Browse code

Fix display of ipv6 addresses on the website

I don't know what WML is doing, but somehow it's treating [FE80::] as a
special thing it doesn't want to display (unlike [::], which it displays
just fine). Fixes bug 18667.

Sebastian Hahn authored on 11/10/2016 17:23:28
Showing 1 changed files
... ...
@@ -14,7 +14,7 @@
14 14
   <div id="maincol">  
15 15
     <:
16 16
     	die "Missing git clone at $(TORGIT)" unless -d "$(TORGIT)";
17
-    	my $man = `GIT_DIR=$(TORGIT) git show $(STABLETAG):doc/tor.1.txt | asciidoc -d manpage -s -o - -`;
17
+    	my $man = `GIT_DIR=$(TORGIT) git show $(STABLETAG):doc/tor.1.txt | asciidoc -d manpage -s -o - - | sed 's/\\[/\\&lsqb;/g'`;
18 18
     	die "No manpage because of asciidoc error or file not available from git" unless $man;
19 19
     	print $man;
20 20
     :>
Browse code

dev version is now 0.2.3.2-alpha, also fix stable manpage

Sebastian Hahn authored on 30/08/2011 00:28:35
Showing 1 changed files
... ...
@@ -9,2321 +9,22 @@
9 9
   <div id="breadcrumbs">
10 10
     <a href="<page index>">Home &raquo; </a>
11 11
     <a href="<page docs/documentation>">Documentation &raquo; </a>
12
-    <a href="<page docs/tor-doc-osx>">Tor Manual</a>
12
+    <a href="<page docs/tor-doc-osx>">Tor Dev Manual</a>
13
+  </div>
14
+  <div id="maincol">  
15
+    <:
16
+    	die "Missing git clone at $(TORGIT)" unless -d "$(TORGIT)";
17
+    	my $man = `GIT_DIR=$(TORGIT) git show $(STABLETAG):doc/tor.1.txt | asciidoc -d manpage -s -o - -`;
18
+    	die "No manpage because of asciidoc error or file not available from git" unless $man;
19
+    	print $man;
20
+    :>
13 21
   </div>
14
-  <div id="maincol">
15
-	<h2 id="_synopsis">SYNOPSIS</h2>
16
-	<div class="sectionbody">
17
-			<div class="paragraph"><p><strong>tor</strong> [<em>OPTION</em> <em>value</em>]&#8230;</p>
18
-			</div>
19
-	</div>
20
-		<h2 id="_description">DESCRIPTION</h2>
21
-		<div class="sectionbody">
22
-			<div class="paragraph"><p><em>tor</em> is a connection-oriented anonymizing communication
23
-			service. Users choose a source-routed path through a set of nodes, and
24
-			negotiate a "virtual circuit" through the network, in which each node 
25
-			knows its predecessor and successor, but no others. Traffic flowing down 
26
-			the circuit is unwrapped by a symmetric key at each node, which reveals
27
-			the downstream node.<br /></p></div>
28
-			
29
-			<div class="paragraph"><p>Basically <em>tor</em> provides a distributed network of servers ("onion routers").
30
-			Users bounce their TCP streams&#8201;&#8212;&#8201;web traffic, ftp, ssh, etc&#8201;&#8212;&#8201;around the
31
-			routers, and recipients, observers, and even the routers themselves have 
32
-			difficulty tracking the source of the stream.</p></div>
33
-		</div>
34
-		<h2 id="_options">OPTIONS</h2>
35
-		<div class="sectionbody">
36
-			<div class="dlist"><dl>
37
-				<dt class="hdlist1">
38
-					<strong>-h</strong>, <strong>-help</strong>
39
-				</dt>
40
-				<dd>
41
-					<p>
42
-					    Display a short help message and exit.
43
-					</p>
44
-				</dd>
45
-				<dt class="hdlist1">
46
-					<strong>-f</strong> <em>FILE</em>
47
-				</dt>
48
-				<dd>
49
-					<p>
50
-					    FILE contains further "option value" pairs. (Default: @CONFDIR@/torrc)
51
-					</p>
52
-				</dd>
53
-				<dt class="hdlist1">
54
-					<strong>--hash-password</strong>
55
-				</dt>
56
-				<dd>
57
-					<p>
58
-					    Generates a hashed password for control port access.
59
-					</p>
60
-				</dd>
61
-				<dt class="hdlist1">
62
-					<strong>--list-fingerprint</strong>
63
-				</dt>
64
-				<dd>
65
-					<p>
66
-					    Generate your keys and output your nickname and fingerprint.
67
-					</p>
68
-				</dd>
69
-				<dt class="hdlist1">
70
-					<strong>--verify-config</strong>
71
-				</dt>
72
-				<dd>
73
-					<p>
74
-					    Verify the configuration file is valid.
75
-					</p>
76
-				</dd>
77
-				<dt class="hdlist1">
78
-					<strong>--nt-service</strong>
79
-				</dt>
80
-				<dd>
81
-					<p>
82
-					    <strong>--service [install|remove|start|stop]</strong> Manage the Tor Windows
83
-					    NT/2000/XP service. Current instructions can be found at
84
-					    <a href="<wiki>doc/TorFAQ#WinNTService">https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#WinNTService</a>
85
-					</p>
86
-				</dd>
87
-				<dt class="hdlist1">
88
-					<strong>--list-torrc-options</strong>
89
-				</dt>
90
-				<dd>
91
-					<p>
92
-					    List all valid options.
