in a journal if it is new, or if it differs from the most recently
accepted pinning for one of the keys it contains. (Default: 1)
+[[AuthDirReject]] **AuthDirReject** __AddressPattern__...::
+ Authoritative directories only. A set of address patterns for servers that
+ will never be listed at all in any network status document that this
+ authority publishes, or accepted as an OR address in any descriptor
+ submitted for publication by this authority.
+
+//Out of order because it logically belongs with the other CCs options.
+[[AuthDirBadExitCCs]] **AuthDirBadExitCCs** __CC__,... +
+
+//Out of order because it logically belongs with the other CCs options.
+[[AuthDirInvalidCCs]] **AuthDirInvalidCCs** __CC__,... +
+
++
++[[AuthDirRejectRequestsUnderLoad]] **AuthDirRejectRequestsUnderLoad** **0**|**1**::
++ If set, the directory authority will start rejecting directory requests
++ from non relay connections by sending a 503 error code if it is under
++ bandwidth pressure (reaching the configured limit if any). Relays will
++ always tried to be answered even if this is on. (Default: 1)
++
+[[AuthDirRejectCCs]] **AuthDirRejectCCs** __CC__,...::
+ Authoritative directories only. These options contain a comma-separated
+ list of country codes such that any server in one of those country codes
+ will be marked as a bad exit/invalid for use, or rejected
+ entirely.
+
[[AuthDirSharedRandomness]] **AuthDirSharedRandomness** **0**|**1**::
Authoritative directories only. Switch for the shared random protocol.
If zero, the authority won't participate in the protocol. If non-zero
different identity. This feature is used to migrate directory authority
keys in the event of a compromise. (Default: 0)
-[[AuthDirHasIPv6Connectivity]] **AuthDirHasIPv6Connectivity** **0**|**1**::
- Authoritative directories only. When set to 0, OR ports with an
- IPv6 address are not included in the authority's votes. When set to 1,
- IPv6 OR ports are tested for reachability like IPv4 OR ports. If the
- reachability test succeeds, the authority votes for the IPv6 ORPort, and
- votes Running for the relay. If the reachability test fails, the authority
- does not vote for the IPv6 ORPort, and does not vote Running (Default: 0) +
-+
- The content of the consensus depends on the number of voting authorities
- that set AuthDirHasIPv6Connectivity:
-
- If no authorities set AuthDirHasIPv6Connectivity 1, there will be no
- IPv6 ORPorts in the consensus.
-
- If a minority of authorities set AuthDirHasIPv6Connectivity 1,
- unreachable IPv6 ORPorts will be removed from the consensus. But the
- majority of IPv4-only authorities will still vote the relay as Running.
- Reachable IPv6 ORPort lines will be included in the consensus
-
- If a majority of voting authorities set AuthDirHasIPv6Connectivity 1,
- relays with unreachable IPv6 ORPorts will not be listed as Running.
- Reachable IPv6 ORPort lines will be included in the consensus
- (To ensure that any valid majority will vote relays with unreachable
- IPv6 ORPorts not Running, 75% of authorities must set
- AuthDirHasIPv6Connectivity 1.)
-
-[[MinMeasuredBWsForAuthToIgnoreAdvertised]] **MinMeasuredBWsForAuthToIgnoreAdvertised** __N__::
- A total value, in abstract bandwidth units, describing how much
- measured total bandwidth an authority should have observed on the network
- before it will treat advertised bandwidths as wholly
- unreliable. (Default: 500)
-
-[[AuthDirRejectRequestsUnderLoad]] **AuthDirRejectRequestsUnderLoad** **0**|**1**::
- If set, the directory authority will start rejecting directory requests
- from non relay connections by sending a 503 error code if it is under
- bandwidth pressure (reaching the configured limit if any). Relays will
- always tried to be answered even if this is on. (Default: 1)
-
-
-HIDDEN SERVICE OPTIONS
-----------------------
-
-The following options are used to configure a hidden service. Some options
-apply per service and some apply for the whole tor instance.
