[tor-commits] [stem/master] Update cache contents

[atagar at torproject.org]

commit cf6df8bb8dac1793ba9ad4a2f8326f97a315857a
Author: Damian Johnson <atagar at torproject.org>
Date:   Sun May 14 12:16:52 2017 -0700

    Update cache contents
    
    Trying to get our ONLINE target to pass so we can add a new integ test for
    consensus signing. Tests check that the manual and fallback contents are up to
    date so appeasing that.
    
    Turns out fallback caching was still broken because orport_v6 is a tuple, not a
    single value...
    
      Traceback (most recent call last):
        File "./cache_fallback_directories.py", line 51, in <module>
          print(stem.descriptor.remote._fallback_directory_differences(cached_fallback_directories, latest_fallback_directories))
        File "/home/atagar/Desktop/stem/stem/descriptor/remote.py", line 1109, in _fallback_directory_differences
          '  orport_v6: %s' % (directory.orport_v6 if directory.orport_v6 else '[none]'),
      TypeError: not all arguments converted during string formatting
    
    This target doesn't pass yet...
    
      ======================================================================
      FAIL: test_has_all_tor_config_options
      ----------------------------------------------------------------------
      Traceback (most recent call last):
        File "/home/atagar/Desktop/stem/test/integ/manual.py", line 284, in test_has_all_tor_config_options
          self.fail("The %s config options in our man page aren't presently supported by tor. Are we using the latest git commit of tor? If so, maybe we need to remove them?" % ', '.join(extra_in_manual))
      AssertionError: The PredictedPortsRelevanceTime, CircuitIdleTimeout config options in our man page aren't presently supported by tor. Are we using the latest git commit of tor? If so, maybe we need to remove them?
    
    ... but think this last bit is a tweak we need to make in the tor manual...
    
      https://trac.torproject.org/projects/tor/ticket/22257
---
 stem/cached_tor_manual.cfg               | 281 +++++++---------
 stem/descriptor/fallback_directories.cfg | 530 +++++++++++++++++++++++++------
 stem/descriptor/remote.py                |   3 +-
 stem/manual.py                           |   2 +-
 stem/settings.cfg                        |  26 +-
 test/integ/manual.py                     |  14 +-
 test/unit/manual.py                      |  14 -
 test/unit/tor_man_example                |  10 -
 8 files changed, 566 insertions(+), 314 deletions(-)