93
-					</p>
94
-				</dd>
95
-				<dt class="hdlist1">
96
-					<strong>--version</strong>
97
-				</dt>
98
-				<dd>
99
-					<p>
100
-					    Display Tor version and exit.
101
-					</p>
102
-				</dd>
103
-				<dt class="hdlist1">
104
-					<strong>--quiet</strong>
105
-				</dt>
106
-				<dd>
107
-					<p>
108
-					    Do not start Tor with a console log unless explicitly requested to do so.
109
-					    (By default, Tor starts out logging messages at level "notice" or higher to
110
-					    the console, until it has parsed its configuration.)
111
-					</p>
112
-				</dd>
113
-				</dl>
114
-			</div>
115
-			<div class="paragraph">
116
-				<p>Other options can be specified either on the command-line (--option
117
-    				value), or in the configuration file (option value or option "value").
118
-				Options are case-insensitive. C-style escaped characters are allowed inside
119
-				quoted values. Options on the command line take precedence over
120
-    				options found in the configuration file, except indicated otherwise. To
121
-    				split one configuration entry into multiple lines, use a single \ before
122
-    				the end of the line. Comments can be used in such multiline entries, but
123
-    				they must start at the beginning of a line.</p>
124
-			</div>
125
-			<div class="dlist"><dl>
126
-				<dt class="hdlist1">
127
-					<strong>BandwidthRate</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
128
-				</dt>
129
-				<dd>
130
-					<p>
131
-					    A token bucket limits the average incoming bandwidth usage on this node to
132
-					    the specified number of bytes per second, and the average outgoing
133
-					    bandwidth usage to that same value. If you want to run a relay in the
134
-					    public network, this needs to be <em>at the very least</em> 20 KB (that is,
135
-					    20480 bytes). (Default: 5 MB)
136
-					</p>
137
-				</dd>
138
-				<dt class="hdlist1">
139
-					<strong>BandwidthBurst</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
140
-				</dt>
141
-				<dd>
142
-					<p>
143
-					    Limit the maximum token bucket size (also known as the burst) to the given
144
-				    	    number of bytes in each direction. (Default: 10 MB)
145
-					</p>
146
-				</dd>
147
-				<dt class="hdlist1">
148
-					<strong>MaxAdvertisedBandwidth</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
149
-				</dt>
150
-				<dd>
151
-					<p>
152
-					    If set, we will not advertise more than this amount of bandwidth for our
153
-					    BandwidthRate. Server operators who want to reduce the number of clients
154
-					    who ask to build circuits through them (since this is proportional to
155
-					    advertised bandwidth rate) can thus reduce the CPU demands on their server
156
-					    without impacting network performance.
157
-					</p>
158
-				</dd>
159
-				<dt class="hdlist1">
160
-					<strong>RelayBandwidthRate</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
161
-				</dt>
162
-				<dd>
163
-					<p>
164
-					    If not 0, a separate token bucket limits the average incoming bandwidth
165
-					    usage for _relayed traffic_ on this node to the specified number of bytes
166
-					    per second, and the average outgoing bandwidth usage to that same value.
167
-					    Relayed traffic currently is calculated to include answers to directory
168
-					    requests, but that may change in future versions. (Default: 0)
169
-					</p>
170
-				</dd>
171
-				<dt class="hdlist1">
172
-					<strong>RelayBandwidthBurst</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
173
-				</dt>
174
-				<dd>
175
-					<p>
176
-					    If not 0, limit the maximum token bucket size (also known as the burst) for
177
-					    _relayed traffic_ to the given number of bytes in each direction.
178
-					    (Default: 0)
179
-					</p>
180
-				</dd>
181
-				<dt class="hdlist1">
182
-					<strong>ConnLimit</strong> <em>NUM</em>
183
-				</dt>
184
-				<dd>
185
-					<p>
186
-					    The minimum number of file descriptors that must be available to the Tor
187
-					    process before it will start. Tor will ask the OS for as many file
188
-					    descriptors as the OS will allow (you can find this by "ulimit -H -n").
189
-					    If this number is less than ConnLimit, then Tor will refuse to start.<br />
190
-					    <br />
191
-					    You probably don&#8217;t need to adjust this. It has no effect on Windows
192
-					    since that platform lacks getrlimit(). (Default: 1000)
193
-					</p>
194
-				</dd>
195
-				<dt class="hdlist1">
196
-					<strong>ConstrainedSockets</strong> <strong>0</strong>|<strong>1</strong>
197
-				</dt>
198
-				<dd>
199
-					<p>
200
-					    If set, Tor will tell the kernel to attempt to shrink the buffers for all
201
-					    sockets to the size specified in <strong>ConstrainedSockSize</strong>. This is useful for
202
-					    virtual servers and other environments where system level TCP buffers may
203
-					    be limited. If you&#8217;re on a virtual server, and you encounter the "Error
204
-					    creating network socket: No buffer space available" message, you are
205
-					    likely experiencing this problem.<br />
206
-					    <br />
207
-					    The preferred solution is to have the admin increase the buffer pool for
208
-					    the host itself via /proc/sys/net/ipv4/tcp_mem or equivalent facility;
209
-					    this configuration option is a second-resort.<br />
210
-					    <br />
211
-					    The DirPort option should also not be used if TCP buffers are scarce. The
212
-					    cached directory requests consume additional sockets which exacerbates
213
-					    the problem.<br />
214
-					    <br />
215
-					    You should <strong>not</strong> enable this feature unless you encounter the "no buffer
216
-					    space available" issue. Reducing the TCP buffers affects window size for
217
-					    the TCP stream and will reduce throughput in proportion to round trip
218
-					    time on long paths. (Default: 0.)
