On Wed, Aug 12, 2009 at 10:23 PM, Peter<[email protected]> wrote: > I'm not complaining about it, I'm just saying, if you want widespread > adoption, a kernel driver is the way to go. And moreover, a kernel > driver is easier to write and support than a VM.
hi Peter, there are various reasons for the design decision chosen; a kernel driver would certainly be useful for non-ethernet Windows clients who want a transparent Tor proxy. the advantages of a VM hosting Tor and performing the transparent redirection is that the Windows TCP/IP stack is bypassed entirely, avoiding issues with non-paged pool socket buffer resources and many socket file descriptors/handles. it is also simpler to write and maintain a Qemu based transparent Tor proxy virtual machine using existing WinPCAP features for the bridged network mode and having Windows route through this VM. a kernel driver to do this would require an intermediate layer driver with hooks into all of the various L3/L4 protocols and winsock2 / firewall capabilities (to do securely / properly). long term it would be great to have a well supported intermediate layer transparent Tor proxy interface that works on win2k through win7, however, this is simply too much an effort for the limited resources available. if you're willing to help with such an effort that would be great but it sounds like you're already overloaded. in any case, this solves just one part of the Tor puzzle. you really do need Firefox and Torbutton to use Tor properly. see https://www.torproject.org/torbutton/design/ for all the details. a transparent proxy mode may protect against IP disclosure side channels but there are still many other privacy risks worth protecting against. best regards,

