Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Tor
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 316
    • Issues 316
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 34
    • Merge requests 34
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Core
  • TorTor
  • Issues
  • #32511
Closed
Open
Created Nov 15, 2019 by Trac@tracbot

Add features improving onion services' interaction with Tor.

Tor lacks features allowing onion services' interaction with it, mainly because it is a tunneling protocol, not an application layer protocol. I think this aspect of Tor should be addressed more.

I suggest three directives that can improve onion services' interaction with Tor.

  1. HiddenServiceExportRendPoint

With HiddenServiceExportCircuitID and this directive enabled, Tor exports IP and port of rendezvous point, along with the circuit ID, to the onion service. With this, operators can easily aggregate, analyze and monitor their services' rendezvous point connections.

  1. HiddenServiceExportInstanceID

With HiddenServiceExportCircuitID and this directive enabled, Tor exports a user-provided instance ID, along with the circuit ID, to the onion service. With this, operators running multiple instances of Tor can accurately differentiate traffics with the same circuit ID. Fixes legacy/trac#32428 (moved).

  1. HiddenServiceEnableClosingCircuit

This might be controversial because this feature exclusively targets the HTTP application protocol, and I know there are ways to close a circuit using the control protocol. But it's nearly impossible and too much error-prone to implement it in real environments.

With this directive enabled, when onion services' backend returns an HTTP status code of 447, it marks the circuit to be closed. It's lightweight, straightforward and easy to configure.

I've crudely implemented them. Please feel free to leave ideas or comments below.

Edited Jul 13, 2020 by Alexander Færøy
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking