Proposal: Separate streams across circuits by destination port or destination host
Mansour Moufid
mansourmoufid at gmail.com
Fri Jul 23 21:18:33 UTC 2010
On Fri, Jul 23, 2010 at 3:09 PM, Linus Nordberg <linus at nordberg.se> wrote:
> 2. >IsolateStreamsByPort will take a list of ports or optionally the
> >keyword 'All' in place of a port list. The use of the keyword 'All'
> >will ensure that all connections attached to streams will be
> >isolated to separate circuits by port number.
>
> Just to make it clear, would a packet sent to hostA:port1 end up
> on the same circuit as one sent to hostB:port1?
If I understand correctly, the answer is yes if IsolateStreamsByHost
is set to 'False' (the proposed default).
> 3. If 2 says yes, would this turn into a no if IsolateStreamsByHost was
> enabled?
Correct. The two options are independent, so if IsolateStreamsByHost
is set to 'True', then it is always true that circuit(hostA:portx) !=
circuit(hostB:porty), regardless of ports x and y (even if x == y).
Now my understanding is that if IsolateStreamsByPort is set to 'All'
and IsolateStreamsByHost is set to 'True', then circuit(h_1, p_1) !=
... != circuit(h_m, p_n) is always true for all permutations of hosts
h in {h_1, ..., h_m} and ports p in {p_1, ..., p_n}.
As the proposal mentions, the number of circuits can grow quickly in
that case (imagine the overhead from Bittorrent), so limiting the
ports list to 22, 80 and such is a good idea, but you might also
consider just turning off IsolateStreamsByHost entirely if certain
limits are reached.
This is an excellent proposal. :)
--
Mansour Moufid
More information about the tor-dev
mailing list