219
-					</p>
220
-					</dd>
221
-					<dt class="hdlist1">
222
-						<strong>ConstrainedSockSize</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>
223
-					</dt>
224
-					<dd>
225
-						<p>
226
-						    When <strong>ConstrainedSockets</strong> is enabled the receive and transmit buffers for
227
-						    all sockets will be set to this limit. Must be a value between 2048 and
228
-						    262144, in 1024 byte increments. Default of 8192 is recommended.
229
-						</p>
230
-					</dd>
231
-					<dt class="hdlist1">
232
-						<strong>ControlPort</strong> <em>Port</em>
233
-					</dt>
234
-					<dd>
235
-						<p>
236
-						    If set, Tor will accept connections on this port and allow those
237
-						    connections to control the Tor process using the Tor Control Protocol
238
-						    (described in control-spec.txt). Note: unless you also specify one of
239
-						    <strong>HashedControlPassword</strong> or <strong>CookieAuthentication</strong>, setting this option will
240
-						    cause Tor to allow any process on the local host to control it. This
241
-						    option is required for many Tor controllers; most use the value of 9051.
242
-						</p>
243
-					</dd>
244
-					<dt class="hdlist1">
245
-						<strong>ControlListenAddress</strong> <em>IP</em>[:<em>PORT</em>]
246
-					</dt>
247
-					<dd>
248
-						<p>
249
-						    Bind the controller listener to this address. If you specify a port, bind
250
-						    to this port rather than the one specified in ControlPort. We strongly
251
-						    recommend that you leave this alone unless you know what you&#8217;re doing,
252
-						    since giving attackers access to your control listener is really
253
-						    dangerous. (Default: 127.0.0.1) This directive can be specified multiple
254
-						    times to bind to multiple addresses/ports.
255
-						</p>
256
-					</dd>
257
-					<dt class="hdlist1">
258
-						<strong>ControlSocket</strong> <em>Path</em>
259
-					</dt>
260
-					<dd>
261
-						<p>
262
-						    Like ControlPort, but listens on a Unix domain socket, rather than a TCP
263
-						    socket. (Unix and Unix-like systems only.)
264
-						</p>
265
-					</dd>
266
-					<dt class="hdlist1">
267
-						<strong>HashedControlPassword</strong> <em>hashed_password</em>
268
-					</dt>
269
-					<dd>
270
-						<p>
271
-						    Don&#8217;t allow any connections on the control port except when the other
272
-						    process knows the password whose one-way hash is <em>hashed_password</em>. You
273
-						    can compute the hash of a password by running "tor --hash-password
274
-						    <em>password</em>". You can provide several acceptable passwords by using more
275
-						    than one HashedControlPassword line.
276
-						</p>
277
-					</dd>
278
-					<dt class="hdlist1">
279
-						<strong>CookieAuthentication</strong> <strong>0</strong>|<strong>1</strong>
280
-					</dt>
281
-					<dd>
282
-						<p>
283
-						    If this option is set to 1, don&#8217;t allow any connections on the control port
284
-						    except when the connecting process knows the contents of a file named
285
-						    "control_auth_cookie", which Tor will create in its data directory. This
286
-						    authentication method should only be used on systems with good filesystem
287
-						    security. (Default: 0)
288
-						</p>
289
-					</dd>
290
-					<dt class="hdlist1">
291
-						<strong>CookieAuthFile</strong> <em>Path</em>
292
-					</dt>
293
-					<dd>
294
-						<p>
295
-						    If set, this option overrides the default location and file name
296
-						    for Tor&#8217;s cookie file. (See CookieAuthentication above.)
297
-						</p>
298
-					</dd>
299
-					<dt class="hdlist1">
300
-<strong>CookieAuthFileGroupReadable</strong> <strong>0</strong>|<strong>1</strong>|<em>Groupname</em>
301
-</dt>
302
-<dd>
303
-<p>
304
-    If this option is set to 0, don&#8217;t allow the filesystem group to read the
305
-    cookie file. If the option is set to 1, make the cookie file readable by
306
-    the default GID. [Making the file readable by other groups is not yet
307
-    implemented; let us know if you need this for some reason.] (Default: 0).
