xxx-separate-streams-by-port.txt 2.2 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061
  1. Filename: xxx-separate-streams-by-port.txt
  2. Title: Separate streams across circuits by destination port
  3. Version: $Revision$
  4. Last-Modified: $Date$
  5. Author: Robert Hogan
  6. Created: 21-Oct-2008
  7. Status: Draft
  8. Here's a patch Robert Hogan wrote to use only one destination port per
  9. circuit. It's based on a wishlist item Roger wrote, to never send AIM
  10. usernames over the same circuit that we're hoping to browse anonymously
  11. through. The remaining open question is: how many extra circuits does this
  12. cause an ordinary user to create? My guess is not very many, but I'm wary
  13. of putting this in until we have some better estimate. On the other hand,
  14. not putting it in means that we have a known security flaw. Hm.
  15. Index: src/or/or.h
  16. ===================================================================
  17. --- src/or/or.h (revision 17143)
  18. +++ src/or/or.h (working copy)
  19. @@ -1874,6 +1874,7 @@
  20. uint8_t state; /**< Current status of this circuit. */
  21. uint8_t purpose; /**< Why are we creating this circuit? */
  22. + uint16_t service; /**< Port conn must have to use this circuit. */
  23. /** How many relay data cells can we package (read from edge streams)
  24. * on this circuit before we receive a circuit-level sendme cell asking
  25. Index: src/or/circuituse.c
  26. ===================================================================
  27. --- src/or/circuituse.c (revision 17143)
  28. +++ src/or/circuituse.c (working copy)
  29. @@ -62,10 +62,16 @@
  30. return 0;
  31. }
  32. - if (purpose == CIRCUIT_PURPOSE_C_GENERAL)
  33. + if (purpose == CIRCUIT_PURPOSE_C_GENERAL) {
  34. if (circ->timestamp_dirty &&
  35. circ->timestamp_dirty+get_options()->MaxCircuitDirtiness <= now)
  36. return 0;
  37. + /* If the circuit is dirty and used for services on another port,
  38. + then it is not suitable. */
  39. + if (circ->service && conn->socks_request->port &&
  40. + (circ->service != conn->socks_request->port))
  41. + return 0;
  42. + }
  43. /* decide if this circ is suitable for this conn */
  44. @@ -1351,7 +1357,9 @@
  45. if (connection_ap_handshake_send_resolve(conn) < 0)
  46. return -1;
  47. }
  48. -
  49. + if (conn->socks_request->port
  50. + && (TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_C_GENERAL))
  51. + TO_CIRCUIT(circ)->service = conn->socks_request->port;
  52. return 1;
  53. }