[tor-commits] [stem/master] Update manual cache

atagar at torproject.org atagar at torproject.org
Thu Mar 22 20:03:42 UTC 2018


commit 40dc25f60a6d192b29d701d10c6f970bfbe4d4eb
Author: Damian Johnson <atagar at torproject.org>
Date:   Thu Mar 22 12:55:28 2018 -0700

    Update manual cache
    
    Recaching information from tor's manual. Ran into a couple interesting wrinkles
    while doing this...
    
      https://trac.torproject.org/projects/tor/ticket/25581
      https://trac.torproject.org/projects/tor/ticket/25582
---
 stem/cached_tor_manual.sqlite    | Bin 227328 -> 238592 bytes
 stem/manual.py                   |   3 ++-
 stem/settings.cfg                |  32 ++++++++++++++++++++++++--------
 test/integ/control/controller.py |  18 +++++++++++-------
 test/integ/manual.py             |  13 ++++++++-----
 5 files changed, 45 insertions(+), 21 deletions(-)

diff --git a/stem/cached_tor_manual.sqlite b/stem/cached_tor_manual.sqlite
index 86050fe8..e8fe44cb 100644
Binary files a/stem/cached_tor_manual.sqlite and b/stem/cached_tor_manual.sqlite differ
diff --git a/stem/manual.py b/stem/manual.py
index 5e628ead..0bff9b68 100644
--- a/stem/manual.py
+++ b/stem/manual.py
@@ -79,7 +79,7 @@ try:
 except ImportError:
   import urllib2 as urllib
 
-Category = stem.util.enum.Enum('GENERAL', 'CLIENT', 'RELAY', 'DIRECTORY', 'AUTHORITY', 'HIDDEN_SERVICE', 'TESTING', 'UNKNOWN')
+Category = stem.util.enum.Enum('GENERAL', 'CLIENT', 'RELAY', 'DIRECTORY', 'AUTHORITY', 'HIDDEN_SERVICE', 'DENIAL_OF_SERVICE', 'TESTING', 'UNKNOWN')
 GITWEB_MANUAL_URL = 'https://gitweb.torproject.org/tor.git/plain/doc/tor.1.txt'
 CACHE_PATH = os.path.join(os.path.dirname(__file__), 'cached_tor_manual.sqlite')
 DATABASE = None  # cache database connections
@@ -104,6 +104,7 @@ CATEGORY_SECTIONS = OrderedDict((
   ('DIRECTORY SERVER OPTIONS', Category.DIRECTORY),
   ('DIRECTORY AUTHORITY SERVER OPTIONS', Category.AUTHORITY),
   ('HIDDEN SERVICE OPTIONS', Category.HIDDEN_SERVICE),
+  ('DENIAL OF SERVICE MITIGATION OPTIONS', Category.DENIAL_OF_SERVICE),
   ('TESTING NETWORK OPTIONS', Category.TESTING),
 ))
 
diff --git a/stem/settings.cfg b/stem/settings.cfg
index 59d6650b..5ce1cfa0 100644
--- a/stem/settings.cfg
+++ b/stem/settings.cfg
@@ -73,6 +73,8 @@ manual.summary.ControlPortWriteToFile Path for a file tor writes containing its
 manual.summary.ControlPortFileGroupReadable Group read permissions for the control port file
 manual.summary.DataDirectory Location for storing runtime data (state, keys, etc)
 manual.summary.DataDirectoryGroupReadable Group read permissions for the data directory
+manual.summary.CacheDirectory Directory where information is cached
+manual.summary.CacheDirectoryGroupReadable Group read permissions for the cache directory
 manual.summary.FallbackDir Fallback when unable to retrieve descriptor information
 manual.summary.UseDefaultFallbackDirs Use hard-coded fallback directory authorities when needed
 manual.summary.DirAuthority Alternative directory authorities
@@ -95,7 +97,7 @@ manual.summary.Socks4Proxy SOCKS 4 proxy for connecting to tor
 manual.summary.Socks5Proxy SOCKS 5 for connecting to tor
 manual.summary.Socks5ProxyUsername Username for connecting to the Socks5Proxy
 manual.summary.Socks5ProxyPassword Password for connecting to the Socks5Proxy
-manual.summary.SocksSocketsGroupWritable Group write permissions for the socks socket
+manual.summary.UnixSocksGroupWritable Group write permissions for the socks socket
 manual.summary.KeepalivePeriod Rate at which to send keepalive packets
 manual.summary.Log Runlevels and location for tor logging
 manual.summary.LogMessageDomains Includes a domain when logging messages
@@ -109,6 +111,7 @@ manual.summary.RunAsDaemon Toggles if tor runs as a daemon process
 manual.summary.LogTimeGranularity limits granularity of log message timestamps
 manual.summary.TruncateLogFile Overwrites log file rather than appending when restarted
 manual.summary.SyslogIdentityTag Tag logs appended to the syslog as being from tor
+manual.summary.AndroidIdentityTag Tag when logging to android subsystem
 manual.summary.SafeLogging Toggles if logs are scrubbed of sensitive information
 manual.summary.User UID for the process when started
 manual.summary.KeepBindCapabilities Retain permission for binding to low valued ports
@@ -179,6 +182,7 @@ manual.summary.NATDPort Port for forwarding ipfw NATD connections
 manual.summary.AutomapHostsOnResolve Map addresses ending with special suffixes to virtual addresses
 manual.summary.AutomapHostsSuffixes Address suffixes recognized by AutomapHostsOnResolve
 manual.summary.DNSPort Port from which DNS responses are fetched instead of tor
+manual.summary.ClientDNSRejectInternalAddresses Disregards anonymous DNS responses for internal addresses
 manual.summary.ClientRejectInternalAddresses Disables use of Tor for internal connections
 manual.summary.DownloadExtraInfo Toggles fetching of extra information about relays
 manual.summary.WarnPlaintextPorts Toggles warnings for using risky ports
@@ -186,6 +190,8 @@ manual.summary.RejectPlaintextPorts Prevents connections on risky ports
 manual.summary.OptimisticData Use exits without confirmation that prior connections succeeded
 manual.summary.Tor2webMode Establish non-anonymous hidden service connections
 manual.summary.Tor2webRendezvousPoints Rendezvous points to use for hidden services when in Tor2webMode
+manual.summary._HSLayer2Nodes # TODO: https://trac.torproject.org/projects/tor/ticket/25581
+manual.summary._HSLayer3Nodes # TODO: https://trac.torproject.org/projects/tor/ticket/25581
 manual.summary.UseMicrodescriptors Retrieve microdescriptors rather than server descriptors
 manual.summary.PathBiasCircThreshold Number of circuits through a guard before applying bias checks
 manual.summary.PathBiasNoticeRate Fraction of circuits that must succeed before logging a notice
@@ -205,8 +211,6 @@ manual.summary.PathsNeededToBuildCircuits Portion of relays to require informati
 manual.summary.ClientBootstrapConsensusAuthorityDownloadSchedule Schedule when bootstrapping for when to download resources from authorities
 manual.summary.ClientBootstrapConsensusFallbackDownloadSchedule Schedule when bootstrapping for when to download resources from fallback authorities
 manual.summary.ClientBootstrapConsensusAuthorityOnlyDownloadSchedule Schedule when bootstrapping for when to download resources from authorities when fallbacks unavailable
-manual.summary.ClientBootstrapConsensusMaxDownloadTries Number of times to attempt downloading consensus
-manual.summary.ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries Number of times to attempt downloading consensus from authorities
 manual.summary.ClientBootstrapConsensusMaxInProgressTries Number of consensus download requests to allow in-flight at once
 
 # Server Config Options
@@ -218,6 +222,7 @@ manual.summary.BridgeDistribution Distribution method BrideDB should provide our
 manual.summary.ContactInfo Contact information for this relay
 manual.summary.ExitRelay Allow relaying of exit traffic
 manual.summary.ExitPolicy Traffic destinations that can exit from this relay
+manual.summary.ExitPolicyDefault # TODO: https://trac.torproject.org/projects/tor/ticket/25582
 manual.summary.ExitPolicyRejectPrivate Prevent exiting on the local network
 manual.summary.ExitPolicyRejectLocalInterfaces More extensive prevention of exiting on the local network
 manual.summary.ReducedExitPolicy Customized reduced exit policy 
@@ -233,6 +238,7 @@ manual.summary.PublishServerDescriptor Types of descriptors published
 manual.summary.ShutdownWaitLength Delay before quitting after receiving a SIGINT signal
 manual.summary.SSLKeyLifetime Lifetime for our link certificate
 manual.summary.HeartbeatPeriod Rate at which an INFO level heartbeat message is sent
+manual.summary.MainloopStats Include development information from the main loop with heartbeats
 manual.summary.AccountingMax Amount of traffic before hibernating
 manual.summary.AccountingRule Method to determine when the accounting limit is reached
 manual.summary.AccountingStart Duration of an accounting period
@@ -260,6 +266,8 @@ manual.summary.MaxMemInQueues Threshold at which tor will terminate circuits to
 manual.summary.DisableOOSCheck Don't close connections when running out of sockets
 manual.summary.SigningKeyLifetime Duration the Ed25519 signing key is valid for
 manual.summary.OfflineMasterKey Don't generate the master secret key
+manual.summary.KeyDirectory Directory where secret keys reside
+manual.summary.KeyDirectoryGroupReadable Group read permissions for the secret key directory
 
 # Directory Server Options
 
@@ -322,6 +330,19 @@ manual.summary.HiddenServiceNumIntroductionPoints Number of introduction points
 manual.summary.HiddenServiceSingleHopMode Allow non-anonymous single hop hidden services
 manual.summary.HiddenServiceNonAnonymousMode Enables HiddenServiceSingleHopMode to be set
 
+# DoS Mitigation Options
+
+manual.summary.DoSCircuitCreationEnabled Enables circuit creation DoS mitigation
+manual.summary.DoSCircuitCreationMinConnections Connection rate when clients are a suspected DoS
+manual.summary.DoSCircuitCreationRate Acceptable rate for circuit creation
+manual.summary.DoSCircuitCreationBurst Accept burst of circuit creation up to this rate
+manual.summary.DoSCircuitCreationDefenseType Method for mitigating circuit creation DoS
+manual.summary.DoSCircuitCreationDefenseTimePeriod Duration of DoS mitigation
+manual.summary.DoSConnectionEnabled Enables connection DoS mitigation
+manual.summary.DoSConnectionMaxConcurrentCount Acceptable number of connections
+manual.summary.DoSConnectionDefenseType Method for mitigating connection DoS
+manual.summary.DoSRefuseSingleHopClientRendezvous Prevent establishment of single hop rendezvous points
+
 # Testing Network Options
 
 manual.summary.TestingTorNetwork Overrides other options to be a testing network
@@ -340,10 +361,6 @@ manual.summary.TestingBridgeDownloadSchedule Schedule for when we should downloa
 manual.summary.TestingBridgeBootstrapDownloadSchedule Schedule for downloading bridge descriptors when started
 manual.summary.TestingClientMaxIntervalWithoutRequest Maximum time to wait to batch requests for missing descriptors
 manual.summary.TestingDirConnectionMaxStall Duration to let directory connections stall before timing out
-manual.summary.TestingConsensusMaxDownloadTries Retries for downloading the consensus
-manual.summary.TestingDescriptorMaxDownloadTries Retries for downloading server descriptors
-manual.summary.TestingMicrodescMaxDownloadTries Retries for downloading microdescriptors
-manual.summary.TestingCertMaxDownloadTries Retries for downloading authority certificates
 manual.summary.TestingDirAuthVoteExit Relays to give the Exit flag to
 manual.summary.TestingDirAuthVoteExitIsStrict Only grant the Exit flag to relays listed by TestingDirAuthVoteExit
 manual.summary.TestingDirAuthVoteGuard Relays to give the Guard flag to
@@ -359,7 +376,6 @@ manual.summary.TestingAuthKeyLifetime Duration for our ed25519 signing key
 manual.summary.TestingLinkKeySlop Time before expiration that we replace our ed25519 link key
 manual.summary.TestingAuthKeySlop Time before expiration that we replace our ed25519 authentication key
 manual.summary.TestingSigningKeySlop Time before expiration that we replace our ed25519 signing key
-manual.summary.TestingClientDNSRejectInternalAddresses Skips DNS resolutions of internal addresses
 
 # Brief description of tor events
 
diff --git a/test/integ/control/controller.py b/test/integ/control/controller.py
index 87d6e970..8042e858 100644
--- a/test/integ/control/controller.py
+++ b/test/integ/control/controller.py
@@ -1395,16 +1395,20 @@ class TestController(unittest.TestCase):
     """
 
     with test.runner.get_runner().get_tor_controller() as controller:
-      self.assertEqual(None, controller.get_conf('OrPort'))
+      try:
+        controller.reset_conf('OrPort', 'DisableNetwork')
+        self.assertEqual(None, controller.get_conf('OrPort'))
 
-      # DisableNetwork ensures no port is actually opened
-      controller.set_options({'OrPort': '9090', 'DisableNetwork': '1'})
+        # DisableNetwork ensures no port is actually opened
+        controller.set_options({'OrPort': '9090', 'DisableNetwork': '1'})
 
-      # TODO once tor 0.2.7.x exists, test that we can generate a descriptor on demand.
+        # TODO once tor 0.2.7.x exists, test that we can generate a descriptor on demand.
 
