Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement] Make use of OptimisticData with SOCKS5 to Orbot 🧅 #7

Open
4-FLOSS-Free-Libre-Open-Source-Software opened this issue Jul 24, 2021 · 1 comment
Open

[Enhancement] Make use of OptimisticData with SOCKS5 to Orbot 🧅 #7

4-FLOSS-Free-Libre-Open-Source-Software opened this issue Jul 24, 2021 · 1 comment
Assignees
@ignoramous

Comments

@4-FLOSS-Free-Libre-Open-Source-Software
Copy link

Please implement support for Tor OptimisticData feature.

Requires to lie to the application that the SOCKS Handshake has succeeded immediately, allowing the application to begin sending data optimistically.

For Reference, see linked Proposal.

Performance benefits:

Example of resolving and connection user wants to Visit http://rethinkdns.com, and we assume the user connects through OrBot and sets non-leaking DNS to OrBot DNSPort
current standard connection setup:

  1. Browser ask rethinkdns.com
  2. A Query for rethinkdns.com gets forwarded to OrBot DNSPort
  3. Orbot uses a 3-hop circuit and asks the exit server for the IP of rethinkdns.com
  4. The exit server reply with 104.21.13.53 all the way back.
  5. Orbot forwards the resolving reply through rethinkdns to the browser
  6. Browser start connection to 104.21.13.53 which rethinkdns forward to orbot over socks5
  7. Orbot uses a 3-hop circuit and asks the exit server to connect to the IP of 104.21.13.53
  8. Orbot waits the exit TCP connection success reply and once received sends back a SOCKS5 Established status message.
  9. The browser starts sending GET request for rethinkdns.com
  10. Orbot forwards the GET request down the whole 3 hops to exit node which forwards it to the destination

With support for OptimisticData it may instead look shorter like:

  1. Browser ask rethinkdns.com
  2. A Query for rethinkdns.com gets forwarded to OrBot DNSPort
  3. Orbot uses a 3-hop circuit and asks the exit server for the IP of rethinkdns.com
  4. The exit server reply with 104.21.13.53 all the way back.
  5. Orbot forwards the resolving reply through rethinkdns to the browser
  6. Browser start connection to 104.21.13.53 which rethinkdns forward to orbot over socks5
  7. Orbot immediately sends back a SOCKS5 Established status message and uses a 3-hop circuit and asks the exit server to connect to the IP of 104.21.13.53
  8. The browser starts sending GET request for rethinkdns.com just before the connection in reality is set up, and it gets already forwarded to exit node and buffered there waiting for TCP connection from exit ⇒ destination finished. Once finished, the GET request is immediate from exit node to destination

TCP Connection delay includes circuit creation times seen: https://metrics.torproject.org/onionperf-buildtimes.html
Once the circuit finished, the Round-trip latencies apply. Average can be found here on: https://metrics.torproject.org/onionperf-latencies.html
According to that, today's, the average is still high enough to noticeable benefit from supporting OptimisticData.

Combined with celzero/rethink-app#339 this can reduce the RTT to effectively -1 hops compared to traditional Socks5 Proxies or VPN. Because the App can start sending Data towards the proxy to the destination on socks connection before the connection to the destination even finished, and before target hostname was resolved.
Combined that would reduce the sample steps above from 10 to only to 3:

  1. Browser start connection to rethinkdns.com over socks5 via hostname
  2. Orbot immediately sends back a SOCKS5 Established status message uses a 3-hop circuit and asks the exit server to connect to the rethinkdns.com Hostname
  3. The Tor Browser starts sending GET request for rethinkdns.com forwarded to exit node through Orbot and buffered there until rethinkdns.com resolved and TCP connection from exit ⇒ destination finished. Once finished, the GET request is immediately send from exit node to destination
@ignoramous ignoramous self-assigned this Sep 8, 2021
@ignoramous ignoramous transferred this issue from celzero/rethink-app Sep 8, 2021
@4-FLOSS-Free-Libre-Open-Source-Software
Copy link
Author

The OptimisticData features works great in combination with rethink forwarding, the other way around. But it is not officially yet supported on its side for this way of usage. I could provide the experiment for debugging if necessary.

A note on this, one forwarding proxy that actually implemented it is the noncaching forward proxy privoxy with the so called socks5t forwarding.

supported SOCKS extension is optimistic data which can reduce the latency for the first request made on a newly created connection.

http://l3tczdiiwoo63iwxty4lhs6p7eaxop5micbn7vbliydgv63x5zrrrfyd.onion/user-manual/config.html#SOCKS

https://www.privoxy.org/user-manual/config.html#SOCKS

However, the android builds have not been updated for a few years.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ignoramous ignoramous

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ignoramous @4-FLOSS-Free-Libre-Open-Source-Software