[tor-talk] AORTA - others tried it?

Rob van der Hoeven robvanderhoeven at ziggo.nl
Fri Feb 2 17:23:04 UTC 2018 

> Note to the author of AORTA (Rob van der Hoeven), I've had AORTA to  
> work on CentOS 7 which shows a kernel version 3.10 but RedHat often  
> backports lots of features into older versioned software. This
> might be worth noting on the webpage.
> 

Well, the important thing is net_class cgroup support. This support was
*officially* added to Linux kernels >= 3.14

> **Did anyone else check out AORTA or review its code? Not so much a  
> coder here, I would like to listen to community response/review of  
> this tool.

I would like some community response/review too ;-)

> 
> I had one (chroot?) situation it worked better than Torsocks. But the
> author doesn't go into detail about his technique of Torification
> vs.Torsocks. How does it work? Why is it supposed to work under more 
> situations?

TorSocks preloads a DLL that contains all the TCP/DNS functions from
the normal c library. This makes the program use the TorSocks functions
instead of the c library functions. This is the "old" way of
interception and takes place in user space.

AORTA intercepts and redirects TCP/DNS traffic inside kernel space.
What AORTA does is not visible to the program, and also works with
statically linked programs. AORTA is a much more simple program (thanks
to the hard work of the kernel en iptables developers). Except for
programs that clone an already running instance the interception and
redirection of AORTA *should* be guaranteed. NOTE *should* because
AORTA is a new program that has not undergone the same testing that
TorSocks has. Note also that I did test AORTA on different Linux
distributions (Debian, Unbuntu, Mint, Arch Linux) using a wide range of
programs.

On my Debian system, programs like Firefox and Chromium do not work
with TorSocks. For AORTA I haven't been able to find a program that
does not work under AORTA. Please let me know if you have a program
that does not work with AORTA.

> 
> Also wonder, what exactly the software does when testing if "Tor  
> handles all Internet traffic"? Is it necessary, what are the  
> consequences of using -c to disable the test?

The test resolves an .onion address and connects to it. This test only
succeeds if DNS and TCP traffic are routed through the Tor network.
Normally this test will always succeed but it can take a long time. For
this I made the test optional (but not by default).

Regards,

Rob van der Hoeven, 
author of AORTA

https://hoevenstein.nl

More information about the tor-talk mailing list