3 TC: A Tor control protocol (Version 1)
7 This document describes an implementation-specific protocol that is used
8 for other programs (such as frontend user-interfaces) to communicate with a
9 locally running Tor process. It is not part of the Tor onion routing
12 This protocol replaces version 0 of TC, which is now deprecated. For
13 reference, TC is described in "control-spec-v0.txt". Implementors are
14 recommended to avoid using TC directly, but instead to use a library that
15 can easily be updated to use the newer protocol. (Version 0 is used by Tor
16 versions 0.1.0.x; the protocol in this document only works with Tor
17 versions in the 0.1.1.x series and later.)
21 TC is a bidirectional message-based protocol. It assumes an underlying
22 stream for communication between a controlling process (the "client"
23 or "controller") and a Tor process (or "server"). The stream may be
24 implemented via TCP, TLS-over-TCP, a Unix-domain socket, or so on,
25 but it must provide reliable in-order delivery. For security, the
26 stream should not be accessible by untrusted parties.
28 In TC, the client and server send typed messages to each other over the
29 underlying stream. The client sends "commands" and the server sends
32 By default, all messages from the server are in response to messages from
33 the client. Some client requests, however, will cause the server to send
34 messages to the client indefinitely far into the future. Such
35 "asynchronous" replies are marked as such.
37 Servers respond to messages in the order messages are received.
41 2.1. Description format
43 The message formats listed below use ABNF as described in RFC 2234.
44 The protocol itself is loosely based on SMTP (see RFC 2821).
46 We use the following nonterminals from RFC 2822: atom, qcontent
48 We define the following general-use nonterminals:
50 String = DQUOTE *qcontent DQUOTE
52 There are explicitly no limits on line length. All 8-bit characters are
53 permitted unless explicitly disallowed.
55 2.2. Commands from controller to Tor
57 Command = Keyword Arguments CRLF / "+" Keyword Arguments CRLF Data
59 Arguments = *(SP / VCHAR)
61 Specific commands and their arguments are described below in section 3.
63 2.3. Replies from Tor to the controller
65 Reply = SyncReply / AsyncReply
66 SyncReply = *(MidReplyLine / DataReplyLine) EndReplyLine
67 AsyncReply = *(MidReplyLine / DataReplyLine) EndReplyLine
69 MidReplyLine = StatusCode "-" ReplyLine
70 DataReplyLine = StatusCode "+" ReplyLine Data
71 EndReplyLine = StatusCode SP ReplyLine
72 ReplyLine = [ReplyText] CRLF
76 Specific replies are mentioned below in section 3, and described more fully
79 [Compatibility note: versions of Tor before 0.2.0.3-alpha sometimes
80 generate AsyncReplies of the form "*(MidReplyLine / DataReplyLine)".
81 This is incorrect, but controllers that need to work with these
82 versions of Tor should be prepared to get multi-line AsyncReplies with
83 the final line (usually "650 OK") omitted.]
85 2.4. General-use tokens
87 ; Identifiers for servers.
88 ServerID = Nickname / Fingerprint
90 Nickname = 1*19 NicknameChar
91 NicknameChar = "a"-"z" / "A"-"Z" / "0" - "9"
92 Fingerprint = "$" 40*HEXDIG
94 ; A "=" indicates that the given nickname is canonical; a "~" indicates
95 ; that the given nickname is not canonical.
96 LongName = Fingerprint [ ( "=" / "~" ) Nickname ]
98 ; How a controller tells Tor about a particular OR. There are four
100 ; $Digest -- The router whose identity key hashes to the given digest.
101 ; This is the preferred way to refer to an OR.
102 ; $Digest~Name -- The router whose identity key hashes to the given
103 ; digest, but only if the router has the given nickname.
104 ; $Digest=Name -- The router whose identity key hashes to the given
105 ; digest, but only if the router is Named and has the given
107 ; Name -- The Named router with the given nickname, or, if no such
108 ; router exists, any router whose nickname matches the one given.
109 ; This is not a safe way to refer to routers, since Named status
110 ; could under some circumstances change over time.
111 ServerSpec = LongName / Nickname
113 ; Unique identifiers for streams or circuits. Currently, Tor only
114 ; uses digits, but this may change
115 StreamID = 1*16 IDChar
116 CircuitID = 1*16 IDChar
117 IDChar = ALPHA / DIGIT
119 Address = ip4-address / ip6-address / hostname (XXXX Define these)
121 ; A "Data" section is a sequence of octets concluded by the terminating
122 ; sequence CRLF "." CRLF. The terminating sequence may not appear in the
123 ; body of the data. Leading periods on lines in the data are escaped with
124 ; an additional leading period as in RFC 2821 section 4.5.2.
125 Data = *DataLine "." CRLF
126 DataLine = CRLF / "." 1*LineItem CRLF / NonDotItem *LineItem CRLF
127 LineItem = NonCR / 1*CR NonCRLF
128 NonDotItem = NonDotCR / 1*CR NonCRLF
132 All commands and other keywords are case-insensitive.
136 Change the value of one or more configuration variables. The syntax is:
138 "SETCONF" 1*(SP keyword ["=" String]) CRLF
140 Tor behaves as though it had just read each of the key-value pairs
141 from its configuration file. Keywords with no corresponding values have
142 their configuration values reset to 0 or NULL (use RESETCONF if you want
143 to set it back to its default). SETCONF is all-or-nothing: if there
144 is an error in any of the configuration settings, Tor sets none of them.
146 Tor responds with a "250 configuration values set" reply on success.
147 If some of the listed keywords can't be found, Tor replies with a
148 "552 Unrecognized option" message. Otherwise, Tor responds with a
149 "513 syntax error in configuration values" reply on syntax error, or a
150 "553 impossible configuration setting" reply on a semantic error.
152 When a configuration option takes multiple values, or when multiple
153 configuration keys form a context-sensitive group (see GETCONF below), then
154 setting _any_ of the options in a SETCONF command is taken to reset all of
155 the others. For example, if two ORBindAddress values are configured, and a
156 SETCONF command arrives containing a single ORBindAddress value, the new
157 command's value replaces the two old values.
161 Remove all settings for a given configuration option entirely, assign
162 its default value (if any), and then assign the String provided.
163 Typically the String is left empty, to simply set an option back to
164 its default. The syntax is:
166 "RESETCONF" 1*(SP keyword ["=" String]) CRLF
168 Otherwise it behaves like SETCONF above.
172 Request the value of a configuration variable. The syntax is:
174 "GETCONF" 1*(SP keyword) CRLF
176 If all of the listed keywords exist in the Tor configuration, Tor replies
177 with a series of reply lines of the form:
179 If any option is set to a 'default' value semantically different from an
180 empty string, Tor may reply with a reply line of the form:
183 If some of the listed keywords can't be found, Tor replies with a
184 "552 unknown configuration keyword" message.
186 If an option appears multiple times in the configuration, all of its
187 key-value pairs are returned in order.
