[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] .i2p address support in torsocks

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] .i2p address support in torsocks
From: str4d <str4d@xxxxxxxxxxx>
Date: Sat, 2 Nov 2013 22:18:59 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 02 Nov 2013 18:40:12 -0400
In-reply-to: <20131102175844.EE4D7AE2EF@xxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20131102155852.GB10557@thessa> <CAHsXYDD59_5Ff+1+qZ2HAiaJ-_BF+yay5v1KRyLor_bhxGtaQA@xxxxxxxxxxxxxx> <20131102174756.GC10557@thessa> <20131102175844.EE4D7AE2EF@xxxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 11/03/2013 06:58 AM, David Goulet wrote:
> Apparently, I failed to put the person in CC :).

I subscribed to tor-dev after talking with you :)

> On 02 Nov (13:47:56), David Goulet wrote:
>> On 02 Nov (19:25:42), Maxim Kammerer wrote:
>>> On Sat, Nov 2, 2013 at 5:58 PM, David Goulet
>>> <dgoulet@xxxxxxxxx> wrote:
>>>> For now, it would only be .i2p address support (like .onion).
>>>> In torsocks, it's not that difficult to support both
>>>> addressing.
>>> 
>>> Does I2P's SOCKS proxy work in a way that's similar to Tor?
>>> Other proxies in I2P are protocol-specific â e.g., ports
>>> 4444/4445 for HTTP(S) and 6668 for IRC. I am quite sure that
>>> protocol-specific local I2P proxies like HTTP and IRC strip
>>> sensitive information, so providing the user with an easy
>>> access to .i2p services via SOCKS might be the wrong thing to
>>> do. The SOCKS information page [1] is rather scarce on details
>>> of what actually goes on inside the proxy, however.
>> 
>> For now, it's simply detecting an .i2p address, opening a
>> connection to the i2p daemon and pushing the request there. The
>> person at i2p I talked to told me that it's quite straight
>> forward and no special SOCKS5 mangling would be needed.

Specifically, the I2P tunnel runs a local SOCKS server socket that
handles the standard SOCKS4/4a and SOCKS5 protocols, and any data to
be sent to the .i2p address is forwarded to an I2P socket. The
standard (unfiltered) SOCKS client tunnel only forwards data between
the SOCKS and I2P sockets, this should be functionally similar to Tor.
We also have a variant that filters IRC traffic for anonymity (using
SOCKS to connect to I2P IRC networks is a common use case), but this
occurs during the forwarding step, the SOCKS server socket is unchanged.

If a non-.i2p address is detected, the SOCKS server opens a SOCKS
client connection to a configured SOCKS outproxy. This is designed to
enable chaining to Tor, but it has some bugs that need fixing (this
not working reliably is why I looked into torsocks). The configured
SOCKS outproxy also needs to be listening inside I2P, which adds
latency. If torsocks supported separate SOCKS ports for each
configured .suffix, a user could run both I2P and Tor locally and use
them in parallel instead of in series.

>> If there is some work to do on the protocol side like you
>> mention, I would imagine that the i2p daemon does it or else...
>> well there is a problem :).

If there are problems with our SOCKS implementation, they can be fixed
(or implemented - I2P supports datagrams, but SOCKS UDP is not yet
implemented). For filtering, it is up to the user to decide if they
want to use a filtered SOCKSIRC tunnel or an unfiltered SOCKS tunnel,
but it should not affect torsocks usage. (I want to make it possible
for different filters to be written and used, but the user still needs
to be made aware of the potential dangers to anonymity of generically
SOCKSifying applications [1].)

str4d

>> 
>> Putting someone from i2p in CC:
>> 
>> Cheers! David
>> 
>>> 
>>> [1] http://www.i2p2.de/socks.html
>>> 
>>> -- Maxim Kammerer LibertÃ Linux: http://dee.su/liberte 
>>> _______________________________________________ tor-dev mailing
>>> list tor-dev@xxxxxxxxxxxxxxxxxxxx 
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> 
> 
> 
>> _______________________________________________ tor-dev mailing
>> list tor-dev@xxxxxxxxxxxxxxxxxxxx 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBCgAGBQJSdXoiAAoJENXeOJaUpGWyBBMH/0c39pn97sBZvBj7HaMJAde2
ucn6Ug9vd41AmxNcOEhG65wpOrfB32sfnwI7DsRAYlOhjdxdquUl1yQHzTzs7NeG
VLwRNe7e7Zv7VRj9uRp6t5+0YQU6++RkzhX5Jtn7l5W+3XYq0c4lRpSpwawP4NHN
Zc9MveAU1tbsQqvhsFoYoJEsADpBj+97Xf0D05buUYMttjsmKv254HhGaLpuDCpv
gEY3nBDHlHZqRziwxV7WmWPIsetdkATnmkUqcoCIPbZzJh2j6W3rZmHUieGU9OPC
M3offV3ImZd/gSVcKW1rzDEEZh2mDcmg0XkwMbsEwc/LCn15y5jPk2yFlGpKKsE=
=u2QY
-----END PGP SIGNATURE-----
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] .i2p address support in torsocks
  - From: Phill Whiteside

References:
- [tor-dev] .i2p address support in torsocks
  - From: David Goulet
- Re: [tor-dev] .i2p address support in torsocks
  - From: Maxim Kammerer
- Re: [tor-dev] .i2p address support in torsocks
  - From: David Goulet

Prev by Author: Re: [tor-dev] What happened to Tor Router?
Next by Author: [tor-dev] torsocks-v2.0.0-rc3 NetBSD improvements
Previous by thread: Re: [tor-dev] .i2p address support in torsocks
Next by thread: Re: [tor-dev] .i2p address support in torsocks
Index(es):
- Author
- Thread