Be even more aggressive about separating local traffic from relayed

    - New ConstrainedSockets option to set SO_SNDBUF and SO_RCVBUF on TCP

      sockets. Hopefully useful for Tor servers running on "vserver"

      accounts. (Patch from coderman.)

    - Be even more aggressive about separating local traffic from relayed

      traffic when RelayBandwidthRate is set. (Refines proposal 111.)

  o Security fixes:

    - Directory authorities now call routers Fast if their bandwidth is

  (Gosh. How could UDP designs possibly be compatible with rate limiting

  with multiple bucket sizes?)

  Option 4: ?

  Option 4: put both classes of circuits over a single connection, and

  keep track of the last time we read or wrote a high-priority cell. If

  it's been less than N seconds, give the whole connection high priority,

  else give the whole connection low priority.

  Option 5: put both classes of circuits over a single connection, and

  play a complex juggling game by periodically telling the remote side

  what rate limits to set for that connection, so you end up giving

  priority to the right connections but still stick to roughly your

  intended bandwidthrate and relaybandwidthrate.

  Option 6: ?

Prognosis:

  Of the above options, only option 2 can actually be built and achieve

  what we want. So that's it by default, unless we can come up with

  something better.

  Nick really didn't like option 2 because of the partitioning questions.

  I've put option 4 into place as of Tor 0.2.0.3-alpha.

  In terms of implementation, it will be easy: just add a bit to

  or_connection_t that specifies priority_traffic (used by the initiator

  of the connection to ignore that connection when relaying a create

  request), and another bit that specifies client_only (used by a

  receiving Tor server so it can ignore that connection when sending

  create requests).

  In terms of implementation, it will be easy: just add a time_t to

  or_connection_t that specifies client_used (used by the initiator

  of the connection to rate limit it differently depending on how

  recently the time_t was reset). We currently update client_used

  in three places:

    - command_process_relay_cell() when we receive a relay cell for

      an origin circuit.

    - relay_send_command_from_edge() when we send a relay cell for

      an origin circuit.

    - circuit_deliver_create_cell() when send a create cell.

  We could probably remove the third case and it would still work,

  but hey.

[Not writing the rest of the proposal until we sort out which option

we'll take.]

  append_cell_to_circuit_queue(circ, circ->n_conn, &cell, CELL_DIRECTION_OUT);

  /* mark it so it gets better rate limiting treatment. */

  circ->n_conn->client_used = 1;

  circ->n_conn->client_used = time(NULL);

  return 0;

}

  }

}

/** Return 1 if there are any origin circuits that use

 * <b>conn</b> as there first hop. Else return 0. */

static int

circuit_any_origin_circs_on_conn(or_connection_t *conn)

{

  circuit_t *circ;

  for (circ=global_circuitlist; circ; circ = circ->next) {

    if (CIRCUIT_IS_ORIGIN(circ) &&

        !circ->marked_for_close &&

        circ->n_conn == conn)

      return 1;

  }

  return 0;

}

/** Mark <b>circ</b> to be closed next time we call

 * circuit_close_all_marked(). Do any cleanup needed:

 *   - If state is onionskin_pending, remove circ from the onion_pending

  circ->marked_for_close = line;

  circ->marked_for_close_file = file;

  if (CIRCUIT_IS_ORIGIN(circ)) {

    if (circ->n_conn && circ->n_conn->client_used) {

      circ->n_conn->client_used =

        circuit_any_origin_circs_on_conn(circ->n_conn);

    }

  } else {

  if (!CIRCUIT_IS_ORIGIN(circ)) {

    or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);

    if (or_circ->rend_splice) {

      if (!or_circ->rend_splice->_base.marked_for_close) {

    return;

  }

  if (CIRCUIT_IS_ORIGIN(circ)) {

    /* if we're a server and treating connections with recent local

     * traffic better, then this is one of them. */

    conn->client_used = time(NULL);

  }

  if (!CIRCUIT_IS_ORIGIN(circ) &&

      cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id)

    direction = CELL_DIRECTION_OUT;