[tor-commits] [tor/master] Bug 29203: Provide ReducedCircuitPadding torrc and consensus params

nickm at torproject.org nickm at torproject.org
Mon May 13 18:35:30 UTC 2019


commit 621ea2315b3f53a9ef4ace9f3f6cb2f03a241042
Author: Mike Perry <mikeperry-git at torproject.org>
Date:   Wed Apr 17 06:09:06 2019 +0000

    Bug 29203: Provide ReducedCircuitPadding torrc and consensus params
---
 doc/tor.1.txt                  |  6 ++++++
 src/app/config/config.c        |  5 +++++
 src/app/config/or_options_st.h |  6 ++++++
 src/core/or/circuitpadding.c   | 13 +++++++++++++
 src/core/or/circuitpadding.h   | 11 +++++++++++
 5 files changed, 41 insertions(+)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 6c125e374..13a85f995 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -963,6 +963,12 @@ The following options are useful only for clients (that is, if
     support (unlike ConnectionPadding, CircuitPadding cannot be force-enabled).
     (Default: 1)
 
+[[ReducedCircuitPadding]] **ReducedCircuitPadding** **0**|**1**::
+    If set to 1, Tor will only use circuit padding algorithms that have low
+    overhead. Only clients may set this option. This option should be offered
+    via the UI to mobile users for use where bandwidth may be expensive.
+    (Default: 0)
+
 [[ExcludeNodes]] **ExcludeNodes** __node__,__node__,__...__::
     A list of identity fingerprints, country codes, and address
     patterns of nodes to avoid when building a circuit. Country codes are
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 7ad970625..1c7cb1d57 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -597,6 +597,7 @@ static config_var_t option_vars_[] = {
   V(ConnectionPadding,           AUTOBOOL, "auto"),
   V(RefuseUnknownExits,          AUTOBOOL, "auto"),
   V(CircuitPadding,              BOOL,     "1"),
+  V(ReducedCircuitPadding,       BOOL,     "0"),
   V(RejectPlaintextPorts,        CSV,      ""),
   V(RelayBandwidthBurst,         MEMUNIT,  "0"),
   V(RelayBandwidthRate,          MEMUNIT,  "0"),
@@ -3746,6 +3747,10 @@ options_validate(or_options_t *old_options, or_options_t *options,
     REJECT("Relays cannot set CircuitPadding to 0. ");
   }
 
+  if (server_mode(options) && options->ReducedCircuitPadding == 1) {
+    REJECT("Relays cannot set ReducedCircuitPadding. ");
+  }
+
   if (options->BridgeDistribution) {
     if (!options->BridgeRelay) {
       REJECT("You set BridgeDistribution, but you didn't set BridgeRelay!");
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index 0fdeb94b4..4e03bec7f 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -253,6 +253,12 @@ struct or_options_t {
    * disabled. */
   int CircuitPadding;
 
+  /** Boolean: if true, then this client will only use circuit padding
+   * algorithms that are known to use a low amount of overhead. If false,
+   * we will use all available circuit padding algorithms.
+   */
+  int ReducedCircuitPadding;
+
   /** To what authority types do we publish our descriptor? Choices are
    * "v1", "v2", "v3", "bridge", or "". */
   struct smartlist_t *PublishServerDescriptor;
diff --git a/src/core/or/circuitpadding.c b/src/core/or/circuitpadding.c
index dcd8f645c..8d2749906 100644
--- a/src/core/or/circuitpadding.c
+++ b/src/core/or/circuitpadding.c
@@ -82,6 +82,7 @@ static double circpad_distribution_sample(circpad_distribution_t dist);
 
 /** Cached consensus params */
 static uint8_t circpad_padding_disabled;
+static uint8_t circpad_padding_reduced;
 static uint8_t circpad_global_max_padding_percent;
 static uint16_t circpad_global_allowed_cells;
 static uint16_t circpad_max_circ_queued_cells;
@@ -1086,6 +1087,10 @@ circpad_new_consensus_params(const networkstatus_t *ns)
       networkstatus_get_param(ns, "circpad_padding_disabled",
          0, 0, 1);
 
+  circpad_padding_reduced =
+      networkstatus_get_param(ns, "circpad_padding_reduced",
+         0, 0, 1);
+
   circpad_global_allowed_cells =
       networkstatus_get_param(ns, "circpad_global_allowed_cells",
          0, 0, UINT16_MAX-1);
@@ -1662,6 +1667,14 @@ circpad_machine_conditions_met(origin_circuit_t *circ,
   if (circpad_padding_disabled || !get_options()->CircuitPadding)
     return 0;
 
+  /* If the consensus or our torrc has selected reduced connection padding,
+   * then only allow this machine if it is flagged as acceptable under
+   * reduced padding conditions */
+  if (circpad_padding_reduced || get_options()->ReducedCircuitPadding) {
+    if (!machine->conditions.reduced_padding_ok)
+      return 0;
+  }
+
   if (!(circpad_circ_purpose_to_mask(TO_CIRCUIT(circ)->purpose)
       & machine->conditions.purpose_mask))
     return 0;
diff --git a/src/core/or/circuitpadding.h b/src/core/or/circuitpadding.h
index bc2522c21..f00369eb0 100644
--- a/src/core/or/circuitpadding.h
+++ b/src/core/or/circuitpadding.h
@@ -152,6 +152,17 @@ typedef struct circpad_machine_conditions_t {
   /** Only apply the machine *if* vanguards are enabled */
   unsigned requires_vanguards : 1;
 
+  /**
+   * This machine is ok to use if reduced padding is set in consensus
+   * or torrc. This machine will still be applied even if reduced padding
+   * is not set; this flag only acts to exclude machines that don't have
+   * it set when reduced padding is requested. Therefore, reduced padding
+   * machines should appear at the lowest priority in the padding machine
+   * lists (aka first in the list), so that non-reduced padding machines
+   * for the same purpose are given a chance to apply when reduced padding
+   * is not requested. */
+  unsigned reduced_padding_ok : 1;
+
   /** Only apply the machine *if* the circuit's state matches any of
    *  the bits set in this bitmask. */
   circpad_circuit_state_t state_mask;





More information about the tor-commits mailing list