Loading changes/prop171 0 → 100644 +22 −0 Original line number Diff line number Diff line o Major features: - You can now configure Tor so that streams from different applications are isolated on different circuits, to prevent an attacker who sees your streams leaving an exit node from linking your sessions to one another. To do this, choose some way to distinguish the applications -- have them connect to different SocksPorts, or have one of them use SOCKS4 while the other uses SOCKS5, or have them pass different authentication strings to the SOCKS proxy. Then use the new SocksPort syntax to configure the degree of isolation you need. This implements Proposal 171. o Minor features: - There's a new syntax for specifying multiple client ports (such as SOCKSPort, TransPort, DNSPort, NATDPort): you can now just declare multiple ...Port entries with full addr:port syntax on each. The old ...ListenAddress format is still supported, but you can't mix it with the new SOCKSPort syntax. o Code simplifications and refactoring: - Rewrote the listener-selection logic so that parsing which ports we want to listen on is now separate form binding to the ports we want. doc/tor.1.txt +79 −25 Original line number Diff line number Diff line Loading @@ -464,7 +464,7 @@ CLIENT OPTIONS -------------- The following options are useful only for clients (that is, if **SocksPort** is non-zero): **SocksPort**, **TransPort**, **DNSPort**, or **NATDPort** is non-zero): **AllowInvalidNodes** **entry**|**exit**|**middle**|**introduction**|**rendezvous**|**...**:: If some Tor servers are obviously not working right, the directory Loading Loading @@ -682,17 +682,49 @@ The following options are useful only for clients (that is, if the same circuit. Currently, two addresses are "too close" if they lie in the same /16 range. (Default: 1) **SocksPort** __PORT__|**auto**:: Advertise this port to listen for connections from Socks-speaking **SOCKSPort** \['address':]__port__|**auto** [_isolation flags_]:: Open this port to listen for connections from SOCKS-speaking applications. Set this to 0 if you don't want to allow application connections via SOCKS. Set it to "auto" to have Tor pick a port for you. (Default: 9050) **SocksListenAddress** __IP__[:__PORT__]:: you. This directive can be specified multiple times to bind to multiple addresses/ports. (Default: 9050) + + The _isolation flags_ arguments give Tor rules for which streams received on this SOCKSPort are allowed to share circuits with one another. Recognized isolation flags are: **IsolateClientAddr**;; Don't share a circuits with streams from a different client address. (On by default and strongly recommended; you can disable it with **NoIsolateClientAddr**.) **IsolateSOCKSAuth**;; Don't share a circuits with streams for which different SOCKS authentication was provided. (On by default; you can disable it with **NoIsolateSOCKSAuth**.) **IsolateClientProtocol**;; Don't share circuits with streams using a different protocol. (SOCKS 4, SOCKS 5, TransPort connections, NATDPort connections, and DNSPort requests are all considered to be different protocols.) **IsolateDestPort**;; Don't share a circuits with streams targetting a different destination port. **IsolateDestAddr**;; Don't share a circuits with streams targetting a different destination address. **SessionGroup=**__INT__;; If no other isolation rules would prevent it, allow streams on this port to share circuits with streams from every other port with the same session group. (By default, streams received on different ports are always isolated from one another.) **SOCKSListenAddress** __IP__[:__PORT__]:: Bind to this address to listen for connections from Socks-speaking applications. (Default: 127.0.0.1) You can also specify a port (e.g. 192.168.0.1:9100). This directive can be specified multiple times to bind to multiple addresses/ports. to multiple addresses/ports. (DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple SOCKSPort entries, and provide addresses for SOCKSPort entries, so SOCKSListenAddress no longer has a purpose. For backward compatibility, SOCKSListenAddress is only allowed when SOCKSPort is just a port number.) **SocksPolicy** __policy__,__policy__,__...