Proposal idea: User path configuration
mail at sebastianhahn.net
Thu Mar 4 03:24:30 UTC 2010
Title: Configuration options regarding circuit building
Author: Sebastian Hahn
This document outlines how Tor handles the user configuration
to influence the circuit building process.
Tor's treatment of the configuration *Nodes options was surprising
users, and quite a few conspiracy theories have crept up. We
our specification and code to better describe and communicate what
during circuit building, and how we're honoring configuration. So
we've been tracking a bugreport about this behaviour (
do=details&id=1090 ) and
Nick replied in a thread on or-talk (
http://archives.seul.org/or/talk/Feb-2010/msg00117.html ). This
tries to document our intention for those configuration options.
Five configuration options are available to users to influence Tor's
circuit building. EntryNodes and ExitNodes define a list of nodes
are for the Entry/Exit position in all circuits. ExcludeNodes is a
nodes that are used for no circuit, and ExcludeExitNodes is a list
nodes that aren't used as the last hop. StrictNodes defines Tor's
in case of a conflict, for example when a node that is excluded is
available introduction point. Setting StrictNodes to 1 breaks Tor's
functionality in that case, and it will refuse to build such a
Neither Nick's email nor bug 1090 have clear suggestions how we
behave in each case, so I tried to come up with something that made
sense to me.
Deviating from normal circuit building can break one's anonymity,
documentation of the above option should contain a warning to make
aware of the pitfalls.
It is proposed that the "User configuration" part of path-spec
2.2.2) be replaced with this:
Users can alter the default behavior for path selection with
options. In case of conflicts (excluding and requiring the same
"StrictNodes" option is used to determine behaviour. If a nodes is
excluded and required via a configuration option, the exclusion
- If "ExitNodes" is provided, then every request requires an exit
the ExitNodes list. If a request is supported by no nodes on
and "StrictNodes" is false, then Tor treats that request as if
were not provided.
- "EntryNodes" behaves analogously.
- If "ExcludeNodes" is provided, then no circuit uses any of the
listed. If a circuit requires an excluded node to be used, and
"StrictNodes" is false, then Tor uses the node in that position
not using any other of the excluded nodes.
- If "ExcludeExitNodes" is provided, then Tor will not use the nodes
listed for the exit position in a circuit. If a circuit requires
excluded node to be used in the exit position and "StrictNodes" is
false, then Tor builds that circuit as if ExcludeExitNodes were
- If a user tries to connect to or resolve a hostname of the form
<target>.<servername>.exit and the "AllowDotExit" configuration
is set to 1, the request is rewritten to a request for <target>,
request is only supported by the exit whose nickname or
<servername>. If "AllowDotExit" is set to 0 (default), any
<anything>.exit is denied.
- When any of the *Nodes settings are changed, all circuits are
immediately, to prevent a situation where a previously built
is used even though some of its nodes are now excluded.
The old Strict*Nodes options are deprecated, and the StrictNodes
new. Tor users may need to update their configuration file.
More information about the tor-dev