!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~       !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Safe  None$   $ NoneAn address or subnet specifier.Accept any address Accept this specific address.!<Accept this IP address and subnet mask (255.255.255.0,etc.)"0Accept this IP address and CIDR mask (/24,etc.)#!Accept this specific IP6 address.$"Accept this subnet and CIDR mask.%A port specifier&Accept any port'0Accept ports between the two values, inclusive.(Accept only the given port.)KA rule for accepting or rejecting traffic, usually specified by exit nodes.*Accept matching traffic.+Reject matching traffic.,`A family descriptor for a node. Either a nickname, or a digest referencing the family, or both.0<The complete description of a router within the Tor network.Q_A blank router description, with most of the options initialized with standard "blank" values.5 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQ4 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQ40123456789:;<=>?@ABCDEFGHIJKLMNOPQ,-./)*+ !"#$%&'( !"#$%&'()*+,-./0 123456789:;<=>?@ABCDEFGHIJKLMNOPQNoneVRParse a standard line of " name  thingn".SParse a Tor nickname.TParse a 20 byte hex digest.UParse a port specifierVParse a port number.WParse an address specifier.XParse an IPv4 address.YEParse an IPv6 address; assuming [0000:1111:....] format, with braces.ZKParse a public key. Returns both the public key and the raw data behind it.[Parse a public key.\ Parse a timestamp in UTC format.]Parse a boolean. (0/1)^Parse a character._ Parse an alphanumeric character.`Parse a hex digit.aParse a decimal digit.b%Parse a character in a Base64 stream.c8Parse a decimal number that matches the given predicate.dEat up some whitespace.e,Eat up at least one character of whitespace.f1Eat some amount of whitespace and then a newline.g Read a space.hRead a newline.i2Convert a series of bytes into a character string.j7Read a hex number into a bytestring in the obvious way.k1Decode a series of characters as a Base64 stream.RSTUVWXYZ[\]^_`abcdefghijk% !"#$%&'(RSTUVWXYZ[\]^_`abcdefghijk%%&'( !"#$RSTVWUXY[Z\]^_a`bcdeghfijkRSTUVWXYZ[\]^_`abcdefghijkNonel9A default directory for pulling consensus and other data.uParse a directory structure.lmnopqrstu lmnopqrstu lmnopqrstulmnopqrstuNonevThe current alias for random number generators within the Tor implementation. Renamed here because we may want to change this in the future.vvvvNonewNThe second Oakley group from RFC 2409, which provides ~1024 bits of security.wwwwNonexEncrypt a piece of data using the given public key, optionally forcing the routine to use hybrid encryption even if the size of the data doesn't warrant it.y4Decrypt a piece of data using the given private key.xyxyxyxyNoneHGenerate a hash of the given certificate using the given hash algorithm.GGenerate a hash of the given public key using the given hash algorithm.None%Generate a SHA1 hash of a bytestring.'Generate a SHA256 hash of a bytestring. *Generate a SHA1 hash of a lazy bytestring. ,Generate a SHA256 hash of a lazy bytestring. _When generating a signautre, don't include any information about the underlying hash function.           NoneVz'A router within the consensus document.2An authority that might sign a consensus document.,A current consensus from a directory server.Parse a consensus document, returning either an error or the parsed consensus and the SHA1 and SHA256 hashes of that consensus, for later validation.4z{|}~ )z{|}~)z{|}~z {|}~   None#Information about a directory cert.Parse in a DirectoryCertInfo.   NoneVParse a directory listing full of router descriptions, returning, for each entry, either a parse error or the parsed router description.+ !"#$%&'()*+,-./0123456789:;<=>?@ABCD& !"#$%&'()*+,-./0123456789:;<=>?@ABCD NoneTRender the given router description, signing it with the given private signing key.$EFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg$EFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg SafeyAn abstract data type representing either an address or an address processing error, used in a variety of Tor protocols.A hostname, as usual.An IP4 address, as  'a.b.c.d' , in decimal.An IP6 adddress, as '[...]', in usual hex formCA transient error occurred when performing some action. Try again.nA non-transient error occurred when performing some action. Do not try again, or you will annoy the dragon.ZTurn a TorAddress into a string. Will result in an error for either of the error options. Parse a TorAddress off the wire.gTurn a 32-bit ByteString containing an IP4 address into the normal String version of that IP4 address.Turn a normal 128-bit ByteString containing an IP6 address into the normal String version of that IP6 address. Recall that for Tor, the normal String version is wrapped in square braces ([0000:11111:...]).A putter for TorAddresses.pGiven a normally-formatted IP4 String (a.b.c.d), turn that into a 32-bit ByteString containing that IP address.Given a normally-formatted IP6 String ([aaaa:bbbb:...]), turn that into a 128-bit ByteString containing that IP address. Note that this function does not support IP6 address compression ([aaaa::bbbbb]), so this must be a fully-expanded address.)Translate a TorAddress into a ByteString.hi hi None;NThe type of a Tor-compatible network stack. The first type variable is the type of a listener socket, the second the type of a standard connection socket. aLookup the given hostname and return any IP6 (Left) or IP4 (Right) addresses associated with it.4A network stack, but with the type variables hidden.+Receive a line of ASCII text from a socket.Receive all the input from the socket as a lazy ByteString; this may cause the system to block upon some ByteString operations to fetch more data.NConvert a Tor-compatible network stack to a TLS-compatible Backend structure. None35 -One of the things we can automatically fetch.BA set of types that are automatically fetchable by this subsystem.jParse a blob of incoming data, emitting either an error string of the item. A moral equivalent to ReadS, except for ByteStrings, and we're not planning to make this widely used.kGGiven an item to fetch, get the directory and file name for that thing.lcGiven an item to fetch, get a time we should be willing to wait to download and process that item.kFetch the given item from the given host and port, using the given network stack, returning either the error that occurred fetching that item or the item. The String used for the host will be directly passed to the network stack's connect function without further processing, so you should think about whether that means you need to address resolution or not.m+Build a GET request for the given resource.Read the response to a GET request. This returns the parsed interior of a GET response, rather than the whole response, so one of the possible errors you might receive is an HTTP response parsing error.nQAn attoparsec parser for HTTP responses. This is not, in any way, fully general.jklmnopq jklmnopqNone5The current directory database available to the node.9The information about a directory within the Tor network.Generate a directory of available databases from which we can pull router lists and publish our own router information, as necessary.DSend our router description to all of the directories we know about.Select a random directory.4Find a directory that matches the given fingerprint.4Add a new directory to our set of known directories.rsr sNone+@The kinds of certificates used within the initial Tor handshake.*The two supported handshake types for Tor.4A reason that a Circuit could or has been destroyed.A raw tor cell.DGiven a tor cell, return the circuit it's associated with, if it is.4Return True iff this is a padding cell of some sort.Parse a TorCellRender a TorCellParse a DestroyReason.Render a DestroyReasonParse a handshake identifier.Render a handshake identifier.Parse a certificate.Render a certificate.9     tuvw5     5          tuvwNone-A Tor-compatible network stack that uses the network library.xyz{|}xyz{|}NoneHCreate a Tor-compatible network stack from the given Hans network stack.