[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Not using slow circuits (was Re: Tor slow no matter what I do.)

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Not using slow circuits (was Re: Tor slow no matter what I do.)
From: Csaba Kiraly <kiraly@xxxxxxxxxxxx>
Date: Sun, 03 Feb 2008 09:40:49 +0100
Cc: "F. Fox" <kitsune.or@xxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 03 Feb 2008 03:40:58 -0500
In-reply-to: <200802030641.m136fXx9004353@xxxxxxxxxxxxx>
References: <200802030641.m136fXx9004353@xxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.14 (Windows/20071210)

Scott Bennett wrote:

     On Sat, 02 Feb 2008 18:08:26 -0800 "F. Fox" <kitsune.or@xxxxxxxxx>
wrote:

Chad Z. Hower aka Kudzu wrote:
(snip)

Does TOR implement QOS or prioritization? That is only use bandwidth when
other traffic is not present?

This can be done further upstream of the Tor server, as long as the
server is on a dedicated machine. Just set the switch up to put the Tor
server's port in Low priority mode.


     That works for connections coming into the server, but not for
outbound connections made by the server, so one can control only part of
the traffic that way.  Control over some of the connections initiated by
the server by managing the traffic to and from the most common choices
of remote ports, but there isn't a good way to do that for all remote tor
servers.  A further refinement might be to add specific QoS rules for the
short list of very high-bandwidth servers and for the directory authorities.
     Some Windows firewall software does allow identification of traffic
to and from specific application programs, but I'm not aware of any that
handle QoS that way.

For Wondows, CFosSpeed handles priority. It is not a firewall, itsprimary goal is traffic prioritization. It is largely diffused in theP2P community to avoid the problem of uploads cannibalizing downloads(ACK prioritization), to permit browsing while heavy downloads are goingin the background, etc.


For Linux, for outbound traffic, there are many options:

tc can be used to handle the priority, but first we need the filtersthat select Tor traffic


filters:

a, port based, as it was said before, is difficult since ports can bemodified by Tor servers. A filter for 9051 and 9001 would do most of thejob, if people leave it on default, but I don't know whether this is thecase. Otherwise, a nice long list of destination addresses and portscould be created, even automatically, but that's kind of rude.


b, iptables has an owner module, which could do the job in some cases:

   --cmd-owner name

Matches if the packet was created by a process with thegivencommand name. (this option is present only if iptableswas com-

             piled under a kernel supporting this feature)

      NOTE: pid, sid and command matching are broken on SMP

c, filters can be based on the TOS field, which can be set as a socketoption. This means a small modification to the Tor code, like adding oneline of setsockopt.


Csaba

References:
- Re: Not using slow circuits (was Re: Tor slow no matter what I do.)
  - From: Scott Bennett

Prev by Author: Re: Not using slow circuits (was Re: Tor slow no matter what I do.)
Next by Author: Re: iptables and tor
Previous by thread: Re: Not using slow circuits (was Re: Tor slow no matter what I do.)
Next by thread: Fastmail.fm better E-mail for Tor users than Gmail? HTTPS!
Index(es):
- Author
- Thread