.LP
.TP
\fBAlternateDirAuthority \fR[\fInickname\fR] [\fBflags\fR] \fIaddress\fR\fB:\fIport fingerprint\fP
+.LP
+.TP
\fBAlternateHSAuthority \fR[\fInickname\fR] [\fBflags\fR] \fIaddress\fR\fB:\fIport fingerprint\fP
+.LP
+.TP
\fBAlternateBridgeAuthority \fR[\fInickname\fR] [\fBflags\fR] \fIaddress\fR\fB:\fIport fingerprint\fP
As DirServer, but replaces less of the default directory authorities.
Using AlternateDirAuthority replaces the default Tor directory
authorities in place. Similarly, Using AlternateHSAuthority replaces
the default hidden service authorities, but not the directory or
bridge authorities.
-
+.LP
+.TP
\fBFetchDirInfoEarly \fR\fB0\fR|\fB1\fR\fP
If set to 1, Tor will always fetch directory information like other
directory caches, even if you don't meet the normal criteria for
Tor will instead refuse to make the connection.
(Default: None).
-.LP
-.TP
.SH SERVER OPTIONS
.PP
The following options are useful only for servers (that is, if \fBORPort\fP is non-zero):
Set an entrance policy for this server, to limit who can connect to the
directory ports.
The policies have the same form as exit policies above.
-.LP
-.TP
.SH DIRECTORY AUTHORITY SERVER OPTIONS
.PP
+.LP
+.TP
\fBRecommendedVersions \fR\fISTRING\fP
STRING is a comma-separated list of Tor versions currently believed
to be safe. The list is included in each directory, and nodes which
intervals. This time SHOULD divide evenly into a day. (Default: 1 hour)
.LP
.TP
-\fBV3AuthVoteDelay\fR \fINUM\fP
+\fBV3AuthVoteDelay\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
V3 authoritative directories only. Configures the server's preferred
delay between publishing its vote and assuming it has all the votes
from all the other authorities. Note that the actual time used is not
(Default: 5 minutes.)
.LP
.TP
-\fBV3AuthDistDelay\fR \fINUM\fP
+\fBV3AuthDistDelay\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
V3 authoritative directories only. Configures the server's preferred
delay between publishing its consensus and signature and assuming it
has all the signatures from all the other authorities. Note that the
service descriptors to the directory servers. This information is also
uploaded whenever it changes. (Default: 20 minutes)
+.SH TESTING NETWORK OPTIONS
+.PP
+The following options are used for running a testing Tor network.
+.LP
+.TP
+\fBTestingTorNetwork \fR\fB0\fR|\fB1\fR\fP
+If set to 1, Tor adjusts default values of the configuration options below,
+so that it is easier to set up a testing Tor network. May only be set if
+non-default set of DirServers is set. Cannot be unset while Tor is running.
+(Default: 0)
+
+.PD 0
+.RS 12
+.IP "ServerDNSAllowBrokenResolvConf 1"
+.IP "DirAllowPrivateAddresses 1"
+.IP "EnforceDistinctSubnets 0"
+.IP "AssumeReachable 1"
+.IP "AuthDirMaxServersPerAddr 0"
+.IP "AuthDirMaxServersPerAuthAddr 0"
+.IP "ClientDNSRejectInternalAddresses 0"
+.IP "ExitPolicyRejectPrivate 0"
+.IP "V3AuthVotingInterval 5 minutes"
+.IP "V3AuthVoteDelay 20 seconds"
+.IP "V3AuthDistDelay 20 seconds"
+.IP "V3AuthInitialVotingInterval 5 minutes"
+.IP "V3AuthInitialVoteDelay 20 seconds"
+.IP "V3AuthInitialDistDelay 20 seconds"
+.IP "DirTimeToLearnReachability 0 minutes"
+.IP "EstimatedDescriptorPropagationTime 0 minutes"
+.RE
+.PD
+.LP
+.TP
+\fBV3AuthInitialVotingInterval\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
+Like \fBV3AuthVotingInterval\fR, but for initial voting interval before the
+first consensus has been created. Changing this requires that
+\fBTestingTorNetwork\fR is set. (Default: 30 minutes)
+.LP
+.TP
+\fBV3AuthInitialVoteDelay\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
+Like \fBV3AuthInitialVoteDelay\fR, but for initial voting interval before
+the first consensus has been created. Changing this requires that
+\fBTestingTorNetwork\fR is set. (Default: 5 minutes)
+.LP
+.TP
+\fBV3AuthInitialDistDelay\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
+Like \fBV3AuthInitialDistDelay\fR, but for initial voting interval before
+the first consensus has been created. Changing this requires that
+\fBTestingTorNetwork\fR is set. (Default: 5 minutes)
+.LP
+.TP
+\fBDirTimeToLearnReachability\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
+Consider routers as Running this time after starting an authority.
