Re: [tor-dev] [tor-talk] Open streams on the fly
 
            The implementation of proposal 171 and subsequent release of tor 0.2.3.25 fills my heart with joy. Yet, as far as I can tell, there is one use case that is not adequately covered. I would like to open and close Streams (TransPort's, DNSPort's and SOCKSPort's) at run-time without interfering with other, existing Streams and Circuits. SETCONF does not work here because it resets all existing streams.
I think tor lacks an isolation flag which specifies to isolate each and every stream, even those going to the same address and port.
I see, tor already implements such a flag, ISO_STREAM. /** Isolate based on destination port */ #define ISO_DESTPORT (1u<<0) /** Isolate based on destination address */ ... /** Isolate all streams (Internal only). */ #define ISO_STREAM (1u<<7) diff --git a/src/or/config.c b/src/or/config.c index 90a5dfb..648bfba 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -5929,6 +5929,8 @@ parse_port_config(smartlist_t *out, isoflag = ISO_CLIENTPROTO; } else if (!strcasecmp(elt, "IsolateClientAddr")) { isoflag = ISO_CLIENTADDR; + } else if (!strcasecmp(elt, "IsolateStream")) { + isoflag = ISO_STREAM; } else { log_warn(LD_CONFIG, "Unrecognized %sPort option '%s'", portname, escaped(elt_orig)); This looks like a reasonable addition to me - an addition that could be backported to 0.2.3.x.
 
            The implementation of proposal 171 and subsequent release of tor 0.2.3.25 fills my heart with joy. Yet, as far as I can tell, there is one use case that is not adequately covered. I would like to open and close Streams (TransPort's, DNSPort's and SOCKSPort's) at run-time without interfering with other, existing Streams and Circuits. SETCONF does not work here because it resets all existing streams.
I think tor lacks an isolation flag which specifies to isolate each and every stream, even those going to the same address and port.
I see, tor already implements such a flag, ISO_STREAM.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 773fccf..6da4147 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -888,6 +888,8 @@ The following options are useful only for clients (that is, if **IsolateDestAddr**;; Don't share circuits with streams targetting a different destination address. + **IsolateDestAddr**;; + Don't share circuits with other streams at all. **SessionGroup=**__INT__;; If no other isolation rules would prevent it, allow streams on this port to share circuits with streams from every other diff --git a/src/or/config.c b/src/or/config.c index 90a5dfb..1dc3d55 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -5919,7 +5919,9 @@ parse_port_config(smartlist_t *out, if (!strcasecmpend(elt, "s")) elt[strlen(elt)-1] = '\0'; /* kill plurals. */ - if (!strcasecmp(elt, "IsolateDestPort")) { + if (!strcasecmp(elt, "IsolateStream")) { + isoflag = ISO_STREAM; + } else if (!strcasecmp(elt, "IsolateDestPort")) { isoflag = ISO_DESTPORT; } else if (!strcasecmp(elt, "IsolateDestAddr")) { isoflag = ISO_DESTADDR; diff --git a/src/or/or.h b/src/or/or.h index 51c23d3..8a21c09 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2868,22 +2868,22 @@ typedef enum invalid_router_usage_t { @{ */ +/** Isolate all streams. */ +#define ISO_STREAM (1u<<0) /** Isolate based on destination port */ -#define ISO_DESTPORT (1u<<0) +#define ISO_DESTPORT (1u<<1) /** Isolate based on destination address */ -#define ISO_DESTADDR (1u<<1) +#define ISO_DESTADDR (1u<<2) /** Isolate based on SOCKS authentication */ -#define ISO_SOCKSAUTH (1u<<2) +#define ISO_SOCKSAUTH (1u<<3) /** Isolate based on client protocol choice */ -#define ISO_CLIENTPROTO (1u<<3) +#define ISO_CLIENTPROTO (1u<<4) /** Isolate based on client address */ -#define ISO_CLIENTADDR (1u<<4) +#define ISO_CLIENTADDR (1u<<5) /** Isolate based on session group (always on). */ -#define ISO_SESSIONGRP (1u<<5) +#define ISO_SESSIONGRP (1u<<6) /** Isolate based on newnym epoch (always on). */ -#define ISO_NYM_EPOCH (1u<<6) -/** Isolate all streams (Internal only). */ -#define ISO_STREAM (1u<<7) +#define ISO_NYM_EPOCH (1u<<7) /**@}*/ /** Default isolation level for ports. */
participants (1)
- 
                 benjaminlincoln@lavabit.com benjaminlincoln@lavabit.com