Bug 28693: Provide Torrc option to disable circuit padding.

2024-11-27 22:03:31 +01:00 · 2019-04-17 05:51:39 +00:00 · 2019-04-17 05:51:39 +00:00 · f4064d6ce2
commit f4064d6ce2
parent 17a164a827
4 changed files with 49 additions and 10 deletions
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@ -955,6 +955,14 @@ The following options are useful only for clients (that is, if
    this option. This option should be offered via the UI to mobile users
    for use where bandwidth may be expensive. (Default: 0)

+[[CircuitPadding]] **CircuitPadding** **0**|**1**::
+    If set to 0, Tor will not pad client circuits with additional cover
+    traffic. Only clients may set this option. This option should be offered
+    via the UI to mobile users for use where bandwidth may be expensive. If
+    set to 1, padding will be negotiated as per the consensus and relay
+    support (unlike ConnectionPadding, CircuitPadding cannot be force-enabled).
+    (Default: 1)
+
 [[ExcludeNodes]] **ExcludeNodes** __node__,__node__,__...__::
    A list of identity fingerprints, country codes, and address
    patterns of nodes to avoid when building a circuit. Country codes are
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@ -596,6 +596,7 @@ static config_var_t option_vars_[] = {
  V(ReducedConnectionPadding,    BOOL,     "0"),
  V(ConnectionPadding,           AUTOBOOL, "auto"),
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
+  V(CircuitPadding,              BOOL,     "1"),
  V(RejectPlaintextPorts,        CSV,      ""),
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
@ -3741,6 +3742,10 @@ options_validate(or_options_t *old_options, or_options_t *options,
    REJECT("Relays cannot set ReducedConnectionPadding. ");
  }

+  if (server_mode(options) && options->CircuitPadding == 0) {
+    REJECT("Relays cannot set CircuitPadding to 0. ");
+  }
+
  if (options->BridgeDistribution) {
    if (!options->BridgeRelay) {
      REJECT("You set BridgeDistribution, but you didn't set BridgeRelay!");
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@ -248,6 +248,11 @@ struct or_options_t {
   * pad to the server regardless of server support. */
  int ConnectionPadding;

+  /** Boolean: if true, then circuit padding will be negotiated by client
+   * and server, subject to consenus limits (default). If 0, it will be fully
+   * disabled. */
+  int CircuitPadding;
+
  /** To what authority types do we publish our descriptor? Choices are
   * "v1", "v2", "v3", "bridge", or "". */
  struct smartlist_t *PublishServerDescriptor;
--- a/src/core/or/circuitpadding.c
+++ b/src/core/or/circuitpadding.c
@ -1099,6 +1099,24 @@ circpad_new_consensus_params(const networkstatus_t *ns)
         CIRCWINDOW_START_MAX, 0, 50*CIRCWINDOW_START_MAX);
 }

+/**
+ * Return true if padding is allowed by torrc and consensus.
+ */
+STATIC bool
+circpad_is_padding_allowed(void)
+{
+  /* If padding has been disabled in the consensus, don't send any more
+   * padding. Technically the machine should be shut down when the next
+   * machine condition check happens, but machine checks only happen on
+   * certain circuit events, and if padding is disabled due to some
+   * network overload or DoS condition, we really want to stop ASAP. */
+  if (circpad_padding_disabled || !get_options()->CircuitPadding) {
+    return 0;
+  }
+
+  return 1;
+}
+
 /**
 * Check this machine against its padding limits, as well as global
 * consensus limits.
@ -1117,15 +1135,6 @@ circpad_machine_reached_padding_limit(circpad_machine_runtime_t *mi)
 {
  const circpad_machine_spec_t *machine = CIRCPAD_GET_MACHINE(mi);

-  /* If padding has been disabled in the consensus, don't send any more
-   * padding. Technically the machine should be shut down when the next
-   * machine condition check happens, but machine checks only happen on
-   * certain circuit events, and if padding is disabled due to some
-   * network overload or DoS condition, we really want to stop ASAP. */
-  if (circpad_padding_disabled) {
-    return 1;
-  }
-
  /* If machine_padding_pct is non-zero, and we've sent more
   * than the allowed count of padding cells, then check our
   * percent limits for this machine. */
@ -1176,6 +1185,18 @@ circpad_machine_schedule_padding,(circpad_machine_runtime_t *mi))
  struct timeval timeout;
  tor_assert(mi);

+  /* Don't schedule padding if it is disabled */
+  if (!circpad_is_padding_allowed()) {
+    static ratelim_t padding_lim = RATELIM_INIT(600);
+    log_fn_ratelim(&padding_lim,LOG_INFO,LD_CIRC,
+         "Padding has been disabled, but machine still on circuit %"PRIu64
+         ", %d",
+         mi->on_circ->n_chan ? mi->on_circ->n_chan->global_identifier : 0,
+         mi->on_circ->n_circ_id);
+
+    return CIRCPAD_STATE_UNCHANGED;
+  }
+
  /* Don't schedule padding if we are currently in dormant mode. */
  if (!is_participating_on_network()) {
    log_info(LD_CIRC, "Not scheduling padding because we are dormant.");
@ -1638,7 +1659,7 @@ circpad_machine_conditions_met(origin_circuit_t *circ,
 {
  /* If padding is disabled, no machines should match/apply. This has
   * the effect of shutting down all machines, and not adding any more. */
-  if (circpad_padding_disabled)
+  if (circpad_padding_disabled || !get_options()->CircuitPadding)
    return 0;

  if (!(circpad_circ_purpose_to_mask(TO_CIRCUIT(circ)->purpose)