189 Some options are context-sensitive, and depend on other options with
190 different keywords. These cannot be fetched directly. Currently there
191 is only one such option: clients should use the "HiddenServiceOptions"
192 virtual keyword to get all HiddenServiceDir, HiddenServicePort,
193 HiddenServiceNodes, and HiddenServiceExcludeNodes option settings.
197 Request the server to inform the client about interesting events. The
200 "SETEVENTS" [SP "EXTENDED"] *(SP EventCode) CRLF
202 EventCode = "CIRC" / "STREAM" / "ORCONN" / "BW" / "DEBUG" /
203 "INFO" / "NOTICE" / "WARN" / "ERR" / "NEWDESC" / "ADDRMAP" /
204 "AUTHDIR_NEWDESCS" / "DESCCHANGED" / "STATUS_GENERAL" /
205 "STATUS_CLIENT" / "STATUS_SERVER" / "GUARD" / "NS" / "STREAM_BW"
207 Any events *not* listed in the SETEVENTS line are turned off; thus, sending
208 SETEVENTS with an empty body turns off all event reporting.
210 The server responds with a "250 OK" reply on success, and a "552
211 Unrecognized event" reply if one of the event codes isn't recognized. (On
212 error, the list of active event codes isn't changed.)
214 If the flag string "EXTENDED" is provided, Tor may provide extra
215 information with events for this connection; see 4.1 for more information.
216 NOTE: All events on a given connection will be provided in extended format,
218 NOTE: "EXTENDED" is only supported in Tor 0.1.1.9-alpha or later.
220 Each event is described in more detail in Section 4.1.
224 Sent from the client to the server. The syntax is:
225 "AUTHENTICATE" [ SP 1*HEXDIG / QuotedString ] CRLF
227 The server responds with "250 OK" on success or "515 Bad authentication" if
228 the authentication cookie is incorrect. Tor closes the connection on an
229 authentication failure.
231 The format of the 'cookie' is implementation-dependent; see 5.1 below for
232 information on how the standard Tor implementation handles it.
234 Before the client has authenticated, no command other than PROTOCOLINFO,
235 AUTHENTICATE, or QUIT is valid. If the controller sends any other command,
236 or sends a malformed command, or sends an unsuccessful AUTHENTICATE
237 command, or sends PROTOCOLINFO more than once, Tor sends an error reply and
238 closes the connection.
240 (Versions of Tor before 0.1.2.16 and 0.2.0.4-alpha did not close the
241 connection after an authentication failure.)
245 Sent from the client to the server. The syntax is:
248 Instructs the server to write out its config options into its torrc. Server
249 returns "250 OK" if successful, or "551 Unable to write configuration
250 to disk" if it can't write the file or some other error occurs.
254 Sent from the client to the server. The syntax is:
256 "SIGNAL" SP Signal CRLF
258 Signal = "RELOAD" / "SHUTDOWN" / "DUMP" / "DEBUG" / "HALT" /
259 "HUP" / "INT" / "USR1" / "USR2" / "TERM" / "NEWNYM" /
262 The meaning of the signals are:
264 RELOAD -- Reload: reload config items, refetch directory. (like HUP)
265 SHUTDOWN -- Controlled shutdown: if server is an OP, exit immediately.
266 If it's an OR, close listeners and exit after 30 seconds.
268 DUMP -- Dump stats: log information about open connections and
269 circuits. (like USR1)
270 DEBUG -- Debug: switch all open logs to loglevel debug. (like USR2)
271 HALT -- Immediate shutdown: clean up and exit now. (like TERM)
272 CLEARDNSCACHE -- Forget the client-side cached IPs for all hostnames.
273 NEWNYM -- Switch to clean circuits, so new application requests
274 don't share any circuits with old ones. Also clears
275 the client-side DNS cache. (Tor MAY rate-limit its
276 response to this signal.)
278 The server responds with "250 OK" if the signal is recognized (or simply
279 closes the socket if it was asked to close immediately), or "552
280 Unrecognized signal" if the signal is unrecognized.
284 Sent from the client to the server. The syntax is:
286 "MAPADDRESS" 1*(Address "=" Address SP) CRLF
288 The first address in each pair is an "original" address; the second is a
289 "replacement" address. The client sends this message to the server in
290 order to tell it that future SOCKS requests for connections to the original
291 address should be replaced with connections to the specified replacement
292 address. If the addresses are well-formed, and the server is able to
293 fulfill the request, the server replies with a 250 message:
294 250-OldAddress1=NewAddress1
295 250 OldAddress2=NewAddress2
297 containing the source and destination addresses. If request is
298 malformed, the server replies with "512 syntax error in command
299 argument". If the server can't fulfill the request, it replies with
300 "451 resource exhausted".
302 The client may decline to provide a body for the original address, and
303 instead send a special null address ("0.0.0.0" for IPv4, "::0" for IPv6, or
304 "." for hostname), signifying that the server should choose the original
305 address itself, and return that address in the reply. The server
306 should ensure that it returns an element of address space that is unlikely
307 to be in actual use. If there is already an address mapped to the
308 destination address, the server may reuse that mapping.
310 If the original address is already mapped to a different address, the old
311 mapping is removed. If the original address and the destination address
312 are the same, the server removes any mapping in place for the original
316 C: MAPADDRESS 0.0.0.0=tor.eff.org 1.2.3.4=tor.freehaven.net
317 S: 250-127.192.10.10=tor.eff.org
318 S: 250 1.2.3.4=tor.freehaven.net
320 {Note: This feature is designed to be used to help Tor-ify applications
321 that need to use SOCKS4 or hostname-less SOCKS5. There are three
322 approaches to doing this:
323 1. Somehow make them use SOCKS4a or SOCKS5-with-hostnames instead.
324 2. Use tor-resolve (or another interface to Tor's resolve-over-SOCKS
325 feature) to resolve the hostname remotely. This doesn't work
326 with special addresses like x.onion or x.y.exit.
327 3. Use MAPADDRESS to map an IP address to the desired hostname, and then
328 arrange to fool the application into thinking that the hostname
329 has resolved to that IP.
330 This functionality is designed to help implement the 3rd approach.}
332 Mappings set by the controller last until the Tor process exits:
333 they never expire. If the controller wants the mapping to last only
334 a certain time, then it must explicitly un-map the address when that
339 Sent from the client to the server. The syntax is as for GETCONF:
340 "GETINFO" 1*(SP keyword) CRLF
341 one or more NL-terminated strings. The server replies with an INFOVALUE
342 message, or a 551 or 552 error.
344 Unlike GETCONF, this message is used for data that are not stored in the Tor
345 configuration file, and that may be longer than a single line. On success,
346 one ReplyLine is sent for each requested value, followed by a final 250 OK
347 ReplyLine. If a value fits on a single line, the format is:
349 If a value must be split over multiple lines, the format is:
353 Recognized keys and their values include:
355 "version" -- The version of the server's software, including the name
356 of the software. (example: "Tor 0.0.9.4")
358 "config-file" -- The location of Tor's configuration file ("torrc").
