Domů Procházet Nápověda
Přihlásit se
sengler
/
tor-parallel-relay-conn
1
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: d395135e2f
Větve Značky
tor-parallel...
/
doc
/
spec
/
proposals
/
118-multiple-orports.txt

118-multiple-orports.txt 2.8 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. Filename: 118-multiple-orports.txt
    2. 

  2. Title: Advertising multiple ORPorts at once
    3. 

  3. Version: $Revision$
    4. 

  4. Last-Modified: $Date$
    5. 

  5. Author: Nick Mathewson
    6. 

  6. Created: 09-Jul-2007
    7. 

  7. Status: Draft
    8. 

  8. 

  9. Some notes follow. Please feel free to flesh them out, discard them,
    10. 

  10. add in better ideas, etc.
    11. 

  11. 

  12.   - Some way to configure which address:port combinations to listen
    13. 

  13.     on, and/or which to advertise.
    14. 

  14. 

  15.     (The best way to support lots of ports is to have your firewall
    16. 

  16.     route all connections from those ports to Tor: this doesn't need
    17. 

  17.     anywhere near as many listening sockets.  You only really want to
    18. 

  18.     listen on tons and tons of ports if your firewalling doesn't
    19. 

  19.     support this, or you don't have access to your local
    20. 

  20.     iptables/ipf/whatever.  But if you want to do this with the
    21. 

  21.     firewall, you need the ability to advertise ports you aren't
    22. 

  22.     actually listening on.)
    23. 

  23. 

  24.     (Cat would also like to see some discussion of the effect this
    25. 

  25.     is likely to have in environments that need to ban or limit Tor.
    26. 

  26.     "Speaking only for myself, in an environment where I need to keep
    27. 

  27.     a lid on Tor usage, having to chase port settings around makes it
    28. 

  28.     more likely that I'm going to move from limiting Tor to just plain
    29. 

  29.     banning it.")
    30. 

  30. 

  31.   - Some way to advertise in one's router descriptor which
    32. 

  32.     address:port combinations you're listening on.  For backward
    33. 

  33.     compatibility this should be a new line, not a change to the
    34. 

  34.     format of an existing line.
    35. 

  35. 

  36.   - Possibly, some way to relay this information in network-status
    37. 

  37.     documents.
    38. 

  38. 

  39.   - Some analysis of the impact on network-status and routerinfo
    40. 

  40.     size.  My guess is "not much", but if it turns out to be a bit, we
    41. 

  41.     should look into making the notation concise.
    42. 

  42. 

  43.   - What does this imply for self-testing of servers and testing by
    44. 

  44.     authorities of servers?  What should the authorities do if one
    45. 

  45.     addr:port works but one doesn't?
    46. 

  46. 

  47.   - Some way to pick which addr:port to use when you have a choice of
    48. 

  48.     more than one addr:port.
    49. 

  49. 

  50.   - Some way to avoid having servers open lots and lots of connections
    51. 

  51.     between them when they get extend cells to the same server on
    52. 

  52.     different ports.
    53. 

  53. 

  54.     - Suggested rule:
    55. 

  55.       - If we're told to extend to IP:Port:ID, and we have a connection
    56. 

  56.         to some server with ID, and we have confirmed that the server
    57. 

  57.         likes the address we originally used when connecting to it (via
    58. 

  58.         means in proposal 105), then use the existing connection.
    59. 

  59.       - If we're told to extend to IP:Port:ID, and we have a descriptor
    60. 

  60.         for the ID, and we have a connection to some server with ID,
    61. 

  61.         and the existing connection is to an address listed as valid
    62. 

  62.         in the descriptor, then use the existing connection.
    63. 

  63.       - Otherwise, use a new connection.
    64. 

  64. 

  65.   - How this all interacts with coderman's ipv6 stuff (proposal 117).
    66. 

  66.