On Wed, Dec 28, 2011 at 5:47 PM, Lee Fisher <[email protected]> wrote: > ... > I think a native driver could help with Tor performance, if that really was > an issue -- perhaps transparency issues aside -- to be addressed at some > level by Tor's sponsors. [or contributors, or other willing parties]
it would be useful for many reasons, including: - fail-safe configuration by enforcing Tor or nothing behavior. - high performance interface to VM networking (virtio capable). - robust QoS on client traffic by application, user or protocol. - native transparent proxy support without VMs of course. > But a Windows driver solution would be hard in a variety of ways: > > 1) to develop. You'll need NT driver skills, not LSB/POSIX/eLinux skills. agreed. i'd be happy to assist with this effort as a technical resource, but i cannot be a significant developer. > 2) to build. You'll need to use MSC and KD/Windbg, > ... > Also, the DDK/WDK tools are curently freeware,... this was integrated into the Tor VM for the WinPCAP and Tap32 driver builds via MSVC command line and WDK/DDK tools. the build configuration is annoying, but straightforward _as long as the tools are free_. > at times they [DDK/WDK] were > commerical only, by paying for MSDN, and pulled from online free download > for a while. I sadly expect that Win8 will change for the worse in this > area. This might also be an issue for the OpenVPN driver. a wildcard for sure. you're going to pay for the driver testing & signature anyway, so there is no way to escape some tithe to Microsoft when going the native driver route. given this fact, additional licenses for a DDK/WDK may not be onerous. > 3) to support. When Tor users have BSODs and ask for help... Having to deal > with NT kernel dumps would be an increase in resources. Having to document > how to install a driver, deal with driver signing, locked down systems that > don't allow drivers, dealing with crashes, would require a large doc > project. i hadn't considered these difficulties much, but support requirements would indeed be unique and perhaps significant. i've seen more than a few VPN and Firewall solutions on windows conflict badly with other intermediate and filter drivers. > As for maintaining legacy versions of Windows platforms, you can only track > Windows versions so long, until vendor doesn't provide security patches for > it, then it's a worthless platform for anything that needs privacy/security. it would be nice to formally deprecate XP. at Vista and above things become less stratified. > I also asked around, to see if there was any more NT guidance for specific > driver model recommendations. It appears the NDIS "raw IP medium" type > (NdisMediumIP)" driver is one to investigate. In addition to WFP. Some NDIS > driver models are being deprecated for WFP, but I'm not sure if NDIS > NdisMediumIP drivers are on that list. > http://www.osronline.com/showthread.cfm?link=217920 we could find out, dig up tech details, and document on the wiki. :) > Also, I'm not sure if WFP is technically able to handle all transproxy > needs. There are 2 WDK samples for WFP that seem like a good place to start, > if anyone is interested. sure, link them here. i can take a stab at a wiki page and will include these resources as part of the discussion. best regards, _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
