[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #3541 [Tor Client]: Decide on prop171 isolation properties for tunneled dir conns, controller-launched resolves
#3541: Decide on prop171 isolation properties for tunneled dir conns, controller-
launched resolves
------------------------+---------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version:
Keywords: | Parent: #1865
Points: | Actualpoints:
------------------------+---------------------------------------------------
Proposal 171 specifies the right way to isolate streams that arrive over
(socks/trans/natd/dns)port. But there are streams that originate inside
Tor. Specifically, these are resolve requests launched by the controller,
and tunneled directory connections.
As it stands, we already set '''some''' of their isolation fields, but not
all. In particular, tunneled directory connections have:
* ClientAddr set to unspec
* DestPort set to the directory port
* DestAddr set to the directory's IP
* ClientProtocol set to (0,0), which matches no client connection
* SocksAuth unset.
* SessionGroup set to 0.
* NymEpoch unset.
* No isolation flags set.
and controller-launched dns connections have:
* ClientAddr unset.
* DestPort unset
* DestAddr set to the thing we'reresolving.
* ClientProtocol set to (0,0), which matches no client connection
* SocksAuth unset.
* SessionGroup set to 0.
* NymEpoch unset.
* No isolation flags set.
Some of these are reasonable; some are not. We need to decide which are
which.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3541>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs