from the introduction-point relay and rendezvous circuits which
have been specified in an INTRODUCE1 cell sent to a hidden
service after the normal CBT; now, we mark them as 'timed out',
- and launch another rendezvous attempt in parallel. Fixes part
- of bug 1297.
+ and launch another rendezvous attempt in parallel. This
+ behaviour change can be disabled using the new
+ CloseHSClientCircuitsImmediatelyOnTimeout option. Fixes part of
+ bug 1297.
services can be configured to require authorization using the
**HiddenServiceAuthorizeClient** option.
+**CloseHSClientCircuitsImmediatelyOnTimeout** **0**|**1**::
+ If 1, Tor will close unfinished hidden service client circuits
+ which have not moved closer to connecting to their destination
+ hidden service when their internal state has not changed for the
+ duration of the current circuit-build timeout. Otherwise, such
+ circuits will be left open, in the hope that they will finish
+ connecting to their destination hidden services. In either case,
+ another set of introduction and rendezvous circuits for the same
+ destination hidden service will be launched. (Default: 0)
+
**LongLivedPorts** __PORTS__::
A list of ports for services that tend to have long-running connections
(e.g. chat and interactive shells). Circuits for streams that use these
}
}
- /* If this is a hidden-service circuit which is far enough along
- * in connecting to its destination, and we haven't already
- * flagged it as 'timed out', flag it as 'timed out' so we'll
- * launch another intro or rend circ, but don't mark it for close
- * yet.
+ /* If this is a hidden service client circuit which is far enough
+ * along in connecting to its destination, and we haven't already
+ * flagged it as 'timed out', and the user has not told us to
+ * close such circs immediately on timeout, flag it as 'timed out'
+ * so we'll launch another intro or rend circ, but don't mark it
+ * for close yet.
*
* (Circs flagged as 'timed out' are given a much longer timeout
* period above, so we won't close them in the next call to
* circuit_expire_building.) */
- if (!(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)) {
+ if (!(options->CloseHSClientCircuitsImmediatelyOnTimeout) &&
+ !(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)) {
switch (victim->purpose) {
case CIRCUIT_PURPOSE_C_REND_READY:
/* We only want to spare a rend circ if it has been specified in
V(HidServAuth, LINELIST, NULL),
V(HSAuthoritativeDir, BOOL, "0"),
OBSOLETE("HSAuthorityRecordStats"),
+ V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
V(HTTPProxy, STRING, NULL),
V(HTTPProxyAuthenticator, STRING, NULL),
V(HTTPSProxy, STRING, NULL),
* circuits.) */
int Tor2webMode;
+ /** Close hidden service client circuits immediately when they reach
+ * the normal circuit-build timeout, even if they have already sent
+ * an INTRODUCE1 cell on its way to the service. */
+ int CloseHSClientCircuitsImmediatelyOnTimeout;
+
int ConnLimit; /**< Demanded minimum number of simultaneous connections. */
int _ConnLimit; /**< Maximum allowed number of simultaneous connections. */
int RunAsDaemon; /**< If true, run in the background. (Unix only) */
projects / thirdparty / tor.git / commitdiff
