Opened at 2010-03-27T21:03:28Z
Last modified at 2021-03-30T18:40:19Z
#1007 new enhancement
HTTP proxy support for node to node communication — at Version 24
Reported by: | duck | Owned by: | davidsarah |
---|---|---|---|
Priority: | minor | Milestone: | soon |
Component: | code-network | Version: | 1.6.1 |
Keywords: | privacy anonymity firewall foolscap anti-censorship i2p | Cc: | warner, killyourtv@…, skydrome@… |
Launchpad Bug: |
Description (last modified by killyourtv)
To use Tahoe-LAFS over the I2P anonymous network I have added HTTP proxy support to the Foolscap library. Most of the work is in Foolscap, but within Tahoe it must also be possible to enable this functionality and specify which HTTP proxy to use. All I2P nodes have this HTTP proxy enabled by default on 127.0.0.1:4444.
For the anonymous network use case, every connection to storage nodes and introducers will have to be through the anonymous network; it is not acceptable to mix anonymous and non-anonymous connections. The intention is to provide anonymity to both clients and node operators.
A reference implementation is available on http://duck.i2p.to/tahoe-lafs/ , as of today (2010-03-27) a test grid is operating inside I2P with 21 nodes, of which 6 storage nodes and 1 introducer.
Example of configuration in tahoe.cfg:
[node] ... http_proxy = 127.0.0.1:4444
Snippit showing how this is used in node.py:
http_proxy = self.get_config("node", "http_proxy", "") if http_proxy: self.tub.setOption("httpProxy", http_proxy)
Change History (27)
Changed at 2010-03-27T21:06:05Z by duck
comment:1 Changed at 2010-03-27T21:45:51Z by duck
comment:2 Changed at 2010-03-29T00:51:23Z by davidsarah
- Milestone changed from undecided to 1.7.0
comment:3 Changed at 2010-03-29T00:51:44Z by davidsarah
- Keywords review-needed added
comment:4 follow-up: ↓ 5 Changed at 2010-04-12T20:56:43Z by davidsarah
- Keywords test added; review-needed removed
- Owner set to duck
Requires a test that we enable the foolscap option when the http_proxy line is present.
(The foolscap changes will also need additions to the foolscap test suite.)
comment:5 in reply to: ↑ 4 Changed at 2010-04-12T21:02:04Z by davidsarah
Replying to davidsarah:
Requires a test that we enable the foolscap option when the http_proxy line is present.
This should probably go in source:src/allmydata/test/test_client.py , I think.
comment:6 Changed at 2010-06-17T04:27:16Z by zooko
- Keywords test-needed added; test removed
- Milestone changed from 1.7.0 to soon
So the status of this ticket is that it is waiting for someone (ideally duck) to write tests, right? I guess that's what the "test" keyword means? Hey, let's make a new keyword: "test-needed". :-)
comment:7 Changed at 2010-08-15T04:58:32Z by zooko
See also #510 (use plain HTTP for storage server protocol).
comment:8 Changed at 2010-08-15T05:56:07Z by zooko
- Owner changed from duck to warner
So back in comment:6 two months ago I set this ticket to "test-needed", and I haven't intended to do more on this ticket until duck (or someone) writes a test. But today I noticed that over on foolscap #150 and foolscap #151 duck has asked for the foolscap maintainer (Brian) to say whether he approves of the patches in principle and if so how to write a unit test for them. So the ball is back in our court. Brian: do you approve of these patches in principle?
comment:9 Changed at 2010-10-06T17:52:52Z by zooko
Brian: please tell duck whether he has a chance of getting his patches accepted into foolscap trunk (assuming of course that the patches pass quality requirements -- unit tests, code review, docs, etc.). I think duck has been blocked by not wanting to invest effort into his patches when he hasn't received any indication from the foolscap maintainer on whether those patches could ever have a chance of inclusion.
comment:10 Changed at 2010-10-22T14:49:41Z by zooko
Oh look! Brian updated foolscap #150 and foolscap #151!
comment:11 Changed at 2010-10-22T14:54:03Z by zooko
- Owner changed from warner to duck
comment:12 Changed at 2010-10-23T00:50:45Z by davidsarah
- Keywords anonymity added; i2p removed
comment:13 Changed at 2010-12-16T01:25:34Z by davidsarah
- Keywords anti-censorship added
comment:14 Changed at 2011-01-12T21:50:24Z by duck
The suggestion of Brian to name the foolscap property http-proxy instead of httpProxy has been taken.
In addition to this an unit test has been implemented as suggested by davidsarah in comment:4. test_node.py seemed to be a better place than test_client.py (comment:5) as this option applies to the [node] section and changes are made to node.py.
Please review version 2 of the patch.
comment:15 Changed at 2011-01-12T21:52:26Z by duck
- Keywords review-needed added; test-needed removed
comment:16 Changed at 2011-01-12T22:00:58Z by davidsarah
Given Brian's comment:3 on foolscap#150 that the proxy is actually relaying foolscap (which only initially looks a little like HTTP), I think the option name should not have "http" in it. Technically it is a "storage connection proxy", although that is a little long.
Another reason not to use "http" is that that could be confused with an HTTP proxy for the web-API (which we intentionally do not support).
comment:17 Changed at 2011-01-12T22:01:59Z by davidsarah
- Milestone changed from soon to 1.9.0
comment:18 Changed at 2011-01-16T13:29:56Z by duck
Which name would you approve of for the "introducer and storage connection proxy that speaks a little HTTP proxy and is used by foolscap to make any outbound connections" configuration option?
- foolscap-proxy
- outbound-proxy
- i2p-proxy
- tub.proxy
comment:19 Changed at 2011-02-09T18:47:59Z by zooko
- Cc warner added
- Owner changed from duck to davidsarah
Assigning to davidsarah to answer duck's question from comment:18. (Brian may also have an opinion.)
comment:20 follow-up: ↓ 21 Changed at 2011-02-13T18:36:45Z by davidsarah
outbound-proxy for the config option. It's not specific to i2p, so that rules out i2p-proxy. The existing tub. options control the tub for this storage server. And outbound-proxy is more specific than foolscap-proxy.
comment:21 in reply to: ↑ 20 Changed at 2011-02-13T22:42:04Z by davidsarah
Replying to davidsarah:
outbound-proxy for the config option.
Make that outbound_proxy. Other config options use _ instead of -.
comment:22 Changed at 2011-06-04T01:16:57Z by zooko
- Keywords review-needed removed
Removing the review-needed tag until someone (perhaps duck) updates the name of the config option.
comment:23 Changed at 2011-07-27T18:21:54Z by zooko
- Milestone changed from 1.9.0 to soon
comment:24 Changed at 2013-08-07T15:41:31Z by killyourtv
- Description modified (diff)
Attached is an updated patch (0001-outbound-proxy-support.patch ) that changes the config option to outbound-proxy. The patch applies cleanly to current trunk.
(I'm still trying to learn Python so please forgive any n00b errors. I also need to learn how to write unit tests).
HTTP Proxy support to Foolscap