diff --git a/stem/cached_tor_manual.cfg b/stem/cached_tor_manual.cfg
index 81fffb8..e45986b 100644
--- a/stem/cached_tor_manual.cfg
+++ b/stem/cached_tor_manual.cfg
@@ -6,8 +6,8 @@ description
 |Basically, Tor provides a distributed network of servers or relays ("onion routers"). Users bounce their TCP streams -- web traffic, ftp, ssh, etc. -- around the network, and recipients, observers, and even the relays themselves have difficulty tracking the source of the stream.
 |
 |By default, tor will act as a client only. To help the network by providing bandwidth as a relay, change the ORPort configuration option -- see below. Please also consult the documentation on the Tor Project's website.
-man_commit 9a790f7325049fdb3b48e86879cd05373cbcd1e3
-stem_commit d854d25405b642f7dbc3ddb98ffd3524f03da40c
+man_commit 18e59fdc1cfa4757c8b440a344b11bd521143a00
+stem_commit fb0812b2383178055f6343a8e8422c295376a374
 commandline_options -f FILE => Specify a new configuration file to contain further Tor configuration options OR pass - to make Tor read its configuration from standard input. (Default: @CONFDIR@/torrc, or $HOME/.torrc if that file is not found)
 commandline_options --ignore-missing-torrc => Specifies that Tor should treat a missing torrc file as though it were empty. Ordinarily, Tor does this for missing default torrc files, but not for those specified on the command line.
 commandline_options --list-deprecated-options => List all valid options that are scheduled to become obsolete in a future version. (This is a warning, not a promise.)
@@ -77,16 +77,6 @@ files DataDirectory/stats/conn-stats => Only used by servers. This file is used
 files DataDirectory/keys/authority_certificate => A v3 directory authority's certificate, which authenticates the authority's current vote- and consensus-signing key using its master identity key. Only directory authorities use this file.
 files DataDirectory/keys/authority_signing_key => A v3 directory authority's signing key, used to sign votes and consensuses. Only directory authorities use this file. Corresponds to the authority_certificate cert.
 files DataDirectory/control_auth_cookie => Used for cookie authentication with the controller. Location can be overridden by the CookieAuthFile config option. Regenerated on startup. See control-spec.txt in torspec for details. Only used when cookie authentication is enabled.
-config_options.AllowInvalidNodes.category Client
-config_options.AllowInvalidNodes.name AllowInvalidNodes
-config_options.AllowInvalidNodes.usage entry|exit|middle|introduction|rendezvous|...
-config_options.AllowInvalidNodes.summary Permits use of relays flagged as invalid by authorities
-config_options.AllowInvalidNodes.description If some Tor servers are obviously not working right, the directory authorities can manually mark them as invalid, meaning that it's not recommended you use them for entry or exit positions in your circuits. You can opt to use them in some circuit positions, though. The default is "middle,rendezvous", and other choices are not advised.
-config_options.ExcludeSingleHopRelays.category Client
-config_options.ExcludeSingleHopRelays.name ExcludeSingleHopRelays
-config_options.ExcludeSingleHopRelays.usage 0|1
-config_options.ExcludeSingleHopRelays.summary Permits use of relays that allow single hop connections
-config_options.ExcludeSingleHopRelays.description This option controls whether circuits built by Tor will include relays with the AllowSingleHopExits flag set to true. If ExcludeSingleHopRelays is set to 0, these relays will be included. Note that these relays might be at higher risk of being seized or observed, so they are not normally included. Also note that relatively few clients turn off this option, so using these relays might make your client stand out. (Default: 1)
 config_options.Bridge.category Client
 config_options.Bridge.name Bridge
 config_options.Bridge.usage [transport] IP:ORPort [fingerprint]
@@ -95,6 +85,8 @@ config_options.Bridge.description
 |When set along with UseBridges, instructs Tor to use the relay at "IP:ORPort" as a "bridge" relaying into the Tor network. If "fingerprint" is provided (using the same format as for DirAuthority), we will verify that the relay running at that location has the right fingerprint. We also use fingerprint to look up the bridge descriptor at the bridge authority, if it's provided and if UpdateBridgesFromAuthority is set too.
 |
 |If "transport" is provided, it must match a ClientTransportPlugin line. We then use that pluggable transport's proxy to transfer data to the bridge, rather than connecting to the bridge directly. Some transports use a transport-specific method to work out the remote address to connect to. These transports typically ignore the "IP:ORPort" specified in the bridge line.
+|
+|Tor passes any "key=val" settings to the pluggable transport proxy as per-connection arguments when connecting to the bridge. Consult the documentation of the pluggable transport for details of what arguments it supports.
 config_options.LearnCircuitBuildTimeout.category Client
 config_options.LearnCircuitBuildTimeout.name LearnCircuitBuildTimeout
 config_options.LearnCircuitBuildTimeout.usage 0|1
@@ -105,11 +97,16 @@ config_options.CircuitBuildTimeout.name CircuitBuildTimeout
 config_options.CircuitBuildTimeout.usage NUM
 config_options.CircuitBuildTimeout.summary Initial timeout for circuit creation
 config_options.CircuitBuildTimeout.description Try for at most NUM seconds when building circuits. If the circuit isn't open in that time, give up on it. If LearnCircuitBuildTimeout is 1, this value serves as the initial value to use before a timeout is learned. If LearnCircuitBuildTimeout is 0, this value is the only value used. (Default: 60 seconds)
+config_options.CircuitsAvailableTimeout.category Client
+config_options.CircuitsAvailableTimeout.name CircuitsAvailableTimeout
+config_options.CircuitsAvailableTimeout.usage NUM
+config_options.CircuitsAvailableTimeout.summary Time to keep circuits open and unused for
+config_options.CircuitsAvailableTimeout.description Tor will attempt to keep at least one open, unused circuit available for this amount of time. This option governs how long idle circuits are kept open, as well as the amount of time Tor will keep a circuit open to each of the recently used ports. This way when the Tor client is entirely idle, it can expire all of its circuits, and then expire its TLS connections. Note that the actual timeout value is uniformly randomized from the specified value to twice that amount. (Default: 30 minutes; Max: 24 hours)
 config_options.CircuitIdleTimeout.category Client
 config_options.CircuitIdleTimeout.name CircuitIdleTimeout
 config_options.CircuitIdleTimeout.usage NUM
 config_options.CircuitIdleTimeout.summary Timeout for closing circuits that have never been used
-config_options.CircuitIdleTimeout.description If we have kept a clean (never used) circuit around for NUM seconds, then close it. This way when the Tor client is entirely idle, it can expire all of its circuits, and then expire its TLS connections. Also, if we end up making a circuit that is not useful for exiting any of the requests we're receiving, it won't forever take up a slot in the circuit list. (Default: 1 hour)
+config_options.CircuitIdleTimeout.description If we have kept a clean (never used) circuit around for NUM seconds, then close it. This option is deprecated. Use CircuitsAvailableTimeout instead.
 config_options.CircuitStreamTimeout.category Client
 config_options.CircuitStreamTimeout.name CircuitStreamTimeout
 config_options.CircuitStreamTimeout.usage NUM
@@ -120,6 +117,16 @@ config_options.ClientOnly.name ClientOnly
 config_options.ClientOnly.usage 0|1
 config_options.ClientOnly.summary Ensures that we aren't used as a relay or directory mirror
 config_options.ClientOnly.description If set to 1, Tor will not run as a relay or serve directory requests, even if the ORPort, ExtORPort, or DirPort options are set. (This config option is mostly unnecessary: we added it back when we were considering having Tor clients auto-promote themselves to being relays if they were stable and fast enough. The current behavior is simply that Tor is a client unless ORPort, ExtORPort, or DirPort are configured.) (Default: 0)
+config_options.ConnectionPadding.category Client
+config_options.ConnectionPadding.name ConnectionPadding
+config_options.ConnectionPadding.usage 0|1|auto
+config_options.ConnectionPadding.summary Pad traffic to help prevent correlation attacks
+config_options.ConnectionPadding.description This option governs Tor's use of padding to defend against some forms of traffic analysis. If it is set to auto, Tor will send padding only if both the client and the relay support it. If it is set to 0, Tor will not send any padding cells. If it is set to 1, Tor will still send padding for client connections regardless of relay support. Only clients may set this option. This option should be offered via the UI to mobile users for use where bandwidth may be expensive. (Default: auto)
+config_options.ReducedConnectionPadding.category Client
+config_options.ReducedConnectionPadding.name ReducedConnectionPadding
+config_options.ReducedConnectionPadding.usage 0|1
+config_options.ReducedConnectionPadding.summary Reduce padding and increase circuit cycling for low bandidth connections
+config_options.ReducedConnectionPadding.description If set to 1, Tor will not not hold OR connections open for very long, and will send less padding on these connections. Only clients may set this option. This option should be offered via the UI to mobile users for use where bandwidth may be expensive. (Default: 0)
 config_options.ExcludeNodes.category Client
 config_options.ExcludeNodes.name ExcludeNodes
 config_options.ExcludeNodes.usage node,node,...
@@ -168,7 +175,7 @@ config_options.StrictNodes.category Client
 config_options.StrictNodes.name StrictNodes
 config_options.StrictNodes.usage 0|1
 config_options.StrictNodes.summary Never uses notes outside of Entry/ExitNodes
-config_options.StrictNodes.description If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as a requirement to follow for all the circuits you generate, even if doing so will break functionality for you. If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list, but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded node when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfill a .exit request, upload directory information, or download directory information. (Default: 0)
+config_options.StrictNodes.description If StrictNodes is set to 1, Tor will treat solely the ExcludeNodes option as a requirement to follow for all the circuits you generate, even if doing so will break functionality for you (StrictNodes applies to neither ExcludeExitNodes nor to ExitNodes). If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list, but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded node when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfill a .exit request, upload directory information, or download directory information. (Default: 0)
 config_options.FascistFirewall.category Client
 config_options.FascistFirewall.name FascistFirewall
 config_options.FascistFirewall.usage 0|1
@@ -202,16 +209,6 @@ config_options.HidServAuth.name HidServAuth
 config_options.HidServAuth.usage onion-address auth-cookie [service-name]
 config_options.HidServAuth.summary Authentication credentials for connecting to a hidden service
 config_options.HidServAuth.description Client authorization for a hidden service. Valid onion addresses contain 16 characters in a-z2-7 plus ".onion", and valid auth cookies contain 22 characters in A-Za-z0-9+/. The service name is only used for internal purposes, e.g., for Tor controllers. This option may be used multiple times for different hidden services. If a hidden service uses authorization and this option is not set, the hidden service is not accessible. Hidden services can be configured to require authorization using the HiddenServiceAuthorizeClient option.
-config_options.CloseHSClientCircuitsImmediatelyOnTimeout.category Client
-config_options.CloseHSClientCircuitsImmediatelyOnTimeout.name CloseHSClientCircuitsImmediatelyOnTimeout
-config_options.CloseHSClientCircuitsImmediatelyOnTimeout.usage 0|1
-config_options.CloseHSClientCircuitsImmediatelyOnTimeout.summary Close hidden service circuits that timeout
-config_options.CloseHSClientCircuitsImmediatelyOnTimeout.description If 1, Tor will close unfinished hidden service client circuits which have not moved closer to connecting to their destination hidden service when their internal state has not changed for the duration of the current circuit-build timeout. Otherwise, such circuits will be left open, in the hope that they will finish connecting to their destination hidden services. In either case, another set of introduction and rendezvous circuits for the same destination hidden service will be launched. (Default: 0)
-config_options.CloseHSServiceRendCircuitsImmediatelyOnTimeout.category Client
-config_options.CloseHSServiceRendCircuitsImmediatelyOnTimeout.name CloseHSServiceRendCircuitsImmediatelyOnTimeout
-config_options.CloseHSServiceRendCircuitsImmediatelyOnTimeout.usage 0|1
-config_options.CloseHSServiceRendCircuitsImmediatelyOnTimeout.summary Close hidden service rendezvous circuits that timeout
-config_options.CloseHSServiceRendCircuitsImmediatelyOnTimeout.description If 1, Tor will close unfinished hidden-service-side rendezvous circuits after the current circuit-build timeout. Otherwise, such circuits will be left open, in the hope that they will finish connecting to their destinations. In either case, another rendezvous circuit for the same destination client will be launched. (Default: 0)
 config_options.LongLivedPorts.category Client
 config_options.LongLivedPorts.name LongLivedPorts
 config_options.LongLivedPorts.usage PORTS
@@ -250,7 +247,7 @@ config_options.MaxCircuitDirtiness.category Client
 config_options.MaxCircuitDirtiness.name MaxCircuitDirtiness
 config_options.MaxCircuitDirtiness.usage NUM
 config_options.MaxCircuitDirtiness.summary Duration for reusing constructed circuits
-config_options.MaxCircuitDirtiness.description Feel free to reuse a circuit that was first used at most NUM seconds ago, but never attach a new stream to a circuit that is too old. For hidden services, this applies to the last time a circuit was used, not the first. Circuits with streams constructed with SOCKS authentication via SocksPorts that have KeepAliveIsolateSOCKSAuth ignore this value. (Default: 10 minutes)
+config_options.MaxCircuitDirtiness.description Feel free to reuse a circuit that was first used at most NUM seconds ago, but never attach a new stream to a circuit that is too old. For hidden services, this applies to the last time a circuit was used, not the first. Circuits with streams constructed with SOCKS authentication via SocksPorts that have KeepAliveIsolateSOCKSAuth also remain alive for MaxCircuitDirtiness seconds after carrying the last such stream. (Default: 10 minutes)
 config_options.MaxClientCircuitsPending.category Client
 config_options.MaxClientCircuitsPending.name MaxClientCircuitsPending
 config_options.MaxClientCircuitsPending.usage NUM
@@ -293,7 +290,7 @@ config_options.SocksPort.description
 |    Don't share circuits with streams targeting a different destination address.
 |
 |KeepAliveIsolateSOCKSAuth
-|    If IsolateSOCKSAuth is enabled, keep alive circuits that have streams with SOCKS authentication set indefinitely.
+|    If IsolateSOCKSAuth is enabled, keep alive circuits while they have at least one stream with SOCKS authentication active. After such a circuit is idle for more than MaxCircuitDirtiness seconds, it can be closed.
 |
 |SessionGroup=INT
 |    If no other isolation rules would prevent it, allow streams on this port to share circuits with streams from every other port with the same session group. (By default, streams received on different SocksPorts, TransPorts, etc are always isolated from one another. This option overrides that behavior.)
@@ -348,14 +345,7 @@ config_options.SocksPort.description
 |PreferSOCKSNoAuth
 |    Ordinarily, when an application offers both "username/password authentication" and "no authentication" to Tor via SOCKS5, Tor selects username/password authentication so that IsolateSOCKSAuth can work. This can confuse some applications, if they offer a username/password combination then get confused when asked for one. You can disable this behavior, so that Tor will select "No authentication" when IsolateSOCKSAuth is disabled, or when this option is set.
 |
-|        Flags are processed left to right. If flags conflict, the last flag on the
-|        line is used, and all earlier flags are ignored. No error is issued for
-|        conflicting flags.
-config_options.SocksListenAddress.category Client
-config_options.SocksListenAddress.name SocksListenAddress
-config_options.SocksListenAddress.usage IP[:PORT]
-config_options.SocksListenAddress.summary Address from which Socks connections can be made
-config_options.SocksListenAddress.description Bind to this address to listen for connections from Socks-speaking applications. (Default: 127.0.0.1) You can also specify a port (e.g. 192.168.0.1:9100). This directive can be specified multiple times to bind to multiple addresses/ports. (DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple SocksPort entries, and provide addresses for SocksPort entries, so SocksListenAddress no longer has a purpose. For backward compatibility, SocksListenAddress is only allowed when SocksPort is just a port number.)
+|Flags are processed left to right. If flags conflict, the last flag on the line is used, and all earlier flags are ignored. No error is issued for conflicting flags.
 config_options.SocksPolicy.category Client
 config_options.SocksPolicy.name SocksPolicy
 config_options.SocksPolicy.usage policy,policy,...
@@ -370,7 +360,7 @@ config_options.TokenBucketRefillInterval.category Client
 config_options.TokenBucketRefillInterval.name TokenBucketRefillInterval
 config_options.TokenBucketRefillInterval.usage NUM [msec|second]
 config_options.TokenBucketRefillInterval.summary Frequency at which exhausted connections are checked for new traffic
-config_options.TokenBucketRefillInterval.description Set the refill interval of Tor's token bucket to NUM milliseconds. NUM must be between 1 and 1000, inclusive. Note that the configured bandwidth limits are still expressed in bytes per second: this option only affects the frequency with which Tor checks to see whether previously exhausted connections may read again. (Default: 100 msec)
+config_options.TokenBucketRefillInterval.description Set the refill interval of Tor's token bucket to NUM milliseconds. NUM must be between 1 and 1000, inclusive. Note that the configured bandwidth limits are still expressed in bytes per second: this option only affects the frequency with which Tor checks to see whether previously exhausted connections may read again. Can not be changed while tor is running. (Default: 100 msec)
 config_options.TrackHostExits.category Client
 config_options.TrackHostExits.name TrackHostExits
 config_options.TrackHostExits.usage host,.domain,...
@@ -396,11 +386,6 @@ config_options.UseEntryGuards.name UseEntryGuards
 config_options.UseEntryGuards.usage 0|1
 config_options.UseEntryGuards.summary Use guard relays for first hop
 config_options.UseEntryGuards.description If this option is set to 1, we pick a few long-term entry servers, and try to stick with them. This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will observe a fraction of your paths. Entry Guards can not be used by Directory Authorities, Single Onion Services, and Tor2web clients. In these cases, the this option is ignored. (Default: 1)
-config_options.UseEntryGuardsAsDirGuards.category Client
-config_options.UseEntryGuardsAsDirGuards.name UseEntryGuardsAsDirGuards
-config_options.UseEntryGuardsAsDirGuards.usage 0|1
-config_options.UseEntryGuardsAsDirGuards.summary Retrieve descriptors via guards when able
-config_options.UseEntryGuardsAsDirGuards.description If this option is set to 1, and UseEntryGuards is also set to 1, we try to use our entry guards as directory guards, and failing that, pick more nodes to act as our directory guards. This helps prevent an adversary from enumerating clients. It's only available for clients (non-relay, non-bridge) that aren't configured to download any non-default directory material. It doesn't currently do anything when we lack a live consensus. (Default: 1)
 config_options.GuardfractionFile.category Client
 config_options.GuardfractionFile.name GuardfractionFile
 config_options.GuardfractionFile.usage FILENAME
@@ -415,12 +400,12 @@ config_options.NumEntryGuards.category Client
 config_options.NumEntryGuards.name NumEntryGuards
 config_options.NumEntryGuards.usage NUM
 config_options.NumEntryGuards.summary Pool size of guard relays we'll select from
-config_options.NumEntryGuards.description If UseEntryGuards is set to 1, we will try to pick a total of NUM routers as long-term entries for our circuits. If NUM is 0, we try to learn the number from the NumEntryGuards consensus parameter, and default to 3 if the consensus parameter isn't set. (Default: 0)
+config_options.NumEntryGuards.description If UseEntryGuards is set to 1, we will try to pick a total of NUM routers as long-term entries for our circuits. If NUM is 0, we try to learn the number from the guard-n-primary-guards-to-use consensus parameter, and default to 1 if the consensus parameter isn't set. (Default: 0)
 config_options.NumDirectoryGuards.category Client
 config_options.NumDirectoryGuards.name NumDirectoryGuards
 config_options.NumDirectoryGuards.usage NUM
 config_options.NumDirectoryGuards.summary Pool size of directory guards we'll select from
-config_options.NumDirectoryGuards.description If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we have at least NUM routers to use as directory guards. If this option is set to 0, use the value from the NumDirectoryGuards consensus parameter, falling back to the value from NumEntryGuards if the consensus parameter is 0 or isn't set. (Default: 0)
+config_options.NumDirectoryGuards.description If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we have at least NUM routers to use as directory guards. If this option is set to 0, use the value from the guard-n-primary-dir-guards-to-use consensus parameter, and default to 3 if the consensus parameter isn't set. (Default: 0)
 config_options.GuardLifetime.category Client
 config_options.GuardLifetime.name GuardLifetime
 config_options.GuardLifetime.usage N days|weeks|months
@@ -436,11 +421,6 @@ config_options.TestSocks.name TestSocks
 config_options.TestSocks.usage 0|1
 config_options.TestSocks.summary Provide notices for if socks connections are of the safe or unsafe variants
 config_options.TestSocks.description When this option is enabled, Tor will make a notice-level log entry for each connection to the Socks port indicating whether the request used a safe socks protocol or an unsafe one (see above entry on SafeSocks). This helps to determine whether an application using Tor is possibly leaking DNS requests. (Default: 0)
-config_options.WarnUnsafeSocks.category Client
-config_options.WarnUnsafeSocks.name WarnUnsafeSocks
-config_options.WarnUnsafeSocks.usage 0|1
-config_options.WarnUnsafeSocks.summary Toggle warning of unsafe socks connection
-config_options.WarnUnsafeSocks.description When this option is enabled, Tor will warn whenever a request is received that only contains an IP address instead of a hostname. Allowing applications to do DNS resolves themselves is usually a bad idea and can leak your location to attackers. (Default: 1)
 config_options.VirtualAddrNetworkIPv4.category Client
 config_options.VirtualAddrNetworkIPv4.name VirtualAddrNetworkIPv4
 config_options.VirtualAddrNetworkIPv4.usage Address/bits
@@ -466,14 +446,6 @@ config_options.AllowDotExit.name AllowDotExit
 config_options.AllowDotExit.usage 0|1
 config_options.AllowDotExit.summary Toggles allowing exit notation in addresses
 config_options.AllowDotExit.description If enabled, we convert "www.google.com.foo.exit" addresses on the SocksPort/TransPort/NATDPort into "www.google.com" addresses that exit from the node "foo". Disabled by default since attacking websites and exit relays can use it to manipulate your path selection. (Default: 0)
-config_options.FastFirstHopPK.category Client
-config_options.FastFirstHopPK.name FastFirstHopPK
-config_options.FastFirstHopPK.usage 0|1|auto
-config_options.FastFirstHopPK.summary Toggle public key usage for the first hop
-config_options.FastFirstHopPK.description 
-|When this option is disabled, Tor uses the public key step for the first hop of creating circuits. Skipping it is generally safe since we have already used TLS to authenticate the relay and to establish forward-secure keys. Turning this option off makes circuit building a little slower. Setting this option to "auto" takes advice from the authorities in the latest consensus about whether to use this feature.
-|
-|Note that Tor will always use the public key step for the first hop if it's operating as a relay, and it will never use the public key step if it doesn't yet know the onion key of the first hop. (Default: auto)
 config_options.TransPort.category Client
 config_options.TransPort.name TransPort
 config_options.TransPort.usage [address:]port|auto [isolation flags]
@@ -481,12 +453,7 @@ config_options.TransPort.summary Port for transparent proxying if the OS support
 config_options.TransPort.description 
 |Open this port to listen for transparent proxy connections. Set this to 0 if you don't want to allow transparent proxy connections. Set the port to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. See SOCKSPort for an explanation of isolation flags.
 |
-|TransPort requires OS support for transparent proxies, such as BSDs' pf or Linux's IPTables. If you're planning to use Tor as a transparent proxy for a network, you'll want to examine and change VirtualAddrNetwork from the default setting. You'll also want to set the TransListenAddress option for the network you'd like to proxy. (Default: 0)
-config_options.TransListenAddress.category Client
-config_options.TransListenAddress.name TransListenAddress
-config_options.TransListenAddress.usage IP[:PORT]
-config_options.TransListenAddress.summary Address from which transparent proxy connections can be made
-config_options.TransListenAddress.description Bind to this address to listen for transparent proxy connections. (Default: 127.0.0.1). This is useful for exporting a transparent proxy server to an entire network. (DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple TransPort entries, and provide addresses for TransPort entries, so TransListenAddress no longer has a purpose. For backward compatibility, TransListenAddress is only allowed when TransPort is just a port number.)
+|TransPort requires OS support for transparent proxies, such as BSDs' pf or Linux's IPTables. If you're planning to use Tor as a transparent proxy for a network, you'll want to examine and change VirtualAddrNetwork from the default setting. (Default: 0)
 config_options.TransProxyType.category Client
 config_options.TransProxyType.name TransProxyType
 config_options.TransProxyType.usage default|TPROXY|ipfw|pf-divert
@@ -494,7 +461,7 @@ config_options.TransProxyType.summary Proxy type to be used
 config_options.TransProxyType.description 
 |TransProxyType may only be enabled when there is transparent proxy listener enabled.
 |
-|Set this to "TPROXY" if you wish to be able to use the TPROXY Linux module to transparently proxy connections that are configured using the TransPort option. This setting lets the listener on the TransPort accept connections for all addresses, even when the TransListenAddress is configured for an internal address. Detailed information on how to configure the TPROXY feature can be found in the Linux kernel source tree in the file Documentation/networking/tproxy.txt.
+|Set this to "TPROXY" if you wish to be able to use the TPROXY Linux module to transparently proxy connections that are configured using the TransPort option. Detailed information on how to configure the TPROXY feature can be found in the Linux kernel source tree in the file Documentation/networking/tproxy.txt.
