On Tue, Mar 06, 2007 at 02:55:28PM -0500, Roger Dingledine wrote: > On Tue, Mar 06, 2007 at 08:50:59PM +0100, Juliusz Chroboczek wrote: > > > The problem is that Skype uses either UDP or TCP, depending on the > > > situation. If it chooses TCP, Freecap will intercept it > > > > Would you agree that Tor should be able to tunnel UDP traffic too? > > There's a /lot/ of UDP-based applications that it would make sense to > > tunnel over tor. > > One day I'd like to support this, yes. It's hard though: > > http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TransportIPnotTCP There's another reason that UDP-over-Tor is nontrivial that isn't mentioned there. To get any decent kind of UDP performance, we can't just treat it like TCP (with reliable in-order delivery). If we want UDP-over-Tor to work and not suck completely, UDP 'streams' probably need to get relayed from router to router via a DTLS-over-UDP-based link protocol, not the current TLS-based one. But if we're doing that, and we don't want the UDP traffic to be trivially partitioned, we need to change the way we handle delivery for regular cells. (This would be good for performance for other reasons: it would stop the property where once dropped packet on a TLS link stalls all the circuits using that link.) Of course, there's no reason somebody couldn't design and implement the sucky version in the meantime. It would be a bit tricky, but probably fun. We'd need to add a new stream type, a new set of relay commands to use it, a separate set of exit policies, and support for socks5 udp commands. To support UDP messages longer than 500 bytes or so, we'll need a way to fragment UDP across Tor cells. So, tricky, but possible. Check out http://tor.eff.org/svn/trunk/doc/spec/proposals/001-process.txt if this is something you'd like to work on. ;) yrs, -- Nick Mathewson
Attachment:
pgpUCoqKld3pF.pgp
Description: PGP signature