diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-08-20 12:35:26 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-09-05 14:34:09 -0400 |
| commit | 53e4272b65514782d3f9a03afb7bffa8d55769dc (patch) | |
| tree | 64e9e9782ba3929ecbb5aaa4225ce24bc5c4bb10 /src | |
| parent | 4b30ae158175a3a1cbbed4bb418e8ad9be1ba35e (diff) | |
| download | tor-53e4272b65514782d3f9a03afb7bffa8d55769dc.tar.gz tor-53e4272b65514782d3f9a03afb7bffa8d55769dc.zip | |
Add stream isolation support for HTTP CONNECT tunnels
I'm doing this using the Proxy-Authorization: header to support
clients that understand it, and with a new tor-specific header that
makes more sense for our use.
Diffstat (limited to 'src')
| -rw-r--r-- | src/or/connection_edge.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 98522218b1..8d2b562d89 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2412,7 +2412,20 @@ connection_ap_process_http_connect(entry_connection_t *conn) goto err; } - /* XXXX Look at headers */ + /* Abuse the 'username' and 'password' fields here. They are already an + * abuse. */ + { + char *authorization = http_get_header(headers, "Proxy-Authorization: "); + if (authorization) { + socks->username = authorization; // steal reference + socks->usernamelen = strlen(authorization); + } + char *isolation = http_get_header(headers, "X-Tor-Stream-Isolation: "); + if (isolation) { + socks->password = isolation; // steal reference + socks->passwordlen = strlen(isolation); + } + } socks->command = SOCKS_COMMAND_CONNECT; socks->listener_type = CONN_TYPE_AP_HTTP_CONNECT_LISTENER; |