commit 621ea2315b3f53a9ef4ace9f3f6cb2f03a241042 Author: Mike Perry mikeperry-git@torproject.org Date: Wed Apr 17 06:09:06 2019 +0000
Bug 29203: Provide ReducedCircuitPadding torrc and consensus params --- doc/tor.1.txt | 6 ++++++ src/app/config/config.c | 5 +++++ src/app/config/or_options_st.h | 6 ++++++ src/core/or/circuitpadding.c | 13 +++++++++++++ src/core/or/circuitpadding.h | 11 +++++++++++ 5 files changed, 41 insertions(+)
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 6c125e374..13a85f995 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -963,6 +963,12 @@ The following options are useful only for clients (that is, if support (unlike ConnectionPadding, CircuitPadding cannot be force-enabled). (Default: 1)
+[[ReducedCircuitPadding]] **ReducedCircuitPadding** **0**|**1**:: + If set to 1, Tor will only use circuit padding algorithms that have low + overhead. Only clients may set this option. This option should be offered + via the UI to mobile users for use where bandwidth may be expensive. + (Default: 0) + [[ExcludeNodes]] **ExcludeNodes** __node__,__node__,__...__:: A list of identity fingerprints, country codes, and address patterns of nodes to avoid when building a circuit. Country codes are diff --git a/src/app/config/config.c b/src/app/config/config.c index 7ad970625..1c7cb1d57 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -597,6 +597,7 @@ static config_var_t option_vars_[] = { V(ConnectionPadding, AUTOBOOL, "auto"), V(RefuseUnknownExits, AUTOBOOL, "auto"), V(CircuitPadding, BOOL, "1"), + V(ReducedCircuitPadding, BOOL, "0"), V(RejectPlaintextPorts, CSV, ""), V(RelayBandwidthBurst, MEMUNIT, "0"), V(RelayBandwidthRate, MEMUNIT, "0"), @@ -3746,6 +3747,10 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("Relays cannot set CircuitPadding to 0. "); }
+ if (server_mode(options) && options->ReducedCircuitPadding == 1) { + REJECT("Relays cannot set ReducedCircuitPadding. "); + } + if (options->BridgeDistribution) { if (!options->BridgeRelay) { REJECT("You set BridgeDistribution, but you didn't set BridgeRelay!"); diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 0fdeb94b4..4e03bec7f 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -253,6 +253,12 @@ struct or_options_t { * disabled. */ int CircuitPadding;
+ /** Boolean: if true, then this client will only use circuit padding + * algorithms that are known to use a low amount of overhead. If false, + * we will use all available circuit padding algorithms. + */ + int ReducedCircuitPadding; + /** To what authority types do we publish our descriptor? Choices are * "v1", "v2", "v3", "bridge", or "". */ struct smartlist_t *PublishServerDescriptor; diff --git a/src/core/or/circuitpadding.c b/src/core/or/circuitpadding.c index dcd8f645c..8d2749906 100644 --- a/src/core/or/circuitpadding.c +++ b/src/core/or/circuitpadding.c @@ -82,6 +82,7 @@ static double circpad_distribution_sample(circpad_distribution_t dist);
/** Cached consensus params */ static uint8_t circpad_padding_disabled; +static uint8_t circpad_padding_reduced; static uint8_t circpad_global_max_padding_percent; static uint16_t circpad_global_allowed_cells; static uint16_t circpad_max_circ_queued_cells; @@ -1086,6 +1087,10 @@ circpad_new_consensus_params(const networkstatus_t *ns) networkstatus_get_param(ns, "circpad_padding_disabled", 0, 0, 1);
+ circpad_padding_reduced = + networkstatus_get_param(ns, "circpad_padding_reduced", + 0, 0, 1); + circpad_global_allowed_cells = networkstatus_get_param(ns, "circpad_global_allowed_cells", 0, 0, UINT16_MAX-1); @@ -1662,6 +1667,14 @@ circpad_machine_conditions_met(origin_circuit_t *circ, if (circpad_padding_disabled || !get_options()->CircuitPadding) return 0;
+ /* If the consensus or our torrc has selected reduced connection padding, + * then only allow this machine if it is flagged as acceptable under + * reduced padding conditions */ + if (circpad_padding_reduced || get_options()->ReducedCircuitPadding) { + if (!machine->conditions.reduced_padding_ok) + return 0; + } + if (!(circpad_circ_purpose_to_mask(TO_CIRCUIT(circ)->purpose) & machine->conditions.purpose_mask)) return 0; diff --git a/src/core/or/circuitpadding.h b/src/core/or/circuitpadding.h index bc2522c21..f00369eb0 100644 --- a/src/core/or/circuitpadding.h +++ b/src/core/or/circuitpadding.h @@ -152,6 +152,17 @@ typedef struct circpad_machine_conditions_t { /** Only apply the machine *if* vanguards are enabled */ unsigned requires_vanguards : 1;
+ /** + * This machine is ok to use if reduced padding is set in consensus + * or torrc. This machine will still be applied even if reduced padding + * is not set; this flag only acts to exclude machines that don't have + * it set when reduced padding is requested. Therefore, reduced padding + * machines should appear at the lowest priority in the padding machine + * lists (aka first in the list), so that non-reduced padding machines + * for the same purpose are given a chance to apply when reduced padding + * is not requested. */ + unsigned reduced_padding_ok : 1; + /** Only apply the machine *if* the circuit's state matches any of * the bits set in this bitmask. */ circpad_circuit_state_t state_mask;
tor-commits@lists.torproject.org