[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Comments on proposal idea xxx-pluggable-transport
- To: or-dev@xxxxxxxxxxxxx
- Subject: Re: Comments on proposal idea xxx-pluggable-transport
- From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
- Date: Wed, 19 Jan 2011 14:38:23 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-dev-outgoing@xxxxxxxx
- Delivered-to: or-dev@xxxxxxxx
- Delivery-date: Wed, 19 Jan 2011 14:38:30 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=MFsu0Fmh7GJA1EPcpUgbWRcBfG3u90A0uLJt/M5quhM=; b=jE4PHyOp1afQd2F0910eoVUn2YI6jgWCVqf3gfrpvlO1Zv03CFC/C8ih3I5TS5SHKx Uh4AVZhY1BMiDpmc3/y+/YorjMUE9CcorQ+eLsmukNyuw5PYm5dRh9n084+PtiRQtt9k +g3D/99a9Acypafa378DKYnIIaOHp6bOmmam4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=oedExILu/8nW7M1msE8vEovWh/ZdBLh2UKtdu1llvEupq0QbmDUb+9hwrf8GvrxLVm CMCOk4y4ZVRctf0nIroXM1QuHRg2U3cdwbkW4kPHCF0BKKzYBoe1L2zUNYzCaCozybUm zmttX2eM6t5ZkIBNmczkWcOfua8ZuXo10YU4A=
- In-reply-to: <20110116020439.GS30361@xxxxxxxxxxxxxxxxxxxxxxxxx>
- References: <20110116020439.GS30361@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Reply-to: or-dev@xxxxxxxxxxxxx
- Sender: owner-or-dev@xxxxxxxxxxxxx
On Sat, Jan 15, 2011 at 9:04 PM, Steven J. Murdoch
<tor+Steven.Murdoch@xxxxxxxxxxxx> wrote:
[...]
> Currently this code isn't compliant with the xxx-pluggable-transport
> proposal, but in thinking about it, I have had a few thoughts.
>
> 1) The proposal talks about SOCKS, and my code implements SOCKS4.
> However from my reading, the proposal depends on SOCKS5 because it
> talks about putting NUL-separated key/value pairs in the username and
> password fields of the SOCKS handshake. SOCKS4 there is no password
> field and the username is NUL terminated, so NUL characters are not
> permitted inside.
>
> We could mandate that protocol obfuscators support SOCKS5 (it's not
> much harder to implement than SOCKS4), or change the spec to not
> require NULs in the username field. Either way it doesn't make a big
> difference but it should be clear which version of SOCKS we are
> talking about.
Good catch. Tor can currently speak socks4 or socks5, so I would
suggest having the choice of socks protocol be up to the transport.
Instead of NUL-separated parameters, we can pick some other
non-printing separator (0x01, for instance), or we could move to a
K=V;K=V;K=V format so long as we provide a way to escape any ; bytes
that occur in the V portions. Suggestions?
Whatever encoding we pick, we should pick one that works just as well
for socks4 or socks5, so that we don't need to implement two versions
of it.
> 2) The syntax for specifying obfuscated access to bridges is:
>
> bridge method address:port [[keyid=]id-fingerprint] [k=v] [k=v] [k=v]
>
> This could be a bit confusing considering the current syntax (which we
> will have to keep for backwards compatibility:
>
> bridge address:port [fingerprint]
>
> If we require that method does not contain a ":" and a port is always
> specified, I can see how this could be unambiguously parsed, but that
> seems a bit ugly.
We could require that a method be a valid C identifier. Any other
suggestions for making it less ugly?
> 3) The two options for specifying a transport are:
>
> ClientTransportPlugin trebuchet socks5 127.0.0.1:9999
>
> ClientTransportPlugin trebuchet /usr/libexec/tor-proxies/trebuchet [options]
>
> These seem ambiguous. How can Tor reliably tell that the first form is
> intended when both could have the same number of arguments?
Hm. I had assumed that all programs would be specified by an absolute
path, but you're right that it's ambiguous as-is. How about instead
the second syntax becomes:
ClientTransportPlugin trebuchet program /usr/libexec/tor-proxies/trebuchet.
?
> 4) When Tor launches the client proxy, the client proxy decides what
> port it is listening on. This raises the possibility of conflicts. How
> about if Tor picks the ports the client proxy should listen on, and
> tells it via a command line parameter. Note that this can't be simply
> the first parameter, because on Windows (where scripts are not
> executable) the user would have to specify the path as
> C:/Python/python.exe SCRIPTNAME.py.
How do you see the conflict arising? I'd assume that any decent
client proxy should try a few possible ports until it gets one that
works... or just bind to port 0, and have the kernel pick.
> 5) Minor. Methods are specified as "CMETHOD: methodname", but
> terminated with "METHODS:DONE". I think we should be consistent about
> whether there is a space between the colon and value.
Agreed; let's have a space.
--
Nick