On 3 Feb 2017, at 16:16, anondroid tor@anondroid.com wrote:
I was wondering what the minimum exit policy was (wrt port 80 and 443) for a Tor exit relay.
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2294
"A router is called an 'Exit' iff it allows exits to at least two of the ports 80, 443, and 6667 and allows exits to at least one /8 address space."
With the introduction of microdescriptors, exits that reject more than 2 IPv4 /8s are considered not to exit to "most addresses". So they are given port summaries that say they reject all ports, and clients won't use them.
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2110
For IPv6, Exits summarise their own ports in descriptors, and this is copied into their microdescriptor: * in master, Exits that reject more than an IPv6 /16 claim they reject all ports, * in all released versions of tor, Exits that reject any IPv6 address mistakenly say they reject all ports. This happens by default for IPv6 Exits with an ORPort on 0.2.8 and later.
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n565 https://trac.torproject.org/projects/tor/ticket/21357
As an aside, I just noticed there's a typo in the spec there at line 2294 -- it reads"iff" instead of "if".
"iif" is shorthand for "if and only if".
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------