__:: Set an entrance policy for this server, to limit who can connect to the Loading Loading @@ -795,28 +827,44 @@ The following options are useful only for clients (that is, if operating as a relay, and it will never use the public key step if it doesn't yet know the onion key of the first hop. (Default: 1) **TransPort** __PORT__|**auto**:: If non-zero, enables transparent proxy support on __PORT__ (by convention, 9040). Requires OS support for transparent proxies, such as BSDs' pf or **TransPort** \['address':]__port__|**auto** [_isolation flags_]:: Open this port to listen for transparent proxy connections. Set this to 0 if you don't want to allow transparent proxy connections. Set the port to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. See SOCKSPort for an explanation of isolation flags. + + TransPort requires OS support for transparent proxies, such as BSDs' pf or Linux's IPTables. If you're planning to use Tor as a transparent proxy for a network, you'll want to examine and change VirtualAddrNetwork from the default setting. You'll also want to set the TransListenAddress option for the network you'd like to proxy. Set it to "auto" to have Tor pick a port for you. (Default: 0). the network you'd like to proxy. (Default: 0). **TransListenAddress** __IP__[:__PORT__]:: Bind to this address to listen for transparent proxy connections. (Default: 127.0.0.1). This is useful for exporting a transparent proxy server to an entire network. **NATDPort** __PORT__|**auto**:: Allow old versions of ipfw (as included in old versions of FreeBSD, etc.) to send connections through Tor using the NATD protocol. This option is only for people who cannot use TransPort. Set it to "auto" to have Tor pick a port for you. (Default: 0) entire network. (DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple TransPort entries, and provide addresses for TransPort entries, so TransListenAddress no longer has a purpose. For backward compatibility, TransListenAddress is only allowed when TransPort is just a port number.) **NATDPort** \['address':]__port__|**auto** [_isolation flags_]:: Open this port to listen for connections from old versions of ipfw (as included in old versions of FreeBSD, etc) using the NATD protocol. Use 0 if you don't want to allow NATD connections. Set the port to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. See SOCKSPort for an explanation of isolation flags. + + This option is only for people who cannot use TransPort. (Default: 0) **NATDListenAddress** __IP__[:__PORT__]:: Bind to this address to listen for NATD connections. (Default: 127.0.0.1). Bind to this address to listen for NATD connections. (DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple NATDPort entries, and provide addresses for NATDPort entries, so NATDListenAddress no longer has a purpose. For backward compatibility, NATDListenAddress is only allowed when NATDPort is just a port number.) **AutomapHostsOnResolve** **0**|**1**:: When this option is enabled, and we get a request to resolve an address Loading @@ -829,13 +877,19 @@ The following options are useful only for clients (that is, if A comma-separated list of suffixes to use with **AutomapHostsOnResolve**. The "." suffix is equivalent to "all addresses." (Default: .exit,.onion). **DNSPort** __PORT__|**auto**:: If non-zero, Tor listens for UDP DNS requests on this port and resolves them anonymously. Set it to "auto" to have Tor pick a port for you. (Default: 0). **DNSPort** \['address':]__port__|**auto** [_isolation flags_]:: If non-zero, open this port to listen for UDP DNS requests, and resolve them anonymously. Set the port to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. See SOCKSPort for an explanation of isolation flags. (Default: 0). **DNSListenAddress** __IP__[:__PORT__]:: Bind to this address to listen for DNS connections. (Default: 127.0.0.1). Bind to this address to listen for DNS connections. (DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple DNSPort entries, and provide addresses for DNSPort entries, so DNSListenAddress no longer has a purpose. For backward compatibility, DNSListenAddress is only allowed when DNSPort is just a port number.) **ClientDNSRejectInternalAddresses** **0**|**1**:: If true, Tor does not believe any anonymously retrieved DNS answer that Loading src/common/util.c +43 −0 Original line number Diff line number Diff line Loading @@ -412,6 +412,32 @@ round_uint64_to_next_multiple_of(uint64_t number, uint64_t divisor) return number; } /** Return the number of bits set in <b>v</b>. */ int n_bits_set_u8(uint8_t v) { static const int nybble_table[] = { 0, /* 0000 */ 1, /* 0001 */ 1, /* 0010 */ 2, /* 0011 */ 1, /* 0100 */ 2, /* 0101 */ 2, /* 0110 */ 3, /* 0111 */ 1, /* 1000 */ 2, /* 1001 */ 2, /* 1010 */ 3, /* 1011 */ 2, /* 1100 */ 3, /* 1101 */ 3, /* 1110 */ 4, /* 1111 */ }; return nybble_table[v & 15] + nybble_table[v>>4]; } /* ===== * String manipulation * ===== */ Loading Loading @@ -495,6 +521,23 @@ tor_strisnonupper(const char *s) return 1; } /** As strcmp, except that either string may be NULL. The NULL string is * considered to be before any non-NULL string. */ int strcmp_opt(const char *s1, const char *s2) { if (!s1) { if (!s2) return 0; else return -1; } else if (!s2) { return 1; } else { return strcmp(s1, s2); } } /** Compares the first strlen(s2) characters of s1 with s2. Returns as for * strcmp. */ Loading src/common/util.h +2 −0 Original line number Diff line number Diff line Loading @@ -160,6 +160,7 @@ uint64_t round_to_power_of_2(uint64_t u64); unsigned round_to_next_multiple_of(unsigned number, unsigned divisor); uint32_t round_uint32_to_next_multiple_of(uint32_t number, uint32_t divisor); uint64_t round_uint64_to_next_multiple_of(uint64_t number, uint64_t divisor); int n_bits_set_u8(uint8_t v); /* Compute the CEIL of <b>a</b> divided by <b>b</b>, for nonnegative <b>a</b> * and positive <b>b</b>. Works on integer types only. Not defined if a+b can Loading @@ -174,6 +175,7 @@ void tor_strlower(char *s) ATTR_NONNULL((1)); void tor_strupper(char *s) ATTR_NONNULL((1)); int tor_strisprint(const char *s) ATTR_PURE ATTR_NONNULL((1)); int tor_strisnonupper(const char *s) ATTR_PURE ATTR_NONNULL((1)); int strcmp_opt(const char *s1, const char *s2) ATTR_PURE; int strcmpstart(const char *s1, const char *s2) ATTR_PURE ATTR_NONNULL((1,2)); int strcmp_len(const char *s1, const char *s2, size_t len) ATTR_PURE ATTR_NONNULL((1,2)); Loading src/or/circuitlist.c +4 −0 Original line number Diff line number Diff line Loading @@ -550,6 +550,10 @@ circuit_free(circuit_t *circ) crypto_free_pk_env(ocirc->intro_key); rend_data_free(ocirc->rend_data); tor_free(ocirc->dest_address); tor_free(ocirc->socks_username); tor_free(ocirc->socks_password); } else { or_circuit_t *ocirc = TO_OR_CIRCUIT(circ); /* Remember cell statistics for this circuit before deallocating. */ Loading Loading
changes/prop171 0 → 100644 +22 −0 Original line number Diff line number Diff line o Major features: - You can now configure Tor so that streams from different applications are isolated on different circuits, to prevent an attacker who sees your streams leaving an exit node from linking your sessions to one another. To do this, choose some way to distinguish the applications -- have them connect to different SocksPorts, or have one of them use SOCKS4 while the other uses SOCKS5, or have them pass different authentication strings to the SOCKS proxy. Then use the new SocksPort syntax to configure the degree of isolation you need. This implements Proposal 171. o Minor features: - There's a new syntax for specifying multiple client ports (such as SOCKSPort, TransPort, DNSPort, NATDPort): you can now just declare multiple ...Port entries with full addr:port syntax on each. The old ...ListenAddress format is still supported, but you can't mix it with the new SOCKSPort syntax. o Code simplifications and refactoring: - Rewrote the listener-selection logic so that parsing which ports we want to listen on is now separate form binding to the ports we want.