-      self.assertEqual('9090', controller.get_conf('OrPort'))
-      controller.reset_conf('OrPort', 'DisableNetwork')
-      self.assertEqual(None, controller.get_conf('OrPort'))
+        self.assertEqual('9090', controller.get_conf('OrPort'))
+        controller.reset_conf('OrPort', 'DisableNetwork')
+        self.assertEqual(None, controller.get_conf('OrPort'))
+      finally:
+        controller.set_conf('OrPort', test.runner.ORPORT)
 
   def _get_router_status_entry(self, controller):
     """
diff --git a/test/integ/manual.py b/test/integ/manual.py
index 1eb4fb76..b08179db 100644
--- a/test/integ/manual.py
+++ b/test/integ/manual.py
@@ -27,6 +27,7 @@ EXPECTED_CATEGORIES = set([
   'DIRECTORY SERVER OPTIONS',
   'DIRECTORY AUTHORITY SERVER OPTIONS',
   'HIDDEN SERVICE OPTIONS',
+  'DENIAL OF SERVICE MITIGATION OPTIONS',
   'TESTING NETWORK OPTIONS',
   'NON-PERSISTENT OPTIONS',
   'SIGNALS',
@@ -66,7 +67,11 @@ Private addresses are rejected by default (at the beginning of your exit policy)
 
 This directive can be specified multiple times so you don't have to put it all on one line.
 
-Policies are considered first to last, and the first match wins. If you want to allow the same ports on IPv4 and IPv6, write your rules using accept/reject *. If you want to allow different ports on IPv4 and IPv6, write your IPv6 rules using accept6/reject6 *6, and your IPv4 rules using accept/reject *4. If you want to _replace_ the default exit policy, end your exit policy with either a reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to) the default exit policy. The default exit policy is:
+Policies are considered first to last, and the first match wins. If you want to allow the same ports on IPv4 and IPv6, write your rules using accept/reject *. If you want to allow different ports on IPv4 and IPv6, write your IPv6 rules using accept6/reject6 *6, and your IPv4 rules using accept/reject *4. If you want to _replace_ the default exit policy, end your exit policy with either a reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to) the default exit policy.
+
+If you want to use a reduced exit policy rather than the default exit policy, set "ReducedExitPolicy 1". If you want to replace the default exit policy with your custom exit policy, end your exit policy with either a reject : or an accept :. Otherwise, you're augmenting (prepending to) the default or reduced exit policy.
+
+The default exit policy is:
 
     reject *:25
     reject *:119
@@ -79,8 +84,6 @@ Policies are considered first to last, and the first match wins. If you want to
     reject *:6699
     reject *:6881-6999
     accept *:*
-
-Since the default exit policy uses accept/reject *, it applies to both IPv4 and IPv6 addresses.
 """.strip()
 
 
@@ -203,7 +206,7 @@ class TestManual(unittest.TestCase):
     assert_equal('signals', EXPECTED_SIGNALS, set(manual.signals.keys()))
     assert_equal('sighup description', 'Tor will catch this, clean up and sync to disk if necessary, and exit.', manual.signals['SIGTERM'])
 
-    assert_equal('number of files', 50, len(manual.files))
+    assert_equal('number of files', 48, len(manual.files))
     assert_equal('lib path description', 'The tor process stores keys and other data here.', manual.files['@LOCALSTATEDIR@/lib/tor/'])
 
     for category in Category:
@@ -213,7 +216,7 @@ class TestManual(unittest.TestCase):
     unknown_options = [entry for entry in manual.config_options.values() if entry.category == Category.UNKNOWN]
 
     if unknown_options:
-      self.fail("We don't recognize the category for the %s options. Maybe a new man page section? If so then please update the Category enum in stem/manual.py." % ', '.join(unknown_options))
+      self.fail("We don't recognize the category for the %s options. Maybe a new man page section? If so then please update the Category enum in stem/manual.py." % ', '.join([option.name for option in unknown_options]))
 
     option = manual.config_options['BandwidthRate']
     self.assertEqual(Category.GENERAL, option.category)



More information about the tor-commits mailing list