> Note to the author of AORTA (Rob van der Hoeven), I've had AORTA to > work on CentOS 7 which shows a kernel version 3.10 but RedHat often > backports lots of features into older versioned software. This > might be worth noting on the webpage. >
Well, the important thing is net_class cgroup support. This support was *officially* added to Linux kernels >= 3.14 > **Did anyone else check out AORTA or review its code? Not so much a > coder here, I would like to listen to community response/review of > this tool. I would like some community response/review too ;-) > > I had one (chroot?) situation it worked better than Torsocks. But the > author doesn't go into detail about his technique of Torification > vs.Torsocks. How does it work? Why is it supposed to work under more > situations? TorSocks preloads a DLL that contains all the TCP/DNS functions from the normal c library. This makes the program use the TorSocks functions instead of the c library functions. This is the "old" way of interception and takes place in user space. AORTA intercepts and redirects TCP/DNS traffic inside kernel space. What AORTA does is not visible to the program, and also works with statically linked programs. AORTA is a much more simple program (thanks to the hard work of the kernel en iptables developers). Except for programs that clone an already running instance the interception and redirection of AORTA *should* be guaranteed. NOTE *should* because AORTA is a new program that has not undergone the same testing that TorSocks has. Note also that I did test AORTA on different Linux distributions (Debian, Unbuntu, Mint, Arch Linux) using a wide range of programs. On my Debian system, programs like Firefox and Chromium do not work with TorSocks. For AORTA I haven't been able to find a program that does not work under AORTA. Please let me know if you have a program that does not work with AORTA. > > Also wonder, what exactly the software does when testing if "Tor > handles all Internet traffic"? Is it necessary, what are the > consequences of using -c to disable the test? The test resolves an .onion address and connects to it. This test only succeeds if DNS and TCP traffic are routed through the Tor network. Normally this test will always succeed but it can take a long time. For this I made the test optional (but not by default). Regards, Rob van der Hoeven, author of AORTA https://hoevenstein.nl -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
