Provided by: torsocks_1.3-3_amd64 
NAME
torsocks.conf - configuration file for torsocks(8)
SUMMARY
By default, torsocks will assume that it should connect to the SOCKS proxy running at
127.0.0.1 on port 9050. This is the default address and port for Tor's socks server on
most installations. If you are running a normal Tor installation and have no special
requirements, then you should not need to create, edit or invoke a configuration file when
using torsocks.
Your installation of torsocks includes a default configuration file that contains values
sensible for use with most Tor installations. The installation location for your default
configuration file is:
/etc/torsocks.conf
In order to use a configuration file, you must set the environment variable
TORSOCKS_CONF_FILE with the location of the file.
If TORSOCKS_CONF_FILE is not set, torsocks will attempt to read the configuration file at
/etc/torsocks.conf. If that file cannot be read, torsocks will use sensible defaults for
most Tor installations, i.e. it will assume that you want to use a SOCKS proxy running at
127.0.0.1 (localhost) on port 9050.
An example of typical usage is provided under the 'example' heading at the end of this
manual page. The script 'usewithtor' provided with your torsocks installation will set
this environment variable for you, and load the configuration file provided with your
installation.
If you want to use a custom file in a different location, you should set the environment
variable yourself and then use the torsocks command, rather than usewithtor.
OVERVIEW
The configuration for torsocks can be anything from two lines to hundreds of lines based
on the needs at any particular site. The basic idea is to define any networks the machine
can access directly (i.e without the use of a SOCKS server) and define one or many SOCKS
servers to be used to access other networks (including a 'default' server).
Local networks are declared using the 'local' keyword in the configuration file. When
applications attempt to connect to machines in networks marked as local torsocks will not
attempt to use a SOCKS server to negotiate the connection.
Obviously if a connection is not to a locally accessible network it will need to be
proxied over a SOCKS server. However, many installations have several different SOCKS
servers to be used to access different internal (and external) networks. For this reason
the configuration file allows the definition of `paths' as well as a default SOCKS server.
Paths are declared as blocks in the configuration file. That is, they begin with a 'path
{' line in the configuration file and end with a '}' line. Inside this block directives
should be used to declare a SOCKS server (as documented later in this manual page) and
'reaches' directives should be used to declare networks and even destination ports in
those networks that this server should be used to reach. N.B Each path MUST define a SOCKS
server and contain one or more 'reaches' directives.
SOCKS server declaration directives that are not contained within a 'path' block define
the default SOCKS server. If torsocks needs to connect to a machine via a SOCKS server
(i.e it isn't a network declared as 'local') and no 'path' has declared it can reach that
network via a 'reaches' directive this server is used to negotiate the connection.
CONFIGURATION SYNTAX
The basic structure of all lines in the configuration file is:
<directive> = <parameters>
The exception to this is 'path' blocks which look like:
path {
<directive> = <parameters>
}
Empty lines are ignored and all input on a line after a '#' character is ignored.
DIRECTIVES
The following directives are used in the torsocks configuration file:
server The IP address of the SOCKS server (e.g "server = 10.1.4.253"). Only one server may
be specified per path block, or one outside a path block (to define the default
server). Unless --disable-hostnames was specified to configure at compile time the
server can be specified as a hostname (e.g "server = socks.nec.com")
server_port
The port on which the SOCKS server receives requests. Only one server_port may be
specified per path block, or one outside a path (for the default server). This
directive is not required if the server is on the standard port (1080).
server_type
SOCKS version used by the server. Versions 4 and 5 are supported (but both for only
the connect operation). The default is 4. Only one server_type may be specified
per path block, or one outside a path (for the default server).
You can use the inspectorsocks utility to determine the type of server, see the
'UTILITIES' section later in this manual page.
default_user
This specifies the default username to be used for username and password
authentication in SOCKS version 5. In order to determine the username to use (if
the socks server requires username and password authentication) torsocks first
looks for the environment variable TSOCKS_USERNAME, then looks for this
configuration option, then tries to get the local username. This option is not
valid for SOCKS version 4 servers. Only one default_user may be specified per path
block, or one outside a path (for the default server)
default_pass
This specified the default password to be used for username and password
authentication in SOCKS version 5. In order to determine the password to use (if
the socks server requires username and password authentication) torsocks first
looks for the environment variable TSOCKS_PASSWORD, then looks for this
configuration option. This option is not valid for SOCKS version 4 servers. Onle
one default_pass may be specified per path block, or one outside a path (for the
default server)
local An IP/Subnet pair specifying a network which may be accessed directly without
proxying through a SOCKS server (e.g "local = 10.0.0.0/255.0.0.0"). Obviously all
SOCKS server IP addresses must be in networks specified as local, otherwise
torsocks would need a SOCKS server to reach SOCKS servers.
reaches
This directive is only valid inside a path block. Its parameter is formed as
IP[:startport[-endport]]/Subnet and it specifies a network (and a range of ports on
that network) that can be accessed by the SOCKS server specified in this path
block. For example, in a path block "reaches = 150.0.0.0:80-1024/255.0.0.0"
indicates to torsocks that the SOCKS server specified in the current path block
should be used to access any IPs in the range 150.0.0.0 to 150.255.255.255 when the
connection request is for ports 80-1024.
tordns_enable
This enables the use of the 'tordns' feature in torsocks, which overrides the
standard C library name resolution calls to use SOCKS. The default value is
`true'.
tordns_deadpool_range
Tor hidden sites do not have real IP addresses. This specifies what range of IP
addresses will be handed to the application as "cookies" for .onion names. Of
course, you should pick a block of addresses which you aren't going to ever need to
actually connect to. The default value is '127.0.69.0/255.255.255.0'.
tordns_cache_size
This specifies the number of IP addresses looked up through SOCKS to cache. The
default value is 256. Each entry consumes 260 bytes of memory, so the default adds
66,560 bytes of overhead to each 'torified' process. NOTE: if the number of IP
addresses in tordns_deadpool_range is less than the value specified for
tordns_cache_size, then the cache will be shrunk to fit the deadpool range. This is
to prevent duplicate deadpool addresses from ever appearing in the cache.
UTILITIES
torsocks comes with two utilities that can be useful in creating and verifying the
torsocks configuration file.
EXAMPLE
export TORSOCKS_CONF_FILE=$PWD/torsocks.conf
torsocks ssh account@sshserver.com
SEE ALSO
torsocks(8)
AUTHOR
Robert Hogan (robert@roberthogan.net) Shaun Clowes (delius@progsoc.uts.edu.au)
COPYRIGHT
Copyright 2009 Robert Hogan Copyright 2000 Shaun Clowes
Renamed for use by torsocks to avoid conflict with torsocks by Robert Hogan.
torsocks and its documentation may be freely copied under the terms and conditions of
version 2 of the GNU General Public License, as published by the Free Software Foundation
(Cambridge, Massachusetts, United States of America).
This documentation is based on the documentation for logwrites, another shared library
interceptor. One line of code from it was used in torsocks and a lot of the documentation
:) logwrites is by adam@yggdrasil.com (Adam J. Richter) and can be had from
ftp.yggdrasil.com pub/dist/pkg