~~None+!The format for extension request.!0A reason that someone might want to end a relay.0YVarious bits of information for dealing with hidden services. Currently not implemented.>+The format of a Relay cell in a Tor stream.OIPv4v[Parse a relay cell off the wire, returning the shortened digest and the parsed relay cell.whRender a relay cell using the given hash context, returning the rendered cell and the new hash context.xuParse a relay cell, verifying that the digest matches appropriately, returning the parsed cell and new hash context.y:Perform a raw relay cell render, with 0 for the hash mark.zKRender the internals of a relay cell (basically everything but the header).{Parse a RelayEndReason.|Render a RelayEndReason.}Render an ExtendSpec.~Parse an ExtendSpecg !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~b !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~>?FHJMNSUVXY[]^bcgilnrstu@ABCDE@G@I@KL@@OPQR@T@@W@@Z@\@@_`a@T@def@h@jk@m@opq@pq@@@yvxw }~!"#$%&'()*+,-./|{z0156;234234789:34<=789:34 !"#$%&'()*+,-./0156;234234789:34<=789:34>Q?FHJMNSUVXY[]^bcgilnrstu@ABCDE@G@I@KL@@OPQR@T@@W@@Z@\@@_`a@T@def@h@jk@m@opq@pq@@@vwxyz{|}~None4Fetch the current date, and return it as a DateTime.None4Options for allowing circuits that end at this node.>The rules for allowing or rejecting traffic leaving this node.LThe ports to disallow (Left) or allow (Right) when forwarding IPv6 traffic.Set this flag if you want to allow single-hop exits. These are usually not advisable, but according to the spec they may be usefule for "specialized controllers desgined to support perspective access and such.":Options for allowing circuits that pass through this node.The port to listen on. By default, this is 9374, but there are compelling reasons to have it be some other wel-known port, like 80.oThe nickname for this node. This is completely optional, but can be helpful in finding yourself in node lists.rA contact email address. If not provided, we will either provide no email address or just include a junk address./If you're setting up a number of nodes within the same operating environment, you might want to provide a "family" identifier. That way, those building circuits can limit what percentage of their hops might go through this group. A node can be a member of zero, one, or more families, thus the list.The maximum number of links from this node. Note that this should be greater than or equal to torTargetLinks if this node is also to be used as an entrance node.;Options for allowing circuits that originated at this node.The number of intermediate hops to use between this node and the exit node. To be clear, created circuits will have an entrance node, this number of nodes, and then the exit node.The target number of external connections to keep alive for outgoing connections. Note that this is a target, rather than a hard minimum or limit.OHow the node should be set up during initialization. For each of these items,  means that the node will not operate in that capacity, while Just of the option type will initialize that system with those options.Note that while we will do our best to make it work, it doesn't make a whole lot of sense to be an Exit node and not be a Relay node.A reasonable default set of options for a Tor node. Sets the node up as an entrance and relay node with their standard options, and logging output printed to stdout.rA reasonable set of entrance options. The internal circuit length is set to 4, and a target number of links of 5.A reasonable set of relay options. The onion port is set to 9374, the nickname is set to "", and no contact information is provided. These options set the maximum number of links to 50.A reasonable default exit node options. This allows all outgoing traffic to ports 22 (SSH), 80 (HTTP), 443 (HTTPS), 465 (SMTPS), and 993 (IMAPS), and disallows single hop exits.If you like the output format of the default log function, but want to send it to your own output stream, this is the function for you! This function takes an outgoing logger and a string to log, and adds a nicely- formatted and easily-sortable timestamp to the front of it.