Add an option to close HS service-side rend circs on timeout

diff --git a/changes/bug1297b b/changes/bug1297b
index 9cf2597b02d758c1461c84ca8c26f5be4baa67f3..fb0d00cabf457c03aaf77ee0944cd44505a3ba61 100644 (file)
--- a/changes/bug1297b
+++ b/changes/bug1297b
@@ -14,5 +14,7 @@
 
     - Don't close hidden-service-side rendezvous circuits when they
       reach the normal circuit-build timeout.  Previously, we would
-      close them.  Fixes the remaining part of bug 1297.
+      close them.  This behaviour change can be disabled using the new
+      CloseHSServiceRendCircuitsImmediatelyOnTimeout option.  Fixes
+      the remaining part of bug 1297.
 

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index f9425737b852609a17373daece134016285e6d8b..91a7c69a568897424d4e14990e1fec7ce6672d75 100644 (file)
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -693,6 +693,14 @@ The following options are useful only for clients (that is, if
     another set of introduction and rendezvous circuits for the same
     destination hidden service will be launched. (Default: 0)
 
+**CloseHSServiceRendCircuitsImmediatelyOnTimeout** **0**|**1**::
+    If 1, Tor will close unfinished hidden-service-side rendezvous
+    circuits after the current circuit-build timeout.  Otherwise, such
+    circuits will be left open, in the hope that they will finish
+    connecting to their destinations.  In either case, another
+    rendezvous circuit for the same destination client will be
+    launched. (Default: 0)
+
 **LongLivedPorts** __PORTS__::
     A list of ports for services that tend to have long-running connections
     (e.g. chat and interactive shells). Circuits for streams that use these

diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 9778ae7b2976853dd88da01f98ff30c1bb8e50d3..c07d434b7c67bd498dda3f242fead20aa7d35b5f 100644 (file)
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -553,7 +553,8 @@ circuit_expire_building(void)
     /* If this is a service-side rendezvous circuit which is far
      * enough along in connecting to its destination, consider sparing
      * it. */
-    if (!(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out) &&
+    if (!(options->CloseHSServiceRendCircuitsImmediatelyOnTimeout) &&
+        !(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out) &&
         victim->purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) {
       log_info(LD_CIRC,"Marking circ %s:%d:%d (state %d:%s, purpose %d) "
                "as timed-out HS circ; relaunching rendezvous attempt.",

diff --git a/src/or/config.c b/src/or/config.c
index 3374459b4066cdffcc76e9beefae0fbf26656ba7..da4f3c195bbd640a43084a8655e3378586389246 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -307,6 +307,7 @@ static config_var_t _option_vars[] = {
   V(HSAuthoritativeDir,          BOOL,     "0"),
   OBSOLETE("HSAuthorityRecordStats"),
   V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
+  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
   V(HTTPProxy,                   STRING,   NULL),
   V(HTTPProxyAuthenticator,      STRING,   NULL),
   V(HTTPSProxy,                  STRING,   NULL),

diff --git a/src/or/or.h b/src/or/or.h
index 3ac8b925160f1b7018335ac170b5cd35d26e22b5..e246ac42e2856fcbf8f8a07fe8ab3a06cc970048 100644 (file)
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3066,6 +3066,10 @@ typedef struct {
    * an INTRODUCE1 cell on its way to the service. */
   int CloseHSClientCircuitsImmediatelyOnTimeout;
 
+  /** Close hidden-service-side rendezvous circuits immediately when
+   * they reach the normal circuit-build timeout. */
+  int CloseHSServiceRendCircuitsImmediatelyOnTimeout;
+
   int ConnLimit; /**< Demanded minimum number of simultaneous connections. */
   int _ConnLimit; /**< Maximum allowed number of simultaneous connections. */
   int RunAsDaemon; /**< If true, run in the background. (Unix only) */