[tor-bugs] #1090 [Tor Client]: Warning about using an excluded node for exit
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Mar 10 23:28:45 UTC 2011
#1090: Warning about using an excluded node for exit
---------------------------+------------------------------------------------
Reporter: Sebastian | Owner: nickm
Type: defect | Status: assigned
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version: 0.2.1.19
Resolution: None | Keywords:
Parent: | Points:
Actualpoints: |
---------------------------+------------------------------------------------
Comment(by nickm):
I have tried to write up a description for the revised, revised, revised
behavior as a manpage patch. I've put it in my public repository in a
branch called "desired_node_behavior".
Again, this is what the behavior *should* IMO be.
Here's the relevant part:
{{{
**ExcludeNodes** __node__,__node__,__...__::
A list of identity fingerprints, nicknames, country codes and address
patterns of nodes to avoid when building a circuit.
(Example:
ExcludeNodes SlowServer, $ EFFFFFFFFFFFFFFF, \{cc}, 255.254.0.0/8)
+
+
By default, this options is treated as a preference that Tor is
allowed
to override in order to keep working.
For example, if you try to connect to a hidden service,
but you have excluded all of the hidden service's introduction points,
Tor will connect to one of them anyway. If you do not want this
behavior, set the StrictNodes option (documented below). +
+
Note also that if you are a relay, this (and the other node selection
options below) only affects your own circuits that Tor builds for you.
Clients can still build circuits through you to any node. Controllers
can tell Tor to build circuits through any node.
**ExcludeExitNodes** __node__,__node__,__...__::
A list of identity fingerprints, nicknames, country codes and address
patterns of nodes to never use when picking an exit node---that is, a
node that delivers traffic for you outside the Tor network. Note
that any
node listed in ExcludeNodes is automatically considered to be part of
this
list too.
**ExitNodes** __node__,__node__,__...__::
A list of identity fingerprints, nicknames, country codes and address
patterns of nodes to use as exit node---that is, a
node that delivers traffic for you outside the Tor network. +
+
Note that if you list too few nodes here, or if you exclude too many
exit
nodes with ExcludeExitNodes, you can degrade functionality. For
example,
if none of the exits you list allows traffic on port 80 or 443, you
won't
be able to browse the web. +
+
Note also that not every circuit is used to deliver traffic outside of
the Tor network. It is normal to see non-exit circuits (such as those
used to connect to hidden services, those that do directory fetches,
those used for self-tests, and so on) that end at a non-exit node. To
keep a node from being used entirely, see ExcludeNodes and
StrictNodes.
**EntryNodes** __node__,__node__,__...__::
A list of identity fingerprints, nicknames and address patterns of
nodes
to use for the first hop in your normal circuits. This includes all
circuits except for direct connections to directory servers. The
Bridge
option overrides this option; if you have configured bridges and
UseBridges is 1, the Bridges are used as your entry nodes.
**StrictNodes** **0**|**1**::
If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as
a
requirement to follow for all the circuits you generate, even if doing
so
will break functionality for you. If StrictNodes is set to 0, Tor
will
still try to avoid nodes in the ExcludeNodes list, but it will err on
the
side of avoiding unexpected errors. Specifically, StrictNodes 0 tells
Tor that it is okay to use an excluded node when necessary to connect
to
a hidden service, provide a hidden service to a client, fulfil a .exit
request, upload directory information, or download directory
information.
(Default: 0)
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1090#comment:31>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list