360 ["exit-policy/prepend" -- The default exit policy lines that Tor will
361 *prepend* to the ExitPolicy config option.
362 -- Never implemented. Useful?]
364 "exit-policy/default" -- The default exit policy lines that Tor will
365 *append* to the ExitPolicy config option.
367 "desc/id/<OR identity>" or "desc/name/<OR nickname>" -- the latest
368 server descriptor for a given OR, NUL-terminated.
370 "ns/id/<OR identity>" or "ns/name/<OR nickname>" -- the latest network
371 status info for a given OR. Network status info is as given in
372 dir-spec.txt, and reflects the current beliefs of this Tor about the
373 router in question. Like directory clients, controllers MUST
374 tolerate unrecognized flags and lines. The published date and
375 descriptor digest are those believed to be best by this Tor,
376 not necessarily those for a descriptor that Tor currently has.
377 [First implemented in 0.1.2.3-alpha.]
379 "ns/all" -- Network status info (v2 directory style) for all ORs we
380 have an opinion about, joined by newlines. [First implemented
383 "desc/all-recent" -- the latest server descriptor for every router that
386 "network-status" -- a space-separated list (v1 directory style)
387 of all known OR identities. This is in the same format as the
388 router-status line in v1 directories; see dir-spec-v1.txt section
389 3 for details. (If VERBOSE_NAMES is enabled, the output will
390 not conform to dir-spec-v1.txt; instead, the result will be a
391 space-separated list of LongName, each preceded by a "!" if it is
392 believed to be not running.)
394 "address-mappings/all"
395 "address-mappings/config"
396 "address-mappings/cache"
397 "address-mappings/control" -- a \r\n-separated list of address
398 mappings, each in the form of "from-address to-address expiry".
399 The 'config' key returns those address mappings set in the
400 configuration; the 'cache' key returns the mappings in the
401 client-side DNS cache; the 'control' key returns the mappings set
402 via the control interface; the 'all' target returns the mappings
403 set through any mechanism.
404 Expiry is formatted as with ADDRMAP events, except that "expiry" is
405 always a time in GMT or the string "NEVER"; see section 4.1.7.
406 First introduced in 0.2.0.3-alpha.
408 "addr-mappings/*" -- as for address-mappings/*, but without the
409 expiry portion of the value. Use of this value is deprecated
410 since 0.2.0.3-alpha; use address-mappings instead.
412 "address" -- the best guess at our external IP address. If we
413 have no guess, return a 551 error. (Added in 0.1.2.2-alpha)
415 "fingerprint" -- the contents of the fingerprint file that Tor
416 writes as a server, or a 551 if we're not a server currently.
417 (Added in 0.1.2.3-alpha)
420 A series of lines as for a circuit status event. Each line is of
422 CircuitID SP CircStatus [SP Path] CRLF
425 A series of lines as for a stream status event. Each is of the form:
426 StreamID SP StreamStatus SP CircID SP Target CRLF
429 A series of lines as for an OR connection status event. Each is of the
431 ServerID SP ORStatus CRLF
434 A series of lines listing the currently chosen entry guards, if any.
436 ServerID2 SP Status [SP ISOTime] CRLF
438 Status-with-time = ("unlisted") SP ISOTime
439 Status = ("up" / "never-connected" / "down" /
440 "unusable" / "unlisted" )
442 ServerID2 = Nickname / 40*HEXDIG
444 [From 0.1.1.4-alpha to 0.1.1.10-alpha, this was called "helper-nodes".
445 Tor still supports calling it that for now, but support will be
448 [Older versions of Tor (before 0.1.2.x-final) generated 'down' instead
449 of unlisted/unusable. Current Tors never generate 'down'.]
451 [XXXX ServerID2 differs from ServerID in not prefixing fingerprints
452 with a $. This is an implementation error. It would be nice to add
453 the $ back in if we can do so without breaking compatibility.]
456 "accounting/hibernating"
458 "accounting/bytes-left"
459 "accounting/interval-start"
460 "accounting/interval-wake"
461 "accounting/interval-end"
462 Information about accounting status. If accounting is enabled,
463 "enabled" is 1; otherwise it is 0. The "hibernating" field is "hard"
464 if we are accepting no data; "soft" if we're accepting no new
465 connections, and "awake" if we're not hibernating at all. The "bytes"
466 and "bytes-left" fields contain (read-bytes SP write-bytes), for the
467 start and the rest of the interval respectively. The 'interval-start'
468 and 'interval-end' fields are the borders of the current interval; the
469 'interval-wake' field is the time within the current interval (if any)
470 where we plan[ned] to start being active.
473 A series of lines listing the available configuration options. Each is
475 OptionName SP OptionType [ SP Documentation ] CRLF
477 OptionType = "Integer" / "TimeInterval" / "DataSize" / "Float" /
478 "Boolean" / "Time" / "CommaList" / "Dependant" / "Virtual" /
479 "String" / "LineList"
483 A series of lines listing the available GETINFO options. Each is of
485 OptionName SP Documentation CRLF
486 OptionPrefix SP Documentation CRLF
487 OptionPrefix = OptionName "/*"
490 A space-separated list of all the events supported by this version of
494 A space-separated list of all the events supported by this version of
497 "next-circuit/IP:port"
500 "dir/status/authority"
502 "dir/status/fp/<F1>+<F2>+<F3>"
505 "dir/server/fp/<F1>+<F2>+<F3>"
507 "dir/server/d/<D1>+<D2>+<D3>"
508 "dir/server/authority"
510 A series of lines listing directory contents, provided according to the
511 specification for the URLs listed in Section 4.4 of dir-spec.txt. Note
512 that Tor MUST NOT provide private information, such as descriptors for
513 routers not marked as general-purpose. When asked for 'authority'
514 information for which this Tor is not authoritative, Tor replies with
517 "status/circuit-established"
518 "status/enough-dir-info"
520 These provide the current internal Tor values for various Tor
521 states. See Section 4.1.10 for explanations. (Only a few of the
522 status events are available as getinfo's currently. Let us know if
523 you want more exposed.)
524 "status/version/recommended" -- List of currently recommended versions
525 "status/version/current" -- Status of the current version. One of:
526 new, old, unrecommended, recommended, new in series, obsolete.
527 "status/version/num-versioning" -- Number of versioning authorities
528 "status/version/num-concurring" -- Number of versioning authorities
529 agreeing on the status of the current version
532 C: GETINFO version desc/name/moria1
533 S: 250+desc/name/moria=
534 S: [Descriptor for moria]
536 S: 250-version=Tor 0.1.1.0-alpha-cvs
541 Sent from the client to the server. The format is:
542 "EXTENDCIRCUIT" SP CircuitID SP
543 ServerSpec *("," ServerSpec) SP
544 ("purpose=" Purpose) CRLF
546 This request takes one of two forms: either the CircuitID is zero, in
547 which case it is a request for the server to build a new circuit according
548 to the specified path, or the CircuitID is nonzero, in which case it is a
549 request for the server to extend an existing circuit with that ID according
550 to the specified path.