 |
 |Set this option to "ipfw" to use the FreeBSD ipfw interface.
 |
@@ -511,11 +478,6 @@ config_options.NATDPort.description
 |Open this port to listen for connections from old versions of ipfw (as included in old versions of FreeBSD, etc) using the NATD protocol. Use 0 if you don't want to allow NATD connections. Set the port to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. See SocksPort for an explanation of isolation flags.
 |
 |This option is only for people who cannot use TransPort. (Default: 0)
-config_options.NATDListenAddress.category Client
-config_options.NATDListenAddress.name NATDListenAddress
-config_options.NATDListenAddress.usage IP[:PORT]
-config_options.NATDListenAddress.summary Address from which NATD forwarded connections can be made
-config_options.NATDListenAddress.description Bind to this address to listen for NATD connections. (DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple NATDPort entries, and provide addresses for NATDPort entries, so NATDListenAddress no longer has a purpose. For backward compatibility, NATDListenAddress is only allowed when NATDPort is just a port number.)
 config_options.AutomapHostsOnResolve.category Client
 config_options.AutomapHostsOnResolve.name AutomapHostsOnResolve
 config_options.AutomapHostsOnResolve.usage 0|1
@@ -531,11 +493,6 @@ config_options.DNSPort.name DNSPort
 config_options.DNSPort.usage [address:]port|auto [isolation flags]
 config_options.DNSPort.summary Port from which DNS responses are fetched instead of tor
 config_options.DNSPort.description If non-zero, open this port to listen for UDP DNS requests, and resolve them anonymously. This port only handles A, AAAA, and PTR requests---it doesn't handle arbitrary DNS request types. Set the port to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. See SocksPort for an explanation of isolation flags. (Default: 0)
-config_options.DNSListenAddress.category Client
-config_options.DNSListenAddress.name DNSListenAddress
-config_options.DNSListenAddress.usage IP[:PORT]
-config_options.DNSListenAddress.summary Address for performing DNS resolution
-config_options.DNSListenAddress.description Bind to this address to listen for DNS connections. (DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple DNSPort entries, and provide addresses for DNSPort entries, so DNSListenAddress no longer has a purpose. For backward compatibility, DNSListenAddress is only allowed when DNSPort is just a port number.)
 config_options.ClientDNSRejectInternalAddresses.category Client
 config_options.ClientDNSRejectInternalAddresses.name ClientDNSRejectInternalAddresses
 config_options.ClientDNSRejectInternalAddresses.usage 0|1
@@ -545,7 +502,7 @@ config_options.ClientRejectInternalAddresses.category Client
 config_options.ClientRejectInternalAddresses.name ClientRejectInternalAddresses
 config_options.ClientRejectInternalAddresses.usage 0|1
 config_options.ClientRejectInternalAddresses.summary Disables use of Tor for internal connections
-config_options.ClientRejectInternalAddresses.description If true, Tor does not try to fulfill requests to connect to an internal address (like 127.0.0.1 or 192.168.0.1) unless a exit node is specifically requested (for example, via a .exit hostname, or a controller request). (Default: 1)
+config_options.ClientRejectInternalAddresses.description If true, Tor does not try to fulfill requests to connect to an internal address (like 127.0.0.1 or 192.168.0.1) unless a exit node is specifically requested (for example, via a .exit hostname, or a controller request). If true, multicast DNS hostnames for machines on the local network (of the form *.local) are also rejected. (Default: 1)
 config_options.DownloadExtraInfo.category Client
 config_options.DownloadExtraInfo.name DownloadExtraInfo
 config_options.DownloadExtraInfo.usage 0|1
@@ -561,11 +518,6 @@ config_options.RejectPlaintextPorts.name RejectPlaintextPorts
 config_options.RejectPlaintextPorts.usage port,port,...
 config_options.RejectPlaintextPorts.summary Prevents connections on risky ports
 config_options.RejectPlaintextPorts.description Like WarnPlaintextPorts, but instead of warning about risky port uses, Tor will instead refuse to make the connection. (Default: None)
-config_options.AllowSingleHopCircuits.category Client
-config_options.AllowSingleHopCircuits.name AllowSingleHopCircuits
-config_options.AllowSingleHopCircuits.usage 0|1
-config_options.AllowSingleHopCircuits.summary Makes use of single hop exits if able
-config_options.AllowSingleHopCircuits.description When this option is set, the attached Tor controller can use relays that have the AllowSingleHopExits option turned on to build one-hop Tor connections. (Default: 0)
 config_options.OptimisticData.category Client
 config_options.OptimisticData.name OptimisticData
 config_options.OptimisticData.usage 0|1|auto
@@ -722,16 +674,7 @@ config_options.DirPort.summary Port for directory connections
 config_options.DirPort.description 
 |If this option is nonzero, advertise the directory service on this port. Set it to "auto" to have Tor pick a port for you. This option can occur more than once, but only one advertised DirPort is supported: all but one DirPort must have the NoAdvertise flag set. (Default: 0)
 |
-|    The same flags are supported here as are supported by ORPort.
-config_options.DirListenAddress.category Directory
-config_options.DirListenAddress.name DirListenAddress
-config_options.DirListenAddress.usage IP[:PORT]
-config_options.DirListenAddress.summary Address the directory service is bound to
-config_options.DirListenAddress.description 
-|Bind the directory service to this address. If you specify a port, bind to this port rather than the one specified in DirPort. (Default: 0.0.0.0) This directive can be specified multiple times to bind to multiple addresses/ports.
-|
-|    This option is deprecated; you can get the same behavior with DirPort now
-|    that it supports NoAdvertise and explicit addresses.
+|The same flags are supported here as are supported by ORPort.
 config_options.DirPolicy.category Directory
 config_options.DirPolicy.name DirPolicy
 config_options.DirPolicy.usage policy,policy,...
@@ -749,6 +692,8 @@ config_options.BandwidthRate.summary Average bandwidth usage limit
 config_options.BandwidthRate.description 
 |A token bucket limits the average incoming bandwidth usage on this node to the specified number of bytes per second, and the average outgoing bandwidth usage to that same value. If you want to run a relay in the public network, this needs to be at the very least 75 KBytes for a relay (that is, 600 kbits) or 50 KBytes for a bridge (400 kbits) -- but of course, more is better; we recommend at least 250 KBytes (2 mbits) if possible. (Default: 1 GByte)
 |
+|Note that this option, and other bandwidth-limiting options, apply to TCP data only: They do not count TCP headers or DNS traffic.
+|
 |With this option, and in other options that take arguments in bytes, KBytes, and so on, other formats are also supported. Notably, "KBytes" can also be written as "kilobytes" or "kb"; "MBytes" can be written as "megabytes" or "MB"; "kbits" can be written as "kilobits"; and so forth. Tor also accepts "byte" and "bit" in the singular. The prefixes "tera" and "T" are also recognized. If no units are given, we default to bytes. To avoid confusion, we recommend writing "bytes" or "bits" explicitly, since it's easy to forget that "B" means bytes, not bits.
 config_options.BandwidthBurst.category General
 config_options.BandwidthBurst.name BandwidthBurst
@@ -868,11 +813,6 @@ config_options.ControlPort.description
 |
 |RelaxDirModeCheck
 |    Unix domain sockets only: Do not insist that the directory that holds the socket be read-restricted.
-config_options.ControlListenAddress.category General
-config_options.ControlListenAddress.name ControlListenAddress
-config_options.ControlListenAddress.usage IP[:PORT]
-config_options.ControlListenAddress.summary Address providing controller access
-config_options.ControlListenAddress.description Bind the controller listener to this address. If you specify a port, bind to this port rather than the one specified in ControlPort. We strongly recommend that you leave this alone unless you know what you're doing, since giving attackers access to your control listener is really dangerous. This directive can be specified multiple times to bind to multiple addresses/ports. (Default: 127.0.0.1)
 config_options.ControlSocket.category General
 config_options.ControlSocket.name ControlSocket
 config_options.ControlSocket.usage Path
@@ -917,7 +857,7 @@ config_options.DataDirectory.category General
 config_options.DataDirectory.name DataDirectory
 config_options.DataDirectory.usage DIR
 config_options.DataDirectory.summary Location for storing runtime data (state, keys, etc)
-config_options.DataDirectory.description Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
+config_options.DataDirectory.description Store working data in DIR. Can not be changed while tor is running. (Default: ~/.tor if your home directory is not /; otherwise, @LOCALSTATEDIR@/lib/tor. On Windows, the default is your ApplicationData folder.)
 config_options.DataDirectoryGroupReadable.category General
 config_options.DataDirectoryGroupReadable.name DataDirectoryGroupReadable
 config_options.DataDirectoryGroupReadable.usage 0|1
@@ -962,7 +902,7 @@ config_options.DisableAllSwap.category General
 config_options.DisableAllSwap.name DisableAllSwap
 config_options.DisableAllSwap.usage 0|1
 config_options.DisableAllSwap.summary Locks all allocated memory so they can't be paged out
-config_options.DisableAllSwap.description If set to 1, Tor will attempt to lock all current and future memory pages, so that memory cannot be paged out. Windows, OS X and Solaris are currently not supported. We believe that this feature works on modern Gnu/Linux distributions, and that it should work on *BSD systems (untested). This option requires that you start your Tor as root, and you should use the User option to properly reduce Tor's privileges. (Default: 0)
+config_options.DisableAllSwap.description If set to 1, Tor will attempt to lock all current and future memory pages, so that memory cannot be paged out. Windows, OS X and Solaris are currently not supported. We believe that this feature works on modern Gnu/Linux distributions, and that it should work on *BSD systems (untested). This option requires that you start your Tor as root, and you should use the User option to properly reduce Tor's privileges. Can not be changed while tor is running. (Default: 0)
 config_options.DisableDebuggerAttachment.category General
 config_options.DisableDebuggerAttachment.name DisableDebuggerAttachment
 config_options.DisableDebuggerAttachment.usage 0|1
@@ -992,7 +932,7 @@ config_options.FetchUselessDescriptors.category General
 config_options.FetchUselessDescriptors.name FetchUselessDescriptors
 config_options.FetchUselessDescriptors.usage 0|1
 config_options.FetchUselessDescriptors.summary Toggles if relay descriptors are fetched when they aren't strictly necessary
-config_options.FetchUselessDescriptors.description If set to 1, Tor will fetch every non-obsolete descriptor from the authorities that it hears about. Otherwise, it will avoid fetching useless descriptors, for example for routers that are not running. This option is useful if you're using the contributed "exitlist" script to enumerate Tor nodes that exit to certain addresses. (Default: 0)
+config_options.FetchUselessDescriptors.description If set to 1, Tor will fetch every consensus flavor, descriptor, and certificate that it hears about. Otherwise, it will avoid fetching useless descriptors: flavors that it is not using to build circuits, and authority certificates it does not trust. This option is useful if you're using a tor client with an external parser that uses a full consensus. This option fetches all documents, DirCache fetches and serves all documents. (Default: 0)
 config_options.HTTPProxy.category General
 config_options.HTTPProxy.name HTTPProxy
 config_options.HTTPProxy.usage host[:port]
@@ -1017,7 +957,21 @@ config_options.Sandbox.category General
 config_options.Sandbox.name Sandbox
 config_options.Sandbox.usage 0|1
 config_options.Sandbox.summary Run within a syscall sandbox
-config_options.Sandbox.description If set to 1, Tor will run securely through the use of a syscall sandbox. Otherwise the sandbox will be disabled. The option is currently an experimental feature. (Default: 0)
+config_options.Sandbox.description 
+|If set to 1, Tor will run securely through the use of a syscall sandbox. Otherwise the sandbox will be disabled. The option is currently an experimental feature. Can not be changed while tor is running.
+|
+|    When the Sandbox is 1, the following options can not be changed when tor
+|    is running:
+|    Address
+|    ConnLimit
+|    CookieAuthFile
+|    DirPortFrontPage
+|    ExtORPortCookieAuthFile
+|    Logs
+|    ServerDNSResolvConfFile
+|    Tor must remain in client or server mode (some changes to ClientOnly and
+|    ORPort are not allowed).
+|    (Default: 0)
 config_options.Socks4Proxy.category General
 config_options.Socks4Proxy.name Socks4Proxy
 config_options.Socks4Proxy.usage host[:port]
@@ -1075,11 +1029,21 @@ config_options.OutboundBindAddress.name OutboundBindAddress
 config_options.OutboundBindAddress.usage IP
 config_options.OutboundBindAddress.summary Sets the IP used for connecting to tor
 config_options.OutboundBindAddress.description Make all outbound connections originate from the IP address specified. This is only useful when you have multiple network interfaces, and you want all of Tor's outgoing connections to use a single one. This option may be used twice, once with an IPv4 address and once with an IPv6 address. This setting will be ignored for connections to the loopback addresses (127.0.0.0/8 and ::1).
+config_options.OutboundBindAddressOR.category General
+config_options.OutboundBindAddressOR.name OutboundBindAddressOR
+config_options.OutboundBindAddressOR.usage IP
+config_options.OutboundBindAddressOR.summary Make outbound non-exit connections originate from this address
+config_options.OutboundBindAddressOR.description Make all outbound non-exit (=relay and other) connections originate from the IP address specified. This option overrides OutboundBindAddress for the same IP version. This option may be used twice, once with an IPv4 address and once with an IPv6 address. This setting will be ignored for connections to the loopback addresses (127.0.0.0/8 and ::1).
+config_options.OutboundBindAddressExit.category General
+config_options.OutboundBindAddressExit.name OutboundBindAddressExit
+config_options.OutboundBindAddressExit.usage IP
+config_options.OutboundBindAddressExit.summary Make outbound exit connections originate from this address
+config_options.OutboundBindAddressExit.description Make all outbound exit connections originate from the IP address specified. This option overrides OutboundBindAddress for the same IP version. This option may be used twice, once with an IPv4 address and once with an IPv6 address. This setting will be ignored for connections to the loopback addresses (127.0.0.0/8 and ::1).
 config_options.PidFile.category General
 config_options.PidFile.name PidFile
 config_options.PidFile.usage FILE
 config_options.PidFile.summary Path for a file tor writes containing its process id
-config_options.PidFile.description On startup, write our PID to FILE. On clean shutdown, remove FILE.
+config_options.PidFile.description On startup, write our PID to FILE. On clean shutdown, remove FILE. Can not be changed while tor is running.
 config_options.ProtocolWarnings.category General
 config_options.ProtocolWarnings.name ProtocolWarnings
 config_options.ProtocolWarnings.usage 0|1
@@ -1089,12 +1053,12 @@ config_options.PredictedPortsRelevanceTime.category General
 config_options.PredictedPortsRelevanceTime.name PredictedPortsRelevanceTime
 config_options.PredictedPortsRelevanceTime.usage NUM
 config_options.PredictedPortsRelevanceTime.summary Duration to ensure circuits for previously used ports remain available
-config_options.PredictedPortsRelevanceTime.description Set how long, after the client has made an anonymized connection to a given port, we will try to make sure that we build circuits to exits that support that port. The maximum value for this option is 1 hour. (Default: 1 hour)
+config_options.PredictedPortsRelevanceTime.description Set how long, after the client has made an anonymized connection to a given port, we will try to make sure that we build circuits to exits that support that port. This option is deprecated. Please use CircuitsAvailableTimeout instead.
 config_options.RunAsDaemon.category General
 config_options.RunAsDaemon.name RunAsDaemon
 config_options.RunAsDaemon.usage 0|1
 config_options.RunAsDaemon.summary Toggles if tor runs as a daemon process
-config_options.RunAsDaemon.description If 1, Tor forks and daemonizes to the background. This option has no effect on Windows; instead you should use the --service command-line option. (Default: 0)
+config_options.RunAsDaemon.description If 1, Tor forks and daemonizes to the background. This option has no effect on Windows; instead you should use the --service command-line option. Can not be changed while tor is running. (Default: 0)
 config_options.LogTimeGranularity.category General
 config_options.LogTimeGranularity.name LogTimeGranularity
 config_options.LogTimeGranularity.usage NUM
@@ -1109,7 +1073,7 @@ config_options.SyslogIdentityTag.category General
 config_options.SyslogIdentityTag.name SyslogIdentityTag
 config_options.SyslogIdentityTag.usage tag
 config_options.SyslogIdentityTag.summary Tag logs appended to the syslog as being from tor
-config_options.SyslogIdentityTag.description When logging to syslog, adds a tag to the syslog identity such that log entries are marked with "Tor-tag". (Default: none)
+config_options.SyslogIdentityTag.description When logging to syslog, adds a tag to the syslog identity such that log entries are marked with "Tor-tag". Can not be changed while tor is running. (Default: none)
 config_options.SafeLogging.category General
 config_options.SafeLogging.name SafeLogging
 config_options.SafeLogging.usage 0|1|relay
@@ -1122,27 +1086,27 @@ config_options.User.category General
 config_options.User.name User
 config_options.User.usage Username
 config_options.User.summary UID for the process when started
-config_options.User.description On startup, setuid to this user and setgid to their primary group.
+config_options.User.description On startup, setuid to this user and setgid to their primary group. Can not be changed while tor is running.
 config_options.KeepBindCapabilities.category General
 config_options.KeepBindCapabilities.name KeepBindCapabilities
 config_options.KeepBindCapabilities.usage 0|1|auto
 config_options.KeepBindCapabilities.summary Retain permission for binding to low valued ports
-config_options.KeepBindCapabilities.description On Linux, when we are started as root and we switch our identity using the User option, the KeepBindCapabilities option tells us whether to try to retain our ability to bind to low ports. If this value is 1, we try to keep the capability; if it is 0 we do not; and if it is auto, we keep the capability only if we are configured to listen on a low port. (Default: auto.)
+config_options.KeepBindCapabilities.description On Linux, when we are started as root and we switch our identity using the User option, the KeepBindCapabilities option tells us whether to try to retain our ability to bind to low ports. If this value is 1, we try to keep the capability; if it is 0 we do not; and if it is auto, we keep the capability only if we are configured to listen on a low port. Can not be changed while tor is running. (Default: auto.)
 config_options.HardwareAccel.category General
 config_options.HardwareAccel.name HardwareAccel
 config_options.HardwareAccel.usage 0|1
 config_options.HardwareAccel.summary Toggles if tor attempts to use hardware acceleration
-config_options.HardwareAccel.description If non-zero, try to use built-in (static) crypto hardware acceleration when available. (Default: 0)
+config_options.HardwareAccel.description If non-zero, try to use built-in (static) crypto hardware acceleration when available. Can not be changed while tor is running. (Default: 0)
 config_options.AccelName.category General
 config_options.AccelName.name AccelName
 config_options.AccelName.usage NAME
 config_options.AccelName.summary OpenSSL engine name for crypto acceleration
-config_options.AccelName.description When using OpenSSL hardware crypto acceleration attempt to load the dynamic engine of this name. This must be used for any dynamic hardware engine. Names can be verified with the openssl engine command.
+config_options.AccelName.description When using OpenSSL hardware crypto acceleration attempt to load the dynamic engine of this name. This must be used for any dynamic hardware engine. Names can be verified with the openssl engine command. Can not be changed while tor is running.
 config_options.AccelDir.category General
 config_options.AccelDir.name AccelDir
 config_options.AccelDir.usage DIR
 config_options.AccelDir.summary Crypto acceleration library path
-config_options.AccelDir.description Specify this option if using dynamic hardware acceleration and the engine implementation library resides somewhere other than the OpenSSL default.
+config_options.AccelDir.description Specify this option if using dynamic hardware acceleration and the engine implementation library resides somewhere other than the OpenSSL default. Can not be changed while tor is running.
 config_options.AvoidDiskWrites.category General
 config_options.AvoidDiskWrites.name AvoidDiskWrites
 config_options.AvoidDiskWrites.usage 0|1
@@ -1158,16 +1122,16 @@ config_options.CountPrivateBandwidth.name CountPrivateBandwidth
 config_options.CountPrivateBandwidth.usage 0|1
 config_options.CountPrivateBandwidth.summary Applies rate limiting to private IP addresses
 config_options.CountPrivateBandwidth.description If this option is set, then Tor's rate-limiting applies not only to remote connections, but also to connections to private addresses like 127.0.0.1 or 10.0.0.1. This is mostly useful for debugging rate-limiting. (Default: 0)
+config_options.ExtendByEd25519ID.category General
+config_options.ExtendByEd25519ID.name ExtendByEd25519ID
+config_options.ExtendByEd25519ID.usage 0|1|auto
+config_options.ExtendByEd25519ID.summary Include Ed25519 identifier when extending circuits
+config_options.ExtendByEd25519ID.description If this option is set to 1, we always try to include a relay's Ed25519 ID when telling the proceeding relay in a circuit to extend to it. If this option is set to 0, we never include Ed25519 IDs when extending circuits. If the option is set to "default", we obey a parameter in the consensus document. (Default: auto)
 config_options.Address.category Relay
 config_options.Address.name Address
 config_options.Address.usage address
 config_options.Address.summary Overwrites address others will use to reach this relay
 config_options.Address.description The IP address or fully qualified domain name of this server (e.g. moria.mit.edu). You can leave this unset, and Tor will guess your IP address. This IP address is the one used to tell clients and other servers where to find your Tor server; it doesn't affect the IP that your Tor client binds to. To bind to a different address, use the *ListenAddress and OutboundBindAddress options.
-config_options.AllowSingleHopExits.category Relay
-config_options.AllowSingleHopExits.name AllowSingleHopExits
-config_options.AllowSingleHopExits.usage 0|1
-config_options.AllowSingleHopExits.summary Toggles permitting use of this relay as a single hop proxy
-config_options.AllowSingleHopExits.description This option controls whether clients can use this server as a single hop proxy. If set to 1, clients can use this server as an exit even if it is the only hop in the circuit. Note that most clients will refuse to use servers that set this option, since most clients have ExcludeSingleHopRelays set. (Default: 0)
 config_options.AssumeReachable.category Relay
 config_options.AssumeReachable.name AssumeReachable
 config_options.AssumeReachable.usage 0|1
@@ -1226,8 +1190,7 @@ config_options.ExitPolicy.description
 |    reject *:6881-6999
 |    accept *:*
 |
-|    Since the default exit policy uses accept/reject *, it applies to both
-|    IPv4 and IPv6 addresses.
+|Since the default exit policy uses accept/reject *, it applies to both IPv4 and IPv6 addresses.
 config_options.ExitPolicyRejectPrivate.category Relay
 config_options.ExitPolicyRejectPrivate.name ExitPolicyRejectPrivate
 config_options.ExitPolicyRejectPrivate.usage 0|1
@@ -1250,10 +1213,10 @@ config_options.MaxOnionQueueDelay.summary Duration to reject new onionskins if w
 config_options.MaxOnionQueueDelay.description If we have more onionskins queued for processing than we can process in this amount of time, reject new ones. (Default: 1750 msec)
 config_options.MyFamily.category Relay
 config_options.MyFamily.name MyFamily
-config_options.MyFamily.usage node,node,...
+config_options.MyFamily.usage fingerprint,fingerprint,...
 config_options.MyFamily.summary Other relays this operator administers
 config_options.MyFamily.description 
-|Declare that this Tor server is controlled or administered by a group or organization identical or similar to that of the other servers, defined by their identity fingerprints. When two servers both declare that they are in the same 'family', Tor clients will not use them in the same circuit. (Each server only needs to list the other servers in its family; it doesn't need to list itself, but it won't hurt.) Do not list any bridge relay as it would compromise its concealment.
+|Declare that this Tor relay is controlled or administered by a group or organization identical or similar to that of the other relays, defined by their (possibly $-prefixed) identity fingerprints. This option can be repeated many times, for convenience in defining large families: all fingerprints in all MyFamily lines are merged into one list. When two relays both declare that they are in the same 'family', Tor clients will not use them in the same circuit. (Each relay only needs to list the other servers in its family; it doesn't need to list itself, but it won't hurt if it does.) Do not list any bridge relay as it would compromise its concealment.
 |
 |When listing a node, it's better to list it by fingerprint than by nickname: fingerprints are more reliable.
 config_options.Nickname.category Relay
@@ -1273,35 +1236,21 @@ config_options.ORPort.summary Port used to accept relay traffic
 config_options.ORPort.description 
 |Advertise this port to listen for connections from Tor clients and servers. This option is required to be a Tor server. Set it to "auto" to have Tor pick a port for you. Set it to 0 to not run an ORPort at all. This option can occur more than once. (Default: 0)
 |
-|    Tor recognizes these flags on each ORPort:
-|    **NoAdvertise**::
-|        By default, we bind to a port and tell our users about it. If
-|        NoAdvertise is specified, we don't advertise, but listen anyway.  This
-|        can be useful if the port everybody will be connecting to (for
-|        example, one that's opened on our firewall) is somewhere else.
-|    **NoListen**::
-|        By default, we bind to a port and tell our users about it. If
-|        NoListen is specified, we don't bind, but advertise anyway.  This
-|        can be useful if something else  (for example, a firewall's port
-|        forwarding configuration) is causing connections to reach us.
-|    **IPv4Only**::
-|        If the address is absent, or resolves to both an IPv4 and an IPv6
-|        address, only listen to the IPv4 address.
-|    **IPv6Only**::
-|        If the address is absent, or resolves to both an IPv4 and an IPv6
-|        address, only listen to the IPv6 address.
-|
-|    For obvious reasons, NoAdvertise and NoListen are mutually exclusive, and
-|    IPv4Only and IPv6Only are mutually exclusive.
-config_options.ORListenAddress.category Relay
-config_options.ORListenAddress.name ORListenAddress
