Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
T
Tor
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1,067
    • Issues 1,067
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 20
    • Merge Requests 20
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • The Tor Project
  • Core
  • Tor
  • Issues
  • #32511

Closed
Open
Opened Nov 15, 2019 by Trac@tracbot

Add features improving onion services' interaction with Tor.

Tor lacks features allowing onion services' interaction with it, mainly because it is a tunneling protocol, not an application layer protocol. I think this aspect of Tor should be addressed more.

I suggest three directives that can improve onion services' interaction with Tor.

  1. HiddenServiceExportRendPoint

With HiddenServiceExportCircuitID and this directive enabled, Tor exports IP and port of rendezvous point, along with the circuit ID, to the onion service. With this, operators can easily aggregate, analyze and monitor their services' rendezvous point connections.

  1. HiddenServiceExportInstanceID

With HiddenServiceExportCircuitID and this directive enabled, Tor exports a user-provided instance ID, along with the circuit ID, to the onion service. With this, operators running multiple instances of Tor can accurately differentiate traffics with the same circuit ID. Fixes legacy/trac#32428 (moved).

  1. HiddenServiceEnableClosingCircuit

This might be controversial because this feature exclusively targets the HTTP application protocol, and I know there are ways to close a circuit using the control protocol. But it's nearly impossible and too much error-prone to implement it in real environments.

With this directive enabled, when onion services' backend returns an HTTP status code of 447, it marks the circuit to be closed. It's lightweight, straightforward and easy to configure.

I've crudely implemented them. Please feel free to leave ideas or comments below.

Edited Jul 13, 2020 by Alexander Færøy
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: tpo/core/tor#32511