Proposal: Separate streams across circuits by destination port or destination host
robert at roberthogan.net
Sun Sep 26 13:34:27 UTC 2010
On Wednesday 25 August 2010 22:12:28 Robert Hogan wrote:
> - We can achieve some/a lot of the benefits sought by the proposal if we
> isolate streams based on the information provided by the socks request
> itself. The things people have suggested are:
> 1 Socks authentication info (username/pass)
> 2 Socks listener address/port
> 3 Socks protocol
> 4 Socks client IP
> 5 Info in /proc/pid/cmdline garnered from the client's port number
So after more discussion this list now looks like:
1 Socks authentication info (username/pass)
2 Socks listener address/port
3 Socks protocol
4 Socks client IP
5 Destination Port (if it is in the LongLivedPort list)
And the consensus is it should be on by default.
Adding number 5 to the list would allow users to isolate streams by port 80
if they chose to designate it a LongLivedPort. I'm not sure if that means
we should leave it out of the list, if we should defend against 'invalid'
LongLivedPorts, or if it's something we are happy to allow.
I think the list above allows stream isolation on requests over TransPort
and NATDPort - at least to the extent that it will isolate streams on the
basis of 2, 4 and 5 (if applicable).
More information about the tor-dev