commit 530b3bc144a7d323ce30aa604eff63560c716400
Author: Damian Johnson <[email protected]>
Date: Sat Apr 21 16:53:56 2018 -0700
Resync manual data
Tests we're adding are for the ONLINE test target, so getting us to a spot
first where everything passes.
---
stem/cached_tor_manual.sqlite | Bin 239616 -> 238592 bytes
stem/manual.py | 15 +++++++++++++--
stem/settings.cfg | 9 ++-------
test/integ/manual.py | 38 ++++----------------------------------
4 files changed, 19 insertions(+), 43 deletions(-)
diff --git a/stem/cached_tor_manual.sqlite b/stem/cached_tor_manual.sqlite
index 749bf86b..6b17f4da 100644
Binary files a/stem/cached_tor_manual.sqlite and
b/stem/cached_tor_manual.sqlite differ
diff --git a/stem/manual.py b/stem/manual.py
index 0bff9b68..3d734026 100644
--- a/stem/manual.py
+++ b/stem/manual.py
@@ -758,8 +758,19 @@ def _add_config_options(config_options, category, lines):
last_option, usage, description = None, None, []
- if lines and lines[0].startswith('The following options'):
- lines = lines[lines.index(''):] # drop the initial description
+ # Drop the section description. Each ends with a paragraph saying 'The
+ # following options...'.
+
+ desc_paragraph_index = None
+
+ for i, line in enumerate(lines):
+ if 'The following options' in line:
+ desc_paragraph_index = i
+ break
+
+ if desc_paragraph_index is not None:
+ lines = lines[desc_paragraph_index:] # trim to the description paragrah
+ lines = lines[lines.index(''):] # drop the paragraph
for line in lines:
if line and not line.startswith(' '):
diff --git a/stem/settings.cfg b/stem/settings.cfg
index 5ce1cfa0..7e84210c 100644
--- a/stem/settings.cfg
+++ b/stem/settings.cfg
@@ -32,7 +32,6 @@ manual.important ExitPolicy
manual.important MyFamily
manual.important Nickname
manual.important ORPort
-manual.important PortForwarding
manual.important AccountingMax
manual.important AccountingStart
@@ -190,8 +189,8 @@ manual.summary.RejectPlaintextPorts Prevents connections on
risky ports
manual.summary.OptimisticData Use exits without confirmation that prior
connections succeeded
manual.summary.Tor2webMode Establish non-anonymous hidden service connections
manual.summary.Tor2webRendezvousPoints Rendezvous points to use for hidden
services when in Tor2webMode
-manual.summary._HSLayer2Nodes # TODO:
https://trac.torproject.org/projects/tor/ticket/25581
-manual.summary._HSLayer3Nodes # TODO:
https://trac.torproject.org/projects/tor/ticket/25581
+manual.summary.HSLayer2Nodes permissible relays for the second hop of HS
circuits
+manual.summary.HSLayer3Nodes permissible relays for the third hop of HS
circuits
manual.summary.UseMicrodescriptors Retrieve microdescriptors rather than
server descriptors
manual.summary.PathBiasCircThreshold Number of circuits through a guard before
applying bias checks
manual.summary.PathBiasNoticeRate Fraction of circuits that must succeed
before logging a notice
@@ -222,7 +221,6 @@ manual.summary.BridgeDistribution Distribution method
BrideDB should provide our
manual.summary.ContactInfo Contact information for this relay
manual.summary.ExitRelay Allow relaying of exit traffic
manual.summary.ExitPolicy Traffic destinations that can exit from this relay
-manual.summary.ExitPolicyDefault # TODO:
https://trac.torproject.org/projects/tor/ticket/25582
manual.summary.ExitPolicyRejectPrivate Prevent exiting on the local network
manual.summary.ExitPolicyRejectLocalInterfaces More extensive prevention of
exiting on the local network
manual.summary.ReducedExitPolicy Customized reduced exit policy
@@ -232,8 +230,6 @@ manual.summary.MyFamily Other relays this operator
administers
manual.summary.Nickname Identifier for this relay
manual.summary.NumCPUs Number of processes spawned for decryption
manual.summary.ORPort Port used to accept relay traffic
-manual.summary.PortForwarding Use UPnP or NAT-PMP if needed to relay
-manual.summary.PortForwardingHelper Executable for configuring port forwarding
manual.summary.PublishServerDescriptor Types of descriptors published
manual.summary.ShutdownWaitLength Delay before quitting after receiving a
SIGINT signal
manual.summary.SSLKeyLifetime Lifetime for our link certificate
@@ -369,7 +365,6 @@ manual.summary.TestingDirAuthVoteHSDir Relays to give the
HSDir flag to
manual.summary.TestingDirAuthVoteHSDirIsStrict Only grant the HSDir flag to
relays listed by TestingDirAuthVoteHSDir
manual.summary.TestingEnableConnBwEvent Allow controllers to request CONN_BW
events
manual.summary.TestingEnableCellStatsEvent Allow controllers to request
CELL_STATS events
-manual.summary.TestingEnableTbEmptyEvent Allow controllers to request TB_EMPTY
events
manual.summary.TestingMinExitFlagThreshold Lower bound for assigning the Exit
flag
manual.summary.TestingLinkCertLifetime Duration of our ed25519 certificate
manual.summary.TestingAuthKeyLifetime Duration for our ed25519 signing key
diff --git a/test/integ/manual.py b/test/integ/manual.py
index b08179db..fa7e0ca5 100644
--- a/test/integ/manual.py
+++ b/test/integ/manual.py
@@ -52,39 +52,8 @@ EXPECTED_FILE_DESCRIPTION = 'Specify a new configuration
file to contain further
EXPECTED_BANDWIDTH_RATE_DESCRIPTION = 'A token bucket limits the average
incoming bandwidth usage on this node to the specified number of bytes per
second, and the average outgoing bandwidth usage to that same value. If you
want to run a relay in the public network, this needs to be at the very least
75 KBytes for a relay (that is, 600 kbits) or 50 KBytes for a bridge (400
kbits) -- but of course, more is better; we recommend at least 250 KBytes (2
mbits) if possible. (Default: 1 GByte)\n\nNote that this option, and other
bandwidth-limiting options, apply to TCP data only: They do not count TCP
headers or DNS traffic.\n\nWith this option, and in other options that take
arguments in bytes, KBytes, and so on, other formats are also supported.
