Opened 4 months ago

Last modified 4 months ago

#31228 new enhancement

Support spawning multiple transport instances

Reported by: phw Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: dcf, cohosh, ahf Actual Points:
Parent ID: Points: 10
Reviewer: Sponsor:

Description

One Tor instance can only handle one transport instance, i.e., one cannot run two obfs4 instances in one tor. Adding support for this use case will require changes in our PT spec, in PT spec implementations, and in tor.

As pointed out in this comment, tor would need the config options ServerTransportPlugin, ServerTransportListenAddr, and ServerTransportOptions to support multiple instances of a single transport. One way to accomplish this would be to append a numeric, incrementing suffix to a transport's name, e.g.:

ServerTransportPlugin obfs4-0 exec /usr/bin/obfs4proxy
ServerTransportPlugin obfs4-1 exec /usr/bin/obfs4proxy

ServerTransportListenAddr obfs4-0 0.0.0.0:10000
ServerTransportListenAddr obfs4-1 0.0.0.0:20000

#11211 is vaguely related in that it aims to add dual stack support for bridges so that, say, an obfs4 instance can listen on both an IPv4 and IPv6 address. #29285 is also related because it tracks our PT spec improvement process and supporting multiple instances of a transport is one potential improvement.

Child Tickets

Change History (1)

comment:1 Changed 4 months ago by dcf

It's interesting to compare the torrc configuration with the ptadapter one. ptadapter introduces another layer of naming: named instance keys above the level of the transport names. Example config.

I haven't tested it, but I believe you could run two instances of obfs4 with different options using something like:

[server]
exec = /usr/bin/obfs4proxy
forward = 127.0.0.1:7000
tunnels = server_the_first

[server_the_first]
transport = obfs4
listen = 0.0.0.0:10000
options-cert=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

[server]
exec = /usr/bin/obfs4proxy
forward = 127.0.0.1:7000
tunnels = server_the_second

[server_the_second]
transport = obfs4
listen = 0.0.0.0:20000
options-cert=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb

Note that while you can mix multiple tunnels ([server_*] sections) with different transport names under the same [server] section, the PT protocol wouldn't allow multiple tunnels with the same transport name, so you have to split them out into multiple processes.

Note: See TracTickets for help on using tickets.