-config_options.ORListenAddress.usage IP[:PORT]
-config_options.ORListenAddress.summary Address for relay connections
-config_options.ORListenAddress.description 
-|Bind to this IP address to listen for connections from Tor clients and servers. If you specify a port, bind to this port rather than the one specified in ORPort. (Default: 0.0.0.0) This directive can be specified multiple times to bind to multiple addresses/ports.
-|
-|    This option is deprecated; you can get the same behavior with ORPort now
-|    that it supports NoAdvertise and explicit addresses.
+|Tor recognizes these flags on each ORPort:
+|
+|NoAdvertise
+|    By default, we bind to a port and tell our users about it. If NoAdvertise is specified, we don't advertise, but listen anyway. This can be useful if the port everybody will be connecting to (for example, one that's opened on our firewall) is somewhere else.
+|
+|NoListen
+|    By default, we bind to a port and tell our users about it. If NoListen is specified, we don't bind, but advertise anyway. This can be useful if something else (for example, a firewall's port forwarding configuration) is causing connections to reach us.
+|
+|IPv4Only
+|    If the address is absent, or resolves to both an IPv4 and an IPv6 address, only listen to the IPv4 address.
+|
+|IPv6Only
+|    If the address is absent, or resolves to both an IPv4 and an IPv6 address, only listen to the IPv6 address.
+|
+|For obvious reasons, NoAdvertise and NoListen are mutually exclusive, and IPv4Only and IPv6Only are mutually exclusive.
 config_options.PortForwarding.category Relay
 config_options.PortForwarding.name PortForwarding
 config_options.PortForwarding.usage 0|1
@@ -1405,16 +1354,16 @@ config_options.GeoIPv6File.name GeoIPv6File
 config_options.GeoIPv6File.usage filename
 config_options.GeoIPv6File.summary Path to file containing IPv6 geoip information
 config_options.GeoIPv6File.description A filename containing IPv6 GeoIP data, for use with by-country statistics.
-config_options.TLSECGroup.category Relay
-config_options.TLSECGroup.name TLSECGroup
-config_options.TLSECGroup.usage P224|P256
-config_options.TLSECGroup.summary EC group for incoming SSL connections
-config_options.TLSECGroup.description What EC group should we try to use for incoming TLS connections? P224 is faster, but makes us stand out more. Has no effect if we're a client, or if our OpenSSL version lacks support for ECDHE. (Default: P256)
 config_options.CellStatistics.category Relay
 config_options.CellStatistics.name CellStatistics
 config_options.CellStatistics.usage 0|1
 config_options.CellStatistics.summary Toggles storing circuit queue duration to disk
 config_options.CellStatistics.description Relays only. When this option is enabled, Tor collects statistics about cell processing (i.e. mean time a cell is spending in a queue, mean number of cells in a queue and mean number of processed cells per circuit) and writes them into disk every 24 hours. Onion router operators may use the statistics for performance monitoring. If ExtraInfoStatistics is enabled, it will published as part of extra-info document. (Default: 0)
+config_options.PaddingStatistics.category Relay
+config_options.PaddingStatistics.name PaddingStatistics
+config_options.PaddingStatistics.usage 0|1
+config_options.PaddingStatistics.summary Toggles storing padding counts
+config_options.PaddingStatistics.description Relays only. When this option is enabled, Tor collects statistics for padding cells sent and received by this relay, in addition to total cell counts. These statistics are rounded, and omitted if traffic is low. This information is important for load balancing decisions related to padding. (Default: 1)
 config_options.DirReqStatistics.category Relay
 config_options.DirReqStatistics.name DirReqStatistics
 config_options.DirReqStatistics.usage 0|1
@@ -1504,7 +1453,7 @@ config_options.HiddenServiceMaxStreams.category Hidden Service
 config_options.HiddenServiceMaxStreams.name HiddenServiceMaxStreams
 config_options.HiddenServiceMaxStreams.usage N
 config_options.HiddenServiceMaxStreams.summary Maximum streams per rendezvous circuit
-config_options.HiddenServiceMaxStreams.description The maximum number of simultaneous streams (connections) per rendezvous circuit. (Setting this to 0 will allow an unlimited number of simultanous streams.) (Default: 0)
+config_options.HiddenServiceMaxStreams.description The maximum number of simultaneous streams (connections) per rendezvous circuit. The maximum value allowed is 65535. (Setting this to 0 will allow an unlimited number of simultanous streams.) (Default: 0)
 config_options.HiddenServiceMaxStreamsCloseCircuit.category Hidden Service
 config_options.HiddenServiceMaxStreamsCloseCircuit.name HiddenServiceMaxStreamsCloseCircuit
 config_options.HiddenServiceMaxStreamsCloseCircuit.usage 0|1
@@ -1514,7 +1463,7 @@ config_options.RendPostPeriod.category Hidden Service
 config_options.RendPostPeriod.name RendPostPeriod
 config_options.RendPostPeriod.usage N seconds|minutes|hours|days|weeks
 config_options.RendPostPeriod.summary Period at which the rendezvous service descriptors are refreshed
-config_options.RendPostPeriod.description Every time the specified period elapses, Tor uploads any rendezvous service descriptors to the directory servers. This information is also uploaded whenever it changes. (Default: 1 hour)
+config_options.RendPostPeriod.description Every time the specified period elapses, Tor uploads any rendezvous service descriptors to the directory servers. This information is also uploaded whenever it changes. Minimum value allowed is 10 minutes and maximum is 3.5 days. (Default: 1 hour)
 config_options.HiddenServiceDirGroupReadable.category Hidden Service
 config_options.HiddenServiceDirGroupReadable.name HiddenServiceDirGroupReadable
 config_options.HiddenServiceDirGroupReadable.usage 0|1
@@ -1532,24 +1481,14 @@ config_options.HiddenServiceSingleHopMode.summary Allow non-anonymous single hop
 config_options.HiddenServiceSingleHopMode.description 
 |Experimental - Non Anonymous Hidden Services on a tor instance in HiddenServiceSingleHopMode make one-hop (direct) circuits between the onion service server, and the introduction and rendezvous points. (Onion service descriptors are still posted using 3-hop paths, to avoid onion service directories blocking the service.) This option makes every hidden service instance hosted by a tor instance a Single Onion Service. One-hop circuits make Single Onion servers easily locatable, but clients remain location-anonymous. However, the fact that a client is accessing a Single Onion rather than a Hidden Service may be statistically distinguishable.
 |
-|    **WARNING:** Once a hidden service directory has been used by a tor
-|    instance in HiddenServiceSingleHopMode, it can **NEVER** be used again for
-|    a hidden service. It is best practice to create a new hidden service
-|    directory, key, and address for each new Single Onion Service and Hidden
-|    Service. It is not possible to run Single Onion Services and Hidden
-|    Services from the same tor instance: they should be run on different
-|    servers with different IP addresses.
-|
-|    HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be set
-|    to 1. Since a Single Onion service is non-anonymous, you can not configure
-|    a SOCKSPort on a tor instance that is running in
-|    **HiddenServiceSingleHopMode**.
-|    (Default: 0)
+|WARNING: Once a hidden service directory has been used by a tor instance in HiddenServiceSingleHopMode, it can NEVER be used again for a hidden service. It is best practice to create a new hidden service directory, key, and address for each new Single Onion Service and Hidden Service. It is not possible to run Single Onion Services and Hidden Services from the same tor instance: they should be run on different servers with different IP addresses.
+|
+|HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be set to 1. Since a Single Onion service is non-anonymous, you can not configure a SOCKSPort on a tor instance that is running in HiddenServiceSingleHopMode. Can not be changed while tor is running. (Default: 0)
 config_options.HiddenServiceNonAnonymousMode.category Hidden Service
 config_options.HiddenServiceNonAnonymousMode.name HiddenServiceNonAnonymousMode
 config_options.HiddenServiceNonAnonymousMode.usage 0|1
 config_options.HiddenServiceNonAnonymousMode.summary Enables HiddenServiceSingleHopMode to be set
-config_options.HiddenServiceNonAnonymousMode.description Makes hidden services non-anonymous on this tor instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables direct connections in the server-side hidden service protocol. If you are using this option, you need to disable all client-side services on your Tor instance, including setting SOCKSPort to "0". (Default: 0)
+config_options.HiddenServiceNonAnonymousMode.description Makes hidden services non-anonymous on this tor instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables direct connections in the server-side hidden service protocol. If you are using this option, you need to disable all client-side services on your Tor instance, including setting SOCKSPort to "0". Can not be changed while tor is running. (Default: 0)
 config_options.TestingTorNetwork.category Testing
 config_options.TestingTorNetwork.name TestingTorNetwork
 config_options.TestingTorNetwork.usage 0|1
@@ -1880,11 +1819,6 @@ config_options.AuthDirMaxServersPerAddr.name AuthDirMaxServersPerAddr
 config_options.AuthDirMaxServersPerAddr.usage NUM
 config_options.AuthDirMaxServersPerAddr.summary Limit on the number of relays accepted per ip
 config_options.AuthDirMaxServersPerAddr.description Authoritative directories only. The maximum number of servers that we will list as acceptable on a single IP address. Set this to "0" for "no limit". (Default: 2)
-config_options.AuthDirMaxServersPerAuthAddr.category Authority
-config_options.AuthDirMaxServersPerAuthAddr.name AuthDirMaxServersPerAuthAddr
-config_options.AuthDirMaxServersPerAuthAddr.usage NUM
-config_options.AuthDirMaxServersPerAuthAddr.summary Limit on the number of relays accepted per an authority's ip
-config_options.AuthDirMaxServersPerAuthAddr.description Authoritative directories only. Like AuthDirMaxServersPerAddr, but applies to addresses shared with directory authorities. (Default: 5)
 config_options.AuthDirFastGuarantee.category Authority
 config_options.AuthDirFastGuarantee.name AuthDirFastGuarantee
 config_options.AuthDirFastGuarantee.usage N bytes|KBytes|MBytes|GBytes|TBytes|KBits|MBits|GBits|TBits
@@ -1899,12 +1833,17 @@ config_options.AuthDirPinKeys.category Authority
 config_options.AuthDirPinKeys.name AuthDirPinKeys
 config_options.AuthDirPinKeys.usage 0|1
 config_options.AuthDirPinKeys.summary Don't accept descriptors with conflicting identity keypairs
-config_options.AuthDirPinKeys.description Authoritative directories only. If non-zero, do not allow any relay to publish a descriptor if any other relay has reserved its <Ed25519,RSA> identity keypair. In all cases, Tor records every keypair it accepts in a journal if it is new, or if it differs from the most recently accepted pinning for one of the keys it contains. (Default: 0)
+config_options.AuthDirPinKeys.description Authoritative directories only. If non-zero, do not allow any relay to publish a descriptor if any other relay has reserved its <Ed25519,RSA> identity keypair. In all cases, Tor records every keypair it accepts in a journal if it is new, or if it differs from the most recently accepted pinning for one of the keys it contains. (Default: 1)
 config_options.AuthDirSharedRandomness.category Authority
 config_options.AuthDirSharedRandomness.name AuthDirSharedRandomness
 config_options.AuthDirSharedRandomness.usage 0|1
 config_options.AuthDirSharedRandomness.summary Participates in shared randomness voting
 config_options.AuthDirSharedRandomness.description Authoritative directories only. Switch for the shared random protocol. If zero, the authority won't participate in the protocol. If non-zero (default), the flag "shared-rand-participate" is added to the authority vote indicating participation in the protocol. (Default: 1)
+config_options.AuthDirTestEd25519LinkKeys.category Authority
+config_options.AuthDirTestEd25519LinkKeys.name AuthDirTestEd25519LinkKeys
+config_options.AuthDirTestEd25519LinkKeys.usage 0|1
+config_options.AuthDirTestEd25519LinkKeys.summary Require proper Ed25519 key for the Running flag
+config_options.AuthDirTestEd25519LinkKeys.description Authoritative directories only. If this option is set to 0, then we treat relays as "Running" if their RSA key is correct when we probe them, regardless of their Ed25519 key. We should only ever set this option to 0 if there is some major bug in Ed25519 link authentication that causes us to label all the relays as not Running. (Default: 1)
 config_options.BridgePassword.category Authority
 config_options.BridgePassword.name BridgePassword
 config_options.BridgePassword.usage Password
diff --git a/stem/descriptor/fallback_directories.cfg b/stem/descriptor/fallback_directories.cfg
index af2ff70..234f80b 100644
--- a/stem/descriptor/fallback_directories.cfg
+++ b/stem/descriptor/fallback_directories.cfg
@@ -1,48 +1,115 @@
-tor_commit 30275b048f1c541b99c13808915f49671196fc7f
-stem_commit 3c3fc11c6bb0ef7bcc3ebd12f2a055b0950dcfac
-01A9258A46E97FF8B2CAC7910577862C14F2C524.address 193.171.202.146
-01A9258A46E97FF8B2CAC7910577862C14F2C524.or_port 9001
-01A9258A46E97FF8B2CAC7910577862C14F2C524.dir_port 9030
-0756B7CD4DFC8182BE23143FAC0642F515182CEB.address 5.9.110.236
-0756B7CD4DFC8182BE23143FAC0642F515182CEB.or_port 9001
-0756B7CD4DFC8182BE23143FAC0642F515182CEB.dir_port 9030
-0756B7CD4DFC8182BE23143FAC0642F515182CEB.orport6_address 2a01:4f8:162:51e2::2
-0756B7CD4DFC8182BE23143FAC0642F515182CEB.orport6_port 9001
+tor_commit 4181e812c75a7a1d8d70f29a404d23e6ab875891
+stem_commit 84ef872f52932cb4e5b19f0358d24c44347c1fa3
+001524DD403D729F08F7E5D77813EF12756CFA8D.address 185.13.39.197
+001524DD403D729F08F7E5D77813EF12756CFA8D.or_port 443
+001524DD403D729F08F7E5D77813EF12756CFA8D.dir_port 80
+025B66CEBC070FCB0519D206CF0CF4965C20C96E.address 185.100.85.61
+025B66CEBC070FCB0519D206CF0CF4965C20C96E.or_port 443
+025B66CEBC070FCB0519D206CF0CF4965C20C96E.dir_port 80
+0266B0660F3F20A7D1F3D8335931C95EF50F6C6B.address 62.210.92.11
+0266B0660F3F20A7D1F3D8335931C95EF50F6C6B.or_port 9001
+0266B0660F3F20A7D1F3D8335931C95EF50F6C6B.dir_port 9030
+0266B0660F3F20A7D1F3D8335931C95EF50F6C6B.orport6_address 2001:bc8:338c::1
+0266B0660F3F20A7D1F3D8335931C95EF50F6C6B.orport6_port 9001
+04250C3835019B26AA6764E85D836088BE441088.address 185.97.32.18
+04250C3835019B26AA6764E85D836088BE441088.or_port 9001
+04250C3835019B26AA6764E85D836088BE441088.dir_port 9030
+0639612FF149AA19DF3BCEA147E5B8FED6F3C87C.address 92.222.20.130
+0639612FF149AA19DF3BCEA147E5B8FED6F3C87C.or_port 443
+0639612FF149AA19DF3BCEA147E5B8FED6F3C87C.dir_port 80
+0B85617241252517E8ECF2CFC7F4C1A32DCD153F.address 163.172.149.155
+0B85617241252517E8ECF2CFC7F4C1A32DCD153F.or_port 443
+0B85617241252517E8ECF2CFC7F4C1A32DCD153F.dir_port 80
 0BEA4A88D069753218EAAAD6D22EA87B9A1319D6.address 5.39.92.199
 0BEA4A88D069753218EAAAD6D22EA87B9A1319D6.or_port 443
 0BEA4A88D069753218EAAAD6D22EA87B9A1319D6.dir_port 80
-0C2C599AFCB26F5CFC2C7592435924C1D63D9484.address 5.196.88.122
-0C2C599AFCB26F5CFC2C7592435924C1D63D9484.or_port 9001
-0C2C599AFCB26F5CFC2C7592435924C1D63D9484.dir_port 9030
+0BEA4A88D069753218EAAAD6D22EA87B9A1319D6.orport6_address 2001:41d0:8:b1c7::1
+0BEA4A88D069753218EAAAD6D22EA87B9A1319D6.orport6_port 443
+0CF8F3E6590F45D50B70F2F7DA6605ECA6CD408F.address 163.172.25.118
+0CF8F3E6590F45D50B70F2F7DA6605ECA6CD408F.or_port 22
+0CF8F3E6590F45D50B70F2F7DA6605ECA6CD408F.dir_port 80
 0D3EBA17E1C78F1E9900BABDB23861D46FCAF163.address 178.62.197.82
 0D3EBA17E1C78F1E9900BABDB23861D46FCAF163.or_port 443
 0D3EBA17E1C78F1E9900BABDB23861D46FCAF163.dir_port 80
-17898F9A2EBC7D69DAF87C00A1BD2FABF3C9E1D2.address 178.32.216.146
-17898F9A2EBC7D69DAF87C00A1BD2FABF3C9E1D2.or_port 9001
-17898F9A2EBC7D69DAF87C00A1BD2FABF3C9E1D2.dir_port 9030
+0E8C0C8315B66DB5F703804B3889A1DD66C67CE0.address 185.100.86.100
+0E8C0C8315B66DB5F703804B3889A1DD66C67CE0.or_port 443
+0E8C0C8315B66DB5F703804B3889A1DD66C67CE0.dir_port 80
+0F100F60C7A63BED90216052324D29B08CFCF797.address 5.9.159.14
+0F100F60C7A63BED90216052324D29B08CFCF797.or_port 9001
+0F100F60C7A63BED90216052324D29B08CFCF797.dir_port 9030
+12AD30E5D25AA67F519780E2111E611A455FDC89.address 193.11.114.43
+12AD30E5D25AA67F519780E2111E611A455FDC89.or_port 9001
+12AD30E5D25AA67F519780E2111E611A455FDC89.dir_port 9030
+12AD30E5D25AA67F519780E2111E611A455FDC89.orport6_address 2001:6b0:30:1000::99
+12AD30E5D25AA67F519780E2111E611A455FDC89.orport6_port 9050
+12FD624EE73CEF37137C90D38B2406A66F68FAA2.address 37.157.195.87
+12FD624EE73CEF37137C90D38B2406A66F68FAA2.or_port 443
+12FD624EE73CEF37137C90D38B2406A66F68FAA2.dir_port 8030
+175921396C7C426309AB03775A9930B6F611F794.address 178.62.60.37
+175921396C7C426309AB03775A9930B6F611F794.or_port 443
+175921396C7C426309AB03775A9930B6F611F794.dir_port 80
+185F2A57B0C4620582602761097D17DB81654F70.address 204.11.50.131
+185F2A57B0C4620582602761097D17DB81654F70.or_port 9001
+185F2A57B0C4620582602761097D17DB81654F70.dir_port 9030
+1A6B8B8272632D8AD38442027F822A367128405C.address 92.222.4.102
+1A6B8B8272632D8AD38442027F822A367128405C.or_port 9001
+1A6B8B8272632D8AD38442027F822A367128405C.dir_port 9030
+1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA.address 5.9.158.75
+1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA.or_port 443
+1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA.dir_port 80
+1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA.orport6_address 2a01:4f8:190:514a::2
+1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA.orport6_port 443
 1DBAED235E3957DE1ABD25B4206BE71406FB61F8.address 46.101.151.222
 1DBAED235E3957DE1ABD25B4206BE71406FB61F8.or_port 443
 1DBAED235E3957DE1ABD25B4206BE71406FB61F8.dir_port 80
 1ECD73B936CB6E6B3CD647CC204F108D9DF2C9F7.address 91.219.237.229
 1ECD73B936CB6E6B3CD647CC204F108D9DF2C9F7.or_port 443
 1ECD73B936CB6E6B3CD647CC204F108D9DF2C9F7.dir_port 80
+1F45542A24A61BF9408F1C05E0DCE4E29F2CBA11.address 5.9.146.203
+1F45542A24A61BF9408F1C05E0DCE4E29F2CBA11.or_port 443
+1F45542A24A61BF9408F1C05E0DCE4E29F2CBA11.dir_port 80
 20462CBA5DA4C2D963567D17D0B7249718114A68.address 212.47.229.2
 20462CBA5DA4C2D963567D17D0B7249718114A68.or_port 9001
 20462CBA5DA4C2D963567D17D0B7249718114A68.dir_port 9030
-2541759BEC04D37811C2209A88E863320271EC9C.address 185.61.138.18
-2541759BEC04D37811C2209A88E863320271EC9C.or_port 4443
-2541759BEC04D37811C2209A88E863320271EC9C.dir_port 8080
+20462CBA5DA4C2D963567D17D0B7249718114A68.orport6_address 2001:bc8:4400:2100::f03
+20462CBA5DA4C2D963567D17D0B7249718114A68.orport6_port 9001
+20704E7DD51501DC303FA51B738D7B7E61397CF6.address 91.219.236.222
+20704E7DD51501DC303FA51B738D7B7E61397CF6.or_port 443
+20704E7DD51501DC303FA51B738D7B7E61397CF6.dir_port 80
+22F08CF09764C4E8982640D77F71ED72FF26A9AC.address 144.76.163.93
+22F08CF09764C4E8982640D77F71ED72FF26A9AC.or_port 9001
+22F08CF09764C4E8982640D77F71ED72FF26A9AC.dir_port 9030
+230A8B2A8BA861210D9B4BA97745AEC217A94207.address 163.172.176.167
+230A8B2A8BA861210D9B4BA97745AEC217A94207.or_port 443
+230A8B2A8BA861210D9B4BA97745AEC217A94207.dir_port 80
+2A4C448784F5A83AFE6C78DA357D5E31F7989DEB.address 212.47.240.10
+2A4C448784F5A83AFE6C78DA357D5E31F7989DEB.or_port 443
+2A4C448784F5A83AFE6C78DA357D5E31F7989DEB.dir_port 82
 2BA2C8E96B2590E1072AECE2BDB5C48921BF8510.address 144.76.26.175
 2BA2C8E96B2590E1072AECE2BDB5C48921BF8510.or_port 9011
 2BA2C8E96B2590E1072AECE2BDB5C48921BF8510.dir_port 9012
+2CDCFED0142B28B002E89D305CBA2E26063FADE2.address 178.16.208.56
+2CDCFED0142B28B002E89D305CBA2E26063FADE2.or_port 443
+2CDCFED0142B28B002E89D305CBA2E26063FADE2.dir_port 80
+2CDCFED0142B28B002E89D305CBA2E26063FADE2.orport6_address 2a00:1c20:4089:1234:cd49:b58a:9ebe:67ec
+2CDCFED0142B28B002E89D305CBA2E26063FADE2.orport6_port 443
 2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E.address 62.210.124.124
 2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E.or_port 9101
 2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E.dir_port 9130
 2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E.orport6_address 2001:bc8:3f23:100::1
 2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E.orport6_port 9101
+2F0F32AB1E5B943CA7D062C03F18960C86E70D94.address 97.74.237.196
+2F0F32AB1E5B943CA7D062C03F18960C86E70D94.or_port 9001
+2F0F32AB1E5B943CA7D062C03F18960C86E70D94.dir_port 9030
 30648BC64CEDB3020F4A405E4AB2A6347FB8FA22.address 213.61.66.118
 30648BC64CEDB3020F4A405E4AB2A6347FB8FA22.or_port 9001
 30648BC64CEDB3020F4A405E4AB2A6347FB8FA22.dir_port 9031
+30973217E70AF00EBE51797FF6D9AA720A902EAA.address 107.170.101.39
+30973217E70AF00EBE51797FF6D9AA720A902EAA.or_port 443
+30973217E70AF00EBE51797FF6D9AA720A902EAA.dir_port 9030
+30C19B81981F450C402306E2E7CFB6C3F79CB6B2.address 64.113.32.29
+30C19B81981F450C402306E2E7CFB6C3F79CB6B2.or_port 9001
+30C19B81981F450C402306E2E7CFB6C3F79CB6B2.dir_port 9030
 322C6E3A973BC10FC36DE3037AD27BC89F14723B.address 212.83.154.33
 322C6E3A973BC10FC36DE3037AD27BC89F14723B.or_port 8443
 322C6E3A973BC10FC36DE3037AD27BC89F14723B.dir_port 8080
@@ -51,26 +118,71 @@ stem_commit 3c3fc11c6bb0ef7bcc3ebd12f2a055b0950dcfac
 32EE911D968BE3E016ECA572BB1ED0A9EE43FC2F.dir_port 52860
 32EE911D968BE3E016ECA572BB1ED0A9EE43FC2F.orport6_address 2001:948:7:2::163
 32EE911D968BE3E016ECA572BB1ED0A9EE43FC2F.orport6_port 5001
-35E8B344F661F4F2E68B17648F35798B44672D7E.address 146.0.32.144
-35E8B344F661F4F2E68B17648F35798B44672D7E.or_port 9001
-35E8B344F661F4F2E68B17648F35798B44672D7E.dir_port 9030
+330CD3DB6AD266DC70CDB512B036957D03D9BC59.address 185.100.84.212
+330CD3DB6AD266DC70CDB512B036957D03D9BC59.or_port 443
+330CD3DB6AD266DC70CDB512B036957D03D9BC59.dir_port 80
+330CD3DB6AD266DC70CDB512B036957D03D9BC59.orport6_address 2a06:1700:0:7::1
+330CD3DB6AD266DC70CDB512B036957D03D9BC59.orport6_port 443
+33DA0CAB7C27812EFF2E22C9705630A54D101FEB.address 163.172.13.165
+33DA0CAB7C27812EFF2E22C9705630A54D101FEB.or_port 9001
+33DA0CAB7C27812EFF2E22C9705630A54D101FEB.dir_port 9030
+33DA0CAB7C27812EFF2E22C9705630A54D101FEB.orport6_address 2001:bc8:38cb:201::8
+33DA0CAB7C27812EFF2E22C9705630A54D101FEB.orport6_port 9001
+3473ED788D9E63361D1572B7E82EC54338953D2A.address 45.62.255.25
+3473ED788D9E63361D1572B7E82EC54338953D2A.or_port 443
+3473ED788D9E63361D1572B7E82EC54338953D2A.dir_port 80
 361D33C96D0F161275EE67E2C91EE10B276E778B.address 217.79.190.25
 361D33C96D0F161275EE67E2C91EE10B276E778B.or_port 9090
 361D33C96D0F161275EE67E2C91EE10B276E778B.dir_port 9030
-387B065A38E4DAA16D9D41C2964ECBC4B31D30FF.address 62.210.92.11
-387B065A38E4DAA16D9D41C2964ECBC4B31D30FF.or_port 9101
-387B065A38E4DAA16D9D41C2964ECBC4B31D30FF.dir_port 9130
-387B065A38E4DAA16D9D41C2964ECBC4B31D30FF.orport6_address 2001:bc8:338c::1
-387B065A38E4DAA16D9D41C2964ECBC4B31D30FF.orport6_port 9101
+36B9E7AC1E36B62A9D6F330ABEB6012BA7F0D400.address 37.187.22.87
+36B9E7AC1E36B62A9D6F330ABEB6012BA7F0D400.or_port 9001
+36B9E7AC1E36B62A9D6F330ABEB6012BA7F0D400.dir_port 9030
+36B9E7AC1E36B62A9D6F330ABEB6012BA7F0D400.orport6_address 2001:41d0:a:1657::1
+36B9E7AC1E36B62A9D6F330ABEB6012BA7F0D400.orport6_port 9001
+379FB450010D17078B3766C2273303C358C3A442.address 176.126.252.12
+379FB450010D17078B3766C2273303C358C3A442.or_port 8080
+379FB450010D17078B3766C2273303C358C3A442.dir_port 21
+379FB450010D17078B3766C2273303C358C3A442.orport6_address 2a02:59e0:0:7::12
+379FB450010D17078B3766C2273303C358C3A442.orport6_port 81
 39F096961ED2576975C866D450373A9913AFDC92.address 198.50.191.95
 39F096961ED2576975C866D450373A9913AFDC92.or_port 443
 39F096961ED2576975C866D450373A9913AFDC92.dir_port 80
 3B33F6FCA645AD4E91428A3AF7DC736AD9FB727B.address 164.132.77.175
 3B33F6FCA645AD4E91428A3AF7DC736AD9FB727B.or_port 9001
 3B33F6FCA645AD4E91428A3AF7DC736AD9FB727B.dir_port 9030
-3D7E274A87D9A89AF064C13D1EE4CA1F184F2600.address 176.10.107.180
-3D7E274A87D9A89AF064C13D1EE4CA1F184F2600.or_port 9001
-3D7E274A87D9A89AF064C13D1EE4CA1F184F2600.dir_port 9030
+3D6D0771E54056AEFC28BB1DE816951F11826E97.address 212.47.230.49
+3D6D0771E54056AEFC28BB1DE816951F11826E97.or_port 9001
+3D6D0771E54056AEFC28BB1DE816951F11826E97.dir_port 9030
+3E53D3979DB07EFD736661C934A1DED14127B684.address 217.79.179.177
+3E53D3979DB07EFD736661C934A1DED14127B684.or_port 9001
+3E53D3979DB07EFD736661C934A1DED14127B684.dir_port 9030
+3E53D3979DB07EFD736661C934A1DED14127B684.orport6_address 2001:4ba0:fff9:131:6c4f::90d3
+3E53D3979DB07EFD736661C934A1DED14127B684.orport6_port 9001
+3F5D8A879C58961BB45A3D26AC41B543B40236D6.address 212.47.237.95
+3F5D8A879C58961BB45A3D26AC41B543B40236D6.or_port 9001
+3F5D8A879C58961BB45A3D26AC41B543B40236D6.dir_port 9030
+4061C553CA88021B8302F0814365070AAE617270.address 185.100.85.101
+4061C553CA88021B8302F0814365070AAE617270.or_port 9001
+4061C553CA88021B8302F0814365070AAE617270.dir_port 9030
+439D0447772CB107B886F7782DBC201FA26B92D1.address 178.62.86.96
+439D0447772CB107B886F7782DBC201FA26B92D1.or_port 9001
+439D0447772CB107B886F7782DBC201FA26B92D1.dir_port 9030
+439D0447772CB107B886F7782DBC201FA26B92D1.orport6_address 2a03:b0c0:1:d0::3cf:7001
+439D0447772CB107B886F7782DBC201FA26B92D1.orport6_port 9050
+4623A9EC53BFD83155929E56D6F7B55B5E718C24.address 163.172.157.213
+4623A9EC53BFD83155929E56D6F7B55B5E718C24.or_port 443
+4623A9EC53BFD83155929E56D6F7B55B5E718C24.dir_port 8080
+46791D156C9B6C255C2665D4D8393EC7DBAA7798.address 31.31.78.49
+46791D156C9B6C255C2665D4D8393EC7DBAA7798.or_port 443
+46791D156C9B6C255C2665D4D8393EC7DBAA7798.dir_port 80
+4791FC0692EAB60DF2BCCAFF940B95B74E7654F6.address 69.162.139.9
+4791FC0692EAB60DF2BCCAFF940B95B74E7654F6.or_port 9001
+4791FC0692EAB60DF2BCCAFF940B95B74E7654F6.dir_port 9030
+4791FC0692EAB60DF2BCCAFF940B95B74E7654F6.orport6_address 2607:f128:40:1212::45a2:8b09
+4791FC0692EAB60DF2BCCAFF940B95B74E7654F6.orport6_port 9001
+47B596B81C9E6277B98623A84B7629798A16E8D5.address 51.254.246.203
+47B596B81C9E6277B98623A84B7629798A16E8D5.or_port 9001
+47B596B81C9E6277B98623A84B7629798A16E8D5.dir_port 9030
 489D94333DF66D57FFE34D9D59CC2D97E2CB0053.address 37.187.102.186
 489D94333DF66D57FFE34D9D59CC2D97E2CB0053.or_port 9001
 489D94333DF66D57FFE34D9D59CC2D97E2CB0053.dir_port 9030
@@ -79,20 +191,26 @@ stem_commit 3c3fc11c6bb0ef7bcc3ebd12f2a055b0950dcfac
 49E7AD01BB96F6FE3AB8C3B15BD2470B150354DF.address 188.165.194.195
 49E7AD01BB96F6FE3AB8C3B15BD2470B150354DF.or_port 9001
 49E7AD01BB96F6FE3AB8C3B15BD2470B150354DF.dir_port 9030
-4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF1F2.address 108.53.208.157
-4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF1F2.or_port 443
-4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF1F2.dir_port 80
-50586E25BE067FD1F739998550EDDCB1A14CA5B2.address 212.51.134.123
-50586E25BE067FD1F739998550EDDCB1A14CA5B2.or_port 9001
-50586E25BE067FD1F739998550EDDCB1A14CA5B2.dir_port 9030
-50586E25BE067FD1F739998550EDDCB1A14CA5B2.orport6_address 2a02:168:6e00:0:3a60:77ff:fe9c:8bd1
-50586E25BE067FD1F739998550EDDCB1A14CA5B2.orport6_port 9001
+4A0C3E177AF684581EF780981AEAF51A98A6B5CF.address 62.102.148.67
+4A0C3E177AF684581EF780981AEAF51A98A6B5CF.or_port 443
+4A0C3E177AF684581EF780981AEAF51A98A6B5CF.dir_port 80
+4CC9CC9195EC38645B699A33307058624F660CCF.address 51.254.101.242
+4CC9CC9195EC38645B699A33307058624F660CCF.or_port 9001
+4CC9CC9195EC38645B699A33307058624F660CCF.dir_port 9002
+51E1CF613FD6F9F11FE24743C91D6F9981807D82.address 81.7.16.182
+51E1CF613FD6F9F11FE24743C91D6F9981807D82.or_port 443
+51E1CF613FD6F9F11FE24743C91D6F9981807D82.dir_port 80
+51E1CF613FD6F9F11FE24743C91D6F9981807D82.orport6_address 2a02:180:1:1::517:10b6
+51E1CF613FD6F9F11FE24743C91D6F9981807D82.orport6_port 993
+52AEA31188331F421B2EDB494DB65CD181E5B257.address 138.201.130.32
+52AEA31188331F421B2EDB494DB65CD181E5B257.or_port 9001
+52AEA31188331F421B2EDB494DB65CD181E5B257.dir_port 9030
 5665A3904C89E22E971305EE8C1997BCA4123C69.address 94.23.204.175
 5665A3904C89E22E971305EE8C1997BCA4123C69.or_port 9001
 5665A3904C89E22E971305EE8C1997BCA4123C69.dir_port 9030
-5714542DCBEE1DD9864824723638FD44B2122CEA.address 109.163.234.9
-5714542DCBEE1DD9864824723638FD44B2122CEA.or_port 443
-5714542DCBEE1DD9864824723638FD44B2122CEA.dir_port 80
+587E0A9552E4274B251F29B5B2673D38442EE4BF.address 95.130.12.119
