commit 53e4272b65514782d3f9a03afb7bffa8d55769dc Author: Nick Mathewson nickm@torproject.org Date: Sun Aug 20 12:35:26 2017 -0400

Add stream isolation support for HTTP CONNECT tunnels

I'm doing this using the Proxy-Authorization: header to support clients that understand it, and with a new tor-specific header that makes more sense for our use. --- src/or/connection_edge.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 98522218b..8d2b562d8 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2412,7 +2412,20 @@ connection_ap_process_http_connect(entry_connection_t *conn) goto err; }

- /* XXXX Look at headers */ + /* Abuse the 'username' and 'password' fields here. They are already an + * abuse. */ + { + char *authorization = http_get_header(headers, "Proxy-Authorization: "); + if (authorization) { + socks->username = authorization; // steal reference + socks->usernamelen = strlen(authorization); + } + char *isolation = http_get_header(headers, "X-Tor-Stream-Isolation: "); + if (isolation) { + socks->password = isolation; // steal reference + socks->passwordlen = strlen(isolation); + } + }

socks->command = SOCKS_COMMAND_CONNECT; socks->listener_type = CONN_TYPE_AP_HTTP_CONNECT_LISTENER;