Implement sensible isolation for tunneled directory conns

One-hop dirconn streams all share a session group, and get the
ISO_SESSIONGRP flag: they may share circuits with each other and
nothing else.

Anonymized dirconn streams get a new internal-use-only ISO_STREAM
flag: they may not share circuits with anything, including each other.

diff --git a/src/or/config.c b/src/or/config.c
index 14acf5934085392f12d549b54dbef044a23d6f4b..86ccb92965fbb478f6deafc6fb181492debba54f 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -4973,7 +4973,7 @@ parse_client_port_config(smartlist_t *out,
        cfg->type = listener_type;
        cfg->port = port ? port : defaultport;
        tor_addr_copy(&cfg->addr, &addr);
-       cfg->session_group = -1;
+       cfg->session_group = SESSION_GROUP_UNSET;
        cfg->isolation_flags = ISO_DEFAULT;
        smartlist_add(out, cfg);
      }
@@ -4992,7 +4992,7 @@ parse_client_port_config(smartlist_t *out,
        cfg->type = listener_type;
        cfg->port = defaultport;
        tor_addr_from_str(&cfg->addr, defaultaddr);
-       cfg->session_group = -1;
+       cfg->session_group = SESSION_GROUP_UNSET;
        cfg->isolation_flags = ISO_DEFAULT;
        smartlist_add(out, cfg);
     }
@@ -5006,7 +5006,7 @@ parse_client_port_config(smartlist_t *out,
   for (; ports; ports = ports->next) {
     tor_addr_t addr;
     int port;
-    int sessiongroup = -1;
+    int sessiongroup = SESSION_GROUP_UNSET;
     unsigned isolation = ISO_DEFAULT;
 
     char *addrport;

diff --git a/src/or/connection.c b/src/or/connection.c
index 5e5abca7aa0be8763f8a359037891fc583509ba4..0fae11e1d40c9d8f182d67a715e6246e84cbb16b 100644 (file)
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -868,7 +868,7 @@ connection_create_listener(const struct sockaddr *listensockaddr,
   tor_socket_t s; /* the socket we're going to make */
   uint16_t usePort = 0, gotPort = 0;
   int start_reading = 0;
-  static int global_next_session_group = -2;
+  static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
 
   if (get_n_open_sockets() >= get_options()->_ConnLimit-1) {
     warn_too_many_conns();

diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index cfa6a3deb9cf423332c6e3dd24c0773ab1d91f43..42f74b7ecc5b0fb96743bcd23556a0941f3b3cae 100644 (file)
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2497,7 +2497,9 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn)
 edge_connection_t *
 connection_ap_make_link(connection_t *partner,
                         char *address, uint16_t port,
-                        const char *digest, int use_begindir, int want_onehop)
+                        const char *digest,
+                        int session_group, int isolation_flags,
+                        int use_begindir, int want_onehop)
 {
   edge_connection_t *conn;
 
@@ -2515,7 +2517,6 @@ connection_ap_make_link(connection_t *partner,
   conn->socks_request->has_finished = 0; /* waiting for 'connected' */
   strlcpy(conn->socks_request->address, address,
           sizeof(conn->socks_request->address));
-  conn->original_dest_address = tor_strdup(address);
   conn->socks_request->port = port;
   conn->socks_request->command = SOCKS_COMMAND_CONNECT;
   conn->want_onehop = want_onehop;
@@ -2528,6 +2529,11 @@ connection_ap_make_link(connection_t *partner,
                   digest, DIGEST_LEN);
   }
 
+  /* Populate isolation fields. */
+  conn->original_dest_address = tor_strdup(address);
+  conn->session_group = session_group;
+  conn->isolation_flags = isolation_flags;
+
   conn->_base.address = tor_strdup("(Tor_internal)");
   tor_addr_make_unspec(&conn->_base.addr);
   conn->_base.port = 0;
@@ -3291,6 +3297,9 @@ connection_edge_streams_are_compatible(const edge_connection_t *a,
       tor_strdup(a->socks_request->address);
   }
 