@NOTE: The default value for the logger is (makeLogger putStrLn).) !"#$%&'()*+))*+ !"#$%&'( None )The current credentials held by the node.:A snapshot of the current credential state for the system.)Generate new credentials fora fresh node.BGet the public signing certificate and its associated private key.@Get the public onion certificate and its associated private key.7Get the public NTor Curve25519 public and private keys.>Get the public TLS certificate and its associated private key.Get the current set of addresses we believe are associated with the node. You should make sure to establish at least one outgoing link before calling this.(Get our own, current router decsription.CAdd a new set of addresses that should be associated with our node.Create a new certificate containing the public key and signed by the private key, using the given serial number, CommonName, and validity period.AGenerate a new public/private RSA key pair of the given bit size.=Return true if the first certificate is signed by the second.!   None DRestrictions to apply when searching for a router or set of routers.Marked with the Stable flagIs not the given routerIs not the given addressIs an exit node of some kindCIs an exit node that allows traffic to the given address and port.<The current router database, refreshed at regular intervals.Build a new router database. This database will return before it is fully initialized, in order to make general start-up faster. This may mean that some queries of the database will take longer upon initial loading, or when the database is being refreshed periodicatly.$Find a router given its fingerprint._Fetch a router matching the given restrictions. The restrictions list should be thought of an AND with a default of True given the empty list. This routine may take awhile to find a suitable entry if the restrictions are cumbersome or if the database is being reloaded.Returns true iff the given router meets all the given restrictions. (If no restrictions are provided, then the router meets all of them.)VReturns true iff the given exit rules allow traffic to the given address / port pair.9The thread that updates the consensus document over time.   NoneV .A direct link between us and another Tor node.The RouterDesc associated with this link, if we have one. (It will not always be possible to find incoming links in the database.)?Whether the link was initiated here (False) or elsewhere (True)Read the next incoming cell from the given circuit identifier on the given link. This will throw an exception if the circuit has been appropriately registered.Write a cell to the link.Close the linkCreate a direct link to the given tor node. note that this routine performs some internal certificate checking, but you should verify that the certificate you expected from the connection is what you expected it to be. YOU SHOULD PROBABLY NOT USE THIS ROUTINE. Instead, use newLinkCircuit , elsewhere.,Generate a random new circuit id for a link.iGiven an incoming socket, accept a formal Tor link from the incoming party. Or throw an error. Whatever."  None;A handy shorthand for a public and private Curve25519 pair.A shorthand for the pair of encryption and hashing state used by Tor. Note, because it's easy to forget, that the encryption state is updated on every cell that passes through the system, but the hashing state is only updated on cells that are destined for us."The current state of an encryptor.?A socket for communicating with a server, anonymously, via Tor.hA handle for a circuit that orginated elsewhere, and is either passing through or exiting at this node.(A circuit that originates with this nodeCreate a new one-hop circuit across the given link. The router description given must be the router description for the given link, or the handshake will fail. The Word32 argument is the circuit id to use. The result is the new, one-hop circuit or a thrown exception. If you care about anonymity, you should extend this circuit a few times before trying to make any connections.Extend the extant circuit to the given router. This is purely side-effecting, although it may thrw an error if an error occurs during the extension process.KDestroy a circuit, and all the streams and computations running through it.LWrite a cell on the circuit we just created, pushing it through the network.7Accept a circuit from someone who just connected to us.