308
-</p>
309
-</dd>
310
-<dt class="hdlist1">
311
-<strong>DataDirectory</strong> <em>DIR</em>
312
-</dt>
313
-<dd>
314
-<p>
315
-    Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
316
-</p>
317
-</dd>
318
-<dt class="hdlist1">
319
-<strong>DirServer</strong> [<em>nickname</em>] [<strong>flags</strong>] <em>address</em>:<em>port</em> <em>fingerprint</em>
320
-</dt>
321
-<dd>
322
-<p>
323
-    Use a nonstandard authoritative directory server at the provided address
324
-    and port, with the specified key fingerprint. This option can be repeated
325
-    many times, for multiple authoritative directory servers. Flags are
326
-    separated by spaces, and determine what kind of an authority this directory
327
-    is. By default, every authority is authoritative for current ("v2")-style
328
-    directories, unless the "no-v2" flag is given. If the "v1" flags is
329
-    provided, Tor will use this server as an authority for old-style (v1)
330
-    directories as well. (Only directory mirrors care about this.) Tor will
331
-    use this server as an authority for hidden service information if the "hs"
332
-    flag is set, or if the "v1" flag is set and the "no-hs" flag is <strong>not</strong> set.
333
-    Tor will use this authority as a bridge authoritative directory if the
334
-    "bridge" flag is set. If a flag "orport=<strong>port</strong>" is given, Tor will use the
335
-    given port when opening encrypted tunnels to the dirserver. Lastly, if a
336
-    flag "v3ident=<strong>fp</strong>" is given, the dirserver is a v3 directory authority
337
-    whose v3 long-term signing key has the fingerprint <strong>fp</strong>.<br />
338
-<br />
339
-    If no <strong>dirserver</strong> line is given, Tor will use the default directory
340
-    servers. NOTE: this option is intended for setting up a private Tor
341
-    network with its own directory authorities. If you use it, you will be
342
-    distinguishable from other users, because you won&#8217;t believe the same
343
-    authorities they do.
344
-</p>
345
-</dd>
346
-</dl></div>
347
-<div class="paragraph"><p><strong>AlternateDirAuthority</strong> [<em>nickname</em>] [<strong>flags</strong>] <em>address</em>:<em>port</em> <em>fingerprint</em><br /></p></div>
348
-<div class="paragraph"><p><strong>AlternateHSAuthority</strong> [<em>nickname</em>] [<strong>flags</strong>] <em>address</em>:<em>port</em> <em>fingerprint</em><br /></p></div>
349
-<div class="dlist"><dl>
350
-<dt class="hdlist1">
351
-<strong>AlternateBridgeAuthority</strong> [<em>nickname</em>] [<strong>flags</strong>] <em>address</em>:<em>port</em> <em> fingerprint</em>
352
-</dt>
353
-<dd>
354
-<p>
355
-    As DirServer, but replaces less of the default directory authorities. Using
356
-    AlternateDirAuthority replaces the default Tor directory authorities, but
357
-    leaves the hidden service authorities and bridge authorities in place.
358
-    Similarly, Using AlternateHSAuthority replaces the default hidden service
359
-    authorities, but not the directory or bridge authorities.
360
-</p>
361
-</dd>
362
-<dt class="hdlist1">
363
-<strong>FetchDirInfoEarly</strong> <strong>0</strong>|<strong>1</strong>
364
-</dt>
365
-<dd>
366
-<p>
367
-    If set to 1, Tor will always fetch directory information like other
368
-    directory caches, even if you don&#8217;t meet the normal criteria for fetching
369
-    early. Normal users should leave it off. (Default: 0)
370
-</p>
371
-</dd>
372
-<dt class="hdlist1">
373
-<strong>FetchHidServDescriptors</strong> <strong>0</strong>|<strong>1</strong>
374
-</dt>
375
-<dd>
376
-<p>
377
-    If set to 0, Tor will never fetch any hidden service descriptors from the
378
-    rendezvous directories. This option is only useful if you&#8217;re using a Tor
379
-    controller that handles hidden service fetches for you. (Default: 1)
380
-</p>
381
-</dd>
382
-<dt class="hdlist1">
383
-<strong>FetchServerDescriptors</strong> <strong>0</strong>|<strong>1</strong>
384
-</dt>
385
-<dd>
386
-<p>
387
-    If set to 0, Tor will never fetch any network status summaries or server
388
-    descriptors from the directory servers. This option is only useful if
389
-    you&#8217;re using a Tor controller that handles directory fetches for you.
390
-    (Default: 1)
391
-</p>
392
-</dd>
393
-<dt class="hdlist1">
394
-<strong>FetchUselessDescriptors</strong> <strong>0</strong>|<strong>1</strong>
395
-</dt>
396
-<dd>
397
-<p>
398
-    If set to 1, Tor will fetch every non-obsolete descriptor from the
399
-    authorities that it hears about. Otherwise, it will avoid fetching useless
400
-    descriptors, for example for routers that are not running. This option is
401
-    useful if you&#8217;re using the contributed "exitlist" script to enumerate Tor
402
-    nodes that exit to certain addresses. (Default: 0)
403
-</p>
404
-</dd>
405
-<dt class="hdlist1">
406
-<strong>HTTPProxy</strong> <em>host</em>[:<em>port</em>]
407
-</dt>
408
-<dd>
409
-<p>
410
-    Tor will make all its directory requests through this host:port (or host:80
411
-    if port is not specified), rather than connecting directly to any directory
412
-    servers.
413
-</p>
414
-</dd>
415
-<dt class="hdlist1">
416
-<strong>HTTPProxyAuthenticator</strong> <em>username:password</em>
417
-</dt>
418
-<dd>
419
-<p>
420
-    If defined, Tor will use this username:password for Basic HTTP proxy
421
-    authentication, as in RFC 2617. This is currently the only form of HTTP
422
-    proxy authentication that Tor supports; feel free to submit a patch if you
423
-    want it to support others.
