[tor-commits] [stem/master] Sync manual information

atagar at torproject.org atagar at torproject.org
Wed Nov 2 17:48:36 UTC 2016 

commit 275def62a430b4520d02118c190bb208854f8cd3
Author: Damian Johnson <atagar at torproject.org>
Date:   Mon Oct 31 19:42:42 2016 -0700

    Sync manual information
    
    Just a few small tor changes since we last synced.
---
 stem/cached_tor_manual.cfg | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/stem/cached_tor_manual.cfg b/stem/cached_tor_manual.cfg
index 0b8eea9..5b02091 100644
--- a/stem/cached_tor_manual.cfg
+++ b/stem/cached_tor_manual.cfg
@@ -6,8 +6,8 @@ description
 |Basically, Tor provides a distributed network of servers or relays ("onion routers"). Users bounce their TCP streams -- web traffic, ftp, ssh, etc. -- around the network, and recipients, observers, and even the relays themselves have difficulty tracking the source of the stream.
 |
 |By default, tor will act as a client only. To help the network by providing bandwidth as a relay, change the ORPort configuration option -- see below. Please also consult the documentation on the Tor Project's website.
-man_commit 9f0cb5af1559d4dab0a49017bdd5f37b0af588f8
-stem_commit 3d0e999f8073bed67d84bb863560078e923a8b57
+man_commit 59247314d511022d9d2ec6b3b7c6d6263e72f44c
+stem_commit a30ef3e8398a160566e818f18fdcffe45a8762e6
 commandline_options -f FILE => Specify a new configuration file to contain further Tor configuration options OR pass - to make Tor read its configuration from standard input. (Default: @CONFDIR@/torrc, or $HOME/.torrc if that file is not found)
 commandline_options --ignore-missing-torrc => Specifies that Tor should treat a missing torrc file as though it were empty. Ordinarily, Tor does this for missing default torrc files, but not for those specified on the command line.
 commandline_options --list-deprecated-options => List all valid options that are scheduled to become obsolete in a future version. (This is a warning, not a promise.)
@@ -270,14 +270,14 @@ config_options.SocksPort.name SocksPort
 config_options.SocksPort.usage [address:]port|unix:path|auto [flags] [isolation flags]
 config_options.SocksPort.summary Port for using tor as a Socks proxy
 config_options.SocksPort.description 
-|Open this port to listen for connections from SOCKS-speaking applications. Set this to 0 if you don't want to allow application connections via SOCKS. Set it to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. (Default: 9050)
+|Open this port to listen for connections from SOCKS-speaking applications. Set this to 0 if you don't want to allow application connections via SOCKS. Set it to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. If a unix domain socket is used, you may quote the path using standard C escape sequences. (Default: 9050)
 |
 |NOTE: Although this option allows you to specify an IP address other than localhost, you should do so only with extreme caution. The SOCKS protocol is unencrypted and (as we use it) unauthenticated, so exposing it in this way could leak your information to anybody watching your network, and allow anybody to use your computer as an open proxy.
 |
 |The isolation flags arguments give Tor rules for which streams received on this SocksPort are allowed to share circuits with one another. Recognized isolation flags are:
 |
 |IsolateClientAddr
-|    Don't share circuits with streams from a different client address. (On by default and strongly recommended; you can disable it with NoIsolateClientAddr.)
+|    Don't share circuits with streams from a different client address. (On by default and strongly recommended when supported; you can disable it with NoIsolateClientAddr. Unsupported and force-disabled when using Unix domain sockets.)
 |
 |IsolateSOCKSAuth
 |    Don't share circuits with streams for which different SOCKS authentication was provided. (On by default; you can disable it with NoIsolateSOCKSAuth.)
@@ -452,7 +452,9 @@ config_options.VirtualAddrNetworkIPv6.summary IPv6 address range to use when nee
 config_options.VirtualAddrNetworkIPv6.description 
 |When Tor needs to assign a virtual (unused) address because of a MAPADDRESS command from the controller or the AutomapHostsOnResolve feature, Tor picks an unassigned address from this range. (Defaults: 127.192.0.0/10 and [FE80::]/10 respectively.)
 |
-|When providing proxy server service to a network of computers using a tool like dns-proxy-tor, change the IPv4 network to "10.192.0.0/10" or "172.16.0.0/12" and change the IPv6 network to "[FC00::]/7". The default VirtualAddrNetwork address ranges on a properly configured machine will route to the loopback or link-local interface. For local use, no change to the default VirtualAddrNetwork setting is needed.
+|When providing proxy server service to a network of computers using a tool like dns-proxy-tor, change the IPv4 network to "10.192.0.0/10" or "172.16.0.0/12" and change the IPv6 network to "[FC00::]/7". The default VirtualAddrNetwork address ranges on a properly configured machine will route to the loopback or link-local interface. The maximum number of bits for the network prefix is set to 104 for IPv6 and 16 for IPv4. However, a wider network - smaller prefix length
+|
+|o   is preferable since it reduces the chances for an attacker to guess the used IP. For local use, no change to the default VirtualAddrNetwork setting is needed.
 config_options.AllowNonRFC953Hostnames.category Client
 config_options.AllowNonRFC953Hostnames.name AllowNonRFC953Hostnames
 config_options.AllowNonRFC953Hostnames.usage 0|1
@@ -676,7 +678,7 @@ config_options.PathsNeededToBuildCircuits.category Client
 config_options.PathsNeededToBuildCircuits.name PathsNeededToBuildCircuits
 config_options.PathsNeededToBuildCircuits.usage NUM
 config_options.PathsNeededToBuildCircuits.summary Portion of relays to require information for before making circuits
