Hi, I’m new to the WFP driver model. I’m wondering if WFP is able to
meet the below needs, and if so, which WFP model is needed, user-mode or
kernel-mode?
Consider the Transparent Proxy[0] usage that Tor[1] prefers. On *nix
systems, Tor uses torsocks[2] to update the firewall (iptables or pf)
rules to redirect network traffic to Tor, via Tor extensions[3] to the
SOCKS protocol[4]. On *nix, torsocks is a graceful solution, it
transparently maps all network traffic at the firewall level, and sends
it to Tor’s onion routing overlay.
Without writing a new driver, I don’t know of any existing, built-in way
in Win7 to do this sort of thing, using SOCKS or otherwise. Is there?
Can a WFP driver grab all outgoing network IPv4 and IPv6 traffic (TCP,
UDP, UPnP/NAT, especially DNS, etc) and redirect it to Tor – a
user-mode Win32 service – and be able to detect when the Tor service is
sending outgoing traffic, and not redirect that I/O?
Besides routing traffic, Tor also does its own DNS lookups over it’s
overlay. So the WFP driver needs to filter DNS requests and handle them
(not using SOCKS extensions). Can WFP filter DNS traffic as well, or is
there another separate Windows DNS filter technique to use?
The solution would only need to target Win7 onward, no older versions of
Windows.
BTW, The current Tor-recommended solution is to run the OpenVPN TAP
driver, talking to a Qemu VM running OpenWRT Linux, using Linux Tor with
Linux torsocks, all combined as a virtual router, TorVM[5]. Or, only
using TAILs[6] Linux distro in VirtualBox.
Thanks for any advice!
[0] http://en.wikipedia.org/wiki/Transparent_proxy#Tor_onion_proxy_software
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO
https://trac.torproject.org/projects/tor/wiki/doc/SupportPrograms
[1] https://www.torproject.org/
[2] http://code.google.com/p/torsocks/
[3]
https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=socks-extensions.txt
[4] http://en.wikipedia.org/wiki/SOCKS
[5] https://svn.torproject.org/svn/torvm/trunk/doc/design.html
[6] http://tails.boum.org/