From de4cc126cbb5e663bdd048fd782fde869be7b80a Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 23 Nov 2012 17:31:53 -0500 Subject: Build and test most of the machinery needed for IPv6 virtualaddrmaps With an IPv6 virtual address map, we can basically hand out a new IPv6 address for _every_ address we connect to. That'll be cool, and will let us maybe get around prop205 issues. This uses some fancy logic to try to make the code paths in the ipv4 and the ipv6 case as close as possible, and moves to randomly generated addresses so we don't need to maintain those stupid counters that will collide if Tor restarts but apps don't. Also has some XXXX items to fix to make this useful. More design needed. --- doc/tor.1.txt | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'doc') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 5cf7ff7e3..ec350ba61 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1040,16 +1040,20 @@ The following options are useful only for clients (that is, if applications to do DNS resolves themselves is usually a bad idea and can leak your location to attackers. (Default: 1) -**VirtualAddrNetwork** __Address__/__bits__:: +**VirtualAddrNetworkIPv4** __Address__/__bits__ + + +**VirtualAddrNetworkIPv6** [__Address__]/__bits__:: When Tor needs to assign a virtual (unused) address because of a MAPADDRESS command from the controller or the AutomapHostsOnResolve feature, Tor - picks an unassigned address from this range. (Default: - 127.192.0.0/10) + + picks an unassigned address from this range. (Defaults: + 127.192.0.0/10 and [FE80::]/10 respectively.) + + When providing proxy server service to a network of computers using a tool - like dns-proxy-tor, change this address to "10.192.0.0/10" or - "172.16.0.0/12". The default **VirtualAddrNetwork** address range on a - properly configured machine will route to the loopback interface. For + like dns-proxy-tor, change the IPv4 network to "10.192.0.0/10" or + "172.16.0.0/12" and change the IPv6 network to "[FC00]/7". + The default **VirtualAddrNetwork** address ranges on a + properly configured machine will route to the loopback or link-local + interface. For local use, no change to the default VirtualAddrNetwork setting is needed. **AllowNonRFC953Hostnames** **0**|**1**:: -- cgit v1.2.3