-config_options.PathsNeededToBuildCircuits.description Tor clients don't build circuits for user traffic until they know about enough of the network so that they could potentially construct enough of the possible paths through the network. If this option is set to a fraction between 0.25 and 0.95, Tor won't build circuits until it has enough descriptors or microdescriptors to construct that fraction of possible paths. Note that setting this option too low can make your Tor client less anonymous, and setting it too high can prevent your Tor client from bootstrapping. If this option is negative, Tor will use a default value chosen by the directory authorities. (Default: -1.)
+config_options.PathsNeededToBuildCircuits.description Tor clients don't build circuits for user traffic until they know about enough of the network so that they could potentially construct enough of the possible paths through the network. If this option is set to a fraction between 0.25 and 0.95, Tor won't build circuits until it has enough descriptors or microdescriptors to construct that fraction of possible paths. Note that setting this option too low can make your Tor client less anonymous, and setting it too high can prevent your Tor client from bootstrapping. If this option is negative, Tor will use a default value chosen by the directory authorities. If the directory authorities do not choose a value, Tor will default to 0.6. (Default: -1.)
 config_options.ClientBootstrapConsensusAuthorityDownloadSchedule.category Client
 config_options.ClientBootstrapConsensusAuthorityDownloadSchedule.name ClientBootstrapConsensusAuthorityDownloadSchedule
 config_options.ClientBootstrapConsensusAuthorityDownloadSchedule.usage N,N,...
@@ -853,7 +855,7 @@ config_options.ControlPort.name ControlPort
 config_options.ControlPort.usage PORT|unix:path|auto [flags]
 config_options.ControlPort.summary Port providing access to tor controllers (nyx, vidalia, etc)
 config_options.ControlPort.description 
-|If set, Tor will accept connections on this port and allow those connections to control the Tor process using the Tor Control Protocol (described in control-spec.txt in torspec). Note: unless you also specify one or more of HashedControlPassword or CookieAuthentication, setting this option will cause Tor to allow any process on the local host to control it. (Setting both authentication methods means either method is sufficient to authenticate to Tor.) This option is required for many Tor controllers; most use the value of 9051. Set it to "auto" to have Tor pick a port for you. (Default: 0)
+|If set, Tor will accept connections on this port and allow those connections to control the Tor process using the Tor Control Protocol (described in control-spec.txt in torspec). Note: unless you also specify one or more of HashedControlPassword or CookieAuthentication, setting this option will cause Tor to allow any process on the local host to control it. (Setting both authentication methods means either method is sufficient to authenticate to Tor.) This option is required for many Tor controllers; most use the value of 9051. If a unix domain socket is used, you may quote the path using standard C escape sequences. Set it to "auto" to have Tor pick a port for you. (Default: 0)
 |
 |Recognized flags are...
 |
@@ -1476,7 +1478,7 @@ config_options.HiddenServicePort.category Hidden Service
 config_options.HiddenServicePort.name HiddenServicePort
 config_options.HiddenServicePort.usage VIRTPORT [TARGET]
 config_options.HiddenServicePort.summary Port the hidden service is provided on
-config_options.HiddenServicePort.description Configure a virtual port VIRTPORT for a hidden service. You may use this option multiple times; each time applies to the service using the most recent HiddenServiceDir. By default, this option maps the virtual port to the same port on 127.0.0.1 over TCP. You may override the target port, address, or both by specifying a target of addr, port, addr:port, or unix:path. (You can specify an IPv6 target as [addr]:port.) You may also have multiple lines with the same VIRTPORT: when a user connects to that VIRTPORT, one of the TARGETs from those lines will be chosen at random.
+config_options.HiddenServicePort.description Configure a virtual port VIRTPORT for a hidden service. You may use this option multiple times; each time applies to the service using the most recent HiddenServiceDir. By default, this option maps the virtual port to the same port on 127.0.0.1 over TCP. You may override the target port, address, or both by specifying a target of addr, port, addr:port, or unix:path. (You can specify an IPv6 target as [addr]:port. Unix paths may be quoted, and may use standard C escapes.) You may also have multiple lines with the same VIRTPORT: when a user connects to that VIRTPORT, one of the TARGETs from those lines will be chosen at random.
 config_options.PublishHidServDescriptors.category Hidden Service
 config_options.PublishHidServDescriptors.name PublishHidServDescriptors
 config_options.PublishHidServDescriptors.usage 0|1
@@ -1890,7 +1892,7 @@ config_options.AuthDirGuardBWGuarantee.category Authority
 config_options.AuthDirGuardBWGuarantee.name AuthDirGuardBWGuarantee
 config_options.AuthDirGuardBWGuarantee.usage N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits
 config_options.AuthDirGuardBWGuarantee.summary Advertised rate necessary to be a guard
-config_options.AuthDirGuardBWGuarantee.description Authoritative directories only. If non-zero, this advertised capacity or more is always sufficient to satisfy the bandwidth requirement for the Guard flag. (Default: 250 KBytes)
+config_options.AuthDirGuardBWGuarantee.description Authoritative directories only. If non-zero, this advertised capacity or more is always sufficient to satisfy the bandwidth requirement for the Guard flag. (Default: 2 MBytes)
 config_options.AuthDirPinKeys.category Authority
 config_options.AuthDirPinKeys.name AuthDirPinKeys
 config_options.AuthDirPinKeys.usage 0|1

More information about the tor-commits mailing list