent or received. For example, with AccountingMax set to 1 GByte, a server could send 900 MBytes and receive 800 MBytes and continue running. It will only hibernate once one of the two reaches 1 GByte. This can be changed to use the sum of the both bytes received and sent by setting the AccountingRule option to "sum" (total bandwidth in/out). When the number of bytes remaining gets low, Tor will stop accepting new connections and circuits. When the number of bytes is exhausted, Tor will hibernate until some time in the next accounting period. To prevent all servers from waking at the same time, Tor will also wait until a random point in each period before waking up. If you have bandwidth cost issues, enabling hibernation is preferable to setting a low bandwidth, since it provides users with a collection of fast servers that are up some of the time, which is more useful than a set of slow servers that are always "available". config_options.AccountingRule.category Relay @@ -1457,7 +1458,7 @@ config_options.MaxMemInQueues.description This option configures a threshold abo config_options.DisableOOSCheck.category Relay config_options.DisableOOSCheck.name DisableOOSCheck config_options.DisableOOSCheck.usage 0|1 -config_options.DisableOOSCheck.summary +config_options.DisableOOSCheck.summary Don't close connections when running out of sockets config_options.DisableOOSCheck.description This option disables the code that closes connections when Tor notices that it is running low on sockets. Right now, it is on by default, since the existing out-of-sockets mechanism tends to kill OR connections more than it should. (Default: 1) config_options.SigningKeyLifetime.category Relay config_options.SigningKeyLifetime.name SigningKeyLifetime @@ -1473,7 +1474,7 @@ config_options.HiddenServiceDir.category Hidden Service config_options.HiddenServiceDir.name HiddenServiceDir config_options.HiddenServiceDir.usage DIRECTORY config_options.HiddenServiceDir.summary Directory contents for the hidden service -config_options.HiddenServiceDir.description Store data files for a hidden service in DIRECTORY. Every hidden service must have a separate directory. You may use this option multiple times to specify multiple services. DIRECTORY must be an existing directory. (Note: in current versions of Tor, if DIRECTORY is a relative path, it will be relative to current working directory of Tor instance, not to its DataDirectory. Do not rely on this behavior; it is not guaranteed to remain the same in future versions.) +config_options.HiddenServiceDir.description Store data files for a hidden service in DIRECTORY. Every hidden service must have a separate directory. You may use this option multiple times to specify multiple services. If DIRECTORY does not exist, Tor will create it. (Note: in current versions of Tor, if DIRECTORY is a relative path, it will be relative to the current working directory of Tor instance, not to its DataDirectory. Do not rely on this behavior; it is not guaranteed to remain the same in future versions.) config_options.HiddenServicePort.category Hidden Service config_options.HiddenServicePort.name HiddenServicePort config_options.HiddenServicePort.usage VIRTPORT [TARGET] @@ -1527,7 +1528,7 @@ config_options.HiddenServiceNumIntroductionPoints.description Number of introduc config_options.HiddenServiceSingleHopMode.category Hidden Service config_options.HiddenServiceSingleHopMode.name HiddenServiceSingleHopMode config_options.HiddenServiceSingleHopMode.usage 0|1 -config_options.HiddenServiceSingleHopMode.summary +config_options.HiddenServiceSingleHopMode.summary Allow non-anonymous single hop hidden services config_options.HiddenServiceSingleHopMode.description |Experimental - Non Anonymous Hidden Services on a tor instance in HiddenServiceSingleHopMode make one-hop (direct) circuits between the onion service server, and the introduction and rendezvous points. (Onion service descriptors are still posted using 3-hop paths, to avoid onion service directories blocking the service.) This option makes every hidden service instance hosted by a tor instance a Single Onion Service. One-hop circuits make Single Onion servers easily locatable, but clients remain location-anonymous. However, the fact that a client is accessing a Single Onion rather than a Hidden Service may be statistically distinguishable. | @@ -1546,8 +1547,8 @@ config_options.HiddenServiceSingleHopMode.description config_options.HiddenServiceNonAnonymousMode.category