552 If CircuitID is 0 and "purpose=" is specified, then the circuit's
553 purpose is set. Two choices are recognized: "general" and
554 "controller". If not specified, circuits are created as "general".
556 If the request is successful, the server sends a reply containing a
557 message body consisting of the CircuitID of the (maybe newly created)
558 circuit. The syntax is "250" SP "EXTENDED" SP CircuitID CRLF.
560 3.11. SETCIRCUITPURPOSE
562 Sent from the client to the server. The format is:
563 "SETCIRCUITPURPOSE" SP CircuitID SP Purpose CRLF
565 This changes the circuit's purpose. See EXTENDCIRCUIT above for details.
567 3.12. SETROUTERPURPOSE
569 Sent from the client to the server. The format is:
570 "SETROUTERPURPOSE" SP NicknameOrKey SP Purpose CRLF
572 This changes the descriptor's purpose. See +POSTDESCRIPTOR below
577 Sent from the client to the server. The syntax is:
578 "ATTACHSTREAM" SP StreamID SP CircuitID [SP "HOP=" HopNum] CRLF
580 This message informs the server that the specified stream should be
581 associated with the specified circuit. Each stream may be associated with
582 at most one circuit, and multiple streams may share the same circuit.
583 Streams can only be attached to completed circuits (that is, circuits that
584 have sent a circuit status 'BUILT' event or are listed as built in a
585 GETINFO circuit-status request).
587 If the circuit ID is 0, responsibility for attaching the given stream is
590 If HOP=HopNum is specified, Tor will choose the HopNumth hop in the
591 circuit as the exit node, rather than the last node in the circuit.
592 Hops are 1-indexed; generally, it is not permitted to attach to hop 1.
594 Tor responds with "250 OK" if it can attach the stream, 552 if the circuit
595 or stream didn't exist, or 551 if the stream couldn't be attached for
598 {Implementation note: Tor will close unattached streams by itself,
599 roughly two minutes after they are born. Let the developers know if
600 that turns out to be a problem.}
602 {Implementation note: By default, Tor automatically attaches streams to
603 circuits itself, unless the configuration variable
604 "__LeaveStreamsUnattached" is set to "1". Attempting to attach streams
605 via TC when "__LeaveStreamsUnattached" is false may cause a race between
606 Tor and the controller, as both attempt to attach streams to circuits.}
608 {Implementation note: You can try to attachstream to a stream that
609 has already sent a connect or resolve request but hasn't succeeded
610 yet, in which case Tor will detach the stream from its current circuit
611 before proceeding with the new attach request.}
615 Sent from the client to the server. The syntax is:
616 "+POSTDESCRIPTOR" ("purpose=" Purpose) CRLF Descriptor CRLF "." CRLF
618 This message informs the server about a new descriptor. If Purpose is
619 specified, it must be either "general" or "controller", else we
622 The descriptor, when parsed, must contain a number of well-specified
623 fields, including fields for its nickname and identity.
625 If there is an error in parsing the descriptor, the server must send a "554
626 Invalid descriptor" reply. If the descriptor is well-formed but the server
627 chooses not to add it, it must reply with a 251 message whose body explains
628 why the server was not added. If the descriptor is added, Tor replies with
633 Sent from the client to the server. The syntax is:
634 "REDIRECTSTREAM" SP StreamID SP Address (SP Port) CRLF
636 Tells the server to change the exit address on the specified stream. If
637 Port is specified, changes the destination port as well. No remapping
638 is performed on the new provided address.
640 To be sure that the modified address will be used, this event must be sent
641 after a new stream event is received, and before attaching this stream to
644 Tor replies with "250 OK" on success.
648 Sent from the client to the server. The syntax is:
650 "CLOSESTREAM" SP StreamID SP Reason *(SP Flag) CRLF
652 Tells the server to close the specified stream. The reason should be one
653 of the Tor RELAY_END reasons given in tor-spec.txt, as a decimal. Flags is
654 not used currently; Tor servers SHOULD ignore unrecognized flags. Tor may
655 hold the stream open for a while to flush any data that is pending.
657 Tor replies with "250 OK" on success, or a 512 if there aren't enough
658 arguments, or a 552 if it doesn't recognize the StreamID or reason.
663 CLOSECIRCUIT SP CircuitID *(SP Flag) CRLF
666 Tells the server to close the specified circuit. If "IfUnused" is
667 provided, do not close the circuit unless it is unused.
669 Other flags may be defined in the future; Tor SHOULD ignore unrecognized
672 Tor replies with "250 OK" on success, or a 512 if there aren't enough
673 arguments, or a 552 if it doesn't recognize the CircuitID.
677 Tells the server to hang up on this controller connection. This command
678 can be used before authenticating.
684 "USEFEATURE" *(SP FeatureName) CRLF
685 FeatureName = 1*(ALPHA / DIGIT / "_" / "-")
687 Sometimes extensions to the controller protocol break compatibility with
688 older controllers. In this case, whenever possible, the extensions are
689 first included in Tor disabled by default, and only enabled on a given
690 controller connection when the "USEFEATURE" command is given. Once a
691 "USEFEATURE" command is given, it applies to all subsequent interactions on
692 the same connection; to disable an enabled feature, a new controller
693 connection must be opened.
695 This is a forward-compatibility mechanism; each feature will eventually
696 become a regular part of the control protocol in some future version of Tor.
697 Tor will ignore a request to use any feature that is already on by default.
698 Tor will give a "552" error if any requested feature is not recognized.
700 Feature names are case-insensitive.
704 Same as passing 'EXTENDED' to SETEVENTS; this is the preferred way to
705 request the extended event syntax.
707 This will not be always-enabled until at least XXX (or, at least two
708 stable releases after XXX, the release where it was first used for
713 Instead of ServerID as specified above, the controller should
714 identify ORs by LongName in events and GETINFO results. This format is
715 strictly more informative: rather than including Nickname for
716 known Named routers and Fingerprint for unknown or unNamed routers, the
717 LongName format includes a Fingerprint, an indication of Named status,
718 and a Nickname (if one is known).
720 This will not be always-enabled until at least 0.1.4.x (or at least two
721 stable releases after 0.1.2.2-alpha, the release where it was first
727 "RESOLVE" *Option *Address CRLF
728 Option = "mode=reverse"
729 Address = a hostname or IPv4 address
731 This command launches a remote hostname lookup request for every specified
732 request (or reverse lookup if "mode=reverse" is specified). Note that the
733 request is done in the background: to see the answers, your controller will
734 need to listen for ADDRMAP events; see 4.1.7 below.