doc/tor.1.txt +79 −25 Original line number Diff line number Diff line Loading @@ -464,7 +464,7 @@ CLIENT OPTIONS -------------- The following options are useful only for clients (that is, if **SocksPort** is non-zero): **SocksPort**, **TransPort**, **DNSPort**, or **NATDPort** is non-zero): **AllowInvalidNodes** **entry**|**exit**|**middle**|**introduction**|**rendezvous**|**...**:: If some Tor servers are obviously not working right, the directory Loading Loading @@ -682,17 +682,49 @@ The following options are useful only for clients (that is, if the same circuit. Currently, two addresses are "too close" if they lie in the same /16 range. (Default: 1) **SocksPort** __PORT__|**auto**:: Advertise this port to listen for connections from Socks-speaking **SOCKSPort** \['address':]__port__|**auto** [_isolation flags_]:: Open this port to listen for connections from SOCKS-speaking applications. Set this to 0 if you don't want to allow application connections via SOCKS. Set it to "auto" to have Tor pick a port for you. (Default: 9050) **SocksListenAddress** __IP__[:__PORT__]:: you. This directive can be specified multiple times to bind to multiple addresses/ports. (Default: 9050) + + The _isolation flags_ arguments give Tor rules for which streams received on this SOCKSPort are allowed to share circuits with one another. Recognized isolation flags are: **IsolateClientAddr**;; Don't share a circuits with streams from a different client address. (On by default and strongly recommended; you can disable it with **NoIsolateClientAddr**.) **IsolateSOCKSAuth**;; Don't share a circuits with streams for which different SOCKS authentication was provided. (On by default; you can disable it with **NoIsolateSOCKSAuth**.) **IsolateClientProtocol**;; Don't share circuits with streams using a different protocol. (SOCKS 4, SOCKS 5, TransPort connections, NATDPort connections, and DNSPort requests are all considered to be different protocols.) **IsolateDestPort**;; Don't share a circuits with streams targetting a different destination port. **IsolateDestAddr**;; Don't share a circuits with streams targetting a different destination address. **SessionGroup=**__INT__;; If no other isolation rules would prevent it, allow streams on this port to share circuits with streams from every other port with the same session group. (By default, streams received on different ports are always isolated from one another.) **SOCKSListenAddress** __IP__[:__PORT__]:: Bind to this address to listen for connections from Socks-speaking applications. (Default: 127.0.0.1) You can also specify a port (e.g. 192.168.0.1:9100). This directive can be specified multiple times to bind to multiple addresses/ports. to multiple addresses/ports. (DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple SOCKSPort entries, and provide addresses for SOCKSPort entries, so SOCKSListenAddress no longer has a purpose. For backward compatibility, SOCKSListenAddress is only allowed when SOCKSPort is just a port number.) **SocksPolicy** __policy__,__policy__,__...__:: Set an entrance policy for this server, to limit who can connect to the Loading Loading @@ -795,28 +827,44 @@ The following options are useful only for clients (that is, if operating as a relay, and it will never use the public key step if it doesn't yet know the onion key of the first hop. (Default: 1) **TransPort** __PORT__|**auto**:: If non-zero, enables transparent proxy support on __PORT__ (by convention, 9040). Requires OS support for transparent proxies, such as BSDs' pf or **TransPort** \['address':]__port__|**auto** [_isolation flags_]:: Open this port to listen for transparent proxy connections. Set this to 0 if you don't want to allow transparent proxy connections. Set the port to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. See SOCKSPort for an explanation of isolation flags. + + TransPort requires OS support for transparent proxies, such as BSDs' pf or Linux's IPTables. If you're planning to use Tor as a transparent proxy for a network, you'll want to examine and change VirtualAddrNetwork from the default setting. You'll also want to set the TransListenAddress option for the network you'd like to proxy. Set it to "auto" to have Tor pick a port for you. (Default: 0). the network you'd like to proxy. (Default: 0). **TransListenAddress** __IP__[:__PORT__]:: Bind to this address to listen for transparent proxy connections. (Default: 127.0.0.1). This is useful for exporting a transparent proxy server to an entire network. **NATDPort** __PORT__|**auto**:: Allow old versions of ipfw (as included in old versions of FreeBSD, etc.) to send connections through Tor using the NATD protocol. This option is only for people who cannot use TransPort. Set it to "auto" to have Tor pick a port for you. (Default: 0) entire network. (DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple TransPort entries, and provide addresses for TransPort entries, so TransListenAddress