(Destroy a circuit that is transiting us.Resolve the given hostname, anonymously. The result is a list of addresses associated with that hostname, and the TTL for those values.Connect to the given address and port through the given circuit. The result is a connection that can be used to read, write, and close the connection. (This is equivalent to calling connectToHost' with True, True, and False for the extra arguments.)Connect to the given address and port through the given circuit. The result is a connection that can be used to read, write, and close the connection. The booleans determine if an IPv4 connection is OK, an IPv6 connection is OK, and whether IPv6 is preferred, respectively.Write the given ByteString to the given Tor socket. Blocks until the entire ByteString has been written out to the network. Will throw an error if the socket has been closed.Read the given number of bytes from the socket. Blocks until either the entire buffer has been read or the socket closes for some reason. Will throw an error if the socket was closed before the read starts.Close a Tor socket. This will notify the other end of the connection that you are done, so you should be sure you really don't need to do any more reading before calling this. At this point, this implementation does not support a half-closed option.zPerform the first step in a TAP handshake, generating a private value and the public cell body to send to the other side.Given our information and the public value provided by the other side, compute both the shared secret and our public value to send back to the originator.Given the private number generated before and the server's response, generate the shared secret and the appropriate crypto data.hStart an NTor handshake by generating a local Curve25519 pair and a public value to send to the server.As a server, accept the client's public value, generate the shared encryption state from that value, and generate a response to the client they can use to generate the same values.<Complete the NTor handhsake using the server's public value.#Generate a new Curve25519 key pair.^  ;   NoneThe LinkManager, as you'd guess, serves as a unique management point for holding all the links the current Tor node is operating on. The goal of this module is to allow maximal re-use of incoming and outgoing links while also maintaining enough links to provide anonymity guarantees.bCreate a new link manager with the given options, network stack, router database and credentials.Generate the first link in a new circuit, where the first hop meets the given restrictions. The result is the new link, the router description of that link, and a new circuit id to use when creating the circuit.ISet a callback that will fire any time a new link is added to the system.       None[A handle for the circuit manager component, to be passed amongst functions in this module.WCreate a new circuit manager given the previously-initialized components. Using a circuit manager will allow you to more easily reuse circuits across multiple connections, decreasing the overhead of using Tor. In additionally, eventually you will be able to track and gather statistics on circuit history over time by using this component.\Open a circuit to an exit node that allows connections according to the given restrictions.uClose a circuit. DO NOT CALL THIS. Instead, just drop all references to the structure; we'll worry about this later. !"#$%&'()  !"#$%&'()None;N)A handle to the current Tor system state.