[tor-commits] [torspec/master] apply notes from karsten and roger to proposal 186

nickm at torproject.org nickm at torproject.org
Tue Jan 17 16:43:26 UTC 2012 

commit 90744e95f4b49a4026126c3cdc99bdc85dc7abc3
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Jan 17 11:35:01 2012 -0500

    apply notes from karsten and roger to proposal 186
---
 proposals/186-multiple-orports.txt |   16 +++++++++-------
 1 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/proposals/186-multiple-orports.txt b/proposals/186-multiple-orports.txt
index 192d758..d76377d 100644
--- a/proposals/186-multiple-orports.txt
+++ b/proposals/186-multiple-orports.txt
@@ -64,9 +64,9 @@ Configuring additional addresses and ports:
 
   In current operating systems (unless we get into crazy nonportable
   tricks) we need to use one socket for every address:port that Tor
-  binds on.  As a sanity check, we can limit the number of such
-  sockets we use to, say, 64.  If you want to bind lots of
-  address:port combinations, you'll want to do it at the
+  binds on.  As a sanity check, we can limit the number of such sockets
+  we use to, say, something between 8 and 64.  If you want to bind lots
+  of address:port combinations, you'll want to do it at the
   firewall/routing level.
 
   Example: We want to bind on 0.0.0.0:9001
@@ -74,10 +74,10 @@ Configuring additional addresses and ports:
      ORPort 9001
 
   Example: Our firewall is redirecting ports 80, 443, and 7000-8000
-  on all hosts in 18.244.2.0/24 onto our port 2929.
+  on all hosts in 18.244.2.0 onto our port 2929.
 
      ORPort 2929 noadvertise
-     ORPort 18.244.2.0/24:80,443,7000-8000 nolisten
+     ORPort 18.244.2.0:80,443,7000-8000 nolisten
 
   Example: We have a dynamic DNS provider that maps
   tornode.example.com to our current external IPv4 and IPv6
@@ -98,8 +98,10 @@ Self-testing:
   combinations.
 
   It will now be possible for a Tor node to find that some addresses
-  work and others do not.  In this case, the node should only
-  advertise ORPort lines that have been checked.
+  work and others do not.  In this case, the node should only advertise
+  ORPort lines that have been checked.  (As a consequence, the node
+  should not advertise any address unless at least one ORPort without
+  nolisten has been specified.)
 
   {Until support is added for extend cells to IPv6 addresses, it
   will only be possible to test IPv6 addresses by connecting

More information about the tor-commits mailing list