736 [Added in Tor 0.2.0.3-alpha]
741 "PROTOCOLINFO" *(SP PIVERSION) CRLF
743 The server reply format is:
744 "250+PROTOCOLINFO" SP PIVERSION CRLF *InfoLine "250 OK" CRLF
746 InfoLine = AuthLine / VersionLine / OtherLine
748 AuthLine = "250-AUTH" SP "METHODS=" AuthMethod *(",")AuthMethod
749 *(SP "COOKIEFILE=" AuthCookieFile) CRLF
750 VersionLine = "250-VERSION" SP "Tor=" TorVersion [SP Arguments] CRLF
753 "NULL" / ; No authentication is required
754 "HASHEDPASSWORD" / ; A controller must supply the original password
755 "COOKIE" / ; A controller must supply the contents of a cookie
757 AuthCookieFile = QuotedString
758 TorVersion = QuotedString
760 OtherLine = "250-" Keyword [SP Arguments] CRLF
764 Tor MAY give its InfoLines in any order; controllers MUST ignore InfoLines
765 with keywords they do not recognize. Controllers MUST ignore extraneous
766 data on any InfoLine.
768 PIVERSION is there in case we drastically change the syntax one day. For
769 now it should always be "1". Controllers MAY provide a list of the
770 protocolinfo versions they support; Tor MAY select a version that the
771 controller does not support.
773 AuthMethod is used to specify one or more control authentication
774 methods that Tor currently accepts.
776 AuthCookieFile specifies the absolute path and filename of the
777 authentication cookie that Tor is expecting and is provided iff
778 the METHODS field contains the method "COOKIE". Controllers MUST handle
779 escape sequences inside this string.
781 The VERSION line contains the Tor version.
783 [Unlike other commands besides AUTHENTICATE, PROTOCOLINFO may be used (but
784 only once!) before AUTHENTICATE.]
786 [PROTOCOLINFO was not supported before Tor 0.2.0.5-alpha.]
790 Reply codes follow the same 3-character format as used by SMTP, with the
791 first character defining a status, the second character defining a
792 subsystem, and the third designating fine-grained information.
794 The TC protocol currently uses the following first characters:
796 2yz Positive Completion Reply
797 The command was successful; a new request can be started.
799 4yz Temporary Negative Completion reply
800 The command was unsuccessful but might be reattempted later.
802 5yz Permanent Negative Completion Reply
803 The command was unsuccessful; the client should not try exactly
804 that sequence of commands again.
806 6yz Asynchronous Reply
807 Sent out-of-order in response to an earlier SETEVENTS command.
809 The following second characters are used:
812 Sent in response to ill-formed or nonsensical commands.
815 Refers to operations of the Tor Control protocol.
818 Refers to actual operations of Tor system.
820 The following codes are defined:
823 251 Operation was unnecessary
824 [Tor has declined to perform the operation, but no harm was done.]
826 451 Resource exhausted
828 500 Syntax error: protocol
830 510 Unrecognized command
831 511 Unimplemented command
832 512 Syntax error in command argument
833 513 Unrecognized command argument
834 514 Authentication required
835 515 Bad authentication
837 550 Unspecified Tor error
840 [Something went wrong inside Tor, so that the client's
841 request couldn't be fulfilled.]
843 552 Unrecognized entity
844 [A configuration key, a stream ID, circuit ID, event,
845 mentioned in the command did not actually exist.]
847 553 Invalid configuration value
848 [The client tried to set a configuration option to an
849 incorrect, ill-formed, or impossible value.]
851 554 Invalid descriptor
855 650 Asynchronous event notification
857 Unless specified to have specific contents, the human-readable messages
858 in error replies should not be relied upon to match those in this document.
860 4.1. Asynchronous events
862 These replies can be sent after a corresponding SETEVENTS command has been
863 received. They will not be interleaved with other Reply elements, but they
864 can appear between a command and its corresponding reply. For example,
865 this sequence is possible:
869 C: GETCONF SOCKSPORT ORPORT
870 S: 650 CIRC 1000 EXTENDED moria1,moria2
871 S: 250-SOCKSPORT=9050
874 But this sequence is disallowed:
877 C: GETCONF SOCKSPORT ORPORT
878 S: 250-SOCKSPORT=9050
879 S: 650 CIRC 1000 EXTENDED moria1,moria2
882 Clients MUST tolerate more arguments in an asynchonous reply than
883 expected, and MUST tolerate more lines in an asynchronous reply than
884 expected. For instance, a client that expects a CIRC message like:
885 650 CIRC 1000 EXTENDED moria1,moria2
887 650-CIRC 1000 EXTENDED moria1,moria2 0xBEEF
891 If clients ask for extended events, then each event line as specified below
892 will be followed by additional extensions. Additional lines will be of the
894 "650" ("-"/" ") KEYWORD ["=" ARGUMENTS] CRLF
895 Additional arguments will be of the form
896 SP KEYWORD ["=" ( QuotedString / * NonSpDquote ) ]
897 Such clients MUST tolerate lines with keywords they do not recognize.
899 4.1.1. Circuit status changed
903 "650" SP "CIRC" SP CircuitID SP CircStatus [SP Path]
904 [SP "REASON=" Reason [SP "REMOTE_REASON=" Reason]] CRLF
907 "LAUNCHED" / ; circuit ID assigned to new circuit
908 "BUILT" / ; all hops finished, can now accept streams
909 "EXTENDED" / ; one more hop has been completed
910 "FAILED" / ; circuit closed (was not built)
911 "CLOSED" ; circuit closed (was built)
913 Path = ServerID *("," ServerID)
915 Reason = "NONE" / "TORPROTOCOL" / "INTERNAL" / "REQUESTED" /
916 "HIBERNATING" / "RESOURCELIMIT" / "CONNECTFAILED" /
917 "OR_IDENTITY" / "OR_CONN_CLOSED" / "TIMEOUT" /
918 "FINISHED" / "DESTROYED" / "NOPATH" / "NOSUCHSERVICE"
920 The path is provided only when the circuit has been extended at least one
923 The "REASON" field is provided only for FAILED and CLOSED events, and only
924 if extended events are enabled (see 3.19). Clients MUST accept reasons
925 not listed above. Reasons are as given in tor-spec.txt, except for:
927 NOPATH (Not enough nodes to make circuit)
929 The "REMOTE_REASON" field is provided only when we receive a DESTROY or
930 TRUNCATE cell, and only if extended events are enabled. It contains the
931 actual reason given by the remote OR for closing the circuit. Clients MUST
932 accept reasons not listed above. Reasons are as listed in tor-spec.txt.
