[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Not using slow circuits (was Re: Tor slow no matter what I do.)
Scott Bennett wrote:
For Wondows, CFosSpeed handles priority. It is not a firewall, its
primary goal is traffic prioritization. It is largely diffused in the
P2P community to avoid the problem of uploads cannibalizing downloads
(ACK prioritization), to permit browsing while heavy downloads are going
in the background, etc.
On Sat, 02 Feb 2008 18:08:26 -0800 "F. Fox" <kitsune.or@xxxxxxxxx>
Chad Z. Hower aka Kudzu wrote:
Does TOR implement QOS or prioritization? That is only use bandwidth when
other traffic is not present?
This can be done further upstream of the Tor server, as long as the
server is on a dedicated machine. Just set the switch up to put the Tor
server's port in Low priority mode.
That works for connections coming into the server, but not for
outbound connections made by the server, so one can control only part of
the traffic that way. Control over some of the connections initiated by
the server by managing the traffic to and from the most common choices
of remote ports, but there isn't a good way to do that for all remote tor
servers. A further refinement might be to add specific QoS rules for the
short list of very high-bandwidth servers and for the directory authorities.
Some Windows firewall software does allow identification of traffic
to and from specific application programs, but I'm not aware of any that
handle QoS that way.
For Linux, for outbound traffic, there are many options:
tc can be used to handle the priority, but first we need the filters
that select Tor traffic
a, port based, as it was said before, is difficult since ports can be
modified by Tor servers. A filter for 9051 and 9001 would do most of the
job, if people leave it on default, but I don't know whether this is the
case. Otherwise, a nice long list of destination addresses and ports
could be created, even automatically, but that's kind of rude.
b, iptables has an owner module, which could do the job in some cases:
Matches if the packet was created by a process with the
command name. (this option is present only if iptables
piled under a kernel supporting this feature)
NOTE: pid, sid and command matching are broken on SMP
c, filters can be based on the TOS field, which can be set as a socket
option. This means a small modification to the Tor code, like adding one
line of setsockopt.