From f4064d6ce214b4b79017280a6c9db9b3f945ece1 Mon Sep 17 00:00:00 2001 From: Mike Perry Date: Wed, 17 Apr 2019 05:51:39 +0000 Subject: Bug 28693: Provide Torrc option to disable circuit padding. --- doc/tor.1.txt | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'doc/tor.1.txt') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index f992172405..6c125e3741 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -955,6 +955,14 @@ The following options are useful only for clients (that is, if this option. This option should be offered via the UI to mobile users for use where bandwidth may be expensive. (Default: 0) +[[CircuitPadding]] **CircuitPadding** **0**|**1**:: + If set to 0, Tor will not pad client circuits with additional cover + traffic. Only clients may set this option. This option should be offered + via the UI to mobile users for use where bandwidth may be expensive. If + set to 1, padding will be negotiated as per the consensus and relay + support (unlike ConnectionPadding, CircuitPadding cannot be force-enabled). + (Default: 1) + [[ExcludeNodes]] **ExcludeNodes** __node__,__node__,__...__:: A list of identity fingerprints, country codes, and address patterns of nodes to avoid when building a circuit. Country codes are -- cgit v1.2.3-54-g00ecf From 621ea2315b3f53a9ef4ace9f3f6cb2f03a241042 Mon Sep 17 00:00:00 2001 From: Mike Perry Date: Wed, 17 Apr 2019 06:09:06 +0000 Subject: Bug 29203: Provide ReducedCircuitPadding torrc and consensus params --- doc/tor.1.txt | 6 ++++++ src/app/config/config.c | 5 +++++ src/app/config/or_options_st.h | 6 ++++++ src/core/or/circuitpadding.c | 13 +++++++++++++ src/core/or/circuitpadding.h | 11 +++++++++++ 5 files changed, 41 insertions(+) (limited to 'doc/tor.1.txt') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 6c125e3741..13a85f995d 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -963,6 +963,12 @@ The following options are useful only for clients (that is, if support (unlike ConnectionPadding, CircuitPadding cannot be force-enabled). (Default: 1) +[[ReducedCircuitPadding]] **ReducedCircuitPadding** **0**|**1**:: + If set to 1, Tor will only use circuit padding algorithms that have low + overhead. Only clients may set this option. This option should be offered + via the UI to mobile users for use where bandwidth may be expensive. + (Default: 0) + [[ExcludeNodes]] **ExcludeNodes** __node__,__node__,__...__:: A list of identity fingerprints, country codes, and address patterns of nodes to avoid when building a circuit. Country codes are diff --git a/src/app/config/config.c b/src/app/config/config.c index 7ad970625a..1c7cb1d577 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -597,6 +597,7 @@ static config_var_t option_vars_[] = { V(ConnectionPadding, AUTOBOOL, "auto"), V(RefuseUnknownExits, AUTOBOOL, "auto"), V(CircuitPadding, BOOL, "1"), + V(ReducedCircuitPadding, BOOL, "0"), V(RejectPlaintextPorts, CSV, ""), V(RelayBandwidthBurst, MEMUNIT, "0"), V(RelayBandwidthRate, MEMUNIT, "0"), @@ -3746,6 +3747,10 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("Relays cannot set CircuitPadding to 0. "); } + if (server_mode(options) && options->ReducedCircuitPadding == 1) { + REJECT("Relays cannot set ReducedCircuitPadding. "); + } + if (options->BridgeDistribution) { if (!options->BridgeRelay) { REJECT("You set BridgeDistribution, but you didn't set BridgeRelay!"); diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 0fdeb94b4f..4e03bec7fa 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -253,6 +253,12 @@ struct or_options_t { * disabled. */ int CircuitPadding; + /** Boolean: if true, then this client will only use circuit padding + * algorithms that are known to use a low amount of overhead. If false, + * we will use all available circuit padding algorithms. + */ + int ReducedCircuitPadding; + /** To what authority types do we publish our descriptor? Choices are * "v1", "v2", "v3", "bridge", or "". */ struct smartlist_t *PublishServerDescriptor; diff --git a/src/core/or/circuitpadding.c b/src/core/or/circuitpadding.c index dcd8f645c4..8d2749906b 100644 --- a/src/core/or/circuitpadding.c +++ b/src/core/or/circuitpadding.c @@ -82,6 +82,7 @@ static double circpad_distribution_sample(circpad_distribution_t dist); /** Cached consensus params */ static uint8_t circpad_padding_disabled; +static uint8_t circpad_padding_reduced; static uint8_t circpad_global_max_padding_percent; static uint16_t circpad_global_allowed_cells; static uint16_t circpad_max_circ_queued_cells; @@ -1086,6 +1087,10 @@ circpad_new_consensus_params(const networkstatus_t *ns) networkstatus_get_param(ns, "circpad_padding_disabled", 0, 0, 1); + circpad_padding_reduced = + networkstatus_get_param(ns, "circpad_padding_reduced", + 0, 0, 1); + circpad_global_allowed_cells = networkstatus_get_param(ns, "circpad_global_allowed_cells", 0, 0, UINT16_MAX-1); @@ -1662,6 +1667,14 @@ circpad_machine_conditions_met(origin_circuit_t *circ, if (circpad_padding_disabled || !get_options()->CircuitPadding) return 0; + /* If the consensus or our torrc has selected reduced connection padding, + * then only allow this machine if it is flagged as acceptable under + * reduced padding conditions */ + if (circpad_padding_reduced || get_options()->ReducedCircuitPadding) { + if (!machine->conditions.reduced_padding_ok) + return 0; + } + if (!(circpad_circ_purpose_to_mask(TO_CIRCUIT(circ)->purpose) & machine->conditions.purpose_mask)) return 0; diff --git a/src/core/or/circuitpadding.h b/src/core/or/circuitpadding.h index bc2522c210..f00369eb0a 100644 --- a/src/core/or/circuitpadding.h +++ b/src/core/or/circuitpadding.h @@ -152,6 +152,17 @@ typedef struct circpad_machine_conditions_t { /** Only apply the machine *if* vanguards are enabled */ unsigned requires_vanguards : 1; + /** + * This machine is ok to use if reduced padding is set in consensus + * or torrc. This machine will still be applied even if reduced padding + * is not set; this flag only acts to exclude machines that don't have + * it set when reduced padding is requested. Therefore, reduced padding + * machines should appear at the lowest priority in the padding machine + * lists (aka first in the list), so that non-reduced padding machines + * for the same purpose are given a chance to apply when reduced padding + * is not requested. */ + unsigned reduced_padding_ok : 1; + /** Only apply the machine *if* the circuit's state matches any of * the bits set in this bitmask. */ circpad_circuit_state_t state_mask; -- cgit v1.2.3-54-g00ecf