[tor-relays] Minimum port 80 and 443 exit policy
teor
teor2345 at gmail.com
Fri Feb 3 05:43:41 UTC 2017
> On 3 Feb 2017, at 16:16, anondroid <tor at anondroid.com> wrote:
>
> > I was wondering what the minimum exit policy was (wrt port 80 and 443) for a Tor exit relay.
>
> https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2294
>
> "A router is called an 'Exit' iff it allows exits to at least two of the ports 80, 443, and 6667 and allows exits to at least one /8 address space."
With the introduction of microdescriptors, exits that reject more than
2 IPv4 /8s are considered not to exit to "most addresses".
So they are given port summaries that say they reject all ports, and
clients won't use them.
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2110
For IPv6, Exits summarise their own ports in descriptors, and this is
copied into their microdescriptor:
* in master, Exits that reject more than an IPv6 /16 claim they reject
all ports,
* in all released versions of tor, Exits that reject any IPv6
address mistakenly say they reject all ports. This happens by default
for IPv6 Exits with an ORPort on 0.2.8 and later.
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n565
https://trac.torproject.org/projects/tor/ticket/21357
> As an aside, I just noticed there's a typo in the spec there at line 2294 -- it reads"iff" instead of "if".
"iif" is shorthand for "if and only if".
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170203/7741de6d/attachment.sig>
More information about the tor-relays
mailing list