+587E0A9552E4274B251F29B5B2673D38442EE4BF.or_port 443
+587E0A9552E4274B251F29B5B2673D38442EE4BF.dir_port 80
 58ED9C9C35E433EE58764D62892B4FFD518A3CD0.address 185.21.100.50
 58ED9C9C35E433EE58764D62892B4FFD518A3CD0.or_port 9001
 58ED9C9C35E433EE58764D62892B4FFD518A3CD0.dir_port 9030
@@ -101,30 +219,72 @@ stem_commit 3c3fc11c6bb0ef7bcc3ebd12f2a055b0950dcfac
 5A5E03355C1908EBF424CAF1F3ED70782C0D2F74.address 78.142.142.246
 5A5E03355C1908EBF424CAF1F3ED70782C0D2F74.or_port 443
 5A5E03355C1908EBF424CAF1F3ED70782C0D2F74.dir_port 80
-5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B.address 178.16.208.62
-5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B.or_port 443
-5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B.dir_port 80
-5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B.orport6_address 2a00:1c20:4089:1234:a6a4:2926:d0af:dfee
-5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B.orport6_port 443
+5B92FA5C8A49D46D235735504C72DBB3472BA321.address 46.28.207.19
+5B92FA5C8A49D46D235735504C72DBB3472BA321.or_port 443
+5B92FA5C8A49D46D235735504C72DBB3472BA321.dir_port 80
+5E853C94AB1F655E9C908924370A0A6707508C62.address 120.29.217.46
+5E853C94AB1F655E9C908924370A0A6707508C62.or_port 443
+5E853C94AB1F655E9C908924370A0A6707508C62.dir_port 80
 616081EC829593AF4232550DE6FFAA1D75B37A90.address 95.128.43.164
 616081EC829593AF4232550DE6FFAA1D75B37A90.or_port 443
 616081EC829593AF4232550DE6FFAA1D75B37A90.dir_port 80
 616081EC829593AF4232550DE6FFAA1D75B37A90.orport6_address 2a02:ec0:209:10::4
 616081EC829593AF4232550DE6FFAA1D75B37A90.orport6_port 443
-64186650FFE4469EBBE52B644AE543864D32F43C.address 89.187.142.208
-64186650FFE4469EBBE52B644AE543864D32F43C.or_port 443
-64186650FFE4469EBBE52B644AE543864D32F43C.dir_port 80
-7350AB9ED7568F22745198359373C04AC783C37C.address 176.31.191.26
-7350AB9ED7568F22745198359373C04AC783C37C.or_port 9001
-7350AB9ED7568F22745198359373C04AC783C37C.dir_port 9030
+64E99CB34C595A02A3165484BD1215E7389322C6.address 195.154.122.54
+64E99CB34C595A02A3165484BD1215E7389322C6.or_port 443
+64E99CB34C595A02A3165484BD1215E7389322C6.dir_port 80
+68F175CCABE727AA2D2309BCD8789499CEE36ED7.address 163.172.139.104
+68F175CCABE727AA2D2309BCD8789499CEE36ED7.or_port 443
+68F175CCABE727AA2D2309BCD8789499CEE36ED7.dir_port 8080
+6A7551EEE18F78A9813096E82BF84F740D32B911.address 85.214.62.48
+6A7551EEE18F78A9813096E82BF84F740D32B911.or_port 443
+6A7551EEE18F78A9813096E82BF84F740D32B911.dir_port 80
+6B697F3FF04C26123466A5C0E5D1F8D91925967A.address 95.130.11.147
+6B697F3FF04C26123466A5C0E5D1F8D91925967A.or_port 443
+6B697F3FF04C26123466A5C0E5D1F8D91925967A.dir_port 9030
+6DE61A6F72C1E5418A66BFED80DFB63E4C77668F.address 91.121.84.137
+6DE61A6F72C1E5418A66BFED80DFB63E4C77668F.or_port 4051
+6DE61A6F72C1E5418A66BFED80DFB63E4C77668F.dir_port 4951
+6DE61A6F72C1E5418A66BFED80DFB63E4C77668F.orport6_address 2001:41d0:1:8989::1
+6DE61A6F72C1E5418A66BFED80DFB63E4C77668F.orport6_port 4051
+6E44A52E3D1FF7683FE5C399C3FB5E912DE1C6B4.address 213.61.66.117
+6E44A52E3D1FF7683FE5C399C3FB5E912DE1C6B4.or_port 9002
+6E44A52E3D1FF7683FE5C399C3FB5E912DE1C6B4.dir_port 9032
+6EF897645B79B6CB35E853B32506375014DE3621.address 80.127.137.19
+6EF897645B79B6CB35E853B32506375014DE3621.or_port 443
+6EF897645B79B6CB35E853B32506375014DE3621.dir_port 80
+6EF897645B79B6CB35E853B32506375014DE3621.orport6_address 2001:981:47c1:1::6
+6EF897645B79B6CB35E853B32506375014DE3621.orport6_port 443
+7187CED1A3871F837D0E60AC98F374AC541CB0DA.address 95.183.48.12
+7187CED1A3871F837D0E60AC98F374AC541CB0DA.or_port 443
+7187CED1A3871F837D0E60AC98F374AC541CB0DA.dir_port 80
+71AB4726D830FAE776D74AEF790CF04D8E0151B4.address 163.172.35.247
+71AB4726D830FAE776D74AEF790CF04D8E0151B4.or_port 443
+71AB4726D830FAE776D74AEF790CF04D8E0151B4.dir_port 80
+72B2B12A3F60408BDBC98C6DF53988D3A0B3F0EE.address 85.235.250.88
+72B2B12A3F60408BDBC98C6DF53988D3A0B3F0EE.or_port 443
+72B2B12A3F60408BDBC98C6DF53988D3A0B3F0EE.dir_port 80
 75F1992FD3F403E9C082A5815EB5D12934CDF46C.address 46.101.237.246
 75F1992FD3F403E9C082A5815EB5D12934CDF46C.or_port 9001
 75F1992FD3F403E9C082A5815EB5D12934CDF46C.dir_port 9030
 75F1992FD3F403E9C082A5815EB5D12934CDF46C.orport6_address 2a03:b0c0:3:d0::208:5001
 75F1992FD3F403E9C082A5815EB5D12934CDF46C.orport6_port 9050
+774555642FDC1E1D4FDF2E0C31B7CA9501C5C9C7.address 188.166.133.133
+774555642FDC1E1D4FDF2E0C31B7CA9501C5C9C7.or_port 9001
+774555642FDC1E1D4FDF2E0C31B7CA9501C5C9C7.dir_port 9030
+774555642FDC1E1D4FDF2E0C31B7CA9501C5C9C7.orport6_address 2a03:b0c0:2:d0::5:f001
+774555642FDC1E1D4FDF2E0C31B7CA9501C5C9C7.orport6_port 9001
+789EA6C9AE9ADDD8760903171CFA9AC5741B0C70.address 81.30.158.213
+789EA6C9AE9ADDD8760903171CFA9AC5741B0C70.or_port 9001
+789EA6C9AE9ADDD8760903171CFA9AC5741B0C70.dir_port 9030
+789EA6C9AE9ADDD8760903171CFA9AC5741B0C70.orport6_address 2001:4ba0:cafe:e84::1
+789EA6C9AE9ADDD8760903171CFA9AC5741B0C70.orport6_port 9001
 794D8EA8343A4E820320265D05D4FA83AB6D1778.address 185.11.180.67
 794D8EA8343A4E820320265D05D4FA83AB6D1778.or_port 9001
 794D8EA8343A4E820320265D05D4FA83AB6D1778.dir_port 80
+79861CF8522FC637EF046F7688F5289E49D94576.address 171.25.193.131
+79861CF8522FC637EF046F7688F5289E49D94576.or_port 443
+79861CF8522FC637EF046F7688F5289E49D94576.dir_port 80
 79E169B25E4C7CE99584F6ED06F379478F23E2B8.address 62.210.129.246
 79E169B25E4C7CE99584F6ED06F379478F23E2B8.or_port 443
 79E169B25E4C7CE99584F6ED06F379478F23E2B8.dir_port 80
@@ -133,105 +293,238 @@ stem_commit 3c3fc11c6bb0ef7bcc3ebd12f2a055b0950dcfac
 7A32C9519D80CA458FC8B034A28F5F6815649A98.dir_port 9030
 7A32C9519D80CA458FC8B034A28F5F6815649A98.orport6_address 2001:470:53e0::cafe
 7A32C9519D80CA458FC8B034A28F5F6815649A98.orport6_port 9050
+7BB70F8585DFC27E75D692970C0EEB0F22983A63.address 51.254.136.195
+7BB70F8585DFC27E75D692970C0EEB0F22983A63.or_port 443
+7BB70F8585DFC27E75D692970C0EEB0F22983A63.dir_port 80
+80AAF8D5956A43C197104CEF2550CD42D165C6FB.address 193.11.114.45
+80AAF8D5956A43C197104CEF2550CD42D165C6FB.or_port 9002
+80AAF8D5956A43C197104CEF2550CD42D165C6FB.dir_port 9031
 823AA81E277F366505545522CEDC2F529CE4DC3F.address 192.160.102.164
 823AA81E277F366505545522CEDC2F529CE4DC3F.or_port 9001
 823AA81E277F366505545522CEDC2F529CE4DC3F.dir_port 80
+823AA81E277F366505545522CEDC2F529CE4DC3F.orport6_address 2605:e200:d00c:c01d::1111
+823AA81E277F366505545522CEDC2F529CE4DC3F.orport6_port 9002
 844AE9CAD04325E955E2BE1521563B79FE7094B7.address 192.87.28.82
 844AE9CAD04325E955E2BE1521563B79FE7094B7.or_port 9001
 844AE9CAD04325E955E2BE1521563B79FE7094B7.dir_port 9030
 8664DC892540F3C789DB37008236C096C871734D.address 163.172.138.22
 8664DC892540F3C789DB37008236C096C871734D.or_port 443
 8664DC892540F3C789DB37008236C096C871734D.dir_port 80
+8664DC892540F3C789DB37008236C096C871734D.orport6_address 2001:bc8:4400:2100::1:3
+8664DC892540F3C789DB37008236C096C871734D.orport6_port 443
+8672E8A01B4D3FA4C0BBE21C740D4506302EA487.address 188.166.23.127
+8672E8A01B4D3FA4C0BBE21C740D4506302EA487.or_port 443
+8672E8A01B4D3FA4C0BBE21C740D4506302EA487.dir_port 80
+8672E8A01B4D3FA4C0BBE21C740D4506302EA487.orport6_address 2a03:b0c0:2:d0::27b:7001
+8672E8A01B4D3FA4C0BBE21C740D4506302EA487.orport6_port 9050
 8844D87E9B038BE3270938F05AF797E1D3C74C0F.address 93.180.156.84
 8844D87E9B038BE3270938F05AF797E1D3C74C0F.or_port 9001
 8844D87E9B038BE3270938F05AF797E1D3C74C0F.dir_port 9030
+892F941915F6A0C6E0958E52E0A9685C190CF45C.address 212.47.241.21
+892F941915F6A0C6E0958E52E0A9685C190CF45C.or_port 443
+892F941915F6A0C6E0958E52E0A9685C190CF45C.dir_port 80
+8C00FA7369A7A308F6A137600F0FA07990D9D451.address 163.172.194.53
+8C00FA7369A7A308F6A137600F0FA07990D9D451.or_port 9001
+8C00FA7369A7A308F6A137600F0FA07990D9D451.dir_port 9030
+8FA37B93397015B2BC5A525C908485260BE9F422.address 178.254.44.135
+8FA37B93397015B2BC5A525C908485260BE9F422.or_port 9001
+8FA37B93397015B2BC5A525C908485260BE9F422.dir_port 9030
 9007C1D8E4F03D506A4A011B907A9E8D04E3C605.address 151.80.42.103
 9007C1D8E4F03D506A4A011B907A9E8D04E3C605.or_port 9001
 9007C1D8E4F03D506A4A011B907A9E8D04E3C605.dir_port 9030
 9007C1D8E4F03D506A4A011B907A9E8D04E3C605.orport6_address 2001:41d0:e:f67::114
 9007C1D8E4F03D506A4A011B907A9E8D04E3C605.orport6_port 9001
-9030DCF419F6E2FBF84F63CBACBA0097B06F557E.address 5.79.68.161
-9030DCF419F6E2FBF84F63CBACBA0097B06F557E.or_port 443
-9030DCF419F6E2FBF84F63CBACBA0097B06F557E.dir_port 81
-9030DCF419F6E2FBF84F63CBACBA0097B06F557E.orport6_address 2001:1af8:4700:a012:1::1
-9030DCF419F6E2FBF84F63CBACBA0097B06F557E.orport6_port 443
+91E4015E1F82DAF0121D62267E54A1F661AB6DC7.address 173.255.245.116
+91E4015E1F82DAF0121D62267E54A1F661AB6DC7.or_port 9001
+91E4015E1F82DAF0121D62267E54A1F661AB6DC7.dir_port 9030
 9231DF741915AA1630031A93026D88726877E93A.address 51.255.41.65
 9231DF741915AA1630031A93026D88726877E93A.or_port 9001
 9231DF741915AA1630031A93026D88726877E93A.dir_port 9030
+92CFD9565B24646CAC2D172D3DB503D69E777B8A.address 178.16.208.57
+92CFD9565B24646CAC2D172D3DB503D69E777B8A.or_port 443
+92CFD9565B24646CAC2D172D3DB503D69E777B8A.dir_port 80
+92CFD9565B24646CAC2D172D3DB503D69E777B8A.orport6_address 2a00:1c20:4089:1234:7825:2c5d:1ecd:c66f
+92CFD9565B24646CAC2D172D3DB503D69E777B8A.orport6_port 443
 92ECC9E0E2AF81BB954719B189AC362E254AD4A5.address 91.219.237.244
 92ECC9E0E2AF81BB954719B189AC362E254AD4A5.or_port 443
 92ECC9E0E2AF81BB954719B189AC362E254AD4A5.dir_port 80
+94C4B7B8C50C86A92B6A20107539EE2678CF9A28.address 204.8.156.142
+94C4B7B8C50C86A92B6A20107539EE2678CF9A28.or_port 443
+94C4B7B8C50C86A92B6A20107539EE2678CF9A28.dir_port 80
+95DA61AEF23A6C851028C1AA88AD8593F659E60F.address 176.10.104.243
+95DA61AEF23A6C851028C1AA88AD8593F659E60F.or_port 8443
+95DA61AEF23A6C851028C1AA88AD8593F659E60F.dir_port 8080
+971AFB23C168DCD8EDA17473C1C452B359DE3A5A.address 85.10.202.87
+971AFB23C168DCD8EDA17473C1C452B359DE3A5A.or_port 9001
+971AFB23C168DCD8EDA17473C1C452B359DE3A5A.dir_port 9030
 98F8D5F359949E41DE8DF3DBB1975A86E96A84A0.address 85.214.206.219
 98F8D5F359949E41DE8DF3DBB1975A86E96A84A0.or_port 9001
 98F8D5F359949E41DE8DF3DBB1975A86E96A84A0.dir_port 9030
+998BF3ED7F70E33D1C307247B9626D9E7573C438.address 163.172.223.200
+998BF3ED7F70E33D1C307247B9626D9E7573C438.or_port 443
+998BF3ED7F70E33D1C307247B9626D9E7573C438.dir_port 80
 99E246DB480B313A3012BC3363093CC26CD209C7.address 81.7.10.93
 99E246DB480B313A3012BC3363093CC26CD209C7.or_port 31337
 99E246DB480B313A3012BC3363093CC26CD209C7.dir_port 31336
+9A0D54D3A6D2E0767596BF1515E6162A75B3293F.address 91.229.20.27
+9A0D54D3A6D2E0767596BF1515E6162A75B3293F.or_port 9001
+9A0D54D3A6D2E0767596BF1515E6162A75B3293F.dir_port 9030
+9A68B85A02318F4E7E87F2828039FBD5D75B0142.address 66.111.2.20
+9A68B85A02318F4E7E87F2828039FBD5D75B0142.or_port 9001
+9A68B85A02318F4E7E87F2828039FBD5D75B0142.dir_port 9030
+9B1F5187DFBA89DC24B37EA7BF896C12B43A27AE.address 5.35.251.247
+9B1F5187DFBA89DC24B37EA7BF896C12B43A27AE.or_port 9001
+9B1F5187DFBA89DC24B37EA7BF896C12B43A27AE.dir_port 9030
+9BF04559224F0F1C3C953D641F1744AF0192543A.address 5.9.151.241
+9BF04559224F0F1C3C953D641F1744AF0192543A.or_port 4223
+9BF04559224F0F1C3C953D641F1744AF0192543A.dir_port 9030
+9C900A7F6F5DD034CFFD192DAEC9CCAA813DB022.address 86.105.212.130
+9C900A7F6F5DD034CFFD192DAEC9CCAA813DB022.or_port 443
+9C900A7F6F5DD034CFFD192DAEC9CCAA813DB022.dir_port 9030
+9EC5E097663862DF861A18C32B37C5F82284B27D.address 146.185.177.103
+9EC5E097663862DF861A18C32B37C5F82284B27D.or_port 9030
+9EC5E097663862DF861A18C32B37C5F82284B27D.dir_port 80
+9F5068310818ED7C70B0BC4087AB55CB12CB4377.address 178.254.20.134
+9F5068310818ED7C70B0BC4087AB55CB12CB4377.or_port 443
+9F5068310818ED7C70B0BC4087AB55CB12CB4377.dir_port 80
 9F7D6E6420183C2B76D3CE99624EBC98A21A967E.address 46.28.110.244
 9F7D6E6420183C2B76D3CE99624EBC98A21A967E.or_port 443
 9F7D6E6420183C2B76D3CE99624EBC98A21A967E.dir_port 80
-A0F06C2FADF88D3A39AA3072B406F09D7095AC9E.address 46.165.230.5
-A0F06C2FADF88D3A39AA3072B406F09D7095AC9E.or_port 443
-A0F06C2FADF88D3A39AA3072B406F09D7095AC9E.dir_port 80
+A0766C0D3A667A3232C7D569DE94A28F9922FCB1.address 178.62.22.36
+A0766C0D3A667A3232C7D569DE94A28F9922FCB1.or_port 443
+A0766C0D3A667A3232C7D569DE94A28F9922FCB1.dir_port 80
+A0766C0D3A667A3232C7D569DE94A28F9922FCB1.orport6_address 2a03:b0c0:1:d0::174:1
+A0766C0D3A667A3232C7D569DE94A28F9922FCB1.orport6_port 9050
 A10C4F666D27364036B562823E5830BC448E046A.address 171.25.193.77
 A10C4F666D27364036B562823E5830BC448E046A.or_port 443
 A10C4F666D27364036B562823E5830BC448E046A.dir_port 80
 A10C4F666D27364036B562823E5830BC448E046A.orport6_address 2001:67c:289c:3::77
 A10C4F666D27364036B562823E5830BC448E046A.orport6_port 443
-A1EB8D8F1EE28DB98BBB1EAA3B4BEDD303BAB911.address 176.9.5.116
-A1EB8D8F1EE28DB98BBB1EAA3B4BEDD303BAB911.or_port 9001
-A1EB8D8F1EE28DB98BBB1EAA3B4BEDD303BAB911.dir_port 9030
+A478E421F83194C114F41E94F95999672AED51FE.address 171.25.193.78
+A478E421F83194C114F41E94F95999672AED51FE.or_port 443
+A478E421F83194C114F41E94F95999672AED51FE.dir_port 80
+A478E421F83194C114F41E94F95999672AED51FE.orport6_address 2001:67c:289c:3::78
+A478E421F83194C114F41E94F95999672AED51FE.orport6_port 443
+A4C98CEA3F34E05299417E9F885A642C88EF6029.address 178.16.208.58
+A4C98CEA3F34E05299417E9F885A642C88EF6029.or_port 443
+A4C98CEA3F34E05299417E9F885A642C88EF6029.dir_port 80
+A4C98CEA3F34E05299417E9F885A642C88EF6029.orport6_address 2a00:1c20:4089:1234:cdae:1b3e:cc38:3d45
+A4C98CEA3F34E05299417E9F885A642C88EF6029.orport6_port 443
+A9406A006D6E7B5DA30F2C6D4E42A338B5E340B2.address 163.172.149.122
+A9406A006D6E7B5DA30F2C6D4E42A338B5E340B2.or_port 443
+A9406A006D6E7B5DA30F2C6D4E42A338B5E340B2.dir_port 80
+A9DEB920B42B4EC1DE6249034039B06D61F38690.address 213.61.66.116
+A9DEB920B42B4EC1DE6249034039B06D61F38690.or_port 9003
+A9DEB920B42B4EC1DE6249034039B06D61F38690.dir_port 9033
 ABCB4965F1FEE193602B50A365425105C889D3F8.address 192.34.63.137
 ABCB4965F1FEE193602B50A365425105C889D3F8.or_port 443
 ABCB4965F1FEE193602B50A365425105C889D3F8.dir_port 9030
+AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C.address 195.154.164.243
+AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C.or_port 443
+AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C.dir_port 80
 ACD889D86E02EDDAB1AFD81F598C0936238DC6D0.address 86.59.119.88
 ACD889D86E02EDDAB1AFD81F598C0936238DC6D0.or_port 443
 ACD889D86E02EDDAB1AFD81F598C0936238DC6D0.dir_port 80
+ACDD9E85A05B127BA010466C13C8C47212E8A38F.address 185.129.62.62
+ACDD9E85A05B127BA010466C13C8C47212E8A38F.or_port 9001
+ACDD9E85A05B127BA010466C13C8C47212E8A38F.dir_port 9030
+ACDD9E85A05B127BA010466C13C8C47212E8A38F.orport6_address 2a06:d380:0:3700::62
+ACDD9E85A05B127BA010466C13C8C47212E8A38F.orport6_port 9001
+AD19490C7DBB26D3A68EFC824F67E69B0A96E601.address 188.40.128.246
+AD19490C7DBB26D3A68EFC824F67E69B0A96E601.or_port 9001
+AD19490C7DBB26D3A68EFC824F67E69B0A96E601.dir_port 9030
 AD253B49E303C6AB1E048B014392AC569E8A7DAE.address 163.172.131.88
 AD253B49E303C6AB1E048B014392AC569E8A7DAE.or_port 443
 AD253B49E303C6AB1E048B014392AC569E8A7DAE.dir_port 80
 AD253B49E303C6AB1E048B014392AC569E8A7DAE.orport6_address 2001:bc8:4400:2100::2:1009
 AD253B49E303C6AB1E048B014392AC569E8A7DAE.orport6_port 443
-AE6A8C18E7499B586CD36246AC4BCAFFBBF93AB2.address 178.254.44.135
-AE6A8C18E7499B586CD36246AC4BCAFFBBF93AB2.or_port 443
-AE6A8C18E7499B586CD36246AC4BCAFFBBF93AB2.dir_port 80
+AD86CD1A49573D52A7B6F4A35750F161AAD89C88.address 176.10.104.240
+AD86CD1A49573D52A7B6F4A35750F161AAD89C88.or_port 8443
+AD86CD1A49573D52A7B6F4A35750F161AAD89C88.dir_port 8080
+ADB2C26629643DBB9F8FE0096E7D16F9414B4F8D.address 31.185.104.20
+ADB2C26629643DBB9F8FE0096E7D16F9414B4F8D.or_port 443
+ADB2C26629643DBB9F8FE0096E7D16F9414B4F8D.dir_port 80
 AEA43CB1E47BE5F8051711B2BF01683DB1568E05.address 37.187.7.74
 AEA43CB1E47BE5F8051711B2BF01683DB1568E05.or_port 443
 AEA43CB1E47BE5F8051711B2BF01683DB1568E05.dir_port 80
 AEA43CB1E47BE5F8051711B2BF01683DB1568E05.orport6_address 2001:41d0:a:74a::1
 AEA43CB1E47BE5F8051711B2BF01683DB1568E05.orport6_port 443
+B0279A521375F3CB2AE210BDBFC645FDD2E1973A.address 176.126.252.11
+B0279A521375F3CB2AE210BDBFC645FDD2E1973A.or_port 9001
+B0279A521375F3CB2AE210BDBFC645FDD2E1973A.dir_port 443
+B0279A521375F3CB2AE210BDBFC645FDD2E1973A.orport6_address 2a02:59e0:0:7::11
+B0279A521375F3CB2AE210BDBFC645FDD2E1973A.orport6_port 9003
 B143D439B72D239A419F8DCE07B8A8EB1B486FA7.address 212.129.62.232
 B143D439B72D239A419F8DCE07B8A8EB1B486FA7.or_port 443
 B143D439B72D239A419F8DCE07B8A8EB1B486FA7.dir_port 80
 B1726B94885CE3AC3910CA8B60622B97B98E2529.address 185.66.250.141
 B1726B94885CE3AC3910CA8B60622B97B98E2529.or_port 9001
 B1726B94885CE3AC3910CA8B60622B97B98E2529.dir_port 9030
+B1D81825CFD7209BD1B4520B040EF5653C204A23.address 198.199.64.217
+B1D81825CFD7209BD1B4520B040EF5653C204A23.or_port 443
+B1D81825CFD7209BD1B4520B040EF5653C204A23.dir_port 80
+B1D81825CFD7209BD1B4520B040EF5653C204A23.orport6_address 2604:a880:400:d0::1a9:b001
+B1D81825CFD7209BD1B4520B040EF5653C204A23.orport6_port 9050
+B291D30517D23299AD7CEE3E60DFE60D0E3A4664.address 136.243.214.137
+B291D30517D23299AD7CEE3E60DFE60D0E3A4664.or_port 443
+B291D30517D23299AD7CEE3E60DFE60D0E3A4664.dir_port 80
+B4CAFD9CBFB34EC5DAAC146920DC7DFAFE91EA20.address 212.47.233.86
+B4CAFD9CBFB34EC5DAAC146920DC7DFAFE91EA20.or_port 9001
+B4CAFD9CBFB34EC5DAAC146920DC7DFAFE91EA20.dir_port 9030
+B5212DB685A2A0FCFBAE425738E478D12361710D.address 93.115.97.242
+B5212DB685A2A0FCFBAE425738E478D12361710D.or_port 9001
+B5212DB685A2A0FCFBAE425738E478D12361710D.dir_port 9030
+B6904ADD4C0D10CDA7179E051962350A69A63243.address 81.2.209.10
+B6904ADD4C0D10CDA7179E051962350A69A63243.or_port 80
+B6904ADD4C0D10CDA7179E051962350A69A63243.dir_port 443
+B6904ADD4C0D10CDA7179E051962350A69A63243.orport6_address 2001:15e8:201:1::d10a
+B6904ADD4C0D10CDA7179E051962350A69A63243.orport6_port 80
 B83DC1558F0D34353BB992EF93AFEAFDB226A73E.address 193.11.114.46
 B83DC1558F0D34353BB992EF93AFEAFDB226A73E.or_port 9003
 B83DC1558F0D34353BB992EF93AFEAFDB226A73E.dir_port 9032
+B84F248233FEA90CAD439F292556A3139F6E1B82.address 85.248.227.164
+B84F248233FEA90CAD439F292556A3139F6E1B82.or_port 9002
+B84F248233FEA90CAD439F292556A3139F6E1B82.dir_port 444
+B84F248233FEA90CAD439F292556A3139F6E1B82.orport6_address 2a00:1298:8011:212::164
+B84F248233FEA90CAD439F292556A3139F6E1B82.orport6_port 9004
 BC630CBBB518BE7E9F4E09712AB0269E9DC7D626.address 197.231.221.211
 BC630CBBB518BE7E9F4E09712AB0269E9DC7D626.or_port 9001
 BC630CBBB518BE7E9F4E09712AB0269E9DC7D626.dir_port 9030
+BC7ACFAC04854C77167C7D66B7E471314ED8C410.address 89.163.247.43
+BC7ACFAC04854C77167C7D66B7E471314ED8C410.or_port 9001
+BC7ACFAC04854C77167C7D66B7E471314ED8C410.dir_port 9030
 BCEDF6C193AA687AE471B8A22EBF6BC57C2D285E.address 198.96.155.3
 BCEDF6C193AA687AE471B8A22EBF6BC57C2D285E.or_port 5001
 BCEDF6C193AA687AE471B8A22EBF6BC57C2D285E.dir_port 8080
+BCEF908195805E03E92CCFE669C48738E556B9C5.address 128.199.55.207
+BCEF908195805E03E92CCFE669C48738E556B9C5.or_port 9001
+BCEF908195805E03E92CCFE669C48738E556B9C5.dir_port 9030
+BCEF908195805E03E92CCFE669C48738E556B9C5.orport6_address 2a03:b0c0:2:d0::158:3001
+BCEF908195805E03E92CCFE669C48738E556B9C5.orport6_port 9001
 BF0FB582E37F738CD33C3651125F2772705BB8E8.address 148.251.190.229
 BF0FB582E37F738CD33C3651125F2772705BB8E8.or_port 9010
 BF0FB582E37F738CD33C3651125F2772705BB8E8.dir_port 9030
 BF0FB582E37F738CD33C3651125F2772705BB8E8.orport6_address 2a01:4f8:211:c68::2
 BF0FB582E37F738CD33C3651125F2772705BB8E8.orport6_port 9010
+C08DE49658E5B3CFC6F2A952B453C4B608C9A16A.address 163.172.35.249
+C08DE49658E5B3CFC6F2A952B453C4B608C9A16A.or_port 443
+C08DE49658E5B3CFC6F2A952B453C4B608C9A16A.dir_port 80
+C13B91384CDD52A871E3ECECE4EF74A7AC7DCB08.address 185.35.202.221
+C13B91384CDD52A871E3ECECE4EF74A7AC7DCB08.or_port 9001
+C13B91384CDD52A871E3ECECE4EF74A7AC7DCB08.dir_port 9030
+C13B91384CDD52A871E3ECECE4EF74A7AC7DCB08.orport6_address 2a02:ed06::221
+C13B91384CDD52A871E3ECECE4EF74A7AC7DCB08.orport6_port 9001
+C37BC191AC389179674578C3E6944E925FE186C2.address 213.239.217.18
+C37BC191AC389179674578C3E6944E925FE186C2.or_port 1337
+C37BC191AC389179674578C3E6944E925FE186C2.dir_port 1338
+C37BC191AC389179674578C3E6944E925FE186C2.orport6_address 2a01:4f8:a0:746a:101:1:1:1
+C37BC191AC389179674578C3E6944E925FE186C2.orport6_port 1337
 C414F28FD2BEC1553024299B31D4E726BEB8E788.address 188.138.112.60
 C414F28FD2BEC1553024299B31D4E726BEB8E788.or_port 1521
 C414F28FD2BEC1553024299B31D4E726BEB8E788.dir_port 1433
-C697612CA5AED06B8D829FCC6065B9287212CB2F.address 195.154.79.128
-C697612CA5AED06B8D829FCC6065B9287212CB2F.or_port 443
-C697612CA5AED06B8D829FCC6065B9287212CB2F.dir_port 80
 CBD0D1BD110EC52963082D839AC6A89D0AE243E7.address 37.59.46.159
 CBD0D1BD110EC52963082D839AC6A89D0AE243E7.or_port 9001
 CBD0D1BD110EC52963082D839AC6A89D0AE243E7.dir_port 9030
-CBEE0F3303C8C50462A12107CA2AE061831931BC.address 91.121.54.8
-CBEE0F3303C8C50462A12107CA2AE061831931BC.or_port 9001
-CBEE0F3303C8C50462A12107CA2AE061831931BC.dir_port 9030
 CBEFF7BA4A4062045133C053F2D70524D8BBE5BE.address 178.62.199.226
 CBEFF7BA4A4062045133C053F2D70524D8BBE5BE.or_port 443
 CBEFF7BA4A4062045133C053F2D70524D8BBE5BE.dir_port 80
@@ -243,43 +536,102 @@ D1B8AAA98C65F3DF7D8BB3AF881CAEB84A33D8EE.dir_port 9030
 D2A1703758A0FBBA026988B92C2F88BAB59F9361.address 185.13.38.75
 D2A1703758A0FBBA026988B92C2F88BAB59F9361.or_port 9001
 D2A1703758A0FBBA026988B92C2F88BAB59F9361.dir_port 9030
-D5039E1EBFD96D9A3F9846BF99EC9F75EDDE902A.address 37.187.115.157
-D5039E1EBFD96D9A3F9846BF99EC9F75EDDE902A.or_port 9001
-D5039E1EBFD96D9A3F9846BF99EC9F75EDDE902A.dir_port 9030
 D64366987CB39F61AD21DBCF8142FA0577B92811.address 37.221.162.226
 D64366987CB39F61AD21DBCF8142FA0577B92811.or_port 9001
 D64366987CB39F61AD21DBCF8142FA0577B92811.dir_port 9030
+D760C5B436E42F93D77EF2D969157EEA14F9B39C.address 46.101.169.151
+D760C5B436E42F93D77EF2D969157EEA14F9B39C.or_port 9001
+D760C5B436E42F93D77EF2D969157EEA14F9B39C.dir_port 9030
+D760C5B436E42F93D77EF2D969157EEA14F9B39C.orport6_address 2a03:b0c0:3:d0::74f:a001
+D760C5B436E42F93D77EF2D969157EEA14F9B39C.orport6_port 9001
+D9065F9E57899B3D272AA212317AF61A9B14D204.address 46.4.111.124
+D9065F9E57899B3D272AA212317AF61A9B14D204.or_port 9001
+D9065F9E57899B3D272AA212317AF61A9B14D204.dir_port 9030
 DAA39FC00B196B353C2A271459C305C429AF09E4.address 193.35.52.53
 DAA39FC00B196B353C2A271459C305C429AF09E4.or_port 9001
 DAA39FC00B196B353C2A271459C305C429AF09E4.dir_port 9030
+DD823AFB415380A802DCAEB9461AE637604107FB.address 178.33.183.251
+DD823AFB415380A802DCAEB9461AE637604107FB.or_port 443
+DD823AFB415380A802DCAEB9461AE637604107FB.dir_port 80
+DD823AFB415380A802DCAEB9461AE637604107FB.orport6_address 2001:41d0:2:a683::251
+DD823AFB415380A802DCAEB9461AE637604107FB.orport6_port 443
 DD85503F2D1F52EF9EAD621E942298F46CD2FC10.address 178.62.173.203
 DD85503F2D1F52EF9EAD621E942298F46CD2FC10.or_port 9001
 DD85503F2D1F52EF9EAD621E942298F46CD2FC10.dir_port 9030
 DD85503F2D1F52EF9EAD621E942298F46CD2FC10.orport6_address 2a03:b0c0:0:1010::a4:b001
 DD85503F2D1F52EF9EAD621E942298F46CD2FC10.orport6_port 9001
+DDBB2A38252ADDA53E4492DDF982CA6CC6E10EC0.address 83.212.99.68
+DDBB2A38252ADDA53E4492DDF982CA6CC6E10EC0.or_port 443
+DDBB2A38252ADDA53E4492DDF982CA6CC6E10EC0.dir_port 80
+DDBB2A38252ADDA53E4492DDF982CA6CC6E10EC0.orport6_address 2001:648:2ffc:1225:a800:bff:fe3d:67b5
+DDBB2A38252ADDA53E4492DDF982CA6CC6E10EC0.orport6_port 443
 DDD7871C1B7FA32CB55061E08869A236E61BDDF8.address 5.34.183.205
 DDD7871C1B7FA32CB55061E08869A236E61BDDF8.or_port 443
 DDD7871C1B7FA32CB55061E08869A236E61BDDF8.dir_port 80
-E589316576A399C511A9781A73DA4545640B479D.address 46.252.26.2
-E589316576A399C511A9781A73DA4545640B479D.or_port 49991
-E589316576A399C511A9781A73DA4545640B479D.dir_port 45212
+DE6CD5F09DF26076F26321B0BDFBE78ACD935C65.address 167.114.66.61
+DE6CD5F09DF26076F26321B0BDFBE78ACD935C65.or_port 443
+DE6CD5F09DF26076F26321B0BDFBE78ACD935C65.dir_port 9696
+DE6CD5F09DF26076F26321B0BDFBE78ACD935C65.orport6_address 2607:5300:100::78d
+DE6CD5F09DF26076F26321B0BDFBE78ACD935C65.orport6_port 443
+DEB73705B2929AE9BE87091607388939332EF123.address 78.24.75.53
+DEB73705B2929AE9BE87091607388939332EF123.or_port 9001
+DEB73705B2929AE9BE87091607388939332EF123.dir_port 9030
+DED6892FF89DBD737BA689698A171B2392EB3E82.address 92.222.38.67
+DED6892FF89DBD737BA689698A171B2392EB3E82.or_port 443
+DED6892FF89DBD737BA689698A171B2392EB3E82.dir_port 80
+DF3AED4322B1824BF5539AE54B2D1B38E080FF05.address 217.12.199.208
+DF3AED4322B1824BF5539AE54B2D1B38E080FF05.or_port 443
+DF3AED4322B1824BF5539AE54B2D1B38E080FF05.dir_port 80
+DF3AED4322B1824BF5539AE54B2D1B38E080FF05.orport6_address 2a02:27a8:0:2::7e
+DF3AED4322B1824BF5539AE54B2D1B38E080FF05.orport6_port 443
+E65D300F11E1DB12C534B0146BDAB6972F1A8A48.address 167.114.35.28
+E65D300F11E1DB12C534B0146BDAB6972F1A8A48.or_port 9001
+E65D300F11E1DB12C534B0146BDAB6972F1A8A48.dir_port 9030
+E81EF60A73B3809F8964F73766B01BAA0A171E20.address 212.47.244.38
+E81EF60A73B3809F8964F73766B01BAA0A171E20.or_port 443
+E81EF60A73B3809F8964F73766B01BAA0A171E20.dir_port 8080
 EBE718E1A49EE229071702964F8DB1F318075FF8.address 131.188.40.188
 EBE718E1A49EE229071702964F8DB1F318075FF8.or_port 80
 EBE718E1A49EE229071702964F8DB1F318075FF8.dir_port 443
-EC413181CEB1C8EDC17608BBB177CD5FD8535E99.address 91.219.236.222
-EC413181CEB1C8EDC17608BBB177CD5FD8535E99.or_port 443
-EC413181CEB1C8EDC17608BBB177CD5FD8535E99.dir_port 80
-F65E0196C94DFFF48AFBF2F5F9E3E19AAE583FD0.address 94.242.246.23
-F65E0196C94DFFF48AFBF2F5F9E3E19AAE583FD0.or_port 9001
-F65E0196C94DFFF48AFBF2F5F9E3E19AAE583FD0.dir_port 443
-F65E0196C94DFFF48AFBF2F5F9E3E19AAE583FD0.orport6_address 2a01:608:ffff:ff07::1:23
-F65E0196C94DFFF48AFBF2F5F9E3E19AAE583FD0.orport6_port 9003
-F960DF50F0FD4075AC9B505C1D4FFC8384C490FB.address 46.101.143.173
-F960DF50F0FD4075AC9B505C1D4FFC8384C490FB.or_port 443
-F960DF50F0FD4075AC9B505C1D4FFC8384C490FB.dir_port 80
+EC639EDAA5121B47DBDF3D6B01A22E48A8CB6CC7.address 89.40.71.149
+EC639EDAA5121B47DBDF3D6B01A22E48A8CB6CC7.or_port 8080
+EC639EDAA5121B47DBDF3D6B01A22E48A8CB6CC7.dir_port 8081
+ED2338CAC2711B3E331392E1ED2831219B794024.address 192.87.28.28
+ED2338CAC2711B3E331392E1ED2831219B794024.or_port 9001
+ED2338CAC2711B3E331392E1ED2831219B794024.dir_port 9030
+F409FA7902FD89270E8DE0D7977EA23BC38E5887.address 212.83.40.238
+F409FA7902FD89270E8DE0D7977EA23BC38E5887.or_port 9001
+F409FA7902FD89270E8DE0D7977EA23BC38E5887.dir_port 9030
+F4C0EDAA0BF0F7EC138746F8FEF1CE26C7860265.address 5.199.142.236
+F4C0EDAA0BF0F7EC138746F8FEF1CE26C7860265.or_port 9001
+F4C0EDAA0BF0F7EC138746F8FEF1CE26C7860265.dir_port 9030
+F69BED36177ED727706512BA6A97755025EEA0FB.address 46.28.207.141
+F69BED36177ED727706512BA6A97755025EEA0FB.or_port 443
+F69BED36177ED727706512BA6A97755025EEA0FB.dir_port 80
+F8D27B163B9247B232A2EEE68DD8B698695C28DE.address 78.47.18.110
+F8D27B163B9247B232A2EEE68DD8B698695C28DE.or_port 80
+F8D27B163B9247B232A2EEE68DD8B698695C28DE.dir_port 443
+F9246DEF2B653807236DA134F2AEAB103D58ABFE.address 178.254.13.126
+F9246DEF2B653807236DA134F2AEAB103D58ABFE.or_port 443
+F9246DEF2B653807236DA134F2AEAB103D58ABFE.dir_port 80
+F93D8F37E35C390BCAD9F9069E13085B745EC216.address 185.96.180.29
+F93D8F37E35C390BCAD9F9069E13085B745EC216.or_port 443
+F93D8F37E35C390BCAD9F9069E13085B745EC216.dir_port 80
+FA3415659444AE006E7E9E5375E82F29700CFDFD.address 104.243.35.196
+FA3415659444AE006E7E9E5375E82F29700CFDFD.or_port 9001
+FA3415659444AE006E7E9E5375E82F29700CFDFD.dir_port 9030
+FC9AC8EA0160D88BCCFDE066940D7DD9FA45495B.address 86.59.119.83
+FC9AC8EA0160D88BCCFDE066940D7DD9FA45495B.or_port 443
+FC9AC8EA0160D88BCCFDE066940D7DD9FA45495B.dir_port 80
 FD1871854BFC06D7B02F10742073069F0528B5CC.address 192.187.124.98
 FD1871854BFC06D7B02F10742073069F0528B5CC.or_port 9001
 FD1871854BFC06D7B02F10742073069F0528B5CC.dir_port 9030
+FDF845FC159C0020E2BDDA120C30C5C5038F74B4.address 212.129.38.254
+FDF845FC159C0020E2BDDA120C30C5C5038F74B4.or_port 9001
+FDF845FC159C0020E2BDDA120C30C5C5038F74B4.dir_port 9030
+FE296180018833AF03A8EACD5894A614623D3F76.address 149.56.45.200
+FE296180018833AF03A8EACD5894A614623D3F76.or_port 9001
+FE296180018833AF03A8EACD5894A614623D3F76.dir_port 9030
 FFA72BD683BC2FCF988356E6BEC1E490F313FB07.address 193.11.164.243
 FFA72BD683BC2FCF988356E6BEC1E490F313FB07.or_port 9001
 FFA72BD683BC2FCF988356E6BEC1E490F313FB07.dir_port 9030
diff --git a/stem/descriptor/remote.py b/stem/descriptor/remote.py
index a66672c..79f3889 100644
--- a/stem/descriptor/remote.py
+++ b/stem/descriptor/remote.py
@@ -1089,13 +1089,14 @@ def _fallback_directory_differences(previous_directories, new_directories):
 
   for fp in added_fp:
     directory = new_directories[fp]
+    orport_v6 = '%s:%s' % directory.orport_v6 if directory.orport_v6 else '[none]'
 
     lines += [
       '* Added %s as a new fallback directory:' % directory.fingerprint,
       '  address: %s' % directory.address,
       '  or_port: %s' % directory.or_port,
       '  dir_port: %s' % directory.dir_port,
-      '  orport_v6: %s' % directory.orport_v6 if directory.orport_v6 else '[none]',
+      '  orport_v6: %s' % orport_v6,
       '',
     ]
 
diff --git a/stem/manual.py b/stem/manual.py
index f5970ce..86585a4 100644
--- a/stem/manual.py
+++ b/stem/manual.py
@@ -383,7 +383,7 @@ class Manual(object):
       _add_config_options(config_options, category_enum, categories.get(category_header, []))
 
     for category in categories:
-      if category.endswith(' OPTIONS') and category not in CATEGORY_SECTIONS and category != 'COMMAND-LINE OPTIONS':
+      if category.endswith(' OPTIONS') and category not in CATEGORY_SECTIONS and category not in ('COMMAND-LINE OPTIONS', 'NON-PERSISTENT OPTIONS'):
         _add_config_options(config_options, Category.UNKNOWN, categories.get(category, []))
 