+(Default: 30 minutes)
+.LP
+.TP
+\fBEstimatedDescriptorPropagationTime\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
+Clients try downloading router descriptors from directory caches after this
+time. Changing this requires that \fBTestingTorNetwork\fR is set.
+(Default: 10 minutes)
+
.\" UNDOCUMENTED
.\" ignoreversion
V(DataDirectory, STRING, NULL),
OBSOLETE("DebugLogFile"),
V(DirAllowPrivateAddresses, BOOL, NULL),
+ V(DirTimeToLearnReachability, INTERVAL, "30 minutes"),
V(DirListenAddress, LINELIST, NULL),
OBSOLETE("DirFetchPeriod"),
V(DirPolicy, LINELIST, NULL),
V(DownloadExtraInfo, BOOL, "0"),
V(EnforceDistinctSubnets, BOOL, "1"),
V(EntryNodes, STRING, NULL),
+ V(EstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
V(ExcludeNodes, STRING, NULL),
V(ExitNodes, STRING, NULL),
V(ExitPolicy, LINELIST, NULL),
V(OutboundBindAddress, STRING, NULL),
OBSOLETE("PathlenCoinWeight"),
V(PidFile, STRING, NULL),
+ V(TestingTorNetwork, BOOL, "0"),
V(PreferTunneledDirConns, BOOL, "1"),
V(ProtocolWarnings, BOOL, "0"),
V(PublishServerDescriptor, CSV, "1"),
VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"),
VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir, "0"),
VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"),
+ V(V3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
+ V(V3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
+ V(V3AuthInitialDistDelay, INTERVAL, "5 minutes"),
V(V3AuthVotingInterval, INTERVAL, "1 hour"),
V(V3AuthVoteDelay, INTERVAL, "5 minutes"),
V(V3AuthDistDelay, INTERVAL, "5 minutes"),
V(MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"),
{ NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
+
+/* Keep defaults synchronous with man page and config value check. */
+static config_var_t testing_tor_network_defaults[] = {
+ V(ServerDNSAllowBrokenResolvConf, BOOL, "1"),
+ V(DirAllowPrivateAddresses, BOOL, "1"),
+ V(EnforceDistinctSubnets, BOOL, "0"),
+ V(AssumeReachable, BOOL, "1"),
+ V(AuthDirMaxServersPerAddr, UINT, "0"),
+ V(AuthDirMaxServersPerAuthAddr,UINT, "0"),
+ V(ClientDNSRejectInternalAddresses, BOOL,"0"),
+ V(ExitPolicyRejectPrivate, BOOL, "0"),
+ V(V3AuthVotingInterval, INTERVAL, "5 minutes"),
+ V(V3AuthVoteDelay, INTERVAL, "20 seconds"),
+ V(V3AuthDistDelay, INTERVAL, "20 seconds"),
+ V(V3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
+ V(V3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
+ V(V3AuthInitialDistDelay, INTERVAL, "20 seconds"),
+ V(DirTimeToLearnReachability, INTERVAL, "0 minutes"),
+ V(EstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
+ { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
+};
#undef VAR
#define VAR(name,conftype,member,initvalue) \
});
}
+ if (options->TestingTorNetwork && !options->DirServers) {
+ REJECT("TestingTorNetwork may only be configured in combination with "
+ "a non-default set of DirServers.");
+ }
+
+ /* Keep changes to hard-coded values synchronous to man page and default
+ * values table. */
+ if (options->V3AuthInitialVotingInterval != 30*60 &&
+ !options->TestingTorNetwork) {
+ REJECT("V3AuthInitialVotingInterval may only be changed in testing "
+ "Tor networks!");
+ } else if (options->V3AuthInitialVotingInterval < MIN_VOTE_INTERVAL) {
+ REJECT("V3AuthInitialVotingInterval is insanely low.");
+ } else if (((30*60) % options->V3AuthInitialVotingInterval) != 0) {
+ REJECT("V3AuthInitialVotingInterval does not divide evenly into "
+ "30 minutes.");
+ }
+
+ if (options->V3AuthInitialVoteDelay != 5*60 &&
+ !options->TestingTorNetwork) {
+ REJECT("V3AuthInitialVoteDelay may only be changed in testing "
