-
Notifications
You must be signed in to change notification settings - Fork 2
Home
This repository holds various prototype algorithms and protocols I developed for Tor while working on Tor research publications. There are several branches that hold various additions to Tor for various Tor versions. Explanations are below. Please keep in mind that this code represents research prototypes and as such is not guaranteed to work in all cases.
Each branch shows the algorithm has been implemented or ported. Tags are created on each branch for specific versions of Tor. For example, a diff of the origin throttle-bitsplit-0.2.2.15-alpha tag and the tor tor-0.2.2.15-alpha tag should produce a patch with code added for the bitsplitting algorithm.
To get up and running:
$ git clone [email protected]:robgjansen/tor.git
$ cd tor
$ git remote add tor https://git.torproject.org/tor.git
$ git fetch tor
To view the tags:
$ git tag -l
$ git ls-remote --tags origin
To view the branches:
$ git branch -r | grep origin
Bitsplitting algorithm for adaptive throttling (from the 2012 USENIX Security paper). Guard-to-client connections are throttled by fairly splitting bandwidth among all such connections. The algorithm adaptively modifies the per-connection bandwidth rate settings and can be enabled by setting the PerConnSplitBits config option to a non-zero value.
Fingerprinting algorithm for adaptive throttling (from the 2012 USENIX Security paper). If PerConnBWFingerprint is non-zero, guard-to-client connections are flagged if they use more than the FairEWMA portion of the bandwidth, the EWMA a connection would have if it was using exactly its fair share of bandwidth over time. Flagged connections are throttled at the PerConnBWFingerprint rate, until their EWMA falls below (PerConnBWPenalty * FairEWMA).
PerConnBWFingerprint and PerConnBWPenalty are config options, and disabled by default.
This algorithm requires each connection to track EWMA. The EWMA halflife for these connections can be set with PerConnHalflife and is used the same way as CircuitPriorityHalflife. PerConnHalflife defaults to 30 if not set and PerConnBWFingerprint is enabled.
PerConnHalflife cell counters can be tracked over time by setting config PerConnHalflifeVerbose to non-zero. This results in a log entry EVERY time the token buckets are refilled, so use with caution.
Threshold algorithm for adaptive throttling (from the 2012 USENIX Security paper). Adaptively select the loudest config PerConnBWThreshold percent of connections and throttle them to the average throughput of the connection represented by PerConnBWThreshold (if PerConnBWThreshold is 10 and there are 100 connections, the throttle rate for the 10 loudest connections is the throughput of the 10th loudest connection).
Never throttle below config PerConnBWFloor Bps no matter what.
Throughputs for each connections are computed over the last config PerConnBWRefresh seconds.
Requires per-connection EWMA, so PerConnHalflife will be defaulted to 30 if not set and PerConnBWThreshold is enabled. PerConnHalflifeVerbose config can be set to non-zero to log per-connection cell counts over time. Use with caution as it generates lots of log entries.
This branch contains a prototype of the LIRA incentive scheme (from the 2013 NDSS paper), which depends primarily on a 'Proportional Delay Differentiation" scheduling approach. In PDD, traffic is categorized by service classes. The scheduler computes the proportional average delay (PAD) of each service class, and the waiting time priority (WTP) of the longest waiting cell in each class. The class priority is then a weighted combination of PAD and WTP. A parameter specifies the weight as a fraction F, such that: priority = (F * PAD) + ((1-F) * WTP). Therefore, F=0 reduces to pure WTP scheduling, and F=1 reduces to pure PAD scheduling. It is recommended to keep 0 < F < 1 to take advantage of both scheduling approaches, in order to maintain the delay differentiation ratios in both short and long timescales.
This branch contains a prototype of the Kernel-Informed Socket Transport (KIST) scheduling scheme (from the 2014 USENIX Security paper). KIST employs two new techniques: first, it schedules across all sockets that are pending writes at the same time, and writes cells according to the priority of all circuits that could be written at the same time; and second, it limits the amount that gets written to the kernel using the congestion window and unacked packet count from each socket.
This branch contains a prototype of the Trust-Aware Path Selection (TAPS) path selection scheme (from the 2017 NDSS paper). TAPS builds paths using models of trust, and attempts to limit circuit compromise by avoiding untrusted relays and links while still balancing load across the network.
This branch contains a prototype of the PeerFlow traffic measurement and load balancing scheme (from the 2017 PoPETs paper). In PeerFlow, relays measure the number of bytes they are sending and receiving to and from other relays, and report that information to an authority who will use it to compute Tor consensus weights.
This branch contains an example of how to use the libkqtime library in Tor in order to track the queuing time of bytes through the kernel.
Branches created and maintained by The Tor Project.
To start a new branch:
$ git checkout -b throttle-bitsplit tor-0.2.2.15-alpha
$ git push origin throttle-bitsplit
<make changes on the new branch, relative to the tagged Tor version>
$ git tag -s throttle-bitsplit-0.2.2.15-alpha throttle-bitsplit
$ git push origin throttle-bitsplit-0.2.2.15-alpha
To forward-port an existing branch:
$ git branch 0.2.3.8-alpha tor-0.2.3.8-alpha
$ git checkout throttle-bitsplit
$ git merge 0.2.3.8-alpha
<fix conflicts>
$ git commit
$ git tag -s throttle-bitsplit-0.2.3.8-alpha throttle-bitsplit
$ git push origin throttle-bitsplit-0.2.3.8-alpha
To re-tag after changes (this should be avoided):
$ git tag -d throttle-bitsplit-0.2.3.8-alpha
$ git push origin :refs/tags/throttle-bitsplit-0.2.3.8-alpha
$ git tag -s throttle-bitsplit-0.2.3.8-alpha throttle-bitsplit
$ git push origin throttle-bitsplit-0.2.3.8-alpha