Add support for refreshing circuits ("new identity") (!84) · Merge requests · The Tor Project / Core / onionmasq

eta requested to merge eta/new-identity into main Jun 21, 2023

This commit adds support for the equivalent of Tor Browser's "new identity" button, both globally and per-app.
Calling refreshCircuits() from Java will terminate all currently open TCP sockets, and cause new TCP connections to go over freshly established circuits.
- A refreshCircuitsForApp() method allows this process to be restricted to just one app UID.
Under the hood, this uses a new "command stream" scaffolding API: a TunnelScaffolding can return a Stream of TunnelCommands that lets the scaffolding asynchronously request a circuit refresh.
- This mechanism can trivially be extended to other kinds of asynchronous request, too.
- Stopping the proxy can now be achieved by just dropping the command stream (if there is one), which we make use of.
Note that we currently don't get any confirmation back from the proxy about this being successful, although arguably this isn't really needed.
- The Java API will now throw a new exception, ProxyStoppedException, if this command or the stop command fails to execute because the proxy is stopped.
- This helps guard against a poorly programmed application getting out of sync and giving a false sense of security to the user.
A new floating action button in the sample app lets you test out this functionality globally.
- I couldn't test the per-app version yet, because that requires more Android knowledge than I currently have!

Add support for refreshing circuits ("new identity")