public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Tor: improve circuit isolation. By default apps are isolated better, with extra port available for web browsers to keep

Browse Source 
performance as it used to be before this commit.
This commit is contained in:
Evgeny Egorochkin 2013-01-14 07:37:13 +02:00
parent 7e82b41220
commit 0aad75fe70
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/services/security/tor.nix
View File

@ -53,6 +53,14 @@ in
''; '';
}; };
socksListenAddressFaster = mkOption {
default = "127.0.0.1:9063";
description = ''
Same as socksListenAddress but uses weaker circuit isolation to provide
performance suitable for a web browser.
'';
};
socksPolicy = mkOption { socksPolicy = mkOption {
default = ""; default = "";
example = "accept 192.168.0.0/16, reject *"; example = "accept 192.168.0.0/16, reject *";
@ -259,7 +267,8 @@ in
User ${torUser} User ${torUser}
'' ''
+ optionalString cfg.client.enable '' + optionalString cfg.client.enable ''
SOCKSPort ${cfg.client.socksListenAddress} SOCKSPort ${cfg.client.socksListenAddress} IsolateDestAddr
SOCKSPort ${cfg.client.socksListenAddressFaster}
${opt "SocksPolicy" cfg.client.socksPolicy} ${opt "SocksPolicy" cfg.client.socksPolicy}
'' ''
+ optionalString cfg.relay.enable '' + optionalString cfg.relay.enable ''
@ -276,7 +285,7 @@ in
# Generally, this file goes in /etc/privoxy/config # Generally, this file goes in /etc/privoxy/config
# #
# Tor listens as a SOCKS4a proxy here: # Tor listens as a SOCKS4a proxy here:
forward-socks4a / ${cfg.client.socksListenAddress} . forward-socks4a / ${cfg.client.socksListenAddressFaster} .
confdir ${privoxy}/etc confdir ${privoxy}/etc
logdir ${privoxyDir} logdir ${privoxyDir}
# actionsfile standard # Internal purpose, recommended # actionsfile standard # Internal purpose, recommended