Scoped Bandwidth Accounting
Summary
Last discussed in #8276 (closed), I feel it would be quite useful to allow AccountingMax to both ignore and avoid impacting onion services. Running a relay and hidden onion service on the same node is obviously a bad idea, but that's not who this would be for.
The way I see it, Tor's functionality can be cleanly separated into two categories: anonymous and non-anonymous. It is ill-advised to mix the two. Clients and standard/hidden onion services are anonymous, while relays, directories, and single onion services are not.
To take load off exit relays, I run single onion services for pretty much every server I operate. If I have space in my traffic quota, I also configure those instances as relays. If I only have some space, like with a VPS, I use AccountingMax to shut off the relay and avoid overage charges. Unfortunately, this shuts off the single onion services, which were the main reason I'm even running an instance there.
I don't want to choose between donating spare bandwidth and optimizing my servers for Tor clients, and I certainly don't want the added complexity and overhead of running multiple Tor instances. Previous discussions have indicated that this would be difficult to implement due to how Tor is coded, but I think this should be considered for Arti's shiny new codebase.
What is the expected behavior?
There are two ways this could be configured:
- Add more AccountingRule options, such as "relay-out", that only apply to relay traffic
- Add a new option, "AccountingScope", with options such as "client", "onion-service", and most importantly "relay", which further constrain "AccountingRule"
I think #2 would be cleanest.
Once the limit is hit, Tor will hibernate only the functionality that is tracked under "AccountingScope". This obviously means that the instance would go over that budget, but anyone setting this should be fully aware of that. In theory you could add an additional option that controls whether everything is hibernated even with scoped accounting, but I can't conceive of a use case for that.