424
-</p>
425
-</dd>
426
-<dt class="hdlist1">
427
-<strong>HTTPSProxy</strong> <em>host</em>[:<em>port</em>]
428
-</dt>
429
-<dd>
430
-<p>
431
-    Tor will make all its OR (SSL) connections through this host:port (or
432
-    host:443 if port is not specified), via HTTP CONNECT rather than connecting
433
-    directly to servers. You may want to set <strong>FascistFirewall</strong> to restrict
434
-    the set of ports you might try to connect to, if your HTTPS proxy only
435
-    allows connecting to certain ports.
436
-</p>
437
-</dd>
438
-<dt class="hdlist1">
439
-<strong>HTTPSProxyAuthenticator</strong> <em>username:password</em>
440
-</dt>
441
-<dd>
442
-<p>
443
-    If defined, Tor will use this username:password for Basic HTTPS proxy
444
-    authentication, as in RFC 2617. This is currently the only form of HTTPS
445
-    proxy authentication that Tor supports; feel free to submit a patch if you
446
-    want it to support others.
447
-</p>
448
-</dd>
449
-<dt class="hdlist1">
450
-<strong>KeepalivePeriod</strong> <em>NUM</em>
451
-</dt>
452
-<dd>
453
-<p>
454
-    To keep firewalls from expiring connections, send a padding keepalive cell
455
-    every NUM seconds on open connections that are in use. If the connection
456
-    has no open circuits, it will instead be closed after NUM seconds of
457
-    idleness. (Default: 5 minutes)
458
-</p>
459
-</dd>
460
-<dt class="hdlist1">
461
-<strong>Log</strong> <em>minSeverity</em>[-<em>maxSeverity</em>] <strong>stderr</strong>|<strong>stdout</strong>|<strong>syslog</strong>
462
-</dt>
463
-<dd>
464
-<p>
465
-    Send all messages between <em>minSeverity</em> and <em>maxSeverity</em> to the standard
466
-    output stream, the standard error stream, or to the system log. (The
467
-    "syslog" value is only supported on Unix.) Recognized severity levels are
468
-    debug, info, notice, warn, and err. We advise using "notice" in most cases,
469
-    since anything more verbose may provide sensitive information to an
470
-    attacker who obtains the logs. If only one severity level is given, all
471
-    messages of that level or higher will be sent to the listed destination.
472
-</p>
473
-</dd>
474
-<dt class="hdlist1">
475
-<strong>Log</strong> <em>minSeverity</em>[-<em>maxSeverity</em>] <strong>file</strong> <em>FILENAME</em>
476
-</dt>
477
-<dd>
478
-<p>
479
-    As above, but send log messages to the listed filename. The
480
-    "Log" option may appear more than once in a configuration file.
481
-    Messages are sent to all the logs that match their severity
482
-    level.
483
-</p>
484
-</dd>
485
-<dt class="hdlist1">
486
-<strong>OutboundBindAddress</strong> <em>IP</em>
487
-</dt>
488
-<dd>
489
-<p>
490
-    Make all outbound connections originate from the IP address specified. This
491
-    is only useful when you have multiple network interfaces, and you want all
492
-    of Tor&#8217;s outgoing connections to use a single one. This setting will be
493
-    ignored for connections to the loopback addresses (127.0.0.0/8 and ::1).
494
-</p>
495
-</dd>
496
-<dt class="hdlist1">
497
-<strong>PidFile</strong> <em>FILE</em>
498
-</dt>
499
-<dd>
500
-<p>
501
-    On startup, write our PID to FILE. On clean shutdown, remove
502
-    FILE.
503
-</p>
504
-</dd>
505
-<dt class="hdlist1">
506
-<strong>ProtocolWarnings</strong> <strong>0</strong>|<strong>1</strong>
507
-</dt>
508
-<dd>
509
-<p>
510
-    If 1, Tor will log with severity 'warn' various cases of other parties not
511
-    following the Tor specification. Otherwise, they are logged with severity
512
-    'info'. (Default: 0)
513
-</p>
514
-</dd>
515
-<dt class="hdlist1">
516
-<strong>RunAsDaemon</strong> <strong>0</strong>|<strong>1</strong>
517
-</dt>
518
-<dd>
519
-<p>
520
-    If 1, Tor forks and daemonizes to the background. This option has no effect
521
-    on Windows; instead you should use the --service command-line option.
522
-    (Default: 0)
523
-</p>
524
-</dd>
525
-<dt class="hdlist1">
526
-<strong>SafeLogging</strong> <strong>0</strong>|<strong>1</strong>
527
-</dt>
528
-<dd>
529
-<p>
530
-    Tor can scrub potentially sensitive strings from log messages (e.g.
531
-    addresses) by replacing them with the string [scrubbed]. This way logs can
532
-    still be useful, but they don&#8217;t leave behind personally identifying
533
-    information about what sites a user might have visited.<br />
534
-<br />
535
-    If this option is set to 0, Tor will not perform any scrubbing, if it is
536
-    set to 1, all potentially sensitive strings are replaced. (Default: 1)
537
-</p>
538
-</dd>
539
-<dt class="hdlist1">
540
-<strong>User</strong> <em>UID</em>
541
-</dt>
542
-<dd>
543
-<p>
544
-    On startup, setuid to this user and setgid to their primary group.
