From cfd21c58b538c7f967b41b87619b8147d17bf17d Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 24 Nov 2008 02:08:46 +0000 Subject: [PATCH] don't lose a patch that mwenge wrote to put different destination ports on different streams. one day i will make this into a real proposal, and argue we should put it in. svn:r17380 --- .../ideas/xxx-separate-streams-by-port.txt | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 doc/spec/proposals/ideas/xxx-separate-streams-by-port.txt diff --git a/doc/spec/proposals/ideas/xxx-separate-streams-by-port.txt b/doc/spec/proposals/ideas/xxx-separate-streams-by-port.txt new file mode 100644 index 0000000000..cebde65a9b --- /dev/null +++ b/doc/spec/proposals/ideas/xxx-separate-streams-by-port.txt @@ -0,0 +1,61 @@ +Filename: xxx-separate-streams-by-port.txt +Title: Separate streams across circuits by destination port +Version: $Revision$ +Last-Modified: $Date$ +Author: Robert Hogan +Created: 21-Oct-2008 +Status: Draft + +Here's a patch Robert Hogan wrote to use only one destination port per +circuit. It's based on a wishlist item Roger wrote, to never send AIM +usernames over the same circuit that we're hoping to browse anonymously +through. The remaining open question is: how many extra circuits does this +cause an ordinary user to create? My guess is not very many, but I'm wary +of putting this in until we have some better estimate. On the other hand, +not putting it in means that we have a known security flaw. Hm. + +Index: src/or/or.h +=================================================================== +--- src/or/or.h (revision 17143) ++++ src/or/or.h (working copy) +@@ -1874,6 +1874,7 @@ + + uint8_t state; /**< Current status of this circuit. */ + uint8_t purpose; /**< Why are we creating this circuit? */ ++ uint16_t service; /**< Port conn must have to use this circuit. */ + + /** How many relay data cells can we package (read from edge streams) + * on this circuit before we receive a circuit-level sendme cell asking +Index: src/or/circuituse.c +=================================================================== +--- src/or/circuituse.c (revision 17143) ++++ src/or/circuituse.c (working copy) +@@ -62,10 +62,16 @@ + return 0; + } + +- if (purpose == CIRCUIT_PURPOSE_C_GENERAL) ++ if (purpose == CIRCUIT_PURPOSE_C_GENERAL) { + if (circ->timestamp_dirty && + circ->timestamp_dirty+get_options()->MaxCircuitDirtiness <= now) + return 0; ++ /* If the circuit is dirty and used for services on another port, ++ then it is not suitable. */ ++ if (circ->service && conn->socks_request->port && ++ (circ->service != conn->socks_request->port)) ++ return 0; ++ } + + /* decide if this circ is suitable for this conn */ + +@@ -1351,7 +1357,9 @@ + if (connection_ap_handshake_send_resolve(conn) < 0) + return -1; + } +- ++ if (conn->socks_request->port ++ && (TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_C_GENERAL)) ++ TO_CIRCUIT(circ)->service = conn->socks_request->port; + return 1; + } +