[tor-commits] [stem/master] Adding the NoEdConsensus flag

atagar at torproject.org atagar at torproject.org
Fri Mar 25 16:22:51 UTC 2016 

commit 50f94029003cee86fe42a8eea4ede3b1792a01f4
Author: Damian Johnson <atagar at torproject.org>
Date:   Fri Mar 25 09:21:35 2016 -0700

    Adding the NoEdConsensus flag
    
    Dirspec recently got a new flag. Reflecting that.
---
 docs/change_log.rst        |  1 +
 stem/__init__.py           | 39 ++++++++++++++++++++++-----------------
 stem/cached_tor_manual.cfg | 13 ++++++++-----
 3 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/docs/change_log.rst b/docs/change_log.rst
index a414835..76143bb 100644
--- a/docs/change_log.rst
+++ b/docs/change_log.rst
@@ -52,6 +52,7 @@ The following are only available within Stem's `git repository
   * Added :func:`~stem.control.Controller.is_set` to the :class:`~stem.control.Controller`
   * Added :func:`~stem.control.Controller.is_user_traffic_allowed` to the :class:`~stem.control.Controller`
   * Added the replica attribute to the :class:`~stem.response.events.HSDescEvent` (:spec:`4989e73`)
+  * Added the NoEdConsensus :data:`~stem.Flag` (:spec:`dc99160`)
   * :func:`~stem.process.launch_tor` could leave a lingering process during an unexpected exception (:trac:`17946`)
   * IPv6 addresses could trigger errors in :func:`~stem.control.Controller.get_listeners`, :class:`~stem.response.events.ORConnEvent`, and quite a few other things (:trac:`16174`)
   * Don't obscure stacktraces, most notably :class:`~stem.control.Controller` getter methods with default values
diff --git a/stem/__init__.py b/stem/__init__.py
index 20ad843..1f61075 100644
--- a/stem/__init__.py
+++ b/stem/__init__.py
@@ -60,23 +60,27 @@ Library for working with the tor process.
 
   **Note:** The BADDIRECTORY flag was `removed from tor <https://gitweb.torproject.org/torspec.git/commit/dir-spec.txt?id=2f012f1>`_.
 
-  ================= ===========
-  Flag              Description
-  ================= ===========
-  **AUTHORITY**     relay is a directory authority
-  **BADEXIT**       relay shouldn't be used as an exit due to being either problematic or malicious (`wiki <https://trac.torproject.org/projects/tor/wiki/doc/badRelays>`_)
-  **BADDIRECTORY**  relay shouldn't be used for directory information
-  **EXIT**          relay's exit policy makes it more useful as an exit rather than middle hop
-  **FAST**          relay's suitable for high-bandwidth circuits
-  **GUARD**         relay's suitable for being an entry guard (first hop)
-  **HSDIR**         relay is being used as a v2 hidden service directory
-  **NAMED**         relay can be referred to by its nickname
-  **RUNNING**       relay is currently usable
-  **STABLE**        relay's suitable for long-lived circuits
-  **UNNAMED**       relay isn't currently bound to a nickname
-  **V2DIR**         relay supports the v2 directory protocol
-  **VALID**         relay has been validated
-  ================= ===========
+  .. versionchanged:: 1.5.0
+     Added the NO_ED_CONSENSUS flag.
+
+  =================== ===========
+  Flag                Description
+  =================== ===========
+  **AUTHORITY**       relay is a directory authority
+  **BADEXIT**         relay shouldn't be used as an exit due to being either problematic or malicious
+  **BADDIRECTORY**    relay shouldn't be used for directory information
+  **EXIT**            relay's exit policy makes it more useful as an exit rather than middle hop
+  **FAST**            relay's suitable for high-bandwidth circuits
+  **GUARD**           relay's suitable for being an entry guard (first hop)
+  **HSDIR**           relay is being used as a v2 hidden service directory
+  **NAMED**           relay can be referred to by its nickname
+  **NO_ED_CONSENSUS** relay's Ed25519 doesn't reflrect the consensus
+  **RUNNING**         relay is currently usable
+  **STABLE**          relay's suitable for long-lived circuits
+  **UNNAMED**         relay isn't currently bound to a nickname
+  **V2DIR**           relay supports the v2 directory protocol
+  **VALID**           relay has been validated
+  =================== ===========
 
 .. data:: CircStatus (enum)
 
