Add an option to close 'almost-connected' HS client circs on timeout

3 files changed, 14 insertions, 6 deletions

diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 58d8aa6dcf..d9d95bc68a 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -511,16 +511,18 @@ circuit_expire_building(void)
       }
     }
 
-    /* If this is a hidden-service circuit which is far enough along
-     * in connecting to its destination, and we haven't already
-     * flagged it as 'timed out', flag it as 'timed out' so we'll
-     * launch another intro or rend circ, but don't mark it for close
-     * yet.
+    /* If this is a hidden service client circuit which is far enough
+     * along in connecting to its destination, and we haven't already
+     * flagged it as 'timed out', and the user has not told us to
+     * close such circs immediately on timeout, flag it as 'timed out'
+     * so we'll launch another intro or rend circ, but don't mark it
+     * for close yet.
      *
      * (Circs flagged as 'timed out' are given a much longer timeout
      * period above, so we won't close them in the next call to
      * circuit_expire_building.) */
-    if (!(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)) {
+    if (!(options->CloseHSClientCircuitsImmediatelyOnTimeout) &&
+        !(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)) {
       switch (victim->purpose) {
       case CIRCUIT_PURPOSE_C_REND_READY:
         /* We only want to spare a rend circ if it has been specified in
diff --git a/src/or/config.c b/src/or/config.c
index 521f760051..3374459b40 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -306,6 +306,7 @@ static config_var_t _option_vars[] = {
   V(HidServAuth,                 LINELIST, NULL),
   V(HSAuthoritativeDir,          BOOL,     "0"),
   OBSOLETE("HSAuthorityRecordStats"),
+  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
   V(HTTPProxy,                   STRING,   NULL),
   V(HTTPProxyAuthenticator,      STRING,   NULL),
   V(HTTPSProxy,                  STRING,   NULL),
diff --git a/src/or/or.h b/src/or/or.h
index 63eb64c814..d84f04b250 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3057,6 +3057,11 @@ typedef struct {
    * circuits.) */
   int Tor2webMode;
 
+  /** Close hidden service client circuits immediately when they reach
+   * the normal circuit-build timeout, even if they have already sent
+   * an INTRODUCE1 cell on its way to the service. */
+  int CloseHSClientCircuitsImmediatelyOnTimeout;
+
   int ConnLimit; /**< Demanded minimum number of simultaneous connections. */
   int _ConnLimit; /**< Maximum allowed number of simultaneous connections. */
   int RunAsDaemon; /**< If true, run in the background. (Unix only) */