934 4.1.2. Stream status changed
938 "650" SP "STREAM" SP StreamID SP StreamStatus SP CircID SP Target
939 [SP "REASON=" Reason [ SP "REMOTE_REASON=" Reason ]]
940 [SP "SOURCE=" Source] [ SP "SOURCE_ADDR=" Address ":" Port ]
944 "NEW" / ; New request to connect
945 "NEWRESOLVE" / ; New request to resolve an address
946 "REMAP" / ; Address re-mapped to another
947 "SENTCONNECT" / ; Sent a connect cell along a circuit
948 "SENTRESOLVE" / ; Sent a resolve cell along a circuit
949 "SUCCEEDED" / ; Received a reply; stream established
950 "FAILED" / ; Stream failed and not retriable
951 "CLOSED" / ; Stream closed
952 "DETACHED" ; Detached from circuit; still retriable
954 Target = Address ":" Port
956 The circuit ID designates which circuit this stream is attached to. If
957 the stream is unattached, the circuit ID "0" is given.
959 Reason = "MISC" / "RESOLVEFAILED" / "CONNECTREFUSED" /
960 "EXITPOLICY" / "DESTROY" / "DONE" / "TIMEOUT" /
961 "HIBERNATING" / "INTERNAL"/ "RESOURCELIMIT" /
962 "CONNRESET" / "TORPROTOCOL" / "NOTDIRECTORY" / "END"
964 The "REASON" field is provided only for FAILED, CLOSED, and DETACHED
965 events, and only if extended events are enabled (see 3.19). Clients MUST
966 accept reasons not listed above. Reasons are as given in tor-spec.txt,
969 END (We received a RELAY_END cell from the other side of thise
971 [XXXX document more.]
973 The "REMOTE_REASON" field is provided only when we receive a RELAY_END
974 cell, and only if extended events are enabled. It contains the actual
975 reason given by the remote OR for closing the stream. Clients MUST accept
976 reasons not listed above. Reasons are as listed in tor-spec.txt.
978 "REMAP" events include a Source if extended events are enabled:
979 Source = "CACHE" / "EXIT"
980 Clients MUST accept sources not listed above. "CACHE" is given if
981 the Tor client decided to remap the address because of a cached
982 answer, and "EXIT" is given if the remote node we queried gave us
983 the new address as a response.
985 The "SOURCE_ADDR" field is included with NEW and NEWRESOLVE events if
986 extended events are enabled. It indicates the address and port
987 that requested the connection, and can be (e.g.) used to look up the
990 4.1.3. OR Connection status changed
993 "650" SP "ORCONN" SP (ServerID / Target) SP ORStatus [ SP "REASON="
994 Reason ] [ SP "NCIRCS=" NumCircuits ]
996 ORStatus = "NEW" / "LAUNCHED" / "CONNECTED" / "FAILED" / "CLOSED"
998 NEW is for incoming connections, and LAUNCHED is for outgoing
999 connections. CONNECTED means the TLS handshake has finished (in
1000 either direction). FAILED means a connection is being closed that
1001 hasn't finished its handshake, and CLOSED is for connections that
1004 A ServerID is specified unless it's a NEW connection, in which
1005 case we don't know what server it is yet, so we use Address:Port.
1007 If extended events are enabled (see 3.19), optional reason and
1008 circuit counting information is provided for CLOSED and FAILED
1011 Reason = "MISC" / "DONE" / "CONNECTREFUSED" /
1012 "IDENTITY" / "CONNECTRESET" / "TIMEOUT" / "NOROUTE" /
1015 NumCircuits counts both established and pending circuits.
1017 4.1.4. Bandwidth used in the last second
1020 "650" SP "BW" SP BytesRead SP BytesWritten *(SP Type "=" Num)
1022 BytesWritten = 1*DIGIT
1023 Type = "DIR" / "OR" / "EXIT" / "APP" / ...
1026 BytesRead and BytesWritten are the totals. In Tor 0.1.x.y-alpha
1027 and later, we also include a breakdown of the connection types
1028 that used bandwidth this second (not implemented yet).
1033 "650" SP Severity SP ReplyText
1035 "650+" Severity CRLF Data 650 SP "OK" CRLF
1037 Severity = "DEBUG" / "INFO" / "NOTICE" / "WARN"/ "ERR"
1039 4.1.6. New descriptors available
1042 "650" SP "NEWDESC" 1*(SP ServerID)
1044 4.1.7. New Address mapping
1047 "650" SP "ADDRMAP" SP Address SP NewAddress SP Expiry
1048 [SP Error] SP GMTExpiry CRLF
1050 NewAddress = Address / "<error>"
1051 Expiry = DQUOTE ISOTime DQUOTE / "NEVER"
1053 Error = "error=" ErrorCode
1055 GMTExpiry = "EXPIRES=" DQUOTE IsoTime DQUOTE
1057 Error and GMTExpiry are only provided if extended events are enabled.
1059 Expiry is expressed as the local time (rather than GMT). This is a bug,
1060 left in for backward compatibility; new code should look at GMTExpiry
1063 These events are generated when a new address mapping is entered in the
1064 cache, or when the answer for a RESOLVE command is found.
1066 4.1.8. Descriptors uploaded to us in our role as authoritative dirserver
1069 "650" "+" "AUTHDIR_NEWDESCS" CRLF Action CRLF Message CRLF
1070 Descriptor CRLF "." CRLF "650" SP "OK" CRLF
1071 Action = "ACCEPTED" / "DROPPED" / "REJECTED"
1074 4.1.9. Our descriptor changed
1077 "650" SP "DESCCHANGED"
1079 [First added in 0.1.2.2-alpha.]
1081 4.1.10. Status events
1083 Status events (STATUS_GENERAL, STATUS_CLIENT, and STATUS_SERVER) are sent
1084 based on occurrences in the Tor process pertaining to the general state of
1085 the program. Generally, they correspond to log messages of severity Notice
1086 or higher. They differ from log messages in that their format is a
1087 specified interface.
1090 "650" SP StatusType SP StatusSeverity SP StatusAction
1091 [SP StatusArguments] CRLF
1093 StatusType = "STATUS_GENERAL" / "STATUS_CLIENT" / "STATUS_SERVER"
1094 StatusSeverity = "NOTICE" / "WARN" / "ERR"
1095 StatusAction = 1*ALPHA
1096 StatusArguments = StatusArgument *(SP StatusArgument)
1097 StatusArgument = StatusKeyword '=' StatusValue
1098 StatusKeyword = 1*(ALNUM / "_")
1099 StatusValue = 1*(ALNUM / '_') / QuotedString
1101 Action is a string, and Arguments is a series of keyword=value
1102 pairs on the same line. Values may be space-terminated strings,
1105 These events are always produced with EXTENDED_EVENTS and
1106 VERBOSE_NAMES; see the explanations in the USEFEATURE section
1109 Controllers MUST tolerate unrecognized actions, MUST tolerate
1110 unrecognized arguments, MUST tolerate missing arguments, and MUST
1111 tolerate arguments that arrive in any order.
1113 Each event description below is accompanied by a recommendation for
1114 controllers. These recommendations are suggestions only; no controller
1115 is required to implement them.