Hidden Service config_options.HiddenServiceNonAnonymousMode.name HiddenServiceNonAnonymousMode config_options.HiddenServiceNonAnonymousMode.usage 0|1 -config_options.HiddenServiceNonAnonymousMode.summary -config_options.HiddenServiceNonAnonymousMode.description Makes hidden services non-anonymous on this tor instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables direct connections in the server-side hidden service protocol. (Default: 0) +config_options.HiddenServiceNonAnonymousMode.summary Enables HiddenServiceSingleHopMode to be set +config_options.HiddenServiceNonAnonymousMode.description Makes hidden services non-anonymous on this tor instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables direct connections in the server-side hidden service protocol. If you are using this option, you need to disable all client-side services on your Tor instance, including setting SOCKSPort to "0". (Default: 0) config_options.TestingTorNetwork.category Testing config_options.TestingTorNetwork.name TestingTorNetwork config_options.TestingTorNetwork.usage 0|1 @@ -1629,7 +1630,7 @@ config_options.TestingEstimatedDescriptorPropagationTime.summary Delay before cl config_options.TestingEstimatedDescriptorPropagationTime.description Clients try downloading server descriptors from directory caches after this time. Changing this requires that TestingTorNetwork is set. (Default: 10 minutes) config_options.TestingMinFastFlagThreshold.category Testing config_options.TestingMinFastFlagThreshold.name TestingMinFastFlagThreshold -config_options.TestingMinFastFlagThreshold.usage N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits +config_options.TestingMinFastFlagThreshold.usage N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits config_options.TestingMinFastFlagThreshold.summary Minimum value for the Fast flag config_options.TestingMinFastFlagThreshold.description Minimum value for the Fast flag. Overrides the ordinary minimum taken from the consensus when TestingTorNetwork is set. (Default: 0.) config_options.TestingServerDownloadSchedule.category Testing @@ -1752,7 +1753,7 @@ config_options.TestingEnableTbEmptyEvent.summary Allow controllers to request TB config_options.TestingEnableTbEmptyEvent.description If this option is set, then Tor controllers may register for TB_EMPTY events. Changing this requires that TestingTorNetwork is set. (Default: 0) config_options.TestingMinExitFlagThreshold.category Testing config_options.TestingMinExitFlagThreshold.name TestingMinExitFlagThreshold -config_options.TestingMinExitFlagThreshold.usage N KBytes|MBytes|GBytes|KBits|MBits|GBits +config_options.TestingMinExitFlagThreshold.usage N KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits config_options.TestingMinExitFlagThreshold.summary Lower bound for assigning the Exit flag config_options.TestingMinExitFlagThreshold.description Sets a lower-bound for assigning an exit flag when running as an authority on a testing network. Overrides the usual default lower bound of 4 KB. (Default: 0) config_options.TestingLinkCertLifetime.category Testing @@ -1885,12 +1886,12 @@ config_options.AuthDirMaxServersPerAuthAddr.summary Limit on the number of relay config_options.AuthDirMaxServersPerAuthAddr.description Authoritative directories only. Like AuthDirMaxServersPerAddr, but applies to addresses shared with directory authorities. (Default: 5) config_options.AuthDirFastGuarantee.category Authority config_options.AuthDirFastGuarantee.name AuthDirFastGuarantee -config_options.AuthDirFastGuarantee.usage N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits +config_options.AuthDirFastGuarantee.usage N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits config_options.AuthDirFastGuarantee.summary Advertised rate at which the Fast flag is granted config_options.AuthDirFastGuarantee.description Authoritative directories only. If non-zero, always vote the Fast flag for any relay advertising this amount of capacity or more. (Default: 100 KBytes) config_options.AuthDirGuardBWGuarantee.category Authority config_options.AuthDirGuardBWGuarantee.name AuthDirGuardBWGuarantee -config_options.AuthDirGuardBWGuarantee.usage N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits +config_options.AuthDirGuardBWGuarantee.usage N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits config_options.AuthDirGuardBWGuarantee.summary Advertised rate necessary to be a guard config_options.AuthDirGuardBWGuarantee.description