     return Manual(
diff --git a/stem/settings.cfg b/stem/settings.cfg
index c57d823..ec57bd9 100644
--- a/stem/settings.cfg
+++ b/stem/settings.cfg
@@ -63,7 +63,6 @@ manual.summary.DisableNetwork Don't accept non-controller connections
 manual.summary.ConstrainedSockets Shrinks sockets to ConstrainedSockSize
 manual.summary.ConstrainedSockSize Limit for the received and transmit buffers of sockets
 manual.summary.ControlPort Port providing access to tor controllers (nyx, vidalia, etc)
-manual.summary.ControlListenAddress Address providing controller access
 manual.summary.ControlSocket Socket providing controller access
 manual.summary.ControlSocketsGroupWritable Group read permissions for the control socket
 manual.summary.HashedControlPassword Hash of the password for authenticating to the control port
@@ -102,6 +101,8 @@ manual.summary.Log Runlevels and location for tor logging
 manual.summary.LogMessageDomains Includes a domain when logging messages
 manual.summary.MaxUnparseableDescSizeToLog Size of the dedicated log for unparseable descriptors
 manual.summary.OutboundBindAddress Sets the IP used for connecting to tor
+manual.summary.OutboundBindAddressOR Make outbound non-exit connections originate from this address
+manual.summary.OutboundBindAddressExit Make outbound exit connections originate from this address
 manual.summary.PidFile Path for a file tor writes containing its process id
 manual.summary.ProtocolWarnings Toggles if protocol errors give warnings or not
 manual.summary.PredictedPortsRelevanceTime Duration to ensure circuits for previously used ports remain available
@@ -118,17 +119,19 @@ manual.summary.AccelDir Crypto acceleration library path
 manual.summary.AvoidDiskWrites Toggles if tor avoids frequently writing to disk
 manual.summary.CircuitPriorityHalflife Overwrite method for prioritizing traffic among relayed connections
 manual.summary.CountPrivateBandwidth Applies rate limiting to private IP addresses
+manual.summary.ExtendByEd25519ID Include Ed25519 identifier when extending circuits
 
