[tor-qa] Experimental 3.5.2 bundles with tor-fw-helper (automatic port forwarding)

[David Fifield]

On Sat, Feb 15, 2014 at 08:35:06AM +0100, Lunar wrote:
> David Fifield:
> > Alternatively, we could specify a static port (:9000 instead of :0 in
> > the ClientTransportPlugin line). Then at least it would be just *one*
> > port open permanently. But one of the nice things about automatic port
> > forwarding was that it would be possible not to use a fixed (more easily
> > blockable) port number.
> 
> That would prevent multiple users of the Flashproxy bundle on the same
> network. This makes some little yellow warning lights blink in my head.
> They are labelled “support headache ahead”.

That's a good point. Nevertheless I'm going to do another set of bundles
with port 9000 set. That's because for now, I'm trying to judge the
fraction of users for whom UPnP works at all, in order to see if it's
worth working on more. Because of the difficulties we've found, it seems
bundles with automatic port forwarding are at least several weeks away,
if we do them at all. If we do such bundles, we must make sure they use
ephemeral ports, and the port forwardings don't last forever.

At least, I think tor-fw-helper should have a default timeout that is
slightly longer than tor's default interval for calling it, and
optionally should take an argument controlling how long the timeout
should be.

Ximin started looking at writing a replacement in a memory-safe
language, which would dispel some of the concern about using a
third-party C library (and incidentally work around the API
compatibility between miniupnpc 1.5 and 1.6).

David Fifield