Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Open
Created by Trac@tracbot

Add features improving onion services' interaction with Tor.

Tor lacks features allowing onion services' interaction with it, mainly because it is a tunneling protocol, not an application layer protocol. I think this aspect of Tor should be addressed more.

I suggest three directives that can improve onion services' interaction with Tor.

  1. HiddenServiceExportRendPoint

With HiddenServiceExportCircuitID and this directive enabled, Tor exports IP and port of rendezvous point, along with the circuit ID, to the onion service. With this, operators can easily aggregate, analyze and monitor their services' rendezvous point connections.

  1. HiddenServiceExportInstanceID

With HiddenServiceExportCircuitID and this directive enabled, Tor exports a user-provided instance ID, along with the circuit ID, to the onion service. With this, operators running multiple instances of Tor can accurately differentiate traffics with the same circuit ID. Fixes legacy/trac#32428 (moved).

  1. HiddenServiceEnableClosingCircuit

This might be controversial because this feature exclusively targets the HTTP application protocol, and I know there are ways to close a circuit using the control protocol. But it's nearly impossible and too much error-prone to implement it in real environments.

With this directive enabled, when onion services' backend returns an HTTP status code of 447, it marks the circuit to be closed. It's lightweight, straightforward and easy to configure.

I've crudely implemented them. Please feel free to leave ideas or comments below.

Edited by Alexander Færøy
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information