[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

UDP over Tor [was Re: blog about tor and skype]

On Tue, Mar 06, 2007 at 02:55:28PM -0500, Roger Dingledine wrote:
> On Tue, Mar 06, 2007 at 08:50:59PM +0100, Juliusz Chroboczek wrote:
> > > The problem is that Skype uses either UDP or TCP, depending on the
> > > situation. If it chooses TCP, Freecap will intercept it
> > 
> > Would you agree that Tor should be able to tunnel UDP traffic too?
> > There's a /lot/ of UDP-based applications that it would make sense to
> > tunnel over tor.
> One day I'd like to support this, yes. It's hard though:
> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TransportIPnotTCP

There's another reason that UDP-over-Tor is nontrivial that isn't
mentioned there.

To get any decent kind of UDP performance, we can't just treat it like
TCP (with reliable in-order delivery).  If we want UDP-over-Tor to
work and not suck completely, UDP 'streams' probably need to get
relayed from router to router via a DTLS-over-UDP-based link protocol,
not the current TLS-based one. But if we're doing that, and we don't
want the UDP traffic to be trivially partitioned, we need to change
the way we handle delivery for regular cells.  (This would be good for
performance for other reasons: it would stop the property where once
dropped packet on a TLS link stalls all the circuits using that

Of course, there's no reason somebody couldn't design and implement
the sucky version in the meantime.  It would be a bit tricky, but
probably fun.  We'd need to add a new stream type, a new set of relay
commands to use it, a separate set of exit policies, and support for
socks5 udp commands.  To support UDP messages longer than 500 bytes or
so, we'll need a way to fragment UDP across Tor cells.  So, tricky,
but possible.  Check out
if this is something you'd like to work on. ;)

Nick Mathewson

Attachment: pgpUCoqKld3pF.pgp
Description: PGP signature