Tweaks to Cagara's CountPrivateBandwidth patch:

- Document it in the manpage
  - Add a changes entry
  - No need to log when it is set: we don't log for other options.
  - Use doxygen to document the new flag.
  - Test truth of C variables with "if (x)", not "if (x == 1)".
  - Simplify a complex boolean expression by breaking it up.

changes/bug2559

@@ -0,0 +1,6 @@
+  o Minor features:
+    - Ordinarily, Tor does not count traffic from private addresses
+      (like 127.0.0.1 or 10.0.0.1) when calculating rate limits or
+      accounting.  There is now a new option, CountPrivateBandwidth, to
+      disable this behavior.  Patch from Daniel Cagara.
+

doc/tor.1.txt

@@ -437,6 +437,12 @@ Other options can be specified either on the command-line (--option
     and you're running on Windows, setting this option to 1 will tell Libevent
     not to use the Windows IOCP networking API.  (Default: 1)
 
+**CountPrivateBandwidth** **0**|**1**::
+    If this option is set, then Tor's rate-limiting applies not only to
+    remote connections, but also to connections to private addresses like
+    127.0.0.1 or 10.0.0.1.  This is mostly useful for debugging
+    rate-limiting.  (Default: 0)
+
 CLIENT OPTIONS
 --------------
 
@@ -1342,6 +1348,7 @@ The following options are used for running a testing Tor network.
        AuthDirMaxServersPerAuthAddr 0
        ClientDNSRejectInternalAddresses 0
        ClientRejectInternalAddresses 0
+       CountPrivateBandwidth 1
        ExitPolicyRejectPrivate 0
        V3AuthVotingInterval 5 minutes
        V3AuthVoteDelay 20 seconds

src/or/config.c

@@ -2958,11 +2958,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
   tor_assert(msg);
   *msg = NULL;
 
-  // Cagara: Tell us if we use the private network fix!
-  if(options->CountPrivateBandwidth == 1) {
-      log_notice(LD_CONFIG, "Private bandwidth will be treated as normal traffic.");
-  }
-
   if (options->ORPort < 0 || options->ORPort > 65535)
     REJECT("ORPort option out of bounds.");
 

src/or/connection.c

@@ -1954,10 +1954,12 @@ static int
 connection_is_rate_limited(connection_t *conn)
 {
   or_options_t *options = get_options();
-  if (conn->linked || /* internal connection */
-      (options->CountPrivateBandwidth==1 && ( tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
-      tor_addr_is_internal(&conn->addr, 0)))) /* internal address */
-    return 0;
+  if (conn->linked)
+    return 0; /* Internal connection */
+  else if (options->CountPrivateBandwidth &&
+           (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
+            tor_addr_is_internal(&conn->addr, 0)))
+    return 0; /* Internal address */
   else
     return 1;
 }

src/or/or.h

@@ -2868,8 +2868,9 @@ typedef struct {
   /** Boolean: if set, we start even if our resolv.conf file is missing
    * or broken. */
   int ServerDNSAllowBrokenConfig;
-  int CountPrivateBandwidth; // Cagara: Flag to allow private addresses counting to bucket size
-
+  /** Boolean: if set, then even connections to private addresses will get
+   * rate-limited. */
+  int CountPrivateBandwidth;
   smartlist_t *ServerDNSTestAddresses; /**< A list of addresses that definitely
                                         * should be resolvable. Used for
                                         * testing our DNS server. */