`Start up the underlying Tor system, given a network stack to operate in and some setup options.Resolve the given host name, anonymously. This routine will create a new circuit unless torMaxCircuits has been reached, at which point it will re-use an existing circuit.Connect to the given address via Tor. The TorAddress should be one of the IP4 or IP6 variants, rather than a hostname or an error. The result will be the built circuit. This will throw exceptions if failures occur during the building process.*+,-F !"#$%&'()*+!"#$%&'()*+,-./!"#$%&'()*+,-./*+,-. !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                   !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'() * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @  A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z{|}~      !"#$%&'()*+,-./0123haskell-tor-0.1.1Tor.Link.CipherSuitesTor.RouterDescTor.DataFormat.HelpersTor.DataFormat.DefaultDirectoryTor.RNG Tor.Link.DHTor.HybridCryptoTor.DataFormat.ConsensusTor.DataFormat.DirCertInfoTor.DataFormat.RouterDescTor.RouterDesc.RenderTor.DataFormat.TorAddressTor.NetworkStackTor.NetworkStack.FetchTor.State.DirectoriesTor.DataFormat.TorCellTor.NetworkStack.SystemTor.NetworkStack.HansTor.DataFormat.RelayCellData.Hourglass.Now Tor.OptionsTor.State.CredentialsTor.State.RoutersTor.Link Tor.CircuitTor.State.LinkManagerTor.State.CircuitManagerTorPaths_haskell_torCrypto.PubKey.RSA.KeyHashCrypto.Hash.Easy)suiteTLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'suiteTLS_ECDHE_RSA_WITH_AES_256_CBC_SHA%suiteTLS_DHE_RSA_WITH_AES_256_CBC_SHA%suiteTLS_DHE_DSS_WITH_AES_256_CBC_SHA&suiteTLS_ECDH_RSA_WITH_AES_256_CBC_SHA(suiteTLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA!suiteTLS_RSA_WITH_AES_256_CBC_SHA%suiteTLS_ECDHE_ECDSA_WITH_RC4_128_SHA)suiteTLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA#suiteTLS_ECDHE_RSA_WITH_RC4_128_SHA'suiteTLS_ECDHE_RSA_WITH_AES_128_CBC_SHA%suiteTLS_DHE_RSA_WITH_AES_128_CBC_SHA%suiteTLS_DHE_DSS_WITH_AES_128_CBC_SHA"suiteTLS_ECDH_RSA_WITH_RC4_128_SHA&suiteTLS_ECDH_RSA_WITH_AES_128_CBC_SHA$suiteTLS_ECDH_ECDSA_WITH_RC4_128_SHA(suiteTLS_ECDH_ECDSA_WITH_AES_128_CBC_SHAsuiteTLS_RSA_WITH_RC4_128_MD5suiteTLS_RSA_WITH_RC4_128_SHA!suiteTLS_RSA_WITH_AES_128_CBC_SHA*suiteTLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(suiteTLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA'suiteTLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA)suiteTLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"suiteTLS_RSA_WITH_3DES_EDE_CBC_SHA"suiteSSL3_EDH_RSA_DES_192_CBC3_SHA"suiteSSL3_EDH_DSS_DES_192_CBC3_SHA(suiteSSL3_RSA_FIPS_WITH_3DES_EDE_CBC_SHA&suiteTLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA(suiteTLS_DHE_RSA_WITH_AES_256_CBC_SHA256AddrSpec AddrSpecAll AddrSpecIP4AddrSpecIP4MaskAddrSpecIP4Bits AddrSpecIP6AddrSpecIP6BitsPortSpec PortSpecAll PortSpecRangePortSpecSingleExitRuleExitRuleAcceptExitRuleReject NodeFamilyNodeFamilyNicknameNodeFamilyDigestNodeFamilyBoth RouterDescrouterNicknamerouterIPv4Address routerORPort routerDirPortrouterParseLogrouterAvgBandwidthrouterBurstBandwidthrouterObservedBandwidthrouterPlatformNamerouterEntryPublishedrouterFingerprintrouterHibernating routerUptimerouterOnionKeyrouterNTorOnionKeyrouterSigningKeyrouterExitRulesrouterIPv6PolicyrouterSignature routerContact routerFamilyrouterReadHistoryrouterWriteHistoryrouterCachesExtraInforouterExtraInfoDigestrouterHiddenServiceDirrouterLinkProtocolVersionsrouterCircuitProtocolVersionsrouterAllowSingleHopExitsrouterAlternateORAddresses routerStatusblankRouterDesc standardLinenickname hexDigestportSpecportaddrSpecip4ip6 publicKey' publicKeyutcTimeboolchar8alphaNumhexDigitdecDigit base64Char decimalNum whitespace whitespace1newlinespnltoStringreadHex decodeBase64DefaultDirectory ddirNickname ddirIsBridge ddirAddress ddirOnionPort ddirDirPort ddirV3IdentddirFingerprintparseDefaultDirectoryTorRNGoakley2 hybridEncrypt hybridDecryptRouter rtrNickName rtrIdentity rtrDigest rtrPubTimertrIP rtrOnionPort rtrDirPort rtrIP6Addrs rtrStatus rtrVersion rtrBandwidth rtrPortList AuthorityauthName authIdent authAddressauthIP authDirPort authOnionPort authContactauthVoteDigest Consensus conMethods conMethod conValidAfter conFreshUntil conValidUntilconVotingDelayconSuggestedClientVersconSuggestedServerVers