[tor-bugs] #4100 [Tor Browser]: Isolate SPDY and HTTP Keep-Alive to top-level domain

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 14 11:25:40 UTC 2015 

#4100: Isolate SPDY and HTTP Keep-Alive to top-level domain
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  gk
  mikeperry              |     Status:  needs_review
         Type:           |  Milestone:  TorBrowserBundle 2.3.x-stable
  enhancement            |    Version:
     Priority:  major    |   Keywords:  tbb-linkability, tbb-firefox-patch,
    Component:  Tor      |  tbb-4.5-alpha, tbb-usability-website,
  Browser                |  TorBrowserTeam201504, MikePerry201504R
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------
Changes (by gk):

 * status:  assigned => needs_review


Comment:

 The SOCKS username (which is the URL bar domain) and the password go into
 the hash key that is crucial when deciding if a connection should be
 reused or not (see `nsHttpConnectionInfo::SetOriginServer()`). If the
 network is hit then this connection information is used for setting up the
 corresponding transaction. When the transaction is processed (in
 `nsHttpConnectionMgr::ProcessNewTransaction()`)
 `GetOrCreateConnectionEntry()` is checking whether there is already a
 connection entry pointed to by the hash key available. This is not the
 case if the resource to be loaded (as in my examples above) is bound to a
 different URL bar domain, i.e. the request is using a different SOCKS
 username/password. A new connection entry is created but there are no idle
 connections yet. Thus, the check in `TryToDispatch()` finding an idle
 connection with a proper connection entry to which to attaching the
 transaction to fails. This means keep-alive is isolated to the URL bar
 domain. (there is no problem either with speculative connections found
 while looking in the half open list btw as they are hashkey dependent as
 well).

 bug_4100 in my tor-browser repo has two commits fixing this bug wrt to the
 keep-alive isolation. As we have SPDY disabled investigating this for 4.5
 is not urgent and I think we should do that together with auditing HTTP/2
 (#14952) as the keep-alive mechanisms in both protocols should not be much
 different.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4100#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list