no longer has a purpose. For backward compatibility, TransListenAddress is only allowed when TransPort is just a port number.) **NATDPort** \['address':]__port__|**auto** [_isolation flags_]:: Open this port to listen for connections from old versions of ipfw (as included in old versions of FreeBSD, etc) using the NATD protocol. Use 0 if you don't want to allow NATD connections. Set the port to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. See SOCKSPort for an explanation of isolation flags. + + This option is only for people who cannot use TransPort. (Default: 0) **NATDListenAddress** __IP__[:__PORT__]:: Bind to this address to listen for NATD connections. (Default: 127.0.0.1). Bind to this address to listen for NATD connections. (DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple NATDPort entries, and provide addresses for NATDPort entries, so NATDListenAddress no longer has a purpose. For backward compatibility, NATDListenAddress is only allowed when NATDPort is just a port number.) **AutomapHostsOnResolve** **0**|**1**:: When this option is enabled, and we get a request to resolve an address Loading @@ -829,13 +877,19 @@ The following options are useful only for clients (that is, if A comma-separated list of suffixes to use with **AutomapHostsOnResolve**. The "." suffix is equivalent to "all addresses." (Default: .exit,.onion). **DNSPort** __PORT__|**auto**:: If non-zero, Tor listens for UDP DNS requests on this port and resolves them anonymously. Set it to "auto" to have Tor pick a port for you. (Default: 0). **DNSPort** \['address':]__port__|**auto** [_isolation flags_]:: If non-zero, open this port to listen for UDP DNS requests, and resolve them anonymously. Set the port to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. See SOCKSPort for an explanation of isolation flags. (Default: 0). **DNSListenAddress** __IP__[:__PORT__]:: Bind to this address to listen for DNS connections. (Default: 127.0.0.1). Bind to this address to listen for DNS connections. (DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple DNSPort entries, and provide addresses for DNSPort entries, so DNSListenAddress no longer has a purpose. For backward compatibility, DNSListenAddress is only allowed when DNSPort is just a port number.) **ClientDNSRejectInternalAddresses** **0**|**1**:: If true, Tor does not believe any anonymously retrieved DNS answer that Loading
src/common/util.c +43 −0 Original line number Diff line number Diff line Loading @@ -412,6 +412,32 @@ round_uint64_to_next_multiple_of(uint64_t number, uint64_t divisor) return number; } /** Return the number of bits set in <b>v</b>. */ int n_bits_set_u8(uint8_t v) { static const int nybble_table[] = { 0, /* 0000 */ 1, /* 0001 */ 1, /* 0010 */ 2, /* 0011 */ 1, /* 0100 */ 2, /* 0101 */ 2, /* 0110 */ 3, /* 0111 */ 1, /* 1000 */ 2, /* 1001 */ 2, /* 1010 */ 3, /* 1011 */ 2, /* 1100 */ 3, /* 1101 */ 3, /* 1110 */ 4, /* 1111 */ }; return nybble_table[v & 15] + nybble_table[v>>4]; } /* ===== * String manipulation * ===== */ Loading Loading @@ -495,6 +521,23 @@ tor_strisnonupper(const char *s) return 1; } /** As strcmp, except that either string may be NULL. The NULL string is * considered to be before any non-NULL string. */ int strcmp_opt(const char *s1, const char *s2) { if (!s1) { if (!s2) return 0; else return -1; } else if (!s2) { return 1; } else { return strcmp(s1, s2); } } /** Compares the first strlen(s2) characters of s1 with s2. Returns as for * strcmp. */ Loading
src/common/util.h +2 −0 Original line number Diff line number Diff line Loading @@ -160,6 +160,7 @@ uint64_t round_to_power_of_2(uint64_t u64); unsigned round_to_next_multiple_of(unsigned number, unsigned divisor); uint32_t round_uint32_to_next_multiple_of(uint32_t number, uint32_t divisor); uint64_t round_uint64_to_next_multiple_of(uint64_t number, uint64_t divisor); int n_bits_set_u8(uint8_t v); /* Compute the CEIL of <b>a</b> divided by <b>b</b>, for nonnegative <b>a</b> * and positive <b>b</b>. Works on integer types only. Not defined if a+b can Loading @@ -174,6 +175,7 @@ void tor_strlower(char *s) ATTR_NONNULL((1)); void tor_strupper(char *s) ATTR_NONNULL((1)); int tor_strisprint(const char *s) ATTR_PURE ATTR_NONNULL((1)); int tor_strisnonupper(const char *s) ATTR_PURE ATTR_NONNULL((1)); int strcmp_opt(const char *s1, const char *s2) ATTR_PURE; int strcmpstart(const char *s1, const char *s2) ATTR_PURE ATTR_NONNULL((1,2)); int strcmp_len(const char *s1, const char *s2, size_t len) ATTR_PURE ATTR_NONNULL((1,2)); Loading
src/or/circuitlist.c +4 −0 Original line number Diff line number Diff line Loading @@ -550,6 +550,10 @@ circuit_free(circuit_t *circ) crypto_free_pk_env(ocirc->intro_key); rend_data_free(ocirc->rend_data); tor_free(ocirc->dest_address); tor_free(ocirc->socks_username); tor_free(ocirc->socks_password); } else { or_circuit_t *ocirc = TO_OR_CIRCUIT(circ); /* Remember cell statistics for this circuit before deallocating. */ Loading
