this option. This option should be offered via the UI to mobile users
for use where bandwidth may be expensive. (Default: 0)
+[[CircuitPadding]] **CircuitPadding** **0**|**1**::
+ If set to 0, Tor will not pad client circuits with additional cover
+ traffic. Only clients may set this option. This option should be offered
+ via the UI to mobile users for use where bandwidth may be expensive. If
+ set to 1, padding will be negotiated as per the consensus and relay
+ support (unlike ConnectionPadding, CircuitPadding cannot be force-enabled).
+ (Default: 1)
+
[[ExcludeNodes]] **ExcludeNodes** __node__,__node__,__...__::
A list of identity fingerprints, country codes, and address
patterns of nodes to avoid when building a circuit. Country codes are
V(ReducedConnectionPadding, BOOL, "0"),
V(ConnectionPadding, AUTOBOOL, "auto"),
V(RefuseUnknownExits, AUTOBOOL, "auto"),
+ V(CircuitPadding, BOOL, "1"),
V(RejectPlaintextPorts, CSV, ""),
V(RelayBandwidthBurst, MEMUNIT, "0"),
V(RelayBandwidthRate, MEMUNIT, "0"),
REJECT("Relays cannot set ReducedConnectionPadding. ");
}
+ if (server_mode(options) && options->CircuitPadding == 0) {
+ REJECT("Relays cannot set CircuitPadding to 0. ");
+ }
+
if (options->BridgeDistribution) {
if (!options->BridgeRelay) {
REJECT("You set BridgeDistribution, but you didn't set BridgeRelay!");
* pad to the server regardless of server support. */
int ConnectionPadding;
+ /** Boolean: if true, then circuit padding will be negotiated by client
+ * and server, subject to consenus limits (default). If 0, it will be fully
+ * disabled. */
+ int CircuitPadding;
+
/** To what authority types do we publish our descriptor? Choices are
* "v1", "v2", "v3", "bridge", or "". */
struct smartlist_t *PublishServerDescriptor;
CIRCWINDOW_START_MAX, 0, 50*CIRCWINDOW_START_MAX);
}
+/**
+ * Return true if padding is allowed by torrc and consensus.
+ */
+STATIC bool
+circpad_is_padding_allowed(void)
+{
+ /* If padding has been disabled in the consensus, don't send any more
+ * padding. Technically the machine should be shut down when the next
+ * machine condition check happens, but machine checks only happen on
+ * certain circuit events, and if padding is disabled due to some
+ * network overload or DoS condition, we really want to stop ASAP. */
+ if (circpad_padding_disabled || !get_options()->CircuitPadding) {
+ return 0;
+ }
+
+ return 1;
+}
+
/**
* Check this machine against its padding limits, as well as global
* consensus limits.
{
const circpad_machine_spec_t *machine = CIRCPAD_GET_MACHINE(mi);
- /* If padding has been disabled in the consensus, don't send any more
- * padding. Technically the machine should be shut down when the next
- * machine condition check happens, but machine checks only happen on
- * certain circuit events, and if padding is disabled due to some
- * network overload or DoS condition, we really want to stop ASAP. */
- if (circpad_padding_disabled) {
- return 1;
- }
-
/* If machine_padding_pct is non-zero, and we've sent more
* than the allowed count of padding cells, then check our
* percent limits for this machine. */
struct timeval timeout;
tor_assert(mi);
+ /* Don't schedule padding if it is disabled */
+ if (!circpad_is_padding_allowed()) {
+ static ratelim_t padding_lim = RATELIM_INIT(600);
+ log_fn_ratelim(&padding_lim,LOG_INFO,LD_CIRC,
+ "Padding has been disabled, but machine still on circuit %"PRIu64
+ ", %d",
+ mi->on_circ->n_chan ? mi->on_circ->n_chan->global_identifier : 0,
+ mi->on_circ->n_circ_id);
+
+ return CIRCPAD_STATE_UNCHANGED;
+ }
+
/* Don't schedule padding if we are currently in dormant mode. */
if (!is_participating_on_network()) {
log_info(LD_CIRC, "Not scheduling padding because we are dormant.");
{
/* If padding is disabled, no machines should match/apply. This has
* the effect of shutting down all machines, and not adding any more. */
- if (circpad_padding_disabled)
+ if (circpad_padding_disabled || !get_options()->CircuitPadding)
return 0;
if (!(circpad_circ_purpose_to_mask(TO_CIRCUIT(circ)->purpose)
projects / thirdparty / tor.git / commitdiff
