[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Putting onion services behind a third-party TCP proxy

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Putting onion services behind a third-party TCP proxy
From: teor <teor@xxxxxxxxxx>
Date: Tue, 20 Aug 2019 15:59:36 +1000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 20 Aug 2019 01:59:56 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1566280781; bh=WZgwMjjcP7WA7U5BQjC/TuSzuTo62pIU/fiIDAhxPBU=; h=From:Date:Subject:References:In-Reply-To:To:From; b=n99ThzEZ/GsgGoZfUS8VF0Luw8cjI5VI/0/nTnb+Et/zNTx5VdzXQfrlWXFJDCCkr AtGbazDsBGwplrWNdQG4GVihtxShmKI99uAlsdJ0g4C5MURLC5RPdI9DHsdL+ryJm2 QEux5OiSr4FEbs6k4lsbIZ4Zgu1STZdS8D28dIYM=
In-reply-to: <CAMM-YAN1EKbLZ5SToeM6MDyKzAJGL1qrYSCZMyQsAcJ211WeZA@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAMM-YAP9kQoo6DQWC3F-68ieEXF8ihRf7UuOEGnF5pnfUQL8hg@mail.gmail.com> <4CE150D3-D0FC-4759-B20D-87B28B653331@riseup.net> <CAMM-YAOLrNHNihemxdS0x7pEFxMrkm7VC0=QOLLfTiHXoMzY8Q@mail.gmail.com> <F5D2C283-7218-455A-A106-3702F2C1A4C3@riseup.net> <CAMM-YAN1EKbLZ5SToeM6MDyKzAJGL1qrYSCZMyQsAcJ211WeZA@mail.gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 20 Aug 2019, at 13:31, Pop Chunhapanya <pop@xxxxxxxxxxxxxx> wrote:

Hi Tim,

TCPProxy protocol host:port

Tor will use the given protocol to make all its OR (SSL) connections through a TCP proxy on host:port, rather than connecting directly to servers. You may want to set FascistFirewall to restrict the set of ports you might try to connect to, if your proxy only allows connecting to certain ports. There is no equivalent option for directory connections, because all Tor client versions that support this option download directory documents via OR connections.

The only protocol supported right now 'haproxy'. This option is only for clients. (Default: none)

The other point that I want to make is that haproxy has 2 versions. I think it's better to also put the version number in the protocol name like 'haproxy1'.
However I saw you already used 'haproxy' in the HiddenServiceExportCircuitID option.

I would be happy with "haproxy" and "haproxy2".

But minimal patches are good - let's not implement features that no-one is using.

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Putting onion services behind a third-party TCP proxy
  - From: Pop Chunhapanya
- Re: [tor-dev] Putting onion services behind a third-party TCP proxy
  - From: teor
- Re: [tor-dev] Putting onion services behind a third-party TCP proxy
  - From: Pop Chunhapanya
- Re: [tor-dev] Putting onion services behind a third-party TCP proxy
  - From: teor
- Re: [tor-dev] Putting onion services behind a third-party TCP proxy
  - From: Pop Chunhapanya

Prev by Author: Re: [tor-dev] New Proposal 306: A Tor Implementation of IPv6 Happy Eyeballs
Next by Author: Re: [tor-dev] New Proposal 306: A Tor Implementation of IPv6 Happy Eyeballs
Previous by thread: Re: [tor-dev] Putting onion services behind a third-party TCP proxy
Next by thread: Re: [tor-dev] Putting onion services behind a third-party TCP proxy
Index(es):
- Author
- Thread