[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Stream Isolation

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Stream Isolation
From: Traumschule <traumschuleriebau@xxxxxxxxxx>
Date: Sat, 27 Oct 2018 01:09:07 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 26 Oct 2018 19:09:37 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1540595361; bh=K/jFe1o4blOZEIAvZ5olTdyCVYbA2199khZ91csDLo0=; h=Date:From:To:Subject:In-Reply-To:References:From; b=hW2PgeJyvPhgjUKE1XyRwCsMKQBiJj6c6hd+07JWsocf4gwKpm8XHt2G9NKBdOqtQ XVHsnx6jTy9tLe0CnPrC0HxQHAWZDgATy6xUocLNyr9cMOaX0NdjB/Geh/NazuHa0l wmXGn1lrKl41pMA0+YVo9xtH6Iry2NB6PPdup8Yk=
In-reply-to: <CACrtvO=9dn-f1=e2ytQjpCwvxmXKgcxyf4WoHi5Gx0RLRndaVQ@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CACrtvO=9dn-f1=e2ytQjpCwvxmXKgcxyf4WoHi5Gx0RLRndaVQ@mail.gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

without checking the list archive,

On Fri, 26 Oct 2018 16:42:16 +0330
sarpedon montecarlo <sarpedon000@xxxxxxxxx> wrote:

> My problem here, is that I am handling the routing and stream
> attaching all by myself and I can not use the provided
> IsolateSocksStream option because I am handling the circuit
> generation by myself because of the specific policies I am using for
> generating circuits, and their related paths. So if I am facing a
> bunch of streams, and I have a bunch of circuits myself, How am I
> going to detect that Stream A is from tab A of TBB and Stream B is
> from tab B of TBB, so I attach stream A to circuit A, and attach
> stream B to circuit B. Thanks in advance.

It sounds like you looked at the code already, so excuse me if this
doesn't help too much. You could use authentication like here:
http://jqs44zhtxl2uo6gk.onion/torbutton.git/tree/src/components/domain-isolator.js#n128
https://gitweb.torproject.org/torbutton.git/tree/src/components/domain-isolator.js#n128

Stem is another option to control circuits using circuit IDs:
http://vt5hknv6sblkgf22.onion/api/control.html#stem.control.Controller.new_circuit
https://stem.torproject.org/api/control.html#stem.control.Controller.new_circuit

Tails implements stream isolation by using a different SocksPort per
application (the document is slightly outdated, #3455 is fixed already):
https://tails.boum.org/contribute/design/stream_isolation/

More developer info can be found here:
https://kkkkkkkkkk63ava6.onion.si/wiki/Stream_Isolation#Information
https://tor.stackexchange.com/questions/10559/whats-the-best-way-to-isolate-applications-as-they-enter-the-tor-network

Hope that helps!

-- 
traumschule.org

gpg fingerprint:
9356 4DED 8546 8D9A C290  3605 12EE 7D70 7111 2056

/otr info
OTR: traumschule@xxxxxxxxxxxxxxxxx fingerprint:
OTR: 35AACA83 4564616C B6EBEC66 56B6B2FC C8D572F1
OTR: traumschule@xxxxxxxxxxxx fingerprint:
OTR: D1CCD207 B60C1866 56A975AE ACE090E9 45E90846
OTR: traumschule@xxxxxxxxxxxxxxxxx fingerprint:
OTR: 51BF8BB9 434840CC 24F264BC 76450C27 A6AADB12
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] (no subject)
  - From: sarpedon montecarlo

Prev by Author: Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Onion-Location HTTP header
Previous by thread: [tor-dev] (no subject)
Next by thread: [tor-dev] Add EVENT message to pt-spec.txt and control-spec.txt
Index(es):
- Author
- Thread