conKnownFlags conParametersconAuthorities conRoutersconBandwidthWeights conSignaturesparseConsensusDocumentDirectoryCertInfo dcFingerprint dcPublished dcExpires dcIdentityKey dcSigningKeydcKeyCertificationparseDirectoryCertInfoparseDirectoryrenderRouterDesc TorAddressHostnameIP4IP6TransientErrorNontransientError unTorAddress getTorAddress ip4ToString ip6ToString putTorAddress putIP4String putIP6StringtorAddressByteStringTorNetworkStackconnect getAddresslistenacceptrecvwriteflushcloselcloseSomeNetworkStackMkNSrecvLinerecvAll toBackend FetchItemConsensusDocumentKeyCertificate Descriptors Fetchablefetch readResponse DirectoryDB Directory dirNickname dirIsBridge dirAddress dirOnionPort dirDirPort dirV3IdentdirFingerprint dirPublished dirExpiresdirIdentityKey dirSigningKeynewDirectoryDatabasesendRouterDescriptiongetRandomDirectory findDirectory addDirectoryTorCert LinkKeyCertRSA1024Identity RSA1024AuthUnknownCertType HandshakeTypeTAPReservedNTorUnknown DestroyReasonNoReasonTorProtocolViolation InternalErrorRequestedDestroyNodeHibernatingHitResourceLimitConnectionFailedORIdentityIssueORConnectionClosedFinishedCircuitConstructionTimeoutCircuitDestroyed NoSuchServiceUnknownDestroyReasonTorCellPaddingCreateCreatedRelayDestroy CreateFast CreatedFastNetInfo RelayEarlyCreate2Created2VersionsVPaddingCerts AuthChallenge Authenticate Authorize getCircuit isPadding getTorCell putTorCellgetDestroyReasonputDestroyReasongetHandshakeTypeputHandshakeType getTorCert putTorCertsystemNetworkStackhansNetworkStack ExtendSpec ExtendIP4 ExtendIP6 ExtendDigestRelayEndReason ReasonMiscReasonResolveFailedReasonConnectionRefusedReasonExitPolicyReasonDestroyed ReasonDone ReasonTimeout ReasonNoRouteReasonHibernatingReasonInternalReasonResourceLimitReasonConnectionResetReasonTorProtocolReasonNotDirectoryRelayIntro1Data RelayIntro1v0 intRendPoint intRendCookie intRendgx1 RelayIntro1v1 RelayIntro1v2intRendPointIPintRendPointPortintRendPointIdintRendOnionKey RelayIntro1v3 intAuthType intAuthData RelayCell RelayBegin relayStreamIdrelayBeginAddressrelayBeginPortrelayBeginIPv4OKrelayBeginIPv6OKrelayBeginIPv6Pref RelayData relayDataRelayEndrelayEndReasonRelayConnectedrelayConnectedAddrrelayConnectedTTL RelaySendMe RelayExtendrelayExtendAddressrelayExtendPortrelayExtendSkinrelayExtendIdent RelayExtendedrelayExtendedData RelayTruncateRelayTruncatedrelayTruncatedRsn RelayDrop RelayResolverelayResolveName RelayResolvedrelayResolvedAddrs RelayBeginDir RelayExtend2relayExtendTargetrelayExtendTyperelayExtendDataRelayExtended2RelayEstablishIntrorelayEstIntKeyrelayEstIntSessHashrelayEstIntSigRelayEstablishRendezvousrelayEstRendCookieRelayIntroduce1relayIntro1KeyIdrelayIntro1DataRelayIntroduce2relayIntro2DataRelayRendezvous1relayRendCookie relayRendGY relayRendKHRelayRendezvous2RelayIntroEstablishedRelayRendezvousEstablishedRelayIntroduceAck getRelayCellrenderRelayCellparseRelayCell putRelayCellputRelayCellGutsgetRelayEndReasonputRelayEndReason putExtendSpec getExtendSpecgetCurrentTimeTorExitOptions torExitRules torIPv6PolicytorAllowSingleHopExitsTorRelayOptions torOnionPort torNickname torContact torFamiliestorMaximumLinksTorEntranceOptionstorInternalCircuitLengthtorTargetLinks TorOptionstorLogtorEntranceOptionstorRelayOptionstorExitOptionsdefaultTorOptionsdefaultTorEntranceOptionsdefaultTorRelayOptionsdefaultTorExitOptions makeLogger CredentialsnewCredentials getSigningKey getOnionKeygetNTorOnionKey getTLSKey getAddresses getRouterDescaddNewAddressescreateCertificategenerateKeyPair isSignedByRouterRestrictionIsStable NotRouter NotTorAddrExitNodeExitNodeAllowingRouterDBnewRouterDatabase findRouter getRoutermeetsRestrictions allowsExitTorLinklinkRouterDesclinkInitiatedRemotelylinkRead linkWrite linkCloseinitLinklinkNewCircuitId acceptLinkCurve25519Pair CryptoDataEncryptionState TorSocket tsCircuit tsStreamIdtsState tsReadWindowtsInChan tsLeftoverTransverseCircuitOriginatedCircuit createCircuit extendCircuitdestroyCircuit acceptCircuitdestroyTransverse resolveName connectToHostconnectToHost'torWritetorReadtorClosestartTAPHandshakeadvanceTAPHandshakecompleteTAPHandshakestartNTorHandshakeadvanceNTorHandshakecompleteNTorHandshake generate25519 LinkManagernewLinkManagernewLinkCircuitsetIncomingLinkHandlerCircuitManagernewCircuitManager openCircuit closeCircuitstartTortorResolveName torConnectcatchIOversionbindirlibdirdatadir libexecdir sysconfdir getBinDir getLibDir getDataDir getLibexecDir getSysconfDirgetDataFileNameprepnoFail bulkAES128 bulkAES256bulk3DESbulkRC4$fEqRouterDesc isAlphaNum isHexDigitisDecimalDigit isBase64ChardefaultDirectoryv3IdentaddrPort fingerprint oaepParamsfailLeftkeyHashkeyHash'sha1sha256sha1lazy sha256lazynoHashHashLazygenerateHashesconsensusDocumentconsensusMethod torVersionflag torParams authorityrouterbandwidthWeightsconsensusSignature decodeBase64' generateHash dirCertInfo signature OptionParser ParseAmountNever AtMostOnce ExactlyOnce AnyNumber EndsRouter chunkRouters nextRouterparseRouterDescinitialParseStatewrappedOptionParsers addWrappercheckFinalStateswarnrouterDescOptions routerStart bandwidthplatform published hibernatinguptimeonionKey ntorOnionKey signingKeyexitRule ipv6Policy routerSig contactInfofamily readHistory writeHistoryhistoryeventDNScachesExtraInfoextraInfoDigesthiddenServiceDir protocolsallowSingleHopExits orAddress exitPatternRenderputWordputWord'endLine putFourGroups putPublicKeyputLines putSeperatedrenderRouterDesc'renderRouterLinerenderBandwidthrenderPlatformrenderPublishedrenderFingerprintrenderHibernating renderUptimerenderOnionKey renderNTorKeyrenderSigningKeyrenderExitRulesrenderAddrSpecrenderPortSpecrenderIPv6PolicyrenderContactInfo renderFamilyrenderReadHistoryrenderWriteHistory renderHistoryrenderCachesExtraInforenderExtraInfoDigestrenderHiddenServiceDirrenderProtocolsrenderAllowSingleHopExitsrenderAltAddressesshowHex unintercalate unwrapIP6 parseBlob fetchItemFile fetchItemTimebuildGet httpResponse$fFetchableMap$fFetchable(,,)$fFetchableDirectoryCertInfoDDB defaultStrsputLenByteStringputStandardCellgetCerts$fExceptionDestroyReason systemConnect systemLookup systemListenconvertAddress systemAccept systemRead systemWriteinjectRelayHash parseFlags renderFlags parseAddrPort$fExceptionRelayEndReasonbaseGHC.BaseNothingCredentialStatecredRNG credStartTimecredNextSerialNum credBaseDesc credAddresses credIdentity credOnion credOnionNTorcredTLSgetCredentials orderList generateState updateKeys getCredCert maybeRegenIdmaybeRegenOnion maybeRegenTLSsignMsgupdateConsensusRouterDBVersionRDB rdbRevision rdbRouters portMatches addrMatchesip4in'ip4inip6inip6equnAddrgenerateMaskFromMaskgenerateMaskFromBitsmasked expandIPv6getValidSignaturescomputeNextTime waitUntil linkContextlinkReaderThreadlinkReadBuffersrunLinkgetRespInitialMsgsgetResponderStartgetNetInfoCellauthMessageHeaderputCellgenCertificate clientTLSOptsis1024BitRSAKey certExpired fromElapsed exactlyOneIdexactlyOneLink serverTLSOptschooseTorCipher isEquivListisV2PlusCipherSetfixedCipherList getVersionsgetInitiatorInfoexactlyOneAuthwriteCellOnCircuitEStcLink tcNextHoptcLogtcIdtcRNG tcOptions tcCredentials tcRouterDB tcConnections tcThreadstcForeCryptoDatatcBackCryptoDataocLinkocLogocIdocRNG ocOptionsocStateocTakenStreamIdsocExtendWaiterocResolveWaiters ocSockets ocConnWaitersocForeCryptoDataocBackCryptoDataprocessBackwardInputprocessBackwardRelayprocessLocalBackwardsRelayprocessForwardInputprocessForwardRelayprocessLocalForwardRelayprocessBackwardTransverse isExitNode getAddress'connect'matchesExitCriteriacircRelayUpstreaminitEncryptionState encryptData decryptData xorStreamxorBSgetNextStreamIdcomputeTAPValueskdfTorcurveExpcomputeNTorValues kdfRFC5869 hmacSha256protoidt_mact_keyt_verifym_expand withMVar' modifyMVar' modifyMVar_'$fShowEncryptionState$fEqEncryptionStatelmNetworkStack lmRouterDB lmCredentials lmIdealLinks lmMaxLinkslmLoglmRNGlmLinkslmIncomingLinkHandlerforkIO_ CircuitEntryPending ceExitNode_cePendingEntranceEntry_ceWeakEntrance Transverse_ceIncomingLink _ceCircuitNoCircuitManagercmCircuitLength cmRouterDB cmOptions cmLinkManagercmRNGcmOpenCircuitsbuildNewCircuitsnoccmLogHostName tryConnectcheckPublicFail