man page entries for TunnelDirConns and PreferTunneledDirConns

and add a todo item for nick in case he gets bored :)


svn:r9260

ChangeLog

@@ -35,8 +35,6 @@ Changes in version 0.1.2.5-alpha - 2007-01-03
       options files.
     - Reject *:563 (NTTPS) in the default exit policy. We already reject
       NNTP by default, so this seems like a sensible addition.
-    - Authorities do not recommend exits as guards if this would shift
-      excess load to the exit nodes.
     - Avoid some inadvertent info leaks by making clients reject hostnames
       with invalid characters. Add an option "AllowNonRFC953Hostnames"
       to disable this behavior, in case somebody is running a private
@@ -44,7 +42,7 @@ Changes in version 0.1.2.5-alpha - 2007-01-03
     - Add a new address-spec.txt document to describe our special-case
       addresses: .exit, .onion, and .noconnnect.
     - Add a maintainer script to tell us which options are missing
-      documentation.
+      documentation: "make check-docs".
     - Remove some options that have been deprecated since at least 0.1.0.x:
       AccountingMaxKB, LogFile, DebugLogFile, LogLevel, and SysLog.  Use
       AccountingMax instead of AccountingMaxKB; use Log to set log options.

doc/TODO

@@ -59,18 +59,13 @@ R     - handle connect-dir streams that don't have a chosen_exit_name set.
         o Implement
 R       - Hunt for places that change networkstatus info that I might have
           missed.
-R     . option to dl directory info via tor
-        o Make an option like __AllDirActionsPrivate that falls back to
-          non-Tor DL when not enough info present.  (TunnelDirConns).
-        - Set default to 0 before release candidate.
-        o Think harder about whether TunnelDirConns should be on
-          by default. No, they shouldn't, until we have much more of
-          blocking.pdf implemented.
-        o Handle case where we have no descriptors and so don't know who can
-          handle BEGIN_DIR.
-        - actually cause the directory.c functions to know about or_port
-          and use it when we're supposed to.
-        - man page items for TunnelDirConns and PreferTunneledDirConns
+
+  . option to dl directory info via tor:
+    TunnelDirConns and PreferTunneledDirConns
+R   - actually cause the directory.c functions to know about or_port
+      and use it when we're supposed to.
+N   - for tunneled edge conns, stop reading to the bridge connection
+      when the or_conn we're writing to has a full outbuf.
 
 N - DNS improvements
     . Asynchronous DNS

doc/tor.1.in

@@ -242,9 +242,14 @@ a limited number of writes.  (Default: 0)
 .LP
 .TP
 \fBTunnelDirConns \fR\fB0|\fR\fB1\fP
-If non-zero, try to have all directory info downloaded with encrypted
-connections.  (Default: 1)
-
+If non-zero, when a directory server we contact supports it, we will
+build a one-hop circuit and make an encrypted connection via its
+ORPort. (Default: 0)
+.LP
+.TP
+\fBPreferTunneledDirConns \fR\fB0|\fR\fB1\fP
+If non-zero, we will avoid directory servers that don't support tunneled
+directory connections, when possible. (Default: 0)
 
 .SH CLIENT OPTIONS
 .PP

src/or/config.c

@@ -347,6 +347,8 @@ static config_var_description_t options_description[] = {
     "provided IP address (only useful for multiple network interfaces)." },
   { "PIDFile", "On startup, write our PID to this file. On clean shutdown, "
     "remove the file." },
+  { "PreferTunneledDirConns", "If non-zero, avoid directory servers that "
+    "don't support tunneled conncetions." },
   /* PreferTunneledDirConns */
   /* ProtocolWarnings */
   /* RephistTrackTime */
@@ -354,8 +356,9 @@ static config_var_description_t options_description[] = {
     "started.  Unix only." },
   { "SafeLogging", "If set to 0, Tor logs potentially sensitive strings "
     "rather than replacing them with the string [scrubbed]." },
-  { "TunnelDirConns", "If non-zero, try to have all directory info downloaded "
-    "via encrypted connections." },
+  { "TunnelDirConns", "If non-zero, when a directory server we contact "
+    "supports it, we will build a one-hop circuit and make an encrypted "
+    "connection via its ORPort." },
   { "User", "On startup, setuid to this user" },
 
   /* ==== client options */

src/or/connection_edge.c

@@ -322,7 +322,7 @@ connection_edge_finished_connecting(edge_connection_t *edge_conn)
 /** Define a schedule for how long to wait between retrying
  * application connections. Rather than waiting a fixed amount of
  * time between each retry, we wait 10 seconds each for the first
- *  two tries, and 15 seconds for each retry after
+ * two tries, and 15 seconds for each retry after
  * that. Hopefully this will improve the expected user experience. */
 static int
 compute_socks_timeout(edge_connection_t *conn)

src/or/dirserv.c

@@ -1364,6 +1364,10 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
        * counting exit bandwidth. */
       /* Also, we might want to document the one-third behavior in
        * dir-spec.txt. */
+/* ChangeLog line when we reenable it:
+    - Authorities do not recommend exits as guards if this would shift
+      excess load to the exit nodes.
+*/
       smartlist_add(bandwidths, bw);
     }
   });