Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #3541

Closed (moved)
Open
Opened Jul 07, 2011 by Nick Mathewson@nickm🥄

Decide on prop171 isolation properties for tunneled dir conns, controller-launched resolves

Proposal 171 specifies the right way to isolate streams that arrive over (socks/trans/natd/dns)port. But there are streams that originate inside Tor. Specifically, these are resolve requests launched by the controller, and tunneled directory connections.

As it stands, we already set some of their isolation fields, but not all. In particular, tunneled directory connections have:

  • ClientAddr set to unspec
  • DestPort set to the directory port
  • DestAddr set to the directory's IP
  • ClientProtocol set to (0,0), which matches no client connection
  • SocksAuth unset.
  • SessionGroup set to 0.
  • NymEpoch unset.
  • No isolation flags set.

and controller-launched dns connections have:

  • ClientAddr unset.
  • DestPort unset
  • DestAddr set to the thing we'reresolving.
  • ClientProtocol set to (0,0), which matches no client connection
  • SocksAuth unset.
  • SessionGroup set to 0.
  • NymEpoch unset.
  • No isolation flags set.

Some of these are reasonable; some are not. We need to decide which are which.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
Tor: 0.2.3.x-final
Milestone
Tor: 0.2.3.x-final
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#3541