Authoritative directories only. If non-zero, this advertised capacity or more is always sufficient to satisfy the bandwidth requirement for the Guard flag. (Default: 2 MBytes) config_options.AuthDirPinKeys.category Authority @@ -1901,7 +1902,7 @@ config_options.AuthDirPinKeys.description Authoritative directories only. If non config_options.AuthDirSharedRandomness.category Authority config_options.AuthDirSharedRandomness.name AuthDirSharedRandomness config_options.AuthDirSharedRandomness.usage 0|1 -config_options.AuthDirSharedRandomness.summary +config_options.AuthDirSharedRandomness.summary Participates in shared randomness voting config_options.AuthDirSharedRandomness.description Authoritative directories only. Switch for the shared random protocol. If zero, the authority won't participate in the protocol. If non-zero (default), the flag "shared-rand-participate" is added to the authority vote indicating participation in the protocol. (Default: 1) config_options.BridgePassword.category Authority config_options.BridgePassword.name BridgePassword diff --git a/test/integ/manual.py b/test/integ/manual.py index 62222f5..e3ab3df 100644 --- a/test/integ/manual.py +++ b/test/integ/manual.py @@ -34,7 +34,7 @@ EXPECTED_CATEGORIES = set([ 'AUTHORS', ])
-EXPECTED_CLI_OPTIONS = set(['-h, -help', '-f FILE', '--allow-missing-torrc', '--defaults-torrc FILE', '--ignore-missing-torrc', '--hash-password PASSWORD', '--list-fingerprint', '--verify-config', '--service install [--options command-line options]', '--service remove|start|stop', '--nt-service', '--keygen [--newpass]', '--list-torrc-options', '--version', '--quiet|--hush']) +EXPECTED_CLI_OPTIONS = set(['-f FILE', '--hash-password PASSWORD', '--ignore-missing-torrc', '--defaults-torrc FILE', '--list-fingerprint', '--list-deprecated-options', '--allow-missing-torrc', '--nt-service', '--verify-config', '--service remove|start|stop', '--passphrase-fd FILEDES', '--keygen [--newpass]', '--list-torrc-options', '--service install [--options command-line options]', '--quiet|--hush', '--version', '-h, -help']) EXPECTED_SIGNALS = set(['SIGTERM', 'SIGINT', 'SIGHUP', 'SIGUSR1', 'SIGUSR2', 'SIGCHLD', 'SIGPIPE', 'SIGXFSZ'])
EXPECTED_DESCRIPTION = """ @@ -42,7 +42,7 @@ Tor is a connection-oriented anonymizing communication service. Users choose a s
Basically, Tor provides a distributed network of servers or relays ("onion routers"). Users bounce their TCP streams -- web traffic, ftp, ssh, etc. -- around the network, and recipients, observers, and even the relays themselves have difficulty tracking the source of the stream.
-By default, tor will only act as a client only. To help the network by providing bandwidth as a relay, change the ORPort configuration option -- see below. Please also consult the documentation on the Tor Project's website. +By default, tor will act as a client only. To help the network by providing bandwidth as a relay, change the ORPort configuration option -- see below. Please also consult the documentation on the Tor Project's website. """.strip()
EXPECTED_FILE_DESCRIPTION = 'Specify a new configuration file to contain further Tor configuration options OR pass - to make Tor read its configuration from standard input. (Default: @CONFDIR@/torrc, or $HOME/.torrc if that file is not found)' @@ -50,7 +50,7 @@ EXPECTED_FILE_DESCRIPTION = 'Specify a new configuration file to contain further EXPECTED_BANDWIDTH_RATE_DESCRIPTION = 'A token bucket limits the average incoming bandwidth usage on this node to the specified number of bytes per second, and the average outgoing bandwidth usage to that same value. If you want to run a relay in the public network, this needs to be at the very least 75 KBytes for a relay (that is, 600 kbits) or 50 KBytes for a bridge (400 kbits) -- but of course, more is better; we recommend at least 250 KBytes (2 mbits) if possible. (Default: 1 GByte)\n\nWith this option, and in other options that take arguments in bytes, KBytes, and so on, other formats are also supported. Notably, "KBytes" can also be written as "kilobytes" or "kb"; "MBytes" can be written as "megabytes" or "MB"; "kbits" can be written as "kilobits"; and so forth. Tor also accepts "byte" and "bit" in the singular. The prefixes "tera" and "T" are also recognized. If no units are given, we default to bytes. To avoid confusion, we recommend writing "bytes" or "bits" explicitly, sin ce it's easy to forget that "B" means bytes, not bits.'
-EXPECTED_EXIT_POLICY_DESCRIPTION = """\ +EXPECTED_EXIT_POLICY_DESCRIPTION = """ Set an exit policy for this server. Each policy is of the form "accept[6]|reject[6] ADDR[/MASK][:PORT]". If /MASK is omitted then this policy just applies to the host given. Instead of giving a host or network you can also use "*" to denote the universe (0.0.0.0/0 and ::/128), or *4 to denote all IPv4 addresses, and *6 to denote all IPv6 addresses. PORT can be a single port number, an interval of ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted, that means "*".
For example, "accept 18.7.22.69:*,reject 18.0.0.0/8:*,accept *:*" would reject any IPv4 traffic destined for MIT except for web.mit.edu, and accept any other IPv4 or IPv6 traffic. @@ -61,7 +61,7 @@ accept6 and reject6 only produce IPv6 exit policy entries. Using an IPv4 address
To specify all IPv4 and IPv6 internal and link-local networks (including 0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, [::]/8, [FC00::]/7, [FE80::]/10, [FEC0::]/10, [FF00::]/8, and [::]/127), you can use the "private" alias instead of an address. ("private" always produces rules for IPv4 and IPv6 addresses, even when used with accept6/reject6.)
-Private addresses are rejected by default (at the beginning of your exit policy), along with any configured primary public IPv4 and IPv6 addresses, and any public IPv4 and IPv6 addresses on any interface on the relay. These private addresses are rejected unless you set the ExitPolicyRejectPrivate config option to 0. For example, once you've done that, you could allow HTTP to 127.0.0.1 and block all other connections to internal networks with "accept 127.0.0.1:80,reject private:*", though that may also allow connections to your own computer that are addressed to its public (external) IP address. See RFC 1918 and RFC 3330 for more details about internal and reserved IP address space. +Private addresses are rejected by default (at the beginning of your exit policy), along with any configured primary public IPv4 and IPv6 addresses. These private addresses are rejected unless you set the ExitPolicyRejectPrivate config option to 0. For example, once you've done that, you could allow HTTP to 127.0.0.1 and block all other connections to internal networks with "accept 127.0.0.1:80,reject private:*", though that may also allow connections to your own computer that are addressed to its public (external) IP address. See RFC 1918 and RFC 3330 for more details about internal and reserved IP address space. See ExitPolicyRejectLocalInterfaces if you want to block every address on the relay, even those that aren't advertised in the descriptor.
This directive can be specified multiple times so you don't have to put it all on one line.
@@ -80,8 +80,8 @@ Policies are considered first to last, and the first match wins. If you want to accept *:*
Since the default exit policy uses accept/reject *, it applies to both - IPv4 and IPv6 addresses.\ -""" + IPv4 and IPv6 addresses. +""".strip()
class TestManual(unittest.TestCase): @@ -203,7 +203,7 @@ class TestManual(unittest.TestCase): assert_equal('signals', EXPECTED_SIGNALS, set(manual.signals.keys())) assert_equal('sighup description', 'Tor will catch this, clean up and sync to disk if necessary, and exit.', manual.signals['SIGTERM'])
- assert_equal('number of files', 31, len(manual.files)) + assert_equal('number of files', 44, len(manual.files)) assert_equal('lib path description', 'The tor process stores keys and other data here.', manual.files['@LOCALSTATEDIR@/lib/tor/'])
for category in Category: @@ -218,7 +218,7 @@ class TestManual(unittest.TestCase): option = manual.config_options['BandwidthRate'] self.assertEqual(Category.GENERAL, option.category) self.assertEqual('BandwidthRate', option.name) - self.assertEqual('N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits', option.usage) + self.assertEqual('N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits', option.usage) self.assertEqual('Average bandwidth usage limit', option.summary) self.assertEqual(EXPECTED_BANDWIDTH_RATE_DESCRIPTION, option.description)