Decide on prop171 isolation properties for tunneled dir conns, controller-launched resolves
Proposal 171 specifies the right way to isolate streams that arrive over (socks/trans/natd/dns)port. But there are streams that originate inside Tor. Specifically, these are resolve requests launched by the controller, and tunneled directory connections.
As it stands, we already set some of their isolation fields, but not all. In particular, tunneled directory connections have:
- ClientAddr set to unspec
- DestPort set to the directory port
- DestAddr set to the directory's IP
- ClientProtocol set to (0,0), which matches no client connection
- SocksAuth unset.
- SessionGroup set to 0.
- NymEpoch unset.
- No isolation flags set.
and controller-launched dns connections have:
- ClientAddr unset.
- DestPort unset
- DestAddr set to the thing we'reresolving.
- ClientProtocol set to (0,0), which matches no client connection
- SocksAuth unset.
- SessionGroup set to 0.
- NymEpoch unset.
- No isolation flags set.
Some of these are reasonable; some are not. We need to decide which are which.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information