+[[V3AuthVoteDelay]] **V3AuthVoteDelay** __N__ **minutes**|**hours**::
+ V3 authoritative directories only. Configures the server's preferred delay
+ between publishing its vote and assuming it has all the votes from all the
+ other authorities. Note that the actual time used is not the server's
- preferred time, but the consensus of all preferences. (Default: 5 minutes)
++ preferred time, but the consensus of all preferences. (Default: 5
++ minutes)
-The next section describes the per service options that can only be set
-**after** the **HiddenServiceDir** directive
+[[V3AuthVotingInterval]] **V3AuthVotingInterval** __N__ **minutes**|**hours**::
+ V3 authoritative directories only. Configures the server's preferred voting
+ interval. Note that voting will __actually__ happen at an interval chosen
+ by consensus from all the authorities' preferred intervals. This time
+ SHOULD divide evenly into a day. (Default: 1 hour)
-**PER SERVICE OPTIONS:**
+[[V3BandwidthsFile]] **V3BandwidthsFile** __FILENAME__::
+ V3 authoritative directories only. Configures the location of the
+ bandwidth-authority generated file storing information on relays' measured
+ bandwidth capacities. To avoid inconsistent reads, bandwidth data should
+ be written to temporary file, then renamed to the configured filename.
+ (Default: unset)
-[[HiddenServiceDir]] **HiddenServiceDir** __DIRECTORY__::
- Store data files for a hidden service in DIRECTORY. Every hidden service
- must have a separate directory. You may use this option multiple times to
- specify multiple services. If DIRECTORY does not exist, Tor will create it.
- Please note that you cannot add new Onion Service to already running Tor
- instance if **Sandbox** is enabled.
- (Note: in current versions of Tor, if DIRECTORY is a relative path,
- it will be relative to the current
- working directory of Tor instance, not to its DataDirectory. Do not
- rely on this behavior; it is not guaranteed to remain the same in future
- versions.)
+[[VersioningAuthoritativeDirectory]] **VersioningAuthoritativeDirectory** **0**|**1**::
+ When this option is set to 1, Tor adds information on which versions of
+ Tor are still believed safe for use to the published directory. Each
+ version 1 authority is automatically a versioning authority; version 2
+ authorities provide this service optionally. See **RecommendedVersions**,
+ **RecommendedClientVersions**, and **RecommendedServerVersions**.
-[[HiddenServicePort]] **HiddenServicePort** __VIRTPORT__ [__TARGET__]::
- Configure a virtual port VIRTPORT for a hidden service. You may use this
- option multiple times; each time applies to the service using the most
- recent HiddenServiceDir. By default, this option maps the virtual port to
- the same port on 127.0.0.1 over TCP. You may override the target port,
- address, or both by specifying a target of addr, port, addr:port, or
- **unix:**__path__. (You can specify an IPv6 target as [addr]:port. Unix
- paths may be quoted, and may use standard C escapes.)
- You may also have multiple lines with the same VIRTPORT: when a user
- connects to that VIRTPORT, one of the TARGETs from those lines will be
- chosen at random. Note that address-port pairs have to be comma-separated.
+== HIDDEN SERVICE OPTIONS
-[[HiddenServiceVersion]] **HiddenServiceVersion** **2**|**3**::
- A list of rendezvous service descriptor versions to publish for the hidden
- service. Currently, versions 2 and 3 are supported. (Default: 3)
+The following options are used to configure a hidden service. Some options
+apply per service and some apply for the whole tor instance.
+
+The next section describes the per service options that can only be set
+**after** the **HiddenServiceDir** directive
+
+**PER SERVICE OPTIONS:**
+
+[[HiddenServiceAllowUnknownPorts]] **HiddenServiceAllowUnknownPorts** **0**|**1**::
+ If set to 1, then connections to unrecognized ports do not cause the
+ current hidden service to close rendezvous circuits. (Setting this to 0 is
+ not an authorization mechanism; it is instead meant to be a mild
+ inconvenience to port-scanners.) (Default: 0)
[[HiddenServiceAuthorizeClient]] **HiddenServiceAuthorizeClient** __auth-type__ __client-name__,__client-name__,__...__::
If configured, the v2 hidden service is accessible for authorized clients
projects / thirdparty / tor.git / commitdiff