1117 Actions for STATUS_GENERAL events can be as follows:
1121 Tor spent enough time without CPU cycles that it has closed all
1122 its circuits and will establish them anew. This typically
1123 happens when a laptop goes to sleep and then wakes up again. It
1124 also happens when the system is swapping so heavily that Tor is
1125 starving. The "time" argument specifies the number of seconds Tor
1126 thinks it was unconscious for (or alternatively, the number of
1127 seconds it went back in time).
1129 This status event is sent as NOTICE severity normally, but WARN
1130 severity if Tor is acting as a server currently.
1132 {Recommendation for controller: ignore it, since we don't really
1133 know what the user should do anyway. Hm.}
1137 "REASON=NEW/OLD/UNRECOMMENDED"
1138 "RECOMMENDED=\"version, version, ...\""
1139 Tor has found that directory servers don't recommend its version of
1140 the Tor software. RECOMMENDED is a comma-and-space-separated string
1141 of Tor versions that are recommended. REASON is NEW if this version
1142 of Tor is newer than any recommended version, OLD if this version of
1143 Tor is older than any recommended version, and UNRECOMMENDED if
1144 some recommended versions of Tor are newer and some are old than this
1147 {Controllers may want to suggest that the user upgrade OLD or
1148 UNRECOMMENDED versions. NEW versions may be known-insecure, or may
1149 simply be development versions.}
1151 TOO_MANY_CONNECTIONS
1153 Tor has reached its ulimit -n or whatever the native limit is on file
1154 descriptors or sockets. CURRENT is the number of sockets Tor
1155 currently has open. The user should really do something about
1156 this. The "current" argument shows the number of connections currently
1159 {Controllers may recommend that the user increase the limit, or
1160 increase it for them. Recommendations should be phrased in an
1161 OS-appropriate way and automated when possible.}
1165 Tor has encountered a situation that its developers never expected,
1166 and the developers would like to learn that it happened. Perhaps
1167 the controller can explain this to the user and encourage her to
1170 {Controllers should log bugs, but shouldn't annoy the user in case a
1171 bug appears frequently.}
1174 SKEW="+" / "-" SECONDS
1175 SOURCE="DIRSERV:IP:Port" / "NETWORKSTATUS:IP:PORT"
1176 If "SKEW" is present, it's an estimate of how far we are from the
1177 time declared in the source. If the source is a DIRSERV, we got
1178 the current time from a connection to a dirserver. If the source is
1179 a NETWORKSTATUS, we decided we're skewed because we got a
1180 networkstatus from far in the future.
1182 {Controllers may want to warn the user if the skew is high, or if
1183 multiple skew messages appear at severity WARN. Controllers
1184 shouldn't blindly adjust the clock, since the more accurate source
1185 of skew info (DIRSERV) is currently unauthenticated.}
1188 "METHOD=" libevent method
1189 "VERSION=" libevent version
1190 "BADNESS=" "BROKEN" / "BUGGY" / "SLOW"
1191 "RECOVERED=" "NO" / "YES"
1192 Tor knows about bugs in using the configured event method in this
1193 version of libevent. "BROKEN" libevents won't work at all;
1194 "BUGGY" libevents might work okay; "SLOW" libevents will work
1195 fine, but not quickly. If "RECOVERED" is YES, Tor managed to
1196 switch to a more reliable (but probably slower!) libevent method.
1198 {Controllers may want to warn the user if this event occurs, though
1199 generally it's the fault of whoever built the Tor binary and there's
1200 not much the user can do besides upgrade libevent or upgrade the
1204 Tor believes that none of the known directory servers are
1205 reachable -- this is most likely because the local network is
1206 down or otherwise not working, and might help to explain for the
1207 user why Tor appears to be broken.
1209 {Controllers may want to warn the user if this event occurs; further
1210 action is generally not possible.}
1212 Actions for STATUS_CLIENT events can be as follows:
1215 Tor now knows enough network-status documents and enough server
1216 descriptors that it's going to start trying to build circuits now.
1218 {Controllers may want to use this event to decide when to indicate
1219 progress to their users, but should not interrupt the user's browsing
1223 We discarded expired statuses and router descriptors to fall
1224 below the desired threshold of directory information. We won't
1225 try to build any circuits until ENOUGH_DIR_INFO occurs again.
1227 {Controllers may want to use this event to decide when to indicate
1228 progress to their users, but should not interrupt the user's browsing
1232 Tor is able to establish circuits for client use. This event will
1233 only be sent if we just built a circuit that changed our mind --
1234 that is, prior to this event we didn't know whether we could
1237 {Suggested use: controllers can notify their users that Tor is
1238 ready for use as a client once they see this status event. [Perhaps
1239 controllers should also have a timeout if too much time passes and
1240 this event hasn't arrived, to give tips on how to troubleshoot.
1241 On the other hand, hopefully Tor will send further status events
1242 if it can identify the problem.]}
1244 CIRCUIT_NOT_ESTABLISHED
1245 "REASON=" "EXTERNAL_ADDRESS" / "DIR_ALL_UNREACHABLE" / "CLOCK_JUMPED"
1246 We are no longer confident that we can build circuits. The "reason"
1247 keyword provides an explanation: which other status event type caused
1248 our lack of confidence.
1250 {Controllers may want to use this event to decide when to indicate
1251 progress to their users, but should not interrupt the user's browsing
1253 [Note: only REASON=CLOCK_JUMPED is implemented currently.]
1256 "PROTOCOL=SOCKS4/SOCKS5"
1258 A connection was made to Tor's SOCKS port using one of the SOCKS
1259 approaches that doesn't support hostnames -- only raw IP addresses.
1260 If the client application got this address from gethostbyname(),
1261 it may be leaking target addresses via DNS.
1263 {Controllers should warn their users when this occurs, unless they
1264 happen to know that the application using Tor is in fact doing so
1265 correctly (e.g., because it is part of a distributed bundle).}
1267 SOCKS_UNKNOWN_PROTOCOL
1269 A connection was made to Tor's SOCKS port that tried to use it
1270 for something other than the SOCKS protocol. Perhaps the user is
1271 using Tor as an HTTP proxy? The DATA is the first few characters
1272 sent to Tor on the SOCKS port.
