diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/tor.1.txt | 84 |
1 files changed, 65 insertions, 19 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 08da24d3c..b95de32b3 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -679,7 +679,11 @@ The following options are useful only for clients (that is, if Note also that if you are a relay, this (and the other node selection options below) only affects your own circuits that Tor builds for you. Clients can still build circuits through you to any node. Controllers - can tell Tor to build circuits through any node. + can tell Tor to build circuits through any node. + + + + Country codes are case-insensitive. The code "\{??}" refers to nodes whose + country can't be identified. No country code, including \{??}, works if + no GeoIPFile can be loaded. See also the GeoIPExcludeUnknown option below. **ExcludeExitNodes** __node__,__node__,__...__:: @@ -689,6 +693,14 @@ The following options are useful only for clients (that is, if node listed in ExcludeNodes is automatically considered to be part of this list too. See also the caveats on the "ExitNodes" option below. +**GeoIPExcludeUnknown** **0**|**1**|**auto**:: + If this option is set to 'auto', then whenever any country code is set in + ExcludeNodes or ExcludeEntryNodes, all nodes with unknown country (\{??} and + possibly \{A1}) are treated as excluded as well. If this option is set to + '1', then all unknown countries are treated as excluded in ExcludeNodes + and ExcludeEntryNodes. This option has no effect when a GeoIP file isn't + configured or can't be found. (Default: auto) + **ExitNodes** __node__,__node__,__...__:: A list of identity fingerprints, nicknames, country codes and address patterns of nodes to use as exit node---that is, a @@ -1218,6 +1230,16 @@ The following options are useful only for clients (that is, if "auto" (recommended) then it is on for all clients that do not set FetchUselessDescriptors. (Default: auto) +**UseNTorHandshake** **0**|**1**|**auto**:: + The "ntor" circuit-creation handshake is faster and (we think) more + secure than the original ("TAP") circuit handshake, but starting to use + it too early might make your client stand out. If this option is 0, your + Tor client won't use the ntor handshake. If it's 1, your Tor client + will use the ntor handshake to extend circuits through servers that + support it. If this option is "auto" (recommended), then your client + will use the ntor handshake once enough directory authorities recommend + it. (Default: auto) + **PathBiasCircThreshold** __NUM__ + **PathBiasNoticeRate** __NUM__ + @@ -1228,20 +1250,11 @@ The following options are useful only for clients (that is, if **PathBiasDropGuards** __NUM__ + -**PathBiasScaleThreshold** __NUM__ + - -**PathBiasMultFactor** __NUM__ + - -**PathBiasScaleFactor** __NUM__ + - -**PathBiasUseCloseCounts** __NUM__:: +**PathBiasScaleThreshold** __NUM__:: These options override the default behavior of Tor's (**currently experimental**) path bias detection algorithm. To try to find broken or misbehaving guard nodes, Tor looks for nodes where more than a certain - fraction of circuits through that guard fail to get built. If - PathBiasUseCloseCounts is set to 1 (the default), usage-based accounting is - performed, and circuits that fail to carry streams are also counted as - failures. + + fraction of circuits through that guard fail to get built. + The PathBiasCircThreshold option controls how many circuits we need to build through a guard before we make these checks. The PathBiasNoticeRate, @@ -1251,14 +1264,35 @@ The following options are useful only for clients (that is, if is set to 1, we disable use of that guard. + + When we have seen more than PathBiasScaleThreshold - circuits through a guard, we scale our observations by - PathBiasMultFactor/PathBiasScaleFactor, so that new observations don't get - swamped by old ones. + + circuits through a guard, we scale our observations by 0.5 (governed by + the consensus) so that new observations don't get swamped by old ones. + + By default, or if a negative value is provided for one of these options, Tor uses reasonable defaults from the networkstatus consensus document. If no defaults are available there, these options default to 150, .70, - .50, .30, 0, 300, 1, and 2 respectively. + .50, .30, 0, and 300 respectively. + +**PathBiasUseThreshold** __NUM__ + + +**PathBiasNoticeUseRate** __NUM__ + + +**PathBiasExtremeUseRate** __NUM__ + + +**PathBiasScaleUseThreshold** __NUM__:: + Similar to the above options, these options override the default behavior + of Tor's (**currently experimental**) path use bias detection algorithm. + + + Where as the path bias parameters govern thresholds for successfully + building circuits, these four path use bias parameters govern thresholds + only for circuit usage. Circuits which receive no stream usage + are not counted by this detection algorithm. A used circuit is considered + successful if it is capable of carrying streams or otherwise receiving + well-formed responses to RELAY cells. + + + By default, or if a negative value is provided for one of these options, + Tor uses reasonable defaults from the networkstatus consensus document. + If no defaults are available there, these options default to 20, .80, + .60, and 100, respectively. **ClientUseIPv6** **0**|**1**:: If this option is set to 1, Tor might connect to entry nodes over @@ -1272,6 +1306,18 @@ The following options are useful only for clients (that is, if things may influence the choice. This option breaks a tie to the favor of IPv6. (Default: 0) +**PathsNeededToBuildCircuits** __NUM__:: + Tor clients don't build circuits for user traffic until they know + about enough of the network so that they could potentially construct + enough of the possible paths through the network. If this option + is set to a fraction between 0.25 and 0.95, Tor won't build circuits + until it has enough descriptors or microdescriptors to construct + that fraction of possible paths. Note that setting this option too low + can make your Tor client less anonymous, and setting it too high can + prevent your Tor client from bootstrapping. If this option is negative, + Tor will use a default value chosen by the directory + authorities. (Default: -1.) + SERVER OPTIONS -------------- @@ -1366,9 +1412,9 @@ is non-zero): If set, and we are an exit node, allow clients to use us for IPv6 traffic. (Default: 0) -**MaxOnionsPending** __NUM__:: - If you have more than this number of onionskins queued for decrypt, reject - new ones. (Default: 100) +**MaxOnionQueueDelay** __NUM__ [**msec**|**second**]:: + If we have more onionskins queued for processing than we can process in + this amount of time, reject new ones. (Default: 1750 msec) **MyFamily** __node__,__node__,__...__:: Declare that this Tor server is controlled or administered by a group or |