545
-</p>
546
-</dd>
547
-<dt class="hdlist1">
548
-<strong>HardwareAccel</strong> <strong>0</strong>|<strong>1</strong>
549
-</dt>
550
-<dd>
551
-<p>
552
-    If non-zero, try to use built-in (static) crypto hardware acceleration when
553
-    available. This is untested and probably buggy. (Default: 0)
554
-</p>
555
-</dd>
556
-<dt class="hdlist1">
557
-<strong>AvoidDiskWrites</strong> <strong>0</strong>|<strong>1</strong>
558
-</dt>
559
-<dd>
560
-<p>
561
-    If non-zero, try to write to disk less frequently than we would otherwise.
562
-    This is useful when running on flash memory or other media that support
563
-    only a limited number of writes. (Default: 0)
564
-</p>
565
-</dd>
566
-<dt class="hdlist1">
567
-<strong>TunnelDirConns</strong> <strong>0</strong>|<strong>1</strong>
568
-</dt>
569
-<dd>
570
-<p>
571
-    If non-zero, when a directory server we contact supports it, we will build
572
-    a one-hop circuit and make an encrypted connection via its ORPort.
573
-    (Default: 1)
574
-</p>
575
-</dd>
576
-<dt class="hdlist1">
577
-<strong>PreferTunneledDirConns</strong> <strong>0</strong>|<strong>1</strong>
578
-</dt>
579
-<dd>
580
-<p>
581
-    If non-zero, we will avoid directory servers that don&#8217;t support tunneled
582
-    directory connections, when possible. (Default: 1)
583
-</p>
584
-</dd>
585
-</dl></div>
586
-</div>
587
-<h2 id="_client_options">CLIENT OPTIONS</h2>
588
-<div class="sectionbody">
589
-<div class="paragraph"><p>The following options are useful only for clients (that is, if
590
-<strong>SocksPort</strong> is non-zero):</p></div>
591
-<div class="dlist"><dl>
592
-<dt class="hdlist1">
593
-<strong>AllowInvalidNodes</strong> <strong>entry</strong>|<strong>exit</strong>|<strong>middle</strong>|<strong>introduction</strong>|<strong>rendezvous</strong>|<strong>&#8230;</strong>
594
-</dt>
595
-<dd>
596
-<p>
597
-    If some Tor servers are obviously not working right, the directory
598
-    authorities can manually mark them as invalid, meaning that it&#8217;s not
599
-    recommended you use them for entry or exit positions in your circuits. You
600
-    can opt to use them in some circuit positions, though. The default is
601
-    "middle,rendezvous", and other choices are not advised.
602
-</p>
603
-</dd>
604
-<dt class="hdlist1">
605
-<strong>ExcludeSingleHopRelays</strong> <strong>0</strong>|<strong>1</strong>
606
-</dt>
607
-<dd>
608
-<p>
609
-    This option controls whether circuits built by Tor will include relays with
610
-    the AllowSingleHopExits flag set to true. If ExcludeSingleHopRelays is set
611
-    to 0, these relays will be included. Note that these relays might be at
612
-    higher risk of being seized or observed, so they are not normally
613
-    included. Also note that relatively few clients turn off this option,
614
-    so using these relays might make your client stand out.
615
-    (Default: 1)
616
-</p>
617
-</dd>
618
-<dt class="hdlist1">
619
-<strong>Bridge</strong> <em>IP</em>:<em>ORPort</em> [fingerprint]
620
-</dt>
621
-<dd>
622
-<p>
623
-    When set along with UseBridges, instructs Tor to use the relay at
624
-    "IP:ORPort" as a "bridge" relaying into the Tor network. If "fingerprint"
625
-    is provided (using the same format as for DirServer), we will verify that
626
-    the relay running at that location has the right fingerprint. We also use
627
-    fingerprint to look up the bridge descriptor at the bridge authority, if
628
-    it&#8217;s provided and if UpdateBridgesFromAuthority is set too.
629
-</p>
630
-</dd>
631
-<dt class="hdlist1">
632
-<strong>CircuitBuildTimeout</strong> <em>NUM</em>
633
-</dt>
634
-<dd>
635
-<p>
636
-    Try for at most NUM seconds when building circuits. If the circuit isn't
637
-    open in that time, give up on it. (Default: 1 minute.)
638
-</p>
639
-</dd>
640
-<dt class="hdlist1">
641
-<strong>CircuitIdleTimeout</strong> <em>NUM</em>
642
-</dt>
643
-<dd>
644
-<p>
645
-    If we have kept a clean (never used) circuit around for NUM seconds, then
646
-    close it. This way when the Tor client is entirely idle, it can expire all
647
-    of its circuits, and then expire its TLS connections. Also, if we end up
648
-    making a circuit that is not useful for exiting any of the requests we&#8217;re
649
-    receiving, it won&#8217;t forever take up a slot in the circuit list. (Default: 1
650
-    hour.)
