[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-dev] Redirecting network traffic to tor
Hi,
I've become interested in one problem stated on tor web pages which deals with
redirecting all traffic to tor (in windows).
Redirecting traffic to tor seems to seek the goal of preventing traffic leaks.
Openvpn does it's tunneling by rerouting all traffic to virtual network device
and by changing dns resolver to the one on the remote tunnel side.
Using openvpn's code, there is one possible way to prevent trafic leaks -
by initializing fake route for all network traffic except for tor's, so only
tor traffic can leave to the network. To try it, I have written simple .so
library, that is linked to openvpn and uses openvpn code to manipulate routes
(and possibly dns settings). Library gets loaded with tor using LD_PRELOAD and
hooks connect and close calls on sockets.
It works in the following way:
1) default route is overriden with fake one
- now no traffic except dns can leave (assuming dns server is default gateway)
2) with each tor's connect, a route is added so traffic is routed through old route
and not fake one, on close call the route is deleted
- now only tor traffic and dns can leave
3) dns is set up to use tor's resolver
- now only tor traffic will leave (assuming dns is properly redirected)
4) local connections fe. from web browser to local privoxy and from local privoxy
to tor socks proxy are working, so this could be in principle used to help user
with web browser gain more safety.
The drawback is that to manipulate routes, one needs admin privileges. But this
shouldn't be a problem - LD_PRELOAD way of doing things was the fastest to try this
out.
Although this is rather crude, it should prevent traffic leaks. What do you think
about this? Could it be to some use? I have already tested all points except number
3), which would need more work, so before it I have to ask for your opinions -
whether this is a waste of time or not. Please let me know.
Roman
PS: sorry for the noise with messages to various lists - i've got somewhat excited
that there is a possibility for me to help with something useful..
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev