mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-12-01 08:03:31 +01:00
773bfaf91e
This is the meat of proposal 171: we change circuit_is_acceptable() to require that the connection is compatible with every connection that has been linked to the circuit; we update circuit_is_better to prefer attaching streams to circuits in the way that decreases the circuits' usefulness the least; and we update link_apconn_to_circ() to do the appropriate bookkeeping.
23 lines
1.2 KiB
Plaintext
23 lines
1.2 KiB
Plaintext
o Major features:
|
|
- You can now configure Tor so that streams from different
|
|
applications are isolated on different circuits, to prevent an
|
|
attacker who sees your streams leaving an exit node from linking
|
|
your sessions to one another. To do this, choose some way to
|
|
distinguish the applications -- have them connect to different
|
|
SocksPorts, or have one of them use SOCKS4 while the other uses
|
|
SOCKS5, or have them pass different authentication strings to
|
|
the SOCKS proxy. Then use the new SocksPort syntax to configure
|
|
the degree of isolation you need. This implements Proposal 171.
|
|
|
|
o Minor features:
|
|
- There's a new syntax for specifying multiple client ports (such as
|
|
SOCKSPort, TransPort, DNSPort, NATDPort): you can now just declare
|
|
multiple ...Port entries with full addr:port syntax on each.
|
|
The old ...ListenAddress format is still supported, but you can't
|
|
mix it with the new SOCKSPort syntax.
|
|
|
|
o Code simplifications and refactoring:
|
|
- Rewrote the listener-selection logic so that parsing which ports
|
|
we want to listen on is now separate form binding to the ports
|
|
we want.
|