summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Retout <tim@retout.co.uk>2014-04-20 15:37:27 +0100
committerTim Retout <tim@retout.co.uk>2014-04-20 15:37:27 +0100
commit698a7462be62528ec42eeb7dbc779686e698b50e (patch)
tree803a068626375ccd74423f44beacb8a35609992f
parent3c2edc4a92bd373d384a9c025c193fe3084e9704 (diff)
Add stream isolation, and document Acquire::tor::proxy
-rw-r--r--README.md22
-rw-r--r--tor.cc6
2 files changed, 27 insertions, 1 deletions
diff --git a/README.md b/README.md
index 1b39ca6..e06b277 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,28 @@ mirror, you can use that:
deb tor://<long string>.onion/debian unstable main
deb-src tor://<long string>.onion/debian unstable main
+## Configuration
+
+Most users should not need to adjust SOCKS settings.
+
+By default, apt-transport-tor uses the following SOCKS proxy setting, which
+matches the default Tor SOCKS port:
+
+ socks5h://apt:apt@localhost:9050
+
+If you want to use a different port, you can edit the Acquire::tor::proxy
+apt preference:
+
+ Acquire::tor::proxy "socks5h://apt:apt@localhost:9050";
+
+Note the use of a username/password to make use of the default
+IsolateSOCKSAuth Tor setting for stream isolation, which requires bug fixes
+from Tor 0.2.4.19 to work well. This means your apt traffic will be sent
+over a different circuit from your regular Tor traffic.
+
+Although "sock5h://" is put explicitly in these examples, at the moment its
+use is hardcoded (to avoid DNS leaks).
+
## Caveats
Downloading your Debian packages over Tor prevents an attacker who is
diff --git a/tor.cc b/tor.cc
index c764840..9741f3e 100644
--- a/tor.cc
+++ b/tor.cc
@@ -118,7 +118,11 @@ void HttpsMethod::SetupProxy() /*{{{*/
if (UseProxy.empty() == true)
{
- UseProxy = "socks5h://localhost:9050";
+ // Default proxy
+ // - socks5h (actually ignored below) - use proxy for DNS resolution
+ // - apt:apt@ - dummy socks authentication (for IsolateSOCKSAuth in Tor)
+ // - localhost:9050 - default Tor SOCKS port
+ UseProxy = "socks5h://apt:apt@localhost:9050";
}
// Determine what host and port to use based on the proxy settings