[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15482 [Tor]: Don't surprise users with new circuits in the middle of browsing



#15482: Don't surprise users with new circuits in the middle of browsing
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  mikeperry
  mikeperry              |     Status:  needs_review
         Type:           |  Milestone:  Tor: 0.2.7.x-final
  enhancement            |    Version:
     Priority:  normal   |   Keywords:  tbb-usability, tbb-4.5-alpha,
    Component:  Tor      |  MikePerry201503, tbb-wants,
   Resolution:           |  TorBrowserTeam201504
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------
Changes (by mikeperry):

 * status:  new => needs_review


Comment:

 I now have a proper git branch with something resembling what I'd like to
 have for TBB 4.5 and beyond:
 https://gitweb.torproject.org/mikeperry/tor.git/commit/?h=bug15482

 I decided to create a SocksAuthCircuitRenewPeriod torrc option that
 governs how long we extend the lifetime of socksauth-isolated circuits
 each time a new stream arrives on them. I set the default value to 1 hour.

 I also added code in circuit_is_acceptable() to allow us to keep using a
 circuit with SOCKS u+p auth even if it was otherwise too dirty. I did this
 because when we enable HTTP/2 (#14952), we'll have super-long-lived
 connections that may actually exceed even the 1 hour circuit lifetime
 extension. To preserve our circuit UI and isolation model, we'll want to
 keep using the same circuit for new connections with the same auth in this
 case.

 Because the circuit_detach_stream() hack makes it easier to differentiate
 TBB users (since it removes any possibility of a circuit closing
 immediately after RELAY_END), I placed that in its own commit. I don't
 think I'll actually use this commit in 4.5, though I do think it will
 improve behavior once HTTP/2 is enabled.

 Along the way, I noticed that circuit_is_better() has a serious bug where
 the circuit purpose value was actually being obtained incorrectly, causing
 the majority of that function body to be skipped, so I fixed that. When
 this is fixed, we also need to ensure that we actually keep using SOCKS
 auth circuits if a stream arrives with that same SOCKS auth, otherwise
 we'll actually increase circuit churn.

 I'm going to let that branch run on my TBB through the weekend and keep an
 eye on the loglines, and  if it still seems good to me by Monday, I'll
 probably apply everything but the circuit_detach_stream() commit to the
 4.5-stable release.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15482#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs