Scott Bennett wrote:
For Wondows, CFosSpeed handles priority. It is not a firewall, its primary goal is traffic prioritization. It is largely diffused in the P2P community to avoid the problem of uploads cannibalizing downloads (ACK prioritization), to permit browsing while heavy downloads are going in the background, etc.On Sat, 02 Feb 2008 18:08:26 -0800 "F. Fox" <kitsune.or@xxxxxxxxx> wrote:Chad Z. Hower aka Kudzu wrote: (snip)Does TOR implement QOS or prioritization? That is only use bandwidth when other traffic is not present?This can be done further upstream of the Tor server, as long as the server is on a dedicated machine. Just set the switch up to put the Tor server's port in Low priority mode.That works for connections coming into the server, but not for outbound connections made by the server, so one can control only part of the traffic that way. Control over some of the connections initiated by the server by managing the traffic to and from the most common choices of remote ports, but there isn't a good way to do that for all remote tor servers. A further refinement might be to add specific QoS rules for the short list of very high-bandwidth servers and for the directory authorities. Some Windows firewall software does allow identification of traffic to and from specific application programs, but I'm not aware of any that handle QoS that way.
For Linux, for outbound traffic, there are many options:tc can be used to handle the priority, but first we need the filters that select Tor traffic
filters:a, port based, as it was said before, is difficult since ports can be modified by Tor servers. A filter for 9051 and 9001 would do most of the job, if people leave it on default, but I don't know whether this is the case. Otherwise, a nice long list of destination addresses and ports could be created, even automatically, but that's kind of rude.
b, iptables has an owner module, which could do the job in some cases: --cmd-owner nameMatches if the packet was created by a process with the given command name. (this option is present only if iptables was com-
piled under a kernel supporting this feature) NOTE: pid, sid and command matching are broken on SMPc, filters can be based on the TOS field, which can be set as a socket option. This means a small modification to the Tor code, like adding one line of setsockopt.
Csaba