Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Tor
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Container Registry
Model registry
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
The Tor Project
Core
Tor
Commits
7a180573
Commit
7a180573
authored
22 years ago
by
Roger Dingledine
Browse files
Options
Downloads
Patches
Plain Diff
starting to document what clients need to do and why
svn:r147
parent
cbd2cdf0
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
doc/CLIENTS
+55
-0
55 additions, 0 deletions
doc/CLIENTS
with
55 additions
and
0 deletions
doc/CLIENTS
0 → 100644
+
55
−
0
View file @
7a180573
Part one: Overview and explanation
Because tor is an application-level proxy, it needs client-side support
from every client program that wants to use it. (This is different from
systems like Freedom, which used a single client-side program to capture
all packets and redirect them to the Freedom network.) Client applications
need two general classes of modifications to be compatible with tor:
1) Whenever they call connect(), they instead should connect() to the
local onion proxy and tell it "address and port". The onion proxy will
itself make a connection to "address and port", and then the client
application can talk through that socket as if it's directly connected. To
support as many applications as possible, tor uses the common "socks"
protocol which does exactly the above. So applications with socks support
will support tor without needing any modifications.
2) Applications must not call gethostbyname() to resolve an address
they intend to later connect() to via onion routing. gethostbyname()
contacts the dns server of the target machine -- thus giving away the
fact that you intend to make an anonymous connection to it.
To clarify, I need to explain more about the socks protocol. Socks
comes in three flavors: 4, 4a, and 5. The socks4 protocol basically
uses IP and port -- so it is unsuitable because of the gethostbyname()
issue above. Socks4a is a slight modification to the socks4 protocol,
whereby you can specify an IP of 0.0.0.x to signal the socks server
that you will instead be sending a hostname (fqdn). So applications with
socks4a support are all set. Socks5, on the other hand, allows the client
to specify "address type" and then an address -- so some applications
choose to supply an IP and others choose to supply a hostname. If the
application uses socks5 you must investigate further to decide whether
it's leaking anonymity.
Part two: using tsocks to transparently replace library calls
tsocks (available from http://tsocks.sourceforge.net/ or from your
favorite apt-get equivalent) allows you to run a program as normal,
but it replaces the system calls for connect() to connect to the socks
server first and then pass it your destination info. In our case the
socks server is a tor process (running either locally or elsewhere).
In general this works quite well for command-line processes like finger,
ssh, etc. But there are a couple of catches: A) tsocks doesn't intercept
calls to gethostbyname. So unless you specify an IP rather than hostname,
you'll be giving yourself away. B) Programs which are suid root (or
anybody else) don't let you intercept the system calls -- ssh falls into
this category. But you can make a local copy of ssh and use that. C)
Probably tsocks doesn't behave well for behemoths like Mozilla.
Part three: applications which support tor correctly
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