+ "Tor networks!");
+ } else if (options->V3AuthInitialVoteDelay < MIN_VOTE_SECONDS) {
+ REJECT("V3AuthInitialVoteDelay is way too low.");
+ }
+
+ if (options->V3AuthInitialDistDelay != 5*60 &&
+ !options->TestingTorNetwork) {
+ REJECT("V3AuthInitialDistDelay may only be changed in testing "
+ "Tor networks!");
+ } else if (options->V3AuthInitialDistDelay < MIN_DIST_SECONDS) {
+ REJECT("V3AuthInitialDistDelay is way too low.");
+ }
+
+ if (options->V3AuthInitialVoteDelay + options->V3AuthInitialDistDelay >=
+ options->V3AuthInitialVotingInterval/2) {
+ REJECT("V3AuthInitialVoteDelay plus V3AuthInitialDistDelay must be "
+ "less than half V3AuthInitialVotingInterval");
+ }
+
+ if (options->DirTimeToLearnReachability != 30*60 &&
+ !options->TestingTorNetwork) {
+ REJECT("DirTimeToLearnReachability may only be changed in testing "
+ "Tor networks!");
+ } else if (options->DirTimeToLearnReachability < 0) {
+ REJECT("DirTimeToLearnReachability must be non-negative.");
+ } else if (options->DirTimeToLearnReachability > 2*60*60) {
+ COMPLAIN("DirTimeToLearnReachability is insanely high.");
+ }
+
+ if (options->EstimatedDescriptorPropagationTime != 10*60 &&
+ !options->TestingTorNetwork) {
+ REJECT("EstimatedDescriptorPropagationTime may only be changed in "
+ "testing Tor networks!");
+ } else if (options->EstimatedDescriptorPropagationTime < 0) {
+ REJECT("EstimatedDescriptorPropagationTime must be non-negative.");
+ } else if (options->EstimatedDescriptorPropagationTime > 60*60) {
+ COMPLAIN("EstimatedDescriptorPropagationTime is insanely high.");
+ }
+
+ if (options->TestingTorNetwork) {
+ log_warn(LD_CONFIG, "TestingTorNetwork is set. This will make your node "
+ "almost unusable in the public Tor network, and is "
+ "therefore only advised if you are building a "
+ "testing Tor network!");
+ }
+
return 0;
#undef REJECT
#undef COMPLAIN
return -1;
}
+ if (old->TestingTorNetwork != new_val->TestingTorNetwork) {
+ *msg = tor_strdup("While Tor is running, changing TestingTorNetwork "
+ "is not allowed.");
+ return -1;
+ }
+
return 0;
}
goto err;
}
+ /* If this is a testing network configuration, change defaults
+ * for a list of dependent config options, re-initialize newoptions
+ * with the new defaults, and assign all options to it second time. */
+ if (newoptions->TestingTorNetwork) {
+
+ /* Change defaults. */
+ int i;
+ for (i = 0; testing_tor_network_defaults[i].name; ++i) {
+ config_var_t *new_var = &testing_tor_network_defaults[i];
+ config_var_t *old_var =
+ config_find_option(&options_format, new_var->name);
+ tor_assert(new_var);
+ tor_assert(old_var);
+ old_var->initvalue = new_var->initvalue;
+ }
+
+ /* Clear newoptions and re-initialize them with new defaults. */
+ config_free(&options_format, newoptions);
+ newoptions = tor_malloc_zero(sizeof(or_options_t));
+ newoptions->_magic = OR_OPTIONS_MAGIC;
+ options_init(newoptions);
+ newoptions->command = command;
+ newoptions->command_arg = command_arg;
+
+ /* Assign all options a second time. */
+ retval = config_get_lines(cf, &cl);
+ if (retval < 0) {
+ err = SETOPT_ERR_PARSE;
+ goto err;
+ }
+ retval = config_assign(&options_format, newoptions, cl, 0, 0, msg);
+ config_free_lines(cl);
+ if (retval < 0) {
+ err = SETOPT_ERR_PARSE;
+ goto err;
+ }
+ retval = config_assign(&options_format, newoptions,
+ global_cmdline_options, 0, 0, msg);
+ if (retval < 0) {
+ err = SETOPT_ERR_PARSE;
+ goto err;
+ }
+ }
+
/* Validate newoptions */
if (options_validate(oldoptions, newoptions, 0, msg) < 0) {
err = SETOPT_ERR_PARSE; /*XXX021 make this separate.*/
projects / thirdparty / tor.git / commitdiff