Notably, "KBytes" can also be written as "kilobytes" or "kb"; "MBytes" can be
written as "megabytes" or "MB"; "kbits" can be written as "kilobits"; and so
forth. Tor also accepts "byte" and "bit" in the singular. The prefixes "tera"
and "T" are a
lso recognized. If no units are given, we default to bytes. To avoid
confusion, we recommend writing "bytes" or "bits" explicitly, since it\'s easy
to forget that "B" means bytes, not bits.'
-EXPECTED_EXIT_POLICY_DESCRIPTION = """
-Set an exit policy for this server. Each policy is of the form
"accept[6]|reject[6] ADDR[/MASK][:PORT]". If /MASK is omitted then this policy
just applies to the host given. Instead of giving a host or network you can
also use "*" to denote the universe (0.0.0.0/0 and ::/128), or *4 to denote all
IPv4 addresses, and *6 to denote all IPv6 addresses. PORT can be a single port
number, an interval of ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted,
that means "*".
-
-For example, "accept 18.7.22.69:*,reject 18.0.0.0/8:*,accept *:*" would reject
any IPv4 traffic destined for MIT except for web.mit.edu, and accept any other
IPv4 or IPv6 traffic.
-
-Tor also allows IPv6 exit policy entries. For instance, "reject6 [FC00::]/7:*"
rejects all destinations that share 7 most significant bit prefix with address
FC00::. Respectively, "accept6 [C000::]/3:*" accepts all destinations that
share 3 most significant bit prefix with address C000::.
-
-accept6 and reject6 only produce IPv6 exit policy entries. Using an IPv4
address with accept6 or reject6 is ignored and generates a warning.
accept/reject allows either IPv4 or IPv6 addresses. Use *4 as an IPv4 wildcard
address, and *6 as an IPv6 wildcard address. accept/reject * expands to
matching IPv4 and IPv6 wildcard address rules.
-
-To specify all IPv4 and IPv6 internal and link-local networks (including
0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8,
172.16.0.0/12, [::]/8, [FC00::]/7, [FE80::]/10, [FEC0::]/10, [FF00::]/8, and
[::]/127), you can use the "private" alias instead of an address. ("private"
always produces rules for IPv4 and IPv6 addresses, even when used with
accept6/reject6.)
-
-Private addresses are rejected by default (at the beginning of your exit
policy), along with any configured primary public IPv4 and IPv6 addresses.
These private addresses are rejected unless you set the ExitPolicyRejectPrivate
config option to 0. For example, once you've done that, you could allow HTTP to
127.0.0.1 and block all other connections to internal networks with "accept
127.0.0.1:80,reject private:*", though that may also allow connections to your
own computer that are addressed to its public (external) IP address. See RFC
1918 and RFC 3330 for more details about internal and reserved IP address
space. See ExitPolicyRejectLocalInterfaces if you want to block every address
on the relay, even those that aren't advertised in the descriptor.
-
-This directive can be specified multiple times so you don't have to put it all
on one line.
-
-Policies are considered first to last, and the first match wins. If you want
to allow the same ports on IPv4 and IPv6, write your rules using accept/reject
*. If you want to allow different ports on IPv4 and IPv6, write your IPv6 rules
using accept6/reject6 *6, and your IPv4 rules using accept/reject *4. If you
want to _replace_ the default exit policy, end your exit policy with either a
reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to) the
default exit policy.
-
-If you want to use a reduced exit policy rather than the default exit policy,
set "ReducedExitPolicy 1". If you want to replace the default exit policy with
your custom exit policy, end your exit policy with either a reject : or an
accept :. Otherwise, you're augmenting (prepending to) the default or reduced
exit policy.
-
-The default exit policy is:
-
- reject *:25
- reject *:119
- reject *:135-139
- reject *:445
- reject *:563
- reject *:1214
- reject *:4661-4666
- reject *:6346-6429
- reject *:6699
- reject *:6881-6999
- accept *:*
-""".strip()
+EXPECTED_EXIT_POLICY_DESCRIPTION_START = 'Set an exit policy for this server.
Each policy'
+EXPECTED_EXIT_POLICY_DESCRIPTION_END = 'it applies to both IPv4 and IPv6
addresses.'
class TestManual(unittest.TestCase):
@@ -164,7 +133,8 @@ class TestManual(unittest.TestCase):
return
manual = stem.manual.Manual.from_man(self.man_path)
- self.assertEqual(EXPECTED_EXIT_POLICY_DESCRIPTION,
manual.config_options['ExitPolicy'].description)
+
self.assertTrue(manual.config_options['ExitPolicy'].description.startswith(EXPECTED_EXIT_POLICY_DESCRIPTION_START))
+
self.assertTrue(manual.config_options['ExitPolicy'].description.endswith(EXPECTED_EXIT_POLICY_DESCRIPTION_END))
def test_that_cache_is_up_to_date(self):
"""
_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