 # Client Config Options
 
-manual.summary.AllowInvalidNodes Permits use of relays flagged as invalid by authorities
-manual.summary.ExcludeSingleHopRelays Permits use of relays that allow single hop connections
 manual.summary.Bridge Available bridges
 manual.summary.LearnCircuitBuildTimeout Toggles adaptive timeouts for circuit creation
 manual.summary.CircuitBuildTimeout Initial timeout for circuit creation
+manual.summary.CircuitsAvailableTimeout Time to keep circuits open and unused for
 manual.summary.CircuitIdleTimeout Timeout for closing circuits that have never been used
 manual.summary.CircuitStreamTimeout Timeout for shifting streams among circuits
 manual.summary.ClientOnly Ensures that we aren't used as a relay or directory mirror
+manual.summary.ConnectionPadding Pad traffic to help prevent correlation attacks
+manual.summary.ReducedConnectionPadding Reduce padding and increase circuit cycling for low bandidth connections
 manual.summary.ExcludeNodes Relays or locales never to be used in circuits
 manual.summary.ExcludeExitNodes Relays or locales never to be used for exits
 manual.summary.GeoIPExcludeUnknown Don't use relays with an unknown locale in circuits
@@ -138,8 +141,6 @@ manual.summary.StrictNodes Never uses notes outside of Entry/ExitNodes
 manual.summary.FascistFirewall Only make outbound connections on FirewallPorts
 manual.summary.FirewallPorts Ports used by FascistFirewall
 manual.summary.HidServAuth Authentication credentials for connecting to a hidden service
-manual.summary.CloseHSClientCircuitsImmediatelyOnTimeout Close hidden service circuits that timeout
-manual.summary.CloseHSServiceRendCircuitsImmediatelyOnTimeout Close hidden service rendezvous circuits that timeout
 manual.summary.ReachableAddresses Rules for bypassing the local firewall
 manual.summary.ReachableDirAddresses Rules for bypassing the local firewall (directory fetches)
 manual.summary.ReachableORAddresses Rules for bypassing the local firewall (OR connections)
@@ -151,7 +152,6 @@ manual.summary.MaxClientCircuitsPending Number of circuits that can be in constr
 manual.summary.NodeFamily Define relays as belonging to a family
 manual.summary.EnforceDistinctSubnets Prevent use of multiple relays from the same subnet on a circuit
 manual.summary.SocksPort Port for using tor as a Socks proxy
-manual.summary.SocksListenAddress Address from which Socks connections can be made
 manual.summary.SocksPolicy Access policy for the pocks port
 manual.summary.SocksTimeout Time until idle or unestablished socks connections are closed
 manual.summary.TokenBucketRefillInterval Frequency at which exhausted connections are checked for new traffic
@@ -160,7 +160,6 @@ manual.summary.TrackHostExitsExpire Time until use of an exit for tracking expir
 manual.summary.UpdateBridgesFromAuthority Toggles fetching bridge descriptors from the authorities
 manual.summary.UseBridges Make use of configured bridges
 manual.summary.UseEntryGuards Use guard relays for first hop
-manual.summary.UseEntryGuardsAsDirGuards Retrieve descriptors via guards when able
 manual.summary.GuardfractionFile File containing information with duration of our guards
 manual.summary.UseGuardFraction Take guardfraction into account for path selection
 manual.summary.NumEntryGuards Pool size of guard relays we'll select from
@@ -168,27 +167,21 @@ manual.summary.NumDirectoryGuards Pool size of directory guards we'll select fro
 manual.summary.GuardLifetime Minimum time to keep entry guards
 manual.summary.SafeSocks Toggles rejecting unsafe variants of the socks protocol
 manual.summary.TestSocks Provide notices for if socks connections are of the safe or unsafe variants
-manual.summary.WarnUnsafeSocks Toggle warning of unsafe socks connection
 manual.summary.VirtualAddrNetworkIPv4 IPv4 address range to use when needing a virtual address
 manual.summary.VirtualAddrNetworkIPv6 IPv6 address range to use when needing a virtual address
 manual.summary.AllowNonRFC953Hostnames Toggles blocking invalid characters in hostname resolution
 manual.summary.AllowDotExit Toggles allowing exit notation in addresses
-manual.summary.FastFirstHopPK Toggle public key usage for the first hop
 manual.summary.TransPort Port for transparent proxying if the OS supports it
-manual.summary.TransListenAddress Address from which transparent proxy connections can be made
 manual.summary.TransProxyType Proxy type to be used
 manual.summary.NATDPort Port for forwarding ipfw NATD connections
-manual.summary.NATDListenAddress Address from which NATD forwarded connections can be made
 manual.summary.AutomapHostsOnResolve Map addresses ending with special suffixes to virtual addresses
 manual.summary.AutomapHostsSuffixes Address suffixes recognized by AutomapHostsOnResolve
 manual.summary.DNSPort Port from which DNS responses are fetched instead of tor
-manual.summary.DNSListenAddress Address for performing DNS resolution
 manual.summary.ClientDNSRejectInternalAddresses Ignores DNS responses for internal addresses
 manual.summary.ClientRejectInternalAddresses Disables use of Tor for internal connections
 manual.summary.DownloadExtraInfo Toggles fetching of extra information about relays
 manual.summary.WarnPlaintextPorts Toggles warnings for using risky ports
 manual.summary.RejectPlaintextPorts Prevents connections on risky ports
-manual.summary.AllowSingleHopCircuits Makes use of single hop exits if able
 manual.summary.OptimisticData Use exits without confirmation that prior connections succeeded
 manual.summary.Tor2webMode Establish non-anonymous hidden service connections
 manual.summary.Tor2webRendezvousPoints Rendezvous points to use for hidden services when in Tor2webMode
@@ -218,7 +211,6 @@ manual.summary.ClientBootstrapConsensusMaxInProgressTries Number of consensus do
 # Server Config Options
 
 manual.summary.Address Overwrites address others will use to reach this relay
-manual.summary.AllowSingleHopExits Toggles permitting use of this relay as a single hop proxy
 manual.summary.AssumeReachable Skips reachability test at startup
 manual.summary.BridgeRelay Act as a bridge
 manual.summary.ContactInfo Contact information for this relay
@@ -232,7 +224,6 @@ manual.summary.MyFamily Other relays this operator administers
 manual.summary.Nickname Identifier for this relay
 manual.summary.NumCPUs Number of processes spawned for decryption
 manual.summary.ORPort Port used to accept relay traffic
-manual.summary.ORListenAddress Address for relay connections
 manual.summary.PortForwarding Use UPnP or NAT-PMP if needed to relay
 manual.summary.PortForwardingHelper Executable for configuring port forwarding
 manual.summary.PublishServerDescriptor Types of descriptors published
@@ -253,8 +244,8 @@ manual.summary.BridgeRecordUsageByCountry Tracks geoip information on bridge usa
 manual.summary.ServerDNSRandomizeCase Toggles DNS query case randomization
 manual.summary.GeoIPFile Path to file containing IPv4 geoip information
 manual.summary.GeoIPv6File Path to file containing IPv6 geoip information
-manual.summary.TLSECGroup EC group for incoming SSL connections
 manual.summary.CellStatistics Toggles storing circuit queue duration to disk
+manual.summary.PaddingStatistics Toggles storing padding counts
 manual.summary.DirReqStatistics Toggles storing network status counts and performance to disk
 manual.summary.EntryStatistics Toggles storing client connection counts to disk
 manual.summary.ExitPortStatistics Toggles storing traffic and port usage data to disk
@@ -271,7 +262,6 @@ manual.summary.OfflineMasterKey Don't generate the master secret key
 
 manual.summary.DirPortFrontPage Publish this html file on the DirPort
 manual.summary.DirPort Port for directory connections
-manual.summary.DirListenAddress Address the directory service is bound to
 manual.summary.DirPolicy Access policy for the DirPort
 manual.summary.DirCache Provide cached descriptor information to other tor users
 
@@ -296,11 +286,11 @@ manual.summary.AuthDirInvalidCCs Countries for which the valid flag is withheld
 manual.summary.AuthDirRejectCCs Countries for which relays aren't accepted into the consensus
 manual.summary.AuthDirListBadExits Toggles if we provide an opinion on bad exits
 manual.summary.AuthDirMaxServersPerAddr Limit on the number of relays accepted per ip
-manual.summary.AuthDirMaxServersPerAuthAddr Limit on the number of relays accepted per an authority's ip
 manual.summary.AuthDirFastGuarantee Advertised rate at which the Fast flag is granted
 manual.summary.AuthDirGuardBWGuarantee Advertised rate necessary to be a guard
 manual.summary.AuthDirPinKeys Don't accept descriptors with conflicting identity keypairs
 manual.summary.AuthDirSharedRandomness Participates in shared randomness voting
+manual.summary.AuthDirTestEd25519LinkKeys Require proper Ed25519 key for the Running flag
 manual.summary.BridgePassword Password for requesting bridge information
 manual.summary.V3AuthVotingInterval Consensus voting interval
 manual.summary.V3AuthVoteDelay Wait time to collect votes of other authorities
diff --git a/test/integ/manual.py b/test/integ/manual.py
index f9d4dbd..5c73914 100644
--- a/test/integ/manual.py
+++ b/test/integ/manual.py
@@ -27,6 +27,7 @@ EXPECTED_CATEGORIES = set([
   'DIRECTORY AUTHORITY SERVER OPTIONS',
   'HIDDEN SERVICE OPTIONS',
   'TESTING NETWORK OPTIONS',
+  'NON-PERSISTENT OPTIONS',
   'SIGNALS',
   'FILES',
   'SEE ALSO',
@@ -47,8 +48,7 @@ By default, tor will act as a client only. To help the network by providing band
 
 EXPECTED_FILE_DESCRIPTION = 'Specify a new configuration file to contain further Tor configuration options OR pass - to make Tor read its configuration from standard input. (Default: @CONFDIR@/torrc, or $HOME/.torrc if that file is not found)'
 
-EXPECTED_BANDWIDTH_RATE_DESCRIPTION = 'A token bucket limits the average incoming bandwidth usage on this node to the specified number of bytes per second, and the average outgoing bandwidth usage to that same value. If you want to run a relay in the public network, this needs to be at the very least 75 KBytes for a relay (that is, 600 kbits) or 50 KBytes for a bridge (400 kbits) -- but of course, more is better; we recommend at least 250 KBytes (2 mbits) if possible. (Default: 1 GByte)\n\nWith this option, and in other options that take arguments in bytes, KBytes, and so on, other formats are also supported. Notably, "KBytes" can also be written as "kilobytes" or "kb"; "MBytes" can be written as "megabytes" or "MB"; "kbits" can be written as "kilobits"; and so forth. Tor also accepts "byte" and "bit" in the singular. The prefixes "tera" and "T" are also recognized. If no units are given, we default to bytes. To avoid confusion, we recommend writing "bytes" or "bits" explicitly, sin
 ce it\'s easy to forget that "B" means bytes, not bits.'
-
+EXPECTED_BANDWIDTH_RATE_DESCRIPTION = 'A token bucket limits the average incoming bandwidth usage on this node to the specified number of bytes per second, and the average outgoing bandwidth usage to that same value. If you want to run a relay in the public network, this needs to be at the very least 75 KBytes for a relay (that is, 600 kbits) or 50 KBytes for a bridge (400 kbits) -- but of course, more is better; we recommend at least 250 KBytes (2 mbits) if possible. (Default: 1 GByte)\n\nNote that this option, and other bandwidth-limiting options, apply to TCP data only: They do not count TCP headers or DNS traffic.\n\nWith this option, and in other options that take arguments in bytes, KBytes, and so on, other formats are also supported. Notably, "KBytes" can also be written as "kilobytes" or "kb"; "MBytes" can be written as "megabytes" or "MB"; "kbits" can be written as "kilobits"; and so forth. Tor also accepts "byte" and "bit" in the singular. The prefixes "tera" and "T" are a
 lso recognized. If no units are given, we default to bytes. To avoid confusion, we recommend writing "bytes" or "bits" explicitly, since it\'s easy to forget that "B" means bytes, not bits.'
 
 EXPECTED_EXIT_POLICY_DESCRIPTION = """
 Set an exit policy for this server. Each policy is of the form "accept[6]|reject[6] ADDR[/MASK][:PORT]". If /MASK is omitted then this policy just applies to the host given. Instead of giving a host or network you can also use "*" to denote the universe (0.0.0.0/0 and ::/128), or *4 to denote all IPv4 addresses, and *6 to denote all IPv6 addresses.  PORT can be a single port number, an interval of ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted, that means "*".
@@ -79,8 +79,7 @@ Policies are considered first to last, and the first match wins. If you want to
     reject *:6881-6999
     accept *:*
 
-    Since the default exit policy uses accept/reject *, it applies to both
-    IPv4 and IPv6 addresses.
+Since the default exit policy uses accept/reject *, it applies to both IPv4 and IPv6 addresses.
 """.strip()
 
 
@@ -255,7 +254,7 @@ class TestManual(unittest.TestCase):
       return
 
     with test.runner.get_runner().get_tor_controller() as controller:
-      config_options_in_tor = set([line.split()[0] for line in controller.get_info('config/names').splitlines()])
+      config_options_in_tor = set([line.split()[0] for line in controller.get_info('config/names').splitlines() if line.split()[1] != 'Virtual'])
 
       # options starting with an underscore are hidden by convention
 
@@ -263,11 +262,6 @@ class TestManual(unittest.TestCase):
         if name.startswith('_'):
           config_options_in_tor.remove(name)
 
-      # hidden service options are a special snowflake
-
-      if 'HiddenServiceOptions' in config_options_in_tor:
-        config_options_in_tor.remove('HiddenServiceOptions')
-
       # TODO: Looks like options we should remove from tor...
       #
       # https://trac.torproject.org/projects/tor/ticket/17665
diff --git a/test/unit/manual.py b/test/unit/manual.py
index 9e6904e..6bfcbe7 100644
--- a/test/unit/manual.py
+++ b/test/unit/manual.py
@@ -62,20 +62,6 @@ EXPECTED_FILES = {
 
 EXPECTED_CONFIG_OPTIONS = OrderedDict()
 
-EXPECTED_CONFIG_OPTIONS['AllowInvalidNodes'] = stem.manual.ConfigOption(
-  name = 'AllowInvalidNodes',
-  category = 'Client',
-  usage = 'entry|exit|middle|introduction|rendezvous|...',
-  summary = 'Permits use of relays flagged as invalid by authorities',
-  description = 'If some Tor servers are obviously not working right, the directory authorities can manually mark them as invalid, meaning that it\'s not recommended you use them for entry or exit positions in your circuits. You can opt to use them in some circuit positions, though. The default is "middle,rendezvous", and other choices are not advised.')
-
-EXPECTED_CONFIG_OPTIONS['ExcludeSingleHopRelays'] = stem.manual.ConfigOption(
-  name = 'ExcludeSingleHopRelays',
-  category = 'Client',
-  usage = '0|1',
-  summary = 'Permits use of relays that allow single hop connections',
-  description = 'This option controls whether circuits built by Tor will include relays with the AllowSingleHopExits flag set to true. If ExcludeSingleHopRelays is set to 0, these relays will be included. Note that these relays might be at higher risk of being seized or observed, so they are not normally included. Also note that relatively few clients turn off this option, so using these relays might make your client stand out. (Default: 1)')
-
 EXPECTED_CONFIG_OPTIONS['Bridge'] = stem.manual.ConfigOption(
   name = 'Bridge',
   category = 'Client',
diff --git a/test/unit/tor_man_example b/test/unit/tor_man_example
index c6116f6..431fc2e 100644
--- a/test/unit/tor_man_example
+++ b/test/unit/tor_man_example
@@ -87,16 +87,6 @@ If set, we will not advertise more than this amount of bandwidth for our Bandwid
 .sp
 The following options are useful only for clients (that is, if \fBSocksPort\fR, \fBTransPort\fR, \fBDNSPort\fR, or \fBNATDPort\fR is non\-zero):
 .PP
-\fBAllowInvalidNodes\fR \fBentry\fR|\fBexit\fR|\fBmiddle\fR|\fBintroduction\fR|\fBrendezvous\fR|\fB\&...\fR
-.RS 4
-If some Tor servers are obviously not working right, the directory authorities can manually mark them as invalid, meaning that it\(cqs not recommended you use them for entry or exit positions in your circuits\&. You can opt to use them in some circuit positions, though\&. The default is "middle,rendezvous", and other choices are not advised\&.
-.RE
-.PP
-\fBExcludeSingleHopRelays\fR \fB0\fR|\fB1\fR
-.RS 4
-This option controls whether circuits built by Tor will include relays with the AllowSingleHopExits flag set to true\&. If ExcludeSingleHopRelays is set to 0, these relays will be included\&. Note that these relays might be at higher risk of being seized or observed, so they are not normally included\&. Also note that relatively few clients turn off this option, so using these relays might make your client stand out\&. (Default: 1)
-.RE
-.PP
 \fBBridge\fR [\fItransport\fR] \fIIP\fR:\fIORPort\fR [\fIfingerprint\fR]
 .RS 4
 When set along with UseBridges, instructs Tor to use the relay at "IP:ORPort" as a "bridge" relaying into the Tor network\&. If "fingerprint" is provided (using the same format as for DirAuthority), we will verify that the relay running at that location has the right fingerprint\&. We also use fingerprint to look up the bridge descriptor at the bridge authority, if it\(cqs provided and if UpdateBridgesFromAuthority is set too\&.