On 2/8/24 05:02, Vilgot Bergquist via tor-dev wrote:
Hi,
I looked at the suggested solutions and I think there is another approach, which is much easier.
I C it's pretty easy to encapsulate UDP segments inside TCP segments. Hence there is no need to re-organize the connection logic of tor relays. Instead it should be possible to make Guards, when receiving an UDP packet, to just add a TCP header and then it goes through the normal process. The exit nodes than removed the TCP header and pass the UDP segment on.
Thanks for looking at the proposal.
The "normal process" of sending traffic through tor does not directly involve TCP or TCP headers, nor are there boundaries preserved which would correspond to TCP segments. Individual streams are encapsulated within multiple other layers (tor streams and circuits, then TLS) before we encounter any real TCP segments.
You're describing something which would work if we were only talking about a firewall that blocks UDP, but that's not what Tor is.
-beth