Opened 5 years ago

Closed 4 months ago

#7830 closed enhancement (wontfix)

UDP over Tor

Reported by: proper Owned by:
Priority: Medium Milestone: Tor: very long term
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-relay needs-proposal
Cc: adrelanos@…, arthuredelstein@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I am interested to transfer UDP over Tor to the destination server.

https://blog.torproject.org/blog/moving-tor-datagram-transport

What happened to that?

Child Tickets

Change History (7)

comment:1 Changed 5 years ago by proper

Cc: adrelanos@… added

comment:2 Changed 5 years ago by rransom

This is unlikely to be possible.

  • Transporting UDP-based protocols through an exit node would require significant design and implementation effort for an ‘exit policy’ for each UDP-based protocol that is to be supported.
  • Transporting UDP-based protocols cannot provide a performance improvement unless relays are permitted to reorder and/or drop cells. This would make end-to-end tagging attacks much easier (they would no longer be limited to relays), and would be incompatible with Tor's current relay crypto and the currently proposed new relay crypto protocols.

comment:3 Changed 5 years ago by nickm

Keywords: tor-relay needs-proposal added
Milestone: Tor: very long term

comment:4 Changed 17 months ago by arthuredelstein

Cc: arthuredelstein@… added
Severity: Normal

comment:5 in reply to:  2 ; Changed 17 months ago by arthuredelstein

Replying to rransom:

This is unlikely to be possible.

[snip]

  • Transporting UDP-based protocols cannot provide a performance improvement unless relays are permitted to reorder and/or drop cells. This would make end-to-end tagging attacks much easier (they would no longer be limited to relays), and would be incompatible with Tor's current relay crypto and the currently proposed new relay crypto protocols.

For me, the most important argument for transmitting UDP over Tor is that it would support existing UDP-based protocols and applications. I think that would be useful even without a performance improvement. Would it be safe (as safe as Tor's existing support of TCP streams) to transmit UDP datagrams between guards and exit nodes if the reordering or dropping of cells were not permitted?

comment:6 in reply to:  5 Changed 17 months ago by yawning

Replying to arthuredelstein:

Replying to rransom:

This is unlikely to be possible.

[snip]

  • Transporting UDP-based protocols cannot provide a performance improvement unless relays are permitted to reorder and/or drop cells. This would make end-to-end tagging attacks much easier (they would no longer be limited to relays), and would be incompatible with Tor's current relay crypto and the currently proposed new relay crypto protocols.

For me, the most important argument for transmitting UDP over Tor is that it would support existing UDP-based protocols and applications. I think that would be useful even without a performance improvement. Would it be safe (as safe as Tor's existing support of TCP streams) to transmit UDP datagrams between guards and exit nodes if the reordering or dropping of cells were not permitted?

I'm not certain how this will work on the exit end, and it seems a bit nightmarish at a first glance. How many exits would be comfortable not only letting the tor process bind to arbitrary UDP ports, but accepting inbound UDP traffic from what essentially would be the entire Internet to said arbitrary UDP ports (Behavior that's different from this would be possible, but would likely require work on the client side).

And how would congestion control work? What's to stop someone from causing the outbound link on the exit end to collapse due to congestion by having it spit out UDP packets as fast as it can?

comment:7 Changed 4 months ago by nickm

Resolution: wontfix
Status: newclosed

Calling this wontfix for now: that doesn't mean "never" but it means "not any time soon".

It remains on our radar, but there's no real work to track here. The big problem is that supporting arbitrary IP traffic in a meaningful way would require fundamental research improvements in onion routing-style anonymity networks, if we want to actually anonymize the IP traffic and the computer generating it.

Probably the best way to more forward here is not on trac, but in the research literature and/or a series of design proposals or tor-dev threads.

Note: See TracTickets for help on using tickets.