diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-07-08 15:54:30 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-07-19 02:02:17 -0400 |
| commit | 8314fa5e5c8d300323589ff97599f8f93b847b78 (patch) | |
| tree | 0d7f0a8e020731f090bbb64ef64b5938bde1b3ce /src/or/connection_edge.c | |
| parent | 424063e3b2b882d72943bda41279bd29a711ec55 (diff) | |
| download | tor-8314fa5e5c8d300323589ff97599f8f93b847b78.tar.gz tor-8314fa5e5c8d300323589ff97599f8f93b847b78.zip | |
Implement sensible isolation for tunneled directory conns
One-hop dirconn streams all share a session group, and get the
ISO_SESSIONGRP flag: they may share circuits with each other and
nothing else.
Anonymized dirconn streams get a new internal-use-only ISO_STREAM
flag: they may not share circuits with anything, including each other.
Diffstat (limited to 'src/or/connection_edge.c')
| -rw-r--r-- | src/or/connection_edge.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index cfa6a3deb9..42f74b7ecc 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2497,7 +2497,9 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn) edge_connection_t * connection_ap_make_link(connection_t *partner, char *address, uint16_t port, - const char *digest, int use_begindir, int want_onehop) + const char *digest, + int session_group, int isolation_flags, + int use_begindir, int want_onehop) { edge_connection_t *conn; @@ -2515,7 +2517,6 @@ connection_ap_make_link(connection_t *partner, conn->socks_request->has_finished = 0; /* waiting for 'connected' */ strlcpy(conn->socks_request->address, address, sizeof(conn->socks_request->address)); - conn->original_dest_address = tor_strdup(address); conn->socks_request->port = port; conn->socks_request->command = SOCKS_COMMAND_CONNECT; conn->want_onehop = want_onehop; @@ -2528,6 +2529,11 @@ connection_ap_make_link(connection_t *partner, digest, DIGEST_LEN); } + /* Populate isolation fields. */ + conn->original_dest_address = tor_strdup(address); + conn->session_group = session_group; + conn->isolation_flags = isolation_flags; + conn->_base.address = tor_strdup("(Tor_internal)"); tor_addr_make_unspec(&conn->_base.addr); conn->_base.port = 0; @@ -3291,6 +3297,9 @@ connection_edge_streams_are_compatible(const edge_connection_t *a, tor_strdup(a->socks_request->address); } + if (iso & ISO_STREAM) + return 0; + if ((iso & ISO_DESTPORT) && a->socks_request->port != b->socks_request->port) return 0; if ((iso & ISO_DESTADDR) && @@ -3350,6 +3359,11 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn, tor_strdup(conn->socks_request->address); } + /* If isolation_values_set, then the circuit is not compatible with + * any new ISO_STREAM stream. */ + if (iso & ISO_STREAM) + return 0; + if ((iso & ISO_DESTPORT) && conn->socks_request->port != circ->dest_port) return 0; if ((iso & ISO_DESTADDR) && |