Suggestion: Many OR-ports would improve the network

Nick Mathewson nickm at freehaven.net
Thu Jun 14 22:21:40 UTC 2007 

On Sat, Jun 09, 2007 at 03:28:09PM +0200, vikingserver at gmail.com wrote:
> Is there a plan for TOR servers to be able to announce several OR-ports
> and DIR-ports?

There sorta is.  It's been a "nice-to-have" for a while, and I think
it's a good idea.  Somebody should specify and implement it.  If
there's a decent spec and patch on an 0.2.0.x timeframe, I'd love to
check it in.

Here's what would need to be in the proposal:

  - Some way to configure which address:port combinations to listen
    on, and/or which to advertise.

    (The best way to support lots of ports is to have your firewall
    route all connections from those ports to Tor: this doesn't need
    anywhere near as many listening sockets.  You only really want to
    listen on tons and tons of ports if your firewalling doesn't
    support this, or you don't have access to your local
    iptables/ipf/whatever.  But if you want to do this with the
    firewall, you need the ability to advertise ports you aren't
    actually listening on.)

  - Some way to advertise in one's router descriptor which
    address:port combinations you're listening on.  For backward
    compatibility this should be a new line, not a change to the
    format of an existing line.

  - Possibly, some way to relay this information in network-status
    documents.

  - Some analysis of the impact on network-status and routerinfo
    size.  My guess is "not much", but if it turns out to be a bit, we
    should look into making the notation concise.

  - What does this imply for self-testing of servers and testing by
    authorities of servers?  What should the authorities do if one
    addr:port works but one doesn't?

  - Some way to pick which addr:port to use when you have a choice of
    more than one addr:port.

  - Some way to avoid having servers open lots and lots of connections
    between them when they get extend cells to the same server on
    different ports.

  - How this all interacts with coderman's ipv6 stuff. :)

Actually, this all looks quite doable.  The above questions need to be
answered, but they don't look terribly tricky to answer.  I bet
somebody could write a proposal on this. :)

peace,
-- 
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20070614/593f38ab/attachment.pgp>

More information about the tor-dev mailing list