651
-</p>
652
-</dd>
653
-<dt class="hdlist1">
654
-<strong>ClientOnly</strong> <strong>0</strong>|<strong>1</strong>
655
-</dt>
656
-<dd>
657
-<p>
658
-    If set to 1, Tor will under no circumstances run as a server or serve
659
-    directory requests. The default is to run as a client unless ORPort is
660
-    configured. (Usually, you don&#8217;t need to set this; Tor is pretty smart at
661
-    figuring out whether you are reliable and high-bandwidth enough to be a
662
-    useful server.) (Default: 0)
663
-</p>
664
-</dd>
665
-<dt class="hdlist1">
666
-<strong>ExcludeNodes</strong> <em>node</em>,<em>node</em>,<em>&#8230;</em>
667
-</dt>
668
-<dd>
669
-<p>
670
-    A list of identity fingerprints, nicknames, country codes and address
671
-    patterns of nodes to never use when building a circuit. (Example:
672
-    ExcludeNodes SlowServer, $ EFFFFFFFFFFFFFFF, {cc}, 255.254.0.0/8)
673
-</p>
674
-</dd>
675
-<dt class="hdlist1">
676
-<strong>ExcludeExitNodes</strong> <em>node</em>,<em>node</em>,<em>&#8230;</em>
677
-</dt>
678
-<dd>
679
-<p>
680
-    A list of identity fingerprints, nicknames, country codes and address
681
-    patterns of nodes to never use when picking an exit node. Note that any
682
-    node listed in ExcludeNodes is automatically considered to be part of this
683
-    list.
684
-</p>
685
-</dd>
686
-<dt class="hdlist1">
687
-<strong>EntryNodes</strong> <em>node</em>,<em>node</em>,<em>&#8230;</em>
688
-</dt>
689
-<dd>
690
-<p>
691
-    A list of identity fingerprints, nicknames and address
692
-    patterns of nodes to use for the first hop in normal circuits. These are
693
-    treated only as preferences unless StrictNodes (see below) is also set.
694
-</p>
695
-</dd>
696
-<dt class="hdlist1">
697
-<strong>ExitNodes</strong> <em>node</em>,<em>node</em>,<em>&#8230;</em>
698
-</dt>
699
-<dd>
700
-<p>
701
-    A list of identity fingerprints, nicknames, country codes and address
702
-    patterns of nodes to use for the last hop in normal exit circuits. These
703
-    are treated only as preferences unless StrictNodes (see below) is also set.
704
-</p>
705
-</dd>
706
-<dt class="hdlist1">
707
-<strong>StrictEntryNodes</strong> <strong>0</strong>|<strong>1</strong>
708
-</dt>
709
-<dd>
710
-<p>
711
-    If 1, Tor will never use any nodes besides those listed in "EntryNodes" for
712
-    the first hop of a circuit.
713
-</p>
714
-</dd>
715
-<dt class="hdlist1">
716
-<strong>StrictExitNodes</strong> <strong>0</strong>|<strong>1</strong>
717
-</dt>
718
-<dd>
719
-<p>
720
-    If 1, Tor will never use any nodes besides those listed in "ExitNodes" for
721
-    the last hop of a circuit.
722
-</p>
723
-</dd>
724
-<dt class="hdlist1">
725
-<strong>FascistFirewall</strong> <strong>0</strong>|<strong>1</strong>
726
-</dt>
727
-<dd>
728
-<p>
729
-    If 1, Tor will only create outgoing connections to ORs running on ports
730
-    that your firewall allows (defaults to 80 and 443; see <strong>FirewallPorts</strong>).
731
-    This will allow you to run Tor as a client behind a firewall with
732
-    restrictive policies, but will not allow you to run as a server behind such
733
-    a firewall. If you prefer more fine-grained control, use
734
-    ReachableAddresses instead.
735
-</p>
736
-</dd>
737
-<dt class="hdlist1">
738
-<strong>FirewallPorts</strong> <em>PORTS</em>
739
-</dt>
740
-<dd>
741
-<p>
742
-    A list of ports that your firewall allows you to connect to. Only used when
743
-    <strong>FascistFirewall</strong> is set. This option is deprecated; use ReachableAddresses
744
-    instead. (Default: 80, 443)
745
-</p>
746
-</dd>
747
-<dt class="hdlist1">
748
-<strong>HidServAuth</strong> <em>onion-address</em> <em>auth-cookie</em> [<em>service-name</em>]
749
-</dt>
750
-<dd>
751
-<p>
752
-    Client authorization for a hidden service. Valid onion addresses contain 16
753
-    characters in a-z2-7 plus ".onion", and valid auth cookies contain 22
754
-    characters in A-Za-z0-9+/. The service name is only used for internal
755
-    purposes, e.g., for Tor controllers. This option may be used multiple times
756
-    for different hidden services. If a hidden service uses authorization and
757
-    this option is not set, the hidden service is not accessible. Hidden
758
-    services can be configured to require authorization using the
759
-    <strong>HiddenServiceAuthorizeClient</strong> option.
760
-</p>
761
-</dd>
762
-<dt class="hdlist1">
763
-<strong>ReachableAddresses</strong> <em>ADDR</em>[/<em>MASK</em>][:<em>PORT</em>]&#8230;
764
-</dt>
765
-<dd>
766
-<p>
767
-    A comma-separated list of IP addresses and ports that your firewall allows
768
-    you to connect to. The format is as for the addresses in ExitPolicy, except
769
-    that "accept" is understood unless "reject" is explicitly provided. For
770
-    example, 'ReachableAddresses 99.0.0.0/8, reject 18.0.0.0/8:80, accept
771
-    *:80' means that your firewall allows connections to everything inside net
772
-    99, rejects port 80 connections to net 18, and accepts connections to port
773
-    80 otherwise. (Default: 'accept *:*'.)