1274 {Controllers may want to warn their users when this occurs: it
1275 indicates a misconfigured application.}
1278 "HOSTNAME=QuotedString"
1279 Some application gave us a funny-looking hostname. Perhaps
1280 it is broken? In any case it won't work with Tor and the user
1283 {Controllers may want to warn their users when this occurs: it
1284 usually indicates a misconfigured application.}
1286 Actions for STATUS_SERVER can be as follows:
1291 "METHOD=CONFIGURED/DIRSERV/RESOLVED/INTERFACE/GETHOSTNAME"
1292 Our best idea for our externally visible IP has changed to 'IP'.
1293 If 'HOSTNAME' is present, we got the new IP by resolving 'NAME'. If the
1294 method is 'CONFIGURED', the IP was given verbatim as a configuration
1295 option. If the method is 'RESOLVED', we resolved the Address
1296 configuration option to get the IP. If the method is 'GETHOSTNAME',
1297 we resolved our hostname to get the IP. If the method is 'INTERFACE',
1298 we got the address of one of our network interfaces to get the IP. If
1299 the method is 'DIRSERV', a directory server told us a guess for what
1302 {Controllers may want to record this info and display it to the user.}
1304 CHECKING_REACHABILITY
1306 "DIRADDRESS=IP:port"
1307 We're going to start testing the reachability of our external OR port
1310 {This event could effect the controller's idea of server status, but
1311 the controller should not interrupt the user to tell them so.}
1313 REACHABILITY_SUCCEEDED
1315 "DIRADDRESS=IP:port"
1316 We successfully verified the reachability of our external OR port or
1319 {This event could effect the controller's idea of server status, but
1320 the controller should not interrupt the user to tell them so.}
1322 GOOD_SERVER_DESCRIPTOR
1323 We successfully uploaded our server descriptor to each of the
1324 directory authorities, with no complaints.
1326 {This event could effect the controller's idea of server status, but
1327 the controller should not interrupt the user to tell them so.}
1331 "STATUS=" "UP" / "DOWN"
1333 One of our nameservers has changed status.
1336 {This event could effect the controller's idea of server status, but
1337 the controller should not interrupt the user to tell them so.}
1340 All of our nameservers have gone down.
1342 {This is a problem; if it happens often without the nameservers
1343 coming up again, the user needs to configure more or better
1347 Our DNS provider is providing an address when it should be saying
1348 "NOTFOUND"; Tor will treat the address as a synonym for "NOTFOUND".
1350 {This is an annoyance; controllers may want to tell admins that their
1351 DNS provider is not to be trusted.}
1354 Our DNS provider is giving a hijacked address instead of well-known
1355 websites; Tor will not try to be an exit node.
1357 {Controllers could warn the admin if the server is running as an
1358 exit server: the admin needs to configure a good DNS server.
1359 Alternatively, this happens a lot in some restrictive environments
1360 (hotels, universities, coffeeshops) when the user hasn't registered.}
1362 BAD_SERVER_DESCRIPTOR
1365 A directory authority rejected our descriptor. Possible reasons
1366 include malformed descriptors, incorrect keys, highly skewed clocks,
1369 {Controllers should warn the admin, and try to cope if they can.}
1371 ACCEPTED_SERVER_DESCRIPTOR
1373 A single directory authority accepted our descriptor.
1376 {This event could effect the controller's idea of server status, but
1377 the controller should not interrupt the user to tell them so.}
1381 "DIRADDRESS=IP:port"
1382 We failed to connect to our external OR port or directory port
1385 {This event could effect the controller's idea of server status. The
1386 controller should warn the admin and suggest reasonable steps to take.}
1388 4.1.11. Our set of guard nodes has changed
1391 "650" SP "GUARD" SP Type SP Name SP Status ... CRLF
1393 Name = The (possibly verbose) nickname of the guard affected.
1394 Status = "NEW" | "UP" | "DOWN" | "BAD" | "GOOD" | "DROPPED"
1396 [explain states. XXX]
1398 4.1.12. Network status has changed
1401 "650" "+" "NS" CRLF 1*NetworkStatus "." CRLF "650" SP "OK" CRLF
1403 [First added in 0.1.2.3-alpha]
1405 4.1.13. Bandwidth used on an application stream
1408 "650" SP "STREAM_BW" SP StreamID SP BytesRead SP BytesWritten
1410 BytesWritten = 1*DIGIT
1412 BytesRead and BytesWritten are the number of bytes read and written since
1413 the last STREAM_BW event on this stream. These events are generated about
1414 once per second per stream; no events are generated for streams that have
1415 not read or written.
1417 These events apply only to streams entering Tor (such as on a SOCKSPort,
1418 TransPort, or so on). They are not generated for exiting streams.
1420 5. Implementation notes
1424 By default, the current Tor implementation trusts all local users.
1426 If the 'CookieAuthentication' option is true, Tor writes a "magic cookie"
1427 file named "control_auth_cookie" into its data directory. To authenticate,
1428 the controller must send the contents of this file, encoded in hexadecimal.
1430 If the 'HashedControlPassword' option is set, it must contain the salted
1431 hash of a secret password. The salted hash is computed according to the
1432 S2K algorithm in RFC 2440 (OpenPGP), and prefixed with the s2k specifier.
1433 This is then encoded in hexadecimal, prefixed by the indicator sequence
1434 "16:". Thus, for example, the password 'foo' could encode to:
1435 16:660537E3E1CD49996044A3BF558097A981F539FEA2F9DA662B4626C1C2
1436 ++++++++++++++++**^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1439 You can generate the salt of a password by calling
1440 'tor --hash-password <password>'
1441 or by using the example code in the Python and Java controller libraries.
1442 To authenticate under this scheme, the controller sends Tor the original
1443 secret that was used to generate the password.
1445 5.2. Don't let the buffer get too big.
1447 If you ask for lots of events, and 16MB of them queue up on the buffer,
1448 the Tor process will close the socket.
1450 5.3. Backward compatibility with v0 control protocol.
1452 The 'version 0' control protocol was replaced in Tor 0.1.1.x. Support was
1453 removed in Tor 0.2.0.x. Every non-obsolete version of Tor now supports the
1454 version 1 control protocol.
1456 For backward compatibility with the "version 0" control protocol,
1457 Tor used to check whether the third octet of the first command is zero.
1458 (If it was, Tor assumed that version 0 is in use.)
1460 This compatibility was removed in Tor 0.1.2.16 and 0.2.0.4-alpha.
1462 5.4. Options for use by controllers
1464 Tor provides a few special configuration options for use by controllers.
1465 These options can be set and examined by the SETCONF and GETCONF commands,
1466 but are not saved to disk by SAVECONF.
1468 Generally, these options make Tor unusable by disabling a portion of Tor's
1469 normal operations. Unless a controller provides replacement functionality
1470 to fill this gap, Tor will not correctly handle user requests.
1472 __AllDirOptionsPrivate
1474 If true, Tor will try to launch all directory operations through
1475 anonymous connections. (Ordinarily, Tor only tries to anonymize
1476 requests related to hidden services.) This option will slow down
1477 directory access, and may stop Tor from working entirely if it does not
1478 yet have enough directory information to build circuits.
1480 (Boolean. Default: "0".)
1482 __DisablePredictedCircuits
1484 If true, Tor will not launch preemptive "general purpose" circuits for
1485 streams to attach to. (It will still launch circuits for testing and
1486 for hidden services.)
1488 (Boolean. Default: "0".)
1490 __LeaveStreamsUnattached
1492 If true, Tor will not automatically attach new streams to circuits;
1493 instead, the controller must attach them with ATTACHSTREAM. If the
1494 controller does not attach the streams, their data will never be routed.
1496 (Boolean. Default: "0".)