+  if (iso & ISO_STREAM)
+    return 0;
+
   if ((iso & ISO_DESTPORT) && a->socks_request->port != b->socks_request->port)
     return 0;
   if ((iso & ISO_DESTADDR) &&
@@ -3350,6 +3359,11 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn,
       tor_strdup(conn->socks_request->address);
   }
 
+  /* If isolation_values_set, then the circuit is not compatible with
+   * any new ISO_STREAM stream. */
+  if (iso & ISO_STREAM)
+    return 0;
+
   if ((iso & ISO_DESTPORT) && conn->socks_request->port != circ->dest_port)
     return 0;
   if ((iso & ISO_DESTADDR) &&

diff --git a/src/or/connection_edge.h b/src/or/connection_edge.h
index 8bd308d5bac990ed4dd4d2c37ca3c5bbfda25938..85293a09132d49465e9afe62a8bcda34c8c232b0 100644 (file)
--- a/src/or/connection_edge.h
+++ b/src/or/connection_edge.h
@@ -36,6 +36,8 @@ int connection_ap_handshake_send_resolve(edge_connection_t *ap_conn);
 edge_connection_t  *connection_ap_make_link(connection_t *partner,
                                             char *address, uint16_t port,
                                             const char *digest,
+                                            int session_group,
+                                            int isolation_flags,
                                             int use_begindir, int want_onehop);
 void connection_ap_handshake_socks_reply(edge_connection_t *conn, char *reply,
                                          size_t replylen,

diff --git a/src/or/directory.c b/src/or/directory.c
index 2667f1212f83c0d38a1531e377da482d0315db9a..744bc120fba70a346bc03037f4a5bfb9e8c00751 100644 (file)
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -973,6 +973,10 @@ directory_initiate_command_rend(const char *address, const tor_addr_t *_addr,
     }
   } else { /* we want to connect via a tor connection */
     edge_connection_t *linked_conn;
+    /* Anonymized tunneled connections can never share a circuit.
+     * One-hop directory connections can share circuits with each other
+     * but nothing else. */
+    int iso_flags = anonymized_connection ? ISO_STREAM : ISO_SESSIONGRP;
 
     /* If it's an anonymized connection, remember the fact that we
      * wanted it for later: maybe we'll want it again soon. */
@@ -988,7 +992,9 @@ directory_initiate_command_rend(const char *address, const tor_addr_t *_addr,
     linked_conn =
       connection_ap_make_link(TO_CONN(conn),
                               conn->_base.address, conn->_base.port,
-                              digest, use_begindir, conn->dirconn_direct);
+                              digest,
+                              SESSION_GROUP_DIRCONN, iso_flags,
+                              use_begindir, conn->dirconn_direct);
     if (!linked_conn) {
       log_warn(LD_NET,"Making tunnel to dirserver failed.");
       connection_mark_for_close(TO_CONN(conn));

diff --git a/src/or/or.h b/src/or/or.h
index ace92ce1a7c1c7aeb45e996f0ce17999ffb3ce9c..26e9970209b7666afe38cbbc22150a0afef7d6e5 100644 (file)
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2642,11 +2642,20 @@ typedef enum invalid_router_usage_t {
 #define ISO_SESSIONGRP  (1u<<5)
 /** Isolate based on newnym epoch (always on). */
 #define ISO_NYM_EPOCH   (1u<<6)
+/** Isolate all streams (Internal only). */
+#define ISO_STREAM      (1u<<7)
 /**@}*/
 
 /** Default isolation level for ports. */
 #define ISO_DEFAULT (ISO_CLIENTADDR|ISO_SOCKSAUTH|ISO_SESSIONGRP|ISO_NYM_EPOCH)
 
+/** Indicates that we haven't yet set a session group on a port_cfg_t. */
+#define SESSION_GROUP_UNSET -1
+/** Session group reserved for directory connections */
+#define SESSION_GROUP_DIRCONN -2
+/** First automatically allocated session group number */
+#define SESSION_GROUP_FIRST_AUTO -3
+
 /** Configuration for a single port that we're listening on. */
 typedef struct port_cfg_t {
   tor_addr_t addr; /**< The actual IP to listen on, if !is_unix_addr. */