From 078e3e9dd59520b7f40a126a91e89eba91098c49 Mon Sep 17 00:00:00 2001
From: Robert Ransom <rransom.8774@gmail.com>
Date: Sat, 24 Dec 2011 00:46:37 -0800
Subject: [PATCH] Add an option to close 'almost-connected' HS client circs on
 timeout

---
 changes/bug1297b    |  6 ++++--
 doc/tor.1.txt       | 10 ++++++++++
 src/or/circuituse.c | 14 ++++++++------
 src/or/config.c     |  1 +
 src/or/or.h         |  5 +++++
 5 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/changes/bug1297b b/changes/bug1297b
index 2b2754adda..28b7564e25 100644
--- a/changes/bug1297b
+++ b/changes/bug1297b
@@ -7,6 +7,8 @@
       from the introduction-point relay and rendezvous circuits which
       have been specified in an INTRODUCE1 cell sent to a hidden
       service after the normal CBT; now, we mark them as 'timed out',
-      and launch another rendezvous attempt in parallel.  Fixes part
-      of bug 1297.
+      and launch another rendezvous attempt in parallel.  This
+      behaviour change can be disabled using the new
+      CloseHSClientCircuitsImmediatelyOnTimeout option.  Fixes part of
+      bug 1297.
 
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index b373678d9c..f9425737b8 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -683,6 +683,16 @@ The following options are useful only for clients (that is, if
     services can be configured to require authorization using the 
     **HiddenServiceAuthorizeClient** option.
 
+**CloseHSClientCircuitsImmediatelyOnTimeout** **0**|**1**::
+    If 1, Tor will close unfinished hidden service client circuits
+    which have not moved closer to connecting to their destination
+    hidden service when their internal state has not changed for the
+    duration of the current circuit-build timeout.  Otherwise, such
+    circuits will be left open, in the hope that they will finish
+    connecting to their destination hidden services.  In either case,
+    another set of introduction and rendezvous circuits for the same
+    destination hidden service will be launched. (Default: 0)
+
 **LongLivedPorts** __PORTS__::
     A list of ports for services that tend to have long-running connections
     (e.g. chat and interactive shells). Circuits for streams that use these
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 58d8aa6dcf..d9d95bc68a 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -511,16 +511,18 @@ circuit_expire_building(void)
       }
     }
 
-    /* If this is a hidden-service circuit which is far enough along
-     * in connecting to its destination, and we haven't already
-     * flagged it as 'timed out', flag it as 'timed out' so we'll
-     * launch another intro or rend circ, but don't mark it for close
-     * yet.
+    /* If this is a hidden service client circuit which is far enough
+     * along in connecting to its destination, and we haven't already
+     * flagged it as 'timed out', and the user has not told us to
+     * close such circs immediately on timeout, flag it as 'timed out'
+     * so we'll launch another intro or rend circ, but don't mark it
+     * for close yet.
      *
      * (Circs flagged as 'timed out' are given a much longer timeout
      * period above, so we won't close them in the next call to
      * circuit_expire_building.) */
-    if (!(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)) {
+    if (!(options->CloseHSClientCircuitsImmediatelyOnTimeout) &&
+        !(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)) {
       switch (victim->purpose) {
       case CIRCUIT_PURPOSE_C_REND_READY:
         /* We only want to spare a rend circ if it has been specified in
diff --git a/src/or/config.c b/src/or/config.c
index 521f760051..3374459b40 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -306,6 +306,7 @@ static config_var_t _option_vars[] = {
   V(HidServAuth,                 LINELIST, NULL),
   V(HSAuthoritativeDir,          BOOL,     "0"),
   OBSOLETE("HSAuthorityRecordStats"),
+  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
   V(HTTPProxy,                   STRING,   NULL),
   V(HTTPProxyAuthenticator,      STRING,   NULL),
   V(HTTPSProxy,                  STRING,   NULL),
diff --git a/src/or/or.h b/src/or/or.h
index 63eb64c814..d84f04b250 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3057,6 +3057,11 @@ typedef struct {
    * circuits.) */
   int Tor2webMode;
 
+  /** Close hidden service client circuits immediately when they reach
+   * the normal circuit-build timeout, even if they have already sent
+   * an INTRODUCE1 cell on its way to the service. */
+  int CloseHSClientCircuitsImmediatelyOnTimeout;
+
   int ConnLimit; /**< Demanded minimum number of simultaneous connections. */
   int _ConnLimit; /**< Maximum allowed number of simultaneous connections. */
   int RunAsDaemon; /**< If true, run in the background. (Unix only) */