774
-</p>
775
-</dd>
776
-<dt class="hdlist1">
777
-<strong>ReachableDirAddresses</strong> <em>ADDR</em>[/<em>MASK</em>][:<em>PORT</em>]&#8230;
778
-</dt>
779
-<dd>
780
-<p>
781
-    Like <strong>ReachableAddresses</strong>, a list of addresses and ports. Tor will obey
782
-    these restrictions when fetching directory information, using standard HTTP
783
-    GET requests. If not set explicitly then the value of
784
-    <strong>ReachableAddresses</strong> is used. If <strong>HTTPProxy</strong> is set then these
785
-    connections will go through that proxy.
786
-</p>
787
-</dd>
788
-<dt class="hdlist1">
789
-<strong>ReachableORAddresses</strong> <em>ADDR</em>[/<em>MASK</em>][:<em>PORT</em>]&#8230;
790
-</dt>
791
-<dd>
792
-<p>
793
-    Like <strong>ReachableAddresses</strong>, a list of addresses and ports. Tor will obey
794
-    these restrictions when connecting to Onion Routers, using TLS/SSL. If not
795
-    set explicitly then the value of <strong>ReachableAddresses</strong> is used. If
796
-    <strong>HTTPSProxy</strong> is set then these connections will go through that proxy.<br />
797
-<br />
798
-    The separation between <strong>ReachableORAddresses</strong> and
799
-    <strong>ReachableDirAddresses</strong> is only interesting when you are connecting
800
-    through proxies (see <strong>HTTPProxy</strong> and <strong>HTTPSProxy</strong>). Most proxies limit
801
-    TLS connections (which Tor uses to connect to Onion Routers) to port 443,
802
-    and some limit HTTP GET requests (which Tor uses for fetching directory
803
-    information) to port 80.
804
-</p>
805
-</dd>
806
-<dt class="hdlist1">
807
-<strong>LongLivedPorts</strong> <em>PORTS</em>
808
-</dt>
809
-<dd>
810
-<p>
811
-    A list of ports for services that tend to have long-running connections
812
-    (e.g. chat and interactive shells). Circuits for streams that use these
813
-    ports will contain only high-uptime nodes, to reduce the chance that a node
814
-    will go down before the stream is finished. (Default: 21, 22, 706, 1863,
815
-    5050, 5190, 5222, 5223, 6667, 6697, 8300)
816
-</p>
817
-</dd>
818
-<dt class="hdlist1">
819
-<strong>MapAddress</strong> <em>address</em> <em>newaddress</em>
820
-</dt>
821
-<dd>
822
-<p>
823
-    When a request for address arrives to Tor, it will rewrite it to newaddress
824
-    before processing it. For example, if you always want connections to
825
-    www.indymedia.org to exit via <em>torserver</em> (where <em>torserver</em> is the
826
-    nickname of the server), use "MapAddress www.indymedia.org
827
-    www.indymedia.org.torserver.exit".
828
-</p>
829
-</dd>
830
-<dt class="hdlist1">
831
-<strong>NewCircuitPeriod</strong> <em>NUM</em>
832
-</dt>
833
-<dd>
834
-<p>
835
-    Every NUM seconds consider whether to build a new circuit. (Default: 30
836
-    seconds)
837
-</p>
838
-</dd>
839
-<dt class="hdlist1">
840
-<strong>MaxCircuitDirtiness</strong> <em>NUM</em>
841
-</dt>
842
-<dd>
843
-<p>
844
-    Feel free to reuse a circuit that was first used at most NUM seconds ago,
845
-    but never attach a new stream to a circuit that is too old. (Default: 10
846
-    minutes)
847
-</p>
848
-</dd>
849
-<dt class="hdlist1">
850
-<strong>NodeFamily</strong> <em>node</em>,<em>node</em>,<em>&#8230;</em>
851
-</dt>
852
-<dd>
853
-<p>
854
-    The Tor servers, defined by their identity fingerprints or nicknames,
855
-    constitute a "family" of similar or co-administered servers, so never use
856
-    any two of them in the same circuit. Defining a NodeFamily is only needed
857
-    when a server doesn&#8217;t list the family itself (with MyFamily). This option
858
-    can be used multiple times.
859
-</p>
860
-</dd>
861
-<dt class="hdlist1">
862
-<strong>EnforceDistinctSubnets</strong> <strong>0</strong>|<strong>1</strong>
863
-</dt>
864
-<dd>
865
-<p>
866
-    If 1, Tor will not put two servers whose IP addresses are "too close" on
867
-    the same circuit. Currently, two addresses are "too close" if they lie in
868
-    the same /16 range. (Default: 1)
869
-</p>
870
-</dd>
871
-<dt class="hdlist1">
872
-<strong>SocksPort</strong> <em>PORT</em>
873
-</dt>
874
-<dd>
875
-<p>
876
-    Advertise this port to listen for connections from Socks-speaking
877
-    applications. Set this to 0 if you don&#8217;t want to allow application
878
-    connections. (Default: 9050)
879
-</p>