[tor-bugs] #3516 [Tor Client]: Implement stream isolation backend logic for proposal 171

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat Jul 2 00:15:39 UTC 2011


#3516: Implement stream isolation backend logic for proposal 171
-------------------------+--------------------------------------------------
 Reporter:  nickm        |          Owner:  nickm             
     Type:  enhancement  |         Status:  accepted          
 Priority:  normal       |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client   |        Version:                    
 Keywords:               |         Parent:  #1865             
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------

Comment(by nickm):

 So, expanding the design, here's an abstract version what I think we need.
 Every listener has:

   * A sessiongroup.  (Any listener without a sessiongroup gets assigned a
 sessiongroup used by no other listener.)
   * A set of 0 or more isolation flags: ClientAddr, DestAddr, DestPort,
 SocksAuth, ClientProtocol.
   * The isolation flag "IsolateSessionGroup" (always on).

 Each client stream has:

   * The following '''fields'''
     * A sessiongroup.
     * A clientaddr.
     * A clientprotocol.
     * A socksauth field.
     * DestAddr, DestPort (streams already have these).
   * A set of 0 or more isolation flags.  For each of these that is set,
 the stream cannot share a circuit with another stream that has the same
 value for the corresponding field.

 Each origin circuit has:

   * The same fields as entry streams have above.  Each of these may also
 take a value "mixed" that is equal to no other value.
   * A set of 0 or more isolation flags.
   * An "unused" flag.

 New circuits have the unused flag set, and no isolation flags set.

 It is ''okay'' to attach a stream to a circuit if the circuit is unused,
 OR if for every flag set on the stream, the corresponding field of the
 stream matches the value of the field on the circuit.

 It is ''better'' to attach stream S to circuit C1 than to attach it to
 circuit C2 if it is okay to attach S to both circuits, and if attaching S
 to C1 would require us to set fewer fields to "mixed".

 To attach a stream S to a circuit C, clear the circuit's unused flag.
 Then set C's isolation flags to the logical OR of their old value and the
 isolation flags of S.  Then, if C has no field set, set its fields to
 match those of S.  Otherwise, C has some fields set: for every field of C
 that is not "mixed" and that is not equal to its value in S, set that
 field to "mixed".


 (Yes, I know how to type ⊥.  I just don't feel like being too mathy here.)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3516#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list