diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/crypto.c | 3 | ||||
| -rw-r--r-- | src/or/circuituse.c | 11 | ||||
| -rw-r--r-- | src/or/config.c | 11 | ||||
| -rw-r--r-- | src/or/or.h | 7 |
4 files changed, 29 insertions, 3 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 6d4b0d7e16..815c2ec0c5 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2440,7 +2440,8 @@ crypto_rand_uint64_range(uint64_t min, uint64_t max) time_t crypto_rand_time_range(time_t min, time_t max) { - return (time_t) crypto_rand_uint64_range(min, max); + tor_assert(min < max); + return min + (time_t)crypto_rand_uint64(max - min); } /** Return a pseudorandom 64-bit integer, chosen uniformly from the values diff --git a/src/or/circuituse.c b/src/or/circuituse.c index a3b71974ca..00340fd689 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -2284,8 +2284,15 @@ connection_ap_handshake_attach_chosen_circuit(entry_connection_t *conn, base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT; - if (!circ->base_.timestamp_dirty) - circ->base_.timestamp_dirty = time(NULL); + if (!circ->base_.timestamp_dirty || + ((conn->entry_cfg.isolation_flags & ISO_SOCKSAUTH) && + (conn->entry_cfg.socks_iso_keep_alive) && + (conn->socks_request->usernamelen || + conn->socks_request->passwordlen))) { + /* When stream isolation is in use and controlled by an application + * we are willing to keep using the stream. */ + circ->base_.timestamp_dirty = approx_time(); + } pathbias_count_use_attempt(circ); diff --git a/src/or/config.c b/src/or/config.c index 262eeeb153..190e4d4daa 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -6037,6 +6037,7 @@ parse_port_config(smartlist_t *out, int sessiongroup = SESSION_GROUP_UNSET; unsigned isolation = ISO_DEFAULT; int prefer_no_auth = 0; + int socks_iso_keep_alive = 0; char *addrport; uint16_t ptmp=0; @@ -6261,6 +6262,8 @@ parse_port_config(smartlist_t *out, isoflag = ISO_CLIENTPROTO; } else if (!strcasecmp(elt, "IsolateClientAddr")) { isoflag = ISO_CLIENTADDR; + } else if (!strcasecmp(elt, "KeepAliveIsolateSOCKSAuth")) { + socks_iso_keep_alive = ! no; } else { log_warn(LD_CONFIG, "Unrecognized %sPort option '%s'", portname, escaped(elt_orig)); @@ -6291,6 +6294,13 @@ parse_port_config(smartlist_t *out, goto err; } + if (!(isolation & ISO_SOCKSAUTH) && socks_iso_keep_alive) { + log_warn(LD_CONFIG, "You have a %sPort entry with both " + "NoIsolateSOCKSAuth and KeepAliveIsolateSOCKSAuth set.", + portname); + goto err; + } + if (out && port) { size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0; port_cfg_t *cfg = port_cfg_new(namelen); @@ -6324,6 +6334,7 @@ parse_port_config(smartlist_t *out, cfg->entry_cfg.socks_prefer_no_auth = prefer_no_auth; if (! (isolation & ISO_SOCKSAUTH)) cfg->entry_cfg.socks_prefer_no_auth = 1; + cfg->entry_cfg.socks_iso_keep_alive = socks_iso_keep_alive; smartlist_add(out, cfg); } diff --git a/src/or/or.h b/src/or/or.h index 8c40f1ab67..6660a0dcdc 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1155,6 +1155,8 @@ typedef struct entry_port_cfg_t { /** When both no-auth and user/pass are advertised by a SOCKS client, select * no-auth. */ unsigned int socks_prefer_no_auth : 1; + /** When ISO_SOCKSAUTH is in use, Keep-Alive circuits indefinitely. */ + unsigned int socks_iso_keep_alive : 1; /* Client port types only: */ unsigned int ipv4_traffic : 1; @@ -2877,6 +2879,11 @@ typedef struct circuit_t { * circuits entered certain states. This usage probably won't * interfere with this field's primary purpose, but we should * document it more thoroughly to make sure of that. + * + * XXX027 The SocksPort option KeepaliveIsolateSOCKSAuth will artificially + * adjust this value forward each time a suitable stream is attached to an + * already constructed circuit, potentially keeping the circuit alive + * indefinitely. */ time_t timestamp_dirty; |