@@ -630,6 +634,7 @@ Flag = stem.util.enum.Enum(
   ('GUARD', 'Guard'),
   ('HSDIR', 'HSDir'),
   ('NAMED', 'Named'),
+  ('NO_ED_CONSENSUS', 'NoEdConsensus'),
   ('RUNNING', 'Running'),
   ('STABLE', 'Stable'),
   ('UNNAMED', 'Unnamed'),
diff --git a/stem/cached_tor_manual.cfg b/stem/cached_tor_manual.cfg
index e57167c..835024c 100644
--- a/stem/cached_tor_manual.cfg
+++ b/stem/cached_tor_manual.cfg
@@ -6,8 +6,8 @@ description
 |Basically, Tor provides a distributed network of servers or relays ("onion routers"). Users bounce their TCP streams -- web traffic, ftp, ssh, etc. -- around the network, and recipients, observers, and even the relays themselves have difficulty tracking the source of the stream.
 |
 |By default, tor will only act as a client only. To help the network by providing bandwidth as a relay, change the ORPort configuration option -- see below. Please also consult the documentation on the Tor Project's website.
-man_commit af88e8f23742c810f478410fba60c43812dde85d
-stem_commit 7fceffac0f988670f4fd6b5eb061b2ebeee9e560
+man_commit 424af93ded7e1d9d98733ed17b2b6fee143262b9
+stem_commit 7f4fcf8f6da3941e84376ee67747135e7f34462b
 commandline_options -f FILE => Specify a new configuration file to contain further Tor configuration options OR pass - to make Tor read its configuration from standard input. (Default: @CONFDIR@/torrc, or $HOME/.torrc if that file is not found)
 commandline_options --ignore-missing-torrc => Specifies that Tor should treat a missing torrc file as though it were empty. Ordinarily, Tor does this for missing default torrc files, but not for those specified on the command line.
 commandline_options --list-fingerprint => Generate your keys and output your nickname and fingerprint.
@@ -79,7 +79,7 @@ config_options.Bridge.summary Available bridges
 config_options.Bridge.description 
 |When set along with UseBridges, instructs Tor to use the relay at "IP:ORPort" as a "bridge" relaying into the Tor network. If "fingerprint" is provided (using the same format as for DirAuthority), we will verify that the relay running at that location has the right fingerprint. We also use fingerprint to look up the bridge descriptor at the bridge authority, if it's provided and if UpdateBridgesFromAuthority is set too.
 |
-|If "transport" is provided, and matches to a ClientTransportPlugin line, we use that pluggable transports proxy to transfer data to the bridge.
+|If "transport" is provided, it must match a ClientTransportPlugin line. We then use that pluggable transport's proxy to transfer data to the bridge, rather than connecting to the bridge directly. Some transports use a transport-specific method to work out the remote address to connect to. These transports typically ignore the "IP:ORPort" specified in the bridge line.
 config_options.LearnCircuitBuildTimeout.category Client
 config_options.LearnCircuitBuildTimeout.name LearnCircuitBuildTimeout
 config_options.LearnCircuitBuildTimeout.usage 0|1
@@ -110,7 +110,7 @@ config_options.ExcludeNodes.name ExcludeNodes
 config_options.ExcludeNodes.usage node,node,...
 config_options.ExcludeNodes.summary Relays or locales never to be used in circuits
 config_options.ExcludeNodes.description 
-|A list of identity fingerprints, country codes, and address patterns of nodes to avoid when building a circuit. Country codes must be wrapped in braces; fingerprints may be preceded by a dollar sign. (Example: ExcludeNodes ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, {cc}, 255.254.0.0/8)
+|A list of identity fingerprints, country codes, and address patterns of nodes to avoid when building a circuit. Country codes are 2-letter ISA3166 codes, and must be wrapped in braces; fingerprints may be preceded by a dollar sign. (Example: ExcludeNodes ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, {cc}, 255.254.0.0/8)
 |
 |By default, this option is treated as a preference that Tor is allowed to override in order to keep working. For example, if you try to connect to a hidden service, but you have excluded all of the hidden service's introduction points, Tor will connect to one of them anyway. If you do not want this behavior, set the StrictNodes option (documented below).
 |
@@ -810,6 +810,9 @@ config_options.ControlPort.description
 |
 |WorldWritable
 |    Unix domain sockets only: makes the socket get created as world-writable.
+|
+|RelaxDirModeCheck
+|    Unix domain sockets only: Do not insist that the directory that holds the socket be read-restricted.
 config_options.ControlListenAddress.category General
 config_options.ControlListenAddress.name ControlListenAddress
 config_options.ControlListenAddress.usage IP[:PORT]
@@ -1396,7 +1399,7 @@ config_options.ExtendAllowPrivateAddresses.category Relay
 config_options.ExtendAllowPrivateAddresses.name ExtendAllowPrivateAddresses
 config_options.ExtendAllowPrivateAddresses.usage 0|1
 config_options.ExtendAllowPrivateAddresses.summary Allow circuits to be extended to the local network
-config_options.ExtendAllowPrivateAddresses.description When this option is enabled, Tor will connect to localhost, RFC1918 addresses, and so on. In particular, Tor will make direct connections, and Tor routers allow EXTEND requests, to these private addresses. This can create security issues; you should probably leave it off. (Default: 0)
+config_options.ExtendAllowPrivateAddresses.description When this option is enabled, Tor will connect to relays on localhost, RFC1918 addresses, and so on. In particular, Tor will make direct OR connections, and Tor routers allow EXTEND requests, to these private addresses. (Tor will always allow connections to bridges, proxies, and pluggable transports configured on private addresses.) Enabling this option can create security issues; you should probably leave it off. (Default: 0)
 config_options.MaxMemInQueues.category Relay
 config_options.MaxMemInQueues.name MaxMemInQueues
 config_options.MaxMemInQueues.usage N bytes|KB|MB|GB

More information about the tor-commits mailing list