UDP over Tor [was Re: blog about tor and skype]
Nick Mathewson
nickm at freehaven.net
Tue Mar 6 21:54:32 UTC 2007
On Tue, Mar 06, 2007 at 02:55:28PM -0500, Roger Dingledine wrote:
> On Tue, Mar 06, 2007 at 08:50:59PM +0100, Juliusz Chroboczek wrote:
> > > The problem is that Skype uses either UDP or TCP, depending on the
> > > situation. If it chooses TCP, Freecap will intercept it
> >
> > Would you agree that Tor should be able to tunnel UDP traffic too?
> > There's a /lot/ of UDP-based applications that it would make sense to
> > tunnel over tor.
>
> One day I'd like to support this, yes. It's hard though:
>
> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TransportIPnotTCP
There's another reason that UDP-over-Tor is nontrivial that isn't
mentioned there.
To get any decent kind of UDP performance, we can't just treat it like
TCP (with reliable in-order delivery). If we want UDP-over-Tor to
work and not suck completely, UDP 'streams' probably need to get
relayed from router to router via a DTLS-over-UDP-based link protocol,
not the current TLS-based one. But if we're doing that, and we don't
want the UDP traffic to be trivially partitioned, we need to change
the way we handle delivery for regular cells. (This would be good for
performance for other reasons: it would stop the property where once
dropped packet on a TLS link stalls all the circuits using that
link.)
Of course, there's no reason somebody couldn't design and implement
the sucky version in the meantime. It would be a bit tricky, but
probably fun. We'd need to add a new stream type, a new set of relay
commands to use it, a separate set of exit policies, and support for
socks5 udp commands. To support UDP messages longer than 500 bytes or
so, we'll need a way to fragment UDP across Tor cells. So, tricky,
but possible. Check out
http://tor.eff.org/svn/trunk/doc/spec/proposals/001-process.txt
if this is something you'd like to work on. ;)
yrs,
--
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070306/e5b35f82/attachment.pgp>
More information about the tor-talk
mailing list