public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tor: restore strong circuit isolation

Browse Source
This commit is contained in:
Evgeny Egorochkin 2014-12-18 07:54:33 +02:00
parent da118cf60b
commit 1fe5314dc5
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nixos/modules/services/security/tor.nix
View File

@ -17,7 +17,8 @@ let
'' ''
# Client connection config # Client connection config
+ optionalString cfg.client.enable '' + optionalString cfg.client.enable ''
SOCKSPort ${cfg.client.socksListenAddress} SOCKSPort ${cfg.client.socksListenAddress} IsolateDestAddr
SOCKSPort ${cfg.client.socksListenAddressFaster}
${opt "SocksPolicy" cfg.client.socksPolicy} ${opt "SocksPolicy" cfg.client.socksPolicy}
'' ''
# Relay config # Relay config
@ -93,10 +94,23 @@ in
example = "192.168.0.1:9100"; example = "192.168.0.1:9100";
description = '' description = ''
Bind to this address to listen for connections from Bind to this address to listen for connections from
Socks-speaking applications. Socks-speaking applications. Provides strong circuit
isolation, separate circuit per IP address.
''; '';
}; };
socksListenAddressFaster = mkOption {
type = types.str;
default = "127.0.0.1:9063";
example = "192.168.0.1:9101";
description = ''
Bind to this address to listen for connections from
Socks-speaking applications. Same as socksListenAddress
but uses weaker circuit isolation to provide performance
suitable for a web browser.
'';
};
socksPolicy = mkOption { socksPolicy = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;