Not using slow circuits (was Re: Tor slow no matter what I do.)

Csaba Kiraly kiraly at dit.unitn.it
Sun Feb 3 08:40:49 UTC 2008 

Scott Bennett wrote:
>      On Sat, 02 Feb 2008 18:08:26 -0800 "F. Fox" <kitsune.or at gmail.com>
> wrote:
>   
>> Chad Z. Hower aka Kudzu wrote:
>> (snip)
>>     
>>> Does TOR implement QOS or prioritization? That is only use bandwidth when
>>> other traffic is not present?
>>>       
>> This can be done further upstream of the Tor server, as long as the
>> server is on a dedicated machine. Just set the switch up to put the Tor
>> server's port in Low priority mode.
>>     
>
>      That works for connections coming into the server, but not for
> outbound connections made by the server, so one can control only part of
> the traffic that way.  Control over some of the connections initiated by
> the server by managing the traffic to and from the most common choices
> of remote ports, but there isn't a good way to do that for all remote tor
> servers.  A further refinement might be to add specific QoS rules for the
> short list of very high-bandwidth servers and for the directory authorities.
>      Some Windows firewall software does allow identification of traffic
> to and from specific application programs, but I'm not aware of any that
> handle QoS that way.
>   
For Wondows, CFosSpeed handles priority. It is not a firewall, its 
primary goal is traffic prioritization. It is largely diffused in the 
P2P community to avoid the problem of uploads cannibalizing downloads 
(ACK prioritization), to permit browsing while heavy downloads are going 
in the background, etc.

For Linux, for outbound traffic, there are many options:
tc can be used to handle the priority, but first we need the filters 
that select Tor traffic

filters:

a, port based, as it was said before, is difficult since ports can be 
modified by Tor servers. A filter for 9051 and 9001 would do most of the 
job, if people leave it on default, but I don't know whether this is the 
case. Otherwise, a nice long list of destination addresses and ports 
could be created, even automatically, but that's kind of rude.

b, iptables has an owner module, which could do the job in some cases:
 
    --cmd-owner name
              Matches if the packet was created by a process  with  the  
given
              command name.  (this option is present only if iptables 
was com-
              piled under a kernel supporting this feature)

       NOTE: pid, sid and command matching are broken on SMP

c, filters can be based on the TOS field, which can be set as a socket 
option. This means a small modification to the Tor code, like adding one 
line of setsockopt.

Csaba

More information about the tor-talk mailing list